Stay Secure on Spring Break!

On March 15th, 2018, posted in: Hackers by konweb

Spring break is in the air. In March millions of people (perhaps you?) will be taking to the road and sky to beat the cold and have some fun. Unfortunately the always present cyber-criminal element is also aware of this annual migration and ready to take full advantage of it.

Don’t Let Your Guard Down

As NBC reports, it is all too easy for hackers to set up fake wifi networks that will allow them to siphon off passwords, credit cards and other personal information from unsuspecting vacationers.


The Takeaway? Have fun, enjoy the warmth but think twice before you connect to a public WiFi network unless you have verified its trust.

read more

Cisco’s Annual Cyber Security Report was released today and as always it is filled with interesting insights about both sides of the cyber security battle.

Insights into Hackers and Attackers

1. Adversaries are taking malware to unprecedented levels of sophistication and impact.

Malware, especially self-propogating “worm” malware such as WannaCry and Petya played a pivotal role in some of the biggest attacks and infections of 2017.

2. Adversaries are becoming more adept at evasion— and weaponizing cloud services and other technology used for legitimate purposes.

One trend is the use of encryption by hackers to protect themselves from detection, especially C2 types of activities.

3. Adversaries are exploiting undefended gaps in security, many of which stem from the expanding Internet of Things (IoT) and use of cloud services.

Defenders are deploying IoT devices at a rapid pace but often pay scant attention to the security of these systems.

Insights into Security Defenders

1. Budgets are perceived to be relatively stable, growing and appropriate.

2. Breaches appear to be the biggest driver of future investments and improvements in technology and process.

3. The use of outsourcing is growing as a means of dealing with security threats, especially in the areas of monitoring and incident response.

Konsultek’s Take

Cisco’s report is well written, easy to read and full of valuable insights. Many of these insights such as the growing reliance on outsourcing correlate closely with our own findings. As a pioneer in outsourced security solutions we too have seen strong growth in both the variety and volume of services our clients outsource to us.

Managed services are a cost effective way to improve security efficacy as well as scale security solutions in a growing organization. If either of these are of interest to you and your organization please give us a call to set up an introductory meeting.


read more

You could say that Mordechai Guri, director of the Cybersecurity Research Center at Israel’s Ben Gurion University, is obsessed with the “air gap”. His obsession, as described in depth in a fascinating article has resulted in some of the most arcane ways to beat the “air gap” ever devised.

Connectivity Beyond Wires and WiFi

One of the best ways to secure sensitive data is to have it stored on machines that are isolated from the network and Internet by both wire and WiFi, or so called “air gapped”. Makes sense, right? If your machine is not connected to the outside world it should be impossible to breach from the outside world.

Want to take your security a step further? Place your machine in a secured metal clad room or Faraday pouch to prevent the transmission of electrical signals.

Still Not Enough

What Mordechai has proven is that a hacker who is determined and skilled enough can overcome virtually any isolation if given enough time and resources.

Here is a list of some of his most creative ways to extract data to date:

  • Altering the noise the machine’s internal fan generates
  • by changing air temperatures in patterns that the receiving computer can detect with thermal sensors
  • by blinking out a stream of information from a computer hard drive LED to the camera on a quadcopter drone hovering outside a nearby window.

And a Couple of Videos Showing the Techniques in Action


The Saving Grace

The one saving grace and defense to most of these techniques is that they rely upon the system having been previously compromised with malware. The malware itself would likely have been injected via a corrupted USB drive – think Stuxnet. Still, fascinating research and a great reminder that the concepts of security need to constantly be challenged.



read more

Jackpotting Hits ATMs in the USA

On January 31st, 2018, posted in: Hackers, Jackpotting by konweb

ATM “jackpotting” the practice of hacking an ATM and causing it to dispense large amounts of cash all at once is beginning to flourish in the United States according to an Secret Service press release issued on January 26th.

According to the Secret Service

“ATM jackpotting is a sophisticated crime in which thieves install malicious software and/or hardware at ATMs that force the machines to dispense huge volumes of cash on demand. To execute a jackpotting attack, perpetrators must gain physical access to the cash machine and install malware, or specialized electronics, or a combination of both to control the operations of the ATM.

Criminals have been able to find vulnerabilities in financial institutions that operate ATM’s, primarily ATM’s that are stand-alone. The targeted stand-alone ATMs are routinely located in pharmacies, big box retailers, and drive thru ATMs. Criminals range from individual suspects to large organized groups, from local criminals to international organized crime syndicates.”

Ploutus.D PLUS Surgery Delivers the Cash

According to a Global Security Alert distributed by Diebold-Nixdorf and uploaded to thieves in Mexico have been using a variant of the well known Ploutus ATM malware known as Ploutus.D. What’s new is the novel approach thieves have taken to inject the malware.

“In order to initiate the dispenser communication additionally a dedicated button inside the safe needs to be pressed and held. With the help of an extension, which is inserted into existing gaps next to the presenter, the button is depressed. According to customer CCTV footage the criminals use an industrial endoscope to achieve this.”


CyberCrime Follows the Money

Jackpotting ATMs has to be the most straight forward example of cybercrime chasing the money. When your organization is targeted, the motive and attack vector will likely be more discreet. Criminals may decide to steal your trade secrets or personal information or perhaps infect your systems with ransomware. Frankly, you’ll never know until it is too late. That is where Konsultek comes in. For well north of two decades we have been designing and implementing robust, holistic security solutions for organizations small to large across a variety of market verticals. From education to finance to manufacturing we have the expertise to develop the solutions your organization needs. Pick up the phone and schedule an appointment to learn more.


read more

Why Hackers Hack

On January 24th, 2018, posted in: Cyber Attacks, Hackers by konweb

Through the years we’ve posted a number of times on the subject of hackers and their motivations. This infographic courtesy of Raconteur provides an interesting look at hackers and their motivations as a function of industry, pattern and motive. Click on the image to view in full size.

Image Courtesy of Raconteur

Konsultek Knows Security

If there is one thing you can count on, so long as there is information you are trying to secure there will be hackers. Some will be motivated by idealism, some by the challenge and some by the money to be made. That’s where we come in. No matter your organization size or focus, Konsultek can develop a customized, robust security solution that fits your needs and budget. Call us to learn more about how we can help you secure your future.

read more

On Tuesday Kaspersky announced that it had uncovered the most advanced and sophisticated Android spyware to date. So far it appears to only be accessible to organizations in the “lawful intercept” market and for the moment is confined to Italy. So, no need to worry, right? I mean, when has a helpful tool for the greater good like this ever accidentally been released into the wild?

Sophisticated “Multiple Exceptional Capabilities”

Dubbed “SkygoFree” by Kaspersky researchers this malware inserts an implant on the device that provides the ability to grab a lot of exfiltrated data, like call records, text messages, geolocation, surrounding audio, calendar events, and other memory information stored on the device. Essentially a surveillance team’s dream come true. Remember how unsophisticated the technology was on series The Wire – imagine if this technology existed back then!

Image Source: Kaspersky Lab


SkygoFree is being distributed on fake websites that are designed to look and feel like the websites of major carrier providers such as Vodafone. The victim is prompted to get an update for the phone and voila, SkygoFree is downloaded and the device is compromised.

Compromised Device = Compromised Network

While SkygoFree and other mobile device oriented malware presents a huge breach of privacy and security at the individual device level, compromised devices also represent an opportune attack vector for any network the infected device connects to. That’s why Konsultek uses multiple approaches and technologies when developing our network security solutions. If your organization is ready for a more proactive approach to network and mobile security please give us a call.


read more

WannaCry burst onto the world stage in May, caused incredible levels of disruption around the globe and then just as quickly died when British hacker Marcus Hutchins fortuitously found a hidden “kill switch” in the code and successfully activated it.

The destruction left in WannaCry’s path was enormous. Assets in more than 150 nations were affected as the ransomware locked up digital databases and files, demanding that ransoms be paid for their release. Notable victims included Britain’s National Health Service, Germany’s national railway and multinationals Nissan and Renault.

Unified Nations Officially Blame North Korea

In a Wall Street Journal op-ed US Department of Homeland Security Advisor Tom Bossert declared North Korea was “directly responsible” for the attack and would be held fully accountable for it.

According to CNN the United Kingdom, Microsoft, the Australian, Canadian, New Zealand and Japanese Governments all came to a similar conclusion regarding the culpability of Pyongyang.

It Could Have Been Worse, Much Worse

Had the kill switch not been found (or not ever existed!) who knows the extent of what WannaCry might have done before a different solution was discovered. One thing is clear, having a completely robust security solution in place that includes secure data backup is a must moving forward. If your current security solution is out of date or incomplete please give the Engineers at Konsultek a call. Your security is our business.


read more

In what has to be one of the most interesting cases of hacking we’ve read about this year, researchers at Twosix Labs have managed to link hacking and gun control together by hacking one of the most popular gun safes for sale on Amazon.

Another Example of a Connected Vulnerabilty

While the immediate dangers of this vulnerability are small – it’s unlikely that curious children or gun thieves are going to go through a hacking procedure to get their hands on a weapon, it is another shining example of the security tradeoffs we make almost daily for connected “convenience”.

Thermostats, garage doors, refrigerators, automobiles and yes, gun safes are now more connected than ever in our personal lives. When it comes to business, the same is true. Medical devices, manufacturing equipment, point-of-sale systems etc. are all part of larger networks within organizations and most of these networks are being accessed by mobile devices. This makes the need for robust security more important than ever and that’s why it’s good to have Konsultek on your side.

Konsultek Knows Security

No matter what your organization does or how large it is, Konsultek can identify your vulnerabilities and develop a custom security solution to address them. 2018 is predicted to be another epic year of hacks, breaches and cyber heists. Are you ready?


read more

That’s the message Britain’s National Audit Office has for the NHS and Department of Health, according to after concluding their investigation surrounding the ransomware outbreak the organizations experienced in May.

Crippled by the “Relatively Unsophisticated” WannaCry

According to an independent investigation, “basic IT security” could have avoided the calamity that resulted in 19,500 medical appointments being cancelled and 600 computers associated with surgeries being locked.

“It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice. There are more sophisticated cyber-threats out there than WannaCry so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks.”

Prevention Was Possible

88 out of 236 health trusts in England had an “on-site cybersecurity assessment” performed on them by NHS Digital prior to the attacks taking place. These assessments identified vulnerabilities and recommended remedial actions that unfortunately were not followed.

Identify Vulnerabilities then Act!

The experience of the NHS and Department of Health provides an instructive lesson in how not to handle cybersecurity. The key to preventing breaches and securing networks is to identify vulnerabilities and then eliminate them before they can be exploited.

Konsultek offers a variety of vulnerability assessments to help organizations of all types and sizes identify their network vulnerabilities. These vulnerabilities are then eliminated as part of the customized security solution that is put in place. If your organization hasn’t undergone a pre-emptive vulnerability assessment, it is not too late! The information you learn could prevent a breach and as we always stress, prevention is far less expensive than cure when it comes to cybersecurity.


read more

Yesterday reported that they had in their possession a report from FireEye which shows that North Korean hackers have been spearphishing electric utilities in the US.

We can only assume that such campaigns are being launched in an attempt to gain access to the grid with the intention of possibly disrupting it. We reported on just such a scenario just a month ago in our blog post Hackers Appear Ready to Turn Off the Lights.

North Korea has proven itself to be a vexing cyber opponent and has been a continual source of concern for neighboring South Korea for years.

Safe and Reliable Delivery Unaffected

Scott Aaronson, a top security official at the Edison Electric Institute, an industry trade group, said in a statement:

“Phishing attacks are something that electric companies prepare for and deal with on a regular basis, often in coordination with security experts and industry stakeholders. In this case, the delivery of safe and reliable energy has not been affected, and there has been no operational impact to facilities or to the systems controlling the North American energy grid.”

While this appears to be technically true, as reported previously, hackers seem to be closing in on the capability to disrupt the grid.

As Goes the Grid Goes the Economy

The prospect of a large scale power disruption is scary on both a personal and professional level. However, taking one step back and surveying the potential harm to the larger economy is even more frightening. We’ve been reporting on the estimated harm of the Petya virus, cumulatively likely exceeding $1 billion dollars across just a handful of companies. What would be the economic impact of having large portions of the power grid go down for 12 hours? A day? A week?

Why Hasn’t it Happened Yet?

According to Stuart Madnick in an insightful piece on, there are three conditions necessary for an attack such as this to occur:: opportunity, capability, and motivation. We have on this blog alone provided enough evidence of opportunity and capability and the increasing tensions with North Korea may just be setting the third requirement, motivation into place.

Be Prepared

Holistic cybersecurity solutions like the ones we develop at Konsultek consider not just what impact a targeted attack might have but also what might happen if a larger disruptive event might occur. As with all aspects of network security, an ounce of prevention is worth far more than a pound of cure. If your current security provider is asking the tough “what if” questions perhaps its time you give us a call!


read more