WannaCry burst onto the world stage in May, caused incredible levels of disruption around the globe and then just as quickly died when British hacker Marcus Hutchins fortuitously found a hidden “kill switch” in the code and successfully activated it.

The destruction left in WannaCry’s path was enormous. Assets in more than 150 nations were affected as the ransomware locked up digital databases and files, demanding that ransoms be paid for their release. Notable victims included Britain’s National Health Service, Germany’s national railway and multinationals Nissan and Renault.

Unified Nations Officially Blame North Korea

In a Wall Street Journal op-ed US Department of Homeland Security Advisor Tom Bossert declared North Korea was “directly responsible” for the attack and would be held fully accountable for it.

According to CNN the United Kingdom, Microsoft, the Australian, Canadian, New Zealand and Japanese Governments all came to a similar conclusion regarding the culpability of Pyongyang.

It Could Have Been Worse, Much Worse

Had the kill switch not been found (or not ever existed!) who knows the extent of what WannaCry might have done before a different solution was discovered. One thing is clear, having a completely robust security solution in place that includes secure data backup is a must moving forward. If your current security solution is out of date or incomplete please give the Engineers at Konsultek a call. Your security is our business.

 

read more

In what has to be one of the most interesting cases of hacking we’ve read about this year, researchers at Twosix Labs have managed to link hacking and gun control together by hacking one of the most popular gun safes for sale on Amazon.

Another Example of a Connected Vulnerabilty

While the immediate dangers of this vulnerability are small – it’s unlikely that curious children or gun thieves are going to go through a hacking procedure to get their hands on a weapon, it is another shining example of the security tradeoffs we make almost daily for connected “convenience”.

Thermostats, garage doors, refrigerators, automobiles and yes, gun safes are now more connected than ever in our personal lives. When it comes to business, the same is true. Medical devices, manufacturing equipment, point-of-sale systems etc. are all part of larger networks within organizations and most of these networks are being accessed by mobile devices. This makes the need for robust security more important than ever and that’s why it’s good to have Konsultek on your side.

Konsultek Knows Security

No matter what your organization does or how large it is, Konsultek can identify your vulnerabilities and develop a custom security solution to address them. 2018 is predicted to be another epic year of hacks, breaches and cyber heists. Are you ready?

 

read more

That’s the message Britain’s National Audit Office has for the NHS and Department of Health, according to theguardian.com after concluding their investigation surrounding the ransomware outbreak the organizations experienced in May.

Crippled by the “Relatively Unsophisticated” WannaCry

According to an independent investigation, “basic IT security” could have avoided the calamity that resulted in 19,500 medical appointments being cancelled and 600 computers associated with surgeries being locked.

“It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice. There are more sophisticated cyber-threats out there than WannaCry so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks.”

Prevention Was Possible

88 out of 236 health trusts in England had an “on-site cybersecurity assessment” performed on them by NHS Digital prior to the attacks taking place. These assessments identified vulnerabilities and recommended remedial actions that unfortunately were not followed.

Identify Vulnerabilities then Act!

The experience of the NHS and Department of Health provides an instructive lesson in how not to handle cybersecurity. The key to preventing breaches and securing networks is to identify vulnerabilities and then eliminate them before they can be exploited.

Konsultek offers a variety of vulnerability assessments to help organizations of all types and sizes identify their network vulnerabilities. These vulnerabilities are then eliminated as part of the customized security solution that is put in place. If your organization hasn’t undergone a pre-emptive vulnerability assessment, it is not too late! The information you learn could prevent a breach and as we always stress, prevention is far less expensive than cure when it comes to cybersecurity.

 

read more

Yesterday NBCNews.com reported that they had in their possession a report from FireEye which shows that North Korean hackers have been spearphishing electric utilities in the US.

We can only assume that such campaigns are being launched in an attempt to gain access to the grid with the intention of possibly disrupting it. We reported on just such a scenario just a month ago in our blog post Hackers Appear Ready to Turn Off the Lights.

North Korea has proven itself to be a vexing cyber opponent and has been a continual source of concern for neighboring South Korea for years.

Safe and Reliable Delivery Unaffected

Scott Aaronson, a top security official at the Edison Electric Institute, an industry trade group, said in a statement:

“Phishing attacks are something that electric companies prepare for and deal with on a regular basis, often in coordination with security experts and industry stakeholders. In this case, the delivery of safe and reliable energy has not been affected, and there has been no operational impact to facilities or to the systems controlling the North American energy grid.”

While this appears to be technically true, as reported previously, hackers seem to be closing in on the capability to disrupt the grid.

As Goes the Grid Goes the Economy

The prospect of a large scale power disruption is scary on both a personal and professional level. However, taking one step back and surveying the potential harm to the larger economy is even more frightening. We’ve been reporting on the estimated harm of the Petya virus, cumulatively likely exceeding $1 billion dollars across just a handful of companies. What would be the economic impact of having large portions of the power grid go down for 12 hours? A day? A week?

Why Hasn’t it Happened Yet?

According to Stuart Madnick in an insightful piece on HBR.org, there are three conditions necessary for an attack such as this to occur:: opportunity, capability, and motivation. We have on this blog alone provided enough evidence of opportunity and capability and the increasing tensions with North Korea may just be setting the third requirement, motivation into place.

Be Prepared

Holistic cybersecurity solutions like the ones we develop at Konsultek consider not just what impact a targeted attack might have but also what might happen if a larger disruptive event might occur. As with all aspects of network security, an ounce of prevention is worth far more than a pound of cure. If your current security provider is asking the tough “what if” questions perhaps its time you give us a call!

 

read more

In an interview with Wired.co.uk, McAfee Chief Scientist, Raj Samani, shared a handful of interesting reasons why cyber-security should be getting more attention than ever in organizations of all sizes. Here are three of his more interesting thoughts.

Reason 1 – Everyone’s a Target

“Everybody’s a target. Everyone is,” he says. “Small-to-medium-sized businesses, some [of them] say, ‘well, cybersecurity isn’t big for us – we’re a small company, nobody would hit us.’ Well, you know what? That approach now has to change.

Reason 2 – The Barrier to Cyber-Crime Entry is Lower than Ever Before

“I don’t think just because you’re a small business you’re going to facing low-level stuff – I think you could be facing some pretty good stuff. It’s easy to do now. If I wanted to go out and compromise you, your life and everything about you, I could go onto Facebook, find out what [you] like, what football clubs [you] support, where you used to work, then I send you an e-mail and make it look convincing… I can do that in, what, eight minutes? Five minutes? I can find out everything about your life. So the technical barriers required to become a cybercriminal are the lowest they’ve ever been – and then continue to fall every single day.”

Reason 3 – The Attack Surface for Companies and Individuals is Growing

The attack surface for the average person – as an individual, or an employee and potential weak point in a company’s digital security structure – has grown in-line with smartphones, smart TVs, and the current dawn of in-home personal assistants like Amazon’s Alexa or Google Home.

Konsultek Knows Security

The three reasons given above are just a few of the reasons we at Konsultek emphasize a solutions approach that examines your business processes in relation to network security. Our consultative approach to security starts with understanding your assets, processes and potential vulnerabilities before crafting a customized solution.
Simply slapping hardware or software in place is not sufficient, even for the smallest of organizations.

Make Sense? Give us a call to learn more about our sophisticated, yet common sense solutions to network security and infrastructure optimization.

read more

In an earlier post we discussed the impact Petya was having on the profits of multinationals that had fallen victim. Today, according to Bloomberg news we learned:

A.P. Moller-Maersk A/S said a cyberattack that hit the owner of the world’s biggest container shipping company at the end of June will wipe as much as $300 million off profits in the third quarter.”

Maersk, like the other victims found much of its IT systems crippled by Petya. This prevented the world’s largest shipping company from taking orders for several days.

“These system shutdowns resulted in significant business interruption during the shutdown period,” Maersk reported. The financial impact in the second quarter was “limited,” but “the impact in the third quarter is larger, due to temporary lost revenue in July,” it said.

According to Maersk, the Petya attack’s impact was confined to operational difficulties and there was no loss of data.

3 Other’s Lose Millions as Well

Reckitt Benckiser, has put some more exact figures to their Petya related losses. The U.K.-based consumer products conglomerate reported last week that the Petya disruption would trim a whopping 90 million pounds from its projected 2017 sales. Petya disrupted 2,000 company servers and temporarily disabled 15,000 company laptops.

Beiersdorf AG , best known for its Nivea skin-cream brand has reported a Petya related cost of 35 million euros ($41.5 million) in first-half sales. Further costs will likely be attributed to the attack once the impact of held inventory and disrupted production is full quantified.

Cie. de Saint-Gobain, the French building materials manufacturer  has reported the cyber-attack would lower sales about 250 million euros in 2017 year.

Some European Companies Get Proactive

Companies are now piling up the sandbags” as reported in a related article on Bloomberg.com in which several companies described proactive measures they are taking in advance of the next cyber-threat to land at their doorstep.

Two examples are, Germany’s national Deutsche Bahn railroad which created a “cyber rapid deployment force” of highly trained IT specialists with computer-threat experience to be available around the clock against future attacks, a spokesman said. And U.K. advertising agency WPP Plc . They plan to increase their investment in IT security after Petya spread across the agency.

Prevention is Better than Cure

Petya, WannaCry and other cyber-attacks can be enormously costly and yet, once the forensics have been done they often show that the attack could have been prevented had a well-managed, holistic security plan been in place. At Konsultek, we’ve been designing and implementing such plans for organizations ranging in size from small medical offices to large, mulit-national airlines.

The time to begin discussions about improving your network security is today, before you and your organization have a revenue and profit disrupting event. Please give us a call, our security team is always ready to listen to your unique situation.

 

read more

GhostCtrl Android Malware is Downright Scary

On July 20th, 2017, posted in: Hackers by konweb

Remember that time you let your tween borrow your phone and they “helped” you out by downloading WhatsApp for you? Well let’s hope what they downloaded was a legitimate copy of the app from a legitimate source or you may now be unwittingly sharing way more of your personal life with total strangers than you ever thought possible!

Dubbed GhostCtrl by the researchers at Trend Micro who first caught it in the wild, this nasty little malware beast, which typically masquerades as popular apps such as WhatsApp and Pokémon Go can give the hackers who unleashed it unprecedented control over a victim’s device.

A Rapidly Evolving Scary Ghost

GhostCtrl continues to evolve and there are at least 3 versions operating in the wild right now.  The first iteration steals information and controls some of the devices function, the second added the ability to hack more features and according to Trend Micro, “The third iteration combines the best of the earlier versions’ features—and then some.”

Based upon clues in its source code, GhostCtrl appears to be a scion of OmniRAT, the commercially sold Remote Access Tool that allows the takeover of Windows, Linux and Mac systems with the push of an Android button.

You Will Obey My Commands

Like some evil hypnotist, GhostCtrl can make the victim’s device do virtually anything the hacker wants it to do by sending commands from a remote control server.

Here is a partial but frightening list of those commands:

  • ACTION CODE =10, 11: Control the Wi-Fi state
  • ACTION CODE= 34: Monitor the phone sensors’ data in real time
  • ACTION CODE= 37: Set phone’s UiMode, like night mode/car mode
  • ACTION CODE= 41: Control the vibrate function, including the pattern and when it will vibrate
  • ACTION CODE= 46: Download pictures as wallpaper
  • ACTION CODE= 48: List the file information in the current directory and upload it to the C&C server
  • ACTION CODE= 49: Delete a file in the indicated directory
  • ACTION CODE= 50: Rename a file in the indicated directory
  • ACTION CODE= 51: Upload a desired file to the C&C server
  • ACTION CODE= 52: Create an indicated directory
  • ACTION CODE= 60: Use the text to speech feature (translate text to voice/audio)
  • ACTION CODE= 62: Send SMS/MMS to a number specified by the attacker; the content can also be customized
  • ACTION CODE= 68: Delete browser history
  • ACTION CODE= 70: Delete SMS
  • ACTION CODE= 74: Download file
  • ACTION CODE= 75: Call a phone number indicated by the attacker
  • ACTION CODE= 77: Open activity view-related apps; the Uniform Resource Identifier (URI) can also be specified by the attacker (open browser, map, dial view, etc.)
  • ACTION CODE= 78: Control the system infrared transmitter
  • ACTION CODE= 79: Run a shell command specified by the attacker and upload the output result

With this type of control the hackers can choose to be a nuisance, ransomer, evil spy or blackmailer depending upon their motives.

Scared? Who ya Gonna Call?

When it comes to mobile security, BYOD security and Network security our engineers are real life “ghost” busters who can develop comprehensive and holistic security solutions for your organization. So, who ya gonna call? Call Konsultek!

 

read more

In a recently released report on crime in the United Kingdom, the UK’s National Crime Agency breaks serious and organized crime into three principle categories, Vulnerabilities, Prosperity and Commodities.

A Crime of Prosperity

According to the National Strategic Assessment of Serious and Organised Crime, Cyber Crime, once a relatively benign area of crime whose offenders were solo techno-geeks has matured into a full-fledged organized crime alongside activities such as:

  • Money Laundering
  • Fraud and Other Economic Crime
  • Bribery, Corruption and Sanctions Abuse.

Cyber Crime and Technology Enable Fraud

The report notes that fraud in the UK is increasing and it is estimated that losses could be as much as GBP 193 billion. UK residents are now more likely to be a victim of fraud than any other type of crime. The use of malware and phishing emails to obtain customers’ details is a key driver of fraud.  And, it is probable that new technology value transfer methods (you have to love how the British can make even hacking sound cool!) will increase in criminal use as their popularity for legitimate use increases.

Cyber Crime In the UK Similar the USA

It is interesting to note that the findings of this report, specific to the UK, are quite similar to what we are experiencing in the USA. For example, the most competent cyber criminals are moving towards targeting businesses as the potential for higher returns on investment is much greater. Readily available hacking toolkits and ransomware are making it easier for less sophisticated individuals and organizations to enter the cyber crime space.

Some Businesses Stockpiling Bitcoins

One very interesting finding in the report that I have never seen documented anywhere else is their finding #79…

“79. A survey of security professionals by industry identified that some businesses are stockpiling bitcoins in anticipation of a ransomware attack. Ransomware has become one of the most profitable malware types in history. Its success is best illustrated by the sharp increase of varieties in the marketplace.”

Konsultek Knows Security

Konsultek’s UK office enables us to respond to the needs of our European clients quickly and efficiently. So whether your organization is located in the UK or continental Europe our expertise is ready to be deployed to help your organization become more secure.

 

read more

Having your sensitive information held for ransom is never good. But what if your sensitive data were the before and after pictures of tens of thousands of plastic surgery patients that had entrusted their bodies, faces and privacy to your clinic?

How much ransom would you pay to keep your patients most intimate secrets private? That is exactly the dilemma facing the Lithuainian based Grozio Chirurgija clinic and its director Jonas Staikunas according to the BBC. And apparently the ransom demanded was more than the director was willing to pay…

 

“An Outrageous Fee”

The breach, perpetrated by the Tsar Team, this April was quickly followed up with a ransom demand the group called “a small penalty fee” – 344,000 Euros – for having a vulnerable network.

On Tuesday this week the images were made public after the clinic refused to pay the ransom. On or about the same time, the hackers started contacting individuals with compromised images directly demanding smaller, single serving ransoms of up to $2,000 Euro.  Tsar Team has also lowered the demands for the whole database to 133,500 Euro stating “a lot of people have paid us to delete their data.”

Medical Facilities Will Continue to be Targeted

With their highly sensitive and personal data, as well as life-support systems ripe for extortion, medical facilities will continue to be targeted by opportunistic cyber-thieves looking to cash in. The recent ransoms of the MedStar Health Network and the Hollywood Presbyterian Medical Center in Los Angeles are just two of the more well publicized breaches. On the heels of WannaCry, you can bet there will be more.

Konsultek Can Help

Our custom security solutions for the medical industry help eliminate the vulnerabilities cyber-criminals use to gain access to sensitive data. So, if you don’t “wanna cry” over lost records or ransoms, please give us a call. Our experienced team is ready to help get your network secure and make sure you never have to cry or shed a tear again!

 

read more

Symantec’s 2017 Internet Security Threat Report (ISTR) lists the Services Industry at the top of its 2016 list of most hacked industries followed by Finance, Insurance, & Real Estate. These two industries were at the top of the list for 2015 showing that their popularity with cyber-criminals has not waned.

Drilling down to a more granular level we see that specifically, Business Services and Health Services top the charts. Given the strict reporting requirements in the healthcare segment it is really no surprise to see this niche at the top of the list. Business Services, a still rather broad sub-niche, tops the list accounting for nearly a quarter of all incidents.

Some Historical Perspective

According to Symantec’s data, by the end of 2016 over 7 billion identities have been stolen over the last 8 years! That is nearly 1 identity for every single living person on the planet.

Looking at just the past 3 years, the trend in breach and data loss looks like this:

At first glance 2015’s Identities Stolen figure might seem like a misprint with approximately half the identities stolen as compared to 2014 and 2016. But as the chart below shows, major breaches just on either side of 2015 led to the spikes in its neighboring years.

2014 of course reflects both the Home Depot and Target breaches while 2016 includes the mega breach of Friend Finder Networks.

You have a friend in Konsultek

No matter what your industry or your business size, Konsultek can help you secure your business network and data. Our custom solutions are both robust and cost effective and our suite of managed services give even the smallest organizations access to world class security solutions with little to no capital expense. Gives us a call and learn more about our free vulnerability assessments.

Symantec’s 2017 Internet Security Threat Report (ISTR) lists the Services Industry at the top of its 2016 list of most hacked industries followed by Finance, Insurance, & Real Estate. These two industries were at the top of the list for 2015 showing that their popularity with cybercriminals has not waned.

 

Drilling down to a more granular level we see that specifically, Business Services and Health Services top the charts. Given the strict reporting requirements in the healthcare segment it is really no surprise to see this niche at the top of the list. Business Services, a still rather broad sub-niche, tops the list accounting for nearly a quarter of all incidents.

Some Historical Perspective

According to Symantec’s data, by the end of 2016 over 7 billion identities have been stolen over the last 8 years! That is nearly 1 identity for every single living person on the planet.

Looking at just the past 3 years, the trend in breach and data loss looks like this:

At first glance 2015’s Identities Stolen figure might seem like a misprint with approximately half the identities stolen as compared to 2014 and 2016. But as the chart below shows, major breaches just on either side of 2015 led to the spikes in its neighboring years.

2014 of course reflects both the Home Depot and Target breaches while 2016 includes the mega breach of Friend Finder Networks.

You have a friend in Konsultek

No matter what your industry or your business size, Konsultek can help you secure your business network and data. Our custom solutions are both robust and cost effective and our suite of managed services give even the smallest organizations access to world class security solutions with little to no capital expense. Gives us a call and learn more about our free vulnerability assessments.

read more