Michigan PA 95 and PA 96 were signed into law on April 2, 2018, closing a loophole that allowed cybercriminals to possess ransomware legally according to statescoop.com. Prior to these laws taking effect cybercriminals could only be charged after a cyberattack took place even if an individual was suspected of planning an attack and indeed had possession of ransomware.

Minority Report?

The law has a bit of a Minority Report quality to it. In the 2002 film Minority Report starring Tom Cruise people could be charged for committing murder before they actually did anything because a group of gifted “pre-cogs” could look into the future and predict crimes before they happened.

While one could argue that there is no reason anyone should own ransomware unless they intend to use it, hundreds, if not thousands of security researchers might argue differently.

Just the Facts

The two laws criminalize “possession of ransomware” with the intent to use or employ that ransomware or the purpose of introduction into the computer, computer data, computer system, or computer network of another person, without authorization of the other person.”

There were more than 1,300 reported cases of ransomware attacks in Michigan in 2017, according to FBI statistics. In 2016 a ransomware attack on Lansing Power and Light in 2016 cost nearly $2 million. According to Michigan State Representative Brandt Iden it was that incident that drove ransomware law reform forward in the state legislature.

Getting Tough is the Trend

Michigan is the latest state to take large measures to address and contain cybercrime. Georgia recently developed an ”unauthorized access” computer crime bill which essentially makes it a crime to gain unauthorized access to a network under any circumstances. This has many gray-hat hackers extremely concerned since they derive their livelihood and help protect us all by gaining unauthorized access on a daily basis.

Konsultek Means Security

While cyber-crime laws can help prosecute and potentially deter cyber-crime, organizations need to make sure that they are doing their best to protect and secure their networks and data. That’s where we come in. As network security experts we develop custom, holistic security solutions for organizations of all shapes and sizes. If you and your organization are ready to take your security to the next level give us a call or hit us up on our contact form.


read more

You might assume that on one of the “Patch Tuesdays” in January that Microsoft would be updating your computer or server with their Meltdown and Spectre patches. However, according to a story on threatpost.com whether or not you get the update depends in part on who your anti-virus software provider is.

Kernel Calls are the Problem

“The main thing to know is the January patches, and currently all future security patches, will not install unless antivirus vendors take action — and some don’t want to or feel they cannot,” – Kevin Beaumont, Security Researcher

The problem, he describes, is that some anti-virus vendors are using a technique to bypass “Kernel Patch Protection by injecting a hypervisor which they use to intercept syscalls and make assumptions about memory locations — memory locations which are now changing with the Meltdown fixes.”

Microsoft said this has caused “unsupported applications” to fail.

“During testing, we discovered that some third-party applications have been making unsupported calls into Windows kernel memory that cause stop errors (also known as bluescreen errors) to occur,” Microsoft said.

NOTE: You can see whether or not your AV provider has made the requisite changes to enable the automatic patch or whether or not manual action is required here.

Konsultek’s Position

Spectre and Meltdown are serious security flaws that need to be addressed. All of our partners that are potentially affected by Spectre and Meltdown have either implemented the necessary changes to allow the “Patch Tuesday” fixes to work flawlessly with their technologies or have manual fixes available. If you are a client and have any questions please reach out to your direct contact here at Konsultek. If you are not a client and want guidance regarding Meltdown, Spectre or any other security concern please call us or fill out our contact form.


read more

According to TechRepublic.com take budgets were going to be increasing in 2017 with marked increases in security spend.

Did your organization ride this trend or buck it?

read more

In a recent Forbes.com article author Guarav Banga Founder and CEO of Balbix makes the case that the cyber security needs of all organizations fall into one of three classes.

The Needs of the Security Unready

Still an alarmingly large group, the “security unready” are represented by organizations that despite the overwhelming body of evidence regarding the need for heightened security, have implemented few if any modern security processes and technologies. For some in this class their lack of security represents a naïve, misplaced sense of “it can’t happen to me”. For others, the root cause can be traced to budgetary or talent restraints. And for still others, a sense of “if ___________ was hacked (fill in the blank with any of the day’s latest victims [SEC, Target, Home Depot…]) how am I supposed to protect my organization” leads to the conclusion that heightened security is ultimately pointless.

The Needs of the Security Mature

In this second class are those who have been playing the security game for awhile now. These can range from huge multinationals that have spent hundreds of millions bolstering their network security at one end of the spectrum to other smaller organizations whose outlay has been less but on a proportional basis have invested significantly in their security. A common theme among them is that they are often drowning in information, data and alerts to the point where it is difficult to see the forest (the REAL threat) for the trees (false positives).

The Needs of the Everybody

As citizens of the connected world we all make decisions on a daily basis that impact the security of our identies and personal information. We live in a world where better coordination amongst private, public and government organizations can help us as individuals and as members of organizations.

Konsultek Can Help No Matter Where You Fall

In reading Mr. Banga’s piece it struck me that we at Konsultek can help you no matter where you fall. For the “security unready” we can assess your vulnerability and more accurately quantify the probability and liability of a risk. If manpower or capital is a constraint our managed services model can give you access to world class security without breaking the bank.

For the “security mature” we can help put processes, protocols and technologies in place to filter out the noise and confusion, allowing you to see significant events more easily. This approach is just part of our holistic approach of prevention, detection and response built around platforms from Palo Alto, FireEye, Firemon, CheckPoint and Forescout.

For the “everybody” we are strongly committed to building a security culture not only in the organizations we work with daily, but as citizens of the wider community. This blog is just one example of how we continually strive to educate and inform everyday people on what is happening in the world of security.

Have a network security or need? Give us a call. Our team is always happy to help!


read more

Most frequently when hacks and breaches are discussed in the news and on this blog the focus is on the quantity and quality of the information lost.  How many records? What type of information?

But there is another side to the aftermath of a breach that gets less coverage, is a bit harder to quantify and doesn’t make for quite as exciting headlines. That is the impact that a breach can have on your brand and its reputation.

Damage to Brand Reputation #1 Concern

Buried in the 29 pages of this year’s The Imperative to Raise Enterprise Risk Intelligence from the Ponemon Institute was the chart below:







Source: Ponemon Institute

So while organizations fear a cybersecurity breach and cybersecurity breaches can have huge financial ramifications as Home Depot, Target, FedEx and Maersk can attest, the fear of reputation damage is even greater!

Does a Cyber Breach Damage Reputation?

The simple answer is yes! Both reputation and customer trust are compromised when there is a security breach and this is true for organizations of all sizes. As Tim Critchley, CEO of Semafone said in CSOOnline last year

“…the reputational damage suffered by companies who fail to protect personal data can translate directly into a loss of business”

This sentiment is further supported by the Forbes report FALLOUT THE REPUTATIONAL IMPACT OF IT RISK.  A breach can have a long-lasting impact on customer trust, repeat purchase behavior and loyalty.

Konsultek Can Help

When it comes to IT security and reputation, prevention is better than cure. As a leader in customized security solutions, Konsultek can help your organization protect your data assets which will in turn help protect your reputation. Give us a call today to discuss your organization’s concerns and how one of our unique solutions can help.


read more

Rather than write the 1000th post about WannaCry (although our Partners at Proofpoint, their Engineer Darien Huss and a fellow called MalwareTech deserve a serious shout-out from the world for stopping WannaCry) I decided to cover something with potentially huge financial implications that has virtually gone under the radar by comparison.

While WannaCry was grabbing the cybersecurity headlines for the week, it turns out that online signature giant DocuSign was more quietly and in a rather methodical fashion, publicly disclosing the details of a significant and serious cyberbreach themselves.

Here’s an abbreviated timeline of what we know so far from DocuSign themselves.

Update 5/9/2017 – Malicious Email Campaign

DocuSign is tracking a malicious email campaign where the subject reads: “Completed: docusign.com – Wire Transfer Instructions for recipient-name Document Ready for Signature”.

The email contains a link to a downloadable Word Document which is designed to trick the recipient into running what’s known as macro-enabled-malware.

Update 5/15/2017 – Malicious Email Campaign

DocuSign is tracking a malicious email campaign where the subject reads: Completed *company name* – Accounting Invoice *number* Document Ready for Signature;The email contains a link to a downloadable Word Document which is designed to trick the recipient into running what’s known as macro-enabled-malware.

These emails are not associated with DocuSign. They originate from a malicious third-party using DocuSign branding in the headers and body of the email. The emails are sent from non-DocuSign-related domains including dse@docus.com. Legitimate DocuSign signing emails come from @docusign.com or @docusign.net email addresses.

Update 5/15/2017 – Latest update on malicious email campaign

Last week and again this morning, DocuSign detected an increase in phishing emails sent to some of our customers and users – and we posted alerts here on the DocuSign Trust Site and in social media. The emails “spoofed” the DocuSign brand in an attempt to trick recipients into opening an attached Word document that, when clicked, installs malicious software. As part of our process in response to phishing incidents, we confirmed that DocuSign’s core eSignature service, envelopes and customer documents remain secure.

However, as part of our ongoing investigation, today we confirmed that a malicious third party had gained temporary access to a separate, non-core communication system used for service-related announcements that contained a list of email addresses. A complete forensic analysis has confirmed that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.

Update 5/16/2017 @ 8:55 Pacific Time – Key Update on Malicious Campaign

Q: Have the email addresses of my employees, customers or customers’ customers been exposed as part of this incident?
A: As part of our ongoing investigation, we can now confirm that no signers were on the list of email addresses that was accessed maliciously unless they had signed up for a DocuSign account. That could include direct DocuSign customers; someone who signed a document and elected to open a DocuSign account; or someone who signed up for a DocuSign freemium account – via docusign.com, through a partner integration, or via the DocuSign mobile client.

Update 5/17/2017 @ 1:02 PM Pacific Time – New Phishing Campaign Discovered Today

DocuSign has observed a new phishing campaign that began the morning of May 16 (Pacific Time). The email comes from “dse@dousign.com” with the subject “Legal acknowledgement for <person> Document is Ready for Signature” and it contains a link to a malicious, macro-enabled Word document. We suggest you do not open this email, but rather delete it immediately.

The Ultimate Phishing Scam?

This may very well be the ultimate spear phishing campaign. While the number of email addresses compromised has not been disclosed, we can assume it is A LOT and a considerable portion of those affected routinely use DocuSign multiple times a month, if not weekly or daily. Since DocuSign emails are both expected and “trusted” we can only further assume that these phishing campaigns are being effective. No official report on just how effective, so far, but perhaps we’ll get an update further details emerge.

It seems likely that this scam will continue for a very long time given that DocuSign reportedly has 100 million users.

The Lesson You Can Learn

“However, as part of our ongoing investigation, today we confirmed that a malicious third party had gained temporary access to a separate, non-core communication system used for service-related announcements that contained a list of email addresses.” (Emphasis added)

The lesson to be learned here is that in today’s world no part of your network can be considered “non-core” when it comes to security. If the data is worth saving within your network, it is worth protecting!

Konsultek and Its Partners

Konsultek and its partners like Proofpoint, CheckPoint, ForeScout, CarbonBlack and many others work together to build custom security solutions for businesses of all sizes in all markets. When you’re ready to learn about your network vulnerabilities and how to correct them please give us a call.


read more

The 2017 Cisco Annual Cybersecurity report was just published. Weighing in at 110 pages and filled with detailed analysis, this is a report that should be downloaded and reviewed by anyone with an interest in the ever changing cybersecurity landscape.

Here are some of the major findings outlined in the report:

● The top constraints to adopting advanced security products and solutions, according to the benchmark study, are budget (cited by 35 percent of the respondents), product compatibility (28 percent), certification (25 percent), and talent (25 percent).

● The Cisco 2017 Security Capabilities Benchmark Study found that, due to various constraints, organizations can investigate only 56 percent of the security alerts they receive on a given day. Half of the investigated alerts (28 percent) are deemed legitimate; less than half (46 percent) of legitimate alerts are remediated. In addition, 44 percent of security operations managers see more than 5000 security alerts per day.

● Twenty-seven percent of connected third-party cloud applications introduced by employees into enterprise environments in 2016 posed a high security risk. Open authentication (OAuth) connections touch the corporate infrastructure and can communicate freely with corporate cloud and software-as-a-service (SaaS) platforms after users grant access.  See our previous post on private vs. public cloud

● According to the Security Capabilities Benchmark Study, organizations that have not yet suffered a security breach may believe their networks are safe. This confidence is probably misplaced, considering that 49 percent of the security professionals surveyed said their organizations have had to manage public scrutiny following a security breach. 6 Executive Summary and Major Findings Cisco 2017 Annual Cybersecurity Report

● The Cisco 2017 Security Capabilities Benchmark Study also found that nearly a quarter of the organizations that have suffered an attack lost business opportunities. Four in 10 said those losses are substantial. One in five organizations lost customers due to an attack, and nearly 30 percent lost revenue.

● When breaches occur, operations and finance were the functions most likely to be affected (36 percent and 30 percent, respectively), followed by brand reputation and customer retention (both at 26 percent), according to respondents to the benchmark study.

● Network outages that are caused by security breaches can often have a long-lasting impact. According to the benchmark study, 45 percent of the outages lasted from 1 to 8 hours; 15 percent lasted 9 to 16 hours, and 11 percent lasted 17 to 24 hours. Fortyone percent (see page 55) of these outages affected between 11 percent and 30 percent of systems. See our recent post on Business Continuity

● The 2017 Security Capabilities Benchmark Study found that most organizations rely on third-party vendors for at least 20 percent of their security, and those who rely most heavily on these resources are most likely to expand their use in the future. Review Konsultek’s Managed Security Services

Konsultek Knows Security

When it comes to protecting organizational assets within your network, Konsultek shines. Our engineers’ consultative approach to security means that every organization gets the custom security solution that is right for them, not some off the shelf bundle of products. If you are ready to learn how you can take your organization’s network security to the next level, give us a call.


read more

Harvard Business Review recently published a very insightful piece I highly recommend you read in its entirety called “Cybersecurity’s Human Factor: Lessons from the Pentagon” .

For those of you who just want the highlights, here is a quick synopsis of what I found to be the most fascinating aspects of the article.

From Bumbling Colossus to Nimble Defender

In the not-so-long-ago dark days of network security, the US military struggled to identify and defend against threats.  All that has changed and from September 2014 to June 2015 the military rebuffed 30 million malicious attacks! Still a few got through but only 0.1% compromised systems in any way. An impressive record given the State sponsored adversaries the military must repel day in and day out.

While technical fortifications are important, what has really set the military on its trajectory to invulnerability has been its focus on eliminating human error. If you have read this blog for any length of time you know that we consistently emphasize not only the best technology but also the best in processes for this very reason.

Learning from the Admiral Himself

The US Navy Nuclear program has long been the quintessential example of a well-run, mistake free organization, what is nowadays referred to as an HRO or High Reliability Organization. The fundamental principles of the Navy Nuke program have since been transferred to other industries such as airlines, air traffic control, space flight and others. Admiral Hyman Rickover, the “Father of the Nuclear Navy” demanded excellence and adherence to process and for the span of his career personally interviewed all applying Officer Candidates.

Six Principles Every Organization Should Adopt to Ensure Security

1. Integrity – Never depart from protocols and report errors immediately

2. Depth of Knowledge – Fully understand the system’s you are responsible and their vulnerabilities

3. Procedural Compliance – Follow protocols to the letter

4. Forceful Backup – All critical activities should be closely monitored

5. A questioning Attitude – While unquestioning compliance to procedure is necessary questioning things that appear outside of the norm is equally important

6. Formality in Communication – Familiarity and slang lead to miscommunication, Formality in communication eliminates these misunderstandings.

Examples of Cyber Security Failures and the Policies that Were Violated

What the authors have found is that Cybersecurity breaches caused by human mistakes nearly always involve the violation of one or more of these six principles.  As you read them you will undoubtedly recognize some of the same behaviors in your own organization or at least easily imagine that they might very well be happening without your knowledge.

Here’s a sample of some the Defense Department uncovered during routine testing exercises:

  • A polite headquarters staff officer held the door for another officer, who was really an intruder carrying a fake identification card. Once inside, the intruder could have installed malware on the organization’s network. Principles violated: procedural compliance and a questioning attitude.
  • A system administrator, surfing the web from his elevated account, which had fewer automatic restrictions, downloaded a popular video clip that was “viral” in more ways than one. Principles violated: integrity and procedural compliance.
  • A staff officer clicked on a link in an e-mail promising discounts for online purchases, which was actually an attempt by the testers to plant a phishing back door on her workstation. Principles violated: a questioning attitude, depth of knowledge, and procedural compliance.
  • A new network administrator installed an update without reading the implementation guide and with no supervision. As a result, previous security upgrades were “unpatched.” Principles violated: depth of knowledge, procedural compliance, and forceful backup.
  • A network help desk reset a connection in an office without investigating why the connection had been deactivated in the first place—even though the reason might have been an automated shutdown to prevent the connection of an unauthorized computer or user. Principles violated: procedural compliance and a questioning attitude.

A Holistic Approach

At Konsultek we don’t just slap in “black boxes” and hope that security happens. Sure we build custom technical solutions that utilize the best technology available, but we also work outside the IT department to make sure that the business processes are in place to limit the impact of human error on the security of your information and network. If you are looking to upgrade your security, give us a call and begin a dialogue with us.


read more

As discussed repeatedly on this blog through the years there is no “magic” box that can be plugged into your network to guarantee invulnerability to hacking and 100% uptime. If it were that simple Amazon.com would carry the boxes and there would be no need for Konsultek and its technology partners such as Fortinet.

Having a secure network is paramount for business success today. Whether you are an law office, school, university or healthcare provider you need to be able to securely sen and and receive email, transfer funds, manage inventory and access records. In many cases these capabilities must be available 24X7X365 and that means that holistic network security is essential for business continuity.

The Fortinet Fabric

What we really like about Fortinet and the capabilities we can bring to customers via Konsultek’s customized security solutions is how their security solutions “fabric” helps ensure seamless coverage across the complete network.

As they put it on their website:
“Fortinet is the only company with security solutions for network, endpoint, application, data center, cloud, and access designed to work together as an integrated and collaborative security fabric. This also means we are the only company that can truly provide you with a powerful, integrated end-to-end security solution across the entire attack surface along any point along the kill chain.

Simply deploying security end to end is not enough. These solutions must work together to form a cooperative fabric, spanning the entire network, linking different security sensors and tools together to collect, coordinate, and respond to any potential threat. And it must do this wherever it occurs, in real time, with no network slowdowns.”

When deployed in existing networks Fortinet overlays on your existing patchwork quilt of security solutions and turns them into a high performance security fabric. This enhances network visibility and security by effectively securing the gaps and seams that previously existed between your specific network security measures.

Meet Fortinet at Texas Holdem

The Fortinet team will be attending our Annual Texas Holdem event on Thursday, Oct 20th at the Abbington Banquets in Glen Ellyn. Doors open at 3:30.
Please sign up here.


We look forward to seeing you there!

read more