In two prior posts we have discussed the impact Petya has been having on the profits of multinationals that had fallen victim. Last week, according to Bloomberg, FedEx announced it would be reducing its profit forecast by $300 million because of the impact Petya had on its Europe based TNT Express business unit.

Most Operations Restored by Quarter’s End

Operations returned mostly to normal by the end of the 3rd quarter but the logistics giant confirmed that when Petya’s crippling effect was at its peak they were forced to process some transactions by hand. The $300 million dollar hit to profits reflects a combination of lost sales, recovery costs and “stepped up” technology investments.

Relatively Isolated Impact

Fortunately for the logistics behemoth, FedEx’s broader global business was not impacted by the Petya attack which has had its ingress traced back to tax software used in the Ukraine. Still the impact of the Petya virus has been substantial and has accelerated the technology integration of TNT with FedEx’s Express air-shipping unit in an effort to get away from the legacy IT systems that were inherited.

Far Worse than Wanna Cry

We’ve reported previously that Petya has been far more disruptive and costly than WannaCry to large companies and FedEx provides a particularly useful case study since the company has been hit by both. In May, WannaCry came calling on FedEx and reportedly “didn’t cause a material disruption to its systems or raise operating costs”, according to Bloomberg.

Prevention is Better than Cure

Petya, WannaCry and other cyber-attacks can be enormously costly and yet, once the forensics have been done they often show that the attack could have been prevented had a well-managed, holistic security plan been in place. At Konsultek, we’ve been designing and implementing such plans for organizations ranging in size from small medical offices to large, mulit-national airlines.

The time to begin discussions about improving your network security is today, before you and your organization have a revenue and profit disrupting event. Please give us a call, our security team is always ready to listen to your unique situation.

 

read more

In an earlier post we discussed the impact Petya was having on the profits of multinationals that had fallen victim. Today, according to Bloomberg news we learned:

A.P. Moller-Maersk A/S said a cyberattack that hit the owner of the world’s biggest container shipping company at the end of June will wipe as much as $300 million off profits in the third quarter.”

Maersk, like the other victims found much of its IT systems crippled by Petya. This prevented the world’s largest shipping company from taking orders for several days.

“These system shutdowns resulted in significant business interruption during the shutdown period,” Maersk reported. The financial impact in the second quarter was “limited,” but “the impact in the third quarter is larger, due to temporary lost revenue in July,” it said.

According to Maersk, the Petya attack’s impact was confined to operational difficulties and there was no loss of data.

3 Other’s Lose Millions as Well

Reckitt Benckiser, has put some more exact figures to their Petya related losses. The U.K.-based consumer products conglomerate reported last week that the Petya disruption would trim a whopping 90 million pounds from its projected 2017 sales. Petya disrupted 2,000 company servers and temporarily disabled 15,000 company laptops.

Beiersdorf AG , best known for its Nivea skin-cream brand has reported a Petya related cost of 35 million euros ($41.5 million) in first-half sales. Further costs will likely be attributed to the attack once the impact of held inventory and disrupted production is full quantified.

Cie. de Saint-Gobain, the French building materials manufacturer  has reported the cyber-attack would lower sales about 250 million euros in 2017 year.

Some European Companies Get Proactive

Companies are now piling up the sandbags” as reported in a related article on Bloomberg.com in which several companies described proactive measures they are taking in advance of the next cyber-threat to land at their doorstep.

Two examples are, Germany’s national Deutsche Bahn railroad which created a “cyber rapid deployment force” of highly trained IT specialists with computer-threat experience to be available around the clock against future attacks, a spokesman said. And U.K. advertising agency WPP Plc . They plan to increase their investment in IT security after Petya spread across the agency.

Prevention is Better than Cure

Petya, WannaCry and other cyber-attacks can be enormously costly and yet, once the forensics have been done they often show that the attack could have been prevented had a well-managed, holistic security plan been in place. At Konsultek, we’ve been designing and implementing such plans for organizations ranging in size from small medical offices to large, mulit-national airlines.

The time to begin discussions about improving your network security is today, before you and your organization have a revenue and profit disrupting event. Please give us a call, our security team is always ready to listen to your unique situation.

 

read more

While targeted attacks on the medical profession have been splashed across the headlines with  regularity over the past few years, less hoopla has been raised about another profession that may be just as lucrative for hackers and cyber criminals – the legal profession.

With the exception of the “Panama Papers” leak at international law firm Mossack Fonseca the news has been relatively devoid of law related hacks. However, we expect to see that change because law firms make very attractive targets for hackers.

Why? A couple main reasons come to mind.

1. By their very nature, law firms deal with highly sensitive and confidential information. Also, security at law firms (and I’m generalizing here) tends to be lax when compared to medical firms of a similar size. Medical firms have had to deal with HIPPA since 1996 and that has prompted them to have a more security oriented mindset.

2. Law firms, especially small to midsize firms, often don’t have the resources internally to create and manage a top-notch security program.

DLA Piper Succumbs to Petya

In late July we saw a second large law firm hit with an attack. The $2.5B law firm DLA Piper didn’t have documents leaked, but rather had them held for ransom or wiped entirely when they were infected with the Petya virus which we have previously discussed here. While the final disposition is unknown at this point the financial impact is expected to be at least in the millions.

How Should Small and Medium Sized Firms Protect Themselves?

Unfortunately, purchasing off-the-shelf-solutions that are little more than dressed up consumer level security solutions is just not going to cut it. A law firm needs a higher level of security and that includes upgrading procedures, processes, software and hardware. The ABA has published a comprehensive cybersecurity handbook that provides excellent guidance.

Managed Services the Simpler, More Cost Effective Approach to Security

Another approach for small to mid-size law offices is to outsource their security to a security expert such as Konsultek. In addition to always having access to the latest cutting-edge security approaches a “managed security” service can save money by avoiding costly capital expenditures and the need for a

 

read more

The website, nomoreransom.org, began as an offshoot of the collaboration between McAfee, Europol, the Dutch National Police and Kaspersky one year ago. Since that time the site has grown to represent the collaborative efforts of over 109 security and law enforcement partners including Konsultek partners Checkpoint according to the website ZDNet.com.

Popularity Exceeds Forecast

When pioneering partner and chief scientist at McAfee, Raj Samani, set out to find hosting for the fledging site he figured that it would become popular because of its subject matter but his estimates of just how popular were way too low.

“Part of my responsibility was to find a hosting provider and I remember at the time I was asked how many HTTPs requests do you think you’ll get a day and I thought 12,000 a day would be reasonable,” says Samani.”

To put things in perspective, during the peak of the WannaCry incident the site received more than 8 million hits!

Open Collaborative Sharing and Free Hosting from AWS

What has made nomoreransom.org so successful and such a thorn in the sides of aspiring ransomers is the fact that there are so many partners, each with different perspectives and insights and they are all sharing information freely for the greater good of all. Another huge benefit is that while law enforcement agencies are frequently hampered by the nature of their bureaucracies and the rule of law when they want to act directly, by cooperating with the other partners in the group such as security companies they can effect change more quickly.

AWS is supporting the project by hosting the website (and the enormous amount of traffic and bandwidth) for free. Nice job Amazon!

On the flipside, security firms can’t seize an identified botnet by themselves but by collaborating with law enforcement agencies that can, they now have a more direct path to taking down bad actors.

A Model Similar to Konsultek’s

Konsultek collaborates with the best security companies in the world like Checkpoint, CarbonBlack, Aruba, Forescout and others to develop security solutions that no single company alone could provide by themselves. If it is time for your organization to step up to world class security solutions then by all means give us a call!

 

read more

Last Thursday within hours of one another two huge consumer multinationals announced that their second quarter earnings would be negatively impacted because of Petya based cyber-attacks.

According to the Financial Times, Mondelez International, purveyors of confections including Cadbury chocolates and Oreo cookies announced their financial pruning just a few hours after UK-based consumer goods conglomerate Reckitt Benckiser had announced theirs.

Petya Having a Greater Impact than Wanna Cry

If you were to look at a map of the distribution of Wanna Cry vs Petya you might think that Wanna Cry would be having the larger negative impact on global enterprises. However, this is turning out not to be the case, with Petya causing far more turmoil within large corporations because files are vanquished, not held for ransom.

From the Financial Times

“Cyber security experts dealing with the attack, which started in Ukraine, have advised stricken clients there is no hope of recovering infected systems. Unless organisations have backups of encrypted data, it is lost for good, they have warned. Western security officials say the severity of Petya’s impact points to its true purpose: not monetary gain, but pure destruction. Researchers at many of the world’s largest cyber security firms — including FireEye, Talos, ESET, Symantec and Bitdefender — have come to the same conclusion. “We believe with high confidence that the intent of the actor behind [Petya] was destructive in nature and not economically motivated,” Talos, the cyber security arm of Cisco told clients this week.”

Security Needs a Holistic Approach

What’s next? No one knows for certain, but with the NSA’s bag of tricks having been released into the wild a little under a year ago you can bet that the number and potency of attacks is only going to get worse. A holistic approach to security that includes encrypted data backup is going to become de ri·gueur.

At Konsultek we assess each client’s needs and develop security solutions that meet those needs in the most economical way possible. If this sounds like a sensible approach to security to you, give us a call to discuss your particular situation.

 

read more

Having your sensitive information held for ransom is never good. But what if your sensitive data were the before and after pictures of tens of thousands of plastic surgery patients that had entrusted their bodies, faces and privacy to your clinic?

How much ransom would you pay to keep your patients most intimate secrets private? That is exactly the dilemma facing the Lithuainian based Grozio Chirurgija clinic and its director Jonas Staikunas according to the BBC. And apparently the ransom demanded was more than the director was willing to pay…

 

“An Outrageous Fee”

The breach, perpetrated by the Tsar Team, this April was quickly followed up with a ransom demand the group called “a small penalty fee” – 344,000 Euros – for having a vulnerable network.

On Tuesday this week the images were made public after the clinic refused to pay the ransom. On or about the same time, the hackers started contacting individuals with compromised images directly demanding smaller, single serving ransoms of up to $2,000 Euro.  Tsar Team has also lowered the demands for the whole database to 133,500 Euro stating “a lot of people have paid us to delete their data.”

Medical Facilities Will Continue to be Targeted

With their highly sensitive and personal data, as well as life-support systems ripe for extortion, medical facilities will continue to be targeted by opportunistic cyber-thieves looking to cash in. The recent ransoms of the MedStar Health Network and the Hollywood Presbyterian Medical Center in Los Angeles are just two of the more well publicized breaches. On the heels of WannaCry, you can bet there will be more.

Konsultek Can Help

Our custom security solutions for the medical industry help eliminate the vulnerabilities cyber-criminals use to gain access to sensitive data. So, if you don’t “wanna cry” over lost records or ransoms, please give us a call. Our experienced team is ready to help get your network secure and make sure you never have to cry or shed a tear again!

 

read more

We’ve reported on the rise in ransomware attacks previously. Ransomware is readily available for purchase on the Darknet and requires relatively little sophistication to use. This makes it very popular among cyber thieves looking to make a  quick buck holding individuals and organizations hostage.

Image Courtesy of Kaspersky Lab

However, it appears that competition may be heating up in the ransomware space and some speculate that this infighting may be a boon to would be victims because it consumes resources that may otherwise be used for mayhem.

Petya Code Stolen?

Petya, a particularly virulent strain of ransomware that was a pioneer in the malware-as a-service offering, has apparently had its code (or at least key portions of it) by a group that has used the stolen code to create and launch an even more nasty version they dub PetrWrap.

In use since February, PetrWrap uses its own cryptographic keys to lock down a user’s data rather than relying on the “stock” keys that come with a paid subscription to Petya.

Competition Eating Itself?

“We are now seeing that threat actors are starting to devour each other. From our perspective, this is a sign of growing competition between ransomware gangs,” says Anton Ivanov, senior security researcher at Kaspersky Lab. He further postulates “Theoretically, this is good, because the more time criminal actors spend on fighting and fooling each other, the less organised they will be, and the less effective their malicious campaigns will be.”

Konsultek Can Help

Whether this increased competition is good or bad for individuals and organizations will only reveal itself in the months and years ahead. In the meantime we urge you take as many precautions as possible including:

1. Routinely backing up all critical data on drives that are secure.

2. Implementing a robust threat prevention, detection and mitigation strategy

3. Proactively performing penetration tests and other types of network security challenges to identify areas of weakness prior to them allowing ingress by outside threats.

If you would like to discuss best practices in any of these areas, please give us a call. We are here to help!

 

read more

November was a good month for Ransomware (if you are in the ransomware business!) and a bad month for individuals and small businesses if you are not according to the latest press release from one of our premier partners, Check Point.

Using data drawn from their ThreatCloud World Cyber Threat Map, November saw a 10% increase in the amount of Locky and Crytpowall ransomware attacks. As we have noted elsewhere on this blog ransomware is more frequently targeting small and medium sized businesses because for the same level of effort cybercriminals are seeing a generally larger payout.
Also of note from the November report was the rise in the Ramnit banking Trojan. For the first time ever Ramnit rose into a top 10 position in the threat index, settling in at the #6 most common malware position.

Here is What the Top 3 Most Distributed Malware List Looked Like in November

Desktop
1. ↔ Conficker – Worm that allows remote operations and malware download. Infected machines are controlled by a botnet, which contacts its Command & Control server to receive instructions.
2. ↔ Locky – Ransomware, which started its distribution in February 2016, and spreads mainly via spam emails containing a downloader disguised as a Word or Zip file attachment, which then downloads and installs the malware that encrypts the user files. Locky was the no.1 malware family in the largest amount of countries (34 countries compared to Conficker, which was the top malware in 28 countries).
3. ↑ Sality – Virus that allows remote operations and downloads of additional malware to infected systems by its operator. Its main goal is to persist in a system and provide means for remote control and installing further malware.
Mobile
1. ↔ HummingBad – Android malware that establishes a persistent rootkit on the device, installs fraudulent applications and enables additional malicious activity such as installing a key-logger, stealing credentials and bypassing encrypted email containers used by enterprises.
2. ↔ Triada – Modular Backdoor for Android which grants super-user privileges to downloaded malware, as helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.
3. ↑ Ztorg– Trojan that uses root privileges to download and install applications on the mobile phone without the user’s knowledge.

Got Security Concerns? Konsultek has the Answers

At Konsultek we eat, breathe and live information security. With the help of our world class partners such as Checkpoint, we craft customized security solutions and managed service solutions for organizations of all sizes in all industries. When you are ready to learn more about just how secure your information can be with Konsultek on your side just pick up the phone and give us a call!

read more

Last week we discussed the devastating impact a security breach can have on a small business. This week we’ll continue that narrative by reporting on a small business Ransomware experience published on Inc.com.

The key event leading up to the ransomware attack as described in the article will be all too familiar to frequent readers of this blog:

“The attack was traced to one of the firm’s staff members who held inappropriately high administrative rights, enabling the virus to spread to each server drive and directory, including the working files of each employee.”

As we have discussed innumerable times here:

1. Providing appropriate levels of network access is a key component of every network security plan.

2. A culture of security awareness is critical to keep employees from getting compromised by phishing, spearphishing and waterhole attacks

You can read the rest of the story over at Inc. so I’ll just fast forward to their recommendations to prevent a Ransomware attack at your small business.

1. Back up your files

2. Educate your employees

3. Go on the defensive

And I’ll add a fourth recommendation that perhaps should be the #1 recommendation for small to medium sized businesses . OUTSOURCE YOUR IT AND IT SECURITY TO A COMPANY THAT SPECIALIZES IN NETWORK SECURITY AND TRAFFIC MANAGEMENT!

Konsultek Managed Services

Konsultek has been at the forefront of managed security services for well over a decade. Our KNACMAN service was the first of its kind to deploy ForeScout’s CounterACT program as a managed service. We provide secure hosting, security training, firewall and more.

Give us a call to discuss your unique situation. It’s very likely that a managed security solution will allow you to sleep better at night while saving you money!

 

read more

Our partners at proofpoint just released there 3rd Quarter Threat Summary which you should grab here.

Here is a quick overview, by category, of what’s been trending in the way of information security threats over the past 3 months.

Email and Exploit Kits

  • Volume of malicious email that used Java scripts increased 69% vs Q2
  • The most popular malicious attachment was the ransomware Locky
  • The variety of ransomware introduced increased by 10X
  • Cybercriminals continue to hone their skills in regards to exploiting business email
  • Banking Trojans have diversified and become personalized
  • Exploit kit activity, while still rampant, fell 65% from Q2
  • PokemonGo spawned malicious counterfeits
  • Mobile exploit kits and zero days continue to haunt both iOS and Android
  • Negative and damaging content is up 50%
  • Social phishing has doubled since Q2
  • Cross-pollination between mobile and social accelerates.

Mobile

  • PokemonGo spawned malicious counterfeits
  • Mobile exploit kits and zero days continue to haunt both iOS and Android
  • Negative and damaging content is up 50%
  • Social phishing has doubled since Q2
  • Cross-pollination between mobile and social accelerates.

Social Media

  • Negative and damaging content is up 50%
  • Social phishing has doubled since Q2
  • Cross-pollination between mobile and social accelerates

How Konsultek Protects Clients

By integrating advanced threat protection from proofpoint, Carbon Black, Forescout and others, Konsultek develops customized security plans for clients all industries and all sizes. If you are ready to proactively secure your organization, give us a call to discuss your unique situation.

 

read more