In an interview with Wired.co.uk, McAfee Chief Scientist, Raj Samani, shared a handful of interesting reasons why cyber-security should be getting more attention than ever in organizations of all sizes. Here are three of his more interesting thoughts.

Reason 1 – Everyone’s a Target

“Everybody’s a target. Everyone is,” he says. “Small-to-medium-sized businesses, some [of them] say, ‘well, cybersecurity isn’t big for us – we’re a small company, nobody would hit us.’ Well, you know what? That approach now has to change.

Reason 2 – The Barrier to Cyber-Crime Entry is Lower than Ever Before

“I don’t think just because you’re a small business you’re going to facing low-level stuff – I think you could be facing some pretty good stuff. It’s easy to do now. If I wanted to go out and compromise you, your life and everything about you, I could go onto Facebook, find out what [you] like, what football clubs [you] support, where you used to work, then I send you an e-mail and make it look convincing… I can do that in, what, eight minutes? Five minutes? I can find out everything about your life. So the technical barriers required to become a cybercriminal are the lowest they’ve ever been – and then continue to fall every single day.”

Reason 3 – The Attack Surface for Companies and Individuals is Growing

The attack surface for the average person – as an individual, or an employee and potential weak point in a company’s digital security structure – has grown in-line with smartphones, smart TVs, and the current dawn of in-home personal assistants like Amazon’s Alexa or Google Home.

Konsultek Knows Security

The three reasons given above are just a few of the reasons we at Konsultek emphasize a solutions approach that examines your business processes in relation to network security. Our consultative approach to security starts with understanding your assets, processes and potential vulnerabilities before crafting a customized solution.
Simply slapping hardware or software in place is not sufficient, even for the smallest of organizations.

Make Sense? Give us a call to learn more about our sophisticated, yet common sense solutions to network security and infrastructure optimization.

read more

While targeted attacks on the medical profession have been splashed across the headlines with  regularity over the past few years, less hoopla has been raised about another profession that may be just as lucrative for hackers and cyber criminals – the legal profession.

With the exception of the “Panama Papers” leak at international law firm Mossack Fonseca the news has been relatively devoid of law related hacks. However, we expect to see that change because law firms make very attractive targets for hackers.

Why? A couple main reasons come to mind.

1. By their very nature, law firms deal with highly sensitive and confidential information. Also, security at law firms (and I’m generalizing here) tends to be lax when compared to medical firms of a similar size. Medical firms have had to deal with HIPPA since 1996 and that has prompted them to have a more security oriented mindset.

2. Law firms, especially small to midsize firms, often don’t have the resources internally to create and manage a top-notch security program.

DLA Piper Succumbs to Petya

In late July we saw a second large law firm hit with an attack. The $2.5B law firm DLA Piper didn’t have documents leaked, but rather had them held for ransom or wiped entirely when they were infected with the Petya virus which we have previously discussed here. While the final disposition is unknown at this point the financial impact is expected to be at least in the millions.

How Should Small and Medium Sized Firms Protect Themselves?

Unfortunately, purchasing off-the-shelf-solutions that are little more than dressed up consumer level security solutions is just not going to cut it. A law firm needs a higher level of security and that includes upgrading procedures, processes, software and hardware. The ABA has published a comprehensive cybersecurity handbook that provides excellent guidance.

Managed Services the Simpler, More Cost Effective Approach to Security

Another approach for small to mid-size law offices is to outsource their security to a security expert such as Konsultek. In addition to always having access to the latest cutting-edge security approaches a “managed security” service can save money by avoiding costly capital expenditures and the need for a

 

read more

November was a good month for Ransomware (if you are in the ransomware business!) and a bad month for individuals and small businesses if you are not according to the latest press release from one of our premier partners, Check Point.

Using data drawn from their ThreatCloud World Cyber Threat Map, November saw a 10% increase in the amount of Locky and Crytpowall ransomware attacks. As we have noted elsewhere on this blog ransomware is more frequently targeting small and medium sized businesses because for the same level of effort cybercriminals are seeing a generally larger payout.
Also of note from the November report was the rise in the Ramnit banking Trojan. For the first time ever Ramnit rose into a top 10 position in the threat index, settling in at the #6 most common malware position.

Here is What the Top 3 Most Distributed Malware List Looked Like in November

Desktop
1. ↔ Conficker – Worm that allows remote operations and malware download. Infected machines are controlled by a botnet, which contacts its Command & Control server to receive instructions.
2. ↔ Locky – Ransomware, which started its distribution in February 2016, and spreads mainly via spam emails containing a downloader disguised as a Word or Zip file attachment, which then downloads and installs the malware that encrypts the user files. Locky was the no.1 malware family in the largest amount of countries (34 countries compared to Conficker, which was the top malware in 28 countries).
3. ↑ Sality – Virus that allows remote operations and downloads of additional malware to infected systems by its operator. Its main goal is to persist in a system and provide means for remote control and installing further malware.
Mobile
1. ↔ HummingBad – Android malware that establishes a persistent rootkit on the device, installs fraudulent applications and enables additional malicious activity such as installing a key-logger, stealing credentials and bypassing encrypted email containers used by enterprises.
2. ↔ Triada – Modular Backdoor for Android which grants super-user privileges to downloaded malware, as helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.
3. ↑ Ztorg– Trojan that uses root privileges to download and install applications on the mobile phone without the user’s knowledge.

Got Security Concerns? Konsultek has the Answers

At Konsultek we eat, breathe and live information security. With the help of our world class partners such as Checkpoint, we craft customized security solutions and managed service solutions for organizations of all sizes in all industries. When you are ready to learn more about just how secure your information can be with Konsultek on your side just pick up the phone and give us a call!

read more

Last week we discussed the devastating impact a security breach can have on a small business. This week we’ll continue that narrative by reporting on a small business Ransomware experience published on Inc.com.

The key event leading up to the ransomware attack as described in the article will be all too familiar to frequent readers of this blog:

“The attack was traced to one of the firm’s staff members who held inappropriately high administrative rights, enabling the virus to spread to each server drive and directory, including the working files of each employee.”

As we have discussed innumerable times here:

1. Providing appropriate levels of network access is a key component of every network security plan.

2. A culture of security awareness is critical to keep employees from getting compromised by phishing, spearphishing and waterhole attacks

You can read the rest of the story over at Inc. so I’ll just fast forward to their recommendations to prevent a Ransomware attack at your small business.

1. Back up your files

2. Educate your employees

3. Go on the defensive

And I’ll add a fourth recommendation that perhaps should be the #1 recommendation for small to medium sized businesses . OUTSOURCE YOUR IT AND IT SECURITY TO A COMPANY THAT SPECIALIZES IN NETWORK SECURITY AND TRAFFIC MANAGEMENT!

Konsultek Managed Services

Konsultek has been at the forefront of managed security services for well over a decade. Our KNACMAN service was the first of its kind to deploy ForeScout’s CounterACT program as a managed service. We provide secure hosting, security training, firewall and more.

Give us a call to discuss your unique situation. It’s very likely that a managed security solution will allow you to sleep better at night while saving you money!

 

read more

The infographic below from Mashable.com tells a truly remarkable story about the state of information security in the world of small business.

The sad news is that this infographic, originally published in 2012, could have been published yesterday based upon what we see day-in and day-out as we work with SMBs around the country.

Social engineering, phishing, physical theft and hacking are all forces that a small business must effectively deal with in order to make sure that their data and network are secure.

On which side of the divide do YOU fall?

Are you in the unconcerned half?

If not, then please give us a call. Our custom information security solutions are both affordable and proven.

 

read more

You would have to be living under some sort of information security rock this week to have not heard about the massive breach at the popular cloud storage service Dropbox.

The breach, at 68,000,000 plus users, is a large one to say the least and it also means that your credentials have been leaked just as mine were if you have been a long-time Dropbox user.

I’ve Been Pwned… Have You?

Rather than rehash the breach, I thought I would make this post more of a Public Service Announcement aimed at helping our small and medium sized business clients (who often use Dropbox) navigate the breach.

First, you should head over to haveibeenpwned.com and see if in fact you have been pwned. If you are like me and use your primary email for a number of site subscriptions you will likely see a screen like this:

Now, if you are the type of person who uses the same password for multiple accounts (Shame on you! After all, you are reading an information security blog!) you should probably set aside and hour or two and start the arduous processs of changing passwords at all of your critical accounts such as banking, fincancial services, email accounts, website accounts, airline accounts etc.

If you are not a password reuser then this latest Dropbox incident is a relatively minor hassle once you get past the fact that there is a chance that anything that was stored in your Dropbox account has been stolen.

The Password Reset Process

Have you seen this email?

If not, then ostensibly you were not compromised in the breach but my advice would be to follow the steps below anyway!

If so, then you’ll want to log out of your Dropbox account and log back in.

That should elicit this message:

Which will lead to this email message:

Which leads to this:

And Voilà, your password has been changed and your account is secure once more!

How Konsultek Can Help

Reusing passwords, weak passwords, insufficient prevention technologies, sub-standard detection and response technologies are all important facets of information and network security. And, guess what? These are all facets that Konsultek addresses each time we work with a client.

If you are ready to upgrade your security, give us a call. We are here to help.

 

read more

As big financial corporations become smarter about security and better at identifying and preventing costly financial fraud the criminals are turning towards a less sophisticated, yet profitable target – small and medium size businesses.

Wire-Wire

According to the Wall Street Journal, the scam is called “wire-wire” in Nigeria, the scam involves hi-jacking legitimate purchase orders by first infiltrating a company’s email service.

This is a more sophisticated variant of a similar scam where hackers create fake emails that fool employees and vendors into believing they are receiving instructions (typically to make payment to a third party) from a C-Level executive whose instructions are trusted implicitly.

How It Works

It all begins with the hackers infiltrating the email account of either a seller or vendor and inserting themselves into an email conversation that involves a high value transaction. Once a part of the conversation, the criminal hi-jacks a purchase order, alters it to reflect fraudulent banking information and then sends it along to the intended party.

The unsuspecting party then makes payment leaving the criminals rich, the seller poor and the vendor completely confused!

Enabled by Insecure Email

Most small businesses use 3rd party, cloud-based email platforms because they are less expensive than self-hosted email solutions on dedicated servers. Unfortunately, these cloud platforms can be less secure and prone to 3rd party infiltration. And, since the scammers only need access to one party, even if one of the company’s is doing everything correctly and securely, they can be compromised by their partner in the transaction.

Konsultek Can Help

Whether you choose to have us help create a secure email system for you or you rely on one of our managed solutions, we have the expertise to cut the “wire-wire” cord and help ensure that your hard earned cash is sent to the place you intended for the purpose you intended. Give us a call today to learn how we keep organizations just like yours safe from cyber criminals and hackers every day.

 

read more

A veritable bombshell was dropped yesterday on Google Project Zero when Tavis Ormandy posted that the Google team had discovered vulnerabilities in virtually all Symantec and Norton security products that are ”as bad as it gets.”

The Project Zero post is quite detailed in its description of the multiple flaws and vulnerabilities located in the products and if you are interested in the nitty gritty you should definitely check it out.

If, however, you are more interested in the big picture synopsis, here is what we know.

  1. Symantec Endpoint Protection and:
  • Norton Security, Norton 360, and other legacy Norton products (All Platforms)
  • Symantec Endpoint Protection (All Versions, All Platforms)
  • Symantec Email Security (All Platforms)
  • Symantec Protection Engine (All Platforms)
  • Symantec Protection for SharePoint Servers
  • And so on…

Are all impacted since they share the same core engine.

Image source: Tavis Ormandy, Google Project Zero

2. “These vulnerabilities are as bad as it gets. They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.”

3.   Symantec has publicly released its own advisory that lists 17 different affected products.

What Does This Mean To You?

Most of the updates underway from Symantec will automatically install using a pathway similar to how the products receive virus definition updates. However, to be sure that all the vulnerabilities have indeed been fixed, Network administrators should review the advisory issued by Symantec as manual updates may be required.

How Can Konsultek Help?

At Konsultek we build custom security solutions from the ground up that use a holistic combination of prevention, detection and access management to ensure that your network is secure and stays that way. Give us a call to learn more about how our custom developed approach, including managed services, is far and away superior to plug and play software and boxes.

 

 

read more

For years now we’ve been documenting the trends that indicate that SMBs (Small and Medium Sized Businesses) are increasingly being targeted by cybercriminals and hackers. So, it was heartening to see the mainstream small business magazine, Entrepreneur, ran an article this week that draws attention to the SMB security issue. In his article, contributing author Toby Nwazor highlights 6 reasons why small businesses are more likely to be targeted by cybercriminals than they think.

1. Hackers expect your business to be minimally protected

Let’s face it. As a small business you have dozens of other resource priorities such as hiring and retaining talent, marketing, sales and fulfillment that come before network and information security on your list of things that need to get done. Cybercriminals are savvy folks and they understand this and this unfortunately just might land your business in their cross-hairs.

2. Your business is valuable to them for different reasons

Cybercriminals have a different set of metrics when it comes to business valuation and it doesn’t have anything to do with cash flow, revenue or balance sheets! Their value your business based upon the data you have in your systems (think credit card data, personal identification data and trade secrets) or the data your system can give them access to.

3. You have probably left some doors open and the lights on

When you started your business you filed papers, opened accounts and signed up for services. This has compiled a digital “We’re New and You Should Stop By” sign for your company out there in cyberspace. If your sign has the right combination of factors you may have unwittingly attracted the attention of some cyber unsavories.

4. You may be viewed as a way to land bigger fish

As mentioned in 2 above, sometimes it is not your business at all that the hackers are after but rather who your business is connected to. The epic Target breach began with a vulnerability in much smaller HVAC contractor’s system.

5. Your most basic network functionality may not be secure

Your office wi-fi, if protected, may still be vulnerable to professional hackers and every time you or your employee does work from an unsecured public connection you are potentially putting your business at risk.

6. Recent statistics don’t favor you in the slightest.

A quick glance from this table extracted from the Verizon 2015 Data Breach Investigation report shows that small businesses are sometimes even more likely than large businesses to be hacked.

Source: Verizon 2015 Data Breach Investigation Report

And, when you look at the percentage of confirmed data loss, the figures get even more depressing!

Konsultek Can Help!

At Konsultek we work with Small and Medium Sized Businesses every day to develop security solutions that are customized to each business’ unique situation. In some cases our managed security services offer a cost effective way for a smaller business to get the same level of security as some of the largest organizations in the world. So, what are you waiting for? It’s time to move security a little higher on your “to do” list and give us a call!

 

read more