November was a good month for Ransomware (if you are in the ransomware business!) and a bad month for individuals and small businesses if you are not according to the latest press release from one of our premier partners, Check Point.

Using data drawn from their ThreatCloud World Cyber Threat Map, November saw a 10% increase in the amount of Locky and Crytpowall ransomware attacks. As we have noted elsewhere on this blog ransomware is more frequently targeting small and medium sized businesses because for the same level of effort cybercriminals are seeing a generally larger payout.
Also of note from the November report was the rise in the Ramnit banking Trojan. For the first time ever Ramnit rose into a top 10 position in the threat index, settling in at the #6 most common malware position.

Here is What the Top 3 Most Distributed Malware List Looked Like in November

Desktop
1. ↔ Conficker – Worm that allows remote operations and malware download. Infected machines are controlled by a botnet, which contacts its Command & Control server to receive instructions.
2. ↔ Locky – Ransomware, which started its distribution in February 2016, and spreads mainly via spam emails containing a downloader disguised as a Word or Zip file attachment, which then downloads and installs the malware that encrypts the user files. Locky was the no.1 malware family in the largest amount of countries (34 countries compared to Conficker, which was the top malware in 28 countries).
3. ↑ Sality – Virus that allows remote operations and downloads of additional malware to infected systems by its operator. Its main goal is to persist in a system and provide means for remote control and installing further malware.
Mobile
1. ↔ HummingBad – Android malware that establishes a persistent rootkit on the device, installs fraudulent applications and enables additional malicious activity such as installing a key-logger, stealing credentials and bypassing encrypted email containers used by enterprises.
2. ↔ Triada – Modular Backdoor for Android which grants super-user privileges to downloaded malware, as helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.
3. ↑ Ztorg– Trojan that uses root privileges to download and install applications on the mobile phone without the user’s knowledge.

Got Security Concerns? Konsultek has the Answers

At Konsultek we eat, breathe and live information security. With the help of our world class partners such as Checkpoint, we craft customized security solutions and managed service solutions for organizations of all sizes in all industries. When you are ready to learn more about just how secure your information can be with Konsultek on your side just pick up the phone and give us a call!

read more

Last week we discussed the devastating impact a security breach can have on a small business. This week we’ll continue that narrative by reporting on a small business Ransomware experience published on Inc.com.

The key event leading up to the ransomware attack as described in the article will be all too familiar to frequent readers of this blog:

“The attack was traced to one of the firm’s staff members who held inappropriately high administrative rights, enabling the virus to spread to each server drive and directory, including the working files of each employee.”

As we have discussed innumerable times here:

1. Providing appropriate levels of network access is a key component of every network security plan.

2. A culture of security awareness is critical to keep employees from getting compromised by phishing, spearphishing and waterhole attacks

You can read the rest of the story over at Inc. so I’ll just fast forward to their recommendations to prevent a Ransomware attack at your small business.

1. Back up your files

2. Educate your employees

3. Go on the defensive

And I’ll add a fourth recommendation that perhaps should be the #1 recommendation for small to medium sized businesses . OUTSOURCE YOUR IT AND IT SECURITY TO A COMPANY THAT SPECIALIZES IN NETWORK SECURITY AND TRAFFIC MANAGEMENT!

Konsultek Managed Services

Konsultek has been at the forefront of managed security services for well over a decade. Our KNACMAN service was the first of its kind to deploy ForeScout’s CounterACT program as a managed service. We provide secure hosting, security training, firewall and more.

Give us a call to discuss your unique situation. It’s very likely that a managed security solution will allow you to sleep better at night while saving you money!

 

read more

The infographic below from Mashable.com tells a truly remarkable story about the state of information security in the world of small business.

The sad news is that this infographic, originally published in 2012, could have been published yesterday based upon what we see day-in and day-out as we work with SMBs around the country.

Social engineering, phishing, physical theft and hacking are all forces that a small business must effectively deal with in order to make sure that their data and network are secure.

On which side of the divide do YOU fall?

Are you in the unconcerned half?

If not, then please give us a call. Our custom information security solutions are both affordable and proven.

 

read more

You would have to be living under some sort of information security rock this week to have not heard about the massive breach at the popular cloud storage service Dropbox.

The breach, at 68,000,000 plus users, is a large one to say the least and it also means that your credentials have been leaked just as mine were if you have been a long-time Dropbox user.

I’ve Been Pwned… Have You?

Rather than rehash the breach, I thought I would make this post more of a Public Service Announcement aimed at helping our small and medium sized business clients (who often use Dropbox) navigate the breach.

First, you should head over to haveibeenpwned.com and see if in fact you have been pwned. If you are like me and use your primary email for a number of site subscriptions you will likely see a screen like this:

Now, if you are the type of person who uses the same password for multiple accounts (Shame on you! After all, you are reading an information security blog!) you should probably set aside and hour or two and start the arduous processs of changing passwords at all of your critical accounts such as banking, fincancial services, email accounts, website accounts, airline accounts etc.

If you are not a password reuser then this latest Dropbox incident is a relatively minor hassle once you get past the fact that there is a chance that anything that was stored in your Dropbox account has been stolen.

The Password Reset Process

Have you seen this email?

If not, then ostensibly you were not compromised in the breach but my advice would be to follow the steps below anyway!

If so, then you’ll want to log out of your Dropbox account and log back in.

That should elicit this message:

Which will lead to this email message:

Which leads to this:

And Voilà, your password has been changed and your account is secure once more!

How Konsultek Can Help

Reusing passwords, weak passwords, insufficient prevention technologies, sub-standard detection and response technologies are all important facets of information and network security. And, guess what? These are all facets that Konsultek addresses each time we work with a client.

If you are ready to upgrade your security, give us a call. We are here to help.

 

read more

As big financial corporations become smarter about security and better at identifying and preventing costly financial fraud the criminals are turning towards a less sophisticated, yet profitable target – small and medium size businesses.

Wire-Wire

According to the Wall Street Journal, the scam is called “wire-wire” in Nigeria, the scam involves hi-jacking legitimate purchase orders by first infiltrating a company’s email service.

This is a more sophisticated variant of a similar scam where hackers create fake emails that fool employees and vendors into believing they are receiving instructions (typically to make payment to a third party) from a C-Level executive whose instructions are trusted implicitly.

How It Works

It all begins with the hackers infiltrating the email account of either a seller or vendor and inserting themselves into an email conversation that involves a high value transaction. Once a part of the conversation, the criminal hi-jacks a purchase order, alters it to reflect fraudulent banking information and then sends it along to the intended party.

The unsuspecting party then makes payment leaving the criminals rich, the seller poor and the vendor completely confused!

Enabled by Insecure Email

Most small businesses use 3rd party, cloud-based email platforms because they are less expensive than self-hosted email solutions on dedicated servers. Unfortunately, these cloud platforms can be less secure and prone to 3rd party infiltration. And, since the scammers only need access to one party, even if one of the company’s is doing everything correctly and securely, they can be compromised by their partner in the transaction.

Konsultek Can Help

Whether you choose to have us help create a secure email system for you or you rely on one of our managed solutions, we have the expertise to cut the “wire-wire” cord and help ensure that your hard earned cash is sent to the place you intended for the purpose you intended. Give us a call today to learn how we keep organizations just like yours safe from cyber criminals and hackers every day.

 

read more

A veritable bombshell was dropped yesterday on Google Project Zero when Tavis Ormandy posted that the Google team had discovered vulnerabilities in virtually all Symantec and Norton security products that are ”as bad as it gets.”

The Project Zero post is quite detailed in its description of the multiple flaws and vulnerabilities located in the products and if you are interested in the nitty gritty you should definitely check it out.

If, however, you are more interested in the big picture synopsis, here is what we know.

  1. Symantec Endpoint Protection and:
  • Norton Security, Norton 360, and other legacy Norton products (All Platforms)
  • Symantec Endpoint Protection (All Versions, All Platforms)
  • Symantec Email Security (All Platforms)
  • Symantec Protection Engine (All Platforms)
  • Symantec Protection for SharePoint Servers
  • And so on…

Are all impacted since they share the same core engine.

Image source: Tavis Ormandy, Google Project Zero

2. “These vulnerabilities are as bad as it gets. They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.”

3.   Symantec has publicly released its own advisory that lists 17 different affected products.

What Does This Mean To You?

Most of the updates underway from Symantec will automatically install using a pathway similar to how the products receive virus definition updates. However, to be sure that all the vulnerabilities have indeed been fixed, Network administrators should review the advisory issued by Symantec as manual updates may be required.

How Can Konsultek Help?

At Konsultek we build custom security solutions from the ground up that use a holistic combination of prevention, detection and access management to ensure that your network is secure and stays that way. Give us a call to learn more about how our custom developed approach, including managed services, is far and away superior to plug and play software and boxes.

 

 

read more

For years now we’ve been documenting the trends that indicate that SMBs (Small and Medium Sized Businesses) are increasingly being targeted by cybercriminals and hackers. So, it was heartening to see the mainstream small business magazine, Entrepreneur, ran an article this week that draws attention to the SMB security issue. In his article, contributing author Toby Nwazor highlights 6 reasons why small businesses are more likely to be targeted by cybercriminals than they think.

1. Hackers expect your business to be minimally protected

Let’s face it. As a small business you have dozens of other resource priorities such as hiring and retaining talent, marketing, sales and fulfillment that come before network and information security on your list of things that need to get done. Cybercriminals are savvy folks and they understand this and this unfortunately just might land your business in their cross-hairs.

2. Your business is valuable to them for different reasons

Cybercriminals have a different set of metrics when it comes to business valuation and it doesn’t have anything to do with cash flow, revenue or balance sheets! Their value your business based upon the data you have in your systems (think credit card data, personal identification data and trade secrets) or the data your system can give them access to.

3. You have probably left some doors open and the lights on

When you started your business you filed papers, opened accounts and signed up for services. This has compiled a digital “We’re New and You Should Stop By” sign for your company out there in cyberspace. If your sign has the right combination of factors you may have unwittingly attracted the attention of some cyber unsavories.

4. You may be viewed as a way to land bigger fish

As mentioned in 2 above, sometimes it is not your business at all that the hackers are after but rather who your business is connected to. The epic Target breach began with a vulnerability in much smaller HVAC contractor’s system.

5. Your most basic network functionality may not be secure

Your office wi-fi, if protected, may still be vulnerable to professional hackers and every time you or your employee does work from an unsecured public connection you are potentially putting your business at risk.

6. Recent statistics don’t favor you in the slightest.

A quick glance from this table extracted from the Verizon 2015 Data Breach Investigation report shows that small businesses are sometimes even more likely than large businesses to be hacked.

Source: Verizon 2015 Data Breach Investigation Report

And, when you look at the percentage of confirmed data loss, the figures get even more depressing!

Konsultek Can Help!

At Konsultek we work with Small and Medium Sized Businesses every day to develop security solutions that are customized to each business’ unique situation. In some cases our managed security services offer a cost effective way for a smaller business to get the same level of security as some of the largest organizations in the world. So, what are you waiting for? It’s time to move security a little higher on your “to do” list and give us a call!

 

read more

IT behemoth IBM started taking an active interest in the security sector in 2011 with the acquisition of Q1 Labs. Since that time their acquisitions in the security space have risen to 15. While today, in late 2015 revenues from security make up just 2% of IBMs total sales it is clear that Big Blue sees cybercrime driving growth in enterprise level security.

As Forbes.com reported on November 24, 2015…

Ginni Rometty, IBM Corp.’s Chairman, President and CEO, had the following to say at the IBM IBM -0.71% Security Summit in New York City earlier this year, when she addressed CISOs (Chief Information  Security Officers), CIOs, and CEOs from 123 companies in 24 industries. – “We believe that data is the phenomenon of our time. It is the world’s new natural resource. It is the new basis of competitive advantage, and it is transforming every profession and industry. If all of this is true – even inevitable – then cyber crime, by definition, is the greatest threat to every profession, every industry, every company in the world.”

We at Konsultek couldn’t agree more with Ms. Rometty.

Fortunately for our clients, we have the benefit of in-house expertise, access to the best security technologies in the world and a nimble organizational structure that allows us to deliver both world class enterprise level solutions AND world class solutions for the SMB marketplace.

SMBs are a Major Target

As we have pointed out on this blog many times through the years, large enterprises are not the only businesses being targeted by hackers and cyber criminals.

As indicated in this graphic from Verizon’s 2015 Data Breach Investigations Report the amount of small businesses being hacked is alarmingly high and in some industries appears to outpace their larger brethren.

Solutions for Small Business or Large Multinational Organization

So while it is interesting to see IT behemoths such as IBM and Intel taking a more active interest in the security space, we’ve been helping client networks operate more securely and more efficiently for over 20 years.

So whether you are a Large Multinational or a smaller business we have the know-how and technologies to craft custom world class security solutions that are just right for you.

Give us a call! We would love to learn more about your business and offer you suggestions as to how to keep your data, your employees and your customers more secure against “the greatest threat to every profession, every industry, every company in the world.”

 

read more

Back in April of this year we reported on the cost of a breach as compiled and analyzed in the Verizon 2015 Data Breach Investigations Report. In that same report we also discussed and examined the Ponemon Institute’s approach to assigning costs to breaches.

At their core, both of these methodologies look to aggregate the cost of a breach based largely on the number of records stolen.

In an article on TechCrunch.com, contributor Gunter Ollmann takes a look at the value of a breach from the victim’s perspective. His premise is that as a victim, you don’t really care if your stolen record was one of a hundred other records or one of a million other records. What matters to you is what was contained in the record. An email address? DOB? Social Security number? Password(s).

And interestingly enough, it is that same level of completeness combined with its freshness that makes a record more valuable to criminals and ultimately drives the price of a record in the shady world of the dark web marketplace.

If you think about it this makes a lot of sense. The original hackers are of course focused on volume more often than not since once you’ve breached a system’s security you might as well grab all the records you can. After that however, the criminals who are looking to purchase records have specific goals in mind and freshness and completeness are far more important metrics than sheer record volume.

The one caveat to this is that when the stolen record market becomes flooded with records after a colossal breach (think Target) prices of stolen records tend to crash as even the black market for stolen records must adhere to the basic economic principles of supply and demand.

The Value of Freshness

Freshness is a huge driver when it comes to the classic credit card breach because once a breach is made public the credit card companies can easily, effectively and efficiently shut down hundreds of thousands of stolen cards. So the true value comes in getting these cards to market ASAP where they can be sold and then exploited for a very limited time.  Freshness also plays a factor in dictating the street value of other types of data such as email and social media account credentials.

The Value of Completeness

The real money when it comes to records are those that are very complete. Where a credit card may fetch as little as $10-20 a complete personal record with DOB, drivers license, complete address, phone number, photo ID and social security number can fetch upwards of $100.

The difference here is that with a complete record such as this a criminal can create new credit cards, new bank accounts (often used to launder illicit funds) or virtually any other record they desire.

It is for this reason that when you are notified someday that your personal information has been stolen as part of a data breach the first and most important question you should be asking is “EXACTLY WHAT DATA WAS STOLEN?”

Protecting Your Organization’s Data

For many organizations, perhaps yours, the biggest value contained in your network may not be personal information at all but rather commercial data such as specifications and trade secrets. At Konsultek we help organizations of all types protect their valuable information by developing and deploying custom solutions using the best technologies available on the planet.  If you have concerns, we have solutions and the good news is we are just a phone call away!

 

read more