Charles Wright

Apr

2023

Supply Chain Compromise

As businesses become more interconnected, there is an increased risk of a cyber attack originating from a third-party vendor. In 2022 there were 40% more supply chain attacks than malware attacks, so the need for security between businesses is becoming a greater concern. Supply chain compromise is an attack that originates from a vendor, supplier, or employee through the devices or software used in manufacturing and distribution. This tactic is used instead of targeting individual end users because the opportunity for compromise and data collection is much greater.

The voice-over IP vendor 3CX is in the news because of a supply chain attack that was passed on to its customers. The malicious code was distributed to desktop computers through an automatic update but originated from another supply chain compromise in an interesting and informative way. The attack is already being cited as on the same scale as the SolarWinds attack. Investigators said the attackers have ties to North Korea and were interested in gathering data instead of encryption for ransom.

Supply chain attacks from third-party software vendors are difficult to detect because, as in this case, the vendor has control of company systems and decides when they push out an auto-update. 3CX investigated the compromise and disclosed that one of their employees downloaded out-of-date software used to trade stocks to their personal computer. The stock trading software was compromised, and the attackers were able to gain 3CX credentials and move laterally through the systems to create a malicious software update that would be distributed to the 3CX customers.

There are a couple of red flags from this early reporting and disclosure. Hackers were able to steal company credentials from an employee’s personal computer, and once inside, they could move laterally around the system with access to software updates. Without more information, it sounds like the principle of lease privilege should be added to the layered security system. Employees should only have access to the data they need to do their job. If hackers could move through the system at will, initial reports suggest segmentation is not in place in the data security practices either.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Apr

2023

TikTok Ban and Cybersecurity

The Montana House of Representatives passed a bill Friday that would ban TikTok for all consumers in the state. The bill is now on its way to the Governor’s desk for signing. If signed into law, the measure would make it illegal to download the social media app in the state, effective January 2024. The move by Montana creates many questions for Apple, Google, and cybersecurity experts.

The law seeks to ban the app from its source, leveling a fine of $10,000 per day to any entity that makes it available for download; this would include Apple, Google, and possibly TikTok itself. Apple and Google have already responded that it’s not possible to limit downloads to a single state.

The first state ban also raises cybersecurity questions. If multiple states or the country attempts to ban the social media app for security purposes, does it open up more significant security concerns for those seeking to circumvent the ban?

Cybersecurity experts are already exploring how the app may be banned and how users may choose to get around the ban. If the app is banned by filtering network traffic to the US, consumers may use a VPN to appear as if they are accessing the site from another country. Virtual private networks (VPNs) can shield network traffic and are commonly used to access country-specific streaming content.

Governments could also choose to block the app at the Domain Name System (DNS) level, which would remove the ability for web browsers to find the site. DNS sinkholes are a method used to stop malware by essentially hiding it from the internet. Getting around a DNS ban is possible, but it adds greater security concerns for the end user.

The method Montana is seeking is to ban the app from mobile devices. Users could get around this ban by “jailbreaking” or “rooting” their devices, a practice more common in the early days of smartphones. This method would introduce massive security concerns because the device would no longer be protected by continuous security updates that address real-time vulnerabilities in the cybersecurity landscape.

The social media app continues to be a cybersecurity question businesses must contend with. The conversation around a ban and how it could be accomplished is just beginning.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Apr

2023

Cloud Storage Security

The move to cloud storage has been spurred by remote work, equipment cost, and ease of access to data, but some small and medium-sized businesses (SMBs) are finding their data is not as secure. Overall, companies have moved more data to the cloud every year since 2015; however, some businesses have pulled personally identifiable information (PII) back to physical storage after breach concerns. Financial information, intellectual property, and healthcare information continue to move to the cloud at an increasing rate annually.

Many small businesses set up cloud storage out of convenience without security in mind. Today on the blog, we will cover some basic cloud security steps your business should consider when moving data to the cloud.

Cloud storage should be set up with secure authentication, including a high level of multi-factor authentication to secure the login process. Traditionally, employees would access files in the business office building protected by enterprise-grade security tools. Users now access files from any location, and authentication is the first step to protecting sensitive data.

Segmentation is the second big-picture step to protecting cloud data. Often, out of convenience, segmentation is overlooked, and users have access to sensitive files not needed for their job. The principle of least privilege is based on the idea that each employee should only have access to the data they need to do their job. Our blog on Insider Security Threats shows that most employees exfiltrate company data for convenience or because they don’t know they are breaking the rules. If employees only have access to the data they need to work, it reduces the possibility of data exfiltration from negligence or malice.

Education is the third big idea in cloud storage security. With the integration of Microsoft and Google Drive options into email systems, it’s much easier for users to share large files and make them public without understanding those files could be compromised. Additionally, users should be trained on the correct usage and storage of sensitive data.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Apr

2023

Cyber Insurance Raising the Bar

Many small and medium-sized businesses are still on the fence about the cost and benefits of cyber insurance, but for those companies who are taking the leap, the process is drastically improving their security discipline. The growing concern over cybersecurity over the past few years has convinced over 25% of small and medium-sized businesses (SMBs) to add cyber insurance to their security portfolio. The cost of a ransomware incident, production loss, and public reputation are contributing factors to SMBs turning to cyber insurance. However, about 58% of businesses still question the cost/benefit value of the service.

Security professionals, however, are seeing an unexpected benefit of the cyber insurance wave; businesses have to increase their level of security and security practices to be approved for insurance. Cyber insurance companies have been hit hard over the past few years with the increase of ransomware; the average cost of a compromise was $9.4 million in 2022. Insurance companies quickly discovered many SMBs were using outdated security controls that were easily compromised. The result is much higher standards in order to qualify for insurance in 2023. Companies must demonstrate a high level of layered security through extensive documentation and agree to maintain that level of security to keep coverage.

What this means for SMBs who seek cyber insurance is they have a much greater defense against cyber threats by participating in the auditing process. Then, if a cyber event does occur, they have insurance coverage to fall back on. Many small businesses do not have the internal resources capable of completing the cyber insurance process, so they consult with an MSPs like Quanexus. The Quanexus Q-stack is an example of the kind of layered security insurance companies are looking for a small business to demonstrate. If your business is ready to join the 25% and explore cyber insurance, please reach out to us and see if we are a good fit for your needs.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Charles Wright

Search Quanexus.com

White Paper: Corporate Account Takeovers, Business Email Compromise and Ransomware

What Our Clients Think

Contact Us