Physical Security

Healthcare Sector Ransomware

Healthcare Sector RansomwareA recent ransomware claim in the healthcare sector is a reminder of ransomware tactics used by criminals. Hackers associated with BlackCat ransomware added NextGen Healthcare Information Systems to their list of compromised businesses last week. The attack is another example of hackers’ focus on the healthcare sector, the highest category to experience attacks over the past few years.

A spokesperson from NextGen responded, “NextGen Healthcare is aware of this claim and we have been working with leading cybersecurity experts to investigate and remediate. We immediately contained the threat, secured our network, and have returned to normal operations. Our forensic review is ongoing and, to date, we have not uncovered any evidence of access to or exfiltration of client data. The privacy and security of our client information is of the utmost importance to us.” The company did not comment on employee or patent data.

BlackCat is a prolific ransomware that focuses primarily on the healthcare sector. The group uses triple-extortion tactics to convince victims to pay ransoms by threatening to leak the data if they refuse. The group also utilizes DDoS attacks to knock victims’ websites offline.

The healthcare sector is a particularly enticing target for hackers because of the personal patient data they store, and the inconsistency of security tools employed by healthcare companies. However, early data shows ransomware payments were down nearly 40% in 2022 across all business sectors. Researchers speculate businesses are investing in security and backup tools and are able to recover from an attack without paying the ransom. Another factor in the decline is that paying a ransom may not be legal in the business’s home country. The US government has imposed sanctions on some foreign countries, restricting the export of money and products. If the ransomware group has ties to one of those countries, the company could find itself in legal trouble after recovering its data.

Experts predict the recent decline in payment will prompt ransomware groups may forgo medium-sized businesses with more security measures in place. Instead, they believe hacker groups will get more aggressive with very large and small companies to make up for the difference in revenue loss over the coming year.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Physical Security

Vishing is Evolving

Vishing is EvolvingThe phishing tactic using voice calls, known as vishing, is increasing in use and evolving. A recent study found that almost half of organizations surveyed were targeted by voice call phishing or social engineering in the past year. Robocalls and attacks on mobile phones are starting to be challenged by mobile carriers. Most of us have experienced “Spam Risk” on a mobile phone over the past year. Criminals are adapting to the new restrictions and targeting organizations instead of individuals. Unlike individuals, businesses have to answer their phones in order to serve a customer base. Criminals know this and are taking advantage of vishing tactics at the organizational level.

Another change is voice call attacks are evolving from robocalls to more targeted spear phishing attacks. Criminals are doing research on businesses and employees and targeting individuals instead of calling thousands of numbers with an automated tool. Criminals use software to crawl the internet looking for open-source information on social media and other websites. When they have enough information to form a picture of habits and character, they contact the employee to start building a relationship. The criminal may impersonate a customer, vendor, or employee within the same business.

98% of cyberattacks use some element of social engineering. The study found phishing was not limited to voice calls. 32% of phishing attempts were made over text message or SMS, and 16% were made over collaboration tools like WebEx or Microsoft Teams. As the telecommunication industry responds to criminal activity, hackers will continue to evolve their tactics. Voice phishing calls utilize the same concepts used in all phishing attacks. Criminals usually try to create a sense of urgency, so the employees don’t have time to ask questions. They may pretend to be a vendor asking for a billing information or a coworker asking for a password so they can quickly get a job done. The study cited employee education as the greatest defense against evolving attack vectors.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Physical Security, Recent Posts, Small Business

Three Types of UPS (Uninterruptible Power Supply) – Back to Basics Podcast

Jack talks through the three types of UPS devices, and their benefits and application.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Back to Basics, Cybersecurity, Information Security, Physical Security, Small Business

DDoS Attacks on the Rise

DDoS Attacks on the RiseDistributed Denial of Service (DDoS) attacks are getting smarter and increasing in every available vector in 2022. This style of attack was up 434% in 2021 over the previous year. Additionally, targeted smart attacks were up 31% and multi-vector attacks were up 73%. US Banks were targeted the most, but the healthcare industry, remote learning and education, and technology companies also ranked high on the list of targeted demographics. The United States also tops the list of targeted countries at 54% followed by India and Europe.

Microsoft released details over the weekend of a new record-breaking DDoS attack they fended off. The attack peaked at 3.47 Tbps and came from 10,000 sources across 10 countries. DDoS attacks occur when hackers use compromised devices connected to the internet to overload a targeted server, website, or network. IoT devices are one category of devices that can be weaponized. Read our recent blog post on IoT security here.

Criminals are also using compromised servers to amplify attack numbers causing new attacks to still break records. Hackers use open DNS resolvers to filter the data through and increase the size of the attack hundreds of times the original size.

While a DDoS attack is not a data breach, it can act as a diversion for a ransomware attack. The attacks are becoming more targeted, so criminals could use a DDoS attack to divert IT resources to give hackers more time in the network to steal and encrypt data. Typically, DDoS attacks intend to deface company or government websites, create financial hardship, or disrupt web traffic. Lately, hackers have been targeting online gaming servers because a disruption of just a couple of seconds can have a detrimental outcome in an online multi-player game.

No business is too small to be attacked. It’s important to understand the threats of a DDoS attack and discuss options with your MSP to keep from becoming an easy target. Some best practices include up-to-date firewalls, understanding your bandwidth need, and monitoring tools to alert you of an attack.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Physical Security, Recent Posts, Small Business