Recent Posts

City of Dallas Ransomware

City of Dallas Ransomware AttackA ransomware attack on the city of Dallas, Texas, has negatively impacted city utilities and slowed emergency service response time. The city suffered a ransomware attack attributed to the hacker group Royal, Monday, May 1st. Network printers on the city’s network began printing ransom notes Monday morning with instructions on how to contact the hacker group.

The attack forced the city government to shut down IT systems to contain and mitigate the ransomware. Police and fire employees received an urgent message to unplug the computers in their emergency vehicles. Part of the systems taken offline were 911 dispatcher computers, which have forced emergency call centers to revert to pencil and paper for recording call details and communication with emergency services through radio. The Dallas Fire Fighters Association president said the first responders have received little guidance from city leadership. In the ninth-largest city in the United States, 911 calls are being missed because radio traffic is so busy. Emergency responders are not getting the follow-up information they are used to receiving from dispatch via computers.

Additionally, courts were closed Monday, utility bills could not be processed, and a handful of other non-emergency services were offline for a week. The city said they would add devices and services back to the network individually when it was safe to do so.

US cybersecurity agency CISA sounded the alarm on Royal as a ransomware group gaining power in early March. The CISA said they specifically target critical infrastructure sectors, including communications, education, and healthcare. First observed in 2022, the ransomware gang typically gains access through phishing links and exfiltrates large amounts of data before notifying the victim.

Ransomware groups are shifting their tactics to data extorsion. Hackers had to find a new way to make money when governments and law enforcement started breaking encryptions. Recent threats, including the printout from Royal, include threats to release or sell personal customer data.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Recent Posts, Small Business

Supply Chain Compromise

Supply Chain CompromiseAs businesses become more interconnected, there is an increased risk of a cyber attack originating from a third-party vendor. In 2022 there were 40% more supply chain attacks than malware attacks, so the need for security between businesses is becoming a greater concern. Supply chain compromise is an attack that originates from a vendor, supplier, or employee through the devices or software used in manufacturing and distribution. This tactic is used instead of targeting individual end users because the opportunity for compromise and data collection is much greater.

The voice-over IP vendor 3CX is in the news because of a supply chain attack that was passed on to its customers. The malicious code was distributed to desktop computers through an automatic update but originated from another supply chain compromise in an interesting and informative way. The attack is already being cited as on the same scale as the SolarWinds attack. Investigators said the attackers have ties to North Korea and were interested in gathering data instead of encryption for ransom.

Supply chain attacks from third-party software vendors are difficult to detect because, as in this case, the vendor has control of company systems and decides when they push out an auto-update. 3CX investigated the compromise and disclosed that one of their employees downloaded out-of-date software used to trade stocks to their personal computer. The stock trading software was compromised, and the attackers were able to gain 3CX credentials and move laterally through the systems to create a malicious software update that would be distributed to the 3CX customers.

There are a couple of red flags from this early reporting and disclosure. Hackers were able to steal company credentials from an employee’s personal computer, and once inside, they could move laterally around the system with access to software updates. Without more information, it sounds like the principle of lease privilege should be added to the layered security system. Employees should only have access to the data they need to do their job. If hackers could move through the system at will, initial reports suggest segmentation is not in place in the data security practices either.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Back to Basics, Cybersecurity, Information Security, Recent Posts, Small Business

BEC Overtakes Ransomware

BEC Overtakes RansomwareA new study found that Business Email Compromise (BEC) rose to the most popular attack vector surpassing ransomware in 2022. The increase in email compromise has been attributed to a rise in successful phishing attacks, which went from 13% in 2021 to 33% in 2022. Phishing campaigns are becoming more sophisticated, combining publicly available information with breached data for highly tailored spear phishing attacks. Additionally, non-native speakers are using AI to compose more convincing-sounding messages that do not raise the red flags of previous years.

There are two types of BEC.  First, the most common attack vector uses an email address similar to a coworker or business contact to trick an employee into approving an invoice or providing the criminal with information. In the second, more rare form of BEC, the criminal has access to the actual login credentials of the employee and uses their business email to steal money or information. In both cases, criminals have a highly informed understanding of the working relationship between business contacts in order to craft a believable spear phishing campaign.

A new version of this tactic is for criminals to order expensive construction materials, supplies, or hardware from a vendor impersonating a client they commonly do business with. Through the use of Net-30 or Net-60 payment terms many industries operate under, criminals can make off with the materials long before the company questions the transaction.

From a security standpoint, employees should be aware that BEC attacks are on the rise and should be encouraged to flag orders that appear out of the ordinary. Businesses should confirm orders through known client phone numbers and never phone numbers listed in the suspected email. Email filtering can help reduce BEC attacks that use outside domains. Lastly, users should be reminded not to click links in emails but type the known URL into a browser directly.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business

TikTok Under Scrutiny Again

TikTok Under Scrutiny AgainTikTok is back under scrutiny from cybersecurity professionals and many world governments for the third time in two years. The social media platform rocketed to popularity during the pandemic but has slowly lost market share, falling below Instagram again last year. The latest security concerns and response by government legislation may be the final blow to the Chinese-owned social media platform trying to stay relevant in the US market.

The latest government bans on TikTok include New Zealand, Britain, the European Union, Belgium, and Canada. These countries have banned the app on government-owned devices or devices that can access government databases. The US voted to remove the app from all government-owned devices in December, but a deadline was finally set for March 20th for all removal to be done. Over half of State governments followed suit and banned the app from state government devices. Both the FBI and FCC have warned that the owner of the social media platform, ByteDance, could share data with the Chinese government. India banned the app in the summer of 2020, the first time the issue came up, which instantly knocked 200 million users off the platform.

World governments have concerns over the app for government employees and citizens. The first is sensitive data could be accessed on government devices and shared with the Chinese government. The second is location information. The US military was the first group to ban the app in January 2020, and location sharing played a part in that ban. There are also concerns over intelligence gathering of user preferences and demographic that could be used for misinformation campaigns in the future on citizen populations.

The current bill that could ban the app for US citizens names TikTok specifically, but it includes “…information and communications technology product or service.” from six adversarial nations: China, Cuba, Iran, North Korea, Russia, and Venezuela.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts