Small Business

Sep

2023

Summer Security Trends

Security experts saw an uptick in malware in the first three summer months due to increased mobile device and computer activity. From May to July, malware claimed the spotlight, making up 58% of all reported cyber threats. The primary entry point for malware was phishing at almost 25%, followed by adware at 8%. Users tend to be online looking for sales, vacation opportunities, and back-to-school shopping, which all have potential phishing opportunities attached to them.

This research comes behind Q1 research showing criminals adapting their threats to the security landscape. The study shows information technology organizations overtook financial institutions for the number one targeted category of malicious emails. The change reflects the dedication of financial institutions to invest in cyber security to defend against phishing attacks and the talent shortage in information technology that has dominated security news.

Additionally, in Q2, the study found that 58% of the malicious emails relied on deceptive content, while 42% included harmful links. This emphasis on malicious content clarifies the prevalence of business email compromise (BEC) scams, comprising 48% of scam emails in the same quarter. BEC scams are notorious for favoring content-based deception over links or attachments in their fraudulent email schemes.

The report also highlighted a change in the type of attack vector criminals use. Malicious emails used QR codes as a primary attack method to link users to a phishing page. The use of QR codes is a response to users’ education on traditional phishing attack vectors and a trust of QR codes through restaurant and public use. QR codes also introduce a second device to the attack if users access the link with a mobile phone.

It’s essential to keep your employees updated on the most common attack vectors we are seeing in the wild. Your employees are your first line of defense against security threats. Continuous education on cybersecurity trends helps to keep those defenses strong.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Aug

2023

SIM Swapping is Back

SIM swapping is a cybercrime category we have explored in the past, but recently, we have seen the tactic regain popularity in the financial and cryptocurrency sectors. SIM swapping is the act of taking control of a victim’s phone number and transferring that control to a different phone. Criminals then use the phone number for SMS authentication of websites or to impersonate the victim to create a scam or attack the victim’s contacts. The most popular method criminals use to acquire SIM credentials is to call the mobile carrier and impersonate the customer. The criminal must have personally identifiable information (PII) about the customer and some sort of password or PIN, depending on the carrier, to relocate the SIM information. The PII and password information could be found in a data dump from a past data breach, but the steps the attacker must go through make these attacks highly targeted.

An employee from the financial company Kroll was subject to a SIM swapping attack last week, allowing hackers to access bankruptcy claims and customer information. The company called out the carrier in question in its security advisory, saying, “Specifically, T-Mobile, without any authority from or contact with Kroll or its employee, transferred that employee’s phone number to the threat actor’s phone at their request.”

The US Cybersecurity and Infrastructure Security Agency (CISA) released a report earlier this month highlighting hacker groups using SIM swapping to bypass industrial standard security tools.

“The Board examined how a loosely organized group of hackers, some of them teenagers, were consistently able to break into the most well-defended companies in the world,” said CSRB Chair and DHS Under Secretary for Policy Robert Silvers. The report proposed businesses adopt passwordless authentication in response to the inability of mobile carriers to secure their customers.

It’s clear that SIM swapping is still a popular attack vector in some business sectors. Often, PII can be skimmed from social media and previous data breaches. Employees should be aware of the information they share on social media, and businesses should explore authenticator tools that do not use SMS messaging and, eventually, passwordless solutions.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Aug

2023

Asset Management

Asset management is often the first step in understanding your business’s cybersecurity scope and potential vulnerabilities. Today on the blog, we are going back to basics to explore what asset management is in cybersecurity and how you should use it to make your business data more secure.

Often small businesses add technology quickly to fulfill a need, keep production moving, or ensure the customer experience remains at a high level. Sometimes cybersecurity is not considered when a new device or software is added, or the old technology remains online, unused, or unprotected on the internet. Asset management is about understanding all the devices, applications, SaaS, cloud storage, and third-party vendors that have access to your business data.

When a device vendor stops supporting a network device, it is referred to as end-of-life (EoL). Cybercriminals track EoL updates from manufacturers and look for these vulnerable devices on the internet. When a manufacturer EoLs a device, it throws a spotlight on that entry point because hackers know it will no longer receive security patches and updates. Criminals work quickly to break into the EoL device and use that vulnerability as an entry point into a target network.

Employees represent another variable of asset management. Employee access to data and applications should be limited to those needed to do their job. Additionally, businesses should have policies for data handling and remote work considerations. Asset management is critical when offboarding employees, especially if they are unhappy with the process. Finally, employees can bring IoT or other network devices to work, which could open up new vulnerabilities if they have access to the business network.

Asset management helps plug potential cybersecurity holes that criminals could exploit in your business. Devices left unaccounted for, unpatched software, and open or forgotten VPN access represent potential entry points for malicious actors. These three examples represent the entry points for significant, national newsworthy breaches over the past few years.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Aug

2023

New SEC Reporting Requirements

The Securities and Exchange Commission (SEC) adopted new rules for reporting cybersecurity incidents that have some experts concerned they may give criminals the upper hand. The new rules set to go into effect in December require large corporations to report “material” cybersecurity incidents within four days, reveal how they detected the incident, and describe board oversight of the response. The rules are designed to protect investors, and the SEC compared the disclosure of a cybersecurity incident to a fire, “Whether a company loses a factory in a fire — or millions of files in a cybersecurity incident — it may be material to investors,” SEC Chair Gary Gensler said in a statement.

Critics of the new law say that four days is insufficient to provide accurate information for public consumption and the descriptor of “material” is too vague for legal departments to follow. The attack may still be ongoing after four days, and the disclosure could give the criminal more information to continue the attack. Cybersecurity experts are also concerned that disclosing how the incident was detected will give criminals clues on hiding future attacks.

The rules go into effect for large companies in December, while smaller companies have until July 2024 to comply with the new reporting system. The rules are designed for publicly traded companies, but experts are already putting smaller private companies on notice. Large corporations utilize many small private businesses in their supply chain, and these rules will trickle down to small and medium-sized businesses quickly.

The healthcare sector is also responding to the news of the new rules since they represent the most popular target for cybercriminals. Some healthcare officials think the new rules will add cost and represent an extra step beyond HIPAA and state reporting that they are already required to follow after an incident. The rules could also trigger patient lawsuits if the SEC filings reveal poor data management in the detection and oversight.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Small Business

Search Quanexus.com

White Paper: Corporate Account Takeovers, Business Email Compromise and Ransomware

What Our Clients Think

Contact Us