Virtualization

Cybersecurity Awareness Month

Cybersecurity Awareness MonthOctober is Cybersecurity Awareness Month and this year’s theme is “See Yourself in Cyber.” The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) campaign focuses on the individual this year to communicate that while cybersecurity is complex, it comes down to people. The campaign is also based on current data, which shows 82% of breaches involve human error, and the average cost of a data breach increased again this year to $4.35 million.

Phishing campaigns have continued to evolve this year with Ransomware as a Service (Raas), Hackers Getting Around MFA, and AiTM Attacks; the focus on the individual follows the data.

This year the campaign is focused on four essential cyber hygiene points everyone should follow.

  • Think Before You Click: Recognize and Report Phishing: If a link looks a little off, think before you click. It could be an attempt to get sensitive information or install malware.
  • Update Your Software: Don’t delay — If you see a software update notification, act promptly. Better yet, turn on automatic updates.
  • Use Strong Passwords: Use passwords that are long, unique, and randomly generated. Use password managers to generate and remember different, complex passwords for each of your accounts. A password manager will encrypt passwords securing them for you!
  • Enable Multi-Factor Authentication: You need more than a password to protect your online accounts, and enabling MFA makes you significantly less likely to get hacked.

The campaign also focuses on those in the industry and those interested in becoming cybersecurity professionals. The campaign calls on individuals to “See Yourself taking action to stay safe online.” Those interested in cybersecurity to “See Yourself joining the cybersecurity workforce.” And those already in the industry to “See Yourself as part of the solution.”

CISA provides resources for businesses and individuals for Cybersecurity Awareness Month. Click here for more information.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business, Virtualization

Uber Breach

Uber BreachUber suffered a data breach Thursday on many internal systems. The company did not know they had been breached until the hacker announced himself on an internal Slack account connecting employees. “I announce I am a hacker and Uber has suffered a data breach,” the message said, along with a list of breached tools. Uber shut down many internal tools, including Slack and developer access, but kept the public ride-share and food delivery apps online.

“We have no evidence that the incident involved access to sensitive user data (like trip history),” the company said. “All of our services including Uber, Uber Eats, Uber Freight, and the Uber Driver app are operational.”

The 18-year-old hacker posted screenshots of internal systems, Uber source code, and email systems on the web. Uber said Monday it believed the hacker group LAPSUS$ was behind the attack. The group is thought to be composed mainly of teenagers.

The attacker used social engineering to gain access to internal systems by convincing an employee he worked for Uber’s internal IT department. The compromised employee apparently also passed along two-factor authentication credentials. Critics point to the attack as another place where an attacker bypassed MFA and 2FA. The incident is included in a recent string of attacks, including Twilio, Cloudflare, Cisco, and LastPass. Security professionals cite these as incentives to move more quickly toward physical security keys that follow FIDO2 compliance guidelines. Read our blog post on the FIDO Alliance and Apple passkey here.

Uber previously suffered a breach that exposed the names, email addresses, and phone numbers of 57 million people in 2016. That breach also exposed the driver’s license information of 600,00 US drivers. Uber kept the breach secret for more than a year.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Virtualization

Ransomware Attacking US Companies

Ransomware GroupThe ransomware group Black Basta is quickly gaining traction in a short amount of time. The ransomware-as-a-service (RaaS) group has 50 successful attacks on organizations in Canada, the UK, Australia, and New Zealand, but seems to be focusing most of its attention on the United States. The group is not only encrypting data that the victim has to pay to unlock, they are also stealing the data and threatening to release it on the dark web.

The group is using a spear-phishing email attack vector to infiltrate corporate networks. The emails have an Excel file attached. When an employee opens the Excel file and enables macros, the malware is installed. Black Basta is then able to move laterally across the network to collect and encrypt data.

The new ransomware group has gained attention from the cybersecurity community because of the speed and success of its attacks. Cybersecurity experts believe the group is comprised of a previous Russian hacker group that shut down because of an internal data leak. The Conti group was one of the most aggressive ransomware groups of 2020-21 with a tally of 859 victims including the government of Costa Rica. The current consensus is Black Basta is an evolution of Conti.

The malware used by Black Basta is also unique. The group added a Linux version of malware in early June, so now they are able to infect Windows machines and Linux servers. Additionally, the Windows version of the malware successfully disabled Windows Defender and other anti-virus solutions during the attack.

Like with most ransomware, the infiltration starts with a person. An employee downloads and opens an Excel file. Businesses are being reminded to keep systems patched and updated, and backup to a remote server, but they are also being advised to disable Microsoft Office macros company-wide and remind employees to understand where emails and attachments are coming from before opening.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business, Virtualization

What is Zero Trust?

What is Zero TrustZero trust is a security strategy based on the concept “never trust, always verify.” The idea of zero trust was a response to traditional perimeter network security that assumed everything inside the network was safe. A perimeter security network puts all of its defenses at the edge of the network. This means if a criminal gets inside, they are able to move around freely and access any applications or data on the network. Additionally, with remote work and cloud-based data and applications, it’s more difficult to define that perimeter. Zero trust changes the model and requires verification for each user and device accessing each application and element of data.

The zero trust model works generally on three tenets. First, the framework must identify and authorize the user. Users are no longer automatically authorized simply because they are on the office network. Authorization typically includes multi-factor authentication (MFA).

Once a user is authorized, they only have access to the data and applications they need to perform their job. This policy is known as ‘least privilege’ and helps to limit the data accessible to a hacker in the event of a breach. With the least privilege policy, an employee in marketing would not have access to personally identifiable information from human resources. Conversely, human resources would not have access to the latest confidential marketing presentation.

Lastly, the zero trust model sets device requirements that must be met in order to access the data or applications. Device requirements could be as simple as an approved antivirus must be installed, or could be much more complex depending on the business need.

In addition to these three tenets, network segmentation and monitoring are often implemented to further prevent lateral movement and to log unusual activity. Zero trust does not trust any users or applications by default. After a user, application, and device are approved, the zero trust model continues to monitor the criteria and discontinues access if any of the criteria change.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Back to Basics, Cybersecurity, Information Security, Recent Posts, Small Business, Virtualization