Hacked Website Databases for Sale on the Dark Web

There has been a rash of stolen databases being sold on the dark web. On February 11th, The Register’s, Chris Williams reported that 620 million online account details were stolen from 16 hacked websites. Some of the more well-known sites were MyFitnessPal (owned by Under Armor), MyHeritage, Dubsmatch, and CoffeeMeetsBagel.

The hacker goes by the name Gnosticplayers and is allegedly in the US. She/he claims that the motives for stealing these databases are money and the downfall of American Pigs, as reported by ZDnet.com’s Catalin Cimpanu.

In round 2, shortly after the release of the 620 million user’s records, Gnosticplayers reportedly hacked another eight sites and acquired another 127 million user records. In round 3, they hacked another 96 million user records. In round 4, they were able to steal from another six companies, 26 million user records. The last two rounds they did not intend to hack, but did so because they believed that these companies did nothing to protect themselves.

Not all the companies hacked had their data offered for sale on the dark web. Some of the companies, especially startups, paid an extortion fee to protect their client lists.

The hacker claims the reason the attacks were successful was due to vulnerabilities found in the online web applications.

The databases vary in content, but they all have the individual’s names, email addresses and hashed passwords. Users who chose poor passwords that were stored in databases, that were protected by simple MD5 encryption, are easily cracked.

Who is buying these hacked databases? There are two groups that buy user databases- those that are spammers and the other group is known as credential stuffers. The stuffers take the user IDs and cracked passwords and attempt to log into other websites, pretending to act as the real owner and steal information, money, or try to exploit the real account owner.

To prevent your organization from being a victim of an attack like these, there are security controls that need to be put in place. Quanexus always recommends a layered security approach and we have developed our Q-Security Stack to make it more challenging for attackers to get your data.

The best protection end-users can
implement are:
• Use of strong password/pass
phrases of at least 13 characters
• Do not use the same password on
multiple sites
• Implement 2-factor
authentication if possible
• Keep your systems updated and
patched, including 3rd party
software, e.g. Adobe, Java,
and your browsers

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Recent Posts

What You Need to Know About 5G

There are many benefits that will come from the new 5G infrastructure that is being created today. Initially, we will see Internet speeds increased by a factor of 100x. Speed is one thing, but low latency is just as important. Today’s 4G has relatively high latency, which makes watching HD media a challenge. With low latency, HD streaming video will become a reality. Other benefits of 5G are:

  • It will greatly enhance the ability of self-driving cars
  • Municipality traffic control
  • IoT device enhancement of sensors
  • Assist with the increase of farm yields
  • Medical procedures and remote surgery

With the new millimeter band spectrum, we will see small 5G cell sites densely distributed throughout the country. As 5G rolls out, the ability to connect with many IoT devices/sensors will provide invaluable information to increase the efficiency of everything. A few examples of industries that will quickly take advantage of this new technology are: medical, agricultural, and automotive/traffic control. Imagine having sensors in the field to monitor crop yields and check the health and status of livestock. In the medical field, 5G will increase the ability for augmented technology to assist with complicated surgeries. In the automotive world, autonomous cars will be better able to communicate with each other and will be one of the major technologies used to prevent collisions. Cities will be able to control traffic patterns based on real time information transmitted from vehicles. The possibilities are endless.

Back in the days of 2G and early 3G, the definition of what these terms meant were not as clearly defined as they are today. All the major telecommunication standards organizations got together and created the 3rd Generation Partnership Project (3GPP). This group defined the 3G standard and would define the specifications of future G technology. The difference in technology between 2G, 3G, and 4G is based on modulation techniques. Using different modulation techniques, we were able to transmit more data in the same spectrum space. Moving to 5G is a major technological paradigm shift from 4G. Basically, 5G is a list of approved/agreed specifications, standards and protocols. Depending on the infrastructure where the small cell sites are installed, power lines or fiber can be used to back haul the data.

The 5G standard includes many technologies, which offers the cell carriers options for implementation. The long-term implementation goal that most carriers will implement, includes small cell sites that have coverage ranges of 200 yards. These small cell sites will connect directly to cell phones or IoT devices. The small cell sites will back haul (connect) wirelessly to a data center for distribution.

3GPP has defined what the specific technologies that are 5G and what is not 5G. A few years ago, several of the big companies put up enhanced 4G services that they were marketing as 5G-like service, but the services they were selling were not real 5G as defined by the standard.

While the promise of 5G looks good and the major carriers are all set to start rolling out the technology, there are still some very big technological issues that need to be worked out. Many initial 5G roll-outs will be based on 5G FR1 (frequency range 1), with a migration plan to move to 5G NR (new radio, frequency range 2). It is estimated that it will be another year before some advanced features of 5G will be rolled out. There are some industry experts that are questioning the economics of 5G and are concerned whether 5G will be a profitable model for the carriers.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Wireless

Completed CompTIA Security Trustmark+

I am very happy to announce that, we successfully completed our annual review for the CompTIA Security+ Trustmark. We view this as a big differentiator between us and our competitors. While many organizations claim that they have good security practices in place, it is impossible for them to prove it. We submit Quanexus to an annual review of our security practices, where a third party, independent auditor reviews our polices, controls and practices. Our practices are based on the CompTIA Security+ Trustmark, which is based on NIST’s (National Institute of Science and Technology) Cybersecurity Framework.

This is important for several reasons. The first is, some of our clients operate in regulated industries, such as finance and medical. These organizations that operate in regulated industries are required to perform vendor due diligence; they need to prove that they are working with “trustworthy” vendors. By having a third party, independent auditor review our controls, it makes it easier for our clients to work with us.

The second reason we do this is, if we are going to consult and perform services in these industries, we have to understand and meet the same or very similar requirements that our clients have to meet. This provides us a much deeper understanding of the process and controls needed to operate.

Thirdly and most importantly, we take security very seriously! We need to be continually learning and adopting to the changes in the world that affect us. The CompTIA Security Trustmark+ helps us keep a keen focus on the evolving security landscape and helps us continually improve.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Recent Posts

How to better plan for 2019 in two hours

How can you better plan for 2019 in just two hours?

The end of the year is quickly approaching. Have you started planning for 2019? Every business owner knows that planning for a yearly budget is much easier when you know what IT projects are upcoming, or what equipment needs to be replaced. A good place to start is with a free network assessment.

Utilizing this complimentary service can give you a look into where vulnerabilities and problems may exist on your network and its equipment. Regularly reviewing your network is vital in ensuring it is running at peak performance and is protected from data loss, downtime, viruses and breaches.

If your system is not regularly monitored, assessing your infrastructure is critical. Businesses often fall behind in upgrades and compliance simply because they are busy running their business. Having a third party evaluate your network can give you a peace of mind and can catch issues you may not know exist.

The process is conducted on site at your office and generally takes anywhere from one to two hours to complete. Based on our findings we will compile a list of suggestions and concerns and present them to you at a later date. There is absolutely no obligation to move forward with our recommendations, or to purchase any services or equipment from us.

The benefits of a network assessment can give you an excellent snapshot of where your business is technologically and can help you to develop an action plan to keep your systems up to date and running optimally.

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Recent Posts