Breach

Layered Security with Q-Stack

Our CEO, Jack walks through the layered security steps Quanexus uses to protect your data.

 

Posted by Jack Gerbs in Cybersecurity, Information Security, Physical Security, Recent Posts, Small Business, Wireless

Have You Been Hacked? Indicators of Compromise (IOC)

How do you know if you have been hacked?  Organizations often find out they have been hacked 3 to 6 months after the initial incident.  Typically, they learn of the hack from an outside source.

There are many items that should be monitored in a network to determine if there is a potential incident.  Below is a list of a few key items for monitoring Active Directory (AD) and your firewall.

In AD monitor these key items:

  • Any network login from a user with privileged (administrative) access. Privileged accounts should only be used to manage the network.  Users with administrative accounts should have a regular user account to perform normal business functions.  The use of privileged accounts must be justified.
  • The creation and deletion of user accounts.
  • The modification of user access rights – escalation or de-escalation.
  • Failed logins. Many failed logins can indicate the account is at risk.

On your firewall monitor these key items:

  • Top users by bandwidth and sessions. These metrics should be used to create a baseline to detect anomalies.
  • Outbound firewall traffic that is being blocked. This indicates that a user or their computer is trying to reach unauthorized sites.

The items suggested above are the minimum key indicators that can be monitored to help you if you have a potential incident.

Posted by Jack Gerbs in Cybersecurity, Information Security, Recent Posts, Small Business, Wireless

A Happy Ending, Hacker Ordered to Pay £922,978 in Damages

Very seldom do we get to hear some good news about a hacker.  Grant West has been caught, is in jail, and now is ordered to return the money he stole.

A hacker in the UK who carried out numerous phishing and ransomware attacks has been ordered to pay damages to the companies he attacked.

Grant West, a hacker currently jailed in England, targeted many well-known companies like Uber, T-Mobile, Argos, and Groupon from March 2015 until he was arrested in September 2017. He obtained financial data of tens of thousands of users over that period, and completed more than 47,000 sales from a fake online store. The hacker also sold cannabis on the dark web as well as guides for others to carry out cyber-attacks.

West carried out the attacks on a laptop that belonged to his girlfriend, and used the computer to store personal data of more than 100,000 people. Investigators also recovered an SD card that contained 78 million usernames and passwords, and 63,000 credit and debit card details.

A single phishing email sent in 2015 appeared to be a survey for a British online food ordering service netted West £180,000, which was quickly converted to Bitcoin. When West was arrested in September of 2017, his cryptocurrency accounts were seized by authorities. In May of 2018 he was found guilty and sentenced to 10 years and 4 months of jail time.

Friday, UK courts ordered the £922,978 in cryptocurrency seized would be sold and go back to the companies who were attacked. If West refused the confiscation order, he would serve another 4 years in jail.

Companies and, recently, city governments often have no choice but to pay criminals like West for access to their data that has been encrypted.  Quanexus can help you take steps to protect your business and customer data from attacks like these.

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts

Capital One Data Breach from My Perspective

Capital One was breached and had 106 million applicants’ information stolen. This breach is one of the largest data breaches to occur. In comparison, the Equifax breach affected 150 million people. Capital One’s breach included 100 million US and 6 million Canadian applicants. These numbers are significant because with the US population estimated at being 330 million people, including minors, this means the breach affects an incredible percentage of US adults.

How did this happen? Capital One has embraced a cloud strategy and uses Amazon’s cloud services. Paige A. Thompson, a 33-year-old, hacked through Capital One’s firewall and was able to steal the applicant data. The stolen data includes applicant information from 2005 to early 2019. The data elements included in the breach include: addresses, dates of birth, self-reported income, social security numbers, bank account numbers, email addresses and more. Fortunately, only 140,000 social security numbers and 80,000 bank account numbers were stolen. This is a very small percentage of the overall breach. Additionally, no credit card numbers or user passwords were stolen. The criminal complaint against Ms. Thompson is, she intended to sell the data on-line. Capital One has stated that it is unlikely the stolen information was disseminated or used for fraud.

What you need to know and do: Because no passwords were stolen, there is no immediate threat of fraudulent bank or credit card transactions. If data was successfully sold on the Dark Web, you can expect an increase in social engineering attacks targeted to individuals and businesses. These attacks will be in the form of SPAM emails, telephone calls, etc. Everyone needs to understand how crafty these criminals are in creating messages that look legitimate.

WARNING: Criminals always take advantage of a crisis. If you receive an email from Capital One advising that you were affected by the breach, it could be a SPAM email. Always verify the link in any email before you click (“Think Before you Click-It”). Even better, don’t click on any links in emails. It is a better practice to go directly to the company’s web site by typing in the URL in a new browser.

Remember: It typically takes more than one thing to go wrong for a company to suffer an IT security incident. For more information on protecting or managing your network, contact Quanexus at www.quanexus.com or call 937-885-7272.

Request your free network assessment today. There is no hassle, or obligation.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Cybersecurity, Information Security