Breach

Hacked Hospital Results in Patient Death

A hospital in Germany suffered a ransomware attack that resulted in the death of one of their patients. University Hospital of Düsseldorf Germany suffered a ransomware attack on September 9th. Hackers disabled hospital computers and caused emergency patients to be transferred to other hospitals. A female patient who was scheduled to receive a lifesaving treatment, had to be transferred to a neighboring hospital 20 miles away. German authorities are treating the incident as a negligent homicide.

This is the first recorded case of a death directly resulting from a malware attack. The BBC reports they had other near death incidents of critical care patients forced to be transferred from a hospital that had been attacked, but this was the first known death.

Phishing and malware attacks have been on the rise since the start of the pandemic. Hackers attack hospitals and medical facilities looking for sensitive personal and medical data. Hospital staff are under increased stress, and are more likely to click on something they would not normally click on, opening the doors for hackers to come in.

The hackers took advantage of well-known vulnerabilities in VPN software from Citrix. The software is used by government agencies, educational institutions, hospitals, and major corporations. Citrix patched the vulnerabilities in January, but not all businesses keep up on patching and updating. Germany’s national IT security group is assisting the hospital to recover from the incident and collect forensic data. When the hackers were informed of the outcome of their attack, they dropped the ransom and provided the decryption key before disappearing.

This is a tragic overlap of the stories we have been following all summer. We have seen malware attacks increase every month. We have seen attacks on small businesses and even cities who are often too small to keep an IT specialist on staff. Many of these businesses are large enough to house a server with client data, and a network of workstations, but are not able to support the technology after the initial investment. When vulnerabilities are found and patched, the news of these vulnerabilities is reported in the IT news industry. Hackers then go looking for computer systems that have not been updated and attempt to exploit these systems and data.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Small Business

City Government Compromised

Lafayette, a reminder of small business ransomware

2020 is becoming the year of ransomware; all available statistics are showing an increase in incidents month after month. We are seeing hacking events creep into the mainstream news cycle with huge companies like Twitter and Garmin. But a small city in Colorado is a reminder that hackers are not only targeting large corporations.

A city of 30,000 residents in Colorado is the latest reminder of the threat of ransomware in 2020. The city of Lafayette, Colorado suffered a ransomware attack late in July. They did not make the breach public until early in August. The hackers encrypted data, disabled phone systems, email systems, and bill paying systems. Like most cities this size, Lafayette did not have a cybersecurity professional on staff. After the breach occurred, the city government had to have specialists from Boulder come in to help with the clean-up.

With the support of larger city and state cybersecurity professionals, they determined the attack was either a result of a phishing attack, or a brute force attack. They were not able to recover the necessary data from backup to get the city back online. After analyzing the situation, and time it would take to re-build the databases, the city decided to pay the $45,000 ransom.

Due to the pandemic the city had recently cut back hours and furloughed some employees to cut back on spending this year.

“After a thorough examination of the situation and cost scenarios and considering the potential for lengthy inconvenient service outages for residents, we determined that obtaining the decryption tool far outweighed the cost and time to rebuild data and systems,” City of Lafayette Mayor, Jamie Harkins.

It sounds like Lafayette did follow many IT security guidelines. The Mayor says residents’ credit card data was not compromised because of the encryption they use in processing credit cards. She also mentioned residents’ personal data had not been compromised because it was not stored on the city’s databases. From the information publicly available, it sounds like the city was using practices of “least privileged” when storing resident data.

Lafayette is about the same size as the city Quanexus calls home. This is a real issue for moderately sized cities and businesses who are large enough to maintain computer systems and databases, but not large enough to keep IT security experts on staff. This is one of the primary roles Quanexus fills for many of our clients. If the increase in ransomware in the news has you thinking more about your IT security, please reach out to see if Quanexus could be a good fit for your business.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business

FBI Warning Vishing Attacks

Vishing AttacksFBI Warn of Increased Vishing Attacks

There is a new form of phishing being used against corporations, and it has gained the attention of the FBI. Vishing is a form of phishing using a phone call or Voice over IP (VoIP). This technique is yet another way hackers are taking advantage of employees working from home during the pandemic.

The increase in vishing attacks began in mid-July. Criminals registered domain names of companies they were interested in targeting. From there, they built fake VPN sites that looked similar to the target company’s own VPN login site. Hackers were also able to spoof phone numbers, so the number they were calling from appeared to come from within the corporation. The next step was to find an employee to target. Hackers went looking for information on social media sites and were able to find names and email addresses for employees of target companies.

Krebs on Security reported hackers would typically target new employees, and even create fake LinkedIn pages to gain their trust. Many of the attackers would pose as in-house IT helpdesk employees, convince a user they needed to use a different site for VPN access, and then ask for two-factor authentication (2FA) or one-time passwords (OTP) in order to help the new employee with a technical issue. Once the criminals gained access to the internal systems, they could basically move about freely. Hackers could collect customer data to be released later or encrypt data to be ransomed back to the company.

The FBI Cybersecurity Advisory does not list individual companies targeted, but many believe this is the method used in the recent Twitter hack. The FBI recommended some tips for companies including restricting VPN connections to managed devices only, and employing the principle of least privileged, where employees only have access to the data they need to do their job.

For employees the FBI report recommends checking web links carefully for misspellings. Bookmarking the correct VPN page, and do not deviate from that page. And being suspicious of unsolicited calls or emails asking for login credentials. Unfortunately new employees are likely not familiar with internal IT practices and norms.

Download the entire FBI report here.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business, Telephone Systems

Password Management

Back to Basics – Password Management

Passwords are a necessary evil of modern life. Today on Back-to-Basics we will cover some best practices of password selection and management. Quanexus recommends a 25 character password that does not contain words found in dictionaries. We also don’t use names, birthdays, or anniversary dates, because these can be easily found on social media. On top of these parameters, passwords should not be used for more than one service.

We understand this is cumbersome, and studies have shown that extreme password policies reduce productivity in business. So where is the middle ground between an absolutely uncrackable password for each individual login, and reality?

  1. Password Mangers:

    There are tools on the market that create long and complex passwords for each individual login, and then manage these passwords for you. LastPass, and 1Password are two trusted services, and both provide browser and mobile services. The issue with these, of course, is if the hacker social engineers, or guesses your password to get into the password manager, then they have access to all of your passwords. However, with a strong password to log into the service, this is a very secure option.

  1. Password Reuse:

    At the very least a user should not use the same passwords for personal logins that they do for business logins. Of course, the business has no way of checking this, but it should be outlined strongly in the orientation material, as well as the annual security awareness training. As we always say, your users can be your biggest asset or your biggest liability. Password reuse is a point that needs continual emphasis.

  1. Stolen Passwords:

    The dark web knows what your MySpace password was at this point. Find out what passwords you use have been compromised and stop using them. Google Password Checkup is a trusted resource. Financial companies are starting to send users known compromised passwords as well. We know many people are not going to come up with a stelar 25 character password for that jogging site they’re checking out, but be aware of what passwords are compromised, and don’t use them at work.

  1. Multi-Factor Authentication:

    Many more critical services like financial or system logins now offer Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA). We did a whole blog post on this topic you can read Here, but the long and the short of it is, if the service is available, use it. SMS authentication is not without flaws, but it’s still better than a simple password. Services like Google Authenticator are better but have not been incorporated into all businesses yet.

Passwords are not perfect, but they are also not going away. Password security involves making users aware of the risks that are out there and continuing to stress best practices. Continued education, and annual security awareness training is the best defense against password compromise.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Recent Posts