Events

Hive Ransomware

Hive ransomwareThe FBI and U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an alert on the increased impact of Hive ransomware on businesses. “As of November 2022, Hive ransomware actors have victimized over 1,300 companies worldwide, receiving approximately US$100 million in ransom payments, according to FBI information.” from CISA alert. The attackers use Hive ransomware as a ransomware-as-a-service (RaaS) model and target a wide range of industries, from government and critical infrastructure to communication and manufacturing. However, the group targets Healthcare and Public Health (HPH) businesses by a large margin over all other sectors.

The group uses various attack vectors to infiltrate business networks. Investigation into the ransomware group has shown Hive gained access through remote desktop applications and virtual private networks (VPNs) with single-factor and multi-factor authentication (MFA) logins. The group also used traditional phishing emails with malicious logins to install malware. After gaining access, the group tried to cover its tracks by terminating processes related to backup and antivirus. They also deleted system logs that could help the company realize they have been infected.

The ransomware price is negotiated on the dark web, and criminals demand payment in Bitcoin. Hive actors also threaten to publish stolen data or reinfect business networks if the victim refuses to pay the ransom. “Hive actors have been known to reinfect—with either Hive ransomware or another ransomware variant—the networks of victim organizations who have restored their network without making a ransom payment.” from CISA alert.

The healthcare and public health sector was the leading industry targeted by ransomware in 2021 by a large margin. Financial services came in second with about one-third the number of attacks as healthcare. The healthcare sector is a favorite target for hackers because of the inconsistency of cybersecurity across the industry. Additionally, healthcare facilities store highly sensitive and personal data, so the probability of payment is higher when the criminal threatens to publish the data.

The alert listed several mitigations and preparations for a cyber incident, including monitoring external remote connections and implementing a recovery plan. Read the complete alert here.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Back to Basics, Cybersecurity, Information Security, Recent Posts, Small Business

LinkedIn Security Updates

LinkedIn Security UpdatesLinkedIn released some new security updates in an effort to combat fraud and bot accounts across the professional social media platform. LinkedIn is the most impersonated brand in phishing attacks by a considerable margin at 45% of impersonated attacks, with Microsoft as a distant second at 13%. Phishing on LinkedIn Messenger has also increased in popularity among criminals. Most phishing messages quickly ask users to take the conversation off LinkedIn and then attempt to steal money, information, or install spyware on the victim’s device.

LinkedIn also has a bot problem. The site started purging accounts early in October, and the move attracted attention online. Users who reported working for Amazon went from 1.2 million to 800,000, and users working for Apple went from 570,000 to 280,000 over the same 24-hour period. Cybersecurity professionals speculate that bot networks could generate broader attacks by connecting to industry professionals and scraping their public information.

LinkedIn introduced three security tools to help their professional community identify fraud and eliminate bots. The first tool is “About this profile,” which shows if the user has verified their phone number and work email address. The menu also indicates when the user joined the site, updated contact information, and profile photo. The move should help users identify fake accounts and make it more difficult for criminals to maintain multiple profiles.

Image from LinkedIn

The second tool LinkedIn identified is a photo scanner designed to flag AI-generated profile photos. Criminals are not just creating individual fake accounts to scrape the platform. To construct the droves of fake accounts needed, they are using AI-generated images as profile pictures.

The third tool is a messenger tool that alerts users and blocks the message when the potential criminal tries to move the conversation off the LinkedIn platform.

Image from LinkedIn

Example of new chat tool from LinkedIn shown above. The new tools aim to protect and educate users of the tactics used by criminals on the social media platform.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business

Healthcare Ransomware Alert

The Cybersecurity and Infrastructure Security Agency (CISA), FBI, and Department of Health and Human Services (HHS) issued an advisory for US healthcare organizations Friday. Since June of this year, a ransomware group called Daixin Team has been using extortion tactics to steal and encrypt healthcare data. The ransomware group has successfully encrypted and exfiltrated electronic health records, medical imaging documents, and internal intranet data. The most sensitive stolen data is patient medical records and personally identifiable information (PII). The criminals have also used double extortion methods; threatening to release or sell patient data if the business does not pay the ransom.

The CISA highlighted two attack vectors associated with Daixin Team, both involving a VPN. The CISA report read, in part, “Daixin actors gain initial access to victims through virtual private network (VPN) servers. In one confirmed compromise, the actors likely exploited an unpatched vulnerability in the organization’s VPN server. In another confirmed compromise, the actors used previously compromised credentials to access a legacy VPN server that did not have multifactor authentication (MFA) enabled. The actors are believed to have acquired the VPN credentials through the use of a phishing email with a malicious attachment.”

The healthcare sector can be an easy target because of the number of small businesses operating in the industry that may not have the knowledge or investment in cybersecurity. Additionally, healthcare companies are high-profile targets because of the amount and private nature of the personally identifiable information they store. All of the vulnerabilities highlighted by the CISA are avoidable with a quality cybersecurity framework like our Q-Stack.

As of October, the FBI Crime Complaint Center (IC3) reported that the public healthcare sector is the top target for ransomware attacks at 25% of the complaints across 16 sectors. Unfortunately, industry professionals do not see the situation improving soon because of the diverse size and types of businesses in the healthcare workspace.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business

IoT Federal Rating

IoT Federal RatingThe Federal Government is taking steps to assign Internet of Things (IoT) devices a security rating similar to how they give Energy Star Ratings to energy-efficient products. IoT devices are any “smart” devices that can connect to the internet and interact with apps or other devices. Read our blog post on IoT devices here. These types of devices in the home are increasing rapidly. Everything from refrigerators to thermostats and door locks can be connected to the internet and are subject to security compromises.

The security of IoT devices is particularly timely now because of the rise of DDoS attacks we have seen over the past few weeks. Compromised IoT devices are commonly used to create botnets that can be weaponized and pointed at websites or businesses to disrupt traffic and take down services temporarily, like we saw fifteen airports deal with last week. Securing IoT devices is the first step in making the devices unavailable to criminals looking to weaponize devices.

Many devices are sold with a default password to help users with setup. The instructions typically tell consumers to change the password, but few follow the steps needed to secure the device. Leaving the default password opens the device up to multiple compromises. In the case of a camera, the criminal could view or control the device. In the case of a router, the compromised device could serve as a jumping-off point for criminals to explore the network looking for personal or financial information. Lastly, as cited above, the compromised device could be added to a botnet and used to attack other businesses or websites.

The Federal rating would help consumers choose more secure devices that have passed the credentials needed for approval. The Federal label would seek to secure IoT home cameras and routers first to secure the most critical and at-risk devices.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Back to Basics, Cybersecurity, Information Security, Small Business