Hacked

Layered Security with Q-Stack

Our CEO, Jack walks through the layered security steps Quanexus uses to protect your data.

 

Posted by Jack Gerbs in Cybersecurity, Information Security, Physical Security, Recent Posts, Small Business, Wireless

Have You Been Hacked? Indicators of Compromise (IOC)

How do you know if you have been hacked?  Organizations often find out they have been hacked 3 to 6 months after the initial incident.  Typically, they learn of the hack from an outside source.

There are many items that should be monitored in a network to determine if there is a potential incident.  Below is a list of a few key items for monitoring Active Directory (AD) and your firewall.

In AD monitor these key items:

  • Any network login from a user with privileged (administrative) access. Privileged accounts should only be used to manage the network.  Users with administrative accounts should have a regular user account to perform normal business functions.  The use of privileged accounts must be justified.
  • The creation and deletion of user accounts.
  • The modification of user access rights – escalation or de-escalation.
  • Failed logins. Many failed logins can indicate the account is at risk.

On your firewall monitor these key items:

  • Top users by bandwidth and sessions. These metrics should be used to create a baseline to detect anomalies.
  • Outbound firewall traffic that is being blocked. This indicates that a user or their computer is trying to reach unauthorized sites.

The items suggested above are the minimum key indicators that can be monitored to help you if you have a potential incident.

Posted by Jack Gerbs in Cybersecurity, Information Security, Recent Posts, Small Business, Wireless

A Happy Ending, Hacker Ordered to Pay £922,978 in Damages

Very seldom do we get to hear some good news about a hacker.  Grant West has been caught, is in jail, and now is ordered to return the money he stole.

A hacker in the UK who carried out numerous phishing and ransomware attacks has been ordered to pay damages to the companies he attacked.

Grant West, a hacker currently jailed in England, targeted many well-known companies like Uber, T-Mobile, Argos, and Groupon from March 2015 until he was arrested in September 2017. He obtained financial data of tens of thousands of users over that period, and completed more than 47,000 sales from a fake online store. The hacker also sold cannabis on the dark web as well as guides for others to carry out cyber-attacks.

West carried out the attacks on a laptop that belonged to his girlfriend, and used the computer to store personal data of more than 100,000 people. Investigators also recovered an SD card that contained 78 million usernames and passwords, and 63,000 credit and debit card details.

A single phishing email sent in 2015 appeared to be a survey for a British online food ordering service netted West £180,000, which was quickly converted to Bitcoin. When West was arrested in September of 2017, his cryptocurrency accounts were seized by authorities. In May of 2018 he was found guilty and sentenced to 10 years and 4 months of jail time.

Friday, UK courts ordered the £922,978 in cryptocurrency seized would be sold and go back to the companies who were attacked. If West refused the confiscation order, he would serve another 4 years in jail.

Companies and, recently, city governments often have no choice but to pay criminals like West for access to their data that has been encrypted.  Quanexus can help you take steps to protect your business and customer data from attacks like these.

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts

22 Texas Cities Attacked by Ransomware Simultaneously

Hackers successfully installed ransomware on computers of 22 different, local government offices in Texas.  The state is not yet releasing the names of the cities or the data that was corrupted, but two of the municipalities announced online they had been affected.  Both cities say they cannot process utility payments at this time, and one of the cities’ birth and death certificate registry is offline.

The hacker targeted the managed service provider (MSPs) used by the local government offices.  An MSP is a third-party company who provides IT services to a business or division of government.  It is common for small local governments to outsource their IT services because they often don’t have the staff size to support an internal IT role.

The hackers are demanding $2.5 million in bitcoin to unlock the files.  Studies show that in many cases, these ransom demands are paid.  If a backup of the data is not maintained, or the hacker is able to corrupt the backup, many small local governments are faced with no other choice than to pay the ransom.

This attack is unique because of the coordination of taking down 22 cities at the same time.  Ransomware attacks on small governments are on the rise, but this is the first attack on multiple cities.

Lessons You and Your Business Can Learn from This Attack:

If you are outsourcing your IT services, make sure they are a trusted vendor who is up to date with current issues.  Quanexus maintains the CompTIA Security Trustmark+ which requires a third party to audit our policies and procedures.  Often these ransomware attacks come in the form of a phishing email.  Your employees are on the front line of defending against attacks like these.  Continued education on what employees should and should not click on while on company computers, is essential to keeping your data safe.

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business