hackers

Russian Cyberattack Concerns

Russian Cyberattack ConcernsConcerns over a Russian cyberattack have been rising over the past few weeks, but they came to a head Tuesday when the US and other Western Nations announced sanctions against Russia for their movement of troops in Ukraine. The conflict has already seen cyber tactics used to take down and deface many Ukrainian government websites.

The New York Governor and Mayor opened a cybersecurity command center in Brooklyn, the first of its kind, to oversee security across the state. The city of New York is viewed as a target-rich environment with the subway system, Stock Exchange, and a headquarter to many major corporations.

The Governor, Kathy Hochul said, “The threat of cyberattacks is very real, particularly now. That is the warning we are receiving out of Washington, particularly for a place like New York.”

The Federal Government has been sounding the alarm for weeks now, particularly for critical infrastructure. Read our blog post on the CISA warning that included a document on mitigating Russian state-sponsored threats.

“Given the very high tensions that we are experiencing, companies of any size and of all sizes would be foolish not to be preparing right now as we speak — to increase their defenses, to do things like patching, to heighten their alert systems, to be monitoring in real-time their cybersecurity,” deputy attorney general Lisa Monaco said in remarks at the Munich Cybersecurity Conference. “They need to be as we say, ‘shields up’ and to be really on the most heightened level of alert that they can be and taking all necessary precautions.”

This would not be the first time a country reacted to sanctions with virtual retaliation. In 2013 Iran overloaded data centers responsible for US banking with a DDoS attack which stopped them from doing business.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business

Human Operated Ransomware on the Rise

The cost of ransomware attacks in 2021 are projected to reach $20 Billion, almost double the cost impact from 2019. A ransomware attack occurs after a criminal has gained access to a system through a phishing attack or stolen credentials. A typical ransomware attack encrypts data, which stops the company from doing business until the ransom is paid. In a human operated ransomware attack, the criminals gain access to a business network and move around the network to see what they can find.

Microsoft does a good job explaining the difference between the two attack methods:

“Human-operated ransomware attacks are a cut above run-of-the-mill commodity ransomware campaign. Adversaries behind these attacks exhibit extensive knowledge of systems administration and common network security misconfigurations, which are often lower on the list of ‘fix now’ priorities.

Once attackers have infiltrated a network, they perform thorough reconnaissance and adapt privilege escalation and lateral movement activities based on security weaknesses and vulnerable services they discover in the network.”

Hackers can use the business infrastructure to mine bitcoin, run SPAM campaigns, or use company workstations for other criminal activities. Only after they have exploited the private infrastructure do they then execute a typical ransomware attack by encrypting data and asking for money. These criminals can live in a company network for months, using the business infrastructure for their gains.

These ‘hands on keyboard’ attacks are more time consuming for the criminal, but they can also be much more profitable, which is why we are seeing the increase. While malware attacks are on the decline, ransomware attacks increased 40% last year. Criminals are focusing time and effort on these more elaborate attacks that yield greater gains.

Preventing these targeted attacks starts with education as always. The criminal has to get into the network first. Continued education on phishing campaigns and password management is critical. Additionally, a layered security approach is the best defense along with network monitoring tools. These tools can alarm IT departments to unusual network activity like using workstations to mine bitcoin.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business

Public Employee Information Impact

Is it Safe to Have Information About Key Employees on Your Website?

Personally Identifiable Information (PII) is any information that can be used to identify an individual. We can divide PII into public and non-public information with some points that fall into a grey area. Obviously private PII are things like Social Security number, Drivers License number, credit card information, medical records. Public PII is information that can be accessed from public records. Examples of public PII are zip code, race, gender, date of birth. It is important to note that publicly available PII can be used in combination with PII found in a data breach or publicly posted by the individual to give the criminal a more complete picture of the individual.

Additionally, things get even more complicated and vary based on the industry or industries that you operate in. For example, in one industry there is a list of items that are considered PII. If any three of these items are listed together, it is considered protected PII. This can be as simple as a combination of first name, last name, and zip code.

Another category of PII is the data we use in public to conduct business. This PII includes name, email address, employer, position within company, and office address. PII in this category is considered sensitive but must be shared in order to communicate with others. There are security concerns when the data in this category is available publicly. Many small businesses have an “About Us” page where they share PII to help customers get to know the business and come across more personal. It is popular to share name, position within the company, a picture, and sometimes even the email address of the individual. While the intent is good, the information is available to the world, not just the potential customer base. This practice opens the employee up to more phishing attacks and gives criminals information they can combine with other publicly available PII.

Over the summer we covered the increase of new-hire phishing through LinkedIn. The professional networking tool is a great way to find new jobs and connect with other professionals. Unfortunately, criminals realized many employees were starting new jobs remote, and never met some of their coworkers. Hackers were taking advantage of new-hires and posed as the IT department of the new company. Criminals were able to gain access to internal network credentials by following publicly posted PII.

Be aware of your PII that is publicly available. This will help to recognize a phishing attack that may be using that data. We all must share some PII to exist and succeed in a business, but oversharing and making PII readily available sets users up to be a target.

A new practice is to not publicize key company individuals on the company’s website.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business

Information Release December 18, 2020

SolarWinds Orion Breach Statement:

The media and the ISAC’s have created a lot of alerts based on the SolarWinds breach. The breach only affected businesses and organizations that use their Orion platform. It directly affected Microsoft operating systems by installing malware that allowed the criminals access to the infected systems.

Microsoft Corporation was not directly affected by this breach. Only Microsoft operating systems that were being managed and updated by the Orion platform were affected.

Quanexus does not use the SolarWinds Orion platform, and our clients are not directly impacted by this malware.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Small Business, Virtualization