Hacks

But I’m Too Small?

It is hard to believe, but there is a myth still shared by many small businesses and individuals.  The myth is “I’m too small for anyone to attack my business.”  This myth is far from reality.  A review of the target distribution data provided by hackmageddon.com shows that for 2019, the number one group being attacked is the individual (27%) and the number two group is multiple industries (14.3%), which is the small business group.

31% of all the cyber-attacks are designed for the individual and small business.  There is a logical reason for this.  Big business is taking cybersecurity seriously.  They have made it difficult for the criminals to break into their systems.  Criminals typically don’t want to work hard.  They have developed easily deployable tools to find those organizations that believe they are too small to be attacked (I call them “the low hanging fruit”).  At minimum, even if you don’t think you have anything worth stealing, your data has value to you.  Imagine not being able to access the data on your computer system.  That is the goal of ransomware, which continues to be one of the greatest threats to most organizations.  The reason for the steady increase in ransomware attacks is because it is an extremely successful tool to exploit money from their victims.

Implementing the best security tools won’t guarantee you will not experience some type of a cyber-event, but ignoring the facts and doing nothing, guarantees you are more likely to experience a bad day.

There is a minimum number of things that every business should implement that will minimize the threat of a cyber-attack such as ransomware.  The cost of these security tools has continued to drop and is now affordable for most small and medium sized businesses.  Quanexus has developed our Q-Stack which is a layered security approach to protect against cyber-threats.

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Cybersecurity, Information Security, Physical Security, Recent Posts, Small Business, Wireless

Have You Been Hacked? Indicators of Compromise (IOC)

How do you know if you have been hacked?  Organizations often find out they have been hacked 3 to 6 months after the initial incident.  Typically, they learn of the hack from an outside source.

There are many items that should be monitored in a network to determine if there is a potential incident.  Below is a list of a few key items for monitoring Active Directory (AD) and your firewall.

In AD monitor these key items:

  • Any network login from a user with privileged (administrative) access. Privileged accounts should only be used to manage the network.  Users with administrative accounts should have a regular user account to perform normal business functions.  The use of privileged accounts must be justified.
  • The creation and deletion of user accounts.
  • The modification of user access rights – escalation or de-escalation.
  • Failed logins. Many failed logins can indicate the account is at risk.

On your firewall monitor these key items:

  • Top users by bandwidth and sessions. These metrics should be used to create a baseline to detect anomalies.
  • Outbound firewall traffic that is being blocked. This indicates that a user or their computer is trying to reach unauthorized sites.

The items suggested above are the minimum key indicators that can be monitored to help you if you have a potential incident.

Posted by Jack Gerbs in Cybersecurity, Information Security, Recent Posts, Small Business, Wireless

22 Texas Cities Attacked by Ransomware Simultaneously

Hackers successfully installed ransomware on computers of 22 different, local government offices in Texas.  The state is not yet releasing the names of the cities or the data that was corrupted, but two of the municipalities announced online they had been affected.  Both cities say they cannot process utility payments at this time, and one of the cities’ birth and death certificate registry is offline.

The hacker targeted the managed service provider (MSPs) used by the local government offices.  An MSP is a third-party company who provides IT services to a business or division of government.  It is common for small local governments to outsource their IT services because they often don’t have the staff size to support an internal IT role.

The hackers are demanding $2.5 million in bitcoin to unlock the files.  Studies show that in many cases, these ransom demands are paid.  If a backup of the data is not maintained, or the hacker is able to corrupt the backup, many small local governments are faced with no other choice than to pay the ransom.

This attack is unique because of the coordination of taking down 22 cities at the same time.  Ransomware attacks on small governments are on the rise, but this is the first attack on multiple cities.

Lessons You and Your Business Can Learn from This Attack:

If you are outsourcing your IT services, make sure they are a trusted vendor who is up to date with current issues.  Quanexus maintains the CompTIA Security Trustmark+ which requires a third party to audit our policies and procedures.  Often these ransomware attacks come in the form of a phishing email.  Your employees are on the front line of defending against attacks like these.  Continued education on what employees should and should not click on while on company computers, is essential to keeping your data safe.

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business

Tech News: Many Western Digital ‘My Cloud’ Devices Have Backdoor

Many Western Digital ‘My Cloud’ Devices Have Backdoor

Researchers have found a major security flaw in many of Western Digital ‘My Cloud” devices.

These devices have a published backdoor.

The backdoor user ID is mydlinkBRionyg with the password abc12345cba.

The devices effected are:  MyCloud, MyCloudMirror, My Cloud Gen 2, My Cloud PR2100, My Cloud PR4100, My Cloud EX2 Ultra, My Cloud EX2, My Cloud EX4, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100 and My Cloud DL4100.

Western Digital has released firmware version 2.30.172 which reportedly fixes the bug.  The My Cloud product line is typically not sold by Quanexus, buy many of you may have purchased one of these devices for home.

If you are running a My Cloud device, it is very important that you update the Firmware.

Follow us on FacebookTwitter and LinkedIn and stay up to date on Hacks, Attacks & Cybersecurity by subscribing to our email list.

Posted by Jack Gerbs in Cybersecurity, Recent Posts