Office 365

US Agencies Hacked in Nation-State Attack

US Department of Treasury and US Department of Commerce were breached in a Nation-State attack suspected to be of Russian origin. Hackers were able to monitor email traffic from the two government agencies for months, in a highly sophisticated supply chain attack that specifically targeted government agencies. The breach originated in a plugin update for SolarWinds IT platform, Orion.  The malicious software was hidden in a legitimate software update and laid dormant for two weeks before activating. Orion is a complete IT business framework that includes application, network, and security monitoring. SolarWinds has contracts with military and intelligence services, as well as large corporations across the US.

While the target was focused on government agencies, any organization using the Orion platform is affected.

The attack was first detected by FireEye, a large cybersecurity firm based in California. On December 8th, FireEye disclosed their Red Team Tools had been stolen through the Orion vulnerability. The initial malware was first installed on systems in March 2020 and again in June 2020, as Orion updates were applied.

Microsoft has issued guidance to remediate the affected systems. Microsoft has also published a set of indicators of compromise “IOC” which will be used by firewall and antivirus companies to detect block further infections.

Cybersecurity and Infrastructure Security Agency (CISA) issued an Emergency Directive Sunday to, “disconnect or power down SolarWinds Orion products immediately.”

“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” said CISA Acting Director Brandon Wales.

This is only the fifth Emergency Directive issued by CISA since its inception. See Emergency Directive Here.

SolarWinds software versions 2019.4 – 2020.2.1 are the updates affected. Most IT Security news outlets believe this reporting is the tip of the iceberg. Hackers had access to government emails from March or June of this year until last week.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business

Business Email Compromise

Business Email CompromiseBusiness Email Compromise (BEC) Scams

A Business Email Compromise, or (BEC) for short, is a type of attack that targets company email. A hacker gains control of a business email and uses that access to request money or data.

The most recent data we have available from April to May shows a 200% rise in BEC scams, and the trend continues to go up. These types of hacking events are on the rise because they result in much higher amounts of money than a normal phishing attack. On average a BEC attack results in 100x greater profit to the criminal than a normal malware attack.

The FBI outlines five types of BEC attacks.

Invoice Scams: An invoice scam could originate with your company, or a vendor you work with. The criminal gains access to a professional email account and uses that access to send an invoice. Sometimes the invoice looks different than usual, but not always. Jack talks about an invoice scam we saw in the Miami Valley where the criminal simply changed the routing number, and let the business send the wire transfer as usual. Watch Jack’s video here.

Account Compromise: Criminals gain access to an executive’s email account and use the address book to request money from business contacts. Once criminals have access to executive email, they will watch traffic as well as read email history. Criminals can hang around in a compromised email for weeks looking for the best way to steal money.

CEO Fraud: Attackers pose as company CEO or other upper level executive, and email employees in the finance department instructing them to transfer funds to an outside account. This can be done by actually gaining access to a CEO’s email, or by using a spoofed email account. Many employees would be hesitant to question a request from the CEO.

Legal Impersonation: Criminals pose as a law firm representing the company with confidential information. This scam is done over the phone, or email, and will typically fall at the end of the workday or week. The criminals in this scam rely on urgency, and confidentiality.

Data Theft: This tactic normally targets Human Resources departments for confidential data instead of money. Criminals will pose as other members of the company and ask for employee information or database access.

All of these methods rely heavily on quality research, and targeted social engineering. These are not blanket phishing emails sent to thousands of email addresses. The criminals know exactly who they are impersonating. They gain access to a business email account through any number of tactics like password reuse, a separate phishing attack, malware, or missing security patches. Once they gain access, they read emails and form a plan for exploitation. Criminals can spend weeks inside the compromised email developing a method of best attack. This is a long, well researched process.

Employee education is the key to prevention, especially in Finance and HR departments. Open communication as well as quality IT Security is the best way to prevent these kinds of attacks. Employees should be encouraged to confirm requests for money, especially if they are out of the ordinary. The criminals first have to gain access to the business email in order to develop this kind of attack. A high quality layered security approach is the best defense against a criminal gaining access to a business email in the first place.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

 

Posted by Charles Wright in Recent Posts

Feature Newsletter

This week we are featuring our current newsletter. This newsletter has a security checklist on the back page, which is a great checklist for your business. It also has some tips on security awareness training, indicators of a hack on your infrastructure, and a simplified explanation of our layered security system.

Click here for the Newsletter

You can also subscribe to our email list and receive the newsletters when they are published. Read previous Newsletters and subscribe to our email list by clicking here.

Quanexus IT Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Cybersecurity, Information Security, Physical Security, Recent Posts, Small Business, Telephone Systems, Virtualization, Wireless

Welcome to 2020

Looking back, 2019 was a very good year for Quanexus.  I am thankful every day, for the awesome team that I get to work with and our many wonderful clients.  As I look forward to 2020, I’d like to share a list of what I think we can expect to see in the IT landscape:

Threats

  • Significant increase in the amount of successful ransomware attacks.
  • Continued increase on the sophistication of social engineering attacks.
  • Increased attacks against small and medium size organizations.
  • Increase in banking and ATM system attacks.
  • Increase in the Internet of Things (IoT) attacks

Technology Improvements and Adoption

  • Increased use of cloud solutions.
  • Increased cloud telephone implementations.
  • Increase in use of multi-factor authentication.

Challenges

  • Increased board member liability for IT compliance within the organization.
  • Increased audit requirements for every organization. We have seen a big increase with our clients needing to be compliant with their vendor’s requirements.
  • Increased supply chain requirements.

Wishing everyone a healthy and successful 2020 from the Quanexus Team!

Quanexus IT Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Cybersecurity, Information Security, Physical Security, Recent Posts, Small Business, Telephone Systems, Virtualization, Wireless