Passwords

Have You Been Hacked? Indicators of Compromise (IOC)

How do you know if you have been hacked?  Organizations often find out they have been hacked 3 to 6 months after the initial incident.  Typically, they learn of the hack from an outside source.

There are many items that should be monitored in a network to determine if there is a potential incident.  Below is a list of a few key items for monitoring Active Directory (AD) and your firewall.

In AD monitor these key items:

  • Any network login from a user with privileged (administrative) access. Privileged accounts should only be used to manage the network.  Users with administrative accounts should have a regular user account to perform normal business functions.  The use of privileged accounts must be justified.
  • The creation and deletion of user accounts.
  • The modification of user access rights – escalation or de-escalation.
  • Failed logins. Many failed logins can indicate the account is at risk.

On your firewall monitor these key items:

  • Top users by bandwidth and sessions. These metrics should be used to create a baseline to detect anomalies.
  • Outbound firewall traffic that is being blocked. This indicates that a user or their computer is trying to reach unauthorized sites.

The items suggested above are the minimum key indicators that can be monitored to help you if you have a potential incident.

Posted by Jack Gerbs in Cybersecurity, Information Security, Recent Posts, Small Business, Wireless

Security Awareness and Training

If you work in any regulated industry, medical, finance, energy, transportation, government, etc. your company is required to  provide ongoing security awareness and training (SAT).  Often this is misidentified as security awareness training without the “and”.   Security awareness is typically provided through on-going emails, newsletters and posters that address different aspects of security.  The training part is more formal, it often includes a lecture and a basic test required to prove that employees understand security topics that apply to their organization.  For many years, we have been recommending the SANS.org OUCH! Newsletter, to fulfill part of the awareness function.

The OUCH! Newsletter is free.  As an additional control, we recommend that one person be responsible to distribute the newsletter to all employees.  Employees are then required respond back via email that they have read the newsletter.  The replies are then logged.  It is important to log the acknowledgments as proof that your organization is in compliance with its policies.

For more information and to sign  up for the newsletter, follow this link
https://www.sans.org/security-awareness-training/ouch-newsletter

 

Posted by Jack Gerbs in Cybersecurity, Recent Posts, Small Business

A Happy Ending, Hacker Ordered to Pay £922,978 in Damages

Very seldom do we get to hear some good news about a hacker.  Grant West has been caught, is in jail, and now is ordered to return the money he stole.

A hacker in the UK who carried out numerous phishing and ransomware attacks has been ordered to pay damages to the companies he attacked.

Grant West, a hacker currently jailed in England, targeted many well-known companies like Uber, T-Mobile, Argos, and Groupon from March 2015 until he was arrested in September 2017. He obtained financial data of tens of thousands of users over that period, and completed more than 47,000 sales from a fake online store. The hacker also sold cannabis on the dark web as well as guides for others to carry out cyber-attacks.

West carried out the attacks on a laptop that belonged to his girlfriend, and used the computer to store personal data of more than 100,000 people. Investigators also recovered an SD card that contained 78 million usernames and passwords, and 63,000 credit and debit card details.

A single phishing email sent in 2015 appeared to be a survey for a British online food ordering service netted West £180,000, which was quickly converted to Bitcoin. When West was arrested in September of 2017, his cryptocurrency accounts were seized by authorities. In May of 2018 he was found guilty and sentenced to 10 years and 4 months of jail time.

Friday, UK courts ordered the £922,978 in cryptocurrency seized would be sold and go back to the companies who were attacked. If West refused the confiscation order, he would serve another 4 years in jail.

Companies and, recently, city governments often have no choice but to pay criminals like West for access to their data that has been encrypted.  Quanexus can help you take steps to protect your business and customer data from attacks like these.

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts

Cyber Statistics Snapshot for August 2018

If you have been to any of our presentations you have heard Jack mention statistics from the website Hackmageddon.com, each month they issue a report of statistics in cyber crime incidents for the previous month. In an effort to create easier to digest bits of information the highlights of those reports will be illustrated monthly on our blog in the form of an infographic.

Below is the information compiled for August 2018. As in most months the leading motivation for the attacks are cyber crime at 77%, followed by cyber espionage, cyber warfare and hacktivism.

35% of those attacks are carried out via malware – think viruses, spyware, etc. and 23% of those attacks are going after the individual.

How do you go about NOT becoming a statistic?

  1. Educate yourself and your team. Learn about the tools and techniques criminals use to manipulate their victims.
  2. Use strong passwords. Knowing how to create strong passwords and using them is one of the easiest and most basic first steps to becoming more secure.
  3. Ask questions. Does something seem suspicious? Know the signs to look for and what to do if you suspect you may be compromised.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Cyber attack infographic

Cyber attack infographic

Posted by Jack Gerbs in Recent Posts