Passwords

23
May
2023

Most Common Attack Vectors

Most Common Attack VectorsRansomware attacks have become a more significant concern for small and medium-sized businesses (SMBs) in the US. With the addition of ransomware as a service (RaaS) and its harmful possibilities, businesses should be aware of the most common attack vectors and how they are compromised. Data shows ransomware attacks leveled off in 2022 but are on the rise again in 2023 as attack vectors continue to evolve and criminals adopt more automated tactics.

The vulnerability that is exploited most often, resulting in a ransomware attack, is public-facing applications that can be compromised. Criminals discover a critical flaw in an enterprise-level piece of software and are able to access a business network and steal data. Businesses can defend against this attack vector by regularly patching and updating systems on a recommended schedule and when manufacturers publish critical updates. Many of the large ransomware attacks that make the news and affect thousands of users can be traced back to a known critical patch that was not followed by the business.

The use of compromised credentials is the next most often exploited vulnerability. Phishing can compromise credentials, but the more common issues are leaked or bought breached data and password re-use. Criminals can buy passwords from other data breaches, and if your employees re-use passwords on numerous services, they may have access to business credentials even if your data was not stolen. Multi-factor authentication (MFA) and passwordless logins that use systems like passkey can both help to fight against compromised credentials. MFA is the easiest short-term solution and can be enabled on most enterprise-level systems.

Malicious email attacks still retain third place in the most common attack vectors; even with employee training and sophisticated email filtering, malicious emails are still getting through and still being clicked on. Employees should be aware of the common attack vectors and understand phishing attacks are becoming more sophisticated and targeted to individual users.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Back to Basics, Cybersecurity, Small Business
16
May
2023

New Paas Targets Microsoft 365

New Paas Targets Microsoft 365 UsersA new phishing as a service (PaaS) platform is being used to create convincing Microsoft 365 login prompts and takes advantage of multi-factor authentication (MFA) at a low cost. The new platform named Greatness can create convincing Microsoft 365 cloud login screens that include the company logo, background image, and will even pre-fill the victim’s email address into the username field to look more realistic. The PaaS platform is mainly used to target manufacturing, healthcare, and technology companies but has also been reportedly used on education, construction, and financial businesses. The hacking service has primarily targeted business users in the US, UK, Australia, South Africa, and Canada since mid-2022.

The platform Greatness also goes a step further and can capture and use multi-factor authentication codes for Microsoft. When the user enters their credentials into the phishing site, the service communicates with Microsoft to prompt for MFA authentication. The hacking service then passes the authentication back to Microsoft in real time and captures the authentication token to be used again later by the attacker. This new hacking service is set up so that even unskilled attackers can use the most advanced features like compromising MFA, and records the stolen credentials and authentication token in an easy-to-use format.

Phishing as a service platforms have become more sophisticated over the past year, and many of them include professional toolkits that track compromised credentials and offer customer support. The cost and technical ability required have also been reduced. Not long ago, attackers needed a moderate level of programming knowledge to use the PaaS tools, but this is no longer the case. The tools have been made very user-friendly, and at a cost between $40 – $1000, anyone can launch a phishing campaign. This ease of access presents logistical problems for competing businesses or former employees.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Small Business
09
May
2023

City of Dallas Ransomware

City of Dallas Ransomware AttackA ransomware attack on the city of Dallas, Texas, has negatively impacted city utilities and slowed emergency service response time. The city suffered a ransomware attack attributed to the hacker group Royal, Monday, May 1st. Network printers on the city’s network began printing ransom notes Monday morning with instructions on how to contact the hacker group.

The attack forced the city government to shut down IT systems to contain and mitigate the ransomware. Police and fire employees received an urgent message to unplug the computers in their emergency vehicles. Part of the systems taken offline were 911 dispatcher computers, which have forced emergency call centers to revert to pencil and paper for recording call details and communication with emergency services through radio. The Dallas Fire Fighters Association president said the first responders have received little guidance from city leadership. In the ninth-largest city in the United States, 911 calls are being missed because radio traffic is so busy. Emergency responders are not getting the follow-up information they are used to receiving from dispatch via computers.

Additionally, courts were closed Monday, utility bills could not be processed, and a handful of other non-emergency services were offline for a week. The city said they would add devices and services back to the network individually when it was safe to do so.

US cybersecurity agency CISA sounded the alarm on Royal as a ransomware group gaining power in early March. The CISA said they specifically target critical infrastructure sectors, including communications, education, and healthcare. First observed in 2022, the ransomware gang typically gains access through phishing links and exfiltrates large amounts of data before notifying the victim.

Ransomware groups are shifting their tactics to data extorsion. Hackers had to find a new way to make money when governments and law enforcement started breaking encryptions. Recent threats, including the printout from Royal, include threats to release or sell personal customer data.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Recent Posts, Small Business
25
Apr
2023

Supply Chain Compromise

Supply Chain CompromiseAs businesses become more interconnected, there is an increased risk of a cyber attack originating from a third-party vendor. In 2022 there were 40% more supply chain attacks than malware attacks, so the need for security between businesses is becoming a greater concern. Supply chain compromise is an attack that originates from a vendor, supplier, or employee through the devices or software used in manufacturing and distribution. This tactic is used instead of targeting individual end users because the opportunity for compromise and data collection is much greater.

The voice-over IP vendor 3CX is in the news because of a supply chain attack that was passed on to its customers. The malicious code was distributed to desktop computers through an automatic update but originated from another supply chain compromise in an interesting and informative way. The attack is already being cited as on the same scale as the SolarWinds attack. Investigators said the attackers have ties to North Korea and were interested in gathering data instead of encryption for ransom.

Supply chain attacks from third-party software vendors are difficult to detect because, as in this case, the vendor has control of company systems and decides when they push out an auto-update. 3CX investigated the compromise and disclosed that one of their employees downloaded out-of-date software used to trade stocks to their personal computer. The stock trading software was compromised, and the attackers were able to gain 3CX credentials and move laterally through the systems to create a malicious software update that would be distributed to the 3CX customers.

There are a couple of red flags from this early reporting and disclosure. Hackers were able to steal company credentials from an employee’s personal computer, and once inside, they could move laterally around the system with access to software updates. Without more information, it sounds like the principle of lease privilege should be added to the layered security system. Employees should only have access to the data they need to do their job. If hackers could move through the system at will, initial reports suggest segmentation is not in place in the data security practices either.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Back to Basics, Cybersecurity, Information Security, Recent Posts, Small Business