Phishing

Most Common Attack Vectors

Most Common Attack VectorsRansomware attacks have become a more significant concern for small and medium-sized businesses (SMBs) in the US. With the addition of ransomware as a service (RaaS) and its harmful possibilities, businesses should be aware of the most common attack vectors and how they are compromised. Data shows ransomware attacks leveled off in 2022 but are on the rise again in 2023 as attack vectors continue to evolve and criminals adopt more automated tactics.

The vulnerability that is exploited most often, resulting in a ransomware attack, is public-facing applications that can be compromised. Criminals discover a critical flaw in an enterprise-level piece of software and are able to access a business network and steal data. Businesses can defend against this attack vector by regularly patching and updating systems on a recommended schedule and when manufacturers publish critical updates. Many of the large ransomware attacks that make the news and affect thousands of users can be traced back to a known critical patch that was not followed by the business.

The use of compromised credentials is the next most often exploited vulnerability. Phishing can compromise credentials, but the more common issues are leaked or bought breached data and password re-use. Criminals can buy passwords from other data breaches, and if your employees re-use passwords on numerous services, they may have access to business credentials even if your data was not stolen. Multi-factor authentication (MFA) and passwordless logins that use systems like passkey can both help to fight against compromised credentials. MFA is the easiest short-term solution and can be enabled on most enterprise-level systems.

Malicious email attacks still retain third place in the most common attack vectors; even with employee training and sophisticated email filtering, malicious emails are still getting through and still being clicked on. Employees should be aware of the common attack vectors and understand phishing attacks are becoming more sophisticated and targeted to individual users.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Back to Basics, Cybersecurity, Small Business

New Paas Targets Microsoft 365

New Paas Targets Microsoft 365 UsersA new phishing as a service (PaaS) platform is being used to create convincing Microsoft 365 login prompts and takes advantage of multi-factor authentication (MFA) at a low cost. The new platform named Greatness can create convincing Microsoft 365 cloud login screens that include the company logo, background image, and will even pre-fill the victim’s email address into the username field to look more realistic. The PaaS platform is mainly used to target manufacturing, healthcare, and technology companies but has also been reportedly used on education, construction, and financial businesses. The hacking service has primarily targeted business users in the US, UK, Australia, South Africa, and Canada since mid-2022.

The platform Greatness also goes a step further and can capture and use multi-factor authentication codes for Microsoft. When the user enters their credentials into the phishing site, the service communicates with Microsoft to prompt for MFA authentication. The hacking service then passes the authentication back to Microsoft in real time and captures the authentication token to be used again later by the attacker. This new hacking service is set up so that even unskilled attackers can use the most advanced features like compromising MFA, and records the stolen credentials and authentication token in an easy-to-use format.

Phishing as a service platforms have become more sophisticated over the past year, and many of them include professional toolkits that track compromised credentials and offer customer support. The cost and technical ability required have also been reduced. Not long ago, attackers needed a moderate level of programming knowledge to use the PaaS tools, but this is no longer the case. The tools have been made very user-friendly, and at a cost between $40 – $1000, anyone can launch a phishing campaign. This ease of access presents logistical problems for competing businesses or former employees.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Small Business

City of Dallas Ransomware

City of Dallas Ransomware AttackA ransomware attack on the city of Dallas, Texas, has negatively impacted city utilities and slowed emergency service response time. The city suffered a ransomware attack attributed to the hacker group Royal, Monday, May 1st. Network printers on the city’s network began printing ransom notes Monday morning with instructions on how to contact the hacker group.

The attack forced the city government to shut down IT systems to contain and mitigate the ransomware. Police and fire employees received an urgent message to unplug the computers in their emergency vehicles. Part of the systems taken offline were 911 dispatcher computers, which have forced emergency call centers to revert to pencil and paper for recording call details and communication with emergency services through radio. The Dallas Fire Fighters Association president said the first responders have received little guidance from city leadership. In the ninth-largest city in the United States, 911 calls are being missed because radio traffic is so busy. Emergency responders are not getting the follow-up information they are used to receiving from dispatch via computers.

Additionally, courts were closed Monday, utility bills could not be processed, and a handful of other non-emergency services were offline for a week. The city said they would add devices and services back to the network individually when it was safe to do so.

US cybersecurity agency CISA sounded the alarm on Royal as a ransomware group gaining power in early March. The CISA said they specifically target critical infrastructure sectors, including communications, education, and healthcare. First observed in 2022, the ransomware gang typically gains access through phishing links and exfiltrates large amounts of data before notifying the victim.

Ransomware groups are shifting their tactics to data extorsion. Hackers had to find a new way to make money when governments and law enforcement started breaking encryptions. Recent threats, including the printout from Royal, include threats to release or sell personal customer data.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Recent Posts, Small Business

Three SMB Cybersecurity Statistics

Three SMB Cybersecurity StatisticsNew data shows that small and medium-sized businesses (SMBs) are at greater risk of a cybersecurity incident, statistically least prepared, and are being attacked at a greater rate. SMB cyberattacks are underreported; they are not making headlines for breaches like larger corporations are. Additionally, large corporations continue to invest in the latest practices like zero trust and layered security systems. SMBs used to be largely ignored as too small of targets, but criminals are opportunists, and more frequent small attacks are the current trend.

Cybercriminals are pivoting to SMBs as smaller but easier targets. SMBs account for 43% of cyber attacks, and studies show that the number is growing. Criminals are also turning to more targeted sophisticated attacks for SMBs previously reserved for large clients. Whale phishing, a term that used to be used to describe a highly researched and sophisticated attack targeting senior executives, has largely gone by the wayside. Criminals are now using the same tactics with the help of AI and publicly available information to target all levels of employees. SMBs typically lack the resources or do not prioritize cybersecurity like larger businesses.

When incidents do occur, many SMBs choose not to report them to law enforcement because they fear negative press or backlash from their customer base resulting in further loss of revenue. 60% of SMBs are forced out of business six months after a security breach, so their concern over the loss of revenue is valid. Unfortunately, this trend impedes the US Justice Department Cyber-Digital Task Force from doing its job and stopping further attacks.

Only 14% of SMBs rate their ability to handle a cybersecurity incident highly effective, and 47% of SMBs self-report that they do not understand how to protect themselves against an incident. Quanexus specializes in SMB cybersecurity and can adapt to individual business needs, including financial and healthcare businesses. Reach out today if you have questions about the services we provide to see if we would be a good fit for your business.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Small Business