How Iranian Hackers Tricked their Prey

Posted on

For years, Iran has been a leader in state-sponsored hacking, attacking governments and businesses across the world. While the government has proven their advanced abilities, other groups in the area have been able to operate without detection. Until now, the world was unaware of the power these cyber-terrorists developed. This summer, security experts from TrapX, who were working for a military contractor, spent 18 days battling a team of advanced hackers trying to break into their network.

The hackers were believed to be Iranian but were using a tool-set created by a known Russian hacker that is typically circulated through Russian dark-net forums. Additionally, the web domains and email addresses used during the attack have Russian origins and continue to be used by a known Russian hacker. This type of attack is similar to one in 2015, where the hackers were able to shut down portions of Ukraine’s power grid.  There were also similarities to hundreds of other attacks that the Iranians attempted and executed.

During these attacks, hackers mimick internal IP addresses to try to enter a system undetected. A majority of these codes were identical to those used in 2015. Although they didn’t utilize the most advanced hacking methods, the team dedicated a lot of time to the planning and execution of their attack. Once the firm’s experts detected the hacking, the criminals would lie in wait for their next opportunity.

The team defending the network was sure they could continue to protect against the code they had studied. However, during the last attempt to enter the system, the attackers utilized a groundbreaking new tool that was created to be encrypted and to evade typical methods of analyzation. Understanding this new tool took weeks for the team of experts.  For the military contractor to win the battle, their team of cyber-security experts set up a bait network with fake information to lure them in. Then, once the hackers were in the system, the experts could learn their behavior and set up a defense against it within the real networks.

Although the TrapX team had a successful defense method, this type of attack leads governmental and business organizations around the world to question their current defense methods. It is critical that all hardware and software is updated frequently to be able to thwart off hackers, but there is no sure-fire way to protect an infrastructure. If you are interested in building a proactive response for your business, including a backup and disaster recovery plan, contact us today to get started!

Managing Your Company’s IT Risks

Posted on

With the growing number of cyber-attacks around the world as of late, many businesses are realizing that implementing a proper cyber security plan is critical to succeeding in the business world. Everything from the emails your employees receive to the links they click can cause your systems to be compromised and your clients’ private information to be stolen. Today’s blog covers the steps that you should take to protect your company and your customers.

Education

The first step in securing your infrastructure is educating your employees on the risks they face and how they can help with your company’s protection. The most obvious security measure team members can take is utilizing complex passwords. Employees should be encouraged to use long strings of unrelated words or combinations of capital letters, letters, numbers, and symbols and change them at least bi-annually. Additionally, employees should take precautions when clicking links in emails. Phishing scams are those where hackers create emails that emulate trusted sources that contain malicious links. These scams can be avoided by double-checking the email address to ensure it is correct. For example, customerservice@yourbank.com can be secure while customersservice@yourbank.com might be a hacker. If suspicious emails are detected, the IT team should be notified so they can block the sender and perform additional security scans. To ensure employees are following the proper procedures, their activity should be monitored and there should be blocks on certain types of websites.

Infrastructure

No matter how safe your employees are, your company will face a plethora of security risks. It is critical to implement a security infrastructure that will help prevent hackers from compromising your entire system. Network management is the process of monitoring each user’s activity and the overall infrastructure’s performance. IT teams must also ensure that the software and network are constantly updated to ensure that they are defending against the latest threats. In order to ensure this management is effective, it is important to test it by performing a penetration test. This involves internal or outsourced teams trying to exploit vulnerabilities to see if they gain the ability to negatively affect the system.

Backup

As we’ve said, there is no way to fully protect your business against these types of attacks. That is why it is important to create a disaster recovery plan. Frequently making copies of your infrastructure is important so that the stored information is as up-to-date as possible and the infrastructure will be able to be recovered to the state it was in before it acquired the virus or hack. Storing these backups on the cloud will provide additional protection as it will prevent data loss in the occurrence of a natural disaster or theft. These backups should also be tested frequently to ensure they are taking a full snapshot of the system and able to be uploaded quickly. With the proper backups in place, your business will be able to upload your system in minutes once you can access an internet connected device.

These are just a few of the steps your company should take to manage the cybersecurity threats it faces each day. A proper plan involves a full risk assessment and will constantly change to accommodate new technology and threats. Our team members would be happy to help you protect your business and create a plan to ensure its sustainability and success. Contact us to learn more!

Disaster Recovery as a Service

Posted on

We strive to give our customers a long term plan for IT growth, efficiency, and sustainability. Our team members know that even when we employ proper IT security services, we unfortunately can’t guarantee their success. That is why we provide disaster recovery as a service, or DRaaS. This service ensures that in the event of a cyber-attack, natural disaster, or other threat compromising a network, the software, and the critical data will be able to be recovered.

The best way to ensure you will be able to recover your critical data in the event of an emergency is to store it in the cloud. The cloud is a term for online storage, meaning it doesn’t depend on a physical server. This helps ensure that thieves can’t steal the physical server and natural disasters can’t compromise it. Our team members take multiple copies of your infrastructure each day to ensure the recovered data will be as up-to-date as possible and that the infrastructure will be able to be restored to its condition before it acquired the attack. The benefits of trusting our team to provide DRaaS services include but are not limited to:

  • Predetermined pricing
  • Actionable recovery metrics
  • Protected storage facility
  • Frequent copies created

Additionally, we work to ensure this storage is secure and efficient. By trusting an outsourced provider to back up your data, you can rest assured that the backups will always be protected using the most up-to-date defense methods. Our expert team will work 24/7 and utilize our advanced knowledge and resources to protect this information. We add additional security to this data by storing it in a secure storage environment, with access control and temperature control to promote the efficiency of these cloud servers. We also test this stored information frequently to ensure that if recovery is necessary, it will be able to be completed quickly and fully. Testing will help prevent downtime, which we know is unacceptable for business owners.

You can trust that our team will store backups of your system that will be secure, up-to-date, and easily recoverable. This will ensure your survival in the case of a cyber-attack or natural disaster. Contact us today to learn more about our capabilities or our recommendations for your business’ IT security.

How Social Apps are Fighting Terrorism

Posted on

With the growing number of terrorist attacks of late, it is clear that businesses across the world must take a stand and do everything they can to prevent terrorist attacks. This is especially important for social media platforms, where terrorists are spreading their message, recruiting, and searching for “inspiration.” Tech companies, specifically those in social media, are stepping up to the plate by implementing technology and security measures which prevent terrorist organizations from spreading their message across and communicating through their networks. While most of these companies fight to preserve free speech, they realize that they can help control the abilities of groups that strive to wreak havoc and cause misery.

Facebook

With over 1.9 billion worldwide users, it can be hard to monitor all of the activity that Facebook hosts. While the platform has already implemented technology aimed to fight copyright infringement and child pornography, they realized the need to defend itself against other unacceptable content. Facebook has consulted with counter-terrorism agencies, law enforcement, and other government agencies, and is now using Artificial Intelligence (AI) to help block terroristic posts on its website. This is done through image matching, which removes known terrorism related photos or videos. In addition, language understanding analyzes text and removes it in the case that it violates policies by praising terrorist groups or their actions. When pages, groups, posts, or profiles that are terroristic are blocked, algorithms scan profiles that have engaged with that material and can block them as well. Additionally, the algorithms try to prevent blocked or banned users from creating new profiles and continuing the same behavior.

WhatsApp

Facebook’s WhatsApp, a messenger application, has been under fire for encrypting conversations and allowing terrorists to communicate freely on the platform. This became the subject of many media-inquiries following a terrorist attack in London, where authorities were unable to decipher the attacker’s last message. Although they haven’t changed their encryption methods, the company provides all of the information they can when ordered by law enforcement.

Twitter

In 2015, Twitter began working to combat extremists utilizing this platform, but recently the company has increased its efforts. This is being done through AI, which scans the platforms for posts that are similar to its internal database of text, imagery, and videos that are related to terrorism. Twitter’s platform reported that between July and December of 2016, almost 400,000 accounts were suspended for terrorism-related issues. Of these, 75% were prompted by internal spam-fighting tools.

Our team members unanimously condone acts of terror and social content related to terroristic groups, individuals, or acts. We are proud to see technology groups are taking part in the fight against this propaganda and look forward to seeing how advancements in AI understanding and other technology will further deter these groups and individuals from utilizing social media to spread their message. Stay tuned to our blog for more industry news and tech tips.

Cybersecurity and the Medical Industry

We understand that in today’s business world, there is an increasing demand for online and mobile service offerings. Utilizing technology will increase your customers’ satisfaction and improve your data and efficiency, but in the medical industry, this will increase the amount of risk you face. Not only will this affect your organization’s operation, but it will also lessen customers’ confidence in your practice and put you at risk for governmental and industrial compliance breaches. This concern has become increasingly serious in the past few weeks, when a series of cyber-attacks have targeted healthcare organizations. In today’s blog, we’re identifying these risks and explaining the steps necessary for your business to address them.

Hackers target the medical industry because the data this industry utilizes contains a large amount of personal information. It is fairly easy to target healthcare systems because health records are all stored in a single place.  Additionally, many companies are unaware of the dangers within their healthcare apps or, in some cases, they are selling patient data for profit.  HIPAA addresses this by mandating security standards for electronic protected health information (e-PHI).

The first step in protecting your medical business is to analyze your current risks. Protection involves not only analyzing your network security, but also the practices and regulations you have in place to address patient privacy and compliance such as password policies and mobile device compatibility. Analysis can become increasingly complicated when utilizing modern medical devices that use the IoT, as many of these have lax built-in security.

Once your business has analyzed each of these risky areas, it is time to address each risk. In order to properly address these risks, new guidelines and technology must be put into place. This involves dedicating a team of professionals to monitor your infrastructure 24/7 to ensure its security and efficiency. These measures will not only improve the amount of up-time your organization has,  but also the ability to recover after a cyber-attack.  Recovery is achieved through performing frequent backups and testing them in order to ensure their ability to be used in the case of an emergency. Additionally, your team members should learn practices from professionals in order to lessen the threat of falling victim to malicious attacks disguised as email attachments or software updates. Working with industry experts will help ensure your healthcare business has all of its bases covered.

No matter how technologically secure you think your healthcare facility is, it is important to take the proper measures in order to protect your patients and practice. Your patients deserve their information privacy and your reputation depends on it. Contact us today to learn more about how your healthcare business can benefit from partnering with us or stay tuned to our blog to learn more about industry news, tips and tricks, and company highlights!

NotPetya Ransomware

Posted on

Last month, a virus known as NotPetya affected thousands of computers across Europe. Specifically, the virus targeted Ukrainians’ electric, government, and bank systems. These specific organizations fell victim to the spread because of their shared use of an accounting software. Many articles refer to this attack as Petya, an outdated virus that this current assault resembles. As a result, the current virus is known as “NotPetya,” “Pnetyna,” or other variants of this word.

Although this attack seemed similar to the recent WannaCry ransomware, it is actually not a form of ransomware. Rather, NotPetya is a wiper which was disguised as ransomware. The difference between these two attacks is that ransomware demands money for a key that will recover your systems, while a wiper is aimed to destroy your systems and data. However, the two are similar in that they both affected only Windows OS systems and targeted the same vulnerability within the software. These attacks differed further in that the NotPetya virus wasn’t thwarted by performing software updates.

During these attacks, the virus collected administrator credentials out of each machine’s memory and spread rapidly throughout each network. If admin access wasn’t accessible, the administrators themselves were targeted through a malicious email attachment. Once this control was achieved, attackers were able to fully control most workstations, internal systems, and storage. The leaked EternalBlue SMB exploit, which is rumored to have been stolen from the NSA, was modified during this attack. This is the same flaw that was exploited with the recent WannaCry virus, although system updates prevented many computers from being affected from this attack.

Additionally, the goals of these attacks varied. WannaCry attackers sought financial gain while NotPetya creators wanted to take information from and disrupt the operations of the business and governmental organizations they targeted. However, in order to disguise their motives, the attackers originally did request a $300 ransom which they said would produce a decryption key. Encryption is a popular tool aimed to protect data and is used even in the business world. These types of keys can be entered to recover files which were previously encrypted, or unreadable. Some news outlets claim this recovery key is successful, but it will only restore a limited number of corrupted files.

So, what should you do if you believe your computer was targeted in the NotPetya attack? First off, if a ransom is demanded, don’t pay it! This won’t help you recover your system. Give us a call and our expert team will work to recover as many files as possible and prevent future attacks. We pride ourselves on staying ahead of attacks such as these and providing our customers with the most secure environments possible.

Tips on Creating a More Secure Password

Posted on

A recent PEW Internet study found that 41% of adults with online passwords have shared those passwords, 39% use one password or very similar passwords for every account, and 69% admit they don’t worry about their passwords’ security. This lack of password security and complexity can have serious effects. In Bangladesh, a stolen password gave hackers the ability to steal $81 million from the Central Bank. These statistics prove that businesses without strong password requirements are at risk for theft, breaches, and more. Follow these tips to ensure your business’ passwords will protect your business from intruders:

Utilize a Password Manager:

Having so many passwords to remember can be confusing, which is why many people set the same or similar passwords for multiple accounts. A password manager will integrate into your web browser and automatically populate the password field. However, when all passwords are stored on one website, it is critical to ensure the password to access that website is very strong.

Create a Complex Password:

It is important that your password is at least 12-14 characters so hackers are less likely to guess the combination within the allowed number of guesses.  You should also be sure to include a variety of character types. This includes numbers, symbols, and both capital and lower-case letters. Additionally, you should make sure to use a unique word combination. For example, “InsuranceDaisy702!” is more secure than “redhouse123”.

Answer Complex Security Questions:

Often, upon setting up accounts, you will be prompted to answer a variety of security questions. Although “what is your pet’s name?” or “what city were you born in?” can be the easiest questions to remember, they are also easily identified by hackers. Answering more specific questions can make it more difficult for hackers to access your account.

Utilize Robust Security Software:

Many forms of Malware can access unprotected passwords that are stored in your computer’s memory. Keylogger software is a significant threat because it keeps a record of each keystroke and can often go undetected.  Employing a defense against these types of attacks will further protect your business and can also help in a variety of other ways. You can learn more about the benefits of cyber security here.

Once your company heeds to all of these tips, it will attain a high level of defense against the potentially expensive, time-consuming, and damaging threats it faces. Here at Westech Solutions, we aim to create a more secure infrastructure for our clients, as well as a way to recover in the case of an attack or other emergency. To learn more about our capabilities or to get started improving your business’ IT security, contact us today!

The WannaCry Virus

Recently, a cyber-attack known as WannaCry took hostage hundreds of thousands of public and private Microsoft computers around the world. Computers were affected in more than 150 countries, making this the largest recorded ransomware attack. This virus is a form of ransomware, which encrypts files until a monetary ransom is paid. Often, these ransoms will double after a certain period of time and if they are not paid within the set time, all of the files will remain encrypted. Once the ransom is paid, a key is provided that will unlock the files. In this case, the requested ransom was around $300.

Victims of these attacks include a healthcare company in Britain, where patients had to be turned away from more than 36 hospitals, doctor’s offices, and ambulance companies. Thankfully, patient data was not compromised during this attack. In Russia, the Interior Ministry’s computers were frozen. In the United States, FedEx became a target.

These types of attacks are usually triggered by malicious attachments in emails that are designed to mimic legitimate sources. Microsoft was aware of this vulnerability and had released software updates to protect customers from these types of attacks. However, many people have outdated software which allowed them to remain vulnerable. It has yet to be reported the total amount victims paid.

It is rumored that the strategy of this attack is rooted in the N.S.A. because of the comments made when the plans were posted online previous to the attack. A group who identifies itself as the “Shadow Brokers” claimed that the numerous hacking tools they posted online were stolen from the U.S. Government. These tools targeted firewalls, anti-virus programs, and Microsoft products. This is especially concerning because the N.S.A. is taxpayer funded. The N.S.A. has denied this allegation but some sources claim that former officials have suggested the content looks similar to other N.S.A. documents.

The United States has used cyber-attacks against other governments in the past and it is known that they have classified information on these types of vulnerabilities. Former President Obama’s administration developed a process to determine which of these vulnerabilities should be kept in a classified setting and which ones should be reported to the companies so they can be fixed.

Our team strives to provide prompt, cloud based updates to our customers so that their software is always up to date. We also employ both network security and email filtration measures in order to further reduce the risks of these types of attacks. If you are curious about how we have helped protect other companies or are ready to trust us with your technical security, contact us today to get started.