Select Page
EternalBlue Hacks & Tales from the Unpatched (Video)

EternalBlue Hacks & Tales from the Unpatched (Video)

EternalBlue Hacking Tools

EternalBlue, which is an ancient set of hacks — ancient: going back three years — is still applicable, especially in regard to some of the technology and vulnerabilities that we are seeing today. EternalBlue is a software that the NSA developed to hack Windows machines. The goal was to break into a computer (without telling the owner “someone’s there”) — and then run a software of choice. Windows contains more than two millions lines of code, so nobody, even at Microsoft, really knows what it’s all doing, and vulnerabilities are found every day. EternalBlue hacks targeted some of those vulnerabilities.

Running Windows makes you vulnerable by default. Linux, Mac, Android, iPhone — they’re all vulnerable because we’ve reached the state of complexity in the operating systems that we choose to run that it’s just a matter of time before new ways are found to break into these systems. Online trickery happens, and people download malware thinking they’re getting a good piece of software. For example, there was once a program called Whack-a-Mole. It was known to have a Trojan in it, so if hackers were able to convince you “hey, this is the coolest game in town,” then your machine would be infected. When hackers are trying to break into a machine, whether through a means like Whack-a-Mole or through an EternalBlue hack, they’re trying to do it surreptitiously, invisibly. They don’t want you to know because, if you knew, you might do something like reboot. This led the hackers to ratchet up what we call the “persistence” of malware, so that maybe it could survive a reboot.

If you’ve ever had a browser toolbar appear in Internet Explorer, or Chrome or Firefox or Edge, or any other browser, that toolbar probably has the rights to see wherever you’re surfing and modify the webpages that you get back, and can even interact with you. A toolbar is a very visual indicator that “you’ve been hacked.” Is that toolbar interested in stealing your passwords and learning your PayPal login and modifying what you visit and how you see it? Maybe, maybe not. But it’s an indication that you’re running untrusted software. Going out to the web and downloading a piece of software because it looks interesting is almost a guaranteed way to get hacked.

 

EternalBlue Hacker

 

WannaCry

 

Malware programmers write apps, publish them and they get downloaded, and in the background there’s a malware stealing passwords, modifying webpages, looking at your identity — those are all activities I would consider hacks — and that’s what EternalBlue is. In short, it leverages a vulnerability that the NSA found in the Microsoft SMB protocol. They found that if they hurled a packet that was the right size in the right shape, it would shove a square peg into a round hole, and the round hole wouldn’t know what to do, and so it would execute a buffer overflow attack. Windows wasn’t expecting a square peg in a round hole, so it would trip, fall down, and execute code of the attacker’s choice. EternalBlue hacks took advantage of a “round” Server Message Block (SMB) hole, and as that SMB failed, it could run a Trojan, or blue screen a computer, or download a piece of malware.

 

Less than thirty days after EternalBlue got into the hands of cybercriminals, a nasty bug called WannaCry was released to the world. It made you want to cry because it was ransomware. It used EternalBlue as the delivery exploit, so as soon as WannaCry got a foothold inside a corporate network, it would jump from machine to machine to machine and ransom. By the next year, EternalBlue hacks had cost companies and industries billions of dollars, and 65 countries have fallen to EternalBlue’s vulnerability and have been ransomed or hacked in some fashion. Why? Because even after Microsoft released a patch, millions of computers were unprotected because people didn’t patch.

 

 

Patching… and more than patching

 

Cybercriminals are continually waiting for time, opportunity, and tools to be able to successfully hack into your system. To prevent it, we do a number of things. We patch our machines, we turn on our firewalls, and we don’t let people be local administrators. We make sure our antivirus is current. But we need more than antivirus because hackers now have toolkits to program custom malware. They don’t have to know about EternalBlue hacks if they have a malware toolkit. These toolkits change malware by a byte or two bytes, which changes the signature of the program. As a result, the antivirus software, which is looking for signatures, can’t detect the malware. This designer malware is specifically written for a particular company. The malware is one-of-a-kind and still does the same EternalBlue exploit. Because of this dark web exchange of malware toolkits and designer ransomware, more robust cybersecurity measures, like endpoint security, are needed to keep our businesses safe.

 

IF Only Tech Time

Fridays – Noon (MT)

Answers to all things about IT

IF you did miss IT… did you miss IT!? No worries! 

Watch a tech talk here!

Hidden Ransomware as a VM Valentine (Video)

Hidden Ransomware as a VM Valentine (Video)

Apparently ransomware is now installing a virtual machine inside the hacked computer in order to avoid detection.  We’ve entered a new phase of devious behavior!  How will your company avoid the new forms of ransomware hidden in your system’s shadows?

Hidden Ransomware

Hackers Exploit Your Pixie Dust Trust

Please make sure your users are safe!  I think the only way to avoid all this malefic malware is to adopt a Zero Trust attitude, bringing in an IT expert with a Zero Trust philosophy if necessary.  Think of it this way — do you let a technician into your home to work on the AC unit, just because they have the right shirt on?  Did you call them?  Are they “safe”?  Do they take their shoes off and keep their N95 masks on?  Some of us will allow them in, some will not.  At this time, I have immune-compromised folks at home, and that technician isn’t coming in.  I’ll live with a busted AC unit for now — it’s not worth the risk.

 

Is your PC worth the risk to allow untrusted software in and run whatever, wherever it wants, with whatever bugs it brings with it?  I think not.  When it comes to the technology that enables your business, it can be easy to trust your users because you see them as good people, as your helpful team.  But the magical thinking of an IT fairy tale will not protect your team from hidden ransomware dangers, especially those that appear deceptively dressed in a VM.  You can trust your team without trusting their machines or their software.

 

Made in the Shade

Are your systems safe from ransomware hidden in the shadow of a VM?  Companies enabling remote connectivity for their teams may have put their data at significant risk by taking shortcuts to ensure business continuity.  Rushed IT policy often creates vulnerabilities that hackers can easily exploit.  Malware can get into your network by posing as something friendly to your system.  Hidden ransomware, now lurking as an amicable virtual machine, creates troublesome tenements for remote teams.

 

Ghosting the Hackers

Hidden malware is only one challenge you have when connecting your teams to company data.  Fortunately, remote access and remote control utilities, when done properly, are tools that allow companies to connect home users to corporate data securely and efficiently.  You can keep your team safe from malicious valentines, even when they appear in the form of a friendly VM.  With protective IT policies in place, including a Zero Trust approach to the machines that make your business run, you can ghost the bad guys trying to unlock your data and prevent their hidden ransomware from accessing your system.

 

 

 

To learn more about remote access and remote control utilities, please watch one of our IT strategy videos here:

 

 

IT Security Gone “WFH” – Now What?

IT Security Gone “WFH” – Now What?

 

Recent “Work From Home” (WFH) mandates have quickly pushed manufacturing and distribution employees out of the familiarity of their work offices and into a new realm of IT security needs.  Currently, statistics are saying that 70% of the workforce that can work from home is and, after this crisis is over, more than 40% will STAY at home.  With this transition, IT security principles become part of a critical conversation, especially for companies with remote workers supporting on-site manufacturing or distribution activities.

 

What is your WFH IT security policy?

 

Many distributed businesses have responded to the telecommute directive without many changes, especially those companies with data residing in the cloud.  These companies have already established work-at-home policies and invested in the remote access/remote desktop technology to enable telecommuting with IT security in place.  Folks who invested fully in the Office 365 space are feeling little pain, but businesses with legacy on-premise servers, workstations and printers are probably still scrambling.

 

Don’t be fooled—the hackers have followed you home!  The increase in suspicious emails, bad websites, and malicious advertisements has skyrocketed, and the cybercrime community is just waiting for your users to click on something to ransom your hard-earned data away.

 

Without a written and agreed upon IT security policy, you are at the mercy of your users’ good intentions.  Imagine a home PC with a saved password left on the VPN all day while the kids are stuck at home from school.  The amount of data that could be lost or compromised is staggering!  At a minimum, make sure you have a document that instructs your WFH users to lock the keyboard when they step away (or implement a screen saver with a password).  Ensure your users don’t download documents to their local hard drive or USB drives.  The list goes on, but the human element is the riskiest of all!

 

If a home user gets infected on the VPN, their malware is the company’s malware!  Let me write that again:  If a home user gets infected on the VPN, their malware is the company’s malware.

 

How to connect securely to your enterprise data?

 

Many businesses have NOT invested in expensive VPN or Remote Desktop solutions, and now it might seem either too late or too expensive.  You need a low-cost, secure, and easy-to-deploy strategy to connect your home users with their corporate data:  desktops, servers, and printers at the office.  Many options exist, but without a budget and a vision, you’ll get lost in the storm.

 

 

Keeping your home PC safe!

 

Home computers are more vulnerable than corporate PCs.  Home PCs tend to fall behind on patches and updates.  Moreover, the computer might get repurposed for things like the kids’ Xbox.  Home firewalls never measure up to those provided by your IT department.  Most have no web filtering to speak of, and bad websites abound!  You’ll need that enterprise class security in a mobile-friendly package.

 

 

Productivity

 

Another blog could certainly be written about home offices, with a good webcam and a quiet space, but that’s for another page.  People are people, and the distractions from working from home are numerous and easy to fall prey to.  We recommend easy-to-deploy software to ensure that your users arrive to their home office on time and ready to work (even if it’s in their PJ’s), ensuring that they are productive and not on YouTube or getting the latest Amazon order completed.

 

 

 

Looking to provide IT security for your remote workers?  Deploy the EstesCloud PC Security Stack on your home users’ PCs and rest easily, knowing that your WFH users are protected and productive!

 

5 Ways EstesGroup Helps with Your CMMC Compliance

5 Ways EstesGroup Helps with Your CMMC Compliance

You might be reading this post if you are researching Cybersecurity Maturity Model Certification (CMMC), your company needs to become compliant, or your company is already compliant with CMMC but you have need of more IT services. In 2019 the Department of Defense announced a new cybersecurity protocol named CMMC that all DoD contractors (and some of their supply chains) would need to adhere to starting in 2020. There are 5 Levels of CMMC Certification, and EstesGroup can be an asset to companies in any of the levels.

 

5 Ways EstesGroup Helps with Your CMMC Compliance

  1. EstesGroup helps you identify the technology and/or services you need to meet your CMMC Level Requirements.  
  2. EstesGroup can improve your Process Maturity by helping evaluate your Procedures, Policies, or Practices. Once we’ve reviewed those processes, we can help update them to ensure you meet your CMMC Level and other compliance requirements. 
  3. There are 17 Domains that CMMC is built on. EstesGroup has the experience, tools, and services to support your business across nearly all of these domains.  
    • EstesGroup routinely deploys tools and managed services that directly support these CMMC domains: 
      • Access Control, Asset Management, Audit and Accountability, Configuration Management, Identification and Authentication, Maintenance, Recovery, Risk Management, Security Assessment, Situational Awareness, Systems and Communications Protection, and System and Information Integrity. 
    • EstesGroup can consult on and support technology used in these domains as well, but these domains typically require internal personnel or a third party on-site.  
      • Awareness and Training, Incident Response, Media Protection, Personnel Security, Physical Protection, and Risk Management 
  4. EstesGroup Managed Services (ERP Hosting ECHO & Managed IT) employ many of the standard Cybersecurity measures required for CMMC. We regularly monitor our internal and client assets for threats, perform preventative maintenance, and update technology or processes to meet or exceed cybersecurity requirements.  
  5. EstesCloud Hosting (ECHO) services enable many CMMC requirements without significant impact to you, your users, or your bottom line. By hosting your servers or software solutions in a managed cloud environment, you can compartmentalize your compliant systems and protect them at the highest CMMC levels, without locking down your whole office. For more details, see our page on EstesCloud Hosting for Aerospace & Defense  

 

 

To Learn about CMMC, read our blog What is CMMC: Cybersecurity Maturity Model Certification?”

 

EstesGroup is a Managed Services Provider working with Manufacturing and Distribution companies by providing ERP Hosting (ECHO), Managed IT, Epicor ERP, and Prophet 21 ERP services.

 

Have questions about CMMC or do you want more information on how EstesGroup makes companies more secure? Contact Us or fill out the form below.

 

What is CMMC: Cybersecurity Maturity Model Certification?

What is CMMC: Cybersecurity Maturity Model Certification?

CMMC: The Looming Cyber-Security Certification that Affects 60,000+ Companies

 

In 2019, the U. S. Department of Defense (DoD) announced a new security protocol program for contractors called Cybersecurity Maturity Model Certification (CMMC). CMMC is a DoD Certification process that lays out a contractor’s security requirements, and it is estimated that between 60,000-70,000 companies will need to become CMMC compliant in the next 1-3 years 

 

CMMC is basically a combination and addition to existing regulations in 48 Code of Federal Regulations (CFR) 52.204-21 and the Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012, and includes practices from National Institute and Technology (NIST) 800-171, the United Kingdoms’ Cyber Essentials, and Australia’s Essential Eight requirements. International Traffic in Arms Regulations (ITAR) will remain a separate certification from CMMC – though companies that are ITAR Compliant will need to adhere to CMMC as well. 

 

CMMC Version 1.0 was released late January 2020. To view the latest CMMC document, visit the CMMC DoD site. 

 

CMMC Notables 

  • There are 5 levels of the security maturity process (basic is 1 and most stringent is 5). 
  • Any company that directly (or even some that indirectly) does business with DoD will adhere to CMMC –and that means direct DoD contractors and high-level CMMC companies’ supply chains must also adhere to, at minimum, base level requirements. 
  • There is no self-assessment (unlike NIST), and companies need to get certified through a qualified auditing firm. 
  • DoD will publish all contractor’s certification level requirements. 

Is My Business Affected by CMMC? 

 

This is easily answered with a 2-part question: 1) Is your business a direct contractor to the DOD, or 2) does your business do business with a company that is a contractor to the DoD*? If you answered “yes” to question 1, then your business will need to be CMMC compliant. If you answered “yes” to number two, then it is very probable that your company will need to be CMMC compliant. 

What are the CMMC Levels? 

  • Level 1 – “Basic Cyber Hygiene”  
    • Antivirus 
    • Meet safeguard requirements of 48 CFR 52.204-21 
    • Companies might be required to provide Federal Contract Information (FCI) 
  • Level 2 – “Intermediate Cyber Hygiene” 
    • Risk Management 
    • Cybersecurity Continuity plan 
    • User awareness and training 
    • Standard Operating Procedures (SOP) documented 
    • Back-Up / Disaster Recovery (BDR) 
  • Level 3 – “Good Cyber Hygiene”
    • Systems Multi-factor Authentication 
    • Security Compliance with all NIST SP 800-171 Rev 1 Requirements 
    • Security to defend against Advanced Persistent Threats (APTs) 
    • Share incident reports if company subject to DFARS 252.204-7012 
  • Level 4 – “Proactive” 
    • Network Segmentation 
    • Detonation Chambers 
    • Mobile device inclusion 
    • Use of DLP Technologies 
    • Adapt security as needed to address changing tactics, techniques, and procedures (TTPs) in use by APTs 
    • Review & document effectiveness and report to high-level management 
    • Supply Chain Risk Consideration* 
  • Level 5 – “Advanced / Progressive” 
    • 24/7 Security Operations Center (SOC) Operation 
    • Device authentication 
    • Cyber maneuver operations 
    • Organization-wide standardized implementation of security protocols 
    • Real-time assets tracking 

One important thing to note about CMMC is that unlike NIST and other current certifications, CMMC will require certification from an authorized 3rd-party CMMC authorized certification company. Currently, most companies can self-certify for DoD-related securities. EstesGroup is not a CMMC Certification Company, but we can help companies prepare and boost security up to meet new requirements.

For more specifics on CMMC, access the latest DoD’s CMMC Revision.

 

Learn more about CMMC with 5 Ways EstesGroup Helps with Your CMMC Compliance

 

Do you have questions of CMMC or how EstesGroup can help your company with CMMC? You can Contact Us or make a comment in the form below.