Select Page
How to Stop Social Engineering Attacks

How to Stop Social Engineering Attacks

Cybersecurity in the Ballot Box, the Bistro and the Bedroom

October is National Cybersecurity Awareness Month, a time when organizations across America join together to educate the public about cyberthreats like social engineering (especially phishing attacks). This year, it’s also the last full month to decide your vote for the 2020 election. As citizens consider the future of our country, we see the tech giants coming together to prevent election crime, while tech users struggle to keep up with device security. With online fraud on the rise, how do you know your business is protected from a cyberattack, especially when considering advanced techniques like social engineering?

 

How to stop social engineering attacks with access, login, passwords, security
Digital integrity continues to drive decisions in both the public and private sectors. Your online presence creates data that can be used to influence you. How many times have you seen an ad in your web browser and thought, “How in the world!? I was just thinking about that!” Because everything we do online can be tracked, documented, exchanged, and sold, we need to be aware of the risks. However, there’s no need to fear for your online safety. Our security consultants can quickly scan the dark web to see if your data is in the wrong hands.

 

National Cybersecurity Month comes to us from organizations that promote assertiveness, rather than paranoia. We don’t have to be afraid of our connectivity or our devices. On the contrary, we need to embrace them holistically and attentively (and with a little help from the cybersecurity experts).

 

How to stop social engineering attacks at work and at home

Do Your Part. #BeCyberSmart.

 

Home Connectivity: This week’s cybersecurity awareness theme is “Securing Devices at Home and Work.” When reviewing the year, did you spend time working from home? Did you have children suddenly in Zoom classes, rather than in a traditional classroom? Did you have the resources you need (virus, malware, and ransomware protection) to stay safe online?

 

Business Technology: Your business couldn’t operate without digital interactions with devices outside of your office walls. Furthermore, your business can’t operate without a dedicated plan for protecting employee and customer data. How do hackers get into your system? Common external penetration methods include baiting, phishing, and spear phishing.

 

Baiting: Curiosity killed the network

 

First of all, baiting attacks can begin with hardware or with software. For example, a hacker can leave a corrupted flash drive on your desk, and the attack begins with the physical action of a user plugging it into a laptop and then clicking through files that install malware throughout the system. How to stop this social engineering technique from attacking your business begins with employee cybersecurity awareness training.

 

October is a perfect month for bringing in external cybersecurity resources to help bolster your team. To begin, we can provide system assessments that surface hacker access points. Then, our engineers can test your users. For example, our security technicians can engineer a scareware drill to make users think they’re clicking to patch, when really they’re getting tricked into a click. If your employees understand the various forms of baiting, then you can prevent a data breach.

 

Phishing: The one that got away

 

Did you ever see a prompt to “click here” or “download now” from an email that was obviously fake? In the past, phishing emails were more obvious. A strange font or a missing signature was clue enough. Unfortunately, advanced social engineering technology now lets a cybercriminal twin a real user’s software behaviors.

 

Because phishing is the most common social engineering tactic, NIST recently developed the Phish Scale, a cybersecurity tool that helps businesses surface network vulnerabilities by assessing cues, click rates, and user interactions in regard to phishing email difficulty levels. This new method of testing phishing attempts assists cybersecurity experts by evaluating spoofed emails through advanced data analysis. CIOs, CISOs, and other technology experts can use this tool to optimize phishing awareness and training programs.

 

Spear Phishing: In IT together

 

Often, a phishing email comes to your inbox addressed specifically to you but without personal information as part of its composition. Therefore, signs of imitation are more easily observed. “Click to download” prompts hesitancy if the email comes with a generic invitation. 

 

When an email comes through with more personalized data, like a personal email signature or an attached thread of coworkers, it can trick you into thinking the sender is legit. In this case, a hacker follows the digital footprints of a user and engineers that data to create a personalized phishing attack. Think of this as the Shakespeare of social engineering, and the play is written for you and with you as the inspiration. 

 

When organizations create security strategies in an effort to prevent social engineering attacks, phishing prevention is always a sign of a thorough plan. When considering phishing emails, keep in mind that malware can stay undetected in a system for months before the IT department discovers the penetration. Spear phishing can prompt a sly malware that quickly infects an entire network.

 

Vote to Stop Cybercrime

 

At EstesGroup, we know how to stop social engineering attacks from harming your business. Furthermore, we know how to take the worry out of IT. Protecting everything from saved credentials to individual clicks, our cybersecurity experts defend your business while you do the work you love. Do your coworkers need practice in recognizing the fraudulent behaviors fueling social engineering attacks? October is a perfect month to initiate new security policies and procedures, and to test your cybersecurity plan.

 

EstesGroup is a 2020 National Cybersecurity Awareness Month Champion. Please join us for a webinar on the most advanced cloud solutions available to businesses. Read more about National Cybersecurity Month at the National Cyber Security Alliance (NCSA) or at the Cybersecurity & Infrastructure Security Agency (CISA).

 

Private Cloud Solutions For Businesses Webinar
What is Disaster Recovery as a Service?

What is Disaster Recovery as a Service?

A DRaaS Solution For Drastic Measures

A look at word origins surrounding business continuity can help answer the question, “What is disaster recovery as a service (DRaaS)?” The word “disaster” contains the ancient weight of misfortunate heavens. As history goes, disaster is simply a bad star, and recovery is the return from unfortunate fate. In today’s technological culture, “recovery” (to the core of IT) means a return to digital health following a software or hardware mishap. On this note, let’s take a closer look at the fate of your business to help you clarify both the “what” and the “if” of your disaster recovery as a service strategy.

 

DRaaS Disaster Recovery as a Service

Is Your Data on a Close Cloud or on a Faraway Star?

It would take you more than 1000 human lifetimes to reach the closest star in our galaxy. If your current disaster recovery plan is at that same pace, then you might need to bet your luck on a different disaster recovery plan. This is where DRaaS services benefit companies. With real-time backups and fast restore solutions, the hybrid cloud architecture of DRaaS keeps your business operating on proven luck, rather than on hopeful wishes.

 

First of all, your lucky stars in IT (especially when it comes to disaster recovery) are always at a distance. Your business creates volumes of data, especially if you’re operating in an ERP solution. You need a backup that isn’t directly on-site in case a natural disaster takes out your IT infrastructure. By creating a virtual office environment, for example, you can securely work from home if your office has a fire.

 

If you’re asking “what’s DRaaS?” then it might be a good time to revise your disaster recovery policies. Data recovery services contain, in essence, a distance of time. Therefore, you need to consider how long can you survive before a data restoration returns your business to normal activities. How much downtime is acceptable? Hours? Days? A week or longer? Hopefully, you’re not merely wishing on stars for things like business continuity and business resiliency. 

 

Backup and Data at a Distance

Distance is a protective step for backup and disaster recovery planning. However you choose to copy your data locally, you need to protect your on-premise data with a remote recovery solution. As a feature of top DRaaS solutions, co-located data centers ensure that nothing you want to keep is lost in the shuffle of a disaster recovery. DRaaS allows you to exclusively focus on your business, while data recovery specialists carry the weight of replication stability and everything else, like clean rooms and compliance regulations.

Fundamentally, if you’re a business owner, you need two things when developing your disaster recovery plan:
  1. A protected (often remote) environment that holds your backups
  2. A plan for data recovery in the event that you need to tap into your backups

 

What’s DRaaS According to Fate?

A DRaaS solution is simply a private cloud computing environment on a partner’s server. Your data backups sync to a secure cloud, and an auxiliary server comes to the rescue when disaster strikes. For example, if your system goes down, and you’re using our DRaaS solution, your business seamlessly moves to a cloud-based server reserved for your data during the duration of a disaster data loss. What exactly happens following a disaster? Is your data recovery software ready?
  • First, you experience a hardware or a software failure. This might be ransomware, or this might be a hurricane.
  • Next, you realize your system is in the middle of a disaster, but you don’t worry because you’ve chosen DRaaS as part of your business continuity plan.
  • Then, business goes on as normal because your solution keeps your business running in a third-party computing environment. Your virtual server prevents downtime and data loss by moving you to a comprehensive virtual office. When your physical servers are compromised, your hybrid cloud infrastructure serves to keep your company running smoothly, ensuring productive employees and happy customers in your near future. This often means working remotely because what’s DRaaS good for on-premise if your facility is in shutdown mode?
  • Finally, you’re restored to business as usual, according to your recovery and restoration plan. The disaster is over. Your business continues, and your customers don’t even know you were compromised. 

 

How to Choose Between Basic Recovery Solutions and DRaaS

DRaaS is a robust solution, allowing complex manufacturing facilities to operate without the threat of server failure. But how do you decide if you need the best available disaster recovery services? First, consider your luck. Then, consider your backups. What is the likelihood that your business will experience a disaster?
  • Do you live in an area with hurricanes, tornadoes, or earthquakes?
  • Are you on a rural grid with frequent utility outages?
  • Are you light on cybersecurity, and therefore at risk of a cyberattack?
  • Did you ever spill a coffee on your keyboard and delete important data in the cleanup?
  • Do you have old hardware that might fail from normal wear and tear?

 

More than half of data loss is caused by human mistakes. From cyber attacks to deleted files, human error is as steady as the constellations. Unfortunately, 58% of small and midsize businesses are not prepared for any level of data loss. On the same note, 29% of hard drive failures are due to accidents, and this data loss in such an event is entirely preventable.

 

At first and at last, consider your losses. If you were to experience a “bad star” data disaster, what are your expectations for your data restore?

  • Can your business survive a few days of downtime?
  • Can your employees and your customers handle a few days or weeks of data erasure?
  • Do you need failover and failback to maximize uptime and secure data by the minute or the hour?

 

 

We “R” in the Cloud

Replication, Retention, Recovery, Restoration, RPO, and RTO

 

Data replication and retention couple for data protection. You create copies of your data so that you can recover any losses in your future. Data replication can create real-time copies in the cloud. Backup services for data replication and retention can also migrate data into cloud storage for backup or even for analytics. Data from physical servers can be replicated, or copied, to support easy availability during a disaster recovery. Because data retention is often a requirement for compliance, companies benefit from data replication services, even if they don’t require a hot site during a disaster.

 

Data recovery and restoration couple for data continuity. To create a disaster recovery plan, you need to consider RPO and RTO. Understanding these helps you define your best options when recovering data.

 

 

What’s DRaaS RPO?

Recovery point objectives are based on your data replication needs in terms of frequency of application backup. At the end of the day, how much data loss can your business withstand?

 

What’s DRaaS RTO?

How much time can your lose? Your recovery time objective refers to your accepted timeline to data recovery and application restoration. Do you want your business to live on the cloud until on-premise resources are restored? Or can you handle a day or two of downtime?

 

 

What is Disaster Recover as a Service for the Future? 

Do you want seamless cloud environments to allow for full business continuity during a disaster? Future-focused, a virtual server provides 100% RTO by moving your work into a failover cloud computing environment, regardless of your disaster scenario. The fate of your business with private cloud hosting keeps you thanking your lucky stars that your disaster recovery plan continuously protects your digital well-being.

 

 

 

EstesGroup can help define and design your recovery process based on your operating systems and your private and public cloud usage. We can even perform data and backup testing so that you can rest easy knowing that your data is safe, secure, and always protected. We’ll count your data stars for you, so you can focus on the work you love.

 

Cloud Business Solutions for the Virtual Office

Cloud Business Solutions for the Virtual Office

Virtual offices become the business solution of the now

The term “cloud” is a term as elusive as it is enormous, and a virtual office these days often appears to be anything you want it to be. The sky, after all, is a big place. And fitting lightning in a bottle is no easier than pinning a hard-and-fast definition on the digital computing donkey known as the cloud. When it comes to software deployments, cloud application deployment can mean different things to different people. Unfortunately, this amorphous ambiguity has tangible, deleterious effects on the user community. At its core, a cloud business solution implies real-time data access, and a virtual office is simply a cloud-based environment that enables secure and complete data interaction from anywhere in the world.

Remote Worker in a Private Cloud

SaaS vs. Managed Application Hosting

Let’s begin with the simple admittance that not all clouds are created equal. In cloud computing, you can make a vast sky-and-earth distinction between web and private hosting environments. Let’s lightly look at both.

 

Web-based solutions:

Purely web-based applications are hosted by a vendor, not the customer. The customer accesses these applications over the internet, often through a simple web browser. Technology consultants often call these deployments “software as a service” (SaaS). This is due to their subscription-based costing model.

 

Private cloud business solutions:

Private cloud deployments replicate on-premise versions of the software. Customers work with a surrogate hosting partner. The hosting of the application isn’t controlled by a software vendor.

 

These are the basic options for cloud deployment in a computing environment. This is important to know because if you choose the best cloud business solution for your company infrastructure, you can expect tremendous impact on your company’s capabilities. Thus, you can achieve your strategic objectives.

 

Does your hybrid cloud lining need a business solution tailor?

In software circles, “tailor-ability” refers to the customization capabilities of an application. Can you safely tailor your application to the needs of your organization? Compare this to core code modifications that were common and often detrimental to ERP implementations of earlier eras. An easy customization process ensures that your cloud solution can adapt to your business like a good ERP lets you easily upgrade.

 

In this new world, software vendors tout themselves based on toolsets. These computing tools allow customers to tailor an application. The IT department, or an IT consultant, can then address idiosyncratic needs. These solutions promise maintainability and upgradability. And all is well in the world.

 

However, as software vendors move enterprise platforms increasingly to web-based cloud architectures, the highly touted tailoring functionality can vanish faster than a morning mist in the desert. Moving from traditional office to virtual office is obviously the future of application management, but a web-based infrastructure can limit users.

 

Fortunately, a hybrid cloud environment assists companies with needs that revolve around complex business environments. Premiere data centers, secure virtual conference rooms, remote worker empowerment, and even futuristic capabilities like machine learning, all become accessible and customizable computing tools.

 

 

Will SaaS be enough?

As cloud deployments go, hybrid cloud computing can save companies time, money, and headaches. This is especially true if SaaS is not the most applicable cloud management application available. Software-as-a-Service, or SaaS, is a management tool that is ideal for companies with standard requirements. Cloud infrastructure for configure-to-order environments, for example, needs highly adaptive and robust capabilities. Virtual office services create a cloud-based business address for remote teams to securely meet.

 

An ideal solution often isn’t the first choice of companies moving to cloud services. Cloud applications are as diverse as the businesses that could benefit from a computing solution that transcends a physical office. What if the sales cycle ends with meeting rooms in the cloud that aren’t specifically helpful to the software buyer? You might regret ever giving out your phone number.

 

 

Are you on-premise and going cloud?

I once heard the CEO of a software vendor describe his own transition to the cloud this way: “On-premise vs. cloud has become a matter of customizability vs. configurability.” That is to say, if you are bound to the web-based or SaaS version of the application, and you’re in search of customizability or tailor-ability, you’re out of luck.

 

Unfortunately, this memo has been slow to reach the prospective user community. Sales engineers demonstrate the software in its on-premise form, on locally-deployed machines, with the full gamut of features and capabilities, only to have the customer ultimately sign the dotted line for the web-based cloud version of the application, a neutered version, bereft of many of the bells and whistles that were so brightly touted during the beauty contest that was the software selection phase. Tricky cloud.

 

What happens when tire meets the cloud terrain of virtual office?

Companies frequently move through a software selection cycle that ends with a cloud-based solution deployment:

  • Closing the sale and finally owning the software license
  • Implementing the purchased software
  • Training employees and customizing the solution based on business needs

In the third phase of cloud-based application deployment, disappoints surface. For example, clients often struggle to implement an enterprise resource system in a large, and complex business environment. One customer came to us amid such disappointment. Company management purchased an ERP application in the cloud in its Software-as-a-Service (SaaS) form. In this case, “cloud” meant an underpowered, web-based subscription service version of the application. Vapor-ware.

 

 

What are some alternatives to SaaS?

Alternatives available in private cloud hosting become necessary in complex environments common in the manufacturing and distribution industry. Frustrated with the limitations of the web-based version, our customer first came to us scrambling to understand just what they had been mandated to implement and whether there were any other options for implementing the software that did not so badly hamstring the organization. Had the management team received an impartial explanation of “the cloud” and its variants, they may have averted many of the frustrations of trying to implement an enterprise system in a complex business environment with a tool that was frankly too underpowered to be up for the task.

 

A business cloud solution can surface confusion.

If you’re looking at a web-based cloud version of a software, ensure that the vendor’s demonstrations use that specific version. Similarly, if you’re deliberating between the on-premise application and a version of the cloud, work for answers to the following questions:

  1. Web-based applications operate largely on the server, and operate in a shared environment. This normally limits the amount of server-side tailoring available. Given the thin or zero-client environment, what kinds of tailoring capabilities are available in such an environment?
  2. Reporting solutions frequently operate on the server, creating challenges when trying to develop custom reports. Does the web-based solution have answers to these challenges?
  3. User-defined data is often a key capability in complex manufacturing and distribution environments. How does the system in question handle these requirements when deployed in a web-based manner?
  4. What options are available when it comes to cloud-based versions of the application? How do they differ, in terms of features and capabilities?
  5. What are the core capabilities of the application, in terms of both configuration and customization? Are these capabilities present in all versions?
  6. Are there any specific modules of interest that might be affected by a cloud decision, such as field service or product configuration? Do these modules differ in their capabilities based on their cloud versions?

Addressing these concerns at the time of selection verses the time of reflection is key. Nobody wants to reflect on an overlooked version of a software, especially when making the decision to move to a business solution in the cloud.

 

 

5 Ways to Secure Remote Workers & Keep Your Data Safe

5 Ways to Secure Remote Workers & Keep Your Data Safe

 

Cybersecurity as easy as 5-4-3-2-1

 

What is security these days? A scan that slows your system while you’re trying to stream a movie or play a video game? A superglue blockade overflowing from your modem ports? Cyberattacks can’t stop us from the new, remote ways of working together, especially in response to the pandemic. The future is remote. The numbers aren’t in yet, but some reports are claiming 1 in every 5 workers will continue on with remote access to corporate data, and others are saying nearly 100% of workers will now operate outside of business campuses in one capacity or another. Fortunately, there are many new ways to secure remote workers, in the woods or in the halls.

Ways to Secure Remote Workers

 

Ransomware isn’t a person.

 

Or a monster. Or a beast. The cyberthreats we face often feel nebulous, confusing, and perhaps a bit mythical to even the most uneventful personalities. The BYOD (bring-your-own-device) culture that’s boomed as a result of social distancing immediately increased the need for more sophisticated approaches to cyber warfare. The digital landscape is infected. New threats emerge daily as cybersecurity experts rush to cure compromised users before attacks infiltrate national and global networks.

 

One way to secure remote workers is to see circulating threats as something other than human. Malware spreads in milliseconds, often without the direct influence of people, and can take months to detect. A cyber threat often becomes a hidden danger and eventually attacks your entire network. You might unwittingly share it with your supply chain. Your malware isn’t a malcontent in a hoodie. It might begin with a human, but it jumps devices without direct guidance, as initially programmed to do, often causing more damage than the cybercriminal expected.

 

Security measures involve many layers of cyber defense, especially when addressing remote connections:

  • Power in the Layers: This includes keeping your hardware strong and your network patched. Look for renowned technology solutions. Duct tape and magnets? Raspberry Pi backups? Look for the latest cybersecurity tools and save old tricks for the treehouse.
  • Monitor the Monitor: A secret code is no longer enough. A username and a password was never enough, so we’ve developed advanced monitoring and management solutions for your business. Watching the watcher keeps your data on watch for on-guard and on-time productivity.
  • Party with Your Partners: Celebrate your digital serenity with the calm crew of a trusted technology firm. The right managed IT alliance complements your core team, toasting cyberthreats so you have time for a toast.
  • Click-a-Little-Talk-a-Little: Train your team to be careful with clicking tendencies and to communicate about potential harm to your data.
  • Question Everything: Question us, question your team, question every click and download. Fill your day with virtual pauses, staying alert to cyber risks.

Your online safety is dependent on secure interactions.

 

Your financial data, your business strategy, your critical tasks and personal stats are all under attack. How can you keep everything secured when the digital landscape is always shapeshifting? As your business grows more complex, perhaps depending on a complicated ERP system, how do you keep IT safe? AI and automation create worlds of benefits for businesses, but these new technologies get in the hands of nefarious hackers, and suddenly your entire social chain, the very vitality of your company, is at risk.

 

Would you like to learn more about nomadic or stationary cybersecurity? Daryl Sirota, Director of Technical Services, will provide security tips for Microsoft 365 in the upcoming weeks. Meet him virtually on Fridays at 12 pm Mountain Time.

Microsoft 365 Working Remotely

We’ve put together a fun poster that you can share with your remote teams. Tap it to open a printable window, and please share these tips with your friends. Let’s keep everyone’s data cozy with multiple layers of cybersecurity. Let’s dress up our data for new times.

5 Ways to Secure Remote Workers
Social Engineering Techniques: How Hackers Come Home

Social Engineering Techniques: How Hackers Come Home

Time to Learn Social Engineering Techniques

 

WELCOME HOME, MALWARE

TIME TO MAKE YOURSELF AT HOME

 

Human manipulation fuels social engineering techniques, and basic security measures, like anti-virus software, often can’t prevent innocent behaviors, like trust, from compromising your data. Hackers frequently penetrate corporate networks because employees open the door. Necessary to break the trust-manipulation cycle, advanced security solutions can detect, and even predict, social actions that lead to system infiltration. Advanced attacks that use subtle social engineering techniques often come and go without a trace, so how do you prevent sophisticated attackers from making themselves at home in your business?

 

A hacker’s “Welcome Home” sign might be on an open Wi-Fi network, or it might be on your personal computer, or even your phone. A social engineering attack taps into your life in a way that can feel “like home” to you. Soon, the person you trust takes over your “house” of data, and this can be at both home-life and corporate-life levels, at the same moment, since you might integrate work and home through the use of your mobile phone, laptop, smart watch, tablet (maybe even through a Wi-Fi enabled coffeemaker).

 

If you leave your doors unlocked, people might crash in your digital living room even while your computer is sleeping. If you have dozens or hundreds of employees, each human presents at least one door to your data. Multiply this by the average number of devices employees utilize for work optimization (desktops, laptops, mobile phones, tablets, smart televisions), and you’ll see that your business has hundreds of thousands of access points.

 

Businesses naturally have an “open door” culture. You want new clients. You want good growth and reputation to result from your offerings, and this means you have to interact with strangers on a daily basis. Stranger danger? Not if that stranger has the potential to become a favorite customer. This is why it’s critical to understand the nuances of social engineering techniques (or partner with a managed IT team that does).

 

Because companies leave their virtual doors open, they attract attacks that utilize simple social engineering strategies (no hacking genius required). Detecting these nefarious online behaviors often takes advanced cyber analytics, and preventing data breaches begins with training based on what is known about these cyberattack strategies.

 

Here are 3 ways hackers let themselves in and make themselves at home in your network:

 

 

Phishing

 

32% of security breaches begin with phishing attacks. If someone knows your email address, then you can receive a phishing email. How do you prevent these attacks when you’re a business owner constantly giving your email address to strangers? If you do any of the following behaviors, you’re at increased risk of a phishing attack:

  • You exchange business cards at conferences, trade shows and other social gatherings.
  • You publish your contact information on your website or on online social networking pages.
  • You use email to communicate with your employees, partners, customers and potential clients.
  • You respond to emails quickly, often overlooking small details in the delivery structure.

 

Exchanging

 

Save money. Save time. Download free software. Fill in a form or upload your business card and get free information. The bliss of the internet is free exchange. You can hop from one website to another, learning for free and networking for free, all from the comfort of your sofa, saving time and travel expense. Sadly, the risk of “free” malware comes with every exchange that happens in our connected online world. If you do any of the following online activities, you’re at increased risk of a social engineering attack:

  • You skip the fine print and click the download button before reviewing terms, agreements and privacy policies.
  • You see a website you like with content you want, so you freely give your name, address, phone number, and maybe even your employment information, in exchange for a download.
  • You download free apps and sign up for free trials.

 

Spying

 

Hackers often look over your shoulder to get the information they need to access your data. You might be at a coffeeshop talking to a friend while your unlocked phone sits cup-side. Maybe your phone is also on open Wi-Fi, leaving multiple open doors into your private life. E-espionage often happens at the places you love — your favorite deli, your downtown square — tranquil places, where you don’t feel a sense of vigilance. You are at risk of becoming a social engineering attack victim if you do any of the following activities:

  • You leave your laptop, phone, or tablet on the table when you see your friend in line at the coffeehouse and get up to say hello.
  • You turn password access off on your phone so that you don’t have to unlock it later.
  • You use public Wi-Fi networks.
  • You have the same password for multiple accounts so that you’ll always remember your login credentials.

 

If you got through these lists without a hitch, then you’ve taken the right steps to prevent social engineering techniques from ruining your life with ransomware. Unfortunately, the hackers could still carry you over your own threshold. Why? Because as soon as you add coworkers or friends to your contact list, and as soon as you begin to communicate using your devices, you introduce new risks.

 

Supply Chain Cybersecurity
EternalBlue Hacks & Tales from the Unpatched (Video)

EternalBlue Hacks & Tales from the Unpatched (Video)

EternalBlue Hacking Tools

EternalBlue, which is an ancient set of hacks — ancient: going back three years — is still applicable, especially in regard to some of the technology and vulnerabilities that we are seeing today. EternalBlue is a software that the NSA developed to hack Windows machines. The goal was to break into a computer (without telling the owner “someone’s there”) — and then run a software of choice. Windows contains more than two millions lines of code, so nobody, even at Microsoft, really knows what it’s all doing, and vulnerabilities are found every day. EternalBlue hacks targeted some of those vulnerabilities.

Running Windows makes you vulnerable by default. Linux, Mac, Android, iPhone — they’re all vulnerable because we’ve reached the state of complexity in the operating systems that we choose to run that it’s just a matter of time before new ways are found to break into these systems. Online trickery happens, and people download malware thinking they’re getting a good piece of software. For example, there was once a program called Whack-a-Mole. It was known to have a Trojan in it, so if hackers were able to convince you “hey, this is the coolest game in town,” then your machine would be infected. When hackers are trying to break into a machine, whether through a means like Whack-a-Mole or through an EternalBlue hack, they’re trying to do it surreptitiously, invisibly. They don’t want you to know because, if you knew, you might do something like reboot. This led the hackers to ratchet up what we call the “persistence” of malware, so that maybe it could survive a reboot.

If you’ve ever had a browser toolbar appear in Internet Explorer, or Chrome or Firefox or Edge, or any other browser, that toolbar probably has the rights to see wherever you’re surfing and modify the webpages that you get back, and can even interact with you. A toolbar is a very visual indicator that “you’ve been hacked.” Is that toolbar interested in stealing your passwords and learning your PayPal login and modifying what you visit and how you see it? Maybe, maybe not. But it’s an indication that you’re running untrusted software. Going out to the web and downloading a piece of software because it looks interesting is almost a guaranteed way to get hacked.

 

EternalBlue Hacker

 

WannaCry

 

Malware programmers write apps, publish them and they get downloaded, and in the background there’s a malware stealing passwords, modifying webpages, looking at your identity — those are all activities I would consider hacks — and that’s what EternalBlue is. In short, it leverages a vulnerability that the NSA found in the Microsoft SMB protocol. They found that if they hurled a packet that was the right size in the right shape, it would shove a square peg into a round hole, and the round hole wouldn’t know what to do, and so it would execute a buffer overflow attack. Windows wasn’t expecting a square peg in a round hole, so it would trip, fall down, and execute code of the attacker’s choice. EternalBlue hacks took advantage of a “round” Server Message Block (SMB) hole, and as that SMB failed, it could run a Trojan, or blue screen a computer, or download a piece of malware.

 

Less than thirty days after EternalBlue got into the hands of cybercriminals, a nasty bug called WannaCry was released to the world. It made you want to cry because it was ransomware. It used EternalBlue as the delivery exploit, so as soon as WannaCry got a foothold inside a corporate network, it would jump from machine to machine to machine and ransom. By the next year, EternalBlue hacks had cost companies and industries billions of dollars, and 65 countries have fallen to EternalBlue’s vulnerability and have been ransomed or hacked in some fashion. Why? Because even after Microsoft released a patch, millions of computers were unprotected because people didn’t patch.

 

 

Patching… and more than patching

 

Cybercriminals are continually waiting for time, opportunity, and tools to be able to successfully hack into your system. To prevent it, we do a number of things. We patch our machines, we turn on our firewalls, and we don’t let people be local administrators. We make sure our antivirus is current. But we need more than antivirus because hackers now have toolkits to program custom malware. They don’t have to know about EternalBlue hacks if they have a malware toolkit. These toolkits change malware by a byte or two bytes, which changes the signature of the program. As a result, the antivirus software, which is looking for signatures, can’t detect the malware. This designer malware is specifically written for a particular company. The malware is one-of-a-kind and still does the same EternalBlue exploit. Because of this dark web exchange of malware toolkits and designer ransomware, more robust cybersecurity measures, like endpoint security, are needed to keep our businesses safe.

 

IF Only Tech Time

Fridays – Noon (MT)

Answers to all things about IT

IF you did miss IT… did you miss IT!? No worries! 

Watch a tech talk here!