MSPNetworks Blog

The threat landscape is filled with more types of malware than ever. To keep your business’ network running effectively, it’s important to have a strategy to keep malware out. Today, we’ll talk about a few basics you should know to keep your cybersecurity strategy working properly.

Under A Thumb

Are you aware that there are readily available websites that are strictly devoted to providing the default factory passwords for devices of all types? With these passwords, and a little bit of knowledge about what hardware you have, people could access your network easily?

To combat this, you need to think about every single access point your business has and lock them down. Once they are locked down, you will also need to secure your online accounts and your physical location’s access points. To do this you should take time to document all of your network’s possible entry ways and do what you need to do to secure them. You can do this by ensuring that every access point is secured with different passwords (and two-factor authentication where possible).

Keep Your Antivirus Updated

The antivirus solution you use keeps out unwanted entities. But what happens when malicious entities aren’t recognized by the antivirus solution? That’s right, it passes right by, infiltrating your network. To avoid this scenario, you will want to ensure that your antiviruses, antimalware, and firewalls are all updated with the latest threat definitions. 

Keep a Backup

Most importantly, you may think you are in control, but it only takes one thing to slip by your defenses to complicate things. That’s why you will want to keep routine and periodic backups to ensure that if something does happen that you can restore from backup quickly and get back in business fast. 

Remember all it takes is one. MSPNetworks staff's professional technicians versed in the best practices and protocols of comprehensive data and network security. To talk to one of our knowledgeable IT experts about securing your business, call us today at (516) 403-9001.

Cybercrime has morphed over the past decade or so. With unbreakable encryption making breaking directly into a network all but impossible, phishing, Distributed Denial of Service (DDoS) attacks, and other methods of indirect hacking have become en vogue. As a result, software companies are looking in some strange places to find building blocks for intrusion mitigation. One interesting emerging technology being used for this purpose is blockchain.

Developments in blockchain technology have begun to be stretched past keeping records and cryptocurrency. Today there are a couple companies using blockchain to create innovative cybersecurity solutions that aim to drastically reduce a company's exposure to cybercrime. No matter what vertical you work in, blockchain-integrated solutions have begun to pop up. Building new solutions with blockchain is incredibly popular nowadays, but is it just a buzzword used for its role in marketing, or is it making a discernible difference in these solutions?

Often thought to be “unhackable”, security professionals developing a blockchain-based cyber security platform isn’t all that noteworthy, until you realize how they are going about it. Developers have begun to create blockchain-based platforms that uses the distributed nature of the solution to power content delivery networks (CDN) and DDoS attack mitigation services. It does this by allowing users to rent out their spare bandwidth to use as security computing.

This will potentially reduce the ability for hackers to execute attacks, lower the cost for businesses to mitigate the effects of these attacks, and capitalize on their extra bandwidth. Other developers are using smart contract adoption to secure their interoperability and file security.

Is Blockchain Vulnerable?

Being a human invention, there have been some kinks in blockchain technology. For those of you who do not know how the blockchain works, here is a very stripped-down definition: Every transaction made through the blockchain, financial or contractual, is given a permanent, designated “block” in the chain. In order for it to be added to the ledger, the rest of the network (every other node) needs to approve this new block’s validity. Once it is added, it cannot be altered and provides an unchangeable record of the transaction. If a block needs to be changed, a new block would have to be entered. It is only then that the transaction is completed.

While this method may seem extraordinarily secure, this “unhackable” technology has its flaws. In 2018 alone just under one billion dollars' worth of cryptocurrency was stolen. Of the $927 million taken, $532.6 million of it was hacked from the Tokyo-based cryptocurrency company Coincheck where 500 million XEM coins up and vanished from the exchange.

Other Blockchain Vulnerabilities

To my surprise, one investigation found that some blockchain and cryptocurrency constructs has over 40 different vulnerabilities. Here are a couple:

51% Vulnerabilities

Many of blockchain’s vulnerabilities have more to do with the nature of the platform as well. One such vulnerability is known as a 51% vulnerability and is associated with mining cryptocurrencies. Let’s assume you are a cryptocurrency miner and you accumulate hashing power that exceeds more than half of what the blockchain contains, you could leverage a 51% attack to manipulate the blockchain to your own advantage.

Obviously popular blockchains, typically associated with renowned cryptocurrencies, have too big of a price tag to be practical targets for such a hack. Less expensive coins, however, are, and can be lucrative targets for hackers. In 2018, 51% attacks were leveraged against new cryptocurrencies, netting the attackers the equivalent to approximately $20 million.

Security of Private Keys

Using a blockchain requires a user to have a private key to unlock the naturally encrypted platform. Naturally, if this key were to be stolen, the thief would be able to access the user’s blockchain. What’s worse, because the blockchain is decentralized, these kinds of actions are difficult to track and, as designed, harder to undo.

It’s hard to forget in this world that is completely integrated with technology that some tech is just in its infancy. Blockchain, especially outside of the cryptocurrency sphere is only emerging and the tech built with it should be looked at through skeptical eyes. Stay up to date with the latest technology concerns and information, subscribe to MSPNetworks blogs.

Let me ask you a question… let’s say that you’re about one year from your projected retirement, when a ransomware attack encrypts all of your files. What do you do? Pack it in and retire early? This is precisely the situation that the practitioners of Brookside ENT & Hearing Services of Battle Creek, Michigan, have found themselves in - and it may not be over yet.

What Happened to Brookside ENT?

Typical of a ransomware attack, the malware began by deleting and overwriting all of the practice’s data - every medical record, bill, and upcoming appointment. A duplicate of each file was left behind, locked behind a password that the person or persons responsible promised to provide in exchange for a $6,500 wire transfer.

Under the advisement of an “IT guy,” Dr. William Scalf and Michigan state senator Dr. John Bizon didn’t pay the ransom, as they couldn’t be sure that the password would even work, or that the ransomware wouldn’t return in the near future. As their IT resource determined that the attacker hadn’t actually viewed any of the records, this event technically didn’t need to be reported as a breach under the Health Insurance Portability and Accountability Act (HIPAA). Nevertheless, without access to this data, the physicians saw little choice than to retire early.

Well, kind of. As they had no means of knowing who had an appointment scheduled, the physicians had little choice than to wait around the office for a few weeks and see whomever showed up.

Why Throwing in the Towel May Not Be Enough

From a purely academic point of view, it only makes sense that the medical industry would be one targeted by ransomware. Not only do its establishments rely greatly on the data they have stored, there is an urgency to this reliance that cannot be denied. Think about the possible ramifications if a medical practitioner was unable to properly diagnose a patient and recommend treatment because of some unavailable data.

Of course, the strategy that Brookside ENT has adopted to close up shop doesn’t leave its owners off the hook, either. They could still find themselves in plenty of regulatory hot water.

For instance, a ransomware attack (paid or not) could be considered a reportable incident under HIPAA, or even an instigation of a negligence-based legal action. Any patient could invoke HIPAA rules if their data was in digital form and have an investigation started by the Department of Health and Human Services’ Office of Civil Rights, simply by leaving a complaint.

How You Can Protect Your Business from Ransomware

While the best way to keep your business safe is to be able to spot ransomware infection attempts before they successfully fool you into allowing them on your system, statistically, you aren’t going to be able to spot all of them… so what can you do?

One great resource you have available to you is your team. Each uneducated user offers ransomware another way in, but each educated user is another shield to help protect your business.

You should also develop and maintain a comprehensive backup plan to help protect your data from ransomware attacks and other attempts against it. While it would be ideal to not need to use this backup, it would be far less ideal to need one and not have it. Make sure that you keep your backup isolated from the rest of your network as well, so that your backup isn’t also encrypted by a ransomware attack.

At MSPNetworks, we have plenty of experience in mitigating the damage that ransomware can cause, as well as in solving various other IT issues. For assistance with any of your business’ IT needs, reach out to us at (516) 403-9001.

You might hear the term “zero-day” when discussing security threats, but do you know what they actually are? A zero-day threat is arguably one of the most devastating and dangerous security issues your business could face, and if you’re not prepared, they could be the end of it.

Before anything else, it’s critical that you understand what makes the concept of a zero-day threat so terrifying. Vulnerabilities are flaws in software that can be used by hackers and cybercriminals to access important information or cause trouble. To do so, malware is used by the hacker, but they generally need an exploitable vulnerability to do so.

Defining Zero-Day Threats
Depending on how long a vulnerability is known by developers, they might have a timeline to resolve the issue by, provided that the attack isn’t currently being used by hackers to cause trouble for businesses. However, a vulnerability that is being used in the wild without a patch or update to resolve the issue means that developers effectively have zero days to respond to the issue without the threat of it being used by hackers.

Zero-day threats are often found by black-hat hackers rather than white-hat cybersecurity researchers who generally report threats to developers, so they can be patched properly. Under the most ideal circumstances, an update can be issued before criminals start to use the vulnerability to their advantage. Unfortunately, this doesn’t always happen, and hackers might be able to use these vulnerabilities.

Protecting Against These Threats
It might seem impossible to keep your business secure from zero-day threats, and to an extent, you’re right. The easiest and best way to keep your organization as secure as possible is to take proactive measures. This includes updating your business’ technology solutions as frequently as possible whenever a new patch or update is available. This ensures that you are as protected as possible when the moment does come.

One of the most interesting and notable trends regarding zero-day threats is how they are still successful after they have been turned into an n-day vulnerability. An n-day vulnerability is one that has been discovered and fixed, but if they aren’t resolved in time, a business can still be affected by them before long. The Equifax breach is a perfect example of this, as it was a vulnerability that had been discovered, reported, and patched earlier that year, yet Equifax failed to apply the patch on time.

All businesses need to consider zero-day threats a major problem, and if you don’t take proactive action against them now, you could be putting your business at risk. To learn more about how you can protect your business now, reach out to us at (516) 403-9001.