The Rise and Risk of IoT Devices in the Workplace

The internet of things (IoT) is a broad term used to describe the network of devices that connect to any particular wireless internet. For example, anything that has “smart” as a prefix is almost guaranteed to need an internet connection, making it an IoT device.

The IoT has grown to a vast number of devices since the beginning of 2010. Many modern homes have a few devices that connect to the internet, be it a voice speaker like Google Home or a streaming device like the Amazon Fire Stick. Contemporary innovations have brought society incredible new tech, such as remote-start coffee makers and thermostats, refrigerators with dietary suggestions, and even door locks that can only unlock with your phone. It’s predicted that nearly 31 billion IoT–connected devices will be online by 2020.

IoT devices are beginning to make their way into corporate spaces as well. Some offices may have an Amazon Echo for conference calls or a streaming device to share the screen of a laptop with a nearby TV.

What you may not understand is that anything connected to the internet is vulnerable to a multitude of cyber attacks.

The rapid rate of tech advancement and mass adoption has made society comfortable connecting their internet to just about anything. Securing those devices can be tough, and while cybersecurity is constantly improving in these devices, nothing has stopped hackers from finding a way in yet. Blind faith that those devices are keeping your data safe is not smart. Research from Ponemon Institute found that 97% of risk management professionals indicated an IoT data breach as catastrophic for an organization.

Some IoT recent IoT attacks include:

August 2016 – Mirai botnet attack — Targeted IoT recording devices creating one of the largest DDoS attacks in history

August 2017 – An macabre attack on IoT pacemakers lead to a recall of 500,000 devices fearing a security gap that would allow an attacker to manipulate the device.

All companies should adopt a set of security practices, rules, or regulations to keep employees aware and accountable. Make sure that you check with IT to be sure the device is safe for a corporate network. Our partner Fortinet provides full network visibility, monitoring anything and everything connected to a network, specifically, the ability to control those devices with a dynamic, automated response.

From their website “FortiNAC simplifies the deployment of IoT devices by automating most of the authentication process using a sponsor. When a new IoT device tries to connect to the network, FortiNAC automatically places the device in an isolated network, profiles the device, and sends the information and the suspected type of device to the appropriate department for review and authorization. Once the device is confirmed, FortiNAC notifies the firewall of the type of device and where to place it in the correct network segment. The solution is also easy to upgrade and scale across organizations of all sizes and industries.” Check out their comprehensive guide to securing your IoT network here.

It’s important to step back and remember that we are only in the beginning phase of the IoT device. In the near future, most of the devices we use, including microwaves, fire alarms, and cars will be connected to the web, meaning there is always a chance of cyber attack. Being proactive about your IoT security could halt a much larger breach in its tracks. If you’re concerned about the use of IoT devices in your office, give us a call for a free consultation. We proudly deliver FortiNAC solutions as a Fortinet partner and would be happy to explain exactly how we would secure all your devices, now and in the future.

Sources:

https://www.csoonline.com/article/3244467/internet-of-things/2018-prediction-securing-iot-connected-devices-will-be-a-major-cybersecurity-challenge.html

https://www.fortinet.com/content/dam/fortinet/assets/solution-guides/SB-FortiNAC-simplifies-IOT-security.pdf

 

The internet of things (IoT) is a broad term used to describe the network of devices that connect to any particular wireless internet. For example, anything that has “smart” as a prefix is almost guaranteed to need an internet connection, making it an IoT device.

The IoT has grown to a vast number of devices since the beginning of 2010. Many modern homes have a few devices that connect to the internet, be it a voice speaker like Google Home or a streaming device like the Amazon Fire Stick. Contemporary innovations have brought society incredible new tech, such as remote-start coffee makers and thermostats, refrigerators with dietary suggestions, and even door locks that can only unlock with your phone. It’s predicted that nearly 31 billion IoT–connected devices will be online by 2020.

IoT devices are beginning to make their way into corporate spaces as well. Some offices may have an Amazon Echo for conference calls or a streaming device to share the screen of a laptop with a nearby TV.

What you may not understand is that anything connected to the internet is vulnerable to a multitude of cyber attacks.

The rapid rate of tech advancement and mass adoption has made society comfortable connecting their internet to just about anything. Securing those devices can be tough, and while cybersecurity is constantly improving in these devices, nothing has stopped hackers from finding a way in yet. Blind faith that those devices are keeping your data safe is not smart. Research from Ponemon Institute found that 97% of risk management professionals indicated an IoT data breach as catastrophic for an organization.

Some IoT recent IoT attacks include:

August 2016 – Mirai botnet attack — Targeted IoT recording devices creating one of the largest DDoS attacks in history

August 2017 – An macabre attack on IoT pacemakers lead to a recall of 500,000 devices fearing a security gap that would allow an attacker to manipulate the device.

All companies should adopt a set of security practices, rules, or regulations to keep employees aware and accountable. Make sure that you check with IT to be sure the device is safe for a corporate network. Our partner Fortinet provides full network visibility, monitoring anything and everything connected to a network, specifically, the ability to control those devices with a dynamic, automated response.

From their website “FortiNAC simplifies the deployment of IoT devices by automating most of the authentication process using a sponsor. When a new IoT device tries to connect to the network, FortiNAC automatically places the device in an isolated network, profiles the device, and sends the information and the suspected type of device to the appropriate department for review and authorization. Once the device is confirmed, FortiNAC notifies the firewall of the type of device and where to place it in the correct network segment. The solution is also easy to upgrade and scale across organizations of all sizes and industries.” Check out their comprehensive guide to securing your IoT network here.

It’s important to step back and remember that we are only in the beginning phase of the IoT device. In the near future, most of the devices we use, including microwaves, fire alarms, and cars will be connected to the web, meaning there is always a chance of cyber attack. Being proactive about your IoT security could halt a much larger breach in its tracks. If you’re concerned about the use of IoT devices in your office, give us a call for a free consultation. We proudly deliver FortiNAC solutions as a Fortinet partner and would be happy to explain exactly how we would secure all your devices, now and in the future.

Sources:

https://www.csoonline.com/article/3244467/internet-of-things/2018-prediction-securing-iot-connected-devices-will-be-a-major-cybersecurity-challenge.html

https://www.fortinet.com/content/dam/fortinet/assets/solution-guides/SB-FortiNAC-simplifies-IOT-security.pdf

 

Protecting Your Law Firm in 2019: Part 2

In part one of our Protecting Your Law Firm in 2019 blog, we talked about the biggest threats facing law firms in today’s virtually connected atmosphere. From phishing attacks to DoDS and ransomware, cyber threats are always lurking, and most of the time, they can be halted their tracks with minor security measures.

Much like getting a guard dog, even a small amount of cyber security can deter a hacker into skipping your enterprise on their list of potential targets. In part two of our series, we’re going to look at the small-scale, actionable steps you can take to protect your firm’s data. While we can’t recommend enough a major security retrofit, some attacks can be prevented with good policy.

One of the most important factors of cybersecurity is being proactive. A cyber attack can mean a loss of capital, loss of data, exposure of sensitive data, and more. However, the most costly will be the reputation of your company. A reputation can take years to build and a few keystrokes to topple. As much as a small leak of classified information can destroy decades old trust between a firm and it’s clients.

These steps below will guide you and your team to a safer and more secure tomorrow:

Training Employees

Believe it or not, this is probably the most crucial tip we have. Phishing attacks are by far the most frequent cyber attack on small or local businesses, and training your employees to know when a suspicious email is an attack could stop a crisis in its tracks. “A recent study found that 50 percent of all breaches stem from social engineering attacks (e.g., phishing emails) and insider errors.”

Creating a culture of cyber-consciousness should be the end goal for any business. Whether it’s hosting a lunch-and-learn cybersecurity training day or implementing policies to guide your employees to the safest practice when handling firm assets. Keeping small reminders on the walls or desk of the office space is another great way to reinforce and remind your workforce of the potential threats. Another is to feature cyber-security related articles within company memos or newsletters. (Like the ones we share on our social feeds) Anything that can keep security top of mind will encourage a smarter, more secure workplace.

Our 5-Minute Guide to Cyber Security is a great resource to have printed out or mounted somewhere in your office: https://jdlgrp.com/5-Minute-Guide-Cyber-Consciousness

Establish Protocol  

Having set cyber rules for your employees is a great way to reinforce the importance of virtual safety. It’s not uncommon for an employee to misunderstand the the difference between a home computer and a corporate network, so setting specific rules to follow will deter a vulnerable employee from opening a can of worms.

Some policies to consider in your protocol include:

  • Rules requiring strong passwords
  • Periodically changing work passwords
  • The use of two-factor authentication
  • Forwarding files to personal emails
  • Using encrypted removable storage devices (USB Drive)
  • Immediately reporting suspicious activity.
  • Regulations on software installed, browser used, extensions attached, etc
  • Best practices for email
  • Discouraging the use of unsecured networks (cafes, restaurants, airports, or hotels)
  • Use of a virtual private network (VPN)

Backup Data

While many cyber attacks are after valuable data, some are purposely meant to be as destructive as possible, wiping out any data it can find. Having a reliable backup system is critical to ensuring you don’t lose any valuable data that can render your firm unable to continue business. Investing in a secure backup system will allow you to recover your files as quickly as they were stolen.

Updated Cybersecurity Plan

In our current technological atmosphere, innovation is abundant. New software and gadgets seem to pop up daily, and with them, come new opportunities for cyber threats. For this reason, it’s vital that your entire cyber defense be kept up to date. And we’re not just talking about software to keep your firm safe, you must be actively retrofitting your virtual infrastructure and education your employees to adjust to the rapidly changing space — think smart watch policy or even encrypting tablets.

Unfortunately, the volume of cyber attacks has been steadily increasing in recent years. With new technology comes a greater responsibility to keeping your business and employees safe. While these tips can keep you moderately secure, only a professional can design a custom defense to combat the full spectrum of cyber threats.

JDL Group Inc. provides all of the suggestions above and more through Unified Threat Management. One example is the FortiMail Secure Email, combining email security and data backups by utilizing the latest technologies and services from FortiGuard Labs. Fortinet also offers mobile carriers a strategic security solution, specifically addressing the scaling, performance, and connectivity needs in today’s mobile work atmosphere.

Contact us today for a 100% free cybersecurity consultation for your business!

 

Sources:

(https://www.law.com/thelegalintelligencer/2018/07/18/cybersecurity-for-midsized-and-smaller-law-firms-10-tips-to-take-action-now/)

 

In part one of our Protecting Your Law Firm in 2019 blog, we talked about the biggest threats facing law firms in today’s virtually connected atmosphere. From phishing attacks to DoDS and ransomware, cyber threats are always lurking, and most of the time, they can be halted their tracks with minor security measures.

Much like getting a guard dog, even a small amount of cyber security can deter a hacker into skipping your enterprise on their list of potential targets. In part two of our series, we’re going to look at the small-scale, actionable steps you can take to protect your firm’s data. While we can’t recommend enough a major security retrofit, some attacks can be prevented with good policy.

One of the most important factors of cybersecurity is being proactive. A cyber attack can mean a loss of capital, loss of data, exposure of sensitive data, and more. However, the most costly will be the reputation of your company. A reputation can take years to build and a few keystrokes to topple. As much as a small leak of classified information can destroy decades old trust between a firm and it’s clients.

These steps below will guide you and your team to a safer and more secure tomorrow:

Training Employees

Believe it or not, this is probably the most crucial tip we have. Phishing attacks are by far the most frequent cyber attack on small or local businesses, and training your employees to know when a suspicious email is an attack could stop a crisis in its tracks. “A recent study found that 50 percent of all breaches stem from social engineering attacks (e.g., phishing emails) and insider errors.”

Creating a culture of cyber-consciousness should be the end goal for any business. Whether it’s hosting a lunch-and-learn cybersecurity training day or implementing policies to guide your employees to the safest practice when handling firm assets. Keeping small reminders on the walls or desk of the office space is another great way to reinforce and remind your workforce of the potential threats. Another is to feature cyber-security related articles within company memos or newsletters. (Like the ones we share on our social feeds) Anything that can keep security top of mind will encourage a smarter, more secure workplace.

Our 5-Minute Guide to Cyber Security is a great resource to have printed out or mounted somewhere in your office: https://jdlgrp.com/5-Minute-Guide-Cyber-Consciousness

Establish Protocol  

Having set cyber rules for your employees is a great way to reinforce the importance of virtual safety. It’s not uncommon for an employee to misunderstand the the difference between a home computer and a corporate network, so setting specific rules to follow will deter a vulnerable employee from opening a can of worms.

Some policies to consider in your protocol include:

  • Rules requiring strong passwords
  • Periodically changing work passwords
  • The use of two-factor authentication
  • Forwarding files to personal emails
  • Using encrypted removable storage devices (USB Drive)
  • Immediately reporting suspicious activity.
  • Regulations on software installed, browser used, extensions attached, etc
  • Best practices for email
  • Discouraging the use of unsecured networks (cafes, restaurants, airports, or hotels)
  • Use of a virtual private network (VPN)

Backup Data

While many cyber attacks are after valuable data, some are purposely meant to be as destructive as possible, wiping out any data it can find. Having a reliable backup system is critical to ensuring you don’t lose any valuable data that can render your firm unable to continue business. Investing in a secure backup system will allow you to recover your files as quickly as they were stolen.

Updated Cybersecurity Plan

In our current technological atmosphere, innovation is abundant. New software and gadgets seem to pop up daily, and with them, come new opportunities for cyber threats. For this reason, it’s vital that your entire cyber defense be kept up to date. And we’re not just talking about software to keep your firm safe, you must be actively retrofitting your virtual infrastructure and education your employees to adjust to the rapidly changing space — think smart watch policy or even encrypting tablets.

Unfortunately, the volume of cyber attacks has been steadily increasing in recent years. With new technology comes a greater responsibility to keeping your business and employees safe. While these tips can keep you moderately secure, only a professional can design a custom defense to combat the full spectrum of cyber threats.

JDL Group Inc. provides all of the suggestions above and more through Unified Threat Management. One example is the FortiMail Secure Email, combining email security and data backups by utilizing the latest technologies and services from FortiGuard Labs. Fortinet also offers mobile carriers a strategic security solution, specifically addressing the scaling, performance, and connectivity needs in today’s mobile work atmosphere.

Contact us today for a 100% free cybersecurity consultation for your business!

 

Sources:

(https://www.law.com/thelegalintelligencer/2018/07/18/cybersecurity-for-midsized-and-smaller-law-firms-10-tips-to-take-action-now/)

 

5 Tips to Keep Your Mobile Workforce Safe and Secure

The American workforce has seen its fair share of paradigm shifts — globalization, the internet, and the introduction of cargo shorts and sandals in the workplace to name a few.

The latest in labor initiatives has been the adoption of remote working. The spread of laptops and wifi internet has lead enterprises to begin sourcing their employees from, well, anywhere. In fact, 50 percent of the US workforce is now permitted to work remotely during the work week, according to Global Workplace Analytics’ 2016 study.

The initiative is a win-win in many cases, as a corporation does not have to expense for office space and the amenities that come with it. It’s no surprise that the workforce has responded positively to the change as well. Young parents can spend more time with their family and a lack of commute time adds almost an entire hour back into the average employees day.

While modern-day mobility and BYOD (device) opportunities present substantial productivity boosts, they increase the complexity and opportunity for security threats. Using a host of technologies from Data Loss Prevention, Encryption, and Monitoring services will help organizations limit their security exposure, but cannot prevent everything.

With this new, great opportunity to work from anywhere comes an even greater responsibility to the employee. A personal laptop accessing corporate files on a public network can be catastrophic.

If you’re hiring or plan to hire remote staff for your organization, be sure they receive these five tips before they start:

1) Back Up Everything

Whether it’s in the cloud or an external hard drive, backing up everything you work on can save a ton time and stress if an attack were to happen. Keeping backed-up data will allow you to access exactly what you’ve been working on from prior to the attack.

2) Be Cautious of Public Wi-Fi

Free Wi-Fi access, whether it’s in coffee shops, airport lounges, or hotels, is a huge benefactor to remote working. Unfortunately, they’re also vulnerable to security issues. To avoid issues, ask about your host’s security protocol before connecting, skip any unencrypted Wi-Fi networks, and avoid logging in to corporate accounts or viewing sensitive data when connected to public networks. Briefly using a personal hotspot via cell phone is a great alternative when necessary.

3) Update Operating Systems

Like a vaccine for an immune system, you should keep your computer operating system as up to date as possible. Security updates will often come standard with a new OS. Like a vaccine, they’re proactive (not reactive, like an antidote) in protecting you from the latest threats.

4) Disable Bluetooth Connectivity

“Idle mode” Bluetooth connection can present security problems as well. If your Bluetooth is left on, nearby assailants can connect to your phone and potentially hack into your device. Make sure your phone and laptop Bluetooth connection setting is disabled while traveling, particularly abroad.

5) Always keep your computer in your line of sight

This should go without saying, but many people often ‘trust their neighbors’ when in public spaces to monitor their device while they step out for a call. This poses two very malicious threats: 1. Your entire workstation could be stolen or 2. Your computer could be bugged with using software installed via USB. In both cases, data is almost always completely compromised and the outcome is disastrous.

The bottom line for hiring a remote workforce is that their laptop should be your priority — especially if it’s their personal one. Think of your organizations’ cyber safety as a whole — if even one employee is susceptible to exploitation, the whole organization could tumble. In addition, keeping your employees safe and secure will establish your commitment to security, holding them to a higher standard and keeping your enterprise secure.

Contact JDL Group today for a security assessment of your remote workforce.

The American workforce has seen its fair share of paradigm shifts — globalization, the internet, and the introduction of cargo shorts and sandals in the workplace to name a few.

The latest in labor initiatives has been the adoption of remote working. The spread of laptops and wifi internet has lead enterprises to begin sourcing their employees from, well, anywhere. In fact, 50 percent of the US workforce is now permitted to work remotely during the work week, according to Global Workplace Analytics’ 2016 study.

The initiative is a win-win in many cases, as a corporation does not have to expense for office space and the amenities that come with it. It’s no surprise that the workforce has responded positively to the change as well. Young parents can spend more time with their family and a lack of commute time adds almost an entire hour back into the average employees day.

While modern-day mobility and BYOD (device) opportunities present substantial productivity boosts, they increase the complexity and opportunity for security threats. Using a host of technologies from Data Loss Prevention, Encryption, and Monitoring services will help organizations limit their security exposure, but cannot prevent everything.

With this new, great opportunity to work from anywhere comes an even greater responsibility to the employee. A personal laptop accessing corporate files on a public network can be catastrophic.

If you’re hiring or plan to hire remote staff for your organization, be sure they receive these five tips before they start:

1) Back Up Everything

Whether it’s in the cloud or an external hard drive, backing up everything you work on can save a ton time and stress if an attack were to happen. Keeping backed-up data will allow you to access exactly what you’ve been working on from prior to the attack.

2) Be Cautious of Public Wi-Fi

Free Wi-Fi access, whether it’s in coffee shops, airport lounges, or hotels, is a huge benefactor to remote working. Unfortunately, they’re also vulnerable to security issues. To avoid issues, ask about your host’s security protocol before connecting, skip any unencrypted Wi-Fi networks, and avoid logging in to corporate accounts or viewing sensitive data when connected to public networks. Briefly using a personal hotspot via cell phone is a great alternative when necessary.

3) Update Operating Systems

Like a vaccine for an immune system, you should keep your computer operating system as up to date as possible. Security updates will often come standard with a new OS. Like a vaccine, they’re proactive (not reactive, like an antidote) in protecting you from the latest threats.

4) Disable Bluetooth Connectivity

“Idle mode” Bluetooth connection can present security problems as well. If your Bluetooth is left on, nearby assailants can connect to your phone and potentially hack into your device. Make sure your phone and laptop Bluetooth connection setting is disabled while traveling, particularly abroad.

5) Always keep your computer in your line of sight

This should go without saying, but many people often ‘trust their neighbors’ when in public spaces to monitor their device while they step out for a call. This poses two very malicious threats: 1. Your entire workstation could be stolen or 2. Your computer could be bugged with using software installed via USB. In both cases, data is almost always completely compromised and the outcome is disastrous.

The bottom line for hiring a remote workforce is that their laptop should be your priority — especially if it’s their personal one. Think of your organizations’ cyber safety as a whole — if even one employee is susceptible to exploitation, the whole organization could tumble. In addition, keeping your employees safe and secure will establish your commitment to security, holding them to a higher standard and keeping your enterprise secure.

Contact JDL Group today for a security assessment of your remote workforce.

Defining the Eight Most Nefarious Cyber Threats.

Here’s what very business professional should be informed about:

  1. Data breaches

    When a security incident involving protected or confidential data is copied, distributed, read, stolen, or used by unauthorized individuals, it can become a serious problem for the victims involved. The majority of data breaches happen due to vulnerable unstructured data such as files, documents, and sensitive information. A bad security process, or lack there of, can leave businesses exposed.

The data can be any kind of information, including health information, financial information, personally identifiable information, trade secrets, and intellectual property. The risk of data breach is not exclusive to cloud computing, but it invariably ranks as a top concern for cloud customers. 

  1. Bots

    There are many different kinds of bots. These include website crawlers, spam bots, chat rooms and other dangerous bots. They run as automated and executed programs on the Internet. It’s estimated that one in three visits to any website is a malicious bot. It may have been designed to search your interface for security flaws.

The bots perform many tasks such as stealing user credit card information, and malware links. Online cybercriminals use viruses to breach the security of computers. They can take over your computer and use all of the compromised machines into a network of ‘bots‘ that can be remotely managed.

3. Insufficient identity, credential, and access management

Data breaches enabling attacks can happen because of a lack of scalable identity access management systems, failure to use proper authentication, weak passwords, and not updating passwords and certificates.
Credentials and cryptographic keys must not be embedded in source code or distributed via public facing storage like GitHub. There is a high incidence of problems that may occur. Keys need to be appropriately secured and a well-secured public key infrastructure (PKI) is needed to ensure key-management activities are carried out.

  1. Unsafe interfaces & application programming interfaces (APIs)

    APIs are a system of tools and resources in an operating system, enabling developers to create software applications. Cloud providers expose a set of software user interfaces (UIs) or APIs that customers use to manage and interact with cloud services. Provisioning, management, and monitoring are all performed with these interfaces, and the security and availability of general cloud services depends on the security of APIs, CSA says. They need to be designed to protect against accidental and malicious attempts to circumvent policy.

  1. System vulnerabilities

 This cyber-security term refers to an inadequacy, in a system that can leave it open to attack. Vulnerability may also refer to any type of weakness in a computer system itself, in a process, or anything that leaves your security exposed to a threat. This may attract attackers who will steal data by taking control of the system, or destroying service operations. With the advent of multi-tenancy in the cloud, systems from various organizations are placed close to each other and given access to shared memory and resources, creating a new attack surface.

6. Account hijacking

A process in which an individual or organization’s account is stolen or hijacked by an attacker. Cloud account hijacking is a common strategy in identity theft. The assailant uses the stolen account information to engage in malevolent and/or unauthorized activity.

They can eavesdrop on activities and transactions, mess with your data, return misleading information and redirect clients to illegitimate sites. With your stolen data, attackers can often access key areas of cloud computing services. This enables them to compromise the privacy, integrity, and availability of those services.

7. Bogus Social Media

Bogus social media pages and accounts are created to mirror the actual people or businesses. The idea is to target your network, including your employees and their devices. The goal is to get to your private information through the sharing of disruptive malware links. These appear harmless like links to coupons, photos, or websites that may peak your curiosity encouraging you to click.

There are also many phishing scams, or fraudulent messages that lure people to divulge their private information via social media.  Credit card numbers and passwords are particularly at risk and when infiltrated can be detrimental to your important software, and more!

8. Denial of Service Attacks

In this instance the perpetrator wants to make a computer or network unavailable to its intended. This is achieved by temporarily (or permanently), altering services of a host connected to the Internet.

Most websites are designed to accommodate a certain level of web traffic, much in the same way roads are created for a certain volume of vehicles at one time. With denial of service attacks (DoS), cyber criminals flood your site with an extortionate amount of traffic. This in turn effectively slows everything down and may collapse the web page. DoS attacks are serious business. They make you to loose valuable time and resources trying to resolve the issue.

Contact The JDL Group for pragmatic solutions to cyber threats.

 

Sources:

 

 

 

Here’s what very business professional should be informed about:

  1. Data breaches

    When a security incident involving protected or confidential data is copied, distributed, read, stolen, or used by unauthorized individuals, it can become a serious problem for the victims involved. The majority of data breaches happen due to vulnerable unstructured data such as files, documents, and sensitive information. A bad security process, or lack there of, can leave businesses exposed.

The data can be any kind of information, including health information, financial information, personally identifiable information, trade secrets, and intellectual property. The risk of data breach is not exclusive to cloud computing, but it invariably ranks as a top concern for cloud customers. 

  1. Bots

    There are many different kinds of bots. These include website crawlers, spam bots, chat rooms and other dangerous bots. They run as automated and executed programs on the Internet. It’s estimated that one in three visits to any website is a malicious bot. It may have been designed to search your interface for security flaws.

The bots perform many tasks such as stealing user credit card information, and malware links. Online cybercriminals use viruses to breach the security of computers. They can take over your computer and use all of the compromised machines into a network of ‘bots‘ that can be remotely managed.

3. Insufficient identity, credential, and access management

Data breaches enabling attacks can happen because of a lack of scalable identity access management systems, failure to use proper authentication, weak passwords, and not updating passwords and certificates.
Credentials and cryptographic keys must not be embedded in source code or distributed via public facing storage like GitHub. There is a high incidence of problems that may occur. Keys need to be appropriately secured and a well-secured public key infrastructure (PKI) is needed to ensure key-management activities are carried out.

  1. Unsafe interfaces & application programming interfaces (APIs)

    APIs are a system of tools and resources in an operating system, enabling developers to create software applications. Cloud providers expose a set of software user interfaces (UIs) or APIs that customers use to manage and interact with cloud services. Provisioning, management, and monitoring are all performed with these interfaces, and the security and availability of general cloud services depends on the security of APIs, CSA says. They need to be designed to protect against accidental and malicious attempts to circumvent policy.

  1. System vulnerabilities

 This cyber-security term refers to an inadequacy, in a system that can leave it open to attack. Vulnerability may also refer to any type of weakness in a computer system itself, in a process, or anything that leaves your security exposed to a threat. This may attract attackers who will steal data by taking control of the system, or destroying service operations. With the advent of multi-tenancy in the cloud, systems from various organizations are placed close to each other and given access to shared memory and resources, creating a new attack surface.

6. Account hijacking

A process in which an individual or organization’s account is stolen or hijacked by an attacker. Cloud account hijacking is a common strategy in identity theft. The assailant uses the stolen account information to engage in malevolent and/or unauthorized activity.

They can eavesdrop on activities and transactions, mess with your data, return misleading information and redirect clients to illegitimate sites. With your stolen data, attackers can often access key areas of cloud computing services. This enables them to compromise the privacy, integrity, and availability of those services.

7. Bogus Social Media

Bogus social media pages and accounts are created to mirror the actual people or businesses. The idea is to target your network, including your employees and their devices. The goal is to get to your private information through the sharing of disruptive malware links. These appear harmless like links to coupons, photos, or websites that may peak your curiosity encouraging you to click.

There are also many phishing scams, or fraudulent messages that lure people to divulge their private information via social media.  Credit card numbers and passwords are particularly at risk and when infiltrated can be detrimental to your important software, and more!

8. Denial of Service Attacks

In this instance the perpetrator wants to make a computer or network unavailable to its intended. This is achieved by temporarily (or permanently), altering services of a host connected to the Internet.

Most websites are designed to accommodate a certain level of web traffic, much in the same way roads are created for a certain volume of vehicles at one time. With denial of service attacks (DoS), cyber criminals flood your site with an extortionate amount of traffic. This in turn effectively slows everything down and may collapse the web page. DoS attacks are serious business. They make you to loose valuable time and resources trying to resolve the issue.

Contact The JDL Group for pragmatic solutions to cyber threats.

 

Sources:

 

 

 

Failing the Phish Test

Phish testing your employees is a vital part of any security awareness program.  It seems logical that by exposing employees to phishing and helping them identify tactics, the chance of anyone in your organization to be phished lessens.  But does it?

When employees who failed phish tests are called out, made to feel poorly or singled out in a group the exact opposite can happen.

End users are the largest, most vulnerable target in most organizations. In real-world attacks, end users are relentlessly bombarded with spear-phishing and socially engineered schemes.

As the champion of your organizations cyber security, it is imperative that these tests be used as teachable moments to educate and encourage your end users.

Use Failure as a Teachable Moment.

Look at the failure of phish testing in a different light: you’ve identified a weakness in your security that can now be remedied.

Effective Phish Testing Checklist

Every phish test should follow some basic tenets in order to educate users:

  1. The links in a phish test campaign should go directly to a site with immediate education.
  2. Do not call out or embarrass users who fail the test.  Public shaming results in decreased threat reporting.
  3. Do not tie user responses to employee evaluation testing.  Doing so can can create resentment towards security, which is not good for the organization.
  4. Offer encouragement and education by directing users to additional training.  This can be optional or required depending on how many times the user has failed.
  5. Provide additional written materials such as articles and information from other sources.
  6. Reward people who report incidents.  This can be as simple as a kudo’s in the company newsletter or even prizes and contests.  Make sure that your organizations culture gives positive support to employees who report incidents.

Protecting Your Network 

JDL Group can help you put in place the right cyber security measures for you and your organization. If you want to learn more about protecting yourself and your employees from phishing campaigns check out our free anti-phishing toolkit.  

References: 

https://www.infosecurity-magazine.com/next-gen-infosec/reward-flag-phish-highlight-failed/

https://www.sophos.com/en-us/products/phish-threat.aspx

 

Phish testing your employees is a vital part of any security awareness program.  It seems logical that by exposing employees to phishing and helping them identify tactics, the chance of anyone in your organization to be phished lessens.  But does it?

When employees who failed phish tests are called out, made to feel poorly or singled out in a group the exact opposite can happen.

End users are the largest, most vulnerable target in most organizations. In real-world attacks, end users are relentlessly bombarded with spear-phishing and socially engineered schemes.

As the champion of your organizations cyber security, it is imperative that these tests be used as teachable moments to educate and encourage your end users.

Use Failure as a Teachable Moment.

Look at the failure of phish testing in a different light: you’ve identified a weakness in your security that can now be remedied.

Effective Phish Testing Checklist

Every phish test should follow some basic tenets in order to educate users:

  1. The links in a phish test campaign should go directly to a site with immediate education.
  2. Do not call out or embarrass users who fail the test.  Public shaming results in decreased threat reporting.
  3. Do not tie user responses to employee evaluation testing.  Doing so can can create resentment towards security, which is not good for the organization.
  4. Offer encouragement and education by directing users to additional training.  This can be optional or required depending on how many times the user has failed.
  5. Provide additional written materials such as articles and information from other sources.
  6. Reward people who report incidents.  This can be as simple as a kudo’s in the company newsletter or even prizes and contests.  Make sure that your organizations culture gives positive support to employees who report incidents.

Protecting Your Network 

JDL Group can help you put in place the right cyber security measures for you and your organization. If you want to learn more about protecting yourself and your employees from phishing campaigns check out our free anti-phishing toolkit.  

References: 

https://www.infosecurity-magazine.com/next-gen-infosec/reward-flag-phish-highlight-failed/

https://www.sophos.com/en-us/products/phish-threat.aspx

 

New Phishing Campaigns are Targeting World Cup Fans 

Two new phishing campaigns have emerged in recent weeks due to the start of the 2018 FIFA World Cup. Bad actors are targeting fans of the hugely popular World Cup and one of its long-time partners and sponsors, Adidas. One campaign disguises itself as an interactive World Cup schedule that tracks game results in real time, while the other falsely promises a free $50-per-month subscription for new Adidas sneakers. 

A World Cup Phishing Campaign 

First identified on May 30 by the security firm Check Point, this phishing campaign peaked around June 5 and has since began to re-appear now that the World Cup games have started. The campaign utilizes a well-known type of malware typically used to deliver PUPs, adware, and toolbars called ‘Downloader Guide’. 

Emails with the subject line: “World_Cup_2018_Schedule_and_Scoresheet_V1.86_CB-DL-Manager” invite recipients to download an attachment that supposedly contains an interactive World Cup schedule. Researchers found 9 different malicious executable files embedded within the attachment. 

Adidas Fans Beware 

The other phishing campaign is targeting Adidas fans using a common trick now-a-days among hackers: masquerading as a legitimate company or brand by creating a link that appears to be from an accredited website. These emails deceptively appear to be from Adidas & contain a link using a vertical line instead of the “i” in Adidas. Prospective victims are encouraged to click the link to receive a free $50-per-month subscription towards Adidas shoes.  

Why the World Cup? 

Cyber criminals love to launch malicious campaigns around big sporting events because they garner huge amounts of popular interest, and it doesn’t get much bigger on a global scale than the World Cup.  

Hackers are hoping to capitalize on sports fans’ excitement and catch end-users with their guards down. In fact, it’s not just phishing campaigns; various fake and malicious websites, giveaways, and tickets have been reported in connection to the World Cup. 

How to Protect Yourself From Online Phishing Schemes 

Phishing attacks are becoming more and more sophisticated, so it is important to implement several layers of protection. On an individual basis, always ensure software is updated, keep an eye out for suspicious emails, and never click a link if you have even the tiniest doubt regarding its validity.  

From an organizational standpoint, companies should put in place automated email security controls that can stop malicious emails from ever reaching employees’ inboxes. Multi-layered security strategies can also mitigate the damage done by a phishing attack if the initial campaign successfully infiltrates your network. 

Protecting Your Network 

JDL Group can help you put in place the right cyber security measures for you and your organization. If you want to learn more about protecting yourself and your employees from phishing campaigns check out our free anti-phishing toolkit.  

References: 

https://www.infosecurity-magazine.com/news/phishing-campaigns-target-sports/ 

ransomware attacks on law firms

Two new phishing campaigns have emerged in recent weeks due to the start of the 2018 FIFA World Cup. Bad actors are targeting fans of the hugely popular World Cup and one of its long-time partners and sponsors, Adidas. One campaign disguises itself as an interactive World Cup schedule that tracks game results in real time, while the other falsely promises a free $50-per-month subscription for new Adidas sneakers. 

A World Cup Phishing Campaign 

First identified on May 30 by the security firm Check Point, this phishing campaign peaked around June 5 and has since began to re-appear now that the World Cup games have started. The campaign utilizes a well-known type of malware typically used to deliver PUPs, adware, and toolbars called ‘Downloader Guide’. 

Emails with the subject line: “World_Cup_2018_Schedule_and_Scoresheet_V1.86_CB-DL-Manager” invite recipients to download an attachment that supposedly contains an interactive World Cup schedule. Researchers found 9 different malicious executable files embedded within the attachment. 

Adidas Fans Beware 

The other phishing campaign is targeting Adidas fans using a common trick now-a-days among hackers: masquerading as a legitimate company or brand by creating a link that appears to be from an accredited website. These emails deceptively appear to be from Adidas & contain a link using a vertical line instead of the “i” in Adidas. Prospective victims are encouraged to click the link to receive a free $50-per-month subscription towards Adidas shoes.  

Why the World Cup? 

Cyber criminals love to launch malicious campaigns around big sporting events because they garner huge amounts of popular interest, and it doesn’t get much bigger on a global scale than the World Cup.  

Hackers are hoping to capitalize on sports fans’ excitement and catch end-users with their guards down. In fact, it’s not just phishing campaigns; various fake and malicious websites, giveaways, and tickets have been reported in connection to the World Cup. 

How to Protect Yourself From Online Phishing Schemes 

Phishing attacks are becoming more and more sophisticated, so it is important to implement several layers of protection. On an individual basis, always ensure software is updated, keep an eye out for suspicious emails, and never click a link if you have even the tiniest doubt regarding its validity.  

From an organizational standpoint, companies should put in place automated email security controls that can stop malicious emails from ever reaching employees’ inboxes. Multi-layered security strategies can also mitigate the damage done by a phishing attack if the initial campaign successfully infiltrates your network. 

Protecting Your Network 

JDL Group can help you put in place the right cyber security measures for you and your organization. If you want to learn more about protecting yourself and your employees from phishing campaigns check out our free anti-phishing toolkit.  

References: 

https://www.infosecurity-magazine.com/news/phishing-campaigns-target-sports/ 

ransomware attacks on law firms

FBI Issues Malware Public Service Announcement, Learn How to Protect Your Data

The FBI recently issued a public service announcement stating that all owners of small office / home office (SOHO) routers should immediately reboot their devices. Why? The FBI believes that hundreds of thousands of routers worldwide have been infected with a form of malware called “VPN Filter”.  

Luckily, all that is necessary to turn off the malware is a simple reboot and reset to default factory settings. Rebooting the devices will also help the FBI determine which devices were infected in the first place. Don’t assume that a malware infection can’t happen to you, reboot your router today. 

What is VPN Filter? 

According to the FBI, VPN Filter is a form of malware targeting small home or office routers. This form of malware can collect private and personal information, exploit devices, and block network traffic.  

In the FBI’s own words, the size and scope of VPN Filter’s impact is “significant”, and it does not discriminate based on manufacturing company or location. The malware’s use of encryption and hidden networks makes its activity especially hard to track and analyze. 

How to Protect Yourself and Your Data 

The FBI is recommending that anyone (yes, that means you) who owns a small home or business router immediately reboot their devices. This will disrupt the malware, at least temporarily, and help the FBI identify infected devices. 

Unfortunately, if the malware is still in its early stages on your device, a reboot may not be enough to completely delete it. That is why we are advising users to reboot and reset their routers to default, factory settings.  

How to Reset Your Router to Factory Settings 

Resetting a small router back to default, factory settings can usually be achieved easily by pressing down on a small button in the rear of the router. While you will have to re-organize your configuration settings, this should be all you need to do to wipe the malware from your device. 

How Else Can I Protect My Data? 

While rebooting and resetting your router is an adequate strategy for this form of malware, there are countless other malicious cyber-attacks and data breaches just waiting to strike. It is important to be prepared and take the necessary steps to protect yourself, your devices, and most importantly your personal and private information. 

Make sure you are always changing your passwords every 90 days and using at least 6 characters and a mix of different numbers and symbols.  

Try and avoid using public wi-fi, but if you must, never input sensitive passwords or information. 

Finally, you should always enable two-actor authentication for all your accounts. This way, even if your password is compromised, bad actors will not be able to access your accounts. 2FA is an essential wall of security that everyone should be using in 2018. 

We Can Help 

Keeping up with the ever-evolving world of cyber security can be a challenge. JDL Group can help you and your business deal with all these new threats. As an MSSP, we are equipped to help you prepare for any cyberattack or malicious software. Contact us today. 

 References:

https://www.ic3.gov/media/2018/180525.aspx 

ransomware attacks on law firms

The FBI recently issued a public service announcement stating that all owners of small office / home office (SOHO) routers should immediately reboot their devices. Why? The FBI believes that hundreds of thousands of routers worldwide have been infected with a form of malware called “VPN Filter”.  

Luckily, all that is necessary to turn off the malware is a simple reboot and reset to default factory settings. Rebooting the devices will also help the FBI determine which devices were infected in the first place. Don’t assume that a malware infection can’t happen to you, reboot your router today. 

What is VPN Filter? 

According to the FBI, VPN Filter is a form of malware targeting small home or office routers. This form of malware can collect private and personal information, exploit devices, and block network traffic.  

In the FBI’s own words, the size and scope of VPN Filter’s impact is “significant”, and it does not discriminate based on manufacturing company or location. The malware’s use of encryption and hidden networks makes its activity especially hard to track and analyze. 

How to Protect Yourself and Your Data 

The FBI is recommending that anyone (yes, that means you) who owns a small home or business router immediately reboot their devices. This will disrupt the malware, at least temporarily, and help the FBI identify infected devices. 

Unfortunately, if the malware is still in its early stages on your device, a reboot may not be enough to completely delete it. That is why we are advising users to reboot and reset their routers to default, factory settings.  

How to Reset Your Router to Factory Settings 

Resetting a small router back to default, factory settings can usually be achieved easily by pressing down on a small button in the rear of the router. While you will have to re-organize your configuration settings, this should be all you need to do to wipe the malware from your device. 

How Else Can I Protect My Data? 

While rebooting and resetting your router is an adequate strategy for this form of malware, there are countless other malicious cyber-attacks and data breaches just waiting to strike. It is important to be prepared and take the necessary steps to protect yourself, your devices, and most importantly your personal and private information. 

Make sure you are always changing your passwords every 90 days and using at least 6 characters and a mix of different numbers and symbols.  

Try and avoid using public wi-fi, but if you must, never input sensitive passwords or information. 

Finally, you should always enable two-actor authentication for all your accounts. This way, even if your password is compromised, bad actors will not be able to access your accounts. 2FA is an essential wall of security that everyone should be using in 2018. 

We Can Help 

Keeping up with the ever-evolving world of cyber security can be a challenge. JDL Group can help you and your business deal with all these new threats. As an MSSP, we are equipped to help you prepare for any cyberattack or malicious software. Contact us today. 

 References:

https://www.ic3.gov/media/2018/180525.aspx 

ransomware attacks on law firms

After Spectre and Meltdown, Google and Microsoft Disclose Another CPU Flaw 

The discovery of the Spectre and Meltdown vulnerabilities earlier this year was major news throughout the tech industry. These processor vulnerabilities potentially exposed the data of hundreds of millions of popular devices including servers, tablets, and smartphones. 

Spectre and Meltdown left the door wide open for hackers to manipulate a CPU data processing efficiency technique to gain access to sensitive information. Companies like Apple and Microsoft have worked to develop patches and updates to fix these vulnerabilities, but some have resulted in slower CPU performance. 

Now, a new vulnerability has emerged that is similar to Spectre and Meltdown. Microsoft and Google’s Project Zero have just announced the discovery of a flaw called Speculative Store Bypass-Variant 4 

Speculative Store Bypass 

The vulnerability is called Variant 4 because Spectre and Meltdown make up Variants 1-3. Bad actors can potentially use Variant 4 to access data that is supposed to be locked on Intel, ARM, and AMD processors. This process, called ‘Speculative Store Bypass’, manipulates processors into loading private data into insecure files.  

US-CERT’s advisory mentioned that hackers could access older CPU memory values using Variant 4, and experts also believe it could expose certain web browsing components, such as Javascript ad modules. 

Is Variant 4 a Major Vulnerability? 

Microsoft has classified Variant 4 as a low-level risk, while Intel and Google have classified it as a medium risk. Intel also says there is no current evidence that this vulnerability has been used by hackers, yet. 

Many patches and updates for the Spectre and Meltdown vulnerabilities already include safeguards against Speculative Store Bypass, but Intel says it will be releasing a comprehensive fix for Variant 4 within the next few weeks. In fact, the update is already available for manufacturers and software vendors. 

Protecting Your Data Moving Forward 

Companies will be rolling out Variant 4 patches and fixes over the next few weeks and months, but another CPU flaw will undoubtedly emerge at some point. Researchers had been expecting additional vulnerabilities to appear ever since Spectre and Meltdown, and Variant 4 is likely only the first. 

JDL Group can set up the right IT and security systems to properly defend your CPUs and network against vulnerabilities like Variant 4. JDL Group can also make sure your processors are always updated with the latest patches and fixes. Contact us today. 

References: 

https://www.wired.com/story/speculative-store-bypass-spectre-meltdown-vulnerability/ 

https://www.cnet.com/news/intel-microsoft-reveal-new-variant-on-spectre-meltdown-chip-security-flaws/ 

 

After Spectre and Meltdown, Google and Microsoft Disclose Another CPU Flaw 

The discovery of the Spectre and Meltdown vulnerabilities earlier this year was major news throughout the tech industry. These processor vulnerabilities potentially exposed the data of hundreds of millions of popular devices including servers, tablets, and smartphones. 

Spectre and Meltdown left the door wide open for hackers to manipulate a CPU data processing efficiency technique to gain access to sensitive information. Companies like Apple and Microsoft have worked to develop patches and updates to fix these vulnerabilities, but some have resulted in slower CPU performance. 

Now, a new vulnerability has emerged that is similar to Spectre and Meltdown. Microsoft and Google’s Project Zero have just announced the discovery of a flaw called Speculative Store Bypass-Variant 4 

Speculative Store Bypass 

The vulnerability is called Variant 4 because Spectre and Meltdown make up Variants 1-3. Bad actors can potentially use Variant 4 to access data that is supposed to be locked on Intel, ARM, and AMD processors. This process, called ‘Speculative Store Bypass’, manipulates processors into loading private data into insecure files.  

US-CERT’s advisory mentioned that hackers could access older CPU memory values using Variant 4, and experts also believe it could expose certain web browsing components, such as Javascript ad modules. 

Is Variant 4 a Major Vulnerability? 

Microsoft has classified Variant 4 as a low-level risk, while Intel and Google have classified it as a medium risk. Intel also says there is no current evidence that this vulnerability has been used by hackers, yet. 

Many patches and updates for the Spectre and Meltdown vulnerabilities already include safeguards against Speculative Store Bypass, but Intel says it will be releasing a comprehensive fix for Variant 4 within the next few weeks. In fact, the update is already available for manufacturers and software vendors. 

Protecting Your Data Moving Forward 

Companies will be rolling out Variant 4 patches and fixes over the next few weeks and months, but another CPU flaw will undoubtedly emerge at some point. Researchers had been expecting additional vulnerabilities to appear ever since Spectre and Meltdown, and Variant 4 is likely only the first. 

JDL Group can set up the right IT and security systems to properly defend your CPUs and network against vulnerabilities like Variant 4. JDL Group can also make sure your processors are always updated with the latest patches and fixes. Contact us today. 

References: 

https://www.wired.com/story/speculative-store-bypass-spectre-meltdown-vulnerability/ 

https://www.cnet.com/news/intel-microsoft-reveal-new-variant-on-spectre-meltdown-chip-security-flaws/ 

 

After Spectre and Meltdown, Google and Microsoft Disclose Another CPU Flaw 

Public Schools Are Being Attacked by Hackers More Than Ever

Cyber security has become a major problem for public schools over the past few years, but 2018 is bringing an unprecedented amount of cyber-attacks on schools all over the United States. Reports of different school districts falling victim to phishing and ransomware attacks are popping up all over the country. Let’s look at some recent attacks, as well as how one state is responding to this major threat. 

Roseburg Public Schools Fall Victim to Ransomware 

On the morning of Monday, May 7, Roseburg public schools in Oregon experienced a ransomware attack that blocked access to the district’s website and email. The district’s superintendent said at the time that IT personnel were working to restore encrypted files, and that it doesn’t appear that any personal information has been stolen or compromised.  

Unfortunately, days later the school district’s website still appears to be down. The school district says it will not release any further information about the hacker’s demands due to an ongoing police investigation.  

Hackers Gain Access to Fredericksburg School District’s Systems Using Phishing Emails  

Hackers created a fake email impersonating a regional organization to gain access to Fredericksburg school district’s electronic mail and filing systems last month. The Virginia school district detected the breach the next day, but not before hackers were able to access 14 employee emails and 1 employee’s files. 

The local superintendent sent out a letter warning parents that hackers may have had access to both student and parent information including full names, addresses, phone numbers, and insurance information. 

The malicious email appeared to be sent from a group that regularly sends info to local schools, a school employee reportedly thought it appeared suspicious, but clicked on it anyway. After this initial breach, hackers were able to send phishing emails to more employees. 

Indiana Launches New Cybersecurity Initiative for Schools 

The Indiana Department of Education just announced a new initiative to boost cyber protection education and funding in public schools. Indiana wants to make sure its schools faculty and students are prepared for cyber-attacks. Schools will even be able to apply for grants of up to $25,000 for cybersecurity funding. 

Indiana is also putting together a task-force to help teachers and staff become more familiar with cyber security and common threats. Some Indiana schools will be testing cybersecurity high school courses. 

Every School Needs to be Prepared 

Cybersecurity for public schools is no longer optional, hackers view schools as easy targets due to large numbers of online users and large amounts of sensitive data. JDL Group can help your school or district make sure it is prepared for anything with the latest in endpoint protection. Contact us today for a security assessment.  

References: 

https://indianapublicmedia.org/news/state-kicks-school-cybersecurity-initiative-146830/ 
http://www.fredericksburg.com/news/local/fredericksburg/hackers-break-into-fredericksburg-school-system-s-emails-file-system/article_d2b4e537-83ae-5160-8d6c-bbccf705e75a.html 
https://www.nrtoday.com/news/public_safety/roseburg-public-schools-computer-system-hacked/article_22c805d9-7f4a-5646-a832-b9711b23be32.html 

 

Public Schools Are Being Attacked by Hackers More Than Ever

Cyber security has become a major problem for public schools over the past few years, but 2018 is bringing an unprecedented amount of cyber-attacks on schools all over the United States. Reports of different school districts falling victim to phishing and ransomware attacks are popping up all over the country. Let’s look at some recent attacks, as well as how one state is responding to this major threat. 

Roseburg Public Schools Fall Victim to Ransomware 

On the morning of Monday, May 7, Roseburg public schools in Oregon experienced a ransomware attack that blocked access to the district’s website and email. The district’s superintendent said at the time that IT personnel were working to restore encrypted files, and that it doesn’t appear that any personal information has been stolen or compromised.  

Unfortunately, days later the school district’s website still appears to be down. The school district says it will not release any further information about the hacker’s demands due to an ongoing police investigation.  

Hackers Gain Access to Fredericksburg School District’s Systems Using Phishing Emails  

Hackers created a fake email impersonating a regional organization to gain access to Fredericksburg school district’s electronic mail and filing systems last month. The Virginia school district detected the breach the next day, but not before hackers were able to access 14 employee emails and 1 employee’s files. 

The local superintendent sent out a letter warning parents that hackers may have had access to both student and parent information including full names, addresses, phone numbers, and insurance information. 

The malicious email appeared to be sent from a group that regularly sends info to local schools, a school employee reportedly thought it appeared suspicious, but clicked on it anyway. After this initial breach, hackers were able to send phishing emails to more employees. 

Indiana Launches New Cybersecurity Initiative for Schools 

The Indiana Department of Education just announced a new initiative to boost cyber protection education and funding in public schools. Indiana wants to make sure its schools faculty and students are prepared for cyber-attacks. Schools will even be able to apply for grants of up to $25,000 for cybersecurity funding. 

Indiana is also putting together a task-force to help teachers and staff become more familiar with cyber security and common threats. Some Indiana schools will be testing cybersecurity high school courses. 

Every School Needs to be Prepared 

Cybersecurity for public schools is no longer optional, hackers view schools as easy targets due to large numbers of online users and large amounts of sensitive data. JDL Group can help your school or district make sure it is prepared for anything with the latest in endpoint protection. Contact us today for a security assessment.  

References: 

https://indianapublicmedia.org/news/state-kicks-school-cybersecurity-initiative-146830/ 
http://www.fredericksburg.com/news/local/fredericksburg/hackers-break-into-fredericksburg-school-system-s-emails-file-system/article_d2b4e537-83ae-5160-8d6c-bbccf705e75a.html 
https://www.nrtoday.com/news/public_safety/roseburg-public-schools-computer-system-hacked/article_22c805d9-7f4a-5646-a832-b9711b23be32.html 

 

Public Schools Are Being Attacked by Hackers More Than Ever

Less Than Half of Ransomware Victims Recover Their Data After Paying the Ransom Demand

A ransomware attack can happen quickly and paralyze a business or company within minutes. Most of the time, these attacks are followed by a ransom note or list of demands from hackers. Many ransomware victims will feel that they must pay the ransom to regain access to their data, but new data shows that may not be the best strategy. 

Unfortunately, a survey released this month by the research firm CyberEdge has found that paying cybercriminals during a ransomware attack hardly guarantees that you will recover your files. 

A Survey of IT Security Practitioners  

A survey released last month polled close to 1,200 IT security practitioners across 17 countries. It revealed that less than half of ransomware victims in 2017 who paid the ransom recovered their files and data. 

The survey concluded that timely and routine backups are the best way to ensure you will recover your files in the event of a ransomware attack since backups enable an easy recovery. 

The Results of the Ransomware Survey 

Statistically, the survey reports that of the 55% of respondents who experienced a ransomware attack in 2017, 38.7% opted to pay the ransom. Only 19.1% of those who paid the ransom, or less than half, were able to recover their data using tools provided by the hackers. 

The Ransomware authors either didn’t provide any decryption instructions after payment or provided tools that did not decrypt as promised. 

On the bright side, 53.3% of those who were attacked with ransomware and didn’t pay the ransom were able to recover their data using either backups or decryption applications. 

Overall, the survey concluded that 27.6% or over a quarter of ransomware victims lost their data in 2017, regardless of if they paid the ransom or not. 

How to Prepare for a Ransomware Attack 

Implementing the proper defenses before a ransomware attack occurs can make all the difference and ensure that you don’t lose crucial files or information. JDL Group recommends a comprehensive, continuous data backup plan that will regularly test your backups and store your information in a secure location online.  

As the results of the survey show, if you or your company’s files are encrypted by a ransomware attack, there is a good chance paying the ransom won’t get your files back. It is vital in today’s landscape to install the proper defenses against ransomware so that it never has a chance to encrypt your data. 

Decryption software also appears to be a solid option. Statistically, it proved to be more successful in retrieving victims’ data than paying the ransom’s demands. 

Protecting Your Data from Ransomware 

Preparing for a ransomware attack and strengthening your network defenses may seem like a difficult task now, but JDL Group can make the entire process simple, quick, and efficient.  

We will provide you with the right tools and strategies to recover your data in the event of a ransomware attack, and more importantly, we will work to ensure that a ransomware attack doesn’t happen to you in the first place. Contact us today and start the process.  

References: 


https://www.bleepingcomputer.com/news/security/only-half-of-those-who-paid-a-ransomware-were-able-to-recover-their-data/
 
https://www.cyber.nj.gov/cyber-at-a-glance/20180316 
https://www.which.co.uk/news/2018/03/less-than-half-of-ransomware-victims-get-their-files-back/

 

Less Than Half of Ransomware Victims Recover Their Data After Paying the Ransom Demand

A ransomware attack can happen quickly and paralyze a business or company within minutes. Most of the time, these attacks are followed by a ransom note or list of demands from hackers. Many ransomware victims will feel that they must pay the ransom to regain access to their data, but new data shows that may not be the best strategy. 

Unfortunately, a survey released this month by the research firm CyberEdge has found that paying cybercriminals during a ransomware attack hardly guarantees that you will recover your files. 

A Survey of IT Security Practitioners  

A survey released last month polled close to 1,200 IT security practitioners across 17 countries. It revealed that less than half of ransomware victims in 2017 who paid the ransom recovered their files and data. 

The survey concluded that timely and routine backups are the best way to ensure you will recover your files in the event of a ransomware attack since backups enable an easy recovery. 

The Results of the Ransomware Survey 

Statistically, the survey reports that of the 55% of respondents who experienced a ransomware attack in 2017, 38.7% opted to pay the ransom. Only 19.1% of those who paid the ransom, or less than half, were able to recover their data using tools provided by the hackers. 

The Ransomware authors either didn’t provide any decryption instructions after payment or provided tools that did not decrypt as promised. 

On the bright side, 53.3% of those who were attacked with ransomware and didn’t pay the ransom were able to recover their data using either backups or decryption applications. 

Overall, the survey concluded that 27.6% or over a quarter of ransomware victims lost their data in 2017, regardless of if they paid the ransom or not. 

How to Prepare for a Ransomware Attack 

Implementing the proper defenses before a ransomware attack occurs can make all the difference and ensure that you don’t lose crucial files or information. JDL Group recommends a comprehensive, continuous data backup plan that will regularly test your backups and store your information in a secure location online.  

As the results of the survey show, if you or your company’s files are encrypted by a ransomware attack, there is a good chance paying the ransom won’t get your files back. It is vital in today’s landscape to install the proper defenses against ransomware so that it never has a chance to encrypt your data. 

Decryption software also appears to be a solid option. Statistically, it proved to be more successful in retrieving victims’ data than paying the ransom’s demands. 

Protecting Your Data from Ransomware 

Preparing for a ransomware attack and strengthening your network defenses may seem like a difficult task now, but JDL Group can make the entire process simple, quick, and efficient.  

We will provide you with the right tools and strategies to recover your data in the event of a ransomware attack, and more importantly, we will work to ensure that a ransomware attack doesn’t happen to you in the first place. Contact us today and start the process.  

References: 


https://www.bleepingcomputer.com/news/security/only-half-of-those-who-paid-a-ransomware-were-able-to-recover-their-data/
 
https://www.cyber.nj.gov/cyber-at-a-glance/20180316 
https://www.which.co.uk/news/2018/03/less-than-half-of-ransomware-victims-get-their-files-back/

 

Less Than Half of Ransomware Victims Recover Their Data After Paying the Ransom Demand