Posts

Security Awareness

Should You Be Offering Security Awareness Training?

Nearly half of all office workers have had their data compromised at some point. And as if that wasn’t scary enough, the numbers only get more concerning from there. Following an incident, a whopping 35% of office workers don’t change their passwords—a measure that can go a long way to preventing future information theft. And while at work, 49% of respondents admit to clicking links that were sent to them by unknown senders – so should your service provider be offering security awareness training?

In this age of heightened awareness around cybersecurity, most employees have some appreciation for the risks this kind of behavior opens their companies up to. But data thieves and scammers can be incredibly cunning and deceptive—preying on workers’ information deficits and busy schedules to sneak in under the radar.

Employees and businesses need to master the basics of good cyber hygiene to keep sensitive data safe. Educating employees in the difference between a safe link and link that’s part of a phishing scam can spare companies the time, money, and PR headache of being compromised.

Since every employee has a different level of knowledge and awareness when it comes to cybersecurity best practices, training can be an essential tool to bring everyone up to an acceptable baseline. And this isn’t just true for large organizations anymore. Nearly half of all cyberattacks today are targeted at small- and medium-sized businesses (SMBs)—and 60% of those targeted go out of business within six months of the attack. As a result, SMBs are increasingly looking for security awareness training programs to keep their employees, and their information, as safe as possible.

This presents an opportunity for MSPs to deliver even more value to their clients—and become trusted advisors in the process. And to help you make the most of this opportunity, our recent webinar, Why Security Training, Why Now, and What’s in It for Me?, covers the what, why, and how of offering cybersecurity awareness training—and doing it effectively.

Here are some of the key takeaways from the webinar to help you decide whether to offer this training to your customers.

Who Benefits From Security Awareness Training?

A properly managed security training program can be beneficial to everyone involved.

Increasingly, companies’ compliance obligations mandate that they participate in these programs—and allocate budget specifically to them. With an existing budget and a real need among customers, security awareness training represents a huge opportunity for MSPs—one that can yield significant returns.

The training can also be invaluable for the customers, saving them money and headaches in the long run. Even a tiny data breach can have wide-reaching implications, so every dollar spent on training can pay off in spades. Emphasizing the long-term benefits of security training will be an essential part in upselling existing customers and showcasing the value to prospects.

To get buy-in from individual employees, it’s also useful to point out that this training can benefit them in their personal lives—helping them keep hackers out of their bank accounts and far away from their families’ private information.

What Makes a Good Security Awareness Training Program?

The value of security awareness training programs is evident, but how can you get companies to choose your program?

The most important thing any MSP can do is make sure their program is effective. A robust program will cover everything from phishing awareness to social engineering to mobile device security. That being said, it’s important to start with the basics and build up to more complex security lessons. While some employees will come in with a thorough understanding of general best practices, others may be entirely new to the subject. Never assume that something is obvious. Besides, a little refresher course never hurt anybody.

Behavioral change takes time, so it’s also important for your program to follow a pace that refreshes participants’ memory over time without overwhelming them. Consider outlining clear participation guidelines from the start to help everyone involved understand what’s expected of them. For example, you might plan two phishing simulations per month and offer three cyber awareness courses per quarter. Knowing what’s coming, the training won’t feel like a burden to employees—it will just be another part of their week.

To help ensure the training sticks, tailor it to your audience, making it department-specific when appropriate. You can also be proactive and integrate security training into existing onboarding processes so that security is prioritized from the get-go. These steps, while seemingly small, can make security training more digestible to your audience—and make their data safer as a result.

So, Should You Offer Security Awareness Training?

There has never been a greater need for security training. With cyber threats growing increasingly deceptive and dangerous, the market for efficient, high-quality training is one that’s worth tapping into. While MSPs don’t specialize in education, this situation offers the potential for you to step in and be the hero—helping your clients protect themselves from malicious threats.


This article was provided by our service partner : connectwise

Endpoint Security

Why MSPs Should Expect No-Conflict Endpoint Security

“Antivirus programs use techniques to stop viruses that are very “virus-like” in and of themselves, and in most cases if you try to run two antivirus programs, or full endpoint security suites, each believes the other is malicious and they then engage in a battle to the death (of system usability, anyway).”

“…running 2 AV’s will most likely cause conflicts and slowness as they will scan each other’s malware signature database. So it’s not recommended.”

The above quotes come from top answers on a popular computer help site and community forum in response to a question about “Running Two AVs” simultaneously.

Seattle Times tech columnist Patrick Marshall has similarly warned his readers about the dangers of antivirus products conflicting on his own computers.

Historically, these comments were spot-on, 100% correct in describing how competing Endpoint Security solutions interacted on endpoints. Here’s why.

The (Traditional) Issues with Running Side-by-Side AV Programs

In pursuit of battling it out on your machine for security supremacy, AV solutions have traditionally had a tendency to cause serious performance issues.

This is because:

  • Each is convinced the other is an imposter. Antivirus programs tend to look a lot like viruses to other antivirus programs. The behaviors they engage in, like scanning files or scripts and exporting information about those data objects, can look a little shady to a program that’s sole purpose is to be on the lookout for suspicious activity.
  • Each wants to be the anti-malware star. Ideally both AV programs installed on a machine would be up to the task of spotting a virus on a computer. And both would want to let the user know when they’d found something. So while one AV number one may isolate a threat, you can bet AV number two will still want to alert the user to its presence. This can lead to an endlessly annoying cycle of warnings, all-clears, and further warnings.
  • Both are hungry for your computer’s limited resources. Traditional antivirus products store static lists of known threats on each user’s machine so they can be checked against new data. This, plus the memory used for storing the endpoint agent, CPU for scheduled scans, on-demand scans, and even resource use during idling can add up to big demand. Multiply it by two and devices quickly become sluggish.

Putting the Problem Into Context

Those of you reading this may be thinking, But is all of this really a problem? Who wants to run duplicate endpoint security products anyway?

Consider a scenario, one in which you’re unhappy with your current AV solution. Maybe the management overhead is unreasonable and it’s keeping you from core business responsibilities. Then what?

“Rip and replace”—a phrase guaranteed to make many an MSP shudder—comes to mind. It suggests long evenings of after-hours work removing endpoint protection from device after device, exposing each of the machines under your care to a precarious period of no protection. For MSPs managing hundreds or thousands of endpoints, even significant performance issues can seem not worth the trouble.

Hence we’ve arrived at the problem with conflicting AV software. They lock MSPs into a no-win quagmire of poor performance on the one hand, and a potentially dangerous rip-and-replace operation on the other.

But by designing a no-conflict agent, these growing pains can be eased almost completely. MSPs unhappy with the performance of their current AV can install its replacement during working hours without breaking a sweat. A cloud-based malware prevention architecture and “next-gen” approach to mitigating attacks allows everyone to benefit from the ability to change and upgrade their endpoint security with minimal effort.

Simply wait for your new endpoint agent to be installed, uninstall its predecessor, and still be home in time for dinner.

Stop Wishing and Expect No-Conflict Endpoint Protection

Any modern endpoint protection worth its salt or designed with the user in mind has two key qualities that address this problem:

  1. It won’t conflict with other AV programs and
  2. It installs fast and painlessly.

After all, this is 2019 (and over 30 years since antivirus was invented) so you should expect as much. Considering the plethora of (often so-called) next-gen endpoint solutions out there, there’s just no reason to get locked into a bad relationship you can’t easily replace if something better comes along.

So when evaluating a new cybersecurity tool, ask whether it’s no conflict and how quickly it installs. You’ll be glad you did.


This article was provided by our service partner : webroot.com

smishing

Smishing Explained: What It Is and How You Can Prevent It

Do you remember the last time you’ve interacted with a brand, political cause, or fundraising campaign via text message? Have you noticed these communications occurring more frequently as of late?

It’s no accident. Whereas marketers and communications professionals can’t count on email opens or users accepting push notifications from apps, they’re well aware that around 98% of SMS messages are read within seconds of being received

As with any development in how we communicate, the rise in brand-related text messaging has attracted scammers looking to profit. Hence we arrive at a funny new word in the cybersecurity lexicon, “smishing.” Mathematical minds might understand it better represented by the following equation:

SMS + Phishing = Smishing

For the rest of us, smishing is the act of using text messages to trick individuals into divulging sensitive information, visiting a risky site, or downloading a malicious app onto a smartphone. These often benign seeming messages might ask you to confirm banking details, verify account information, or subscribe to an email newsletter via a link delivered by SMS.

As with phishing emails, the end goal is to trick a user into an action that plays into the hands of cybercriminals. Shockingly, smishing campaigns often closely follow natural disasters as scammers try to prey on the charitable to divert funds into their own pockets.

Smishing vs Vishing vs Phishing

If you’re at all concerned with the latest techniques cybercriminals are using to defraud their victims, your vocabulary may be running over with terms for the newest tactics. Here’s a brief refresher to help keep them straight.

  • Smishing, as described above, uses text messages to extract the sought after information. Different smishing techniques are discussed below.
  • Vishing is when a fraudulent actor calls a victim pretending to be from a reputable organization and tries to extract personal information, such as banking or credit card information.
  • Phishing is any type of social engineering attack aimed at getting a victim to voluntarily turn over valuable information by pretending to be a legitimate source. Both smishing and vishing are variations of this tactic.

Examples of Smishing Techniques

Enterprising scammers have devised a number of methods for smishing smartphone users. Here are a few popular techniques to be aware of:

  • Sending a link that triggers the downloading of a malicious app. Clicks can trigger automatic downloads on smartphones the same way they can on desktop internet browsers. In smishing campaigns, these apps are often designed to track your keystrokes, steal your identity, cede control of your phone to hackers, or encrypt the files on your phone and hold them for ransom.
  • Linking to information-capturing forms. In the same way many email phishing campaigns aim to direct their victims to online forms where their information can be stolen, this technique uses text messages to do the same. Once a user has clicked on the link and been redirected, any information entered into the form can be read and misused by scammers.
  • Targeting users with personal information. In a variation of spear phishing, committed smishers may research a user’s social media activity in order to entice their target with highly personalized bait text messages. The end goal is the same as any phishing attack, but it’s important to know that these scammers do sometimes come armed with your personal information to give their ruse a real feel.
  • Referrals to tech support. Again, this technique is a variation on the classic tech support scam, or it could be thought of as the “vish via smish.” An SMS message will instruct the recipient to contact a customer support line via a number that’s provided. Once on the line, the scammer will try to pry information from the caller by pretending to be a legitimate customer service representative. 

How to Prevent Smishing

For all the conveniences technology has bestowed upon us, it’s also opened us up to more ways to be ripped off. But if a text message from an unknown number promising to rid you of mortgage debt (but only if you act fast) raises your suspicion, then you’re already on the right track to avoiding falling for smishing.

Here are a few other best practices for frustrating these attacks:

  • Look for all the same signs you would if you were concerned an email was a phishing attempt: 1) Check for spelling errors and grammar mistakes, 2) Visit the sender’s website itself rather than providing information in the message, and 3) Verify the sender’s telephone address to make sure it matches that of the company it purports to belong to.
  • Never provide financial or payment information on anything other than the trusted website itself.
  • Don’t click on links from unknown senders or those you do not trust
  • Be wary of “act fast,” “sign up now,” or other pushy and too-good-to-be-true offers.
  • Always type web addresses in a browser rather than clicking on the link.
  • Install a mobile-compatible antivirus on your smart devices.

This article was provided by our service partner : webroot.com

DNS Security – Your New Secret Weapon in The Fight Against Cybercrime

It’s time to use the internet to your security advantage. Did you know more than 91% of malware uses DNS to gain command and control, exfiltrate data, or redirect web traffic?

But when internet requests are resolved by a recursive DNS service, they become the perfect place to check for and block malicious or inappropriate domains and IPs. DNS is one of the most valuable sources of data within an organization. It should be mined regularly and cross-referenced against threat intelligence. It’s easier to do than you might think. Security teams that are not monitoring DNS for indications of compromise are missing an important opportunity.

Don’t believe us? New analysis shows widespread DNS protection could save organizations as much as $200 billion in losses every year. Check out the full report  The Economic Value of DNS Security,” recently published by the Global Cyber Alliance (GCA). According to their findings, DNS firewalls could prevent between $19 billion and $37 billion in annual losses in the US and between $150 billion and $200 billion in losses globally. That’s a lot of bang for your buck. If organizations around the globe were to make this simple addition to their security stack, the savings could add up into billions of dollars.  Translation: an easy way to prevent one-third of total losses due to cybercrime.

About Cisco Umbrella

Cisco Umbrella uses the internet’s infrastructure to stop threats over all ports and protocols before it reaches your endpoints or network. Using statistical and machine learning models to uncover both known and emerging threats, Umbrella proactively blocks connections to malicious destinations at the DNS and IP layers. And because DNS is a protocol used by all devices that connect to the internet, you simply point your DNS to the Umbrella global network, and any device that joins your network is protected. So when your users roam, your network stays secure.


This article was provided by our service partner : Cisco Umbrella

cloud services

Cloud Services in the Crosshairs of Cybercrime

It’s a familiar story in tech: new technologies and shifting preferences raise new security challenges. One of the most pressing challenges today involves monitoring and securing all of the applications and data currently undergoing a mass migration to public and private cloud platforms.

Malicious actors are motivated to compromise and control cloud-hosted resources because they can gain access to significant computing power through this attack vector. These resources can then be exploited for a number of criminal money-making schemes, including cryptomining, DDoS extortion, ransomware and phishing campaigns, spam relay, and for issuing botnet command-and-control instructions. For these reasons—and because so much critical and sensitive data is migrating to cloud platforms—it’s essential that talented and well-resourced security teams focus their efforts on cloud security.

The cybersecurity risks associated with cloud infrastructure generally mirror the risks that have been facing businesses online for years: malware, phishing, etc. A common misconception is that compromised cloud services have a less severe impact than more traditional, on-premise compromises. That misunderstanding leads some administrators and operations teams to cut corners when it comes to the security of their cloud infrastructure. In other cases, there is a naïve belief that cloud hosting providers will provide the necessary security for their cloud-hosted services.

Although many of the leading cloud service providers are beginning to build more comprehensive and advanced security offerings into their platforms (often as extra-cost options), cloud-hosted services still require the same level of risk management, ongoing monitoring, upgrades, backups, and maintenance as traditional infrastructure. For example, in a cloud environment, egress filtering is often neglected. But, when egress filtering is invested in, it can foil a number of attacks on its own, particularly when combined with a proven web classification and reputation service. The same is true of management access controls, two-factor authentication, patch management, backups, and SOC monitoring. Web application firewalls, backed by commercial-grade IP reputation services, are another often overlooked layer of protection for cloud services.

Many midsize and large enterprises are starting to look to the cloud for new wide-area network (WAN) options. Again, here lies a great opportunity to enhance the security of your WAN, whilst also achieving the scalability, flexibility, and cost-saving outcomes that are often the primary goals of such projects.  When selecting these types of solutions, it’s important to look at the integrated security options offered by vendors.

Haste makes waste

Another danger of the cloud is the ease and speed of deployment. This can lead to rapidly prototyped solutions being brought into service without adequate oversight from security teams. It can also lead to complacency, as the knowledge that a compromised host can be replaced in seconds may lead some to invest less in upfront protection. But it’s critical that all infrastructure components are properly protected and maintained because attacks are now so highly automated that significant damage can be done in a very short period of time. This applies both to the target of the attack itself and in the form of collateral damage, as the compromised servers are used to stage further attacks.

Finally, the utilitarian value of the cloud is also what leads to its higher risk exposure, since users are focused on a particular outcome (e.g. storage) and processing of large volumes of data at high speeds. Their solutions-based focus may not accommodate a comprehensive end-to-end security strategy well. The dynamic pressures of business must be supported by newer and more dynamic approaches to security that ensure the speed of deployment for applications can be matched by automated SecOps deployments and engagements.

Time for action

If you haven’t recently had a review of how you are securing your resources in the cloud, perhaps now is a good time. Consider what’s allowed in and out of all your infrastructure and how you retake control. Ensure that the solutions you are considering have integrated, actionable threat intelligence for another layer of defense in this dynamic threat environment.


This article was provided by our service partner : webroot.com

cybersecurity

7 Critical, and Often Overlooked, Ways to Improve Your Cybersecurity

What you don’t know can, and will, hurt you. Cybersecurity is now at the forefront of business IT needs. If you ignore it, it won’t go away, and even worse, your customers will look elsewhere to get the services they need if you’re not providing them. It’s time to face the music. I recently sat down to chat with Chris Loehr, Executive Vice President of Solis Security, who specializes in cybersecurity incident response.

Chris has experience conducting forensic work on cyberattacks. He works with MSPs day in and day out and sees first-hand the mistakes commonly made all the time. Here are the tips he shared with us on how to wise up about cybersecurity:

Know Your Power

Your tools, specifically your remote monitoring and management (RMM) tool, are extremely powerful. While it can be used for the purpose it was intended, allowing you to work on multiple machines at the same time, it can also be used maliciously to attack several companies at once. This makes MSPs an ideal target for attackers to gain access to an entire database in a relatively short amount of time vs. attacking companies individually. And unfortunately, in some cases, businesses never recover. You need to ensure that your RMM is secure.

Don’t Blindly Trust Your Providers

You should hold yourself responsible and perform due diligence on your key vendors/service providers. Your customers trust you. The vendors you work with are an extension of you and the services you provide. Ensuring that your vendors are doing the right things makes it easier for you to also do right by your customers. You need to educate your customers on what threats could impact them, what you do or do not cover, and provide the appropriate solutions. In doing so, you can be the trusted service provider they believe you are. And in the long run, this level of earned trust translates directly to customer retention.

Invest the Time to Truly Know Your Customers

When disaster strikes should not be the time that you’re learning about your customers and their operations. You need to know ahead of time what the critical applications/files are that need to be backed up. They might not be the obvious applications. Too often after disaster strikes, you find out you didn’t back up something essential to the customers’ business because you didn’t know about it or its importance. A business impact assessment (BIA) should be performed annually for each monthly recurring revenue (MRR) customer.

Give Your Best Customers Some Love

When disaster strikes, the best customers usually will be the most upset and most willing to pursue legal action. Even though everything appears to be going great, you don’t know what may be happening behind the scenes. Having crucial conversations with decision makers is key to your ongoing success. Ensure these conversations include topics around cybersecurity to help protect them, as well as yourself.

Don’t Be Cybersecurity Insurance Ignorant

Cybersecurity coverage is not the same as an auto insurance or health insurance policy. Filing a claim does not make your premiums go up. Be especially careful when deciding what coverages to waive. To get lower premiums, companies sometimes waive cyberextortion coverage. However, this type of coverage pays for a ransom, should you be in a situation to require one. Even though you might have enough money in the bank to pay it, keep in mind that you are still responsible for operational expenses as well (like payroll).

Doing a risk assessment is helpful to understand where you and your customers stand and in the future could also become a tool for the insurance industry to help underwrite policies.

Realize That Your Contracts Aren’t a Magic Shield

This is the biggest weakness of many MSPs. Anyone can sue you regardless of your contract. You need to know when certain scenarios will negate your liability limitations. Often, MSPs rely on only one attorney to assist in creating their contracts. It’s always best to have a second option. We highly advise getting a litigation attorney to look at your contracts. Also, take into consideration different state laws if you operate in more than one state and how that impacts your contracts.

Prepare for a Disaster

As the saying goes, “If you fail to plan, you’re planning to fail.” Not planning for a disaster could quite literally put you out of business or set you back a couple of years. Your backup solution is the ultimate piece that will save your business. It has to be more than rock solid. Test it and test it again. Backing up data is the first step but being able to restore from the back up is the true measure of success. The worst-case scenario is to have to tell your customer that you lost all the files that were previously backed up. A one size fits all backup solution might not work for each customer.


This article was provided by our service partner : connectwise.com

Digital Identity

Lock Down Your Digital Identity

The last decade has been one of digital revolution, leading to the rapid adoption of new technology standards, often without the consideration of privacy ramifications. This has left many of us with a less-than-secure trail of digital breadcrumbs—something cybercriminals are more than aware of. Identity theft is by no means a new problem, but the technology revolution has created what some are calling a “global epidemic.”

What is a Digital Identity?

The first step in locking down your digital identity is understanding what it is. A digital identity is the combination of any and all identifying information that can connect a digital persona to an actual person. Digital identities are largely comprised of information freely shared by the user, with social media accounts generally providing the largest amount of data. Other online services like Etsy and eBay, as well as your email and online banking accounts, also contribute to your digital identity. Realistically, any information that can be linked back to you, no matter how seemingly inconsequential, is part of your digital identity.

Digital Identity Theft

Digital identity theft occurs in several ways. A common tactic is social media fraud, where a hacker will impersonate a user by compromising an existing social media account, often messaging friends and family of the user requesting money or additional account information. If unable to gain full control of a genuine social media account, identity thieves will often set up a dummy social media account and impersonate the user using it.

A less widely-known form of digital identity fraud is internet-of-things (IoT) identity theft, where an attacker gains access to an IoT device with weak security protocols and exploits it to gain access to a higher priority device connected to the same network. Another growing threat is “SIM swapping”— an attack that involves tricking a mobile provider into swapping a legitimate phone number over to an illegitimate SIM card, granting the attacker access to SMS-enabled two-factor authentication (2FA) efforts.

Even those who don’t consider themselves targets should be aware of these tactics and take steps to lock down their digital identities.

Locking it Down

Reviewing your social media accounts’ privacy settings is one of the easiest things you can do to cut opportunistic identity thieves off from the start. Set your share settings to friends only, and scrub any identifying information that could be used for security clearance — things like your high school, hometown, or pets’ names. Only add people you personally know and if someone sends you a suspicious link, don’t click it! Phishing, through email or social media messages, remains one of the most prevalent causes of digital identity theft in the world. But your digital identity can be compromised in the physical world as well — old computers that haven’t been properly wiped provide an easy opportunity hackers won’t pass up. Always take your outdated devices to a local computer hardware store to have them wiped before recycling or donating them.

The Right Tools for the Job

This is just the start of a proper digital identity lock-down. Given the sensitive nature of these hacks, we asked Webroot Security Analyst Tyler Moffitt his thoughts on how consumers can protect their digital identities.

“Two-factor authentication in combination with a trusted virtual private network, or VPN, is the crown jewel of privacy lock-down,” Tyler said. “Especially if you use an authenticator app for codes instead of SMS authentication. A VPN is definitely a must… but you can still fall for phishing attempts using a VPN. Using two-factor authentication on all your accounts while using VPN is about as secure as you can get.”

2FA provides an additional level of security to your accounts, proactively verifying that you are actually the one attempting to access the account. 2FA often uses predetermined, secure codes and geolocation data to determine a user’s identity.

Because 2FA acts as a trusted gatekeeper, do your research before you commit to a solution. You’ll find some offerings that bundle 2FA with a secure password manager, making the commitment to cybersecurity a little bit easier. When making your choice, remember that using SMS-enabled 2FA could leave you vulnerable to SIM swapping, so though it is more secure than not using 2FA at all, it is among the least secure of 2FA strategies.

VPNs wrap your data in a cocoon of encryption, keeping it out of sight of prying eyes. This is particularly important when using public WiFi networks, since that’s when your data is at its most vulnerable. Many VPNs are available online, including some free options, but this is yet another instance of getting what you pay for. Many free VPNs are not truly private, with some selling your data to the highest bidder. Keeping your family secure behind a VPN means finding a solution that provides you with the type of comfort that only comes with trust.


This article was provided by our service partner : webroot.com

cloud security

How Threats Have Evolved & Why You Need to Do Something About It

Whether you realize it or not, the
cybersecurity threat landscape has changed dramatically in the last few years—and recent security issues prove it.

Everywhere you turn, conversations about cyber issues today are happening. The media coverage on massive breaches continues to grow by the day. But since most of the high profile cases people read about are large companies (Equifax, Apple, Target, etc.), many small business owners you work with have it in their mind that large companies are the targets and they’re immune or safe from new threats.

That couldn’t be further from the truth.

Attacks on SMBs, as well as MSPs, are on the rise, and you both must be vigilant as a result. According to the Ponemon Institute: 2017 State of Cybersecurity in Small & Medium-Sized Businesses (SMB) study, the average cost due to damage or theft of IT assets and infrastructure increased from $879,582 to $1,027,053. The average cost due to disruption of normal operations increased from $955,429 to $1,207,965.

Attacks and breaches 1
So, What’s Changed?

Security was a modest part of the services you’ve provided—until now. It’s made its way to the forefront of business IT needs so you can protect against the top cybersecurity threats out there. Endpoint protection, firewall protection, and email protection were staples of the managed services business, but they’re simply not enough anymore. Failure to address these increases the chance of a serious security event, and reduces the chance to avoid downtime, a work stoppage, or worse.

For years, MSPs have provided a successful security strategy that has provided their customers excellent uptime and productivity. Cybercriminals are getting more sophisticated and targeting small to medium businesses. Ransomware, data breaches, and phishing attacks are examples of tactics that eclipse the solutions that we’ve relied on thus far. You’ll want to make sure they’re safeguarded against these more sophisticated attacks, and mitigate as much risk as possible. Cyber issues today don’t just impact your customers, but their customers, suppliers, etc. If someone were to breach your customer, it could give them access to all of their critical systems and data. If an incident happens in a regulated industry, the cause goes beyond their loss of business. It would compromise your patient’s protected data and be in breach of HIPAA requirements. Aside from financial implications due to a work stoppage, breaches in industries that are regulated (financial, healthcare, industrial, government, etc.) are also subject to investigations, digital forensics teams, and litigation.

As an MSP, more times than not you’ll be questioned and have to participate in those investigations. If the customer has cyber insurance, the insurance company will do their investigation before paying out. In a breach today where data is compromised, the financial impact is a whopping $148 per record. It’s not just downtime that can render a business in trouble after a breach, because the lingering effects are crippling to most companies.

What Can You Do About It?

Several things. First, realize that this is not a problem you can throw a bunch of tools at to fix. People and process is a key component of a strong security posture. As you can see in the chart “What’s Behind the Trends: Root Cause”, 54% of data breaches were a result of negligent employees or contractors. That correlates to nearly half of all attacks being executed through phishing or social engineering. Implementing security awareness training through Customer Security Programs is a good way to expand your service offering and reduce your customers risk that doesn’t involve adding another tool to your stack.

Attacks and breaches : root cause

Second, leverage a proven framework as a benchmark to measure your customers’ businesses (and your own). We believe the NIST Cybersecurity Framework (CSF) is the most comprehensive and easiest framework for MSPs to adopt. We’ve built a risk assessment based on that framework that includes strengths and weaknesses for your customer, plus an actionable report and an attestation letter that protects you against recommendations your customer doesn’t wish to add. With this, you can walk into a customer’s office and say, “In order to make sure you’re as protected as you can be, I went ahead and did a risk assessment of your business to help determine your security posture. The assessment is based on the Cybersecurity Framework created by the National Institute of Standards and Technology, and it’s the benchmark we use to grade all companies—regardless of size or industry. It’s also the same assessment I perform regularly on my own company.”


This article was provided by our service partner : connectwise.com

WiFi Security

The Hidden Costs of ‘Free’ WiFi

The True Cost of Free WiFi

Ease-of-access is a true double-edged sword. Like all powerful technologies, WiFi (public WiFi in particular) can be easily exploited. You may have read about attacks on publicly accessible WiFi networks, yet studies show that more than 70% of participants admit to accessing their personal email through public WiFi. WiFi vulnerabilities aren’t going away anytime soon—in 2017, the WPA2 security protocol used by essentially all modern WiFi networks was found to have a critical security flaw that allowed attackers to intercept passwords, e-mails and other data.

So what are the most commonly seen attacks via free WiFi, and how can we protect ourselves and our families? We turned to Tyler Moffitt, Webroot’s Sr. Threat Research Analyst, for answers.

Common Public WiFi Threats

“Criminals are either taking over a free WiFi hotspot at the router level, or creating a fake WiFi hotspot that’s meant to look like the legitimate one,” explained Moffitt. “The purpose of these man-in-the-middle attacks is to allow attackers to see and copy all of the traffic from the devices connected to the WiFi they control.”

Basic security protocols often aren’t enough to protect users’ data.

“Even with HTTPS sites where some data is encrypted, much of it is still readable,” Moffitt said. “Beyond just seeing where you surf and all the login credentials, criminals also have access to your device and can drop malicious payloads like ransomware.”

We are now seeing these attacks evolve, with cryptojacking becoming a particularly lucrative exploitation model for public WiFi networks. Cryptojacking is seen as a “low risk” attack as an attacker siphons a victim’s computer processing power, something far less likely to be detected and tracked than a traditional malware or ransomware attack. This was particularly notable in a 2017 cryptojacking attack that targeted Starbucks customers, which went uncorrected until Noah Dinkin—a tech company CEO—noticed a delay when connecting to the shop’s WiFi. Dinkin took it upon himself to investigate

It’s not just coffee shops that are being targeted. Airports, hotels, and convention centers are particularly prime targets due to their high  traffic. To demonstrate the power of a targeted attack in a conference setting, a security experiment was conducted at the 2017 RSA Conference. Surprisingly, even at an IT security conference, white hat hackers were able to trick 4,499 attendees into connecting to their rogue WiFi access point. The targeting of high-traffic, travel-focused locations means that many frequent travelers will leave themselves exposed at some point by connecting to public WiFi options—even though they may know better.

How to Detect the Threat

What are the telltale signs of a compromised system?

“With cryptomining, you will definitely notice that your machine will start acting slow, the fans will kick on full blast, and the CPU will increase to 100 percent, usually the browser being the culprit,” Moffitt said. “But there are few signs of a man-in-the-middle attack, where wireless network traffic is spied on for credentials and financial information. You won’t notice a thing, as your computer is just connecting to the router like normal. All information is being observed by someone in control of the router.”

With one recent attack in 2018 alone affecting 500,000 WiFi routers, the need for WiFi security has never been stronger.

Protecting Yourself on the Go

You can take steps to keep your data secure; the first of which is being sure that you have a VPN installed and protecting your devices. Nothing else will as effectively encrypt and shield your traffic on a public network.

“Using a VPN is the most impactful way to combat the dangers of free WiFi,” Moffitt said. “Think of VPN as a tunnel that shelters all of your information going in and out of your device. The traffic is encrypted so there is no way that criminals can read the information you are sending.”

“I use a VPN on my phone when I’m on the go,” he continued. “It’s really easy to use and you make sure all your data is private and not visible to prying eyes.”

But be sure to research any VPN before you commit to ensure it is trustworthy. It’s important to review the vendor’s privacy policy to make sure the VPN does not monitor or retain logs of your activities. Remember that, with security software and apps, you generally get what you pay for.

While free VPN apps will shield your data from the router you are connecting to, they may still spy on you and sell your information,” Moffitt said.

What does this all mean for you? If there is no such thing as free lunch, then there is definitely no such thing as free WiFi. The true cost just might be your online security and privacy.

Stay vigilant, secure all of your web traffic behind a trusted VPN, and check back here often for the latest in cybersecurity updates


This article was provided by our service partner : webroot.com

ransomware secuirty

The Ransomware Threat isn’t Over. It’s Evolving.

Ransomware is any malware that holds your data ransom. These days it usually involves encrypting a victim’s data before asking for cash (typically cryptocurrency) to decrypt it. Ransomware ruled the malware world since late 2013, but finally saw a decline last year. The general drop in malware numbers, along with defensive improvements by the IT world in general (such as more widespread backup adoption), were factors, but have also led this threat to become more targeted and ruthless.

Delivery methods

When ransomware first appeared, it was typically distributed via huge email and exploit kit campaigns. Consumer and business users alike were struck without much discretion. 

Today, many ransomware criminals prefer to select their targets to maximise their payouts. There’s a cost to doing business when it comes to infecting people, and the larger the group of people you are trying to hit, the more it costs. 

Exploit kits

Simply visiting some websites can get you infected, even if you don’t try to download anything. This is usually done by exploiting weaknesses in the software used to browse the web such as your browser, Java, or Flash. Content management and development tools like WordPress and Microsoft Silverlight, respectively, are also common sources of vulnerabilities. But there’s a lot of software and web trickery involved in delivering infections this way, so the bulk of this work is packaged into an exploit kit which can be rented out to criminals to help them spread their malware. 

Renting an exploit kit can cost $1,000 a month, so this method of delivery isn’t for everyone. Only those cybercriminals who’re sufficiently motivated and funded. 

“Because the cost of exploitation has risen so dramatically over the course of the last decade, we’ll continue to see a drop in the use of 0-days in the wild (as well as associated private exploit leaks). Without a doubt, state actors will continue to hoard these for use on the highest-value targets, but expect to see a stop to Shadowbrokers-esque occurrences. The mentioned leaks probably served as a powerful wake-up call internally with regards to who has access to these utilities (or, perhaps, where they’re left behind).” – Eric Klonowski, Webroot Principal Threat Research Analyst

Exploits for use in both malware and web threats are harder to come by these days and, accordingly, we are seeing a drop in the number of exploit kits and a rise in the cost of exploits in the wild. This threat isn’t going anywhere, but it is declining.

Figure 1. Still plenty of exploit kits out there. Source: Execute Malware

Email campaigns

Spam emails are a great way of spreading malware. They’re advantageous for criminals, as they can hit millions of victims at a time. Beating email filters, creating a convincing phishing message, crafting a dropper, and beating security in general is tough to do on a large scale, however. Running these big campaigns requires work and expertise so, much like an exploit kit, they are expensive to rent. 

Figure 2. Shade ransomware delivered from a recent spam email campaign Source: InfoSec Handlers Diary Blog

Targeted attacks

The likelihood of a target paying a ransom and how much that ransom is likely to be is subject to a number of factors, including:

  • The country of the victim. The GDP of the victim’s home nation is correlated to a campaign’s success, as victims in richer countries are more likely to shell out for ransoms 
  • The importance of the data encrypted
  • The costs associated with downtime
  • The operating system in use. Windows 7 users are twice as likely to be hit by malware as those with Windows 10, according to Webroot data
  • Whether the target is a business or a private citizen. Business customers are more likely to pay, and pay big

Since the probability of success varies based on the target’s circumstances, it’s important to note that there are ways of narrowing target selection using exploit kits or email campaigns, but they are more scattershot than other, more targeted attacks.

RDP

Remote Desktop Protocol, or RDP, is a popular Microsoft system used mainly by admins to connect remotely to servers and other endpoints. When enabled by poor setups and poor password policies, cybercriminals can easily hack them. RDP breaches are nothing new, but sadly the business world (and particularly the small business sector) has been ignoring the threat for years. Recently, government agencies in the U.S. and UK have issued warnings about this completely preventable attack. Less sophisticated cybercriminals can buy RDP access to already hacked machines on the dark web. Access to machines in major airports has been spotted on dark web marketplaces for just a few dollars.

Figure 3. Servers for sales on underground forums. Source: Fujitsu

Spear phishing

If you know your target, you can tailor an email specifically to fool them. This is known as spear phishing, and it’s an extremely effective technique that’s used in a lot of headline ransomware cases.

Modular malware

Modular malware attacks a system in different stages. After running on a machine, some reconnaissance is done before the malware reinitiates its communications with its base and additional payloads are downloaded. 

Trickbot

The modular banking Trojan Trickbot has also been seen dropping ransomware like Bitpaymer onto machines. Recently it’s been used to test a company’s worth before allowing attackers to deploy remote access tools and Ryuk(ransomware) to encrypt the most valuable information they have. The actors behind this Trickbot/Ryuk campaign only pursue large, lucrative targets they know they can cripple.

Trickbot itself is often dropped by another piece of modular malware, Emotet

What are the current trends?

As we’ve noted, ransomware use may be on the decline due to heightened defences and greater awareness of the threat, but the broader, more noteworthy trend is to pursue more carefully selected targets. RDP breaches have been the largest source of ransomware calls to our support teams in the last 2 years. They are totally devastating to those hit, so ransoms are often paid.

Figure 4. A slight dip but a consistently high amount of RDP malware seen by us last year.

Modular malware involves researching a target before deciding if or how to execute and, as noted in our last blog on information stealers,they have been surging as a threat for the last six months. 

Automation

When we talk about selecting targets, you might be inclined to assume that there is a human involved. But, wherever practical, the attack will be coded to free up manpower. Malware routinely will decide not to run if it is in a virtualised environment or if there are analysis tools installed on machines. Slick automation is used by Trickbot and Emotet to keep botnets running and to spread using stolen credentials. RDP breaches are easier than ever due to automated processes scouring the internet for targets to exploit. Expect more and more intelligent automation from ransomware and other malware in future.

What can I do?

  • Secure your RDP
  • Use proper password policy. This ties in with RDP ransomware threats and especially applies to admins.
  • Update everything
  • Back up everything. Is this backup physically connected to your environment (as in USB storage)? If so, it can easily be encrypted by malware and malicious actors. Make sure to air gap backups or back up to the cloud.
  • If you feel you have been the victim of a breach, it’s possible there are decryption tools available. Despite the brilliant efforts of the researchers in decryption, this is only the case in some instances.

This article was provided by our service partner : webroot.com