MediaBytes

Are You One Of Many Affected By The Quest Diagnostics Breach?

Financial & Medical Information of 12 Million Exposed

Quest Diagnostics reports that almost 12 million people could have been affected by a data breach.

On Monday, June 3, 2019, Quest Diagnostics said that American Medical Collection Agency (AMCA), a billing collections provider they work with, informed them that an unauthorized user had managed to obtain access to AMCA systems.

Quest Diagnostics is one of the largest blood-testing providers in the U.S.

Anyone who has ever been a patient at a Quest Diagnostics medical lab could be affected by the breach.

AMCA provides billing collection services to Optum360, which is a Quest contractor. AMCA first notified Quest about the breach on May 14th. Quest reports said that they are no longer using AMCA and that they are notifying affected patients about the data exposure.

The information included in the breached system includes:

• Bank account information
• Medical information
• Credit card information
• Social Security Numbers
• Other personal information

In its filing, Quest reported:

“Quest Diagnostics takes this matter very seriously and is committed to the privacy and security of patients’ personal, medical and financial information.”

What Should You Do?

Anyone who was affected by the data leak should freeze their credit report to prevent criminals from opening credit card accounts in their name. They should also be concerned that their Social Security numbers were exposed.

If you believe that your information has been leaked, you can contact Quest Diagnostics’ customer service at 1 (866) 697-8378 or on their contact page.

Are You One Of Many Affected By The LabCorp Data Breach?

Financial & Personal Information of 7.7 Million Exposed

Just yesterday we wrote about the Quest Diagnostics’ breach affecting nearly 12 million. Today we’re writing to tell you about a LabCorp breach affecting 7.7 million people. Both of these breaches were caused by a third-party; the American Medical Collection Agency (AMCA). AMCA provides billing collection services to both LabCorp and Quest Diagnostics.

AMCA has informed LabCorp that it is in the process of sending notices to approximately 200,000 LabCorp consumers whose credit card or bank account information may have been accessed. AMCA has not yet provided LabCorp with a list of the affected LabCorp consumers or more specific information about them.

In a filing with the U.S. Securities and Exchange Commission, LabCorp said the breach happened between August 1, 2018, and March 30, 2019.

A section of the filing reads:

“AMCA’s affected system also included credit card or bank account information that was provided by the consumer to AMCA for those who sought to pay their balance. LabCorp provided no ordered test, laboratory results, or diagnostic information to AMCA. AMCA has advised LabCorp that Social Security Numbers and insurance identification information are not stored or maintained for LabCorp consumers.”

The information included in the breached system includes:

• Bank account information,
• Credit card information,
• First and last name,
• Date of birth,
• Address and phone,
• Date of service and provider, and
• Balance information.

Forensic experts are investigating the breach. It’s possible that the AMCA breach could impact other companies and millions of more consumers.

What Should You Do?

Anyone who was affected by the data breach should freeze their credit report to prevent criminals from opening credit card accounts in their name. They should also be concerned that their Social Security numbers were exposed.

If you believe that your information has been leaked, you can contact LabCorp customer service on their contact page.

 CBD Reports 100,000 Photo and License Plate Breach

The U.S. Customs and Border Protection (CBP) reported today that nearly 100,000 travelers’ photos and license plate data were breached. If you’ve driven in or out of the country within the six-week period where the data was exposed, you could have been victimized.

The department said on June 10^th that the breach stemmed from an attack on a federal subcontractor. CBP learned of the breach on May 31^st.

CBP report:

“Initial reports indicate that the traveler images involved fewer than 100,000 people; photographs were taken of travelers in vehicles entering and exiting the United States through a few specific lanes at a single land border Port of Entry over a 1.5 month period.”

CBP hasn’t reported when this 6-week period was.

Who Was The Subcontractor That Was Affected By The Breach?

CBP hasn’t said who the subcontractor was either. But the Register reports that the vehicle license plate reader company Perceptics based in Tennessee was hacked. And, these files have been posted online.

Additionally, the Washington Post reports that an emailed statement was delivered to reporters with the title: “CBP Perceptics Public Statement.”

Perceptics’ technology is used for border security, electronic toll collection, and commercial vehicle security. They collect data from images on license plates, including the number, plate type, state, time stamps and driver images.

Where Were The License Plate Readers Installed?

Perceptics license plate readers were installed at 43 U.S. Border Patrol checkpoint lanes in Texas, New Mexico, Arizona, and California.

CBP reports that “No passport or other travel document photographs were compromised and no images of airline passengers from the air entry/exit process were involved.”

CBP uses cameras and video recordings at land border crossings and airports. The images they capture are used as part of a growing agency facial-recognition program designed to track the identity of people entering and exiting the U.S.

Do We Know Whose Data Was Exposed?

No, we don’t. And to date, CBP hasn’t said if this data will be released. If we hear differently, we’ll be sure to report any updates, so keep watching this space.

Is Facial-Recognition A Security Threat?

Facial-recognition is a hot topic right now. The American Civil Liberties Union states:

“This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency’s data practices. The best way to avoid breaches of sensitive personal data is not to collect and retain such data in the first place.”

Congressional lawmakers have questioned whether the government’s expanded surveillance with facial recognition could threaten constitutional rights and open millions to identity theft.

Today’s technology can recognize and track us without our knowledge or an option to prevent it. It’s inevitable that a new battle between surveillance and privacy will be taking place as more breaches occur.

Hackers Now Using HTTPS To Trick Victims Via Phishing Scams

Everything you’ve heard about the safety of https sites is now in question. According to a recent FBI public service announcement, hackers are incorporating website certificates (third-party verification that a site is secure) when sending potential victims phishing emails that imitate trustworthy companies or email contacts.

These phishing schemes are used to acquire sensitive logins or other information by luring people to a malicious website that looks secure.

Can You Still Count On HTTPS?

The “s” in the https along with a lock icon is supposed to give us an indication that a website is secure. And your employees may have heard this in their Security Awareness Training. All training will now need to be updated to include this latest criminal tactic.

What Should You Do?

Be Suspicious of Email Names and Content

The FBI recommends that users not only be wary of the name on an email but be suspicious of https links in emails. They could be fake and lead you to a virus-laden website. Users should always question email content to ensure authenticity.

• Look for misspellings or the wrong domain, such as an address that ends in “com” when it should be “org.” And, unfortunately, you can no longer simply trust that a website with “https” and a lock icon is secure.
• If you receive a suspicious email that contains a link from a known contact, call the sender or reply to the email to ensure that the content is legitimate.
• If you don’t know the sender of the email, the FBI warns that you shouldn’t respond to it.
• Don’t click links in any emails from unknown senders.

If You Run A Business Ask Your IT Service Company About New-School Security Awareness Training For Your Employees

This will give your staff the latest information about cyber threats and exploits. They’ll learn what they need to know to avoid being victimized by phishing and other scams.

Why Use New-School Security Awareness Training?

Your employees are the weakest link when it comes to cybersecurity. You need current and frequent cybersecurity training, along with random Phishing Security Tests that provide a number of remedial options if an employee falls for a simulated phishing attack.

New-School Security Awareness Training provides both pre-and post-training phishing security tests that show who is or isn’t completing prescribed training. And you’ll know the percentage of employees who are phish-prone.

New-School Security Awareness Training…

• Sends Phishing Security Tests to your employees to take on a regular basis.
• Trains your users with the world’s largest library of security awareness training content, including interactive modules, videos, games, posters and newsletters, and automated training campaigns with scheduled reminder emails.
• Phishes your users with best-in-class, fully automated simulated phishing attacks, and thousands of templates with unlimited usage, and community phishing templates.
• Offers Training Access Levels: I, II, and III with an “always-fresh” content library. You’ll get web-based, on-demand, engaging training that addresses the needs of your organization whether you have 50, 500 or 5,000 users.
• Provides automated follow-up emails to get them to complete their training. If they fail, they’re automatically enrolled in follow-up training.
• Uses Advanced Reporting to monitor your users’ training progress, and provide your phish-prone percentage so you can see it reduce as your employees learn what they need to know.  It shows stats and graphs for both training and phishing, ready for your management to review.

Your employees will get new learning experiences that are engaging, fun and effective. It includes “gamification” training, so they can compete against their peers while learning how to keep your organization safe from cyber attacks.

Add New-School Security Awareness Training To Your Current Employee Training

The use of https is just the latest trick that hackers are using to fool victims into falling for malicious emails. Hackers have many more “up their sleeves.” This is why regular, up-to-date New School Security Awareness Training is so important for any organization.

Capital One Data Breach Affects More Than 100 Million Customers and Small Businesses in The U.S. & 6 Million in Canada

On July 29, 2019, Capital One reported that their customers’ confidential information was compromised. This includes the Social Security and bank account numbers of more than 100 million people and small businesses in the U.S., along with 6 million in Canada.

The McLean, Virginia-based bank discovered the vulnerability in its system July 19 and immediately sought help from law enforcement to catch the perpetrator. They waited until July 29 to inform customers.

How Did The Hacker Get Into Capital One’s System?

According to court documents in the Capital One case, the hacker obtained this information by finding a misconfigured firewall on Capital One’s Amazon Web Services (AWS) cloud server.

Amazon said that AWS wasn’t compromised in any way. They say that the hacker gained access through a misconfiguration on the cloud server’s application, not through a vulnerability in its infrastructure.

Capital One says that they immediately fixed the configuration vulnerability that the individual exploited and promptly began working with federal law enforcement.

Who Breached Capital One’s Data?

Paige A. Thompson, a former software engineer in Seattle, is accused of stealing data from Capital One credit card applications.

Thompson was a systems engineer and an employee at Amazon Web Services from 2015 to 2016. In a statement, Amazon said that she left the company three years before the hack took place.

The FBI arrested Thompson on Monday, July 29 for the theft, which occurred between March 12 and July 17. Thompson made her initial appearance in U.S. District Court in Seattle and has been detained pending an August 1 hearing. Computer fraud and abuse are punishable by up to five years in prison and a $250,000 fine.

What Information Was Compromised?

Thompson stole information including credit scores and balances plus the Social Security numbers of about 140,000 customers and 80,000 linked bank account numbers of their secured credit card customers. For Capital One’s Canadian credit card customers, approximately 1 million Social Insurance Numbers were compromised.

The largest category of information obtained was that of consumers and small businesses when they applied for one of Capital One’s credit card products from 2005 through early 2019.

Capital One said, some of this information included names, addresses, phone numbers, email addresses, dates of birth and self-reported income.

Other data obtained included credit scores, limits, balances and transaction data from a total of 23 days during 2016, 2017 and 2018.

This is one of the top 10 largest data breaches ever, according to USA TODAY research.

What Is Capital One Saying About The Breach?

They will offer free credit monitoring services to those affected. Capital One said it was “unlikely that the information was used for fraud or disseminated by this individual” but committed to investigating the hack fully.

They’ve set up a consumer website about the breach at www.capitalone.com/facts2019 that you should refer to if you’re worried that your information was compromised.

Capital One expects that this hack will cost them approximately $100 million to $150 million in 2019.

What Should Capital One Customers Do?

If you’re a Capital One customer, you should check your account online. You should also freeze your credit through each of the three main credit bureaus: Experian, Equifax and TransUnion.

It’s important to remain vigilant. Businesses should sign up for Dark Web Scanning to detect whether your confidential business information is there for cybercriminals to use.

Prevention is always the best remedy. Ask your IT provider to ensure your that your firewall is properly configured and to continuously remotely monitor your network for intrusions.

What Do We Know About Terminal Fault (L1TF) Chip Vulnerabilities?

Understanding The L1 Terminal Fault (L1TF)

Intel has recently confirmed L1 Terminal Fault (L1TF) chip vulnerabilities in its processors that can be manipulated by malware and malevolent virtual machines with the intention of stealing private information from a computer’s memory.

Who or What is Vulnerable?

In short, Intel’s desktop, workstation, and server CPUs are exposed. What Intel initially described as impregnatable memory, has been found to have holes. That means sensitive data from other software and other customers’ virtual machines can be stolen from malicious software and guest virtual machines either on a vulnerable device or a cloud platform.

This private information may involve personal and financial accounts, passwords, and encryption keys. Also, they pose a threat to be taken from other customers’ virtual machines, including both System Management Mode (SMM) memory and SGX enclaves.

SGX, made by Intel technology, is intended to guard private information from code geared to peep and pry.

SMM serves as a computer’s clean-up operator.  This is an alternate software system that is usually placed in the computer’s firmware. It also has total control over the computer’s hardware and absolute admittance to all of its data.

Let’s break down the three areas, which Intel has named its L1 Terminal Fault (L1TF) bugs:

CVE-2018-3615

CVE-2018-3615 impacts Software Guard Extensions (SGX). More specifically, Intel says, “Systems with microprocessors utilizing speculative execution and software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via side-channel analysis.” The researching teams who discovered CVE-2018-3615, named the vulnerability, Foreshadow.

The Fix:

Fixing this vulnerability will require the microcode update. To be safe, it is also recommended that you update your operating system and VM hypervisor. The patches should be available now for just about all operating systems.

This bug was discovered by two different groups:

1. Jo Van Bulck, Frank Piessens, Raoul Strackx from imec-DistriNet – KU Leuven.
2. Marina Minkin, Mark Silberstein from Technion, Ofir Weisse, Daniel Genkin, Baris Kasikci, Thomas F. Wenisch from The University of Michigan, and Yuval Yarom from University of Adelaide and CSIRO’s Data61.

CVE-2018-3620

According to Intel, “Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and side-channel analysis.” In short, CVE-2018-3620 affects operating systems and SMM.

The Fix:

To fix this, operating system kernels will need to be patched. Also, the SMM needs the microcode update, to be safe.

CVE-2018-3646

Intel states, “Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and side-channel analysis.” CVE-2018-3646 affects hypervisors and virtual machines.

The Fix:

Fixing CVE-2018-3646 will require the microcode, operating system, and hypervisor updates in order to protect your data.

Extra Fix:

The way hypervisor software operates is by allowing virtual machines or processors to be run off shared resources of a physical server. At the same time, they use multi-threading – a technique by which a single set of code can be used by several processors at different stages of implementation. Intel calls this Hyperthreading, and it can split one of its cores to act like two separate processors of the multi-core CPU for the hypervisor. This technique creates what Intel calls “sibling threads.”

Since these threads share a pool of L1 cache memory attached to the core, a malicious guest, on one of the virtual processors, could manipulate the third variant of the L1 Terminal Fault and get data used by the other sibling thread.

Even though the virtual processor will recognize this and deny the request of the hacker, if the data is in the cache at the same time, it can be revealed to the hacker.

Both CVE-2018-3620 and CVE-2018-3646 were discovered by Intel’s engineers after the university researchers who discovered “Foreshadow” informed Intel about CVE-2018-3615, the SGX issue.

The Ultimate Fix

The real fix to all these problems will be made by replacing the processors. As Intel stated, when addressing L1TF, “These changes begin with our next-generation Intel Xeon Scalable processors (code-named Cascade Lake), as well as new client processors expected to launch later this year.”

For now, the best advice is to keep patching and be aware of any changes you see in the area of performance and speed with the patches.

Is It Safe For Me To Use The Airport’s Public Wi-Fi When I Travel?

Most airports around the U.S. and abroad provide free Wi-Fi service to travelers stranded in their terminals, waiting for their flights. While this service may appear to be generous, a recent study by Coronet, a cybersecurity company, suggests you might want to think twice before connecting to the airport’s Wi-Fi.

According to Coronet’s findings, most airport public networks are unencrypted, insecure, or improperly configured. Hackers, therefore, have easy access to devices connected to the networks and they can potentially steal your personal data.

What Can Hackers Take?

Most public connections are either unsecured or require shared passwords. Hackers want to get between you and the websites you visit in order to look at your information. They do this with little effort on public Wi-Fi networks.

A weak network makes it easy for a hacker to gain access credentials to cloud apps, such as Microsoft Office 365, G-Suite, Dropbox, and iCloud. They can send malware to your device and the cloud, as well as breach your various forms of infrastructures. Although it’s not horribly difficult to cancel and replace credit cards and void unauthorized transactions, once passwords and business digital frames are exploited, it’s incredibly challenging to recuperate complete control over them.

How Were These Findings Conducted?

Coronet revealed which airports have the most vulnerable networks. They came up with a ranking system of airports by their threat level. Coronet amassed data from more than 250,000 consumer and corporate endpoints over a 5-month period that went through the 45 busiest US airports. They gave each of the airports a threat index score after assessing the vulnerability of the traveler’s devices who used the airport’s network.

“Far too many U.S. airports have sacrificed the security of their Wi-Fi networks for consumer convenience. As a result, business travelers, in particular, put not just their devices, but their company’s entire digital infrastructure at risk every time they connect to Wi-Fi that is unencrypted, unsecured, or improperly configured. Until such time when airports take responsibility and improve their cybersecurity posture, the accountability is on each individual flyer to be aware of the risks and take the appropriate steps to minimize the danger.” – Dror Liwer, Coronet’s founder and CISO

Top 10 Most Cyber Vulnerable Airports:

10. Boston Logan International Airport
11. Detroit Metropolitan Wayne County Airport
12. Charlotte Douglas International Airport
13. Phoenix Sky Harbor International Airport
14. Dallas Love Field
15. Newark Liberty International Airport
16. Southwest Florida International Airport
17. William P. Houston Hobby Airport
18. John Wayne Airport-Orange County Airport
19. San Diego International Airport

How Did The Hackers Specifically Get Traveler’s Information?

In its report, Coronet revealed some specific ways in which hackers were able to infiltrate the airport’s network and steal people’s information. In the worst rated airport, the data revealed that hackers in San Diego set up an “Evil Twin” hotspot with the name “#SANfreewifi” at the airport to trick users into connecting to it. This allowed them to have access to all of the files that the victims downloaded or uploaded while they were connected. Similarly, at Houston’s William P. Hobby Airport, which was rated third weakest, hackers created a network named “SouthwestWiFi.”

Top 10 least vulnerable airports:

1. Chicago-Midway International Airport
2. Raleigh Durham International Airport
3. Nashville International Airport
4. Washington Dulles International Airport
5. San Antonio International Airport
6. Louis Armstrong New Orleans International Airport
7. Kansas City International Airport
8. Lambert St. Louis International Airport
9. Miami International Airport
10. Tampa International Airport

How Do I Prevent Hackers from Attacking Me?

You don’t have to stop using public Wi-Fi for the rest of your life, and it’s not exclusively the airport’s fault. Let’s look at an easy solution to protect you from the majority of hackers.

Make Passwords Stronger

You have the ability to turn on two-factor authentication for all your web services. How this works is when you try to login to a website, the website will text message your phone with a code that you’ll enter into the site in addition to your password.

Even if a hacker has your password, they won’t have your phone — which makes it much harder for them to log in to your account.

Use a VPN

A VPN (virtual private network) is a secure and private solution within the wider internet itself that allows you to send and receive data while maintaining the secrecy of a private network.

If you access your data remotely via a VPN connection when you use public Wi-Fi, it can protect data from interception and networks from compromise.

Stay Vigilant

Most importantly, remember to always be alert and use caution when browsing the internet. In your browser, block cookies and remove tracking. Avoid unsafe or untrusted software recommendations. And lastly, avoid suspicious links in your inbox or on your social media feeds.

The Newest Forms Of Ransomware & How To Protect Your Business From Them

The Situation

Ransomware is now one of the top security concerns for businesses and organizations of all sizes. The City of Atlanta was hit with a ransomware attack called SamSam in March, crippling some important departments like their court system, sewer infrastructure requests, and water billing department.

The attackers who deploy SamSam are known for clever, high-yield approaches. This, combined with the City’s lack of preparedness, explains why the infection was so debilitating.

Experts are telling us that SamSam will strike again. Unlike many forms of ransomware that spread via phishing attacks where individuals inadvertently invite the attack, SamSam exploits IT system vulnerabilities and cracks weak passwords. These ransomware attackers have made $1 million in less than six months.

Keeping all your systems patched, storing data in enterprise-based cloud backups, and having a ransomware preparedness plan can offer real protections against SamSam and other ransomware infections.

Unfortunately, ransomware attacks are on the rise, and as hackers use more sophisticated encryption technology, the threat is constantly evolving. According to malware security firm Barkly, a company is hit with a ransomware attack every 40 seconds. They also identified ransomware as the most prevalent form of malware, with “4.3x new ransomware variants in Q1 2017 than in Q1 2016.”

This eBook details how dangerous ransomware is, how it could harm your business, and what you should do to protect your data.

Part 1

What is Ransomware?

Ransomware is a type of malicious software (malware) that blocks access to a computer that infects, locks or takes control of a system and demands a ransom to unlock it. It’s also referred to as a crypto-virus, crypto-Trojan or crypto-worm. It then threatens that your data will be gone forever if you don’t pay using a form of anonymous online currency such as Bitcoin.

Most forms of ransomware are spread via spam using unsolicited phishing email or an attachment. Phishing attacks use emails disguised to look like they’re from someone you know and are more likely to trust.

Some ransomware-based applications disguise themselves as police or a government agency, claiming that your system is being locked down for security reasons and that a fine or fee is required to reactivate it. Then it typically asks you to click on a link or attachment to perform a routine task such as updating records or account details. If you do this, a worm or malware is downloaded, infects your system and locks it by encrypting your files.

Ransomware, like SamSam, can also infect your IT system using vulnerabilities in your computer’s browser. It does this when you click on a malicious code hidden in online ads or free software.

Ransomware targets small to medium-sized businesses because they are particularly vulnerable due to limited IT resources. They are also more likely to pay the ransom in the hopes that they’ll get access to their data, although the FBI warns that this isn’t necessarily so.

“Paying a ransom doesn’t guarantee an organization that it will get its data back—we’ve seen cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cybercriminals to target more organizations, but it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.”

Paying the ransom only guarantees that the malicious actors receive your money, and possibly even banking information. Also, decrypting files does not mean the malware infection itself has been removed.

No one is immune.

• Temporary or permanent loss of sensitive or proprietary information,
• Disruption to regular operations,
• Financial losses to restore systems and files, and
• Potential harm to your organization’s reputation.

The lack of awareness and cybersecurity training is a leading cause of ransomware.

Part 2

Ransomware Comes in Many Forms.

Ransomware comes in many different forms, but essentially, it’s a type of malware that denies access to your computer devices unless you pay a ransom. The ransomware malware encrypts your data. Once it does this, it can travel throughout your network and encrypt other mapped and unmapped network drives. Because of this, it can bring your organization to a halt.

The ever-evolving nature of these threats makes ransomware very difficult to keep track of. Ransomware-as-a-Service (RaaS) makes it easy for cybercriminals to set up a lucrative hacking scheme. It is provided as a vendor platform on the Dark Web. Unlawful vendors offer hackers and criminals a tool to use to lock down computer files, information or systems and hold them hostage.

Ransom32 is a type of “Ransomware-as-a-Service” that provides any cybercriminal, even those without technical knowledge, the ability to create their own form of ransomware. What makes Ransom32 so dangerous is that it uses JavaScript, and can be used on computers that run Windows, Mac OS X, and Linux.

Over 2,900 types of ransomware have been reported, and they’re growing. Here are just a few:

Bad Rabbit 

Bad Rabbit has infected organizations in Russia and Eastern Europe and is spreading throughout the world. It does this via a fake Adobe Flash update on compromised websites. When the ransomware infects a machine, users are directed to a payment page demanding .05 bitcoin (about $285).

Cerber

This ransomware encrypts your files using AES encryption and demands a ransom of 1.24 bitcoins (worth $500). It communicates via a text-to-speech voice message, a recording, a web page, or a plain text document. There’s no way to decrypt files that are encrypted by Cerber unless you pay the ransom.

Cryptolocker

CryptoLocker infects computers that run Microsoft Windows. Like other forms of ransomware, you must pay the hackers to decrypt and recover your files. CryptoLocker spreads via fake emails (phishing) designed to mimic legitimate businesses.

CryptoWall

This form of ransomware has been around since 2014, but new variants are still circulating, including CryptoBit, CryptoDefense, CryptoWall 2.0, and CryptoWall 3.0. Like CryptoLocker, CryptoWall is distributed by spam or exploit kits.

CryptXXX

CryptXXX used additional capabilities including network-share encryption. This means that even if you can decrypt your files, it can still cause significant downtime by encrypting files on your network shares.

FakeBsod

FakeBsod uses a malicious piece of JavaScript code to lock your web browser. It displays a fake warning message and tells you to go to a particular webpage (that contains the ransomware). The message says to “contact Microsoft technicians” about an “Error 333 Registry Failure of the operating system – Host: Blue screen Error 0x0000000CE.” When you call the phone number, you’ll be asked to pay a fee to fix the problem.

Lockscreen

This form of ransomware isn’t new and has been in use for quite a while. It attacks Android devices. However, now there’s a new version that is more powerful and much more resilient. It used to lock your screen using a hardcoded passcode, but with the right code, you could unlock your device. Today the new version is impossible to reverse-engineer the passcode since it uses pseudorandom passcodes. Because of this, you can’t unlock your device and must pay the ransom.

Locky

If your computers are infected by Locky, it will rename all of your important files and prevent you from opening them. It does this through encryption and using the file extension–locky. Now, only the cybercriminals have the decryption key, and you must purchase it from them to retrieve your files. To do this, you have to go to the Dark Web and pay $400+ in Bitcoin.

NotPetya

This is a strain of Petya and was first seen in 2016. Today, experts believe NotPetya’s sole purpose is to destroy data instead of obtaining a ransom.

Petya

Petya is especially dangerous because it encrypts entire computer systems, and overwrites the master boot record, so you can’t reboot your operating system.

Spider

Spreads via spam emails. It’s hidden in Microsoft Word documents and installs the ransomware on a computer when it’s downloaded. The Word document (typically disguised as a debt-collection notice) executes macros that encrypt your data.

TeslaCrypta

This uses an AES algorithm to encrypt files and is specifically designed to attack Adobe software vulnerabilities. TeslaCrypta installs itself in the Microsoft temp folder.

TorrentLocker

TorrentLocker spreads via spam email campaigns and targets specific geographic regions. It also uses the AES algorithm to encrypt files. It collects email addresses from your address book to spread malware to your business contacts, friends and family members.

WannaCry

WannaCry has hit over 125,000 organizations in over 150 countries. It currently affects Windows machines through a Microsoft exploit known as EternalBlue.

WannaCrypt

This computer attack began locking down data on May 12, 2017. It affects Microsoft Windows Operating systems. WannaCrypt encrypts all the data in on your computer and holds it hostage.

ZCryptor

This form of ransomware uses a worm-like tactic to self-propagate and encrypt files and external drives so that it can attack other computers.

Part 3

How Ransomware Infects Your Computers

Ransomware attacks are increasing, and so are the ransoms to recover your data.

You’ll know when ransomware infects your computer because the hackers display a message telling you how much to pay to unlock your files. These ransoms typically run in the $300-$500 range. But, some businesses are having to pay upwards of $1,000 per computer. If you have 25 computers that are infected, that’s $25,000.

Hackers primarily use the following attack vectors to infect computers:

Phishing Emails

This is the most common scenario. A realistic-looking email is sent to you with a link or attachment that contains the ransomware. Hackers will often send a number of these links or attachments to hide the one with the malware. Once it’s clicked the malicious software loads itself and the ransomware infection spreads throughout your files, locking them until you pay the ransom.

Drive-by-Downloads

If you unknowingly visit a realistic-looking website containing ransomware, it can load itself onto your computer. If you use an old browser, out-of-date software, or third-party applications, you’ll be most vulnerable. A hacker can detect a vulnerability and exploit it. When a software vendor discovers this, they’ll release a patch to repair the issue, but by this time the criminal has already done their dirty work. Examples include unpatched versions of Adobe Flash, a bug in Java or an old web browser, or an unpatched operating system.

Free Software

A lot of us download free versions of software. Some are legitimate, but others contain ransomware. They are especially prominent in broken versions of expensive games, free games, porn content, screensavers or bogus software. By convincing the user that they should download the software, they can get past firewalls and email filters. You might not even know that you’ve done this until the ransomware activates weeks later.

Unpatched Software

According to the U.S. Computer Readiness Team (CERT) using unpatched and unsupported software may increase the risk of proliferation of cybersecurity threats, such as ransomware. Microsoft provides a guide to help you keep your software up to date. They recommend that you use feed update functionality to stay informed about new ransomware variants and what you should do to protect your data.

Part 4

What to Do If Your Files Get Encrypted.

Tell your employees to let you know if they experience the following:

• They can’t open their files, or they get error messages saying a file is corrupted or contains the wrong extension.
• A window pops up with a ransomware program that they can’t close. This window may contain a message about paying a ransom to unlock files.
• A message says that a countdown has started for a ransom to decrypt files and that it will increase over time.
• They see files in all directories with names like “How to decrypt files.txt or decreypt_instructions.html.”

Ransomware isn’t easy to find while it’s at work encrypting your files. So, you might not know that it’s happening until the hacker sends you a message. By this time, the infection has completed its job. The best thing you can do at this point is to contain the virus from spreading throughout your network.

Unplug the infected computer from your network. You may also need to turn off all network access for all your computers until you know the virus is contained. Set your Basic Input Output System (BIOS) time back if the ransomware has started a countdown. This will hopefully give you more time to recover your critical files and try to eliminate the malware. You can access your BIOS time through the BIOS Setup Utility on the computer.

Restore your files from your last backup. This is why it’s important to regularly backup your files to a safe, offsite cloud location. Just make sure your most recent backup wasn’t infected as well. If you use a Disaster Recovery as a Service (DRaaS) solution, you should be able to do this and quickly “spin up” the DR image on your computer. By spinning up the image in a self-contained virtual machine (VM), you can inspect the DR image without exposing it to your entire network.

Alert the FBI. Don’t pay the ransom. This is a mistake because you still may not get your files back and the criminal will continue to extort you for money.

Unfortunately, recovery from ransomware can be difficult as cybercriminals fine-tune their tactics and become more sophisticated.

Part 5

How to Protect Your Data From Ransomware

ood news is that there are best practices you can adopt to protect your business. The Small Business Administration has these 14 recommendations. Your Technology Solutions Provider can help you with these.

1. Implement an awareness and training program. Because end users are targets, employees should be aware of the threat of ransomware and how it is delivered.
2. Enable strong spam filters to prevent phishing emails (an attempt to obtain sensitive information electronically) from reaching employees and authenticate inbound email using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent email spoofing.
3. Scan all incoming and outgoing emails to detect threats and filter executable files (used to perform computer functions) from reaching employees.
4. Configure firewalls to block access to known malicious IP addresses.
5. Patch operating systems, software, and firmware on devices. Consider using a centralized patch management system.
6. Set anti-virus and anti-malware programs to conduct regular scans automatically.
7. Manage the use of privileged accounts based on the principle of least privilege: no employees should be assigned administrative access unless absolutely needed and those with a need for administrator accounts should only use them when necessary.
8. Configure access controls—including file, directory, and network share permissions— with least privilege in mind. If an employee only needs to read specific files, the employee should not have write access to those files, directories, or shares.
9. Disable macro scripts (toolbar buttons and keyboard shortcut) from office files transmitted via email. Consider using Office Viewer software to open Microsoft Office files transmitted via email instead of full office suite applications.
10. Implement Software Restriction Policies (SRP)s or other controls to prevent programs from executing from common ransomware locations, such as temporary folders supporting popular Internet browsers or compression/decompression programs including the AppData/LocalAppData folder.
11. Consider disabling Remote Desktop Protocol (RDP) if it is not being used.
12. Use application whitelisting, which only allows systems to execute programs known and permitted by security policies.
13. Execute operating system environments or specific programs in a virtualized environment.
14. Categorize data based on organizational value and implement physical and logical separation of networks and data for different organizational units.

In Conclusion

The increased incidence and rapid evolution of ransomware have raised concerns and stakes for both small and large businesses. Of everything we’ve discussed here, the two most important things to do to protect your business is to use a solid enterprise-grade cloud backup solution and to provide professional Cybersecurity Awareness Training for your employees. In both cases, your Technology Solutions Provider is your best friend. They’ll help you fight and prevent ransomware and cybercrime of all kinds. Don’t wait. Contact them today.

They are the next best thing to hauling your laptop around to school and on flights, and they’ve become the weapon of choice for parents with fussy toddlers in public spaces. But while tablets have earned their accolades in recent years, that’s not to say choosing one to take home is an easy task. With endless options to select from, it will take some time and research to determine which tablet is best for your unique needs.

What constitutes a great tablet depends on several factors. Aside from function, things like versatility, user-friendliness, and affordability all play a role in how well a tablet is received by the masses. Versatility carries so much weight, in fact, that many of today’s top tablets come with keyboards to offer an experience similar to that of a desktop. These 2-in-1s are all the rage, and if you’re hoping to pick up a new one, you’ve got your fair share of picks. Here are some of our favorite tablets to help you navigate your options.

Apple iPad

The Apple iPad is one of the most revered tablets to date, and the newest version spares no expense when it comes to cool features. Compatible with the new Apple Pencil, the tablet is easy on the eyes with a 9.7-inch Retina display and a small, but mighty A10 Fusion processor for all the power you could want in a tablet. Plus, Apple now carries plenty of options for immersive AR experiences, and at its most affordable price point yet, you can be sure this tablet is one to covet for business and entertainment alike.

HP Envy x2

HP’s Envy x2 model, hot off the heels of the debut of the Snapdragon 835 processor, allows for stronger performance and a load of other features. Fast-charging capabilities, optional LTE connectivity, and a 15-hour battery life are just a few things users have to look forward to in this tablet. From a digital pen to a sleek backlit keyboard, the Envy x2 is versatile and durable, and definitely not one to be looked over if a solid tablet is on your wish list.

Acer Chromebook Tab 10

Created in collaboration between Acer and Google, the Acer Chromebook Tab 10 is a 9.7-inch slate tablet perfectly fitting of its target K-12 education market. The first tablet to be powered by Chrome OS, it features a 2,048 x 1,536 resolution display, and a textured design for easy handling on-the-go. It also comes complete with an EMR stylus, which fits conveniently in its own slot. This tablet was definitely built for convenience.

Samsung Galaxy Tab S3

With a 2048 x 1536 resolution AMOLED display, the Samsung Galaxy Tab S3 is primed for immersive entertainment. Inside you’ll find a powerful quad-core Snapdragon 820 CPU and a sufficient 4GB of RAM. Its 600mAh battery is good for up to 12 hours of power, whether you’re hoping for gaming or Netflixing. It also comes with a bundle featuring the new S-Pen, which is ideal for creatives hoping to use this tablet for work. All in all, between its power and its potential, the Galaxy Tab S3 is among the best money can buy.

HP Chromebook x2

The HP Chromebook is heavy on both looks and performance. This 12.3-inch tablet is touted as the first detachable Chromebook and comes complete with a base hinge for keyboard attachment. It runs on Google’s Chrome OS and can download apps from Google’s Play Store. Aside from an impressive QHD display, it offers both front and rear facing cameras and includes the new HP Active Pen to make tasks like sketching that much easier.

Dell Latitude 5290 2-in-1

This 2-in-1 is pricey, to be sure, but that’s not to say it isn’t worth the money if power is what you’re after. Weighing in at just 2.64 pounds, the tablet boasts an eighth-gen Intel Core i7 processor and a crisp, clear screen ideal for work or play. Gorilla Glass 4 for durability and an adjustable kickstand are just a couple of the perks you’ll find on this hybrid, and that’s not all. There is also an optional keyboard to make typing a breeze.

Lenovo Miix 630

The Lenovo Miix 630 has a unique advantage over its competitors. It can stay connected all day via LTE, which is enabled by a Qualcomm Snapdragon 835 processor. It’s a fresh option for Windows devices, courtesy of a partnership between Qualcomm and Microsoft. And with this Snapdragon processor also comes an extended battery life, upwards of 20 hours. So if you happen to be looking for a tablet to replace your laptop for business, the Lenovo Miix 630 is a suitable option, indeed.

Surface Pro 4

Equal parts tablet and laptop, the Surface Pro 4 gets right a lot of what the original Surface Pro got wrong. Its 12.3-inch screen offers more than enough space for clear, crisp pictures, and its configuration capabilities are nothing to scoff at. From its dual cameras to its loudspeakers and extraordinary picture quality, the Surface Pro 4 is the best of both worlds.

Xplore XBOOK L10

One thing’s for sure: durability isn’t an issue with the Xplore XBOOK L10. Waterproof, dustproof, and drop proof for up to six feet, this tablet is one with plenty going on. It’s got a plethora of ports, including USB-C, USB-A, and Ethernet, with its powerful performance courtesy of an eighth-gen Intel Core i5/i7 processor. And with an ultra-bright display, there isn’t much this tablet can’t do.

Google Pixel C

The Google Pixel C, which many call a solid alternative to the Apple iPad, has a unique design that sees its optional Bluetooth keyboard double as the tablet’s cover. Its made from durable compact aluminum, and boasts a lightning fast performance plus a bold, bright screen bound to make your favorite games that much more enjoyable. If Android is what you’re after, this is simply one of the best.

Phishing is just one of many tools in a hacker’s repertoire and happens to be one of their most effective.  Through phishing, hackers dangle their bait in front of preoccupied employees who would never dream that their PC could provide an open door for a hacker.  That’s why it is so important that employees understand how phishing works, how costly it can be, and what they can do to avoid letting themselves become an unwitting accomplice to a hacker’s attack on their company.

The Nature of Phishing

Phishing involves a malicious entity that sends out emails that look like they are from reputable, well-known companies (maybe even the employee’s own employer) – but these emails are not what they seem.

Sometimes the purpose of a phishing email is to trick the recipient into revealing information such as logins, passwords, or personal information. Other times, phishing emails are used to install malware on the recipient’s computer. Once the hacker behind the phishing attack has succeeded in infiltrating the target system via login information or malware, the damage they cause quickly escalates.

Phishing Can Be Very Costly

So how expensive can phishing be?  Well, consider what happened to a bank in Virginia that fell victim to two phishing attacks in just eight months. Their disaster began when an employee received and opened a phishing email which succeeded in installing malware on company computers.  The malware was able to use the victim’s computer to access the STAR Network, a site used to handle debit card transactions.  Through the STAR Network, the hackers behind the malware were able to steal $569,000 in that one incident alone.

But that wasn’t the end of the matter.  Eight months later, even after hiring a cybersecurity forensics firm and following their advice to better secure their system, the same bank was victimized again through another phishing email.  This time, the hackers again gained access to the STAR Network, but then used the bank’s Navigator system.  Through those systems combined, the hackers were able to credit money to various bank accounts and then withdraw the money using hundreds of different ATMs.  Losses from this incident amounted to almost $2 million.

To make matters even worse, the bank’s cyber insurance provider denied coverage and the bank is now forced to pursue a lawsuit to recover their losses.

The Very Real Dangers Of Phishing Attacks

Phishing wouldn’t be so effective if it wasn’t so easy for busy employees to fall victim to seemingly legitimate emails or innocent-looking attachments.  The malware that was used to initiate the first attack on the bank discussed in this article was embedded in a Microsoft Word document.  Most of us have worked with thousands of Word documents during our careers and have never been victimized by one – but it only takes one time to cost a business millions of dollars.

In this case, once that document was opened, the malware was installed and the group behind it had access to what they needed. The bank in question hired Verizon to investigate both incidents. It was finally determined that the same group of Russian hackers were likely responsible for both attacks.

Common Sense Required

Even the most powerful of cyber security systems is still susceptible to attacks that take the form of phishing or social engineering. As long as people continue to subscribe to the view that firewalls, anti-virus, and anti-malware systems provide all the protection against cyberattacks that a company needs, then successful phishing attacks will continue. Education is one of the forgotten keys to foiling phishing attacks.

Employees need to be taught how to recognize a suspicious email and be given real-world examples of how convincing phishing emails can appear.  They need to be encouraged to view both emails and attachments with a critical eye.  Employees must also understand that, under no circumstances, is there a legitimate reason for someone to ask for their password.

Another aspect of this type of education is making sure that people realize that the targets of phishing are not C-suite executives or IT technicians, but employees from all levels.  Through a connection to the company’s network, any employee’s computer could serve as a launching pad for an industrious hacker’s plan of attack.

Conclusion

Phishing attacks are a reality that must be addressed if a company wants to avoid becoming a victim.  These attacks often result in very expensive losses that may not be covered by insurance.  While the importance of a rigorous cyber security system is never to be overestimated, neither is the importance of employee education.  Too many employees have unwittingly become accomplices in costly cyberattacks because they didn’t recognize a phishing email and never thought they could be the target of one.  The first line of defense against phishing isn’t a network firewall, but a trained employee who knows how to recognize a suspicious email or a questionable attachment.