Security

Ransomware Has Gotten So Bad, It’s Aligned with Terrorism

Ransomware has rapidly progressed from an irritating annoyance to a legitimate global threat, with the U.S. Justice Department officially going on the record and establishing that future ransomware investigations will be handled the same way that terrorism cases are now. Let’s review the reasons behind this policy change and how your business should respond.

How Much Worse Has Ransomware Gotten?

Let’s look at this somewhat casually. 

Ransomware was never something to be trifled with. However, compared to the attacks we’re seeing today, the attacks of the past seem to be small potatoes at their worst. Having your business’ data encrypted is bad. However, crippled supply chains and interrupted national infrastructures (as we’ve seen in the recent attacks on JBS SA and Colonial Pipeline) are undoubtedly worse.

The dangers that such ransomware attacks pose cannot be understated, and no business is truly safe. The White House recently said as much in their warning to companies in regards to their cybersecurity preparations.

This is Why the US Justice Department is Speaking Out

Understandably concerned about the ramifications such threats could easily pose to national security, the Department of Justice has joined with the White House to draw a line in the sand. As their way of responding to what they accurately described as a “growing threat,” investigations into ransomware cases will now be handled similarly to how terrorism cases are… all stops taken out in terms of what tools are used.

Other Governing Bodies are Following Suit

Likewise, in response to the JBS hack and the potential economic ramifications it will likely cause, the US Congress is now considering the lack of federal oversight into the cybersecurity protections implemented by meat processors. Such oversight could help to create a more unified strategy to help prevent and mitigate these kinds of attacks and their widespread impacts.

Ransomware Threats are Also Getting Worse

In addition to many ransomware attacks being waged on bigger, higher-value targets, the strategies involved across the board are evolving. Just consider the ideal progression of a ransomware attack from the attacker’s perspective.

1. Use ransomware to encrypt a targeted system

2. Threaten to delete all contents of a targeted system if a ransom isn’t paid

3. Profit

Understanding this, the consensus amongst security-minded businesses was that keeping an isolated backup was the perfect failsafe against such an attack. After all, with the backup to fall back on, the encrypted data could be deleted and replaced with relatively minor cost to the business. This is one of the many, many reasons we always recommend a business to keep a backup squirreled away.

Unfortunately, as will always be the case with cybercriminals, these practices encouraged them to adapt their processes. Lately, more and more attacks are following a slightly different method than what we’ve been seeing:

1. Steal data from a system, using ransomware to encrypt it after the data has been harvested

2. Threaten to delete all contents of a targeted system if a ransom isn’t paid

3. Profit

4. Threaten to leak or sell the stolen data unless a second ransom is paid

5. Profit again

This double-whammy approach to ransomware first came onto the scene in late 2019, and has exploded since. One recent survey found that 77 percent of ransomware attacks now come with threats to leak data if a ransom isn’t paid. This same survey also revealed that such attacks are increasingly directed against SMBs, who have considerably fewer resources than enterprise-level targets.

So, if keeping a backup no longer helps to squash the entire threat, what can a company do?

How a Business Can Resist Ransomware

First, it will help to understand how the majority of modern ransomware attacks begin. About half are enabled by a cybercriminal’s ability to compromise remote desktop software (through stolen or guessed access credentials, or through an unpatched vulnerability). This means that any organization can more effectively prevent ransomware by reinforcing its password security and user management.

By implementing password requirements that better align to best practices and then reinforcing them through two-factor authentication measures, your business can help eliminate much of the risk of an insecure password. Supplementing these measures with a password management platform can make it that much simpler for your users to utilize sufficiently secure identity authentication, benefitting your organization considerably.

Finally, it helps to invest in a dark web monitoring service, as this can help you identify if any of the passwords or data that your organization relies on has been compromised and exfiltrated. While it won’t help to undo any damage that has already been done as a result, this knowledge can help you identify your weak points and resolve them.

While we wish we could say that this is the last time that a cyberattack method will ever get progressively worse, we simply can’t, so we all need to do whatever we can to stop them. That’s where Jackson Thornton Technologies and our services come in. Learn more about what you need us to do by calling 334-834-7660.

 

Hackers Start Beef with JBS Ransomware Attack

Last weekend saw a significant cyberattack waged against the world’s largest meat processor and distributor, JBS S.A., that completely suspended the company’s operations in both North America and Australia… and as a result, has impacted the supply chains associated with the company. Let’s examine the situation to see what lessons we can take away from all this.

What Happened to JBS S.A.?

Over the last weekend of May 2021, JBS’ global IT systems were targeted by a ransomware attack that completely shut down the meat processor’s operations in North America and Australia. Seeing as effectively each step of the company’s operations (from livestock procurement all the way to export and shipment) rely on some kind of technology, everything was put on pause.

Fortunately, JBS had implemented backups, and have therefore been able to restore their systems and are returning to operation. Furthermore, there has been no apparent evidence discovered suggesting that any customer, employee, or supplier data was compromised in the attack.

However, this does not mean that there is nothing more to examine surrounding these events. Let’s go into the major takeaways that need to be addressed.

First of All, Who’s Responsible, and Who is Involved in Fighting Back?

There has been no indication that any activist groups were involved in the attack. Rather, sophisticated cybercriminals—the sort that have been previously associated with Russian cyberattacks—have been assigned blame for this attack. Along with the Federal Bureau of Investigation’s interest in the cyberattack, the United States government has been in communication with Russia concerning these efforts.

The Australian Cyber Security Centre has also been providing their assistance, although they would not disclose what the nature of this assistance was, while the company was also working with both the Australian government and the Australian Federal Police to more assuredly identify the responsible party.

The Impacts of Ransomware and Other Threats

While ransomware is still relatively new in terms of mainstream threats, it has grown from a concerning eccentricity to a global concern in the few years it has been popularized. More than a threat that simply locks down a computer or network, ransomware now involves an element of exfiltration—not only is the target’s data deleted unless a ransom is paid, it is also stolen and sold unless a second ransom demand is also paid up. This form of attack is closely associated with exactly the groups that are suspected of conducting the attack on JBS.

Fortunately, JBS was smart and had protected themselves ahead of time by implementing a backup solution. This is precisely why we always encourage businesses to do just that: the backup serves as your business’ insurance policy should your operations ever be targeted by such an attack. Unfortunately, this isn’t unlikely as many such attacks are spread through automated phishing campaigns and other hands-off means of dispersing malware.

At Jackson Thornton Technologies, we’re committed to helping businesses resist cybersecurity issues of all shapes and sizes, along with helping you manage your IT in the operational sense. Start a conversation with us by calling 334-834-7660 today.

 

Cybersecurity Lessons to Be Learned from the Colonial Pipeline Attack

Headlines have been filled with news pertaining to the recent hack of Colonial Pipeline, which has created significant gasoline shortages up the east coast of the nation. While the pipeline has been restored, the way this was accomplished sets a dangerous precedent. On top of this, the attack seems to have set off bigger infrastructural changes in the political space.

Let’s take a few minutes to dive into the situation at hand to see what insights can be gleaned from these events.

The Colonial Pipeline Situation

On May 7, Colonial Pipeline first became aware of a ransomware infection in its systems, prompting the fuel supplier to pull the plug on its pipeline operations along the southeast coast so that the malware wouldn’t spread. Leaning on a relatively new form of ransomware attack, those responsible for the attack—a group called Darkside—utilized a method known as double extortion, where the cybercriminal motivates their victim to pay up by not only locking their data down but also threatening to leak it out.

For its part, Darkside primarily operates as a kind of cybercriminal service provider, developing threats to provide them to other groups with their support.

In response to this threat, Colonial Pipeline quickly halted its operations… and as a result, a wide portion of the country experienced gas shortages due to the cutoff of supply. Many found themselves waiting for hours at the pumps, assuming that any gasoline was available at all. Despite stating that there were no plans to pay the almost $5 million in cryptocurrency that the hackers were demanding, it has been reported that the company did ultimately do so. Once the payment was received, the distributor was provided with a very slow decryption tool that they supplemented with their own backup solutions.

This situation has highlighted a few serious considerations that will need to be addressed by businesses of every size, while also revealing a few things about the current state of cybersecurity in clearly critical pieces of infrastructure.

Ransomware-as-a-Service is a Serious Threat

Darkside had risen to prominence in a relatively short time in the cybercriminal business world, creating a network of affiliate hackers to collaborate with for a share of the cut. With a net gain of at least $60 million in its seven months of existence ($46 million of which came in during Q1 2021 alone), this approach is apparently quite lucrative. While the affiliate hackers retain the majority of the ransom fees, Darkside handles a lot of the work on their behalf: writing the ransomware itself, billing the targeted victims, hosting the data that has been stolen, and even serving as the cybercriminal’s IT support and PR team.

This is serious, simply because it can significantly lower the barrier to entry that cybercriminals face when implementing ransomware, making it a feasible attack vector for more of them to put into place.

Double Extortion Makes Ransomware Even Worse

You may have caught that Colonial Pipeline did, in fact, have a data backup available to them… so, it may seem confusing that they still paid the ransom to have their data released. After all, the data backup should have enabled them to simply wipe and restore their entire infrastructure from scratch.

It’s the fact that this attack was using the double extortion method that makes the difference. Instead of simply threatening to delete the data if the ransom is not paid, a double extortion attack doubles down by threatening to leak the data if the ransom is not paid in time. Depending on the industry that is being targeted, some of this data could bring significant repercussions to the business that allowed it to leak. Government regulations and public opinion can both bring down serious consequences once data is leaked, so it makes sense that Colonial Pipeline would choose to bite the bullet and pay up instead. We still don’t recommend that ransomware demands are paid, but time will tell if this method of attack becomes more popular and forces us to reconsider.

Events Like These Will inspire Cybersecurity Improvements

Partly in response to these events, U.S. President Joe Biden signed an executive order intended to boost the cybersecurity protections in place surrounding critical infrastructures for the government and private sector companies alike. This order includes the founding of a task force committed to prosecuting hackers that utilize ransomware, as well at the removal of any contractual barriers to reporting breaches within federal agencies and a deadline of three days to report severe cyberattacks. With such attacks happening with higher frequency than ever before, it will be far more critical for businesses to consider these improvements crucial to their continued survival.

Situations like these make it clear that cybersecurity isn’t going to get any easier for businesses to manage from here on out, so it will be important to have a trustworthy resource waiting in the wings to assist your operations. Jackson Thornton Technologies can be that resource for you. Give us a call at 334-834-7660 to start a conversation about what we can do for you.

 

Maps May Soon Be Less Trustworthy Than Ever

Did you know that maps as we know them are remarkably skewed? Due to some centuries-old superiority complexes and prejudices, the maps we’ve all been raised looking at have never been completely accurate. However, this problem could soon be an element of cybercrime thanks to a developing technology that many have yet to take seriously, deepfake images, and how they could revolutionize cyberattacks moving forward.

What Are Deepfakes?

Deepfakes are manipulated images or videos that have been altered to revise the truth with the assistance of artificial intelligence. The Internet is full of lighthearted examples, where a comedian’s face is changed during an interview to be replaced with the celebrity who they are impersonating, or different actors are cast in classic movies. Mobile applications that allow you to create a rough lip-synch video from a still image are growing in popularity.

Of course, there are much more convincing examples of deepfake technology that we can point to. For instance: This Person Does Not Exist. This website pulls the results of a generative adversarial network trying to create the most convincing face it can possibly generate. Each time that page is refreshed, a new face pops up that looks just like a real person—despite no such person actually existing.

While these applications are quite entertaining, they undermine the real risks that deepfakes pose to security. Explicit deepfakes are already being generated that depict people in assorted adult situations without their consent to be used in blackmailing schemes. Deepfakes have also been spread to manipulate political impressions and sway the tides of some elections.

Unfortunately, there is an additional threat that these doctored images are now being used to support: geographic deepfakes.

What is a Geographic Deepfake?

Instead of manipulating someone’s face or the words they say, geographic deepfakes alter satellite imagery to manipulate our impression of the landscape and what is present. With deepfake technology as a whole improving all the time, geographic deepfakes could create some serious problems for businesses and governments alike.

How a Geographic Deepfake Could be Abused

Let’s run through a potential scenario for a moment, just to illustrate how serious this threat is:

A platoon of soldiers are out in the field, advancing on a target. All they need to do is reach a bridge that will take them to their objective. Satellite imaging shows a clear path to the bridge, but once the platoon reaches it, they actually find themselves face-to-face with the enemy, who has taken the bridge and created an ambush for them to walk right into—or perhaps they find no enemy troops, but also no bridge for them to cross… ruining their plan, and possibly many others that were contingent upon it. This latter possibility was actually proposed in 2019 by a National Geospatial-Intelligence Agency analyst named Todd Myers, as it draws from a tactic as old as cartography itself.

Maps Have Always Been Manipulated

History is full of times where maps have played a key role in disinformation campaigns and propaganda alike, in addition to providing a form of copyright protection for cartographers. By changing some details of a map—occasionally making up features and towns that didn’t actually exist there—a mapmaker could easily identify if their work had been copied.

Geographic deepfakes could simply add an additional level of complexity to such efforts, as the University of Washington recently explored in an academic study.

In this study, the researchers abbreviate the very long history of map manipulation and embellishment, starting from the Babylonian 5th century B.C. but focusing much more closely on the modern applications. Things like location spoofing and how they’re weaponized were covered, with practical examples provided by the researchers that they generated as a proof of concept. As a whole, the study makes it clear that such capabilities are very real, and very easy to abuse, but certainly not easy to identify when they are in use.

Exacerbating the issue further, most people don’t think to second-guess the maps they see, making these threats all the more dangerous. Furthermore, while the researchers were able to create a tool that could identify the deepfakes they generated, such tools will need to be updated constantly to keep up with the improvements that those who abuse these tools are sure to implement.

What Can Be Learned?

While these threats aren’t likely to come into mainstream use for some time yet, it pays off to predict how they could impact you in the future. Just think about the missing bridge example… What if the same concept was used on the supply chain, or on your business directly?

Furthermore, since cyberattacks often inspire others, an imaginative cybercriminal could very well come up with some other devious ways to use these capabilities.

For now, the best course of action is to take every opportunity to secure your business as best you can with the help of today’s technology solutions. While ignoring developing threats like the potential of deepfakes is shortsighted, overlooking present ones is worse.

Jackson Thornton Technologies is here to help you secure your technology. To find out what we’ll do for you, give us a call at 334-834-7660 and have a chat with us about your business.

 

What You Need to Do If Your Business is Hacked

Few things are scarier for a modern business to consider than the idea that they will be hacked, regardless of that business’ size or industry. After all, hacking can, will, and does cause significant damage across basically all aspects of your organization. This is precisely why it is so important that—should a business be hacked—the proper steps are taken in response.

Damage Control

Your first step needs to be getting a handle on the situation at hand. While hacking on any scale is a bad thing to experience, cutting it off as quickly as possible will serve you well. Here are a few steps that you need to take in order to do so:

Contact Your IT Provider IMMEDIATELY

If your IT provider is anything like us, they are more than likely aware of something happening on your network if they are monitoring it closely. That said, you’ll want to notify them immediately if you are suspicious of malevolent activity. 

Depending on what the issue is, IT will take specific actions to remove the threat, mitigate the damage, and then harden your network to prevent it from happening. Threats can sometimes be removed easily, or it could take a lot of hunting to chase down the cause of the problem if it isn’t being done proactively.

Here’s an example of a nightmare recovery scenario. IT may decide it’s best to take the nuclear option and wipe all affected devices completely before restoring them from a data backup. Doing so should remove the chance that a lingering threat could continue causing problems. We strongly recommend that you reach out to us for assistance with this, as we’ve seen plenty of cases where the business goes through an intense amount of labor only to experience the same hack after everything is back online. It has to be done carefully, and it has to be done correctly, and even then, the risks are still there.

Once that’s been accomplished, you need to be sure that all of your cybersecurity protections are fully updated and that you are as secure as possible. Check your firewalls, antivirus, spam protection, everything.

Seek Out Assistance

Many small businesses fully place their IT issues (or more accurately, dealing with them) on their staff members. Obviously, this isn’t a good situation. For a business’ purposes, it is much better to have a professional, dedicated resource to answer any questions your team has. A solid and reliable expert, like the ones that we employ here at Jackson Thornton Technologies, can be key to making it through these kinds of situations in the best position possible.

Be Prepared to Inform Clients and Prospects

Finally, we come to the last (but by no means least) part of making it through a cybersecurity incident: disclosing it. Of all of your interactions with your clientele or staff, this is the time when clarity and concision is most crucial. Bring everyone up to speed on the situation, what the possible ramifications are, and what needs to be done next to minimize the damage the event ultimately causes.

The hard truth of the matter is that you will ultimately lose some people when this happens. Of course you will. While the data practices of some people in their personal lives are questionable at best, the onus is still on you if they’ve entrusted you with the same data… and they’re not wrong. This means that you are accountable, and therefore need to be open and forthcoming with anyone involved. Every state and most industries have their own rules and requirements for data privacy, so you’ll want to understand exactly how you need to handle the communication involved with a data breach disclosure, based on what information was potentially breached.

Prepare Ahead of Time

Granted, these tips won’t help much if you’re already struggling through a breach event… but they will help you prepare for any you may face in the future. Taking the initiative to be proactive in implementing your protections and enforcing best practices will only boost your essential protections during this time (and trust us, the risks that today’s online workplace presents make these kinds of boosts necessary),

For assistance with your cybersecurity protections and the rest of your IT, you can always lean on us. Learn more about our services by calling 334-834-7660 today.

 

 

Cyberattack Discovery Time is Decreasing (But This Isn’t All Good News)

Research has revealed that cyberattacks are spending decreasing amounts of time on their targeted networks before they are discovered. While this may sound like a good thing—a faster discovery of a threat is better than a slower one, after all—this unfortunately is not the case.

Let’s explore this trend, and what it implies for your cybersecurity.

Understanding the Concept of Dwell Time

Dwell time is the term for the duration that a cyberattack is present on the network before it is detected. According to figures compiled by Mandiant, their researchers have found that the median dwell time around the world is 24 days. This number continues a decade-long trend of shortening dwell durations, with 2011 seeing a median dwell time of 416 days.

So, over the past ten years, the median dwell time has shrunk to about a fifth of what it once was.

On the surface, this sounds great… and it makes sense, too. Organizations are investing more into their cybersecurity, so their policies are better and they are simply more able to detect threats. Therefore, cyberattacks aren’t spending nearly as much time on a network before the infiltrated business becomes aware of them, so the damage they can do should be limited… right?

As much as we’d like to wrap this blog up right here and say “Right, and here are some best practices to follow…” we can’t. The situation is just a bit more complicated, and those complications are important.

The Shifting Threat Landscape Plays a Role

Here’s the thing: as the dwell time that cyberattacks spend on a network undetected has shrunk, the methodology behind the attacks—more specifically, the type of attacks commonly being used—has shifted. Nowadays, ransomware plays a much larger part, increasing from 14 percent in 2019 to 25 percent in 2020.

Ransomware (the malware that locks down a targeted system and demands payment to release it) has a much shorter dwell time than most other attacks. Taken as a group, other attack methods had a median dwell time of 45 days. Ransomware: just five. This difference is what contributed to the overall median dwell time of 24 days.

So, these shorter dwell times can be attributed to ransomware intrusions progressing to full-scale attacks much more quickly.

Ransomware Has Gotten Worse

Unfortunately, a business’ troubles don’t end there. In addition to these accelerating attacks, hackers have grown more aggressive. This has translated to higher ransom demands, as well as the unsettling development of so-called “multifaceted extortion”—where the attacker threatens to also publish the data they steal if payment isn’t made.

Other Attacks Are Still Prevalent, Too

Businesses still need to worry about other methods of attack as well. For instance, exploits (codes that take advantage of programming bugs or other vulnerabilities) have risen in popularity again as a way for an attacker to first get into a business’ network. They’re now seen in 29 percent of intrusions, as compared to phishing attacks and their 23 percent prevalence.

Other commonly used tools included misused tools meant to provide security teams with the resources needed to run their evaluations. These backdoors were found in 24 percent of incidents. Moreover, privately-developed malware—the kind that makes responding to a security incident more challenging—was seen in 78 percent of attacks.

This Is All Concerning, So Your Business Needs to Prepare Accordingly

How do you do that? Proactively, and keeping in mind that the modern threat landscape is just too diverse to be covered by a single, simple fix. The measures needed to respond to each are all very different.

If you’re finding this to be a lot to deal with, you aren’t alone—and you don’t have to be to attend to all this, either. Jackson Thornton Technologies and our team of experts can help you ensure that your business’ network is fully secured and monitored against threats of all kinds. To find out more about what we can do, check out some of the services we offer and give us a call at 334-834-7660.

 

 

What We Can Learn from Coca-Cola’s Insider Trade Secret Theft

Your business’ data is perhaps its most crucial resource—which is why it is so important that it remains protected against all threats (including those that come from within your own business). Consider, for a moment, the ongoing trial of Xiaorong You, going on in Greenville, Tennessee. Accused of stealing trade secrets and committing economic espionage, You allegedly stole various BPA-free technologies from various companies—including Coca-Cola and the Eastman Chemical Company, amongst others—to the tune of $119.6 million.

Let’s consider how the implementation of insider threat detection methods could have minimized the damages that You allegedly inflicted on these companies.

You’s Story

Xiaorong “Shannon” You, a naturalized US citizen and PhD in Polymer Science and Engineering, has worked in the industry since 1992. From December of 2012 to August of 2017, she worked for Coca-Cola as a principal engineer for global research, moving to the Eastman Chemical Company to work as a packaging application development manager from September of 2017 until June of 2018, when her employment was terminated.

During her tenure at both companies, You had access to secrets that a limited number of employees were privy to. In the case of Coca-Cola’s secrets, You had retained them (despite affirming that she hadn’t in writing) and submitted them to the People’s Republic of China as part of her application for the country’s The Thousand Talents program in 2017. This program has been used before to introduce advanced technologies to China, with the Department of Justice having had some success in prosecuting these cases.

What Xiaorong You Allegedly Did

According to the case that You now faces, she retained this information by simply uploading data to her personal Google Drive account—or when dealing with particularly sensitive documents and physical lab equipment, she simply used her smartphone’s camera to capture images (bypassing the scrutiny of her employers’ information security teams). Once she had secured this information, You worked with a Chinese national named Xiangchen Liu to form a company in China that would use these trade secrets to generate its own profits, using an Italian BPA-free manufacturer to incorporate the stolen technologies onto their own products.

The theft of this technology has had an impact on various companies, including Coca-Cola and the Eastman Chemical Company, as well as AkzoNobel, Dow Chemical, PPG, TSI, Sherwin Williams, and ToyoChem.

Originally brought up on charges involving the theft of trade secrets in Tennessee’s Eastern US District Court in February of 2019, You was subject to another indictment in August 2020 that filed charges of economic espionage.

How You’s Employers Could Have Stopped Such Activities

Let’s take another look at some of the dates we just went over:

You’s employment at Coca Cola ended in August of 2017, while her indictment for crimes that allegedly took place during her time there didn’t happen until February of 2019. This suggests that the discovery of her activities at Coca-Cola didn’t occur until long after the fact.

This fact is indicative of two reasonable hypotheses:

1. Coca-Cola lacked the tools to detect such activities in real-time, making it far more difficult to prevent protected and sensitive data from successfully leaving the corporate environment.

2. Coca-Cola also lacked the policies that could have prevented non-authorized devices from entering the workspace or otherwise being kept in proximity to sensitive company data or infrastructures. While old-fashioned, the concept of taking photographs of such information is no less effective for its age.

By comparison, You’s considerably rapid termination from the Eastman Chemical Company would suggest that their data protection standards were much more robust than Coca-Cola’s were at the time, enabling the company to identify a security issue and properly investigate it much faster.

Just imagine how much the total damages—which now equate to about $119.6 million, as a reminder—could have inflated if Eastman Chemical weren’t able to catch You’s alleged activities so quickly.

It unfortunately goes to show how anyone given the opportunity in tandem with the right motivation—in this case, recognition and financial windfall—could become a serious threat to any company’s data. This means that every company should have the tools in place to prevent these activities as often as possible, as well as the means to catch them if they are to take place.

Jackson Thornton Technologies is here to help facilitate that. Our remote monitoring and management services can help catch any suspicious activity on your business’ network, preventing both internal and external threats from taking root. We can also help keep your data on a need-to-know basis, preventing more data leaks—accidental or otherwise.

Learn more about how our solutions can assist you by calling 334-834-7660 today. 

 

 

A Hacker Could Steal All Of Your Text Messages for a Few Bucks

We always picture hackers as these foreboding, black-clad criminals, smirking through the shadows cast in their dark room by their computer monitor. Hardened, uncaring individuals who don’t go outside very often, staring at code as if they were able to decipher the Matrix.

It’s time we give up this persona and stop mystifying cybercriminals. Why?

It only takes a few bucks and some spare time to truly hold an individual’s data hostage.

Cybercrime doesn’t require the skill of a computer programmer, any more than mugging somebody on the street requires the skill of a James Bond villain. It just takes a level of dedication and a huge lack of compassion. 

It’s So Easy to Have Everything Taken Away From You

Let’s keep the comparison of cybercriminals with street muggers in mind. That’s really what these people are. When my friend (we’ll call him Bob for the sake of this blog post) watched his online accounts systematically get broken into, he wasn’t dealing with a highly-skilled, Hollywood-portrayed hacker. He was likely dealing with a kid who found an easy way to take advantage of others.

Here’s the story:

Bob received a weird message from a stranger. That message had screenshots of a few of his online accounts—his Amazon account, Netflix, and a few others. This stranger was proving that he had access to Bob’s accounts.

A few minutes later, the stranger started to show text messages that were intended for Bob. He logged into Bob’s Facebook account and started messaging Bob’s friends and family. 

Bob’s phone wasn’t acting strangely. There was no evidence that it had been hijacked. His computer at home wasn’t showing any signs of malicious activity. Everything worked as normal.

This stranger was going through all of Bob’s online accounts and changing passwords, taking over, and locking Bob out. It wasn’t long before he found his way into Bob’s Paypal account.

How could this happen? There are actually several possible ways:

If you use the same passwords on multiple accounts, it’s easy for a cybercriminal to sift through sites and businesses that were breached and try your username and password on other services. Stolen information is often displayed and sold on the Dark Web, and for a few dollars, anyone can grab loads of personal, sensitive information like this.

Another way could be SIM Swapping, which is a term for when a criminal tricks a cell phone carrier to forward your calls and text messages to their own device. It only takes a confident criminal and a misguided support person at your carrier.

In this case, however, the criminal didn’t even go that far.

They used a legitimate service called Sakari, which is a text messaging marketing service that lets businesses perform mass communication to their customers or subscribers via text. 

Anyone can create an account with Sakari, and for a few dollars, seize another person’s phone number.

The victim doesn’t lose access to their smartphone. They still get calls and texts. The criminal, however, gets to see everything going on. Since many online accounts will text you if you try to get in without a password, the so-called hacker could intercept these messages and take the steps to gain control over your identity. Once they are in your text messages, they can quickly escalate into your email, and then control everything.

We’re likely going to see companies like Sakari increase their security to prevent this from becoming a widespread problem, but it just goes to show you that hackers can be resourceful without actually needing a lot of skill—just dedication to do wrong.

To protect yourself from this type of attack, be sure to use strong passwords and never use the same password on multiple accounts. Utilize 2FA that goes beyond SMS messaging, such as the Google Authenticator, Duo, Lastpass Authenticator, or a similar tool. Most importantly, never hesitate to ask your trusted IT experts what you can do to further protect yourself, your identity, and your business.

Want to discuss your cybersecurity? Give Jackson Thornton Technologies a call at 334-834-7660.

 

 

Category: 

Facebook’s Massive Data Leak

Facebook is many people’s favorite—or at least most used—app and it does bring value to people by letting them keep tabs on friends and family, or grow their businesses. It has grown to be one of the largest, most successful software technology companies in the world. Unfortunately, with that type of exposure comes the responsibility of securing massive amounts of personal data. In this quest, they leave a lot to be decided. Today, we take a look at the situation Facebook is in as they are dealing with one of the largest data leaks in history.

What’s the Issue?

The current situation didn’t start recently, but at the beginning of April, some 533 million Facebook records were leaked by hackers for free on the dark web. Over half a billion users have had their personal information, including Facebook ID, corresponding phone numbers, birthdates, some email addresses, relationship status, and bio, dumped into a public database online. 

Facebook confirmed that the data was from a 2019 data leak, and that they have long since patched the vulnerability used to obtain it. That’s a good thing, but it’s still concerning that two years after a major data leak, the data, which was for sale for the past two years, was just dropped on the web for free. Obviously, the tech giant wants the narrative to be that this is old data and they have since made the changes necessary to protect their massive amount of user data, but the fact that it is still available is the bigger issue.

Once Data is Leaked, It’s Out There Forever

We may not really know the tangible value of the data found in this massive database. What we do know is that once data is leaked, it’s going to cause some consternation for Facebook, because:

● One of Facebook’s major revenue streams revolves around transactions with this data.

● This data is out there for free.

● It was likely obtained from a hacking tactic called scraping.

Your company doesn’t have the huge amount of data that Facebook has, but you have the same responsibilities with the sensitive data you have. If Facebook wasn’t, you know, Facebook (that being a platform that is typically used to share data) they wouldn’t be able to simply shrug off something like this. We can say with confidence that a data leak of nearly a quarter of your client base’s data would come with massive repercussions for your business. 

That’s why you need to ensure that you have the tools in place so that you don’t have to deal with data theft, loss of customer confidence, and all the other negative variables that come with a data breach. If you would like to find out more about how Jackson Thornton Technologies can help you secure your business’ and customers’ data, reach out to us today at 334-834-7660.

 

Category: 

Let’s Take a Look at the Data Breaches So Far in 2021

 

By now, everyone knows that businesses can be defined on how they approach cybersecurity. Unfortunately, even if your business makes a comprehensive effort to protect your network and data from data breaches, all it takes is one seemingly minor vulnerability to be exploited to make things really hard on your business. Let’s take a look at the major data breaches that have happened since the calendar turned to 2021. 

January

For the first ten days of the new year, there weren’t any major breaches, but on the 11th:

1/11/21

Ubiquity Inc. - One of the largest vendors working in the Internet of Things space, had their database accessed by unauthorized entities through their third-party cloud provider. Possible exposed items include customer names, email addresses, hashed passwords, addresses and phone numbers.

Parler - The former social media news app, Parler, after being removed from Amazon servers got some more bad news. It had its data scraped by a hacker and resulted in 70 terabytes of information leaked. This included almost every post to the platform, person-to-person messages, and video data. All of Parler’s Verified Citizens, users that have verified their identities with their driver’s license information were exposed.

Facebook, Instagram, and LinkedIn - A Chinese social media management organization called Socialarks suffered a data leak that exposed the PII (Personally Identifiable Information) of at least 214 million social media users from Facebook, Instagram, and LinkedIn. User’s names, phone numbers, email addresses, profile pictures, and more were exposed in the leak.

1/12/21

Mimecast - Cloud cybersecurity company Mimecast had their tools hacked, exposing around ten percent of their customers who currently utilize the Microsoft Office 365 email platform. 

1/20/21

Pixlr - The free photo-editing application had the user records of 1.9 million of their users compromised. Data that was leaked included email addresses, usernames, hashed passwords, and other sensitive information. 

1/22/21

Bonobos - Seven million customers of men’s clothing retailer Bonobos had their customer data stolen and posted on a hacker forum. Some of the data exposed included addresses, phone numbers, account information, and even partial credit card information.

1/24/21

MeetMindful - MeetMindful is a dating platform that was hacked and had 2.28 million registered users’ personal information posted for free on hacker forums. The data that was exposed includes names, email addresses, location, dating preferences, birth dates, IP addresses and more. 

1/26/21

VIPGames - The free gaming platform, VIPGames.com had 23 million records leaked for more than 66,000 users. The cause was explained as a cloud misconfiguration. Leaked user records include usernames, emails, IP addresses, hashed passwords, and the status of user accounts.

1/28/21 

U.S. Cellular - After a targeting phishing attack of U.S. Cellular employees, hackers were able to gain access to the company’s CRM that contained almost five million user profiles. U.S. Cellular is the fourth largest wireless carrier in the U.S. and admitted to only having 276 users be victims of the social engineering attempt. Records that were compromised included names, addresses, PINs, cell phone numbers, plan information, and more. 

February

2/2/21

COMB - Standing for a “Compilation of Many Breaches”, a database containing more than 3.2 billion unique pairs of cleartext emails and passwords that belonged to past leaks of Netflix, LinkedIn, Bitcoin, Yahoo, and more was discovered available online. In the searchable database, hackers were given access to account credentials, access to 200 million Gmail addresses, and 450 million Yahoo email addresses.

2/10/21

Nebraska Medicine - In the first major medical organizational breach of 2021, Nebraska Medicine was inundated by malware allowing a hacker to access and copy the medical records of over 219,000 patients. Information copied included names, addresses, dates of birth, medical record numbers, health insurance information, lab results, imaging, diagnosis, and more.

2/18/21

California DMV - The California Department of Motor Vehicles was hit with a data breach after one of their contracted companies, Automatic Funds Transfer Services, was hit with a ransomware attack. Information stolen included any CDMV information from the past 20 months including names, addresses, license information, and more. 

2/20/21

Kroger - A hack of a third-party cloud provider, Accellion, allowed hackers to steal HR data and other sensitive information from supermarket company, Kroger. Some of the records that were disclosed include names, email addresses, home addresses, phone numbers, Social Security numbers, and health insurance information for pharmacy customers. 

2/26/21

T-Mobile - An undisclosed number of T-Mobile customers were affected by hackers using SIM-swapping, a social engineering attack that allows hackers to gain control over a user’s smartphone. This allows them to steal money from their accounts, change passwords to hijack accounts, and even lock users out of their own devices. 

March

3/3/21

Microsoft Exchange - A vulnerability found in Microsoft Exchange Server email software allowed hackers to gain access to the email of 30,000 organizations from across the U.S. This allowed hackers to gain complete control over affected systems, allowing for data theft and positioned them well for further compromise. Microsoft has since patched the vulnerability.

3/9/21

MultiCare - A ransomware attack exposed the personal and medical information of over 200,000 patients. The attack provided access to names, policy numbers, Social Security numbers, dates of birth, bank accounts, and more. 

Millions of people every year are victims of some type of cyberattack. To keep your organization from dealing with this type of problem, contact the experts at Jackson Thornton Technologies today at 334-834-7660 to help come up with a strategy.