Hackers

Ransomware Has Gotten So Bad, It’s Aligned with Terrorism

Ransomware has rapidly progressed from an irritating annoyance to a legitimate global threat, with the U.S. Justice Department officially going on the record and establishing that future ransomware investigations will be handled the same way that terrorism cases are now. Let’s review the reasons behind this policy change and how your business should respond.

How Much Worse Has Ransomware Gotten?

Let’s look at this somewhat casually. 

Ransomware was never something to be trifled with. However, compared to the attacks we’re seeing today, the attacks of the past seem to be small potatoes at their worst. Having your business’ data encrypted is bad. However, crippled supply chains and interrupted national infrastructures (as we’ve seen in the recent attacks on JBS SA and Colonial Pipeline) are undoubtedly worse.

The dangers that such ransomware attacks pose cannot be understated, and no business is truly safe. The White House recently said as much in their warning to companies in regards to their cybersecurity preparations.

This is Why the US Justice Department is Speaking Out

Understandably concerned about the ramifications such threats could easily pose to national security, the Department of Justice has joined with the White House to draw a line in the sand. As their way of responding to what they accurately described as a “growing threat,” investigations into ransomware cases will now be handled similarly to how terrorism cases are… all stops taken out in terms of what tools are used.

Other Governing Bodies are Following Suit

Likewise, in response to the JBS hack and the potential economic ramifications it will likely cause, the US Congress is now considering the lack of federal oversight into the cybersecurity protections implemented by meat processors. Such oversight could help to create a more unified strategy to help prevent and mitigate these kinds of attacks and their widespread impacts.

Ransomware Threats are Also Getting Worse

In addition to many ransomware attacks being waged on bigger, higher-value targets, the strategies involved across the board are evolving. Just consider the ideal progression of a ransomware attack from the attacker’s perspective.

1. Use ransomware to encrypt a targeted system

2. Threaten to delete all contents of a targeted system if a ransom isn’t paid

3. Profit

Understanding this, the consensus amongst security-minded businesses was that keeping an isolated backup was the perfect failsafe against such an attack. After all, with the backup to fall back on, the encrypted data could be deleted and replaced with relatively minor cost to the business. This is one of the many, many reasons we always recommend a business to keep a backup squirreled away.

Unfortunately, as will always be the case with cybercriminals, these practices encouraged them to adapt their processes. Lately, more and more attacks are following a slightly different method than what we’ve been seeing:

1. Steal data from a system, using ransomware to encrypt it after the data has been harvested

2. Threaten to delete all contents of a targeted system if a ransom isn’t paid

3. Profit

4. Threaten to leak or sell the stolen data unless a second ransom is paid

5. Profit again

This double-whammy approach to ransomware first came onto the scene in late 2019, and has exploded since. One recent survey found that 77 percent of ransomware attacks now come with threats to leak data if a ransom isn’t paid. This same survey also revealed that such attacks are increasingly directed against SMBs, who have considerably fewer resources than enterprise-level targets.

So, if keeping a backup no longer helps to squash the entire threat, what can a company do?

How a Business Can Resist Ransomware

First, it will help to understand how the majority of modern ransomware attacks begin. About half are enabled by a cybercriminal’s ability to compromise remote desktop software (through stolen or guessed access credentials, or through an unpatched vulnerability). This means that any organization can more effectively prevent ransomware by reinforcing its password security and user management.

By implementing password requirements that better align to best practices and then reinforcing them through two-factor authentication measures, your business can help eliminate much of the risk of an insecure password. Supplementing these measures with a password management platform can make it that much simpler for your users to utilize sufficiently secure identity authentication, benefitting your organization considerably.

Finally, it helps to invest in a dark web monitoring service, as this can help you identify if any of the passwords or data that your organization relies on has been compromised and exfiltrated. While it won’t help to undo any damage that has already been done as a result, this knowledge can help you identify your weak points and resolve them.

While we wish we could say that this is the last time that a cyberattack method will ever get progressively worse, we simply can’t, so we all need to do whatever we can to stop them. That’s where Jackson Thornton Technologies and our services come in. Learn more about what you need us to do by calling 334-834-7660.

 

Tip of the Week: 11 Ways to Instill Security Awareness in Your Team

While it really would be a nice thing to have, there is no magic bullet for your business’ cybersecurity—no single tool that allows you to avoid any and all issues. However, there is one way to help make most threats far less likely to be successful: building up your company’s internal security awareness amongst your employees and team members. Let’s go over eleven ways that you can help ensure your company is properly protected, simply by encouraging your employees to take a more active role in guarding it.

11 Ways to Make Sure Your Team is On Their Guard

Gamification

In order to fully absorb the lessons that your security training is meant to impart, your team members need to be engaged in the training. One famously effective way to encourage this is to make it fun (at least to some degree).

Running simulated attacks, with incentives given out to motivate your employees to do their best in identifying and reporting them, with help to reinforce the positive behaviors you want your team to exhibit if and when they have to contend with the real McCoy. This also allows your employees to gain practical experience with a live threat, so to speak.

Incorporate Security Awareness into Onboarding Strategies

There’s a lot that has been said about the impact that a first impression can have, so it only makes sense to have one of the first impressions you place onto your newly-hired employees be the importance of cybersecurity. Instilling good security habits early on will only help your organization resist more threats in the future.

Make It Understood that Mistakes are Expected

Accidents happen, and the best-laid plans of mice and men often go awry. Regardless of how well your team is prepared, there is almost certainly going to be a slip-up somewhere down the line. Part of your security training has to be the acknowledgment that there will be mistakes made by your employees, and the publicized acceptance of that outcome.

If your team members expect to be punished for their mistakes, they will only work harder to hide them. You need to know about these issues so that they can be resolved, and your team members educated so that these mistakes are not repeated.

Shape Training to Your Team’s Situation, Work Roles, and Age Groups

Chances are, your team members are not a monolith… in addition to the many different roles that they likely fill, they come from a variety of backgrounds, age groups, and other differentiators. As a result, a single method of teaching isn’t likely to work equally effectively amongst them all.

While it is important that everyone is trained, it is equally important to remember that not everyone will respond to a given form of training in the same way. You need to diversify your training strategy to involve a variety of methods to account for the various learning styles your team members are likely to exhibit.

Keep it Short, Sweet, and Frequent

Long, cookie-cutter training sessions are a great way to disengage your team from the lessons that your training is meant to impart. Substituting marathon-style training for shorter, more frequent “sprint” sessions will help keep your team interested, and will allow for more consistent training to take place.

Use Different Mediums

Much in the same way that your training needs to account for various learning styles, your training should come in different formats. Basically, you don’t want your training to exclusively be presented as group lectures delivered to the team (or whatever your chosen default is). By switching up the format, you help to make your training more impactful, which will help it stick better with your teammates.

Encourage Them to Share Lessons with Their Families

One of the best ways to ensure that your employees fully understand the cybersecurity principles that you’re imparting upon them is to encourage them to pass on these messages themselves to their families. Not only will this help make their home security more robust, it will reinforce the habits that you want them to uphold.

Select Company Security Leaders

Identify the people in your company who take to the security practices that you impart most effectively and empower them to take a leadership role in terms of your company’s security. Not only will this give you a more focused security infrastructure, it helps you to more completely fill your company with your message.

Keep Your Material Fresh

While it might seem like a good thing to have your team members be able to recite your training materials by heart, there’s a difference between rote memorization and really absorbing the lesson. Switching up the lessons will help to keep your team sharp, engaged, and on the alert.

Collect Feedback

If you want to know how you can make your training more effective, the best way to find out is to ask your team members. Ask them what resonates with them, what they could use more help with, and (most importantly) what they don’t know enough about yet. While it may sound funny to ask your team members what they don’t know, they’ll likely let you know what they feel less confident about (thereby giving you the opportunity to remedy it).

Emphasize Why Training is Necessary

Another reason that your team may not respond well to training is because they simply don’t appreciate why it is so important. Incorporating the why into your training, alongside the how, is sure to help your team become more accepting of the necessity of training.

Jackson Thornton Technologies is here to help your newly-security-focused team members identify and respond to threats more effectively, assisting them however we can. Reach out to us to find out more about our security services by calling 334-834-7660 today.

 

Hackers Start Beef with JBS Ransomware Attack

Last weekend saw a significant cyberattack waged against the world’s largest meat processor and distributor, JBS S.A., that completely suspended the company’s operations in both North America and Australia… and as a result, has impacted the supply chains associated with the company. Let’s examine the situation to see what lessons we can take away from all this.

What Happened to JBS S.A.?

Over the last weekend of May 2021, JBS’ global IT systems were targeted by a ransomware attack that completely shut down the meat processor’s operations in North America and Australia. Seeing as effectively each step of the company’s operations (from livestock procurement all the way to export and shipment) rely on some kind of technology, everything was put on pause.

Fortunately, JBS had implemented backups, and have therefore been able to restore their systems and are returning to operation. Furthermore, there has been no apparent evidence discovered suggesting that any customer, employee, or supplier data was compromised in the attack.

However, this does not mean that there is nothing more to examine surrounding these events. Let’s go into the major takeaways that need to be addressed.

First of All, Who’s Responsible, and Who is Involved in Fighting Back?

There has been no indication that any activist groups were involved in the attack. Rather, sophisticated cybercriminals—the sort that have been previously associated with Russian cyberattacks—have been assigned blame for this attack. Along with the Federal Bureau of Investigation’s interest in the cyberattack, the United States government has been in communication with Russia concerning these efforts.

The Australian Cyber Security Centre has also been providing their assistance, although they would not disclose what the nature of this assistance was, while the company was also working with both the Australian government and the Australian Federal Police to more assuredly identify the responsible party.

The Impacts of Ransomware and Other Threats

While ransomware is still relatively new in terms of mainstream threats, it has grown from a concerning eccentricity to a global concern in the few years it has been popularized. More than a threat that simply locks down a computer or network, ransomware now involves an element of exfiltration—not only is the target’s data deleted unless a ransom is paid, it is also stolen and sold unless a second ransom demand is also paid up. This form of attack is closely associated with exactly the groups that are suspected of conducting the attack on JBS.

Fortunately, JBS was smart and had protected themselves ahead of time by implementing a backup solution. This is precisely why we always encourage businesses to do just that: the backup serves as your business’ insurance policy should your operations ever be targeted by such an attack. Unfortunately, this isn’t unlikely as many such attacks are spread through automated phishing campaigns and other hands-off means of dispersing malware.

At Jackson Thornton Technologies, we’re committed to helping businesses resist cybersecurity issues of all shapes and sizes, along with helping you manage your IT in the operational sense. Start a conversation with us by calling 334-834-7660 today.

 

What You Need to Do If Your Business is Hacked

Few things are scarier for a modern business to consider than the idea that they will be hacked, regardless of that business’ size or industry. After all, hacking can, will, and does cause significant damage across basically all aspects of your organization. This is precisely why it is so important that—should a business be hacked—the proper steps are taken in response.

Damage Control

Your first step needs to be getting a handle on the situation at hand. While hacking on any scale is a bad thing to experience, cutting it off as quickly as possible will serve you well. Here are a few steps that you need to take in order to do so:

Contact Your IT Provider IMMEDIATELY

If your IT provider is anything like us, they are more than likely aware of something happening on your network if they are monitoring it closely. That said, you’ll want to notify them immediately if you are suspicious of malevolent activity. 

Depending on what the issue is, IT will take specific actions to remove the threat, mitigate the damage, and then harden your network to prevent it from happening. Threats can sometimes be removed easily, or it could take a lot of hunting to chase down the cause of the problem if it isn’t being done proactively.

Here’s an example of a nightmare recovery scenario. IT may decide it’s best to take the nuclear option and wipe all affected devices completely before restoring them from a data backup. Doing so should remove the chance that a lingering threat could continue causing problems. We strongly recommend that you reach out to us for assistance with this, as we’ve seen plenty of cases where the business goes through an intense amount of labor only to experience the same hack after everything is back online. It has to be done carefully, and it has to be done correctly, and even then, the risks are still there.

Once that’s been accomplished, you need to be sure that all of your cybersecurity protections are fully updated and that you are as secure as possible. Check your firewalls, antivirus, spam protection, everything.

Seek Out Assistance

Many small businesses fully place their IT issues (or more accurately, dealing with them) on their staff members. Obviously, this isn’t a good situation. For a business’ purposes, it is much better to have a professional, dedicated resource to answer any questions your team has. A solid and reliable expert, like the ones that we employ here at Jackson Thornton Technologies, can be key to making it through these kinds of situations in the best position possible.

Be Prepared to Inform Clients and Prospects

Finally, we come to the last (but by no means least) part of making it through a cybersecurity incident: disclosing it. Of all of your interactions with your clientele or staff, this is the time when clarity and concision is most crucial. Bring everyone up to speed on the situation, what the possible ramifications are, and what needs to be done next to minimize the damage the event ultimately causes.

The hard truth of the matter is that you will ultimately lose some people when this happens. Of course you will. While the data practices of some people in their personal lives are questionable at best, the onus is still on you if they’ve entrusted you with the same data… and they’re not wrong. This means that you are accountable, and therefore need to be open and forthcoming with anyone involved. Every state and most industries have their own rules and requirements for data privacy, so you’ll want to understand exactly how you need to handle the communication involved with a data breach disclosure, based on what information was potentially breached.

Prepare Ahead of Time

Granted, these tips won’t help much if you’re already struggling through a breach event… but they will help you prepare for any you may face in the future. Taking the initiative to be proactive in implementing your protections and enforcing best practices will only boost your essential protections during this time (and trust us, the risks that today’s online workplace presents make these kinds of boosts necessary),

For assistance with your cybersecurity protections and the rest of your IT, you can always lean on us. Learn more about our services by calling 334-834-7660 today.

 

 

Ransomware Is One of Today’s Most Dangerous Threats

Ransomware has been a real problem for the past several years. Once known for breaching networks directly, the establishment of uncrackable encryption left hackers looking to change their strategies. Today, they use scams to get people to give them access to network resources. If they are successful, it can deliver more than headaches for a business. Let’s look at what makes ransomware so dangerous and how your company can combat the constant attacks that come your way. 

Ransomware

The experience of someone victimized by a ransomware attack is laced with terror. The fact that the situation you are dealing with—finding your files, drives, or even network resources are encrypted and inaccessible--is definitely one that would startle anyone. You then see the clock that is patiently ticking down, and you know that if you don’t comply with the demands, your files/drives will be deleted. It’s not a pretty situation.

Phishing

Phishing messages are usually delivered through email, but can also be received via a phone call, text message, or social media message. They are known as such because the scammer responsible simply distributes a message and waits for someone to take the bait. Scammers today are well-established and have gone to great lengths to concoct messages that could fool even the most vigilant user. 

Cybercriminals have taken to pairing these attacks together to help them take advantage of as many targets as possible. If a member of your staff incidentally clicks on a link or unpacks an attachment that is connected to one of these phishing emails—because it looks just like a valid email—you may be in some big trouble. Ransomware can move fast to encrypt data and drives, whittling your options significantly. 

What to Look for in a Phishing Email

There are some warning signs that a message is a phishing attempt. They include:

● Details are wrong - There are several details that you should check before you click anything in an email. Is the email address from the sending company? Are there misspellings and grammatical errors that you wouldn’t find in professional correspondence? Were you expecting an email from the company? If there are obvious inconsistencies, make sure to report it to your IT administrator before proceeding.

● There’s excessive urgency - Most phishing emails have desperate call-to-actions. Email is a useful correspondence tool, but very rarely are you directed to do anything that would necessitate you providing sensitive data. If an email’s message seems a little desperate, don’t proceed and report the message to your IT department.

● There’s a link or an attachment - If there is a link or an attachment in the email, and you weren’t expecting the email, you will want to reach out to the sender to confirm their legitimacy through another method of communication.

Phishing is today’s hacker’s go-to strategy. Ensuring that your staff is able to spot phishing attempts is the best way to ensure that ransomware or other malware payloads stay off your network. Call the IT professionals at Jackson Thornton Technologies today to talk about the strategies we prefer to ensure that our clients’ networks are left free of malware. You can reach us at 334-834-7660.

 

Cyberattack Discovery Time is Decreasing (But This Isn’t All Good News)

Research has revealed that cyberattacks are spending decreasing amounts of time on their targeted networks before they are discovered. While this may sound like a good thing—a faster discovery of a threat is better than a slower one, after all—this unfortunately is not the case.

Let’s explore this trend, and what it implies for your cybersecurity.

Understanding the Concept of Dwell Time

Dwell time is the term for the duration that a cyberattack is present on the network before it is detected. According to figures compiled by Mandiant, their researchers have found that the median dwell time around the world is 24 days. This number continues a decade-long trend of shortening dwell durations, with 2011 seeing a median dwell time of 416 days.

So, over the past ten years, the median dwell time has shrunk to about a fifth of what it once was.

On the surface, this sounds great… and it makes sense, too. Organizations are investing more into their cybersecurity, so their policies are better and they are simply more able to detect threats. Therefore, cyberattacks aren’t spending nearly as much time on a network before the infiltrated business becomes aware of them, so the damage they can do should be limited… right?

As much as we’d like to wrap this blog up right here and say “Right, and here are some best practices to follow…” we can’t. The situation is just a bit more complicated, and those complications are important.

The Shifting Threat Landscape Plays a Role

Here’s the thing: as the dwell time that cyberattacks spend on a network undetected has shrunk, the methodology behind the attacks—more specifically, the type of attacks commonly being used—has shifted. Nowadays, ransomware plays a much larger part, increasing from 14 percent in 2019 to 25 percent in 2020.

Ransomware (the malware that locks down a targeted system and demands payment to release it) has a much shorter dwell time than most other attacks. Taken as a group, other attack methods had a median dwell time of 45 days. Ransomware: just five. This difference is what contributed to the overall median dwell time of 24 days.

So, these shorter dwell times can be attributed to ransomware intrusions progressing to full-scale attacks much more quickly.

Ransomware Has Gotten Worse

Unfortunately, a business’ troubles don’t end there. In addition to these accelerating attacks, hackers have grown more aggressive. This has translated to higher ransom demands, as well as the unsettling development of so-called “multifaceted extortion”—where the attacker threatens to also publish the data they steal if payment isn’t made.

Other Attacks Are Still Prevalent, Too

Businesses still need to worry about other methods of attack as well. For instance, exploits (codes that take advantage of programming bugs or other vulnerabilities) have risen in popularity again as a way for an attacker to first get into a business’ network. They’re now seen in 29 percent of intrusions, as compared to phishing attacks and their 23 percent prevalence.

Other commonly used tools included misused tools meant to provide security teams with the resources needed to run their evaluations. These backdoors were found in 24 percent of incidents. Moreover, privately-developed malware—the kind that makes responding to a security incident more challenging—was seen in 78 percent of attacks.

This Is All Concerning, So Your Business Needs to Prepare Accordingly

How do you do that? Proactively, and keeping in mind that the modern threat landscape is just too diverse to be covered by a single, simple fix. The measures needed to respond to each are all very different.

If you’re finding this to be a lot to deal with, you aren’t alone—and you don’t have to be to attend to all this, either. Jackson Thornton Technologies and our team of experts can help you ensure that your business’ network is fully secured and monitored against threats of all kinds. To find out more about what we can do, check out some of the services we offer and give us a call at 334-834-7660.

 

 

A Hacker Could Steal All Of Your Text Messages for a Few Bucks

We always picture hackers as these foreboding, black-clad criminals, smirking through the shadows cast in their dark room by their computer monitor. Hardened, uncaring individuals who don’t go outside very often, staring at code as if they were able to decipher the Matrix.

It’s time we give up this persona and stop mystifying cybercriminals. Why?

It only takes a few bucks and some spare time to truly hold an individual’s data hostage.

Cybercrime doesn’t require the skill of a computer programmer, any more than mugging somebody on the street requires the skill of a James Bond villain. It just takes a level of dedication and a huge lack of compassion. 

It’s So Easy to Have Everything Taken Away From You

Let’s keep the comparison of cybercriminals with street muggers in mind. That’s really what these people are. When my friend (we’ll call him Bob for the sake of this blog post) watched his online accounts systematically get broken into, he wasn’t dealing with a highly-skilled, Hollywood-portrayed hacker. He was likely dealing with a kid who found an easy way to take advantage of others.

Here’s the story:

Bob received a weird message from a stranger. That message had screenshots of a few of his online accounts—his Amazon account, Netflix, and a few others. This stranger was proving that he had access to Bob’s accounts.

A few minutes later, the stranger started to show text messages that were intended for Bob. He logged into Bob’s Facebook account and started messaging Bob’s friends and family. 

Bob’s phone wasn’t acting strangely. There was no evidence that it had been hijacked. His computer at home wasn’t showing any signs of malicious activity. Everything worked as normal.

This stranger was going through all of Bob’s online accounts and changing passwords, taking over, and locking Bob out. It wasn’t long before he found his way into Bob’s Paypal account.

How could this happen? There are actually several possible ways:

If you use the same passwords on multiple accounts, it’s easy for a cybercriminal to sift through sites and businesses that were breached and try your username and password on other services. Stolen information is often displayed and sold on the Dark Web, and for a few dollars, anyone can grab loads of personal, sensitive information like this.

Another way could be SIM Swapping, which is a term for when a criminal tricks a cell phone carrier to forward your calls and text messages to their own device. It only takes a confident criminal and a misguided support person at your carrier.

In this case, however, the criminal didn’t even go that far.

They used a legitimate service called Sakari, which is a text messaging marketing service that lets businesses perform mass communication to their customers or subscribers via text. 

Anyone can create an account with Sakari, and for a few dollars, seize another person’s phone number.

The victim doesn’t lose access to their smartphone. They still get calls and texts. The criminal, however, gets to see everything going on. Since many online accounts will text you if you try to get in without a password, the so-called hacker could intercept these messages and take the steps to gain control over your identity. Once they are in your text messages, they can quickly escalate into your email, and then control everything.

We’re likely going to see companies like Sakari increase their security to prevent this from becoming a widespread problem, but it just goes to show you that hackers can be resourceful without actually needing a lot of skill—just dedication to do wrong.

To protect yourself from this type of attack, be sure to use strong passwords and never use the same password on multiple accounts. Utilize 2FA that goes beyond SMS messaging, such as the Google Authenticator, Duo, Lastpass Authenticator, or a similar tool. Most importantly, never hesitate to ask your trusted IT experts what you can do to further protect yourself, your identity, and your business.

Want to discuss your cybersecurity? Give Jackson Thornton Technologies a call at 334-834-7660.

 

 

HAFNIUM Attacks Target Most Microsoft Exchange Servers

The recent discovery of four flaws in Microsoft’s Exchange Server software came too late to prevent a rash of stolen emails, but that doesn’t mean you need to remain vulnerable to this attack. Let’s go over the story so far, and how you can help protect your business.

HAFNIUM, and Their Actions

Back on January 5th, 2021, a security researcher at security testing firm DEVCORE operating under the nom de plume “Orange Tsai” reported a few issues that were discovered in Exchange Server. The same issues were reported on January 27th by the Danish firm Dubex, and on February 2nd by a firm called Volexity. All these reports alluded to what proved to be the actions of a hacking group in China that goes by “HAFNIUM.” HAFNIUM’s hacking efforts have been directed toward the email platforms used in many different organizations’ systems—including organizations classified as infectious disease researchers, defense contractors, institutions of higher education, law firms, think tanks, and civil societies/non-government organizations.

In total, it seems apparent that hundreds of thousands of organizations making use of Microsoft Exchange have been swept up in the attack, breached by HAFNIUM with backdoors left open for the hacking group’s convenience later on.

These breaches were originally directed against exclusively high-value targets, but have swiftly become far less discerning in who may be affected, with all encountered servers now taken over by the automated attacks. While these attacks have left the cloud-hosted Exchange servers untouched, a lot of the victims were using both on-site and cloud-hosted in tandem.

A patch was released on March 2nd that only protects against infiltration, leaving those who had already been infected to fend for themselves.

This is Now A Global Cybersecurity Crisis

With the patch in play, it is now a race between hackers and organizations to see who acts first—with either HAFNIUM infecting a target or that target patching their systems against them.

Too many have already lost to HAFNIUM, at this point.

Even worse, these patches won’t do anything to resolve an existing breach, necessitating a comprehensive network analysis to eliminate any sign of infection. With this event constituting a zero-day threat against all self-hosted instances of Outlook Web Access that had not been patched within that span of a few days, these activities need to be prioritized within every business if only to be certain.

We’re here to help. As a managed service provider, part of our job is to help our clients identify and eliminate any risk factors and threats that issues within their technology may pose. Learn more about our services by calling 334-834-7660 today.

 

 

Let’s Take a Look at the Data Breaches So Far in 2021

 

By now, everyone knows that businesses can be defined on how they approach cybersecurity. Unfortunately, even if your business makes a comprehensive effort to protect your network and data from data breaches, all it takes is one seemingly minor vulnerability to be exploited to make things really hard on your business. Let’s take a look at the major data breaches that have happened since the calendar turned to 2021. 

January

For the first ten days of the new year, there weren’t any major breaches, but on the 11th:

1/11/21

Ubiquity Inc. - One of the largest vendors working in the Internet of Things space, had their database accessed by unauthorized entities through their third-party cloud provider. Possible exposed items include customer names, email addresses, hashed passwords, addresses and phone numbers.

Parler - The former social media news app, Parler, after being removed from Amazon servers got some more bad news. It had its data scraped by a hacker and resulted in 70 terabytes of information leaked. This included almost every post to the platform, person-to-person messages, and video data. All of Parler’s Verified Citizens, users that have verified their identities with their driver’s license information were exposed.

Facebook, Instagram, and LinkedIn - A Chinese social media management organization called Socialarks suffered a data leak that exposed the PII (Personally Identifiable Information) of at least 214 million social media users from Facebook, Instagram, and LinkedIn. User’s names, phone numbers, email addresses, profile pictures, and more were exposed in the leak.

1/12/21

Mimecast - Cloud cybersecurity company Mimecast had their tools hacked, exposing around ten percent of their customers who currently utilize the Microsoft Office 365 email platform. 

1/20/21

Pixlr - The free photo-editing application had the user records of 1.9 million of their users compromised. Data that was leaked included email addresses, usernames, hashed passwords, and other sensitive information. 

1/22/21

Bonobos - Seven million customers of men’s clothing retailer Bonobos had their customer data stolen and posted on a hacker forum. Some of the data exposed included addresses, phone numbers, account information, and even partial credit card information.

1/24/21

MeetMindful - MeetMindful is a dating platform that was hacked and had 2.28 million registered users’ personal information posted for free on hacker forums. The data that was exposed includes names, email addresses, location, dating preferences, birth dates, IP addresses and more. 

1/26/21

VIPGames - The free gaming platform, VIPGames.com had 23 million records leaked for more than 66,000 users. The cause was explained as a cloud misconfiguration. Leaked user records include usernames, emails, IP addresses, hashed passwords, and the status of user accounts.

1/28/21 

U.S. Cellular - After a targeting phishing attack of U.S. Cellular employees, hackers were able to gain access to the company’s CRM that contained almost five million user profiles. U.S. Cellular is the fourth largest wireless carrier in the U.S. and admitted to only having 276 users be victims of the social engineering attempt. Records that were compromised included names, addresses, PINs, cell phone numbers, plan information, and more. 

February

2/2/21

COMB - Standing for a “Compilation of Many Breaches”, a database containing more than 3.2 billion unique pairs of cleartext emails and passwords that belonged to past leaks of Netflix, LinkedIn, Bitcoin, Yahoo, and more was discovered available online. In the searchable database, hackers were given access to account credentials, access to 200 million Gmail addresses, and 450 million Yahoo email addresses.

2/10/21

Nebraska Medicine - In the first major medical organizational breach of 2021, Nebraska Medicine was inundated by malware allowing a hacker to access and copy the medical records of over 219,000 patients. Information copied included names, addresses, dates of birth, medical record numbers, health insurance information, lab results, imaging, diagnosis, and more.

2/18/21

California DMV - The California Department of Motor Vehicles was hit with a data breach after one of their contracted companies, Automatic Funds Transfer Services, was hit with a ransomware attack. Information stolen included any CDMV information from the past 20 months including names, addresses, license information, and more. 

2/20/21

Kroger - A hack of a third-party cloud provider, Accellion, allowed hackers to steal HR data and other sensitive information from supermarket company, Kroger. Some of the records that were disclosed include names, email addresses, home addresses, phone numbers, Social Security numbers, and health insurance information for pharmacy customers. 

2/26/21

T-Mobile - An undisclosed number of T-Mobile customers were affected by hackers using SIM-swapping, a social engineering attack that allows hackers to gain control over a user’s smartphone. This allows them to steal money from their accounts, change passwords to hijack accounts, and even lock users out of their own devices. 

March

3/3/21

Microsoft Exchange - A vulnerability found in Microsoft Exchange Server email software allowed hackers to gain access to the email of 30,000 organizations from across the U.S. This allowed hackers to gain complete control over affected systems, allowing for data theft and positioned them well for further compromise. Microsoft has since patched the vulnerability.

3/9/21

MultiCare - A ransomware attack exposed the personal and medical information of over 200,000 patients. The attack provided access to names, policy numbers, Social Security numbers, dates of birth, bank accounts, and more. 

Millions of people every year are victims of some type of cyberattack. To keep your organization from dealing with this type of problem, contact the experts at Jackson Thornton Technologies today at 334-834-7660 to help come up with a strategy.

 

With Remote Operations, Security is (Even More) Important

Since the beginning of the COVID 19 pandemic, it has been clear that many companies were not prepared to continue their operations remotely. This was largely due to their leadership being convinced in recent years that allowing people to work remotely would lead to a considerable reduction in production, leading them to be unprepared to shift to remote functionality. Cybercriminals have taken advantage of many organizations as a result, so today we’ll discuss what needs to be done to secure endpoints from afar.

 Many of the tools and strategies needed to keep your company's data infrastructure secure may be new to you and your business, but in most cases, they are measures that any organization that wants to protect its IT should take. Let's take a look at some of the strategies used to secure remote endpoints.

Virtual Private Networking

A Virtual Private Network (VPN) is a tool you may have heard of, that establishes an encrypted connection between your business’ network and a remote endpoint. This allows people to send and receive information securely by passing it on via an intermediary network. The configuration of the VPN is where people start to get confused.

IT administrators must therefore decide which security priorities to set for their network and which to disable. With more data coming in—and encrypted, for that matter—more bandwidth will be required, and the amount required for the entire team is going to be costly. On the other hand, there are clear security concerns without the VPN in place, making this a delicate balance.

Phish Fighting

Phishing is one of the largest cybersecurity issues for either in-house or remote employees, but arguably is a bigger risk for an employee working from home. After all, they likely aren’t under the same protections that should be set up in the office. Today’s Endpoint Protection and Response (EDR) tools can help to mitigate some of this risk, but the onus will still be on the user with their fingers on the keyboard.

Therefore, training your employees to recognize an attempted phishing attack is the most effective way to really deter them. Establishing and repeatedly reinforcing the best practices and warning signs, and what to do if they do encounter one, is the best strategy to protect your business from phishing.

Threat Intelligence

Of course, you shouldn’t rely exclusively on your end users to protect your business. Your IT department should also have installed a comprehensive threat intelligence system, which helps to keep you protected from new threats as they develop. At the very least, your IT resource will be kept up to speed on the threats posing risks to your technology.

Incident Response

Finally, you have to account for the fact that one of your users will likely slip up and get “hooked,” so to speak, by a phishing attack. Accidents happen, nobody’s perfect. In these cases, the EDR can help you determine how badly you’ve been breached, quarantining the impacted areas and resolving the threat. There are even options to help automate your anti-hacker efforts.

Putting it plainly, any business that uses technology—really, any business currently in operation—needs to worry about its cybersecurity. To learn more about the protections and precautions you should take, give our IT experts a call at 334-834-7660.