So you are in the cloud?

Like most businesses, the allure of using cloud resources is a smart decision. The cloud offers different types of flexibility to manage your business appropriately. Maybe you need to have a web server and don’t want the cost, maintenance and overhead of all of the infrastructure of hosting it yourself? Or perhaps you are using the cloud as a part of a online transaction processor? Regardless of your need for cloud, there is likely something you haven’t put a lot of thought towards… How secure are THEY?

The cloud provider is a business like any other, with servers, vendors, employees, IT staff, marketing people, contractors and likely at least one out-sourced service. It is smart business sense to regularly review your cloud provider’s security. You are trusting them with your data, your reputation, and in many cases they are assuming the risk of maintaining your IT services.

In a recent study following the suspected cyber attacks on the US Democratic party following the most recent presidential election, it was determined that the vendors were the way the attackers got in. By compromising a “trusted partner” of a business, attackers can then infiltrate any business attached to them. From a cloud vendor perspective you would hope they have the strictest security posture possible; but how do you know?

Every business that uses any type of cloud service should thoroughly review the security of the cloud provider they are trusting. Want to know more?

Contact us today!

The truth about Ransomware

There are many articles in the news about Ransomware today, which is a special type of malware. Ransomware is a way for the bad guys to get your systems to lock up so you can’t access the data, and then tell you that you can have your data back only if you pay them.

But, how do they do this?

It all starts with a breach of some type. Perhaps your employee is looking at their personal email on their work computer and they click on a link to log in to their bank account (which isn’t from their bank; in fact, it is phishing). Their computer is infected. This is the foot in the door. From here, that PC will “call home” to the command and control center for the malware, and the PC will begin scanning the network from the inside looking for other hosts to infect.

Once the malware has control of many or all of the PCs, file servers, databases, email servers, web servers and every critical business function, the command and control center will allow each PC to download a special exploit that will encrypt the hard drive of every machine.

When you come in Monday morning, grab your cup of coffee, power on your PC and you are presented with a screen stating that the hackers have your data and they won’t release it unless you pay them some large amount of money in bitcoins. You put down your coffee and pick up the TUMS as you realize all employees have the same screen, and you can’t access any data that makes your business work. All of your invoices, client contacts, contracts, billing information, etc. You haven’t just lost your data, but confidential data that belongs to your clients as well.

What do you do? Do you pay?

There is evidence to suggest that paying the ransomer may NOT get your back your data. Once you pay them, they can walk away, leaving you poorer. On the other hand, they could unlock your workstations and servers, but you now know that they have access to all of the confidential data you were trying to protect.

According to this research report from MIT, Ransomware has generated over $45 Million for the bad guys. The larger the organization, the more sensitive the data, the higher the ransom.

But you are covered, right? You have cybercrime insurance? Not all insurance companies will pay. Recently, some insurance companies decided that since the ransomware was “NotPetya”, which has been linked to the Russian government’s actions, it was deemed as an “Act of war”. Other companies refuse to pay for various reasons, citing that the target business should have done more to prevent these damages.

Could you be doing more? Contact us today.

Privacy and what it means…

Privacy is a touchy topic. For some people, it means having control over what you don’t want others to know. For example, you want to keep your social security number private, or your bank account number. But there are other things that we care less about being private, such as photos of ourselves on vacation that we post to social media. What if what you think is “private” really is just slightly harder to get to?

The world news is full of stories where someone’s privacy was breached, from leaked celebrity iCloud photos to identity theft. We believe that these incidents are isolated, but in fact everyone has had some level of privacy breach in their lives whether or not they know it. Recent data breaches from major corporations were released here. You can search for yourself and find out if your usernames and passwords were published.

Take for example, you have an iPhone and you use Facebook. According to several “experiments”, Facebook may be collecting information about all of the texts and phone calls you have made from the iPhone, they track all of your locations where you “check in” and Google has already admitted that they send telemetry location data every time you use a Google app, even if your GPS is turned off.

For a typical user, someone with access to this data can know where you were, when and what you were doing all the time. Maybe you think “I don’t care if Facebook or the government knows I bought a shovel from Home Depot on Saturday morning at 11:14AM for $28.34 and I used my Visa card ####-####-####-#### for it.” And maybe that is true, but did you volunteer that information? If I can gather that, what else can I get?

This type of data collection when coupled with “Artificial Intelligence” or “Deep Learning” can come pretty close to predicting what you are likely to do in the future. It is this part of “privacy” that becomes scary.

What if I could detail out all of the daily activities of your employees? What information can I collect about your business? Bad actors have long know that the easiest way to get in a door, is to ask a person with a key to open it for you. This is usually called “Social Engineering”, but with machine learning, and organizations like Amazon, Microsoft, Google and Facebook collecting every aspect of your life, the issue of privacy goes beyond what you choose to share and enters the realm of inference.

Protecting yourself means being vigilant with what information about you is available. Many people choose not to post vacation photos while they are away because it tells robbers that they aren’t home. Beyond that, does Facebook NEED access to your camera? Photo Gallery? Text Messages? Microphone? Does Amazon Prime need to know your GPS location? All of these apps have permissions that they ask you about. If it doesn’t seem right (why would Candy Crush need access to my Voicemail? Or my camera?) then it probably isn’t.

Want to know more about how to protect yourself and your company? Contact us today!

DNS Data Exfiltration

Are you aware of the potential for data to leave your organization? A company’s intellectual property is the key to profits. Whether you are a marketing company, an insurance firm, or a manufacturer, the “secret sauce” of your organization is what you are trying to keep secret. It is because of this that you have an awareness of ways that the data might leave your company unlawfully.

The first and obvious one is some type of hacker. Perhaps one or many of your machines have been infected with malware. That malware is the remote terminal for bad actors to work through your network looking for valuable data so that they can send your secrets back out and sell them. Perhaps instead you have a rogue employee, who is looking to make extra money and has taken a bribe from bad actors who will pay them a lot of money to send them your data.

The obvious avenues for this data exfiltration are avenues your have already thought about, like email, USB Drive, file sharing sites like DropBox. But most sophisticated exfiltrations are designed to go undetected. There are various ways that data can be sent out using techniques that don’t look like data is going out.

One such was is through DNS lookups. DNS queries are placed from the workstation to a DNS server in control by the bad actor. The DNS queries look like long invalid strings (because perhaps the data in encrypted), but the query itself is asking for the actual data being sent. For example, if I want to exfiltrate the Gettysburg address document, I might perform DNS queries to my own DNS server looking for “FourScoreandSevenYearsAgoOurfathers” and the next query would continue with “broughtforthonthiscontinent” and so on until I have essentially transmitted the entire document. Of course all of these queries will be denied because these aren’t addresses, but who would notice? DNS is necessary on the Internet and you expect to see DNS traffic.

Because DNS queries are quick and easy, this is becoming a more prevalent technique to move data out of the company to the network of bad actors. From the bad actor side, all I have to do is keep a log of the queries and reassemble them.

But what if I am talking about the source code to the software you develop? Or the customer data you hold? Credit card numbers? Social Security numbers? Internal documents that you don’t want your competitors to see?

Contact us to today to find out how we can help protect you and your company from threats like these.