Officials for Carnival
Cruises have confirmed that a portion of their IT systems were encrypted
following a cyberattack identified over the weekend. The company also revealed
that sensitive information for both employees and customers was illicitly
accessed, though they did not admit to what extent.
Millions of Social Media Profiles Exposed
More than 235 million social media profiles belonging to
several major platforms, which contained personally identifiable information
including names, locations and contact data, were publicly exposed due to a
misconfigured database. Social
Data, an online data marketing broker, seems to be the owner of the data,
though it is unclear how they obtained it since data scraping for profit is
generally not tolerated by Facebook or other platforms. According to Social
Data, the database was exposed for up to three hours after initially spotted. It
remains unknown how long the data was accessible without authentication.
Wine and Spirits Conglomerate Suffers Ransomware Attack
Brown-Forman,
the parent company of many major liquor brands, recently fell victim to a
ransomware attack that appears to be the work of the REvil ransomware authors.
While the company was able to detect and thwart the attack before encryption, upwards
of 1TB of highly sensitive internal information on employees, clients, and
financial statements was stolen. Though no formal ransom was delivered, the
attackers are likely to auction the data imminently.
File-less Worms Creates Linux Crypto-mining Botnet
Linux
systems are on the lookout for a new infection that has been silently
creating a botnet to employ target machines as crypto miners. Since the start
of the year, over 500 SSH servers have been infected around the world by a worm
creating additional backdoors to allow attackers to return to the systems
later. Due to the file-less nature of this infection, a simple reboot of the
system can temporarily remove the malicious processes, but because the login
credentials have already been exported the system can be quickly re-infected.
Canadian COVID-19 Relief Sites Breached
Several Canadian
government websites connected to healthcare relief funds were breached with
the intent to steal COVID-19 relief fund payments. Though only a small portion
of the 12 million total accounts, 9,000 GCKey accounts were directly affected
after being breached via credential-stuffing. Credential-stuffing uses brute
force attacks with employs previously leaked credentials in the hopes victims use
the same login info for multiple sites. Since the websites affected don’t use
multi-factor authentication, the odds of a successful credential-related attack
were increased.
Cyber resilience is being put to the test during the coronavirus pandemic. As more and more users work from home, it’s becoming increasingly difficult for IT teams to ensure uniform cyber security on home devices and networks that they don’t own or control. At the same time, cybercriminals are using the pandemic to launch more deceptive attacks. In this post, we’ll break down a few steps you can take to add resilience to your home network, so you don’t have to sacrifice security for convenience during the global pandemic. We cover all of these tips and more in our Work From Home Playbook.
The secure tunnel
We lose a measure of security
the minute we step outside the protective shell of our corporate network. The
average home network is significantly less secure than corporate networks. This
leaves remote workers more vulnerable to attacks anytime they’re not connected
to the corporate network.
Luckily, you can easily
improve your at-home security by using a virtual private network (VPN). With a VPN,
you can establish a secure tunnel between your home network and your corporate
environment, making your home connection more immune to outsider attacks. A VPN
extends your home network – or connection from the local coffee shop – across a
public network, allowing you to interact with your corporate system as if you
were connected directly to it. This allows applications to operate securely and
encryption to be enabled within the connection, ultimately privatizing any data
being shared or input.
Handshake hygiene
A clean handshake is healthier
in the physical world. And it’s the same with the digital handshake between
your home devices and your corporate network. Anytime someone from outside the
network attempts to log on, there’s a risk the person isn’t who they say they
are. Login credentials are stolen all the time. In many scenarios, all it takes
is a username and password to gain access to the company network. Once inside,
cyberthieves can unload malicious payloads or find additional user credentials
to launch even more pernicious attacks. But by adding just one extra layer of
security in the form of an additional checkpoint, it’s possible to thwart most
attacks that rely on only a username and password.
That’s why multi-factor
authentication (MFA) has become the go-to method for adding extra verification
steps to confirm that the person logging on is truly who they say they are.
With MFA, the user verifies their identity using knowledge only they have, like
a password or answers to challenge questions. As an additional verification
step, the user supplies an item, like a YubiKey or a one-time password sent to
a mobile device. Lastly is an inherited characteristic unique to who the
person, such as a fingerprint, retina scan, or voice recognition. In today’s
highly regulated business environment, most businesses make MFA mandatory for
employees logging in from outside the network.
First, second and third lines of defense
Cybercriminals have a full quiver
of options when it comes to launching attacks. But the good news is that there
are also multiple solutions for defending home systems against them. The best
way to secure the home network is to use a multi-layered cyber resilience
strategy, also known as defense in depth.
This approach uses multiple
layers of security to protect home devices and the networks they’re connected
to. Here’s what that looks like:
Backup – Backup with point-in-time restore gives you multiple
recovery points to choose from. It ensures you can roll back to a prior state
before the ransomware virus began corrupting the system.
Advanced
threat intelligence – Premium antivirus
protection is still the first line of defense. And antivirus that is backed by
advanced threat intelligence, identification and mitigation is essential for
preventing known threats from penetrating your system.
Patch and
update applications – Cybercriminals
are experts at identifying and exploiting security vulnerabilities. Failing to
install necessary security patches and update to the latest version of
applications and operating systems can leave your devices exposed to an attack.
Learn more
Cyber resilience while working from home is every bit as critical as working on-site. For more tips on how to add resilience to your home environment, and how to prepare your space for working from home long-term, download the Work from Home Playbook.
The town of Lafayette,
Colorado, fell victim to a ransomware
attack last week without the capability to recover from the attack without
paying a ransom of $45,000 in cryptocurrency. The attack disabled many city
services for a number of days until officials determined they would not be able
to recover without paying for systems to be decrypted. This attack was another
example of how having data backed up, even if somewhat dated, is less expensive
and more secure in the long run.
Illinois Healthcare Data Breach
The Illinois
healthcare system suffered a multi-month data breach stemming from several compromised
email accounts earlier this year. The breach does not affect all IHS clients, but
those who were affected had much of their sensitive information, including
social security numbers and personal health documents, leaked. The breach began
in early February, but victims were not informed until the end of July, when
they were offered credit and identity monitoring services to protect against
illicit use of their data.
Cyberattack Strikes InfoSec Training Organization
One of the largest cybersecurity
training organizations was recently targeted by a phishing attack against an
internal email account. The compromised account was then used to install an
illicit Office365 add-on to maintain control of the account and to forward over
500 emails to a third-party account, many of which contained sensitive
information on customers. Affected customers have been contacted and warned to
be vigilant against future phishing attacks.
Pace Center Data Compromised Following Blackbaud Breach
Some donor data for the Florida-based non-profit Pace
Center for Girls was leaked after a data breach targeted its software
provider, Blackbaud, in May. The breach affected over 200 organizations relying
on Blackbaud for cloud-computing services and contained personally identifiable
information on thousands of donors. Fortunately, no payment card data was
included in the breach and the Pace organization has begun improving security
protocols to avoid further attacks.
Payment Card Data Stolen from MSU Website
At least 2,600 individuals were possibly affected by a
payment card leak after the Michigan
State University online shop was infiltrated through a known website
vulnerability. The attack used a card-skimming technique and remained active on
the site for nearly a year, leaving many customer’s data vulnerable to other
possible attacks. This would be the second cybersecurity-related incident to
target MSU in the last year. In May, the university was hit with a ransomware
attack that resulted in the publishing of stolen data.
Even though the 2020 Back to School
season may look very different from those in years past, there are a few things
that will remain the same. First, since Back to School is often when parents
and caregivers stock up on new clothes, tech, and school supplies for students,
it’s also when lots of stores (especially online retailers) run huge sales.
Second, there will be the customary
spike in cyberattacks. In fact, the attacks on the Education sector are already
up. The latest
data from Microsoft shows that the Education sector has recently suffered
more encounters with malware (over 5,000,000 in the last 30 days) than any
other industry!
Since a lot of children and teens will be attending school
virtually, either part-time or full-time, they’ll be spending even more time on
the internet than they currently do. The more time they spend online, the
higher the risk they face.
Here are the top threats to watch out for, as well as tips for how to help keep
young learners safe during Back to (Virtual) School.
Phishing
According to Tyler Moffitt, security
analyst at Webroot, “phishing isn’t going to go away any time soon. As tactics
go, it’s an oldie, but goodie. Times of year when people do more shopping, like
Back to School or Christmas, are a big draw for cybercriminals. We always see a
spike in phishing during those times. And with more people shopping and
streaming online during COVID-19, I’m betting we’ll see even more activity this
year than we would normally expect.”
To underscore Tyler’s point, the latest intelligence from the Webroot BrightCloud® Real-Time Anti-Phishing service shows that phishing URLs targeting global streaming services have increased significantly. In March 2020 alone, we saw the following increases in phishing URLs, broken out by service:
Netflix – 525% increase
YouTube – 3,064% increase
Twitch – 337% increase
HBO – 525% increase
Not only should you and your young learner keep an eye out for email scams, but also bear in mind that phishing can happen through a variety of channels. Because many students will end up communicating mostly via online chat, text message (SMS), or social media, it’s important for us all to be extra vigilant about what we click, what we download, and what information we transmit.
Zoom-bombing
The rise in the use of Zoom and other videoconferencing platforms has also paved the way for malicious actors to cause trouble. While it’s named after Zoom, zoom-bombing as a term refers to the act of intruding on a video conference on any platform and creating a disruption, such as spreading hate speech, displaying pornography, and more.
Additionally, Webroot threat researchers have seen videoconference executable files (i.e. the file you run to launch the program) either faked or manipulated so that unwitting victims end up downloading malware.
Fake Websites and Spoofing
Webroot researchers have seen huge jumps in the number of fake websites out there, particularly those with “COVID” and related terms in their domain names. Tyler also warns us to be on our guard for website spoofing, which is when malicious actors create a fake version of a website that looks like the real thing.
“A lot of people will have to access specific websites and online systems for school and related activities,” he says. “Criminals will effectively set traps, so that a mistyped URL or a fake search result could land you on a fake page that looks completely real, only to steal your info or install malware on your system.”
How to Keep Yourself and Your Family Safe
Here are Tyler’s top tips for
staying safe online through Back to School and beyond.
Use internet security software.
If you haven’t already, install internet security with antivirus on all your devices, especially
those that will be used for schoolwork. Don’t forget about using a VPN to protect kids’ internet activity from prying eyes.
Update videoconferencing software.
Make sure children and teens are always using the most up-to-date versions of
Zoom (or any other videoconferencing software) to ensure they have the latest
patches to prevent malware distribution and disruptions.
Watch out for phishing in all its
forms.
Talk to kids about phishing. Make sure you all know to look before you click.
And remember, phishing scams can look just like a text message from a best
friend, classmate, or teacher, so always be wary of messages that ask you to
click a link or download a file. Use a secondary means of communication, like a
phone call, to verify that these are legitimate.
Use your bookmarks. Bookmark all required
distance learning pages. Criminals may try to spoof these for phishing,
especially if there is a popular portal that many schools use. Using a
bookmark, instead of Googling and clicking a search result, will help ensure
that your kids are on the right page.
Just say ‘no’ to macros.
If you or your kids download a document and it asks you
to enable macros or enable content, DO NOT DO IT. This is very likely to be a
malicious file that will infect your computer.
Use a secure backup. When we’re all so reliant
on our computers and other internet-connected devices to work and study, it’s
extra important to make sure they’re backed up. Nobody wants to lose a term
paper or other important documents to a malware infection, hardware failure,
damage, loss, or theft. Save yourself the hassle and heartache by investing in backup software.
This Back to School season, it’s especially
vital that we all do what we can to ensure children and teens have the skills,
awareness, and security protocols to stay safe. By following these tips, you
can help make sure they stay safe today, tomorrow, and beyond.
There’s no doubt we’ve all had to change our
work habits as a result of the global coronavirus pandemic. Companies have
had to adapt rapidly to smooth the transition to work from
home. But companies will have to do more than adapt if they’re going to make
cyber resilience a long-term priority going forward. As the edge of the network
expands to include thousands of home networks and devices, it’s going to fall
on leadership to establish a culture of cyber resilience, so employees
internalize cyber security best practices instinctively.
What is a cyber resilient culture?
We
asked Principal Product Manager Philipp Karcher what a cyber resilient culture
is and what it takes to establish one at an organization. He said a culture of
cyber resilience recognizes that everyone – not just IT – has role in cyber
security. Karcher defines cyber resilience as the application of the same
principles of IT resiliency so that employees:
Business benefits of security training
When businesses internalize this culture,
they’re better prepared, better able to respond and better positioned to experience
growth, Karcher says. Asking employees to devote time and effort toward
security awareness is an investment in the future of the business.
On the other hand, businesses that don’t actively
work toward a culture of cyber resilience are more vulnerable to cyberattack. Their
employees are more likely to practice poor password hygiene, click on something
they shouldn’t and make other mistakes, like misconfiguring access rights or accidentally
sending someone the wrong file.
Cyber Resilience training delivers results
While IT resilience focuses on hardening data
and applications, your overall cyber resilience as an organization depends
equally on making users resilient. This should include a program of training
and communication on security issues employees need to be aware of and education
on how to properly respond to incidents.
Webroot
also partnered with leading cybersecurity education
content provider,
NINJIO, to deliver engaging three-to-four-minute Hollywood-style micro-learning
videos that
feature updated COVID-19 content and encourage cyber resilient behavior, like identifying
phishing emails and malicious URLs.
In addition to regular employee training, Karcher
says businesses should publish regular communications on security topics in the
form of emails, internal social media, posters and videos. Examples include
coverage of real-world threats they need to defend against in their work and
personal lives, and industry news about other businesses that were adversely
affected by attacks.
Cyber resilience can only become a part of
culture through sustained, long term engagement – not just annual check-box
training.
Three people were charged with last month’s Twitter
hack, which generated over $100,000 in bitcoin by hijacking high-profile
accounts. Of the 130 accounts used to spread the Bitcoin scam, major names
included Elon Musk and Bill Gates, who have been portrayed in similar past scams.
The FBI was apparently able to identify the perpetrators through a known
hacking forum offering Twitter account hacking services for a fee.
Kentucky Unemployment Faces Second Breach in 2020
Kentucky’s
unemployment system suffered its second data breach of the year last week.
The breach came to light after a user reported being able to view another’s
sensitive information while attempting to review their own. Officials are still
uncertain how the breach occurred or the exact contents of the information available
to the person who reported the incident.
Canon Suffers Ransomware Attack
Several services related to Canon,
including its cloud storage systems, fell victim to a ransomware attack that knocked
them offline for nearly a week. In addition to the offline systems, more than 10TB
of customer data were allegedly stolen and a ransom note pertaining to the Maze
Ransomware variant was identified. A large number of Canon’s website domains
were also taken offline, with an internal server error being displayed to site
visitors.
Havenly Interior Design Breach
A data trove containing roughly 1.4 million Havenly
user accounts were posted for sale on a Dark Web marketplace last week. It
included personally identifiable information of customers including names,
physical addresses and emails. The company’s official statement stated no
financial information was lost in the breach. While Havenly has recommended all
customers update their login credentials, the breach occurred well over a month
ago, enough time for affected customers to be subjected to identity theft or attacks
aimed at compromising further accounts.
Massive VPN Server Password Leak
The credentials for over 900 enterprise-level VPN servers
from Pulse
Secure recently appeared on a hacker forum known to be frequented by ransomware
groups. The plain-text information contains enough information to take full
control of the servers that are currently running a firmware with known critical
vulnerabilities identified within the past two months. The vulnerability that
allowed this breach, CVE-2019-11510, was identified and a patch was released
late last year. Many of the attack’s victims had neglected to implement the
patch.
Don’t expect cybercriminals
to go easy during a hurricane. Quite the opposite, in fact. Just like they’ve used
the coronavirus pandemic to launch COVID-related malware scams, hackers will
capitalize on the names and news coverage of hurricanes to disguise attacks. That’s
why now is a good time to review your cyber security posture and your overall
cyber resilience strategy. We talked with Carbonite VP of Product Management Jamie Zajac about how to
anticipate the types of adverse events that catch a lot of people and
businesses off guard. With the right protection in place, you can maintain
access to data during a hurricane – and all year round. You can start by
knowing what to expect.
Get woke to data loss
When most people think of data
loss, they think major disasters, like headline-generating storms and floods.
Of course, it’s important to anticipate highly impactful outages. But these are
far more rare than other causes of data loss. “It’s everyday scenarios that are
really common. Like leaving a laptop on an airplane, dropping a phone in the
river, or accidentally deleting a folder and having the recycle bin policies
expire,” Zajac says.
Another cause of data loss is
hardware failure. “Hardware has become more reliable,” Zajac says, “but you
never know when a hard drive will fail, a computer will be dropped or a
motherboard will crash.”
Since hardware has a finite
lifespan, failure is inevitable. When you’re considering how to protect devices
that store important data, Zajac recommends looking for a few key features:
Continuous backup (so you’re capturing changes as you
make them)
Online file recovery (so you don’t have to wait to buy
a new computer)
Whether it’s a lack of
awareness, the complexity of systems or the perceived difficulty of deploying protection,
too many people and businesses fail to protect themselves ahead of time. “We
often don’t think to make cyber security and data protection a priority until
it’s too late,” Zajac says. “For consumers and business alike, we see a ton of
inquiries about how to get data off a hard drive that wasn’t backed up. That is
way more time-consuming, expensive, error-prone and ineffective than having a
full cyber resilience and protection plan in place.”
“It’s never worth the risk of
being hacked,” Zajac says. “I’ve seen businesses struggle and even close when
they lose data, or their brands suffer because hackers have stolen their data.
As compliance requirements and privacy requirements evolve, more and more small
businesses face these risks.”
Hurricane checklist
Hurricane season is prime
time for system outages. But it’s also a useful reminder to prepare for the
unexpected. Here are three key steps you can take to form a strategy for
dealing with annually occurring threats, according to Zajac.
Anticipate your
office being unavailable – Like the physical
disruptions we’ve experienced with the COVID-19 pandemic, anticipate IT
infrastructure becoming unavailable. Can you run systems in the cloud? Can you
access a cloud backup quickly? DRaaS is a great solution for businesses susceptible
to hurricanes.
Back up
everything, not just some things – Many
people realize too late that they only chose to back up critical systems, and that
one of those “second-tier” systems is also necessary to run the business. It’s
better to have everything backed up than to be missing something. You can often
save costs by tiering your backups or having different recovery objectives for different systems. But don’t skip backing up some systems.
Test your
backups – Know whether you can
recover systems within the time required.
When it comes to hurricanes
and weather-related risks, specific security-related concerns should also be
considered. “It’s important to train people
on the protocols for when they need to work remotely,” Zajac says. “Generally
speaking, you should be training users on security best practices, whether they
are remote or in the office. But people are more distracted and thus
susceptible to phishing and social engineering when they are remote.”
If people need to work from
cloud workstations, personal devices or laptops, make sure they have a security
suite, such as cloud-based anti-virus and anti-phishing protection. Make sure you have
security software that doesn’t require people to be in the office. For example,
if you are relying on your firewall to block malicious websites, it won’t help employees
who are off the network. Use DNS protection
with roaming device security for these scenarios.
An all-of-the-above approach
Murphy’s Law dictates that
you’ll probably experience the data breach you’re not prepared for. Any form of
data loss can have bad effects. So, if you’re too narrowly focused on just one
threat, consider all the potential adverse events you could experience.
“Hackers are a constant
threat and can have really big impacts in terms of data loss, productivity
loss, compliance requirements, regulatory fines, brand damage and more,” Zajac
says. “A coffee spill is a constant threat,” she warns, “but the damage is
typically isolated. You still don’t want to rely on someone re-creating all of
your work if a coffee spill or other localized damage even occurs, especially
if it is the CEO’s laptop.” Zajac continues, “A hurricane is a rare and often
well-predicted event, but the impact can be catastrophic. You can’t wait for a
hurricane to build a plan.”
The good news is that a competent
IT consultant can help you build a strategy, and a good vendor can protect you
against many of these adverse events in one fell swoop.
Setting expectations
There’s no backup without
recovery. But how do you know if your recovery process is sufficient? It should
align with the objectives you establish before disaster strikes.
“On an endpoint, you can
typically get very fast file backup and recovery so that you only lose minutes
of data and all files are available online in a web interface for fast access,”
Zajac says. “For servers, you need to tier systems into mission-critical
applications and use a very low RPO solution, such as DRaaS. Non-mission
critical infrastructure can withstand a few hours or days to get running again.”
Zajac suggests doing an impact analysis. If a given system is offline, how much
will it cost your business?
Cloud considerations
It’s not just devices that
are worth protecting. Today, both personal and business users leverage the public
cloud, like Microsoft 365 and Azure, for much of their storage and computing
needs. A lot of people make the mistake of thinking cloud data is protected by the
vendor. But this is not the case.
“Microsoft cannot tell the
difference between accidental data loss and legitimate file deletions because
the content is no longer relevant. It’s up to users and company admins to make
this determination,” Zajac says. “Microsoft 365 credential attacks are on the
rise. It’s only a matter of time before someone creates or spreads ransomware to
Microsoft 365 native data. That won’t be a good day for anyone who doesn’t have
a backup in place.”
Next steps
Never let a good catastrophe,
or the threat of one, go to waste. Use this hurricane season to make sure you
have a robust cyber security and resilience plan. And not just for hurricanes,
but for all the ways you can lose access to data.
Nearly a week after the company announced they had suffered
a system outage, Garmin
has finally admitted to falling victim to a ransomware attack, likely from the increasingly
popular WastedLocker variant. As is the norm for WastedLocker, the attack was
very specific in its targeting of the company (even mentioning Garmin by name
in the ransom note) and took many of their services offline. Though Garmin has
confirmed that no customer data was affected, they are still unsure when their
services will return to full functionality.
Israeli Marketing Firm Suffers Data Breach
More than 14 million user accounts held by the Israeli
marketing firm Promo
were compromised in a recent breach. Subsequently, at least 1.4 million
decrypted user passwords were found for sale on a Dark Web forum, along with 22
million records containing highly sensitive information. The company has since
contacted affected customers and is pushing a forced password reset.
Netwalker Ransomware Targets U.S. Government Organizations
The FBI has released a security statement concerning Netwalker
ransomware attacks, which have targeted both U.S. and foreign government
agencies in recent months. Netwalker is known for exploiting remote desktop
utilities to compromise major enterprise networks. It also offers ransomware-as-a-service
to other cybercriminals. The best methods for blocking these types of attacks
is setting up two-factor authentication (2FA) and creating offline data backups
to protect in case of a successful breach.
Lazarus Hacking Group Branches Out to Ransomware
The North Korean state-sponsored hacking group Lazarus
has added ransomware to their latest attacks. Unfortunately for the group, the
ransomware variant they’ve chosen is inefficient at encrypting data, sometimes
taking up to 10 hours to fully encrypt a single system. These attacks are
similar to those targeting Sony Pictures in 2014 and those that affected the
2018 Winter Olympic games, both of which are suspected to have been conducted
by state-backed actors.
Nefilim Ransomware Begins Publishing Dussman Groups Data
At least 14GB of data belonging to a subsidiary of Dussmann
Group, a major German MSP, is being leaked by the operators of the Nefilim
ransomware variant. The operators have confirmed they were able to obtain
roughly 200GB of data from the subsidiary after discovering a still-unknown method
for compromising the network. Customers affected by the leak have already been
notified.
To try to fight the isolation and uncertainty brought on by
the COVID-19 outbreak, a few weeks ago we began what we’re referring to as
“Office Hours” on the
Webroot Community. It’s meant to be a forum where users can come together
and pose their COVID/cybersecurity-related questions to some of our experts,
and we try to help however we can.
The quality of questions and value of the dialogue were high
right off the bat. It’s proven to be an excellent reminder of the usefulness of
the Community in general. Some of the questions were even topical and popular
enough to warrant a deep dive.
“How can MSPs help their clients bounce back from these
challenging times?” is a good example.
As the question suggests, it’s not all bad being an MSP
right now. With many employees migrating to remote work, IT services are in
high demand. That could explain why, according
to a study by the RMM platform Datto, though about 40% of MSPs anticipate
cutting revenue projections for the year, 84% still say it’s a good time to be
an MSP.
There’s both opportunity and necessity in developing a plan
to help small business clients stay afloat in a flagging economy. On the
opportunity side, exceptional customer service can be a great way MSPs to stand
out in an industry with typically tight margins. On the other hand, if an MSP’s
clients’ tank, they will longer be around to need the MSPs services. So, the
ability to be an IT advisor for clients’ through tough times is intimately tied
to the success of the MSP themselves.
What follows are a few pieces of advice for doing that, but’s
important to remember that there’s no stock solution for bouncing back as a
business. Every client is unique and so are the pressures applied by the
coronavirus and subsequent economic slowdown. But here are some generic tips
for being your client’s go-to adviser for weathering the storm.
Set-up a virtual ‘discovery’ meeting to discuss
with them what their situation really is? This should be a (perhaps painfully)
honest conversation about the state of the business and what obstacles stand on
the way of then getting back to “business as usual.”
Devise an agenda based on the services you
provide today and the associated costs. Based on the client’s challenges (or strengths)
what is affordable what can maybe be minimized? Has the business direction
changed at all? Many SMBs may be looking to pivot considering COVID-19.
Aim to be flexible (while remaining profitable)
and willing to accommodate the period between their business restarting and
establishing a new normal. Ask yourself if taking a slight hit in monthly
income or margins is an acceptable sacrifice to make in order to help keep a
potentially long-term client afloat?
Next, work with a client to draw up a joint
“Recovery Plan” with a timeline for scaling back up the workload and
how you can specifically assist with their recovery. This may involve stressing
the costliness of a data breach, downtime, and other ways your services help
the clients bottom line suffering.
Finally, schedule regular client account reviews
(hopefully, you already have some version of these in place) to monitor
technology-related pain points and assist with addressing them as reasonably as
possible.
Economic recovery for small businesses will undoubtedly
entail some tough decisions. But doing everything you can as an MSP to assist
with that recovery by being proactive and establishing a common recovery plan
will lead to a much stronger business relationship in the future. Not to
mention establishing you as a trusted, reasonable business advisor for the life
of the relationship. So, take advantage of the opportunity of helping your
clients’ bounce back from this pandemic.
ATM manufacturer Diebold
Nixdorf has identified a malicious campaign that uses proprietary software to
“jackpot” the machines. The attack requires malicious actors to breach the ATM
manually and then use the software to force the machine to dispense cash at a
rapid rate, known within the industry as jackpotting. While these attacks don’t
seem to affect customer data or finances, the company is unsure how the
attackers obtained the proprietary software used in the scam.
Ransomware Locks Down Telecom Argentina
Telecom
Argentina is being extorted for over $7.5 million following a ransomware
attack last week. The hacker group REvil is believed to be behind the attack,
which may mean the stolen data is set to be posted on the group’s auction site.
Officials are still unsure of how the intrusion occurred, but it’s likely to
have stemmed from a compromised remote access point.
Maryland Health Services Breach Affects Thousands
More than 40,000 individuals may have had personal
information leaked after a ransomware attack on Lorien
Health Services in Maryland. The breach was discovered in June, but after
the healthcare provider refused to pay the ransom the hackers began publishing
the stolen data, which includes Social Security Numbers and other highly
sensitive information. Lorien was quick to notify affected clients and had
begun offering credit monitoring services to those affected within two days of
the attack being confirmed.
University of York Data Breach
The University
of York in the UK has learned of a data breach that occurred in May and
could affect a considerable number of students and staff. The breach itself was
enabled by a third-party service provider and contained personally identifiable
information on an unknown number of victims. While there is little the university
can do to contain this type of attack, it comes as another reminder of the
importance of supply chain data security and the knock-on effect of such
attacks.
Meow Attacks Target Vulnerable Databases
Dozens of unsecured databases from Elasticsearch
and MongoDB were wiped in a new malicious campaign that seems to attack
indiscriminately. Discovered within the last week, the Meow
attacks as they’re known appear to use an automated script to overwrite any
data in vulnerable databases and destroy any remaining data. This string of
attacks may encourage stronger security policies among previously lax database
administrators, but the lesson is costly for affected businesses.
