One of the world’s biggest video game companies has had two incredibly major bugs this month and it can kill your organization’s security if you don’t have the right policies in place.

Most organizations we bring on initially have a fuzzy line around what’s “work” equipment and what’s “personal,” and what can be used for what, the result is an insecure environment. On business machines, there is typically a security standard that is in place, a set of policies and procedures set by management and rules (set by IT) to keep the bad guys out and your confidential information inside. Personal machines typically have virtually none of this. security

If your organization allows business information on personal machines or personal use of business machines you’ve opened up the door to attackers. To use the video game example, this company doesn’t seem to count an entire category of bugs important enough to fix. If they sold to businesses, they would never get away with it. If you let your employees install this video game software on your computers, however, you just did. If you allow your employees to access your company information from their personal machines, you also just did.

It’s an easy fix: put in place a written policy that only allows access to confidential information from secured, company-owned machines.

BIG WARNING: Execs usually want to be exempted from these rules. They also typically have the MOST access to the most CONFIDENTIAL information. Then THEY become your biggest risk, and TARGET.

Policies are abstract and don’t often change. They are defined by specific procedures that change as your business changes (“our external IT partner will provide you with a work laptop from which you can access company information”) and enforced by technical rules (i.e., your MSP provider blocks access to company information from machines without your security policy in place).

Even if you can’t get all of your rules and procedures in place today, define and communicate your policies. The security of your organization depends on it, and your security is no less than your future.

Need help? Call us today: 865-240-2716.

One of the newest ways to get past email defenses is getting the least amount of attention: the changing link. Here’s how it works:

The Bad Guy emails one of your employees an email “from” your CEO/President whatever with a link that looks something like https://www.dropbox.com/ImportantShare but it goes to http://bit.ly/325JnYX (feel free to click those links!). This link intentionally is a redirect: it will take users from one URL to another, it has common legitimate uses.

At first, http://bit.ly/325JnYX goes to a harmless site, maybe Google, and gets past your email defense filters as a result. However, a few minutes later the Bad Guy changes it to go to a site that they control that phishes, distributes malware, whatever technique that they want to use to get into your organization. When you user clicks the link, it now goes to the bad site.

What do you? These new Bad Guy techniques require new tools to defend your organization and your data, tools that are always up-to-date with real-time information and that don’t check things only once — like your current email defenses — but do so continually.

Fortunately, there are new defense tools available for SMBs. If you are interested in understanding the options feel free to set up an appointment with us, info@jmaddington.com or 865-240-2716

Earlier this week ZDNet profiled an incredible exit strategy of one of the largest Ransomware operators of the last 12 months, GandCrab.

Setting aside irony, the professionalism of the operation should catch the attention of any business owner. The operators have a Software as a Service (SaaS) business model, complete with online forum support for paying customers. They send out private emails to current customers about plans in change of service, including advising their customers to get their victims to cash in before it is too late. They are shutting down their service after claiming to have made and successfully laundered $150m.

Also, the operators plan to delete the decryption keys, so without a backup victims will be toast.

So what are the takeaways?

  • Ransomware has graduated to the level of truly organized crime: these are teenagers in their parents’ basements
  • The industry is so profitable AND competitive so as to have a “B2B” sphere, complete with customer support
  • It was true a few years ago that ransomware operations were largely opportunistic: today the money involved means you are an active target
Baltimore, MD had a crippling ransomware attack in 2019

Baltimore has been crippled by ransomware. Over 70% of attacks now actually target small and mid-size businesses. There are 3 simple things you can do to avoid catastrophe.

1) Assume it will happen to you, 2) plan on it happening to you, 3) test your plan.

A hacker wants some bitcoin

” Hi, your account was hacked!”

Read more
Managed Services can help prevent phishing fraud

A university just paid $12m to a fraudster. Prevention would have been easy. Read more

JM Addington Technology Solutions provides managed services to Knoxville, Knox County, Lenoir City, Loudon County and surrounding regions

The News Sentinel is reporting that Knox County computer systems were breached the night of the primary. It was a two stage attack, complete with with a distraction. Here is the short version.

First, the website to report election results came under a distributed denial of service (DDoS) attack. The bad guys sent more traffic to it than it could handle. This is remarkably easy to do today, as multiple services on the dark web will allow you to purchase attacks against websites of your choice. This attack, while real, wasn’t the target, it was just meant to draw IT’s attention away from the core infrastructure and servers.

Sword and Shield, a Knoxville based security company, was contracted to investigate the incident. Their official report says that logs indicate an attempt to access the database sitting behind the webserver. Further testing revealed that there was a security hole that was active on election night, although it would not have been possible to tamper with the election results remotely.

Double staged attacks like this are very common today: as noted above it’s easy to start a DDoS attack against a website, which is highly noticeable. It quickly draws away the top level talent in an organization to deal with it while hackers attempt to quietly infiltrate in a different route. It’s the digital equivalent of setting a paper bag on fire on the front porch and then going and breaking in the basement window. The fire is meant to be noticed.

It’s fortunate that the election results were not tampered with, and the Knox County appears to have done a great job designing the voting system to make hacking it very difficult. This would be a good time for them to look at prevention on website attacks as well.

Further Reading

NPR

Sword and Shield Report

Huffington Post

WBIR

TechCrunch

Atlanta, GA suffered a serious ransomeware attack in 2018 and it cost them.

ZDNet reports that Atlanta budgeted approximately $2.6 million to recover from their ransomeware incident earlier this year.

This is a small figure as far as ransomeware recovery goes. It excludes the cost of lost productivity, not just city employees but anyone who couldn’t get work done that day because of the incident. Think of contractors, plumbers, etc. waiting on permits, anyone trying to file business taxes, etc. The true cost of the incident to the city is something far north of the reported figure.

It’s also a clear example of why all organizations need backup now, not later, emergency plans for incidents like this, including how to recover when you get hit. Finally, until you’ve tested your backup and recovery procedures you can’t be sure that they work.

More from ZDNet, Atlanta procurement,

Even managed service providers run into scams, this is an article about such a scam

This afternoon one of our technicians was chatting with a legitimate support rep from a well-known vendor. The support rep correctly said that he could not help with the issue over web chat but to call 855-785-2511. When our technician called it was clearly a scam company behind the operation:

  • They wanted to charge for free support
  • They wanted to use remote tools that this vendor does not use
  • They didn’t have a clue on how to solve the issue

This post exists just to serve as a warning to others that 855-785-2511 is clearly a scam phone number.