What You Don’t Know Can Hurt You: The Perils of Inadequate Cyber Security Asset Management.

cyber security asset managementWe’re often surprised at how frequently companies fail to adequately track their IT resources. But while tracking the life cycle of your IT devices is important to assure you maximize their value, it is also a critical safety issue. BYOD devices, mobile devices and third party cloud service providers only enhance the need for effective cyber security asset management.

A Wake Up Call

A recent, much read and passed around blog post from cybersecurity expert Daniel Miessler detailed many of the issues regarding lax cyber security asset management. Miessler wrote: “Asset management is arguably the most important component of a security program, but I know of virtually zero companies that have a single person dedicated to it.” He goes on to point out that, “Companies pay hundreds of thousands a year to keep snacks in the break rooms. They pay to send people to training and conferences that usually have very few tangible benefits … But pay 100K a year to have a list of what we’re actually defending? Nope.”

The Life Cycle of IT Assets

An IT asset life cycle refers to the stages that an information technology asset goes through during its time of ownership. Determining the current life cycle stage for each IT asset is a necessity for effective cyber security asset management and may look like this:

  1. Procurement. It should be a matter of course that, whenever an asset is purchased, it is recorded in your organization’s asset management system, and your IT devices and software should be no exception. Information should include model numbers, serial numbers, name of manufacturer and the department the equipment was purchased for.
  2. Distribution of assets. Recording to whom the assets are distributed, or redistributed, is the next necessary step to take for cyber security asset management. Many organizations lose track of who has what devices, and this can only get more muddled as employees leave, shift departments and so on. You’ll also want to tightly control what devices run which software assets; employees who have access to programs they won’t use or don’t need may only needlessly impair security.
  3. Maintenance and Upgrade. Software and hardware updates often have security patches (see our earlier post about the importance of patching). Each update or patch should be recorded, and verified. An organization should also record the last time a device was scanned or antivirus software run, or antivirus schedules.

Be thorough. In 2014, JP Morgan Chase overlooked one of their network servers when providing a security update. Hackers were able use this exposed server to steal data from roughly 83 million customers.

Maintaining devices also means making sure employees aren’t uploading or using unauthorized or unmanaged software. This software may be benign, or it could be an entry point for a hacker to invade

  1. A list of log-in users for each device. Even if a device is assigned to one specific employee, a device may be shared or passed around. Keeping a list of every user for each device can help protect them, especially when a staff member leaves, as a reminder their log in should be deleted.
  2. Disposal/Retirement. When a piece of equipment has run its course, don’t forget to verify that all the information on it has been wiped clean, so that company data is not vulnerable to hackers. You also may want to cancel or transfer licenses.

Keep in mind that cyber security asset management cannot be a one-time only chore; it’s success hinges on its continuity. You have to know when each asset changes hands, becomes outdated, needs updating and so on.

As cybersecurity company Compuquip says, “IT asset management is a lot of work—which may explain why so many companies fall behind on this critical task. But, the importance of asset management for your company’s IT components cannot be overstated.”

Let’s Get Started With Your Cyber Security Asset Management

Our recent blog post on cyber security monitoring stressed the importance of being proactive in keeping your organization safe form cyber threats. Cyber security asset management is a critical component of proactive security, and can be the difference between rebounding quickly after a cyberattack and not recovering at all. Understanding the importance of an active cyber security asset management system is a first and proactive step, but you also need to put that understanding into action. Single Path can help. We offer a wide selection of security offerings including infrastructure patch management, 24/7/365 network monitoring services, proactive desktop and server security and more.

Let us help get your asset management program started. Contact us for more information.

The Benefits of Proactive Cyber Security Monitoring

cyber security monitoring A business team can take a wait-and-see reactive approach to cyber security, delaying action until it is a victim. Or, it can play a proactive role in anticipating the risks, finding the weaknesses, and putting the processes in place that may prevent or soften a cyber crime from even happening. Cyber security monitoring is one such proactive move that can pay back an initial investment many times over.

Cyber security monitoring involves the collecting and analyzing of information to detect suspicious or unauthorized behavior or changes on a network, triggering alerts, and often taking automatic, precautionary actions. Think of it as a high quality security alarm. You can leave your doors unlocked and check every now and then to see if anything has been stolen and, if so, notify the insurance company. That’s reactive. Or, you can set an alarm and not only will you know when a break-in occurs, but the system can notify the police, lock doors, and stop the break-in its tracks.

Now, or never?

Even the most secure system can be broken into, and even the most experienced IT professional can leak a password. But with proactive cyber security monitoring you can find and respond swiftly to these mistakes, and threats. In contrast, a reactive cyber security policy leaves you vulnerable, and recovery can be slow. According to the Ponemon Institute, it takes an average of 191 days for a business to detect a hack. The consequences of being hacked for days, weeks or months before noticing it may be substantial, with data continuously compromised or leaked, used and shared across a broad network of cyber criminals. The immediate and long-term ramifications of such a delay is likely to far eclipse any cyber security monitoring investment. Just a few months ago for example, Marriott International announced their network had been hacked since 2014, and wasn’t discovered until September, 2018. Information from 500 million customers was compromised.

As one security industry company writes, “You need to assume that your business will be breached at some point and have appropriate monitoring controls and procedures in place to mitigate the risks.”

Cyber Security Monitoring Basics

Cyber security monitoring utilizes a variety of mechanisms to continuously keep tabs on network traffic, and then send out alerts or take action at the right moment. As international cyberthreat intelligence provider Blueliv reports, there are typically four stages to the lifecycle of a breach:

  1. Attempting to get the information, like passwords and network credentials (via phishing or other schemes)
  2. Collecting the information (from people falling for the schemes)
  3. Validating the information (to make sure the information works, often though an automated bot)
  4. Monetizing the information (selling it to a third party, using it to steal data, and so on).

With the right threat intelligence, however, an IT security team can step in and stop the lifecycle midstream. With cyber security monitoring, action can be taken while attackers are still attempting to validate the information, or before they’ve finished fully collecting it.

Proactive Help

From hackers to disgruntled employees, to outdated devices to third-party service providers, companies are routinely exposed to security threats, often from unexpected sources. Quick response time is essential, and automated, continuous cyber security monitoring is the key to fast threat detection and response.

At Single Path our proactive monitoring services have saved our clients countless times, not only from outside threats, but from a whole host of unexpected issues. For example, our proactive cyber security monitoring for the Chicago White Sox revealed signs of imminent failure within their Contact Center Server. We were able to apply a patch to the server before it failed, preventing any disruption to customer service. At Single Path, our 24/7 proactive cyber security monitoring and problem-solving are part of what make us an outstanding partner in the continual battle against cyber security breaches or issues, and is just one of our many IT as a Service offerings.

Contact us to find out more.

6 Ways to Improve Employee Cyber Security Awareness, for Businesses and Schools

According to Accenture’s Cost of Cyber Crime Study, the average cost of cyber crime in the United States reached $21.22 million per organization last year (compared to $17.26 million the year before). But you can’t depend solely on your IT department for your cyber security. After all, a chain is only as strong as its weakest link. Improving cyber safety means increasing employee cyber security awareness throughout your entire business or school.

Here are the 6 top ways you can get your employees on board to increase engagement and improve employee cyber security awareness.

  1. Education

Do your employees or staff know:

  • Working remotely using an unsecure Wi-Fi connection leaves computers vulnerable to attacks?
  • Using personal, unsecured devices for work can open the door to compromising an organization’s network?
  • What employees say and do on social media can be tracked by cybercriminals and used against them in the workplace?

Chances are, some if not all of those points may surprise some people on your team. Most experts agree that the #1 key to cyber security compliance at a business or school is educating staff on the risks. For example, in addition to the above bullet points, does everyone on your team know how to spot a Phishing email (see our earlier blog post, How to Spot a Phishing Email), or the risks of using a thumb drive (see our post, USB Security Risks: When Flash Drives Become Dangerous)? An educated team, with increased employee cyber security awareness, makes for a more secure organization.

  1. Assign Mandatory Training

Recently we came across an article in Forbes Magazine that recommended, “Employees and management from all industries should be assigned mandatory cyber security compliance training every year.” This requirement can be administered with computer-based training modules and tied into annual reviews. When implementing training you’ll want to ensure executive and management support, a way to measure success, and also consider incentivizing participation (for more information, check out our earlier blog post, We’re Only Human: The Importance of Security Awareness Training.)

You may want to work with an outside partner to implement training, such as Single Path. We’re well versed in educating and training staff in the most up-to-date cyber security best practices.

  1. Establish and Promote Simple Procedures

More often than not, employees are happy to follow procedures as long as they are aware of them, and they are easy understand. Create organization-wide procedures for your team to follow. Make sure they are functional, actionable and simple.

Once you have those procedures in place, figure out the best way to communicate them within the organization. Keep communication friendly, and avoid hard-to-understand cyberspeak. Says Ashwin Ramasamy, co-founder of marketing intelligence company PipeCandy, “We use comic book-like imagery and sci-fi and comic language in posters across the office that reinforces the message without being suffocating.” Choose a method of communication that will resonate with your team.

  1. Encourage Reporting of Incidents

The best-trained employees can still fall for a hacking ploy from time to time, such as opening a file or clicking a link without thinking. Even IT professionals fall for these tricks. But if a user feels foolish for falling for an attack, and are embarrassed, he or she is less likely to report it. Create a reporting system that rewards staff for reporting suspicious messages, and that allows them to share mistakes without penalty or stigma.

  1. Have Employees Manage Initiatives

Rather than protocols created only by management, make cyber security policy an employee-managed initiative. Create a committee with representatives from every department, and make it their responsibility to set procedure, communicate policy and enforce compliance. Department participation, where everyone feels included, helps ensure individual buy-in.

  1. Make Awareness a Part of New-Employee Orientation

Employees expect to learn rules and processes when they start a new job, and making cyber security a part of their new-employee orientation stresses its importance, and immediately lays the groundwork for your expectations. An employee handbook is also a great place to publish protocols and procedures.

Your Employee Cyber Security Awareness Partner

To implement an employee cyber security awareness program it helps to have a proven partner. Single Path has helped countless businesses, schools and other organizations create a robust, living program that connects employees and staff to best practices. We can help you create a functional and effective cyber-threat strategy for your school or business. Single Path Security offerings are extensive, collaborative and modern.

Ask us how to get started!

Five Top Cyber Security Threats for 2019

Cyber security concerns have been around for as long as there has been cyber-anything. The first computer virus was found infecting computers in the early 1970’s and the first malware author was convicted in 1988. Those early infections were primitive compared to today’s hacking threats, which continue to grow more complex and sophisticated. While it’s vital to be prepared against any contingency, no matter how remote, we consider these to be the top cyber security threats for 2019.

Cryptojacking Rising

Ransomware has grown by 350% according to a report by Dimension Data, and accounts for 7% of all malware. It has been reported that ransomware costs American businesses north of 75 billion dollars a year, with most attacks never publicly disclosed. The biggest increase in ransomware is expected to take the form of Cryptojacking, also known as “Cryptomining malware.” We discussed the problem of Cryptojacking in a recent blog post, in which we described how hackers can hijack computer processing power to mine cryptocurrency. We expect these cyber security threats for 2019 to continue to grow.

Software Subversion Expanding

As Security magazine reports, “While exploitation of software flaws is a longstanding tactic used in cyber attacks, efforts to actively subvert software development processes are also increasing.” In other words, the software you download may be infected, giving hackers a back channel into an entire network. Malware has even been detected in open source software libraries. Another variant is this: hackers may offer software that is spelled slightly different than a popular application (such as adding an “s” or leaving out a letter), with the only other difference being the inclusion of malware. So be careful what you download, even if it’s from a seemingly trusted source.

Cybercriminals Uniting

One of the top cyber security threats for 2019 is due to the expanding resources available to cybercriminals. Historically, many cybercriminals have worked alone, or in small groups. That’s starting to change. The proliferation of hacker forums and chat groups have launched a robust black market where cybercriminals buy and exchange malware, botnets and other criminal resources. The availability of these rogue offerings means that even inexperienced, or less able, hackers can launch sophisticated attacks. These “malware-as-a-service” opportunities will only continue to grow, which will result in an increased number of cyberattacks, especially in regards to identity and credit card theft. If you think the threats are numerous now–and they are–an aggressive and nearly overwhelming wave of attacks may be on the horizon.

Synergistic Threats Increasing

GandCrab has been in the news frequently. Discovered in January, GandCrab is a ransomware Trojan horse, encrypting files on a computer and then demanding payment to decrypt them. Just recently, the group behind GandCrab has targeted users visiting adult websites, asking for money to keep silent about their potentially embarrassing visits. This, however, is just a ruse to mask their real intent. When a user clicks on the email link, he or she inadvertently installs the GandCrab ransomware onto his or her computer.

GandCrab has grown to be so large, they are actually soliciting cybercriminals to partner with them. As McAfee reported, “At the end of September, the GandCrab crew started a ‘crypt competition’ on a popular underground forum to find a new crypter service they could partner with.” This will let the GandCrab organization expand its criminal activities in new, unforeseen, ways.

In 2019, many experts, including Security magazine, predicts attackers will continue to combine tactics to create multi-faced, or synergistic, threats. To combat them, organizations will also need to synergize their defenses.

Social Media Misinformation Mounting

The proliferation of Russian-originated Facebook pages influencing the 2016 U.S. presidential elections has been well documented by news sources across the world. So it shouldn’t be a surprise that cybercriminals are eyeing social media as offering rich opportunities for criminal enterprise, with posts and pages displaying an impressive degree of professional-looking design for dishonest purposes. Botnet operators are able to test messaging just like a marketer, including the use of hashtags, to determine the success rates of their misinformation.

Social media platforms are aware of the potential abuse, and are focusing their resources on stopping it, but with so many users, and so much data available on sites, criminals will further focus their resources on these big-scale platforms.

Protect your business from the Cyber Security Threats for 2019

These five cyber security threats for 2019 are just the tip of the iceberg. There are many more threats out there, many of which we may not even be able to imagine yet. The only thing an organization can do is to be prepared with smart, sophisticated technological resources and by adhering to best Internet safety practices. Consider Single Path your partner in anti-crime. Single Path Security Offerings run the gamut from employee training to insider threat solutions. We’ll help you be prepared for the cyber security threats for 2019 and also those still to come.

Ask us how to get started!

Six Steps to Creating an Effective Business Continuity Plan

You take all the recommended cybersecurity precautions. You back up. Your staff is trained on processes. You have firewalls in place, passwords that are hard to decipher, and the most recent security patches in place. Yet, you still worry. You’re not alone. According to a recent survey, businesses ranked cyberattacks as their #1 threat, with data breach a close second. But if you are victimized by a cybersecurity incident, what do you do now? If you have a business continuity plan in place, the answer to that question is easy: follow the business continuity plan.

A business continuity plan is not the same as a disaster recovery plan, although they have a lot of similarities. As CIO magazine explains, a BC plan is about “maintaining business functions or quickly resuming them in the event of a major disruption,” while DR “focuses mainly on restoring an IT infrastructure and operations after a crisis.” In other words, DR is specific to IT, while a business continuity plan is concerned with the continuity of the entire organization (we discussed the six things you needed to include in your disaster recovery plan in an earlier article).

When you create your business continuity plan, make sure you take into account these six criteria:

  1. Conduct a business impact analysis

As Ready.gov reports, your business continuity plan should start with a complete analysis of the consequences of a business disruption and can include:

  • Lost sales and income, or delayed sales or income
  • Increased expenses (e.g., overtime labor, outsourcing, expediting costs, etc.)
  • Regulatory fines
  • Contractual penalties or loss of contractual bonuses
  • Customer dissatisfaction or defection
  • Delay of new business plans

Your Business Impact Analysis should also detail various risk scenarios and prioritize the order of events for restoration.

  1. Get everyone involved

If you are making the assumption that IT security is solely the responsibility of the IT department, think again. Your entire organization should be working together to protect its data and systems. Consider holding a brief workshop on IT security, create a business continuity management committee with members within and outside the IT department, and consider the impact and recovery on each member of your staff.

One crucial area of involvement is with your leadership team. As reported by Disaster Recovery Journal, it’s important for executives to support a culture of collaboration and to be transparent. “If executives support a culture of transparency, people will be more willing to reveal and troubleshoot problem areas in your organization’s processes. Down the road, this could help the organization mitigate a major vulnerability.”

  1. Establish work-arounds

Ready.gov paints this scenario: “Telephones are ringing and customer service staff is busy talking with customers and keying orders into the computer system. The electronic order entry system checks available inventory, processes payments and routes orders to the distribution center for fulfillment. Suddenly the order entry system goes down. What should the customer service staff do now?”

Developing manual workarounds eliminates uncertainty. For example, listing contact personnel (along with phone numbers and contact information) and providing specific details, such as how to document transactions manually, gives your team direction. You may need to reassign staff or even bring in temporary assistance if systems fail. How will you do that? Plan it all out now in your business continuity plan.

  1. Keep data on the cloud

The best way to ensure your business can continue to run, is by backing up all your data on the cloud. A cloud service ensures that an organization’s critical data and processes are secure off-site. An organization can then quickly ramp up their systems in the case of a disaster. If you’re not already on the cloud, check out our earlier posts, 12 Reasons to Move Your Business to the Cloud and 9 Facts to Know About the Risks of Moving to the Cloud, and How to Manage Them.

  1. Ready crisis communication efforts

How prepared is your organization to quickly and effectively respond to and communicate with the public—and each other–during or after a cybersecurity incident? If you are hit by a breach, you may need to issue statements to the press, customers, partners, vendors and staff. We recently posted an article about emergency communication preparedness, in which we stressed the importance of drafting some templates that cover various scenarios. As we wrote: “it’s faster and easier to tweak a message than to write one from scratch for a multitude of mediums, and even multiple languages, if needed.”

  1. Test your business continuity plan

The time to ensure your business continuity plan is effective is before you need it. Is it comprehensive? Are there gaps? For example, are contact phone numbers correct? Are you able to restore data from the cloud without significant barriers or challenges? Since the network may be down, are there hard copies of the business continuity plan, and are they distributed to all the members of the team?

As suggested by CIO magazine, testing options for your business continuity plan include a table-top exercise in a conference room with the team looking for gaps, a structured walk-through or “fire-drill,” often with a specific disaster in mind, and disaster simulation testing in which an actual disaster is simulated involving all the equipment, supplies and personnel (including business partners and vendors) that would be needed.

  1. Call Single Path

While all the steps above are important there’s a seventh step that may be just as vital: call an outside partner like Single Path. As experts in cloud services, IT security solutions and more, Single Path works with businesses, schools and other organizations to protect them from cyberattacks and help them recover when they’re hit. Planning, monitoring and adhering best practices go a long way to protecting your customers or clients, team members, vendors and your own business. Calling a partner like Single Path, and getting your business continuity plan published, are important first steps.

Ask us how to get started!

How to Spot a Phishing Email

Business organizations and schools are under cyber attack. Just this past week, it was reported that the FBI uncovered a phishing email scam aimed at stealing funds from New Jersey state employee online payroll accounts. The emails requested employee login credentials, which the criminals could then use to redirect an employees’ direct deposits. A similar ploy was recently directed at school employees in Atlanta, and the FBI Internet Crime Complaint Center (IC3) has issued a public warning about phishing email payroll fraud.

The Telltale Sign of a Phishing Email

A simple request to confirm login data, such as in the recent New Jersey state employee scam, may seem legit at first glance. Often these emails may seem to come from the organization itself, a vendor or software provider, or another trusted source. Some of these phishing email schemes are amateurish, but others are more sophisticated and harder to detect. Here are some signs an email may not be on the up-and-up:

  • Subject lines that seem “too good to be true.” They probably are.
  • Subject lines that make threatening statements. Common phishing subjects are “Your account is about to close,” or “Final Warning.”
  • Non-personalized, generic introductions. Look for terms like “Hello Valued User” or “Attention Client.”
  • “From” addresses that may be misspelled or misconfigured. For example, the email may come from someone @ “company-corporation” or “cmopanycorporation” instead of “companycorporation.”
  • Direct links. Always go directly to the source rather than clicking on an email link, or hover over the link to check the actual long-form URL, and not the shortened version displayed in the email text. You may be surprised to see where the link is actually pointing.
  • If you’re not sure, follow your gut. A phone call or personal email confirmation to a colleague or vendor may not only confirm if an email request is on the up-and-up, but alert someone their email might be hacked.
  • And in all cases, never open unexpected attachments, which could have viruses or malware attached.

The FBI also suggests, in response to the New Jersey phishing email scheme, these additional precautions:

  • Employees should forward suspicious requests for personal information to the information technology or human resources department of their organization.
  • Ensure that login credentials used for payroll purposes differ from those used for other purposes, such as employee surveys.

Happy NCSAM

This month (October) is the fifteenth annual National Cybersecurity Awareness Month, an annual initiative to raise awareness about the importance of cybersecurity.

There is plenty of information you can find in support of NCSAM, but one report we found particularly helpful was the Cybersecurity Awareness Toolkit for Small and Medium-Sized Business, as published by the Cyber Security Alliance, Facebook and MediaPro. This toolkit includes a great deal of information on how to identify phishing email tactics.

The toolkit also splits organizational emails into three general buckets, with warnings on why these groups may be targets:

General Population Phishing. The best way into an organization’s network is through its employees, especially when their level of alertness to cyber crimes may be uneven.

HR Manager. HR professionals must be particularly wary when it comes to phishing emails seeking personal information, as they are often the keepers of employee tax and health documents.

Executive Phishing. As privileged users, many executives have greater access to an organization’s network, making them particularly attractive phishing targets.

Whether someone is on the top rung or still climbing the company ladder, their awareness of phishing email techniques can make a big difference in the security of an organization.

Phishing, Solved

We recently wrote a two-part blog post on phishing, and the most common techniques hackers are using to steal your information (check out our phishing blog post part 1 and phishing blog post part 2). Among those techniques we described were phishing email schemes, just like those in New Jersey and Atlanta.

No matter what phishing technique is used, everyone always thinks, “It won’t happen to me,” or, “I’m too smart to fall for that.” But even the best of us can make a mistake. So, what do you do when you mess up, or someone at your business or school organization does?

Contact Single Path. At Single Path, we are experts on beefing up your online security to protect your organization from malicious schemes including employee training of best practices, proactive desktop, server and network infrastructure patch management, and the installation of backup protection. We are also experts at helping you rebound from an attack or natural disaster. With Single Path Security offerings you have access to a wide range of collaborative and customized protective services. Let us help you avoid being victimized. After all, falling prey to a phishing email scheme is a mistake, but doing nothing to prevent it from happening may be an even bigger one.

Ask us how to get started!

How to Create Your School Cyber-Threat Strategy

Cyber-threats are on the rise in our school districts, which often lack the resources to protect themselves, the training to use the resources they have effectively, and even the knowledge to identify which resources are needed.

We wrote about the cyber-threats facing schools in our last blog post. But these problems are epidemic to school districts across the country. As reported by technology and digital learning news source Edscoop.com, “A recent trend in cybercrime indicates that online attackers are increasingly targeting a demographic they know people will rush to protect: K-12 students.” The article details more than three dozen large-scale breaches of student data from cybercriminals from January through October, 2017.

The risk of a cyberattack will only continue to grow, so establishing a holistic cyber-security strategy is critical. Any strategy should include the following elements. Many of these are highlighted in a recent document published by the Council of the Great City Schools, an organization comprised of 70 of the nation’s largest urban public school systems.

1. Physical Security and End-Point Security

On-premises security isn’t only needed to protect students, but the network and computer devices housed inside the school. Using a school-owned computing device is often the easiest way to get access to confidential information. Data centers and control rooms need be locked and monitored. Classroom or office equipment may also be vulnerable to theft, so modern, video surveillance can be a powerful tool, as is locking away machines when not in use, and carefully tracking equipment and reporting lost devices promptly.

2. Employee Training and Network Security

Your network is only as secure as the staff who uses it; an unsecured password can be all a cybercriminal needs to get into your network and see, abuse or share sensitive information. Employee training for proper security protocols is critical for network security, especially for staff who use personal devices in 1:1 environments.

Monitoring who has access to information is also a critical component of network security. As reported by the online security and risk management magazine CSO, “Given the high volume of users entering and exiting a school’s network, establishing the means to identify who can and can’t gain access and which resources they have access to is crucial. For effective cybersecurity, schools should use solutions that can easily identify users and then dynamically assign access to network segments accordingly.

3. Application Security

Hackers can also gain access to your systems directly through your software applications. Downloading and installing regular updates and patches are critical, as we reported in a recent blog post detailing a Cisco networking hack that cut off Internet access and infected more than half a million devices. In that case, those who did not download security patches were left considerably more vulnerable. For that reason, your staff should only use software from trusted sources.

4. Cloud/Data Center Security

With schools moving more and more towards cloud-based solutions, the security of their cloud-based data is a critical component to security. We have touched on the advantages of using cloud computing in a number of past blog posts, including “12 Reasons to Move Your Business to the Cloud”. Cloud computing makes accessing information easier, but demands strict security processes and protections. Still, the benefits far exceed the risks (for many of those risks please see our post, “9 Facts to Know About the Risks of Moving to the Cloud and How To Manage Them”) as cloud computing provides significant back-up security should your data be destroyed or become inaccessible due to disasters both natural and hacker-made.

At Single Path, we are well versed at working closely with school districts to determine their vulnerabilities, providing solutions, and even training staff to ensure policies and protocols are understood and followed. We’re always eager to discuss our many products and services, including Security Solutions and all our Managed/Cloud Services. Let us help you chart a more secure and safer path for your organization.

Ask us how to get started!

Is Your Cisco Network Hardware Leaving You Vulnerable?

Recently, Cisco Systems made the news, but not the sort of news any Internet-related business wants to make. Their network hardware was hijacked, and hundreds of thousands of their customers were victims.

As this blog post from Kaspersky Labs reported right when the attack hit: “According to our sources, there’s a massive attack against Cisco switches going on right now—these switches are used in data-centers all across the globe.”

For those on a Cisco network, this was, and continues to be, a frustrating and potentially nightmarish issue. For those who don’t use Cisco networking switches, this event is a reminder that vulnerabilities exist everywhere, and constant vigilance is crucial.

What exactly went wrong?

More than 200,000 Cisco network router switches worldwide were hacked on Friday, April 6, 2018. This affected large Internet service providers and data centers across the world, especially in Iran, Russia, the United States, China, Europe and India. According to an Iranian government official, “Some 55,000 devices were affected in the United States and 14,000 in China.”

As a result of this hack, many users found their Internet connections blocked, websites down, and screens showing an American flag and the note, “We were tired of attacks from government-backed hackers on the United States and other countries.” It seems machines affected in the United States were collateral damage from an attack meant to hit foreign states. Anarchic hactivists are suspected, although no one has been charged.

Mounir Hahad, head of Juniper Threat Labs, a network and security product manufacturer confirmed initial suspicions when he said, “The vulnerability is severe enough to cause a lot of damage and implant a man-in-the-middle agent [a scheme we discussed in a past blog post], but it doesn’t look like the attacker took advantage of it. I suspect this is the work of a hacktivist group with sympathy toward the U.S., which had no intention to inflict serious damage.”

So, good news, we suppose. But it’s only good news compared to what may have been much worse news. A different group could have caused significantly more trouble such as inserting malicious code into networks, locking users out of systems unless ransomware was paid, and so on. And this could still happen. Cisco acted quickly in response to this problem, but there may be other vulnerabilities still yet unfound or exposed. One hacker news site reported that, according to Internet scanning engine Shodan, more than 165,000 systems were still vulnerable days after the attack. Those who didn’t update security patches may still be.

What can you do now?

If you think your system may have been infected, there are a few steps you can take to check. But even if you’re safe, for now, you may be exposed to other vulnerabilities in the future in unexpected ways. Single Path can help you build up your defenses, protect your systems, and help you rebound if you face a malicious computer attack.

As this story demonstrates, patching is critical for all IT assets, including networking components. Single Path provides a wide range of services, from security offerings like Patching, Desktop Security Risk Assessment and Managed Firewall, Content Filtering & Proxy Services, to consulting services so we can analyze your needs and provide ongoing support and advice. Doing nothing is never a good idea; instead, play it safe and play it smart with Single Path.

Ask us how to get started!

 

The Newest Cyberthreat: Cryptojacking

Cryptocurrency, and in particular Bitcoin, has been in and out of the news recently as the volatility in its value elevates investment fortunes one week and then sinks back down to earth the next. With the rise of this unregulated currency has also come a new, and unexpected threat: cryptomining hacking, also known as cryptojacking.

In order to understand this new problem let’s try to first answer the question:

What Is Cryptocurrency Anyway?

Cryptocurrency is a form of money that, instead of existing in physical form, only exists digitally, on computers. Many people once thought the formation and use of digital money was basically impossible. But cryptocurrency proved the naysayers wrong, with a monetary system that allows for an easy and secure way to track spending, keep accounts and balances, and record transactions—making it shareable and secure. Bitcoin was the first and is still the most well-known cryptocurrency—it was created in 2009—but is only one of more than one thousand cryptocurrencies available worldwide (See a list from Investopedia.com that includes the most common Bitcoin alternatives including Litecoin, Ehereum and Zcash).

Bitcoin has reached a fairly impressive level of acceptance. It is accepted by a wide range of merchants, both online and brick-and-mortar, including Overstock.com, Whole Foods (via a purchased gift card), Expedia.com and even a Subway restaurant that immediately converts bitcoin to cash (Check out this list of companies that accept bitcoin).

How Bitcoins are Created —A Very Basic Primer

What makes Cryptocurrency unique is that there is no physical form to it, is not backed by any specific value (it is not backed by gold, for example), and there is no central bank that controls it. Yet is used in hundreds of thousands of transactions a day.

Cryptocurrency is made possible because of peer-to-peer technology plus public and private-key encryption. We described public and private-key encryption in our last post on encryption. As described on the website BlockGeeks.com: “cryptocurrency like Bitcoin consists of a network of peers. Every peer has a record of the complete history of all transactions and thus of the balance of every account. A transaction is a file that says, ‘Bob gives X Bitcoin to Alice’ and is signed by Bob’s private key … After signed, a transaction is broadcasted in the network, sent from one peer to every other peer. This is basic p2p-technology.” In other words, after a transaction is completed, it is made known to the entire network, making it impossible to be changed or manipulated after the fact.

The actual process of creating the cryptocurrency ledger is a little more complex than the description above, and this complexity is extremely important: before the transactions are added to the ‘ledger’ they are sent to a miner, who is someone who decrypts and verifies cryptocurrency transactions, and then publishes them. For this service they get paid in cryptocurrency. In fact, that’s how new cryptocurrency is created—by payment to miners for validating transactions. There are a reported 50,000 to 100,000 active miners.

As Forbes explains, “Some mine to engage in a unique kind of hobby, or for sheer profit. Others do it because they believe in the principles behind a certain coin and in what the developers intend to do with it. The reasons you have are yours.”

Quite a bit of processing power is needed for cryptocurrency mining. This helps reduce the number of people who can effectively mine cryptocurrency, and also how much any single person can mine, and this is what has created a new hacker scheme: crypto-mining malware (or cryptojacking malware). This is malware used to hack into someone else’s hardware in order to use their computer power to mine cryptocurrency.

The Threat of Crypto-Mining Malware

According to an article on the MIT Technology Review, “the practice of surreptitiously mining cryptocurrency on other people’s hardware is becoming pervasive, overtaking ransomware as a tool of choice for extorting money online.” Hackers can use cell phones, individual desktops and laptops, or the networks of an entire organization.

Cybersecurity firm Check Point, in its regular Global Threat Index revealed that Coinhive, a piece of software that uses processing power on someone’s device in order to mine cryptocurrency, has become the most prevalent form of malware on the Internet, and Cryptoloot, another piece of cryptojacking malware, is now the third most prevalent. Check Point also says that cryptojacking has “affected as many as 55 percent of organizations globally.”

By using more computer power, someone can mine more and more data, getting paid with more and more cryptocurrency, which at the same time slows and clogs network processing power, sometimes considerably.

How Can You Prevent Cryptojacking?

Keeping your network safe and free of hackers is a 24-hour job, and you need a partner who can help keep them out, as well as protect your data. Single Path is an IT consultancy and technology provider who can manage your IT needs from top to bottom, beginning to end, including ensuring top security protocols are in place. For example, our Single Path Security offerings include proactive infrastructure patch management, data loss prevention solutions and vulnerability assessments. We’ll help keep your organization safe from hackers, and much more.

Ask how we can keep you protected!

Phishing Part Two: Six More Techniques Hackers are Using to Steal Your Information

In the first part of this two-part post, we detailed some of the most common phishing techniques currently used by hackers, including email phishing, smishing and content spoofing. Here are some additional schemes you should be aware of.

Spear Phishing

Traditional email phishing uses a “spray and pray” approach—sending as many emails to as many people as possible. Spear phishing, on the other hand, is a targeted attack in which the hacker goes after a narrower audience: an individual or a specific organization. With a little research on the person or company, a phishing attack is much more likely to be effective and manipulate a user into divulging private information. An email may appear to come from a supervisor, such as the CEO of a firm, or someone of authority.

Keystroke Logging

Keystroke logging is the act of recording the keys struck on the computer keyboard—the information is then sent to hackers to decipher passwords and other types of information. Keystrokes can be captured in many ways. For example, there is hardware that can covertly identify keystrokes by sound and repetition of keys, and some hardware can capture data as it is exchanged between wireless keyboards and its receivers. There are also viruses that can infect your system and transmit keystroke data directly to hackers. Smartphones are particularly vulnerable to keystroke logging—keystroke logging software is relatively common and easy to purchase online.

Some websites provide options to use mouse clicks to make entries through the virtual keyboard, as a way to combat keyloggers.

Malvertising

Malvertising is a form of advertising that may look legit, but contains active scripts that download malware or unwanted content onto your computer. Generally, the advertising network or website is unaware they are delivering malicious content. Any visitor visiting a site risks infection. Sites that have carried malvertising include the New York Times, the NFL and AOL.

How is that possible? Explains the Center for Internet Security, “Many websites, especially large ones with several hundred thousand users per day, rely on third party vendors and software in order to display its ads, which in turn reduces the direct oversight and the amount of vetting that takes place. This automation makes online ads vulnerable to malvertising.” Since ads on a webpage constantly change, one visitor can be infected, but the next ten people who visit the exact same webpage, are not. This makes it difficult to track the source.

Many malvertising schemes manipulate vulnerabilities in Flash. While there is no full-proof way to escape infection, disabling Flash will limit the risk.

Search Engine Phishing

Just because a site appears on your next Google or Bing search, doesn’t mean it’s safe. Malicious sites can take advantage of search optimization the same as legitimate sites. Some product sites are designed solely to entice users with low cost products or services, but merely exist to collect credit card information. These sites include fake bank websites offering low-rate credit cards or loans.

Man In The Middle

This is one of the more sophisticated phishing techniques. A hacker intercepts communication between two systems, usually between a consumer and an authentic website. The hacker can trace the details of a transaction, reading emails and gathering financial or personal information without the user being aware of the hacker’s presence. Often, a hacker will modify a message in order to gain confidential information, but it appears as if the two parties are still communicating normally.

There are ways to thwart such attacks, or at least make them more difficult, including email encryption and implementing certificate-based authentication on your, or your organization’s, computers.

Social Media Phishing

With the popularity of social media, it should be no surprise that a number of phishing schemes have been developed to take advantage of these sites. One example is “angler phishing,” named after the anglerfish which uses a glowing lure to attract prey (you may remember this fish from a scene in Finding Nemo). With this phishing attack, a fake customer-service account is posted, such as one from a bank or retailer. Their clients share personal data, convinced they are communicating with staff from a trusted company.

In fact, according to Internet security company Fraud Watch International, there was a 150% increase in social media phishing between 2015 and 2016 and that “In 2015, a study showed that of all the social media accounts supposedly owned by renowned brands across various industries (such as Amazon, Starbucks, Chanel, Nike, BMW, Shell, Samsung and Sony), 19% were fake.”

We Stand With You

No one can be smart all the time, and hackers continue to develop new strategies and tools to slip past even the most observant of users. A partner like Single Path can help. We can train employees, establish procedures and protocols, and both install and maintain the software and hardware you need to guard against the majority of attacks. We can also provide guidance if or when your security is breeched. With Single Path Security offerings you get a security leader and extensive, customized services.

Ask us how to get started!