What Happens If I Click on a Phishing Email: The Cost of a Click

What Happens If I Click on a Phishing Email: The Cost of a Click

Reports for 2020 so far have shown a drastic uptick in the number of malware caused by phishing emails. Here’s what happens if you click on a phishing email, and the potential cost of clicking on a phishing email. 

what happens if i click on a phishing email

What Happens If I Click on a Phishing Email?

Most of us have been there. Ah! I just clicked on something and it may have been a phishing email. Here are the quick steps to take if that happens to you:

  1. Disable WiFi/Disconnect from the internet. Contact your IT support team for directions if you are on a corporate network.
  2. Save any personal documents. Use a trusted USB thumb drive or external hard drive to avoid going online to backup.
  3. Scan your computer for malware. If you have an anti-virus installed on your computer, it should have prevented any malware from being downloaded. It is smart to scan your computer just to be sure.
  4. Change passwords. Usernames and passwords are an easy sale on the dark web. Many people use the same passwords and once sold to hackers; you are giving them easy access to your sensitive data. Change your passwords on all highly sensitive personal and corporate connections.

Once you feel it is safe to go back online, consider taking the next 11 steps in our Remote Workers Guide to see if you have been compromised online, how to check, and what to do from there.

Download the Remote Workers Guide here. remote workers guide

We also discuss how Cybriant can help prevent malware from executing with our MDR – Managed Detection and Remediation Service. This service has grown vastly in popularity based on the increase in remote workers. It is a simple service that will protect your corporate data by monitoring endpoints on a 24/7 basis. Check it out here.

Will That Click Cost You Thousands?

June 2020 showed a two-fold increase in the reports of malware activity. The report from an antivirus provider showed that:

Adware and malware installers still made up the majority of detected threats. Email traffic was still dominated by the programs that exploit vulnerabilities in Microsoft Office programs.

Ransomware has undeniably been the biggest security threat of recent years. No-one is safe. Hackers targeted everyone and everything, including home PCs – and they were astoundingly successful – earning themselves upwards of $846 million from the US reported incidents alone.

Business is booming for hackers, with thousands of attacks each day bringing in an average of $640 per target. Perhaps even more alarmingly, the financial cost of each individual attack is on the rise – the more ransomware proves to be an easy earner for them, the more they demand each time.

According to a report from June 2020, “Victims of the 11 biggest ransomware attacks (so far) have spent at least $144.2 million on costs ranging from investigating the attack, rebuilding networks and restoring backups to paying the hackers ransom and putting preventative measures in place to avoid future incidents. The victims allegedly paid a ransom in seven of the cases.” Read the full article here.

Here’s Why You Should Never Pay Hackers

For a quick payday, some hackers offer to ‘rescue’ you from immediate danger – for a fee. One method is to trick you into thinking you have a virus that will spread if you don’t pay money to remove it immediately.

Another much scarier method is to pretend to be the FBI and say your computer was involved in a crime (anything from money laundering to child pornography) and you can avoid going to prison by paying a few hundred dollars.

Thousands of regular people are also waking up every day to discover they’ve been locked out of their own files. Entire music and video libraries, digital photos from the past 5 years, personal budget files, and even their secret novel draft …all held hostage until the user pays a ransom. This is bad, but it’s significantly worse if you have access to highly sensitive corporate data. The encryption is so strong and unbreakable that paying the ransom often becomes the only solution.

The way ransomware gets onto your computer is deviously simple. Generally, the hackers convince you to click an email attachment/link or pop-up. With both approaches, the hacker usually offers helpful information, for example:

  • Tracking an unclaimed parcel
  • Alerting that a virus was found and needs to be removed
  • Advising details of a recent traffic fine

It is so tempting to click through for more details and that is what the hackers count on. Their messages and pop-ups are not obvious threats and so slip easily under our radar. Unfortunately, they are not the most trustworthy bunch so paying may not actually unlock your files, and one payment can quickly become several.

advanced cyber threats To make matters worse, they can encrypt any backups connected to your computer too, like a USB drive. Having a backup is super important in any situation, but in cases like this, the right backup is needed. Not only one stored separate from your network, but one created recently with all the files you can’t bear to lose. Before restoring your backup, however, you’ll need to make sure the malware isn’t lurking in the background, ready to not just re-infect your restored files but also the backup drive itself.

 To avoid finding yourself up to the waist in ransom demands or sending hackers money each month, we recommend being wary of email attachments, even from friends and family.

If you are not sure what the file is, DO NOT click it.

They may not have sent that email intentionally; their infected system may be auto-emailing everyone in the address book. You should also be careful with any popups that appear out of place, especially ones that try to make you panic. If it doesn’t sound right or look right, don’t click it. Ransomware is just too dangerous to risk.

An Ounce of Prevention is Worth a Pound of Cure

Just like our personal health, dealing with prevention is better than dealing with the cure – if one is available! Diseases and injuries are more manageable when they are caught early on, just like cybersecurity issues.

Is it possible to prevent cybersecurity issues? We can help you put all the pieces in place to help prevent issues as much as possible.

It’s vital to begin with a strong security foundation. We recommend a framework called the NIST Cyber Security Framework. Read more about it here.

With a framework, we can take each new product; align it with our goals, test the product, and verify our management of the product is appropriate. With each outsourced task, we can quickly and easily see if the value exists by the iterative processes inherent in frameworks. With each consultant, we can direct and manage the work and relationship using the process of satisfying the framework.

Cybersecurity is a process. It is not a rush to prepare for a single point in time audit and relaxing until the next time. By embracing that iterative steps, incremental progress is the proper way to secure your environment, you inherently become secure. Read more about People, Process, and Technology here.

Prevent with PREtect

We’ve combined our top 3 managed services that align with the NIST framework. You are able to cover the first 4 core functions of NIST – Identify, Protect, Detect, and Respond. The services included in PREtect are:

  • Managed SIEM with 24/7 Security Monitoring
  • Managed Detection and Remediation
  • Comprehensive Vulnerability Management

Learn more about PREtect here.

NIST cybersecurity foundation

PREtect

3 Essential Cyber Risk Management Services Integrated into an Affordable, Flexible, Subscription-Based Model.
Learn More

Infographic: Evolution of Hacktivism

Infographic: Evolution of Hacktivism

The Black Lives Matter movement has increased activity from the hacktivist group, Anonymous, and hacktivism overall. Take a look at the evolution of hacktivism below.

Based on the video by Anonymous posted on twitter, see the video here, the group released cyberattacks on the Minneapolis police department and Minnesota State Senate’s servers.

What is Hacktivism?

The act of misusing a computer system or network for a socially or politically motivated reason. Individuals who perform hacktivism are known as hacktivists, according to TechTarget.

Hacktivism is typically non-violent, the tactics used are typically to achieve political, social, or religious justice. The tactics they typically use include:

DDoS – Distributed Denial-of-Service, a tactic used to overload systems and crash a website.
Doxxing – used to leak personal, confidential, or incriminating information against organizations or public figures.
Defacement – a tactic used to deface the data integrity of a website by changing the visual appearance.

Ethical Hackers

It may seem strange, but businesses are using ethical hackers to identify weak points in their cyber defenses, provide valuable insights into the actions of their less ethical counterparts and create better, stronger, and more resilient networks.

If you do not think that a hacker could help your business instead of hurting it, you may want to rethink those assumptions. Here are five business benefits ethical hackers can bring to your organization.

Learn more about how Ethical Hackers can help your business. 

Types of Hacktivism

Hacktivists are typically out for justice and not monetary gain like typical hackers. Instead, Panda Security says they their distinct agenda wages an informational war for political lean, social justice, religious intent, or anarchy.

  • Political: Hacktivism as a form of political mobilization aims to lean or sway the population to the hacker’s agenda.
  • Social: Social justice in hacktivism aims to bring about societal change.
  • Religious: Hacktivism for a religious agenda aims to recruit or disavow a religious entity.
  • Anarchist: Hackers can have an anarchist agenda to access or control civil infrastructure, military equipment, or the general population.

Evolution of Hacktivism

Find Out More About PREtect - our All-in-One Cybersecurity Solutions

Top Ransomware Threats of 2020

Top Ransomware Threats of 2020

Ransomware (or cyber extortion) is on the rise. In 2020, there has been a spike in the number of reported incidents as well as the amount that cyber hackers are attempting to extort from organizations. It’s important that your organization does every they can to fight these cybercriminals and education is a key piece. Take a look at the top ransomware threats we’ve seen in 2020. 

ransomware threats

2020 has been a roller coaster ride so far, and with all the news coverage of all the events that have impacted us (so far) ransomware has been sneaking into our world at a remarkable rate. Some sources say that ransomware spiked 25% in Q1 2020 over the previous quarter. (source)

Here Are The Top Ransomware Threats in 2020:

  1. Maze
  2. REvil
  3. SNAKE (EKANS)
  4. Tycoon
  5. TrickBot
  6. Qakbot trojan
  7. PonyFinal
  8. Mailto (aka Netwalker Ransomware)
  9. Ragnar Locker
  10. Zeppelin
  11. TFlower
  12. MegaCortex
  13. ProLock
  14. DoppelPaymer
  15. Thanos

Maze Ransomware

According to an FBI advisory to the private sector, “Unknown cyber actors have targeted multiple US and international businesses with Maze ransomware since early 2019. Maze encrypts files on an infected computer’s file system and associated network file shares. Once the victim has been compromised, but prior to the encryption event, the actors exfiltrate data.”

“After the encryption event, the actors demand a victim specific ransom amount paid in Bitcoin (BTC) in order to obtain the decryption key. An international Maze campaign targeted the healthcare sector, while its deployment in the US has been more varied.”

“The FBI first observed Maze ransomware activity against US victims in November 2019. From its initial observation, Maze used multiple methods for intrusion, including the creation of malicious look-a-like cryptocurrency sites and malspam campaigns impersonating government agencies and well-known security vendors. Maze was initially distributed via the Spelevo Exploit Kit which targets known vulnerabilities in Internet Explorer and Adobe Flash such as CVE-2018-8174, CVE-2018-15982, and CVE-2018-4878.”

REvil Ransomware

You may have heard of REvil Ransomware because of a recent breach on media and entertainment lawyers Grubman Shire Meiselas & Sacks. They recently confirmed reports that their firm has fallen victim to a ransomware attack.

Several A-list celebrities that are clients of the law firm have potentially had data leaked on the dark web. Madonna’s tour contract was allegedly leaked. 

A screenshot of a legal document from Madonna’s recent Madame X tour surfaced on the dark web, apparently bearing signatures from an employee and tour company Live Nation.

Another screenshot depicts dozens of computer files bearing the names of celebrities including Bruce Springsteen, Bette Midler, and Barbra Streisand.

Stars such as Robert De Niro, Madonna, Drake, Nicki Minaj, Mariah Carey, Elton John, U2 and Rod Stewart are among those whose personal information may have been compromised.

The attackers have doubled the ransom request to $42 million and threatened to release damaging information on President Trump.

Continue reading

SNAKE (EKANS) Ransomware

Ekans Ransomware is a malware variant that infects industrial control systems to disrupt factory operations until a ransom is paid. Security analysts say that Ekans is a spin-off of Snake Ransomware and has so far infected factories related to the automobile and electronics sector, most notably Honda.

Reports are in that hackers have targeted the Honda servers with a file encryption malware variant dubbed Ekans forcing the company authorities to send the production unit workers to home as the installed automated devices became non-operational.

Although Honda never admitted that its servers were disrupted due to a cyberattack, it did agree that it’s IT infrastructure was down due to unspecified reasons.

“On Sunday, June 7th, 2020, Honda experienced a disruption in a computer network which affected the operations across Europe and Japan. And we are currently investigating and assessing the situation” said a spokesperson in a statement released on June 8th, 2020.

Tycoon Ransomware

A new ransomware strain called Tycoon is seeking to wheel and deal its way into the Windows and Linux worlds, using a little-known Java image format as part of its kill chain.

The ransomware is housed in a trojanized version of the Java Runtime Environment (JRE), according to researchers at BlackBerry Cylance, and has been around since December. Its victims so far have largely consisted of small- and medium-sized organizations in the education and software industries, researchers said, which it targets with customized lures.

“Tycoon has been in the wild for at least six months, but there seems to be a limited number of victims,” the researchers noted, in a posting on Thursday. “This suggests the malware may be highly targeted. It may also be a part of a wider campaign using several different ransomware solutions, depending on what is perceived as more successful in specific environments.”

Trickbot Ransomware

A phishing email campaign asking you to vote anonymously about Black Lives Matter is spreading the TrickBot information-stealing malware.

Started as a banking Trojan, the TrickBot has evolved to perform a variety of malicious behavior.

This behavior includes spreading laterally through a network, stealing saved credentials in browsers, stealing Active Directory Services databases, stealing cookies and OpenSSH keys, stealing RDP, VNC, and PuTTY Credentials, and more. TrickBot also partners with ransomware operators, such as Ryuk, to give access to a compromised network to deploy ransomware. Read more. 

Qakbot Trojan

Qakbot is a banking trojan that has been active for over a decade and relies on the use of keyloggers, authentication cookie grabbers, brute force attacks and windows account credential theft, among other techniques.

One of the authors of the research regarding the Qakbot trojan explained the following reasons why cybercriminals are relying on trojans such as Qakbot to launch ransomware attacks:

“The ultimate reason is to maximize their profits. Within the past 18 months, Kroll has observed multiple cases where a trojan infection is the first step of a multi-phased attack—hackers infect a system, find a way to escalate privileges, conduct reconnaissance, steal credentials (and sometimes sensitive data), and then launch a ransomware attack from an access level where it can do the most damage. They can make money on the ransom payment and potentially on the sale of stolen data and credentials—plus the stolen data helps force infected companies to pay the ransom.”

PonyFinal Ransomware

Microsoft has warned organizations globally about a new type of data-stealing Java-based ransomware dubbed “PonyFinal”. The tech giant described the malware as human-operated ransomware, which is distributed in an automated way by attackers.

“PonyFinal is a Java-based ransomware that is deployed in human-operated ransomware attacks. While Java-based ransomware is not unheard of, they are not as common as other threat file types. However, organizations should focus less on this payload and more on how it’s delivered,” Microsoft said in a post.

Read more. 

Mailto (aka Netwalker Ransomware)

NetWalker appeared on the scene in mid-2019. Similar to other well-supported ransomware families, the operators target high-value, global, entities. The group’s targets range across multiple industries and span the education, medical, and Government sectors.

As we have seen with Maze, Ragnar, REvil and others, NetWalker harvests data from its targets and is used by the operators as leverage via threats to post or release the data in the event that the target does not comply with their demands. To date, stolen data belonging to twelve different NetWalker victims has been publicly posted. The attackers behind NetWalker campaigns are known to use common utilities, post-exploit toolkits, and Living-off-the-Land (LOTL) tactics to explore a compromised environment and siphon off as much data as possible. These tools can include mimikatz (and variations thereof), various PSTools, AnyDesk, TeamViewer, NLBrute and more.

Over the last few months, we have seen NetWalker transition to a RaaS (Ransomware as a Service) delivery model, which will potentially open up the platform to an increased number of enterprising criminals. More recently, we have observed NetWalker spam campaigns using COVID-19-related lures to entice victims into initiating infection.

Read more. 

Ragnor Locker Ransomware

A ransomware called Ragnar Locker is specifically targeting software commonly used by managed service providers to prevent their attack from being detected and stopped.

Attackers first began using the Ragnar Locker ransomware towards the end of December 2019 as part of attacks against compromised networks.

According to the attackers, one of these pre-deployment tasks is to first steal a victim’s files and upload it to their servers. They then tell the victim that they will release the files publicly if a ransom is not paid.

“Also, all of your sensitive and private information were gathered and if you decide NOT to pay, we will upload it for public view !,” the attackers state in the Ragnar Locker ransom note.

When ready, the attackers build a highly targeted ransomware executable that contains a specific extension to use for encrypted files, an embedded RSA-2048 key, and a custom ransom note that includes the victim’s company name and ransom amount.

Ragnar Locker is specifically targeting remote management software (RMM) commonly used by managed service providers (MSPs), such as the popular ConnectWise and Kaseya software.

Read more. 

Zeppelin Ransomware

Zeppelin is the newest member of the Delphi-based Ransomware-as-a-Service (RaaS) family initially known as Vega or VegaLocker. Although it’s clearly based on the same code and shares most of its features with its predecessors, the campaign that it’s been part of differs significantly from campaigns involving the previous versions of this malware.

The recent campaign that utilizes the newest variant, Zeppelin, is visibly distinct. The first samples of Zeppelin – with compilation timestamps no earlier than November 6, 2019 – were discovered targeting a handful of carefully chosen tech and healthcare companies in Europe and the U.S. In a stark opposition to the Vega campaign, all Zeppelin binaries (as well as some newer Buran samples) are designed to quit if running on machines that are based in Russia and some other ex-USSR countries.

Zeppelin appears to be highly configurable and can be deployed as an EXE, DLL, or wrapped in a PowerShell loader. The samples are hosted on water-holed websites and, in the case of PowerShell, on Pastebin. There are reasons to believe at least some of the attacks were conducted through MSSPs, which would bear similarities to another recent highly targeted campaign that used a ransomware called Sodinokibi.

Read more. 

TFlower Ransomware

The strain dubbed TFlower splashed onto the scene in late July 2019. It infects organizations through unprotected or poorly secured RDP ports. As soon as the furtive infiltration takes place, the ransomware runs a number of commands to disable Volume Shadow Copy Service (VSS) and thereby thwart easy data recovery. When traversing the plagued computers for valuable data to be encrypted, it ignores critical system files and objects stored in the Sample Music folder.

This pest does not modify the names of hostage files. However, when analyzed using a hex editor, every encrypted item turns out to have a “tflower” file marker at the beginning of its deep-level data representation. The ransomware also sprinkles a bevy of rescue notes named “!_Notice_!.txt” across all affected folders. Although TFlower ransomware doesn’t appear to be a particularly sophisticated sample, it encrypts files flawlessly and thus poses a serious risk to companies.

MegaCortex Ransomware

MegaCortex made its debut in May 2019. It mainly targets businesses located in the US, Canada, the Netherlands, and France. According to security experts’ findings, MegaCortex affects enterprise networks previously compromised by notorious info-stealing Trojans called Qakbot and Emotet. This fact suggests that the distribution of this ransomware might rely on backdoors created by other malware in a business ecosystem.

The convoluted infection methodology MegaCortex employs leverages both automated and manual components and appears to involve a high amount of automation to infect a greater number of victims. In attacks we’ve investigated, the attackers used a common red-team attack tool script to invoke a meterpreter reverse shell in the victim’s environment. From the reverse shell, the infection chain uses PowerShell scripts, batch files from remote servers, and commands that only trigger the malware to drop encrypted secondary executable payloads (that had been embedded in the initially dropped malware) on specified machines.

The attack was triggered, in at least one victim’s environment, from a domain controller inside an enterprise network whose administrative credentials the attacker seems to have obtained, in what appears to be a hands-on break in.

The malware’s name is a misspelled homage to the faceless, bureaucratic corporation where the character Neo worked in the first Matrix movie. The ransom note reads like it was written in the voice and cadence of Lawrence Fishburne’s character, Morpheus.

ProLock Ransomware

According to KrebsOnSecurity, Diebold Nixdorf, a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, recently suffered a ransomware attack that disrupted some operations.

An investigation determined that the intruders installed the ProLock ransomware, which experts say is a relatively uncommon ransomware strain that has gone through multiple names and iterations over the past few months.

For example, until recently ProLock was better known as “PwndLocker,” which is the name of the ransomware that infected servers at Lasalle County, Ill. in March. But the miscreants behind PwndLocker rebranded their malware after security experts at Emsisoft released a tool that let PwndLocker victims decrypt their files without paying the ransom.

Diebold claims it did not pay the ransom demanded by the attackers, although the company wouldn’t discuss the amount requested. But Lawrence Abrams of BleepingComputer said the ransom demanded for ProLock victims typically ranges in the six figures, from $175,000 to more than $660,000 depending on the size of the victim network.

DoppelPaymer Ransomware

The DoppelPaymer Ransomware is the latest family threatening to sell or publish a victim’s stolen files if they do not pay a ransom demand.

A new tactic being used by ransomware operators that perform network-wide encryption is to steal a victim’s files before encrypting any devices. They then threaten to publish or sell this data if the victim does not pay the ransom.

This new tactic started in November 2019 when Maze Ransomware publicly released stolen files belonging to Allied Universal for not paying a ransom.

The most recent victim of the DoppelPaymer Ransomware Gang is the City of Florence, AL. 

Thanos Ransomware

Thanos is the first ransomware family to feature the weaponized RIPlace tactic, enabling it to bypass ransomware protections.

Researchers have uncovered a new ransomware-as-a-service (RaaS) tool, called Thanos, which they say is increasing in popularity in multiple underground forums.

Thanos is the first ransomware family observed that advertises the use of the RIPlace tactic. RIPlace is a Windows file system technique unveiled in a proof of concept (PoC) last year by researchers at Nyotron, which can be used to maliciously alter files and which allows attackers to bypass various anti-ransomware methods.

Beyond its utilization of RIPlace, Thanos does not incorporate any novel functionality, and it is simple in its overall structure and functionality. But this ease-of-use may be why Thanos has surged in popularity amongst cybercriminals, shared with Threatpost.

Protect Your Network from Ransomware with PREtect

pretect

REvil Ransomware Hackers Are Ramping Up Efforts

REvil Ransomware Hackers Are Ramping Up Efforts

revil ransomware

REvil Ransomware affiliates have been ramping up their threats to sell stolen data from law firms, Trump, celebrities, and now a food distributor and a 3D printer manufacturer. Learn more about the threats and how others have handled their responses to the attacks.

What is Sodinokibi or REvil Ransomware?

Since its arrival in April 2019, it has become very clear that the new kid in town, “Sodinokibi” or “REvil” is a serious threat. The name Sodinokibi was discovered in the hash ccfde149220e87e97198c23fb8115d5a where ‘Sodinokibi.exe’ was mentioned as the internal file name; it is also known by the name of REvil.

At first, Sodinokibi ransomware was observed propagating itself by exploiting a vulnerability in Oracle’s WebLogic server. However, similar to some other ransomware families, Sodinokibi is what we call a Ransomware-as-a-Service (RaaS), where a group of people maintains the code and another group, known as affiliates, spread the ransomware.

The ransomware appends a random extension to encrypted files and reports to double the price of the ransom if not paid on time. The malware is actively being distributed in the wild through Managed Service Providers, taking advantage of server flaws, spam campaigns, and through exploit kits.

McAfee has more information in their detailed report.

History of Attacking Celebrities

You may have heard of REvil Ransomware because of a recent breach on media and entertainment lawyers Grubman Shire Meiselas & Sacks. They recently confirmed reports that their firm has fallen victim to a ransomware attack.

Several A-list celebrities that are clients of the law firm have potentially had data leaked on the dark web. Madonna’s tour contract was allegedly leaked. 

A screenshot of a legal document from Madonna’s recent Madame X tour surfaced on the dark web, apparently bearing signatures from an employee and tour company Live Nation.

 

Another screenshot depicts dozens of computer files bearing the names of celebrities including Bruce Springsteen, Bette Midler, and Barbra Streisand.

 

Stars such as Robert De Niro, Madonna, Drake, Nicki Minaj, Mariah Carey, Elton John, U2 and Rod Stewart are among those whose personal information may have been compromised.

The attackers have doubled the ransom request to $42 million and threatened to release damaging information on President Trump.

Although Trump reportedly has never been a client of Grubman Shire Meiselas & Sacks, the New York Post Page Six noted, the hackers posted a message online saying that the ransom had been doubled and that “The next person we’ll be publishing is Donald Trump. There’s an election going on, and we found a ton of dirty laundry…”  Read more on SCMagazine. 

Latest News on REvil – Targeting Food Distributors and Manufacturers

A major food company, Harvest Food Distributors and its parent company, Sherwood Food Distributors have recently been the targets of REvil affiliates.

The threat actors posted a notice about their new target around 3pm MST 5/15.

 

This notice contained a link to download a portion of Sherwood’s proprietary files as “previews” which they plan on releasing one at a time (8 in total). The first link to leaked information contains roughly 2,300 files. These files contain highly sensitive data including cash-flow analysis, sub-distributor info, detailed insurance information, proprietary vendor information – including for that of Kroger, Albertsons, Sprouts – scanned drivers license images for drivers in their distribution networks, etc. The threat actors also posted a conversation they had with Coveware, a leading ransomware mitigation company, dating back to at least May 3rd.

According to HackRead: 

Both of these have various supermarket chains as their clients including but not limited to three large ones, namely Kroger, Albertsons, and Sprouts. Hence, at stake is not only the data of the food distributors themselves but also their client chains.

For this, the attackers have demanded a sum of $7.5 million, lesser than their most recent heist on Grubman but a substantial sum nonetheless.

The data exposed is believed to include 2300 files composed of the following:

  1. Cash flow analysis details
  2. Sub-distributor information
  3. Detailed insurance information
  4. Scanned images of the drivers’ licenses they use as a part of their logistical network.

DarkOwl reports that FARO Technologies, a leading 3D printing/manufacturing Co. – is revealed to be the latest victim of REvil hackers’ ransomware attacks. Read more from DarkOwl. 

Download our REvil Ransomware Advisory

Created in partnership with Cyberint, download our REvil Ransomware Advisory and you’ll learn:

  • Background of the REvil Ransomware
  • Information on the Dark Web Stolen Data Repository
  • Potential Data Exposure
  • Risk and Potential Damage from REvil
  • Recommendations from Cyberint and Cybriant

Click here to learn more

Download the Advisory today!

REvil Ransomware Advisory

PREtect: Solution to Cybersecurity?

PREtect: Solution to Cybersecurity?

It is possible to have a simple solution to cybersecurity. We have created an all-in-one solution that includes our top managed services and bundled those services into one solution called PREtect.

solution to cybersecurity

The Cybersecurity Problem

Hackers are constantly seeking the low-hanging fruit or easiest point of entry to raid your network. While you can never cover every scenario, it’s vital to cover every base that you possibly can. 

Technical vulnerabilities are the low-hanging fruit for bad actors. 10 years ago the average time between when a vulnerability was published by a tech manufacturer and when hackers began scanning networks for it was 38 days, today it is minutes. You have to be able to move at a real-time pace to be able to close this gap. 

Discovering the vulnerability is step one, the next step is to patch that vulnerability. Many businesses do not have the resources to respond in an effective fashion. Even a company as big as Equifax.

Endpoints and the mobile workforce have created a new source for hackers to focus t eir energies on. This new perimeter has proven that traditional technologies like antivirus used to secure these devoces are not up to the challenge. It requires next generation technology in the hands of skilled security resources to blunt this attack vector.

Another surprising statistic is “dwell time” or amount of time between the breach and the discovery of the breach. Sadly, back in 2019 the average between MTTD (Mean time to detect) and MTTR (Mean time to remeidate) was 206 days. Most businesses learn they have been breached from third parties like clients, the FBI, or vendors. In order to thwart the most sophisticated attacks you must be able to identify when security controls have failed or detect odd environmental behavior.

Solution to Cybersecurity Problem

PREtect is a bundled solution of our core managed service. These services will help you effectively reduce your threat landscape and sleep easier at night knowing you are fully protected. These services help business solve three challenges; reduce cyber risk, achieve compliance, and meet security framework control standards. The services comprised in PREtect address the most common vulnerabilities and threats mid-sized organizations will encounter thereby shrinking the threat landscape maximally.

PREtect includes the following services: 

24/7 Managed SIEM with LIVE Analysis, Response, and Remediation

This security monitoring service utilizes SIEM technology to capture, correlate, and analyze activity throughout the environment. We have two SIEM platforms to choose from; one asset based and one user behavior based. Cybriant layers on the 24/7 monitoring and human analytics expertise required to filter out and squelch false positive alerts, and to determine cause, response, and remediation path in the event of an actionable alert. This service includes threat intelligence.

Managed Detection and Remediation (MDR)

This service is platformed on a 4th generation EDR technology, the only EDR technology that can rollback ransomware, eliminate persistent threat mechanisms in an environment, and truly remediate an endpoint after an attack. This technology is being used by 4 of the Fortune 10 companies. The solution combines endpoint protection and EDR capabilities in a single agent. This service can stop a threat and provide the Cybriant team forensic data to track the entire event which our analysts can then use to recommend or perform additional remediation if required. The patented rollback capability enables systems to be restored in minutes rather than hours or days.

Comprehensive Vulnerability Management

This service utilizes leading technologies which enables the continuous scanning and patching of operating systems, configurations, and up to 800 3rd Party applications. The SANS Institute has endorsed Australia’s Defense Signals Directorate strategies for information security. The leading strategy is the patching of applications, our service provides the most robust capability in this area. The service provides risk and policy based execution to ensure vulnerabilities are identified and patched in an optimized fashion. (This service combines scanning and patching but these services can also be deployed separately).

NIST CSF and Compliance Standards

Compliance standards like PCI, HIPPA, GLBA, FINRA, all have requirements satisfied by PREtect. Similarly, all leading security frameworks like NIST-CSF have fundamental control standards satisfied by PREtect. Each service provides standard reporting metrics which can be collaboratively customized with the client to measure specific performance indicators. 

Learn More about PREtect

pretect

Involved in a Cyber Security Breach? Here’s What You Need to Do Next

Involved in a Cyber Security Breach? Here’s What You Need to Do Next

Hopefully, you will never be involved in a data breach, but in a world of constant cybercrime and increasing levels of intrusion, being involved in such an incident seems all but inevitable.

With Equifax as a perfect example of how a trusted provider can be breached, it’s important that you If you want to protect yourself, especially if you potentially share personal data on corporate devices. Signing up for a credit monitoring service is a smart thing to do, but that is only the beginning. Once you are signed up for the service, you will need to watch your email for updates, so you can get a jump start on the bad guys and stay one step ahead of the identity thieves.

In a perfect world, that email notification will never come, but if it does, you need to be ready.

Steps to Take After a Data Breach

Here are some critical steps you should take if you are notified of a data breach involving your own data.

Find Out What Information Has Been Leaked

Some data is more dangerous than others, so it is important to find out exactly what has been leaked. When you are notified of the data breach, you should see information on exactly which pieces of data may have been compromised, and what you do next will depend in part on which information is now available to hackers and cybercriminals.

If you are lucky, the information leaked will be relatively innocuous. Having your email address revealed may be annoying, but it is unlikely to lead to serious consequences unless the password has been revealed as well. Even so, you might want to reset the credentials on your email address or consider changing accounts to stop a flood of spam.

In other cases, the information revealed will be much more extensive, and that could put you at greater risk. If your Social Security number has been revealed, for instance, you are at high risk for identity theft and having hackers open fake accounts in your name. Knowing what has been revealed is a key first step and something you should do right away.

Change Impacted Passwords Immediately

Passwords are prime targets for identity thieves and online criminals, and many data breaches involve the selling of compromised credentials. If your passwords have been revealed in a data breach, you need to change them immediately.

Depending on how you run your cyber life, it may not be enough to change the password at the impacted site. If you have used the same password at multiple websites, you will want to change all of those credentials right away. And when you do, make sure you use unique credentials for every site to avoid a repeat.

Turn on Two-Factor Authentication

Two-factor authentication provides an extra layer of security by requiring an extra step during the login process. In addition to the standard username and password, you will need to enter a code sent to your smartphone, providing additional protection for all your accounts.

Many websites now offer two-factor authentication, and turning it on is a smart thing to do in the wake of a data breach. That way even if a cybercriminal buys your compromised credentials online, they will be unable to access your accounts without the additional security code.

Consider Using a Password Manager

Using the same password at multiple sites can be dangerous, and security experts recommend setting up a separate set of credentials for every site you visit. Unfortunately, keeping track of all those user IDs and passwords can be a full-time job, and it is tempting to fall back into the same old habits after the current crisis has passed.

If you want to stay safer online and protect all of your accounts, consider using a password manager. Password managers create a unique set of credentials on demand, keeping track of the information in an encrypted database. All you need to access it all is a single master password, so you only have one set of credentials to remember.

Sign Up for Transaction Alerts

Transaction alerts provide you with instant notifications of purchases, withdrawals, and other activity on your accounts. Signing up for those alerts is a smart thing to do, especially if your accounts may have been compromised.

Once you sign up for transaction alerts, you will get a notification on your smartphone whenever something happens in your account. If you see a charge you do not recognize or a withdrawal you did not authorize, you can contact the bank right away to shut it down.

Think About Freezing Your Credit Report

If you have been involved in a data breach, you may want to freeze your credit report, especially if you do not plan to apply for a loan or credit card in the near future. Freezing your credit report is a major step, but it may be a necessary one to protect your identity and your finances.

Once you freeze your credit report, no one, including you, will be able to access your file or open additional accounts. That can make life difficult when it is time to apply for a car loan or mortgage, but if you do not need any additional credit, putting a temporary freeze in place could make sense.

Being involved in a data breach can be frightening, but prompt action could mitigate the damage and prevent the problem from getting worse. What you do in the wake of a data breach matters more than you might think, and the actions you take could protect you from hackers, identity thieves, and other nefarious actors.

Download Cybriant’s Remote Workers Guide to avoid being another headline! Help your remote workers protect the companies data and their personal information with these important tips. Download today.

Download our Remote Workers Guide

Get The Latest Cyber News In Your Inbox

Cyber news and threat updates from our cybersecurity experts.

You have Successfully Subscribed!

Read more cybriant reviews

You have Successfully Subscribed!