Posts

Summit Hosting Outage Ransomware Downtime Thumbnail

What Businesses Can Learn From the Summit Hosting Outage

The Outage in Summit Hosting

On Saturday, January 18 cloud provider Summit Hosting was hit by a ransomware attack.

Details regarding the breach are still unknown. What is known is that support has reached out to its users claiming they are working on resolving the issue.
A Reddit user claiming to be a client posted a letter he said he received from Summit Hosting after attempting to contact them.

The letter states that their cloud environment was hit by a ransomware attack and security systems detected the attack immediately, shutting down all 400 client servers as a result.

Cloud providers often market themselves as a safer, more secure, and more efficient alternative to on premise, or internal IT. The truth is, Cloud providers and Managed Service Providers (MSP’s) are susceptible to all the same risks other businesses face.

The issue arises when businesses looking to adopt a cloud-based infrastructure fail to understand what makes a cloud vendor trust-worthy or what to avoid when looking for a cloud vendor.

Here are four things to keep in mind about choosing a cloud provider.

Low Costs Cost More

Many vendors will offer you cloud hosting services for the deceptively low price of $100 a month or $58 a month to host a specific application. Potential clients then see the low price and immediately assume they’re getting a good deal. However, there are instances where the less expensive option can be the more dangerous one.

For example, would you feel safe going over a bridge that costs $400 or $40,000?

Lower priced cloud services imply the provider doesn’t have the resources to deal with bigger issues when they arise. When the price is cheap it typically means they’re cutting costs elsewhere, usually to the detriment of the user.

This could mean a sacrifice in cyber security tools, capable systems engineers or software.

Make Sure Your Provider Permits Storage Onto Your Servers as Well

Adopting the cloud is not, and should never be, an all or nothing affair. In other words, a cloud vendor should never prevent you from storing certain data on premise. If they do, then they should at least provide the capability to access and save important data onto your internal servers as well.

This safeguards your business against a complete halt of productivity and even temporary shutdown should your cloud provider experience an outage or a cyberattack. What good are cloud-backups if you can’t access them?

When discussing your service contract, or service level agreement (SLA), with a vendor you can choose to keep certain mission critical data on your own servers. Furthermore, no business is the same. Not even businesses within the same industry are the same. Therefore, it makes sense that one business would require different kinds of services on the cloud than another.

Look for a Team with a Fast Response Time (No Longer than 12 Minutes)

When a cloud provider experiences an outage for whatever reason, your provider should always be able to respond quickly and efficiently.

To illustrate my point, It’s important to highlight the differences between a public cloud and a private cloud. If something goes wrong with a private cloud, you’ll typically have someone to call. With a public cloud it’s only always included.

Public cloud vendors like Azure, offer one-on-one support only if you purchase their support plan separately. With Amazon Web Services, you must submit a support request through their website and wait for a response.

The most important thing, however, is that you’re given a point of contact. This can be an engineer or even the CEO of the cloud provider.

But just because you have a private cloud vendor to call, doesn’t mean they’ll be timely in their response. After the outage in Summit occurred, support was unable to efficiently respond to its 400 clients in a timely fashion.

As a result, the 400 clients were left confused, worried, angered and distressed for hours and in some cases days. So, make sure your cloud vendor has a response time of 12 minutes or less in case of an emergency like the one in Summit Hosting occurs.

In cases of such an emergency, Nerds Support has staff ready to respond and provides periodic updates every four hours via email and social media. Consistent communication like this ensures a smooth recovery in emergency situations and helps businesses maintain order.

Always ask your cloud provider for a business continuity plan. They should be able to provide you with a detailed plan outlining how they operate in the case of an outage, breach or natural disaster. If they don’t have one set up, move one to another provider.

Be Aware of Cyber Attacks

It should be the duty of every cloud provider to provide educational training to users about the various kinds of cyberattacks that businesses are susceptible to. However, providers often overlook training and focus on other areas of their services.

Ask your vendor what they’re cloud cyber security policy is. They should have a system in place that verifies and secures all devices before use. The reason for this being, employees bring their own devices to work and it can create a security issue if the machines are not secure.

Review your cloud vendor’s cybersecurity tools and protocols to make sure they provide the security benefits you need.

Although more and more users are becoming aware of some of these attacks, they are quickly adapting and changing to overcome user awareness. When it comes to cyber-attacks, your education is never finished. Human error is still the number one cause of cyber breaches and phishing is still the most effective cyber attack.

Research found Ransomware extortion payments are now $84,000 on average. This isn’t meant to scare you, simply to make you aware of the importance of staying educated. All it takes is one user in a company of thousands of people to compromise a system.

Often times, a company experiencing a ransomware attack fails to recover their files and pays the ransom out of desperation. Unfortunately, this doesn’t always guarantee all encrypted or stolen data will be restored or that the cybercriminal won’t attempt to extort them again.

Any cyber security expert will tell you, the best solutions are preventative. The most effective way to successfully survive a cyber-attack is to avoid it. By staying up-to-date on cybersecurity you’ll decrease your chances of falling victim to an attack by a hacker.

Summit Hosting Outage Ransomware Downtime Leaderboard

What Should Concern Businesses About the New Orleans Cyberattack

The city of New Orleans experienced a cyberattack so severe Mayor Latoya Cantrell declared a state of emergency.

The attack occurred on Friday, Dec. 13 and caused the city to shutdown government computers. Officials announced the shutdown via social media posts.

City Shutdown Government Computers

The attack started at 5 in the morning, according to the city of New Orleans. At around 11 a.m., employees noticed what they considered suspicious activity. As a result, the city’s IT department ordered employees disconnect from Wi-Fi and close down their computers.

Fortunately, an investigations into the attack is currently underway as Federal and State agencies gather more information. As of now, nothing is known about the malware used during the attack and the Mayor said no ransom demands had been made yet.

Louisiana’s Third Cyberattack

This ransomware attack is the third to affect Louisiana in five months. In November, another attack prompted Louisiana’s Office of Technological Services to shut down multiple state agencies. And in July, cyber criminals attacked several Louisiana school districts, shutting down their networks for ransom.

As a result of the schools attacks, Governor John Bel Edwards declare a state of emergency that allowed state agencies to help local governments recover from the attack.

What’s the Damage?

Unfortunately, it’s always difficult to tell the extent of the damage. It could take months and, in some cases, years to truly understand what information was stolen.  Furthermore, hackers could have stolen government employee information, financial information and more from New Orleans.

Moreover, they will have to contact financial institutions and implement new procedures to address cyberattacks like this as well as increase security on their networks.

This begs the question, if State governments have to shut down entire systems and declare a state of emergency to deal with a cyberattack, what will it cost a small business?

Since the attack in November, The National Governors Association (NGA) has urged states to develop a formal continuity plan for responding to cyber threats. Additionally, cyber forensic experts will need to be brought in to investigate the breach.

New Orleans Government Cyber Attack Statistics

 

Cyber Response Plan

The NGA released a State Cyber Response plan in July, that governments are developing and 15 states have made their plans public.

Without a doubt, the impact of ransomware attack is nothing to scoff at and governments are learning the hard way. Ultimately, having a continuity plans in place ensures recovery from a breach runs as smoothly as possible.

Cybercriminals Declare Hunting Season

The FBI issued a warning in October declaring an increase of cyberattacks on “big game” targets. These are targets with money and sensitive information, willing to pay ransoms to restore their systems.

That doesn’t just mean local and state governments, municipalities and agencies. For instance, hackers often target businesses, hospitals, accounting firms and financial advisers for their data.

Additionally, businesses have to adapt and invest in security if they expect to succeed. The first of several security lessons: no one is too big or to small to get hacked.  Sensitive data is always in high demand. More importantly, dark web marketplaces, like Joker’s Stash, are always willing to sell it.

The Future of Cybercrime

Researchers warn that ransomware attacks will intensity in 2020. What’s worse, attacks are getting more sophisticated.

On the other hand,with the year coming to a close and a new one beginning, now is the perfect time to audit your IT infrastructure and verify it’s competency against these types of threats. Fortunately, 2020 will also see the rise of things like cyber insurance, AI and cloud-based security solutions.

Transitioning to a cloud-based solution, like a hybrid cloud,  might help industries across the board avoid scenarios like the ones in Louisiana.

You can read our article on how businesses can protect themselves from a cyberattack.

If you want to know more on cybersecurity news, the cloud, managed IT services and more contact us or visit our blog.

 

Disney Plus Data Account Breach Thumbnail

Thousands of Disney Plus Accounts Hacked After Launch

Disney’s new streaming service was hacked a week after launching and hackers are offering breached accounts for sale online for $1 a month or $3 a year.

The service garnered over 10 million subscribers on their first day and within hours hackers took control of user accounts.

Disney+ users said on social media hackers were logging in to their accounts, logging them out and changing the email and password of their accounts.  If this is true, then some users could be in huge trouble. 59 percent of people use the same password everywhere, according to a poll conducted by Lastpass. Therefore, there’s a big chance Disney+ subscribers use the same email and password for multiple accounts.

Other streaming services such as Netflix, Hulu and HBO Now have been targeted by hackers too. Users report finding unfamiliar names and profiles in their accounts.  And if you’re a hacker looking to make a quick dollar, it this isn’t too hard to do.

How Did This Happen?

It’s estimated that millions of online accounts are scouted and tested using a method called credential stuffing. Hackers test a database of stolen information such as passwords and usernames against various accounts in order to find a match.

Hackers have programs that run these tests in seconds. And since we know over half of people use the same username and passwords across multiple accounts, there’s a huge probability they’ll find a match.

Another scam cybercriminals use to get your email, in the instance of Disney+, would be to send a fake email to a subscriber warning them their accounts were locked. The fraud email asks the user to provide their account information for “verification”. After a hacker gains this information, they log in to the account, change the password and block the subscriber from accessing his or her account. This is a form of phishing and it happens every day.

Disney Plus Data Account Breach Statistics

It’s a Bad Week for Disney+

The curious thing about Disney+ is that users who had unique passwords also got their accounts hacked according to a ZDNet report. Secondly, the new streaming service was still in the seven-day free trial period, even for people who signed up for it immediately after it went live. In other words, there wouldn’t be any profit for hackers since people were still using it for free. Moreover, if you’re a Verizon customer you get Disney+ free for a year.

The new streaming platform has had a rough first week since it went live on Nov. 12, with slow screen loads to messages on their homepage displaying ‘unable to connect’. The company said it was working hard to fix the problem and they were mainly due to a demand for the service that was higher than expected.

Subscribers of streaming services should ignore and avoid emails relating to their accounts and never provide account information through email. Also avoid using the same password for everything. It’s honestly an invitation to get hacked. If even one of your accounts is compromised that risks all your accounts.

Why Does it Happen?

And this isn’t something common just among streaming service users, it’s common for everyone. Even people who work in industries and companies with extremely valuable data fail to take precaution. It’s been reported repeatedly that human error is the leading cause of cybercrime. To be more specific, human error is the main cause of 95 percent of cyber security breaches according to an IBM study.

Human error encompasses a large variety of actions, not just password related errors. It can be downloading malware after opening a phishing email or working on an insecure network. Victims of ransomware attacks aren’t foolish, just careless.

The Disney breach might not seem related to company breaches until you consider Disney+ users are accountants, lawyers, financial advisers, and business owners. If over half of people use the same password for everything, what’s stopping them from using their Disney+ password to access their account information or login to their database?

For a cybercriminal, this is their best-case scenario. They access a user’s information, discover he works at a medium size accounting firm, and proceed to use the password they got from accessing their streaming service to access their firm. There are even cases where people use their work email as their login email for other accounts.

It Takes More than Good IT

There is only so much IT for accounting firms can do in this case. Companies must do more than rely on their IT infrastructure to keep them safe. Situations like these create huge compliance risks for those who work in the financial services industry. For those who work in or own their own business, it creates liabilities that could potentially ruin the company.

Hackers always look for the path of least resistance. They choose a small or medium sized business because it won’t attract too much attention. They send hyper-targeted phishing emails because people are likely to fall for them. Cybercriminals even buy malware programs on the dark web so they don’t have to develop it themselves. The trick is to do everything possible to make their jobs as difficult as possible by implementing smart, best-practice procedures. At the end of the day it’s about eliminating liabilities.

Disney+ users should be mindful of what email they use to login and what password they choose. It might affect more than their weekend.

Click here to read our blog about how  businesses can protect themselves from cyberattacks.

Texas Ransomware Cyber Attack

Ransomware Attacks & Financial Firms

Ransomware Attack On Texas

Tuesday, August 20, 2019 a ransomware attack took place in 22 municipalities in Texas. Computer systems were hacked and held for ransom in a widespread ransomware strike. The cities of Borger and Keene were among those affected. Borger residents couldn’t access birth certificates or pay their utility bills.

Ransomware attacks are a growing problem for governments on a city, state and county level, according to a report by the Cybersecurity and Infrastructure Security Agency (CISA). The type of ransomware was not revealed and no state networks were breached in the attack according to Texas officials.

What is known is that the ransomware came from a single source.

Ransomware

Ransomware is the most common tactic used by cyber criminals because it’s relatively simple to execute and it’s cheap.

This has led to a rise in ransomware attacks since 2017 and most victims are small cities and counties. These cities are perfect because they often have underfunded IT staff and are therefore most vulnerable.

The same reasons that make these places so vulnerable to attack make financial firms vulnerable as well.

Cyber criminals are leveraging ransomware attacks to steal from industries of all kinds, but financial services firms are among the most lucrative.

Here are the reasons why:

  1. They store valuable, sensitive and confidential data that can be sold on the dark web or to a competitor.
  2. They usually have significant amounts of money available. This making them more likely to pay a ransom to get back encrypted data if there’s substantial downtime.
  3. Their IT security is believed to be lacking and inefficient, especially within smaller banks and credit unions.

The Looming Threat of Ransomware Statistics

Ways to Avoid Ransomware & Cyber Traps

Effectively combating ransomware requires implementing technical and cultural measures. This includes:

Training

Ransomware attacks are perpetrated through an email containing an infected link or attached document. Knowing what to look for is half the battle and greatly reduces the chances of falling victim to these attacks.

Here are some telltale signs of a ransomware attack:

  • There are glaring grammar and spelling errors in an ostensibly professional email.
  • You receive an email at odd hours of the day or night.
  • If the link attached to the email connects to an unusual URL. Hover your cursor over the link to check the URL.

Now more than ever it’s important to address this concern. Cyber-attacks affect financial services 300 times more than other companies, according to a report from Boston Consulting Group (BCG). Despite this, BCG found that many financial institutions are poorly equipped to respond effectively to a ransomware attack.

This comes from a failure to prioritize cybersecurity as a top issue. There is an overemphasis on prevention over detection and response. There is also a lack of security awareness in company culture in general, which can worsen the problem.

If employees reuse account credentials like passwords attackers can easily obtain them and cause serious damage. The most dangerous threats come from inside a firm- from a careless employee who fall victim to phishing, spoofing and other social engineering schemes. The resulting losses across the financial services industry run up to tens of billions of dollars.

 

Securing Your Network

It’s important to train users to recognize certain kinds of attacks, but keeping a secure network requires an approached focused on strong network architecture. An infrastructure capable of detecting and eliminating malware that may have found its way into the network.

It’s possible that your network may contain numerous latent threats, so all applications and email inboxes should be properly scanned for malicious content.

Top IT Service providers, like Nerds Support, deploy firewall as well as implementing comprehensive email security to stop threats before they become problems.

They’re also allow you to segment and control access throughout the network to minimize the spread of a virus attack should it get in.

Backups

When a hacker uses ransomware, they encrypt all data and sensitive information necessary to operate. That means payroll, customer’s financial information, email, internal documents and more. The only way to regain access is to pay a ransom of some kind.

If you backup your data, however, that doesn’t have to be the case. With the right strategy, rather than paying ransom, you can just restore your files from the latest back-up and the cyber criminal’s ploy will have been stopped in its tracks.

Cloud based back-up services are the best at this. Nerds Support provides partners with daily backups and updates all systems with the latest security features to combat cyber-attacks. These advanced solutions even allow you to create a virtual copy of your servers on the cloud and restore all compromised data within minutes of a breach or attack.

The Greatest Risk Isn’t What You Think

It’s logical for a cyber-criminal to target financial firms for the reasons mentioned above using ransomware. It’s a reality of living in an ever-more-digital era. Ransomware and other malware attacks are here to stay and should not be ignored. The greatest damage to a firm is not to their business, their productivity or their infrastructure, it’s to their reputation.

Financial services organizations possess people’s most personal financial information. Social security, banking information, credit history, etc. If you’ve failed to take the necessary precautions to prevent or mitigate an attack and your firm is breached, it will be nearly impossible for anyone to trust you again.

When you take on a client, there is an agreement that you will safeguard their information. There is a supposition of trust. If that trust is broken, the thing your service is founded upon, rebuilding your reputation will be an uphill battle for years to come.

What Does it Mean?

In the case of the Texas attacks, the governments of these municipalities have resources that help them recover. They have taxpayer funding, cyber security experts and other advantages that a private organization does not have. Even with these advantages, it’s still struggling to address the overall issue of cyber-attacks.

According to the cyber security firm Recorded Future, the attacks on these 22 cities were the most organized and coordinated attack they’ve ever seen. The Texas Department of Information Resources (TDIR) are currently involved in trying to bring back all systems online as are officials from other federal agencies.

If this is the type of damage that can be done on government institutions, there is no excuse for negligence on the part of any business let alone one as frequently targeted as a financial organization. Take stock of your current IT resources and make sure your company is properly prepared in all respects against ransomware and cyber-attacks.

For more information on Malware, ransomware and social engineering visit our blog or contact us and we’ll answer any questions or inquiries you may have about how to make your firm safe and secure.