Category Archives: cyber attack

The History of Computer Viruses

Since the dawn of computing, there has always been programs people developed that had the ability to self-replicate. In the beginning, this seemed like amazing modern programs that were wise beyond their years. These programs have since developed into Viruses and the Malware that we know today. Which are not so amazing… However, they are wise, which is the scary part. Let us look at the history of how modern malware came to be. Understanding the root and origins can help us understand how these programs work and how we can defend against them.

1949- YES! As Early as 1949 we see some of the first Self Replicating programs that were established.

1966- John von Neumann, known to be the “Father of Cybernetics” wrote an article on the “Theory of Self- Reproducing Automata”.  Self-Reproducing Automata sounds much more interesting than “Virus”

1971- A self-replicating program called “The Creeper” was developed and accessed the Advanced Research Projects Agency Network and copied to a remote host system. The funny part is that it would display a message that said, “I’m the creeper, catch me if you can!”. Soon after another program called, “The Reaper” was developed to go in and delete the harmful “Creeper”.

1974- An infectious program called the “Wabbit” was created, its goal was to make multiple copies of itself on a computer and clog up the system so the computer performance would be compromised.

The 80’s – This was the decade where the term “Virus” was first coined. We also began to see these programs turn more malicious. The Lehigh virus in 1987 was programmed to infect command.com files at Yale University. A virus discovered in the city of Jerusalem was developed to destroy all file in an infected computer on any Friday the 13th.

The 90’s – At the start of the 90’s Symantec launched one of the first antivirus programs called Antivirus to help fight against the infectious programs. In 1996 a macro virus named Laroux was made to infect Microsoft Excel Documents. in 1999 The Happy 99 virus spread and attached itself to emails with the message “Happy New Year”

00’s-10’s – Were the target of more elaborate viruses which included the ILOVEYOU virus capable of deleting files. The Anna Kournikova virus that spread through emails and promised pictures of the tennis player, but instead hid a malicious virus. The Koobface, which targeted social media Users.

While viruses began harmless and with the intention to further society into understanding how programming works, this information was then used for evil and shadowed the excitement of new technology with threats to personal security. Luckily the good always outweighs the bad and with many steps to prevent, counteract, and fight back against cybercrimes, the world can rest easy.

 

Contact ECMSI for any questions you may have about your network or if you think you fell victim to a virus or cyber attack.

Securing Your Network. From Yourself!

Worrying about outside hackers is one thing, but what happens when a disgruntled employee causes more damage to your business network than any malware could have? Recently, a company out of the Netherlands that provided web hosting, Verelox, had to shut down all of its services to their customers because an ex employee went into their system, deleted all customer data and wiped out most of their servers. Verelox quickly resolved their issues but many times, these situations do not have such a nice outcome.

So how can your business take proactive steps to prevent data breaches within your business? First thing is to make sure your company has set boundaries and understands what each employee can and cant have access to. Knowing your end users is extremely important because it allows you to control who is seeing your information. Backups are extremely important when controlling your network, in the case of Verelox, they had a system of backups in place that were regularly updated, so they restored their systems with the backups they had in place.

So how big of a threat is insider damage? More than you may think. According to a 2016 IBM study, internal employees are responsible for 60 percent of data breaches. From those, over 75% of breaches are done with a malicious intent and 25% were accidental. In a 2015 Biscom survey 1 in 4 people admitted to taking data from a company after they left. Many of them did not feel like it was wrong because they were items they created while they were working for that particular business. The most shocking statistic is that 95% of employees who took company data, said they would not even receive any repercussions because their employer did not have any policies to stop them.

For the 25% that caused a data breach by accident, they most likely fell victim to a phishing email or other internet malware attempt. Educating your end users could go a very long way for your business, and is one of the best proactive tools to keeping your company data secure. Many small businesses get hit the worst when a data breach occurs because they do not have the proper resources to manage their IT and keep on it all while trying to run and grow their business.

 

An Investigation on Data Breaches in 2018

Recently, Verizon published their 11th edition of their Data Breaches Investigation report that looked at over 53,000 security incidents including over 2,126 confirmed data breaches. We wanted to highlight some of the key take a way’s in this report and show some of the shocking statistics businesses face when it comes to technology security in 2018. We are going to look at some of the motivating factors for hackers, what industries are affected the most and how a typical organization reacts to a cyber attack.

Who does the hacking?

73% of cyber-attacks are done by outsiders. These are organized criminal groups whose goal it is to specifically hack into systems illegally and collect information. 28% of attacks are done internally by those who may have the credentials or a way into the system with official credentials. These are especially hard to track because you never know who may be using company data for their own personal gain.

Why attack?

76% of breaches were financially motivated. Hackers are looking to steal information such as credit card numbers or social security information in order to use other people’s identities. We also see hacking in the form of malware that holds data for ransom for a fee. Found in over 39% of cases where malware was identified, ransomware is one of the most popular forms of online hacking today.

Who can be a victim?

Virtually any business that plugs in to any network could fall victim to a cyber-attack. Unfortunately, there are many ways a hacker could infiltrate in, whether it be POS, email, misuse by an employee, social media etc.  The most popular however is a direct hack by a group or person who specifically wanted to get in a particular network. Following close second is malware and phishing attempts. 4% of people will click on any given phishing campaign with 17% of all breaches happening because of human error in the everyday workplace.

Industry trends in data breaches.

Based on the Data of over 53,000 incidents and 2,126 confirmed breaches the number of the two categories for specific industries are as followed:

Accommodation: 338 breaches, 368 incidents
Education: 101 breaches, 292 incidents
Financial: 146 breaches, 598 incidents
Healthcare: 536 breaches, 750 incidents
Information: 109 breaches, 1,40 incidents
Manufacturing: 71 breaches, 536 incidents
Professional: 132 breaches, 540 incidents
Public: 304 breaches, 22,788 incidents
Retail: 169 breaches, 317 incidents

The Reaction

While most compromises happen in a very short time span, with over 87% taking a minute or less, finding out about them is a whole different story. On average, only 3% are discovered within minutes, while over 68% went undiscovered for months or more. The report states that in many cases it isn’t even the organization that recognizes the breach but an outside third party such as partners, law enforcement, or the most damaging, by customers.

Staying proactive and keeping your cyber defenses up is one of the most important things to any business in 2018. While no defense mechanism is a 100% guarantee. Having a plan and being able to respond quickly is the best chance of stopping hackers in their tracks and restoring your data.

To see the full report by Verizon click here

Contact ECMSI for a FREE network health assessment to see if your business is being effected by malware. Find out if their are any vulnerabilities in your network and what you can do to stop them! Fill out the form below.

 

 

The Threat of Social Engineering.

You can defend your data with all the latest and best technology. But if just one team member gets tricked into giving away the keys to the castle, it’s game over. Hackers know this. And that’s why so many use social engineering to break in.

And it’s not just the big companies you hear about on the news. On February 3, 2016 a suspect posing as the CEO of Magnolia Health Corp. obtained a spreadsheet with sensitive data about their employees. On February 23, someone posing as an employee of Central Concrete Supply Company obtained confidential W2 records and disappeared with them.

In a 2011 survey, Check Point Software Technologies found that nearly half of the companies surveyed reported one or more social engineering attacks resulting in losses ranging anywhere from $25,000 to $100,000 per occurrence.

Unfortunately, there just aren’t any whiz-bang tricks or tools that will automatically prevent a clever “social engineer” (SE) from breaking in. The keys to protection are awareness and vigilance. To help you know what to watch for, here are five common ploys – and how to deflect them:

Familiarity – In this type of scheme, the hacker becomes familiar to an employee. Social networking sites can reveal an employee’s schedule and favorite hangouts. The hacker might then frequent the same bar or restaurant. After a drink or two, some key fact may slip out… The best way to bust this ploy is to be careful to not get lulled into a false sense of security around people you haven’t thoroughly vetted.

The Consultant – A social engineer poses as a consultant for hire. Once they get the gig they can scoop up all the info they need from you and your team because of their seeming authority. Watch for this especially with IT consultants. Do NOT trust blindly. Vet every consultant, and never give all the keys to the kingdom. Just because someone has the skills to fix your server or network doesn’t mean they won’t steal your data. Vet thoroughly, and, as Ronald Reagan said, ‘trust but verify’.

Piggybacking – The SE waits by a secured door for someone to use their passcode and enters right behind them. Or the SE struggles with a heavy box and asks a legit employee to hold the door open for them. Being kind and helpful, the employee helps the SE right into the building… free to do as they please. To foil this one, never forget the dangers of allowing a stranger in without proper clearance.

The Interview – Key information often escapes during interviews. A smart social engineer will gain an interview and deftly pick up all the information they need to hack into your network. Make sure any data provided during an interview offers nothing in the way of secrets. Keep the conversation light, or even superficial to avoid leaking critical data.

Angry Man – You may have seen this on TV… Somebody has an angry tone on the phone, or is grumbling to themselves as if they’ve just had an argument. We all tend to avoid people like that. Enough people avoid them and the way is cleared into the heart of the company – and your data. Don’t go along with it. When you see this exploit unfolding, call security.

The key to preventing social engineering attacks is a well-trained workforce. You and your people may be your company’s greatest asset. Yet without regular, proper training, human beings can be the weakest link in your company’s data defenses.

How to Identify a Phishing Email

You wake up and like many of us today, you immediately check your phone. Scrolling through your email you see a message in your inbox that reads “Microsoft account security alert” this email then goes on to explain how someone might have accessed your account and how they may have your password and access to personal information. The email then contains a button you can click through to “recover your account”. This email looks a little something like this.

Seems normal enough right? WRONG. This email contains an abundance of red flags that to someone not so tech savvy could fall victim to. This email is meant to be malicious and ironically while it is trying to get you worried about your information getting hacked into. It is trying to hack into your information. Let’s dive into what these red flags are so that others do not fall victims to these malicious emails.

To begin with, this email claims it is from the Microsoft team, however within the email itself we see no Microsoft branding of any kind, and is overall poorly designed. The next indicator of suspicious activity is that the email keeps mentioning a Microsoft account has been accessed, but shows a Yahoo email address. The person who received this email knew that their email address was not registered with any Microsoft account, especially being that they were a Mac only user. There was also not enough characters or asterisks that reflected any email this user had.

This is just one example of a phishing email and there are many more, some are formatted well, others are blatantly a scam, but paying close attention and really evaluating each point the email is trying to make is extremely important. Be sure to be on the lookout for other signs such as:

  1.  You are asked to send money to cover expenses.
  2. The message asks for personal information.
  3. The message contains poor spelling and grammar.
  4. The email contains mismatched URL’s.
  5. The offer of the email seems too good to be true.

Finally, if something in that email just does not seem right to you, there is most likely a reason why and immediately. If an email looks suspicious and catches you off guard or does not relate to any recent activity you have done online, it is best to not act upon that email and flag it as spam and delete the email immediately. Clicking through could cause major issues to your computer system or others if it happens in your workplace. Be sure to always be attentive, be curious and ask questions and stay protected!

 

My Coffee Machine Got Hacked

In today’s world it seems like anything can fall victim to a cyber attack. We all know that a computer, wireless network, server, (etc.) can be compromised. Now imagine that you’re at work and you see a ransomware message on your coffee machine’s screen. That’s right… a COFFEE MACHINE. This may sound ridiculous but it did happen and could happen to any workplace. Bet you didn’t know ransomware is now a part of the new continental breakfast.

A chemical engineer with a degree in computer science posted this instance on Reddit and explained exactly what happened that led to this attack on their workplace coffee machine. It all began when a factory worker encountered a ransomware message on his computer, he then called the help desk to get the issue resolved and stepped out to grab a cup of coffee. The worker then noticed the same message on the coffee machine’s screen. Now, this ransomware did not just shut down the employee coffee supply and hold it for ransom (which, that would be a whole other nightmare),this ransomware spread throughout the factory and shut down factory systems. So how did this all happen?

Coffee machines are supposed to be connected to their own isolated WiFi network, the person who was installing the network made the mistake of connecting it to the internal control room network, when they noticed the coffee machine still wasn’t getting internet they then connected it to the isolated WiFi network. While a hacker was poking around in their systems they noticed that huge security fall and managed to squirm their way into the system and gridlock the entire factory network.

A coffee machine is not the only issue, practically any computer- implemented or computer enabled device can be compromised, this then leads to a wild search for what else is connected to that same network that could also become infected? Network vulnerability is like a screen door. If you do not pay attention and their is the tiniest hole in the screen somehow at least one fly will manage its way through and get into your home.

Being proactive and making sure your systems are always being monitored for any issues is very important. Implementing the right security precautions and making sure your network is sealed tight is the only way to prevent malware from grid locking your network. Finally, please make sure your office coffee machine is installed properly!