Trends

How Finance and Insurance Providers Can Respond To The Surge of Cyberattacks

admin — Wed, 23 Feb 2022 17:41:55 +0000

How Finance and Insurance Providers Can Respond To The Surge of Cyberattacks admin Wed, 02/23/2022 - 11:41 Trends ��Ƶɫ

Over the past two years working from home (WFH) has rapidly accelerated in many fields. Although the pandemic’s part in contributing to this shift is undeniable, much of this trend would be impossible without software developments supporting remote work. However, digital growth has increased the chances for cybercriminals to strike out and harm companies.

Smaller and mid-sized businesses are especially at risk due to limited resources and budgets for cybersecurity. On the other hand, businesses that have had increased digital footprints have also given cyber insurance companies more information to assess risk profiles of policyholders. These data-driven insights help provide more accurate underwriting and ultimately protect the insured.

This article will discuss the ways WFH has altered the digital landscape and what, both financial and insurance, providers can do to respond to this increased growth.

Growing Digital Footprints

As of 2020, over half of the world’s population is connected to the Internet. In America, over 90% of Americans have access to the internet. These numbers stand in sharp contrast to 2007 (the year the first iPhone was released), when 47% of Americans had access to broadband Internet at home. Every year more and more people are coming online and signing up for the services and platforms that connect us in this digital age. Increasingly, our digital presence has become relied upon as a method for us to transact business and experience our lives.

More and more businesses require employees to leverage these types of digital systems, which is why we have seen a huge increase in vulnerabilities. The transition from an Internet of the wild west to a place where the vast majority of the world’s business takes place has been essential for WFH to become possible. Importantly, businesses should consider how to rebuild after Covid.

Powered by the Cyberworld: Working From Home

WFH, sometimes called remote work, or even more rarely, working from anywhere (WFA) has become key to how we do business today. The sudden shift to WFH dramatically altered the business landscape because overnight we suddenly found many workers, some of whom had never sent an email, were handed a laptop and told to sign up for Zoom.

Early in the pandemic Zoom went from servicing 10 million people a day to over 300 million. In short, the Internet got way bigger and way more crowded. Companies suddenly needed new services, like being able to encrypt your emails. This rush to cyberspace also created an open floodgate of information for cybercriminals to wade through.

Criminal Threats Online

Cybercrime is nothing new, but the massive shift to remote work has made business data all that more vulnerable to hackers. Zoombombing, the practice of breaking into private Zoom meetings and disrupting them, although largely benign, underlines the importance of securing your business’s online presence.

Something important to keep in mind is the various types of groups that perpetrate these crimes, but also the angles from which they may attack businesses. This information is critical for financial and insurance providers because by understanding how cybercriminals behave you can determine how to better protect policy-holders.

Cybercrime Perpetrators

Generally, there are three to four types of cybercriminals that can be identified based on their alignment. The first group would be government actors. These are hackers employed by the government of a nation and are frequently used to undermine the stability of other governments. Second, there are government-sponsored hackers. These groups are typically paid for by nations in order to separate themselves from the type of attack that is taking place. They attack all kinds of targets.

The third and fourth are hacking collectives and individual rogue hackers. Sometimes hacking collectives can be government-sponsored. Other times they act on their own. Frequently, these groups attack corporations of all sizes and harvest their data for sale on the dark web.

Consider how these groups might attack your clients and how your clients’ risk profile might change based on the groups that target them.

Crime Targets, Attack Vectors, and What They Mean for Financial and Insurance Providers

What methods do these criminals use though? And what are their targets? Unfortunately, I cannot cover every single type of target and attack vector here, but I will cover the most common areas and discuss how these can impact your business.

To begin, many hackers target personal data -- at all levels. This means whether a business has 2 employees or 2,000, they are ripe for being attacked. Personal data does not just mean an employee’s data either, it means all the data that the business itself has collected.

For example, hospitals store all sorts of important data on patients, including their date of birth, social security number, address, and even vital records. Encrypting records is key to preventing these data breaches. Hospitals aren’t the only vulnerable industry, however, all business owners should consider some type of insurance to prevent loss when a data breach occurs.

Second, a favorite target of many hackers is cryptocurrencies and other financial assets. Today, more and more financial institutions sell cryptocurrency or invest in it themselves. Insurance providers may offer policies that cover the loss of cryptocurrency. There are many options for safely storing your crypto, but it will definitely continue to be a major target along with all other types of assets.

When it comes to how attackers seek this information the most common methodology is phishing. Phishing involves posing as, or spoofing, a trustworthy identity. Once the hackers have gained your trust, through social engineering, they then send a file, link, or other pieces of malicious software to gobble up your information or take control over your system.

Email is one of the most common ways that phishing scams are employed, which is why it is so vital that your email is secured with the right software. Other times these scams can be employed on social media. A business may have employees on Facebook or TikTok, who subsequently, albeit unintentionally, expose their employer to threats.

Insurance companies should consider this in the underwriting process. Does the business you are insuring have a social media policy for employees? Does the business have other kinds of insurance policies in place in the event of the worst happening? A training program to protect against phishing? These should be considerations in any process you undertake.

Brute force hacking is far less common than phishing, but it often requires more resources on the part of the hacker. Businesses and financial institutions can be particularly vulnerable to these types of intrusions because of corporate software that allows many employees to connect in the cloud. A hacker targeting the database of a large corporation could easily gain access to countless files.

These are just a handful of the areas that can potentially be impacted by cybercriminals, but they are the main areas to consider if you provide either financial or insurance products.

Big Opportunities for Financial and Insurance Providers

As you can see, the increase in cybercrime and expansion of cyber vulnerabilities are opportunities for both financial and insurance providers to tailor their services to their clients. By better understanding how working from home has expanded the marketplace for hackers, financial and insurance providers can both offer more complete coverage and better protect consumers.

Secure Modern Workplace

10 IT Trends for 2022 that MSPs should know

admin — Thu, 10 Feb 2022 21:45:33 +0000

10 IT Trends for 2022 that MSPs should know admin Thu, 02/10/2022 - 15:45 Trends ��Ƶɫ

For the last two years, uncertainty and unpredictability have reigned supreme in the IT world. The world of work was turned on its head by a global pandemic, and the message was clear: businesses that change too quickly to stay afloat would sink.

But while many businesses have taken a reactive approach to IT changes, 2022 is ushering in a new era. It’s time to start planning again. Here are IT 10 trends CompTIA predicts for 2022.

1 The definition of “workplace” will continue to change

If the pandemic taught us anything, it’s that work can happen anywhere—for better or worse. Working from home full-time has been a gift for some and a burden for others, and how employees want to move ahead is deeply personal for each person.

It’s clear that companies will need to be flexible in how they accommodate their employees’ needs in the year ahead. Some employees may want to remain remote while others will want to hold onto a hybrid approach.

Technologically speaking, being able to support remote work has encouraged most IT departments to reorganize their list of priorities, pushing them to formalize and legitimize band-aid solutions so that they can scale properly. For many organizations, this means a renewed commitment to digital transformation.

2 Travel for business will be more measured

For a long time and for many people, travel was part and parcel of working in the technology industry. When the pandemic ground things to a halt, however, businesses were forced to find new ways to connect. Video calls and virtual conferences became the norm, and rather than highlight why travel was so essential, changing things up actually proved that it was a lot less necessary than many had assumed.

In 2022 and beyond, travel for work is going to look a lot different. Firstly, approved business travel will need to have a proven use case and ROI. Secondly, smaller regional conferences and hybrid/virtual conferences will be more common. Thirdly, more employees will be empowered to turn down travel requests, which is especially important now that younger generations of workers have cited virtual collaboration as sufficient for innovation, as well as concerns over climate change making them less enthusiastic about hopping on the next flight.

3 The never-ending quest for regulation continues

Regulation has long been a seemingly unsolvable puzzle in the tech industry, but the pressure to reduce monopolistic practices and protect consumer privacy has only increased in recent years. Creating laws around these issues hasn’t gotten any easier, though; antitrust concepts and business practices vary by country, and increased globalization makes it difficult to contain any one rule in a meaningful way.

Going forward, the onus is shifting to tech companies rather than regulatory bodies. All tech companies will have to work to fully comprehend the unintended consequences of their output, and to try to build a framework that encourages responsible behavior. Tech firms need to help lawmakers understand the issues, examine their own operations, and practice transparency with their clients to address these concerns.

4 Technology budgets will grow—stealthily.

Over the last few years, CIOs have been expected to do more with less as IT budgets shrank. Today, though, businesses are moving away from the assumption that IT is a cost center that needs to be tightly controlled.

Today, businesses are taking a more strategic point of view in how they approach their IT budgets, but this shift in perspective isn’t so obvious at first glance. Stealth IT, where business units procure their own technology, makes it hard to track overall technology budgets.

Technology can also be an embedded component of business solutions, making it difficult to be explicitly defined. Take the example of a custom website built as part of a marketing campaign. The entire budget may be assigned to marketing, even though technology was built to meet the objective.

Overall, even when tech spending grows, there may not be tech-specific line items to back it up in the books. Today’s technology opportunities are more than hardware installations and software licensing, and they’re more integrated into businesses’ long-term goals than ever.

5 Cybersecurity is getting more proactive

When it comes to cybersecurity, more has changed in the last five years than the decades that preceded them. For a long time, cybersecurity was planned out based on the idea that a firewall and antivirus software were enough to keep out the bad guys. However, the move to cloud services and mobile-first workforces has eroded the idea of the secure perimeter, and the idea of a defensive approach.

Today’s security breaches can lay dormant and undetected within networks for a long time, and more businesses are becoming wise to the idea that a proactive approach is necessary to keep data and users truly safe. More organizations are starting to use their own resources or outside partners to probe systems and find any weak spots.

Both offensive and defensive approaches are necessary to keep modern workplaces safe, which includes intentional strategy along with new investments in infrastructure.

6 Channel cybersecurity still has strides to make

CompTIA’s 2021 State of the Channel study, found that 36% of channel businesses are either only just beginning to formulate their cybersecurity strategies, are behind schedule, or not involved in cybersecurity at all. Of the 64% that are on target, only 28% of them consider cybersecurity a strategic specialty, meaning the majority do not offer more sophisticated tools and services beyond the basics of antivirus and firewall protection.

While there are understandable risks and challenges that come with operating a successful cybersecurity practice, there’s really no excuse for not specializing in this space. Considering how much cyberattacks against MSPs have increased recently, these companies can’t afford to expose themselves and put their customers at risk.

7 More channel companies will take the consulting route

How customers buy technology has fundamentally changed. Product-centric, transactional business models no longer cut it for MSPs, and more channel providers have been moving to more of a consulting-based offering. The evidence is clear: helping customers run their businesses better with the right technology is a lucrative avenue that’s both profitable and in high demand.

Consultants have the opportunity to play the role of expert for businesses that need that expertise. In 2022, more channel firms will realize that reselling products and services in a cloud marketplace era is fading—but there’s lots of opportunity to expand into the kind of consulting that’s so sorely needed.

8 Chip supply chain constraints will cause a wake-up call

Without a reliable supply chain, even the best-engineered product won’t get built or delivered on time. Today’s global semiconductor shortage has affected smartphone, PC, and other chip-dependent industries in the wake of COVID.

For decades, just-in-time manufacturing has allowed suppliers and providers to stop stockpiling inventory and parts, and respond in as close to real-time as possible to demand. The chip shortage threw this method into question, however, with some now wondering if it might be wiser to keep inventory, parts, and components close to home, regardless of whether customer orders have been placed yet.

Many channel firms will have a decision to make in 2022: do they want to start holding some inventory of their own in the event of backlogs?

9 Software development will get more granular

Software development used to be left to large companies who could afford the resources and infrastructure to participate. As the foundational computing platform has stabilized and technology has become democratized, however, more companies have started adding their own software development skills.

Today’s companies have lowered the barrier to entry considerably by relying on open source and microservices. Cloud computing has also allowed companies to stand up multiple environments for development, testing, and production without needing capital investment.

As capacity and capabilities have grown, however, skills supply has flagged. This has led to organizations trying to compensate by breaking applications down into bite-size pieces. These smaller functions can be refreshed more quickly and reused throughout a comprehensive software strategy.

Whether this is an evolution of microservices or a new approach entirely, the trend of reusable pieces of software will simplify development but add challenges in integration and architecture management. To keep up, many companies will also accelerate their DevOps efforts, with more advanced companies exploring AIOps to further automate their established processes.

10 Data management will drive an analytics revolution

Today’s companies are aggressively pursuing analytics as a strategy in order to understand past transactions, improve operations, and predict future opportunities. But while data science is one of the fastest-growing roles, for most organizations managing data in-house is still a very early endeavor.

In fact, many companies are struggling to build a structured foundation of corporate data, and will have to start with the basics. This requires an understanding of where data lives and how it is used, as well as a classification of all data to define requirements around usage and security. It also requires a strategy for data to outline goals and identify trade offs.

Only organizations that have updated their storage schemes, or ensured that they are getting the most out of traditional tools like relational databases, will be ready to move on to tools that work with unstructured data, algorithms that leverage machine learning, or models that rely on real-time data streams.

Read the full report

If you want to get more in-depth on CompTIA’s predictions for 2022, you can read the full CompTIA IT Industry Outlook 2022 here.

The Future of MSP

IP Spoofing Attacks: What are they and how can you prevent them?

admin — Fri, 17 Dec 2021 21:45:22 +0000

IP Spoofing Attacks: What are they and how can you prevent them? admin Fri, 12/17/2021 - 15:45 Trends ��Ƶɫ

There are dozens of techniques hackers can use to try to infiltrate your company's sensitive data, though some are more sophisticated than others. IP spoofing attacks are used by bad threat actors to “get a foot-in-the-door" of your network. They’re growing in popularity and frequency, and have the potential to wreak havoc on your organization if gone unnoticed. In this article, we will dive deeper into what IP spoofing is, how it’s commonly used, and what you can do to protect your organization for these types of attacks.

What Are IP Spoofing Attacks?

When data is transferred over the internet, it gets broken up into packets before being reassembled upon arrival. Each and every packet comes with source information, including the IP address of the sender and receiver.

IP spoofing is an entry point for attackers, used to bypass systems that are set up on a model of trust, or used to enter networks that aren’t secured with the right systems.

When attackers use IP spoofing, they impersonate a legitimate entity by changing their IP (Internet Protocol) source information to make the receiving computer system believe the data is coming from a trusted source. In systems that are configured to work between a set of trusted networked devices, IP spoofing can be used to circumvent the IP authentication process by appearing as a trusted entity on the network... getting past the moat and into the castle.

IP spoofing can be used to carry out “Man-in-the-Middle" (MitM) or “denial-of-service" (DoS) attacks. These methods allow hackers to obtain sensitive data, such as credit card information or social security numbers by interfering with communication between other networked computers. In the case of DoS, the hacker leverages devices they’ve compromised, i.e. “zombie” devices to carry out the attack. Often, hackers will even have a large network of these compromised devices, that they will use to flood or completely shut down websites and servers, and the IP source information is falsified to create confusion and prevent mitigation. This is similar to someone sending a dangerous item in the mail, but placing a false return address on the package (or even putting the recipient address on the package as the return address). This method makes it difficult for businesses to trace the source of the attack.

How Can My Organization Prevent IP Spoofing?

Although there are many things to worry about in the world of cyber security, there are also many ways to keep yourself and your organization safe from attacks like these.

Your users will be highly unlikely to detect IP spoofing, that’s why it’s important to ensure the organization’s IT security measures are up-to-date and configured properly. Some recommendations are to enable multi-factor-authentication (MFA) for your employees to access critical data in your network. Validating devices inside the organization with MFA is a strong option to provide an extra protection layer. It’s also recommended to place your network behind a firewall, and to implement additional security measures beyond IP authentication alone. Perhaps it’s time to implement packet-filtering for incoming traffic (ingress filtering), and external network traffic (egress filtering) to bulk up your IP authentication process, for example. Members of your web development team can also ensure they’re using the most up-to-date internet protocol, as old versions are more vulnerable to attacks.

How Can My Organization Recover From an Attack?

If your organization has been the victim of attacks carried out after IP spoofing, you know how jarring it is to discover that your network has been infiltrated. If you notice a device (or multiple devices) in your organization has been infiltrated, the first step is to disconnect it from the network as soon as possible. This can prevent the spread of the attack and give you a chance to perform data backups if they aren't done automatically in the cloud.

Next, affected users should change their login credentials and avoid using the same password for multiple accounts.

At this stage, you should have your cybersecurity team scan your system for viruses or malware, or reach out to a professional local IT security team (such as a Managed Service Provider in your area) that can help you with the process.

Finally, run an audit and see where the vulnerabilities were that allowed a hacker to gain access to your network or data. Once you know how the attacker got in, you can change your cybersecurity policies and procedures to prevent attacks like this from happening ever again, and begin implementing some of the recommendations we provided above.

Connect With A ��Ƶɫ Partner Today to Help Prevent Cybersecurity Attacks

��Ƶɫ is partnered with thousands of Managed Service Providers who can help you get to the root of your most common security vulnerabilities and offer their top choices for the tools you need to properly patch up any gaps. You can connect with a local IT partner in our network to help with network security.

Secure Modern Workplace

3 Recent Attacks Where Phishers Abused Google’s Services

admin — Wed, 03 Nov 2021 20:14:58 +0000

3 Recent Attacks Where Phishers Abused Google’s Services admin Wed, 11/03/2021 - 15:14 Trends David Bisson

In a recent blog post, I discussed seven instances in which digital attackers abused Microsoft to launch phishing campaigns in recent years. The reality is that Microsoft is just one of the many companies targeted by phishers. Email attackers misuse the services of others, too.

Take Google as an Example

Attackers have a history of abusing Google’s services. Back in May 2020, for instance, Trustwave SpiderLabs detected multiple phishing attempts abusing Google Firebase, a mobile and web application development platform which provides secure uploads and downloads for supported apps. Some of those attack attempts used the pandemic and Internet banking as lures to trick victims into clicking on a fake vendor payment form that redirected them to a phishing page hosted on Firebase Storage. Others used an Office 365 phishing lure to redirect victims to an Office 365 phishing page hosted on Firebase.

Several months after that, Threatpost reported on a campaign in which digital attackers used Google Forms to create phishing landing pages masquerading as the login pages for more than 25 different entities. Security researchers detected a total of more than 250 different pages created using Google Forms as part of the campaign. More than 70% of those fake login pages impersonated AT&T, while the others claimed to belong to various financial organizations, collaboration apps, and government agencies.

It was about a month later when ��Ƶɫ | AppRiver detected an email that came from someone named “Diana.” Using the subject line “Re-validation,” the message claimed to be official correspondence from Microsoft Exchange requiring recipients to upgrade to the “latest e-mail Outlook Web Apps 2020.” The email contained an “UPGRADE” link that, when clicked, redirected victims to a file hosted via Google Docs and disguised as an OWA login portal.

Google’s Upcoming 2SV Auto-Enroll Drive

In response to the attacks discussed above, among others, Google is taking steps to protect its users. One of its most recent initiatives involves an effort to auto-enroll 150 million users accounts into its two-step verification (2SV) feature. As part of that drive, the tech giant announced its intention to require two million YouTube creators to turn on the feature, as well.

“We also recognize that today’s 2SV options aren’t suitable for everyone, so we are working on technologies that provide a convenient, secure authentication experience and reduce the reliance on passwords in the long-term,” Google explained in a blog post. “Right now we are auto-enrolling Google accounts that have the proper backup mechanisms in place to make a seamless transition to 2SV. To make sure your account has the right settings in place, take our quick Security Checkup.”

How to Defend Against Email Attacks Abusing Google

Organizations can take several steps to defend themselves against email attacks abusing the services of Google and other tech providers. First, they can use security awareness training to educate their users about new email attacks. They can also highlight the point that Google intends to “auto-enroll” users into its 2SV feature, which means they won’t have to do anything on their end. As such, organizations can educate employees to be wary of emails that disguise themselves as Google informing recipients that they need to activate 2FA on their accounts.

That’s not all organizations can do. They can also emphasize the importance of users logging into their web accounts by visiting a website directly, suggest that employees proactively enroll in 2FA schemes on whichever accounts they can, and avoid clicking on links embedded in emails. Finally, they can use a security solution to scan incoming emails on multiple layers.

Secure Modern Workplace

Understanding Digital Attackers’ Appropriation of the “As a Service” Model

admin — Fri, 22 Oct 2021 18:00:46 +0000

Understanding Digital Attackers’ Appropriation of the “As a Service” Model admin Fri, 10/22/2021 - 13:00 Trends David Bisson

Recently, I wrote about Microsoft’s discovery of a new phishing-as-a-service (PhaaS) offering called “BulletProofLink.” PhaaS functions similarly to Ransomware-as-a-Service (RaaS), the tech giant explained, in that it follows the Software-as-a-Service (SaaS) model. Someone needs to develop infrastructure that buyers can use to stage their own attacks. In the case of PhaaS attacks, malicious actors pay for hosted phishing links and pages so that they can receive the stolen credentials later. That stands in contrast to RaaS operations where attackers gain direct access to compromised devices.

Why Digital Crime Is Turning to SaaS

According to IBM, the SaaS model brings several benefits to customers—even those that have nefarious ends in mind. Those advantages are as follows:

Reduced time to benefit: It’s not the customer’s responsibility to install and configure the software on their own. All they need to do is provision the server for an instance in the cloud. This saves customers time that they would otherwise need to spend on deploying the software. That also goes for attackers, who can just start using the software to ensure a higher success rate of their attacks.
Lower costs: Software sits within a shared or multi-tenant environment, which brings down the associated software and hardware costs as well as the maintenance fees. These savings trickle down to the customer. If criminals can just rent out access to ransomware or a phishing service, they can save more of their funds for conducting attacks.
Scalability and integration: Customers don’t need to buy additional servers or software to scale their solutions. All they need to do is enable a new SaaS offering that’s owned by the provider as their needs evolve. It’s therefore easy for attackers to scale up their malicious activity without consuming more of their monetary resources.
New releases (upgrades): The SaaS provider is responsible for upgrading their solution, at which point a new version becomes available to their customers. It’s not the responsibility of the customers to purchase upgrade packages and/or support services so that they can install it. As such, attackers get the best and brightest features that they can use to evade organizations’ defenses.
Easy to use and perform proof-of-concepts: SaaS offerings give customers the option of testing new functionality or release features in advance. They can also have one instance with different versions. These possibilities allow attackers to customize their efforts, making it possible for even those with limited technical experience to launch their own attack campaigns.

These benefits help to explain why attackers are embracing Cybercrime-as-a-Service offerings like RaaS and PhaaS operations. There’s also Malware-as-a-Service (MaaS) where attackers gain access to malware strains on a pay-as-you-go basis. In late September, for instance, Forbes reported that Russian-speaking underground hacking forums were offering a new MaaS operation at $10 per month or $40 for a lifetime subscription. The threat is specifically designed to harvest user data and session information from major PC gaming platforms so that they can sell in-game loot on the dark web.

Then there’s Fraud-as-a-Service (FaaS). These types of offerings can take on various forms. As an example, WeLiveSecurity discovered a malware-driven FaaS platform called “IISerpent” in August 2021. The threat leveraged SEO fraud techniques on compromised IIS servers to augment the page ranking for third-party websites by preying on a compromised site’s ranking.

Defending Against Crimeware as a Service

The types of offerings discussed above highlight the need for organizations to defend themselves using multiple layers of protection. That principle applies across all levels of an organization’s infrastructure including their email. Learn how ��Ƶɫ | AppRiver can help.

Secure Modern Workplace

Bill Would Require Victims to Disclose Ransomware Payments in 48 Hours

admin — Fri, 15 Oct 2021 16:16:42 +0000

Bill Would Require Victims to Disclose Ransomware Payments in 48 Hours admin Fri, 10/15/2021 - 11:16 Trends David Bisson

A proposed bill would require victims of ransomware to disclose that they had paid a ransom within a 48-hour window.

Inside the Details of the Bill

On October 5, 2021, United States Senator Elizabeth Warren (D-Mass.) announced that she and Representative Deborah Ross (D-N.C.) had introduced the Ransom Disclosure Act.

“Ransomware attacks are skyrocketing, yet we lack critical data to go after cybercriminals,” Senator Warren said, as quoted in a press release. “My bill with Congresswoman Ross would set disclosure requirements when ransoms are paid and allow us to learn how much money cybercriminals are siphoning from American entities to finance criminal enterprises -- and help us go after them.”

The bill itself consists of four main provisions. These are as follows:

Ransomware victims (not including individuals) would need to disclose information about ransom payments within 48 hours after having fulfilled those demands. Such information would need to include the amount of the ransom demanded by the attackers, the date when they paid the ransom, the type of currency they used to pay the ransom, whether the victim was receiving funding from the federal government at the time of payment, and any details they might know about the entity that demanded the ransom.
The U.S. Department of Homeland Security (DHS) would create a website through which individuals could voluntarily report the payment of ransom demands.
DHS would make ransom payment information reported in the previous year available to the public. Before doing so, it would remove any information that someone could use to identify the reporting victims.
The DHS Secretary would review the ransom payment information and use it to analyze ransomware attacks for commonalities such as the extent to which cryptocurrency helped to facilitate payment in the disclosed attacks. They would then submit a report proposing recommendations on how the U.S. government could help to protect information systems and strengthen the nation’s cybersecurity.

Other Counter-Ransomware Efforts at the Federal Level

The Ransom Disclosure Act isn’t the first counter-ransomware effort announced by federal officials in recent weeks. On September 21, for instance, the Office of Foreign Assets Control (OFAC) at the U.S. Department of the Treasury designated cryptocurrency exchange SUEX for its role in helping to facilitate ransomware payments. That same day, OFAC updated its advisory on the sanctions risks that come with paying ransomware attackers. The new version discouraged organizations and users from giving into ransomware actors’ demands, and it urged them to contact law enforcement in the event they suffered an infection.

Less than two weeks later, the Biden Administration revealed that it was planning to convene a meeting of 30 countries at the White House to cooperate on addressing the ransomware threat. The Administration said that the resulting alliance would specifically work “to accelerate our cooperation in combatting cybercrime, improving law enforcement collaboration, stemming the illicit use of cryptocurrency, and engaging on these issues diplomatically,” as quoted by CNN at the time of the announcement.

Defending Against Ransomware

It’s unclear what impact the Ransom Disclosure Act could have on compliant ransomware victims if passed. As pointed out by Bleeping Computer, for example, many believe that efforts at forcing victims to disclose ransom payments “would merely result in making ransomware attack repercussions more severe.” Acknowledging that viewpoint, it’s important for organizations to focus on preventing a ransomware infection from occurring in the first place. They can do that by investing in an email security solution that uses multiple layers of analysis to scan incoming messages for indicators of ransomware and other digital threats.

Step up your organization’s anti-ransomware efforts with ��Ƶɫ | AppRiver. We offer Email Threat Protection to prevent infiltration through email, one of the top ransomware threat vectors. It’s also a good time to get proactive with your resilience strategy by implementing Cloud-to-Cloud Backup – so you have access to a clean copy of your data and point-in-time recovery capability in the event of a ransomware attack.

Secure Modern Workplace

Cryptocurrency Exchange SUEX Sanctioned by U.S. Treasury Department for Facilitating Ransomware Transactions

admin — Mon, 04 Oct 2021 21:39:56 +0000

Cryptocurrency Exchange SUEX Sanctioned by U.S. Treasury Department for Facilitating Ransomware Transactions admin Mon, 10/04/2021 - 16:39 Trends David Bisson

The U.S. Department of the Treasury announced that it has sanctioned a cryptocurrency exchange for helping to facilitate the financial transactions of ransomware actors.

Understanding the Decision to Sanction

On September 21, the Treasury Department’s Office of Foreign Assets Control’s (OFAC) designated virtual currency exchange SUEX under malicious cyber actor sanctions program for its involvement in ransomware activities.

“SUEX has facilitated transactions involving illicit proceeds from at least eight ransomware variants,” OFAC explained in a press release. “Analysis of known SUEX transactions shows that over 40% of SUEX’s known transaction history is associated with illicit actors.”

By designating SUEX, OFAC blocked all the platform’s property and interests in property subject to U.S. jurisdiction. It also prohibited U.S. individuals from engaging in business with the target, blocked entities owned 50% or more by the target, and exposed persons and/or entities that engage in certain transactions with the cryptocurrency exchange to the threat of sanctions.

OFAC did not implicate a specific Ransomware-as-a-Service (RaaS) operation or another ransomware variant in its designation, which it made pursuant to Executive Order 13694.

The First-of-Its-Kind Designation

In its press release, OFAC explained that its decision involving SUEX was its first sanctions designation against a cryptocurrency exchange.

That’s not to say SUEX is the only virtual currency exchange that have contributed to the profitability of ransomware attacks. Indeed, ransomware actors commonly abuse those platforms to maintain their anonymity while they collect ransom payments from their victims.

The case of SUEX is unique, however, in that the cryptocurrency exchange “facilitate[d] illicit activities for their own illicit gains,” per OFAC’s own words.

Ongoing Sanctions Risks for Facilitating Ransomware Payments

On the same day that it designated SUEX, OFAC released an updated version of its advisory on the sanctions risks surrounding activities that help to facilitate ransomware payments.

The advisory discouraged organizations and users from giving into ransomware actors’ demands, and it urged them to contact law enforcement if they ended up suffering an infection.

That’s the last thing attackers want their victims to do. The Ragnar Locker gang went so far as to threaten to publish their victims’ data online if they contacted the FBI or the police, wrote Bleeping Computer. About a week later, the computer self-help website reported that the Grief ransomware gang had begun threatening to delete victims’ decryption keys if they hired a negotiation firm to help them recover their encrypted files.

The fear is that ransomware groups will end up the target of law enforcement. If that happens, attackers may find themselves in a similar fate as the one that befell the DarkSide ransomware gang following the Colonial Pipeline attack. Worse, they could end up getting arrested—a position that makes it difficult to rebrand operations under a different name to evade sanctions. (Arrests don’t mean the end of operations, however. Take Clop as an example.)

Defending Against Ransomware Attacks

OFAC’s updated advisory came with recommendations for how organizations can defend themselves against ransomware.

One of those suggestions is to implement a risk-based compliance program for the purpose of mitigating an organization’s exposure to sanctions-related violations.

Organizations can also look to augment their email security posture. They can do this by investing in an email security solution that’s capable of scanning incoming messages for campaign patterns, malware signatures, IP addresses, and other known threat indicators associated with ransomware attacks. This tool should perform that analysis in real time, thus allowing legitimate correspondence to reach its intended destination.

Learn how to use a multi-layered email security approach to protect your email and ensure continuity in the event of a ransomware attack..

Secure Modern Workplace

NFTs – How Safe Are They?

admin — Wed, 28 Jul 2021 03:58:49 +0000

NFTs – How Safe Are They? admin Tue, 07/27/2021 - 22:58 Trends David Pickett

Just this March, Christie’s Auction House sold a non-fungible token (NFT) based art for more than $69 thousand dollars. Since then, NFTs continue to capture the attention of consumers, celebrities, and businesses around the world, but the security risks associated are very real.

While discovering new and inventive ways to exchange currency is par for the course in the digital age we live in, being aware of the security risks and taking actions to mitigate those risks will be imperative both in the short and long term.

What are NFTs?

NFTs are pieces of digital content that are stored on a blockchain, which is the same foundation for other cryptocurrencies, such as Bitcoin or Ethereum. What sets NFTs apart from other cryptocurrencies like Bitcoin and Ethereum is that each token is completely unique, so, unlike its predecessors, they cannot be traded or replicated.

How safe are NFTs?

NFTs are a burgeoning industry with a lack of regulations and oversight by design as it is blockchain-based, like cryptocurrencies. As such, the security implications will exponentially increase as user adoption grows with new attack vectors continuously discovered. It’s no secret threat actors are motivated opportunists who will attempt to pilfer any asset, physical or digital, that holds value. There have been many high-profile wallet storage attacks in the cryptocurrency industry over the years. Likewise, NFT wallets are an unregulated industry with private companies utilizing varying degrees of cybersecurity defense techniques to prevent attacks. So in short – they aren’t very secure.

Also in March, attackers compromised multiple Nifty Gateway NFT user accounts and were able to transfer the previously purchased NFTs from their account and purchase new ones to transfer with their payment cards on file. While the users’ cash was recovered, the NFTs were lost to the attackers who promptly sold them to another NFT purchaser located on a different platform since the platform itself, like Nifty Gateway, holds the private keys associated with the NFT and they weren’t recoverable after being transferred.

How can you stay safe when handling NFTs?

The most important things users can do to protect their NFTs are simple but important actions to take on all online accounts, which include:

Multi-factor authentication (MFA): While it’s not a failsafe, this simple step makes it exponentially more difficult for threat actors to gain access to your account. By connecting your logins with a phone number or an alternate email account, you can get a notification if someone is attempting to access your account.
Password hygiene: his may seem like another no-brainer, but both consumers and businesses have trouble taking necessary steps to ensure the safety of the passwords themselves. To have good password hygiene, you must use (1) lower and uppercase, (2) numbers, (3) special characters and (4) different and unique passwords for every account. While it takes more effort to remember all the different passwords you use on which sites, there are tools out there that can securely store your passwords, like Keeper or LastPass.
Secure Storage: For both users and companies, when applicable and done properly, cold storage of digital assets (meaning not stored in an online environment) offers the best security from Internet-connected thieves. But even then, cold storage solutions, whether it be hardware, paper or desktop wallets, still must be physically secured to protect against loss, damage or theft.

Because the NFT industry has a lack of regulations and oversight, it’s no secret among threat actors that there are legal loopholes that exist in the industry, which will allow some to operate with impunity in certain scenarios. If you are a current owner of NFTs or are thinking about buying, the best way to proceed is to educate yourself on the vulnerabilities and take the above steps to secure your environment.

For more information on how ��Ƶɫ can protect your financial data including NFTs, check out our Financial Services page.

Secure Modern Workplace

Ransomware on the Rise

admin — Sun, 18 Jul 2021 04:10:43 +0000

Ransomware on the Rise admin Sat, 07/17/2021 - 23:10 Trends Noah Webster

Ransomware cripples the target company’s operations, making it much different from an attack that steals data. The implication of this became clear as I developed a contingency plan to pay a ransom. Before thinking through the issue, I pictured the payment as a get-out-of-jail-free-card. My team does all it can to secure our systems; if we get hit, we can pay and continue operations. But that simply isn’t the case. You need a better plan.

Ransomware on the Rise

Ransomware blocks access to systems or data until you pay. It takes what would once result in a breach or data loss through phishing email or an exposed security vulnerability, and systematizes how the attacker monetizes the attack. After the attacker gains control, they threaten to keep you locked out or to disclose your data unless you pay.

A recent attack on Kaseya shows how ransomware presents a threat to both a Managed Service Provider (MSP) and the end customer. The attacker uses the MSP to gain access to the customers.

Given the financial incentive, everything about ransomware has exploded. In 2020, ransomware attacks increased by approximately 400% in developed nations, with a reported 65,000 successful attacks which is an average of one every eight minutes. The FBI observes that, in 2013, ransomware focused on one PC at a time, now it targets entire networks or industries. A ransom demand had been hundreds of dollars, then thousands, now millions. Where previously a gang often worked alone, Ransomware attackers now coordinate as larger cartels, sharing information and techniques more broadly.

The threat has become so serious that the U.S. government now offers a bounty up to $10M for information that leads to the arrest of a ransomware gang. The government has also established a stopransomware site to keep you informed and encourage victims to report attacks.

Paying the Ransom, Not a Good Option

There are several reasons why you cannot depend on being able to pay your way out of a ransomware incident:

No guarantee of honesty. Despite stories about the illicit dark web running like the Amazon store, where even the bad guys must maintain a reputation for honoring commitments, you can’t be sure that your system will be restored after you make payment. Even if your attacker wants to restore your system, the restoration process may not work or the attack may have been irreversibly destructive. You can also have no expectation that any restoration will happen immediately.
Government prohibitions. On October 1, 2020, the Department of Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory that ransomware payments encourage malicious activity, and could thus threaten national security. On this basis, OFAC can impose penalties for making ransomware payments.

In a development that may hit closer to home for an MSP, states are in the process of passing laws that draw this same line. Specifically, states are evaluating bills that prohibit ransomware payments and require reporting of ransomware attacks. MSPs that serve state and local government customers will be directly impacted. Louisiana is first, with its law effective February 1, 2021.

Effective Law

Louisiana (Requires registration of MSPs that service Louisiana government entities and for registered MSPs to report cyber incidents and ransomware payments)

Bills

New York (Bans the payments of ransom in cyber-incidents by a New York government entity or by another entity on their behalf. Requires reporting.)
North Carolina (Prohibits government entities from making ransomware payments. Requires reporting.)
Pennsylvania (Requires an MSP “in the service” of Pennsylvania to report “discovery of ransomware or of an extortion attempt involving ransomware within one hour of the discovery.” Taxpayer money must not be used to make a ransomware payment, except in circumstances of a declared emergency.)

Reputation. Ransomware payments can become public, and your reputation may suffer. Moreover, the bad guys will know you pay, putting you on the radar for subsequent attacks.

As you consider whether to pay, your operations and those of your customers are at a standstill. Rather than be left in a no-win situation of choosing between watching your business perish or making a desperate payment that may only make things worse—have a backup plan.

Establish a Backup Plan

First off, implement appropriate safeguards to secure yourself against and detect cyberattacks (e.g., two-factor authentication, phishing training, access management etc.).

Then for Plan B, establish a ransomware response plan that includes backup and restore capabilities. Such capabilities assist not only in a ransomware situation, but apply in the case of any destructive event that effects your data or systems, events such as malicious insider activity, an honest mistake, or natural disaster. As an MSP, your plans should account for customers, as well as your own systems.

Backup and Restore. If you have a working backup, you can sidestep the ransomware attack and get back to work as soon as you restore. So create backups for your systems and data, focusing on high value data.
Segregation. Segregate the backups so an attacker can’t access them after compromising your systems.

Segregate parts of your systems. This enables you to pull-the-plug on an infected area, protecting the rest of your systems.
Know where the copies are. Review your systems to locate where distinct copies of data reside, even if it isn’t a formal backup copy. You can make use of such copies during a crisis.
Have a plan. Have an incident response plan, specific to ransomware, and periodically test it. Table-top exercises with your principal executive decision-makers are helpful, and so is testing of your backup and restore capabilities.
More tips. Here are suggestions for what your plan can cover:
- Replacing infected hardware, like employee laptops.
- Claiming insurance. Check your coverage.
- Following applicable law. Monitor the changing legal landscape.
- Cooperating with the government. Consider whether, and under what circumstances, you will report a ransomware attack to the government or seek assistance. The OFAC advisory and stopransomware site provide contact information. OFAC may show you leniency for cooperative reporting, if you end up making a prohibited ransomware payment.
- Renewing your commitment to security, especially closing the specific vulnerabilities that were exploited.

After you implement these steps, you’ll have another layer beyond cybersecurity to protect you and your customers’ business operations. You won’t need to consider making the payment, because back-up and restore will be your get-out-of-jail-free card.

Secure Modern Workplace

Biden Executive Order Takes Aims at Software Supply Chain, Federal Cybersecurity

admin — Thu, 17 Jun 2021 18:46:34 +0000

Biden Executive Order Takes Aims at Software Supply Chain, Federal Cybersecurity admin Thu, 06/17/2021 - 13:46 Trends David Bisson

Supply chain attacks made quite a few headlines in the first half of 2021. It all started when the NOBELIUM threat actor compromised the distribution systems for SolarWinds’ Orion IT network management platform to push out malware. Researchers discovered many more malware strains associated with the attack in the weeks and months that followed. As they did, the list of victims expanded to include tech firms, government entities, and security companies.

Then came news of HAFNIUM at the beginning of March. Microsoft found that this threat actor was misusing four vulnerabilities in Microsoft’s Exchange Server software to exfiltrate sensitive information from affected organizations. Other threat actors eventually caught on and leveraged the weaknesses to distribute new ransomware strains, malicious cryptominers, and other threats.

Hardening the Federal Software Supply Chain

It didn’t take long for the Biden Administration to respond to the attacks discussed above. In mid-May, they released an “Executive Order on Improving the Nation’s Cybersecurity.” The directive arrived with language for the purpose of securing the U.S. federal government’s software supply chain.

“The security of software used by the Federal Government is vital to the Federal Government’s ability to perform its critical functions,” the Executive Order (E.O.) notes. “The development of commercial software often lacks transparency, sufficient focus on the ability of the software to resist attack, and adequate controls to prevent tampering by malicious actors. There is a pressing need to implement more rigorous and predictable mechanisms for ensuring that products function securely, and as intended. The security and integrity of ‘critical software’ — software that performs functions critical to trust (such as affording or requiring elevated system privileges or direct access to networking and computing resources) — is a particular concern.”

Acknowledging this necessity, the White House ordered the Secretary of Commerce, the Director of NIST, and others to collaborate around developing an official definition for “critical software.” Those individuals will make a list of software and software products that adhere to the definition as well as guidance outlining security measures for those software products. It will then be up to federal agencies to comply with the best practices of encryption, network segmentation, least privilege, and other principles encapsulated in those guidelines.

Federal agency heads won’t be the only ones to help to develop those security recommendations. Indeed, the E.O. ordered the Secretary of Commerce and the Director of NIST to solicit input from the private sector, academia, and other actors on crafting new criteria for evaluating the security practices used by developers and suppliers. The Director of NIST will then publish preliminary guidelines on standards, procedures, and criteria as they relate to encrypting sensitive data and auditing trust relationships, among other supply chain security best practices. Six months later, the Director of NIST will be responsible for publishing additional guidelines around conducting periodic reviews of the preliminary guidelines.

Improving the Nation’s Cybersecurity

Biden’s E.O. isn’t focus only on hardening the software supply chain. Rather, it leverages supply chain security as part of a broader effort to modernize the U.S. federal government’s cybersecurity. Towards that end, the Executive Order requires that federal agencies adopt zero-trust architecture and uphold this new security model by implementing security best practices such as encryption and MFA.

Federal organizations don’t need to make those shifts on their own; they can adopt new technologies that help them to complete their shift to those security controls. Agencies bound by the E.O. might specifically consider investing in a solution that can protect their email communications with encryption. Such a solution should be capable of scanning emails and attachments automatically so that it doesn’t affect employee workflows—all while keeping any and all information contained in employees’ inboxes safe and secure.

Use ��Ƶɫ’s email encryption solution to strengthen your security posture in line with the Biden Administration’s Executive Order.

Secure Modern Workplace

Trends

How Finance and Insurance Providers Can Respond To The Surge of Cyberattacks

Growing Digital Footprints

Powered by the Cyberworld: Working From Home

Criminal Threats Online

Cybercrime Perpetrators

Crime Targets, Attack Vectors, and What They Mean for Financial and Insurance Providers

Big Opportunities for Financial and Insurance Providers

10 IT Trends for 2022 that MSPs should know

1 The definition of “workplace” will continue to change

2 Travel for business will be more measured

3 The never-ending quest for regulation continues

4 Technology budgets will grow—stealthily.

5 Cybersecurity is getting more proactive

6 Channel cybersecurity still has strides to make

7 More channel companies will take the consulting route

8 Chip supply chain constraints will cause a wake-up call

9 Software development will get more granular

10 Data management will drive an analytics revolution

Read the full report

IP Spoofing Attacks: What are they and how can you prevent them?

What Are IP Spoofing Attacks?

How Can My Organization Prevent IP Spoofing?

How Can My Organization Recover From an Attack?

Connect With A �����Ƶɫ Partner Today to Help Prevent Cybersecurity Attacks

3 Recent Attacks Where Phishers Abused Google’s Services

Take Google as an Example

Google’s Upcoming 2SV Auto-Enroll Drive

How to Defend Against Email Attacks Abusing Google

Understanding Digital Attackers’ Appropriation of the “As a Service” Model

Why Digital Crime Is Turning to SaaS

Defending Against Crimeware as a Service

Bill Would Require Victims to Disclose Ransomware Payments in 48 Hours

Inside the Details of the Bill

Other Counter-Ransomware Efforts at the Federal Level

Defending Against Ransomware

Cryptocurrency Exchange SUEX Sanctioned by U.S. Treasury Department for Facilitating Ransomware Transactions

Understanding the Decision to Sanction

The First-of-Its-Kind Designation

Ongoing Sanctions Risks for Facilitating Ransomware Payments

Defending Against Ransomware Attacks

NFTs – How Safe Are They?

Ransomware on the Rise

Ransomware on the Rise

Paying the Ransom, Not a Good Option

Effective Law

Bills

Establish a Backup Plan

Biden Executive Order Takes Aims at Software Supply Chain, Federal Cybersecurity

Hardening the Federal Software Supply Chain

Improving the Nation’s Cybersecurity

Connect With A ��Ƶɫ Partner Today to Help Prevent Cybersecurity Attacks