We recover a WPB company from $900,000 Ransomware attack
West Palm Beach, Florida. – A local business located in West Palm Beach, FL, was able to successfully recover all of its servers and applications following a ransomware attack, all without paying a penny of the $900,000 ransomware requested.
Not only did the effort save the company money and preserve trust in its systems, but it also helped continue to provide services to the 200 Fortune 500 companies that they provide services to.
The West Palm Beach company was breached by a massive ransomware attack. While this could have been a devastating blow to the organization, Virtual IT Security played a key role in greatly mitigating the impact of the attack.
Artificial Intelligence, ChatGPT and Cybersecurity:
A Match Made in Heaven or a Hack Waiting to Happen?
Software vendors have been integrating AI into products for years, which has led to innovations such as improved threat detection and training opportunities. But the emergence of newer technologies like DALL-E and ChatGPT has raised new questions about the real threats AI poses.
Underground criminal forums have finally caught on, according to a report from Israeli security company Check Point. In one forum post reviewed by Check Point, a hacker who’d previously shared Android malware showcased code written by ChatGPT that stole files of interest, compressed them and sent them across the web. They showed off another tool that installed a backdoor on a computer and could upload further malware to an infected PC.
In the same forum, another user shared Python code that could encrypt files, saying OpenAI’s app helped them build it. They claimed it was the first script they’d ever developed. As Check Point noted in its report, such code can be used for entirely benign purposes, but it could also “easily be modified to encrypt someone’s machine completely without any user interaction,” similar to the way in which ransomware works. The same forum user had previously sold access to hacked company servers and stolen data, Check Point noted.
One user also discussed “abusing” ChatGPT by having it help code up features of a dark web marketplace, akin to drug bazaars like Silk Road or Alphabay. As an example, the user showed how the chat bot could quickly build an app that monitored cryptocurrency prices for a theoretical payment system. FIND OUT MORE
3 reasons why MSPs are targeted by hackers
MSPs in particular are being targetted by attackers more and more frequently, putting additional pressure on providers to both shore up on and deliver cybersecurity. One MSP can serve hundreds of businesses with thousands of users and devices.
Our company Virtual IT Security recovered a company from a $900,000 RansomWare attack caused by MSP negligence.
#1 MSPs serve multiple clients with greater number of endpoints
The MSP channel has been growing rapidly for years, and it has only gained more momentum with accelerated digital transformation during the pandemic. This means more customers are trusting MSPs with more of their business data.
#2 An MSP’s distributed network can facilitate widespread attacks
In addition to there being more MSP customers out there for hackers to target, MSP networks are also vulnerable to widespread, distributed attacks. It’s not just about having a lot of victims to exploit, but about hitting them at the same time. These types of attacks are typically associated with ransomware.
#3 MSPs don’t have control over every aspect of a client’s security posture
While an MSP might be given stewardship of a company’s data, they may not be engaged with other security practices such as providing a client’s employees with security training or developing security policies.
A New Evil Proxy Phishing-as-a-Service Platform Beats MFA
EvilProxy
Researchers at Resecurity have discovered a new Phishing-as-a-Service (PhaaS) platform called "EvilProxy" that’s being offered on the dark web. EvilProxy is designed to target accounts on a variety of platforms, including Apple, Facebook, GoDaddy, GitHub, Google, Dropbox, Instagram, Microsoft, Twitter, Yahoo and Yandex.
Notably, EvilProxy has the ability to steal session cookies, which allows it to access accounts without needing a username, password or multifactor authentication (MFA) tokens.
"EvilProxy actors are using Reverse Proxy and Cookie Injection methods to bypass 2FA authentication – proxyfying victim's session," the researchers write. "Previously such methods have been seen in targeted campaigns of APT and cyberespionage groups, however now these methods have been successfully productized in EvilProxy which highlights the significance of growth in attacks against online-services and MFA authorization mechanisms....
Recent Cisco Hack by Ransomware Because of a Phishing Attack
- In a recent Forbes article, Cisco confirmed that they were hacked by a ransomware group as the group of cybercriminals published a partial list of files that were claimed to be exfiltrated.
- While there was no ransomware deployed during the attack, the Security Incident Response Team noted that the initial attack vector was through a successful phishing attempt of an employee's personal Google account. This in turn, led to the compromise of the company's credentials and access to their VPN.
- One user's honest mistake can potentially have a major impact on your organization. If an attack is successful, your organization can be severely damaged due to the financial loss. We highly recommend implementing frequent phishing tests and new-school security awareness training to your users. Remember - the stronger the human firewall, the stronger your organization is at stopping these types of attacks in the future!
Hotel's Recent Data Breach Caused by Social Engineering
This week Marriott International, one of the largest hotel chains, suffered their second data breach of 2022. The attack by a group named "Group with No Name" (GNN) took place in early June and they used social engineering to trick one of the hotel employees into granting access to that associate's computer.
Monthly short training reinforcement followed by simulated phishing tests
"Organizations need to ensure that all employees are frequently educated about social engineering, receiving training at least once a month followed by simulated phishing tests, to see how well employees understood and applied the training," said Roger A. Grimes, Data-Driven Defense Evangelist at KnowBe4.
Assess your employees for their strengths and weaknesses through Security Awareness Training.
Virtual IT Security recovers company from Ransomware attack
$900,000 Ransomware attack thwarted by Virtual IT Security
Virtual IT Security's SWAT team had been working for two weeks to run down and clean up a $900,000 ransomware attack for a prominent award-winning, global professional services firm.
FBI Warns LinkedIn Fraudsters Are Now a Significant Threat
" CNBC reports. Sean Ragan, the FBI's special agent in charge of the San Fran and Sacramento field offices, told CNBC in an interview that cryptocurrency scams have been particularly widespread recently.
"This type of fraudulent activity is significant, and there are many potential victims, and there are many past and current victims," Ragan said. "So the criminals, that's how they make money, that's what they focus their time and attention on," Ragan said. "And they are always thinking about different ways to victimize people, victimize companies. And they spend their time doing their homework, defining their goals and their strategies, and their tools and tactics that they use."
LinkedIn stated in a blog post last week, "While our defenses catch the vast majority of abusive activity, our members can also help keep LinkedIn safe, trusted, and professional. If you do encounter any content on our platform you believe could be a scam, be sure to report it so that our team can take action quickly. "This includes anyone who asks you for any personal information, including your LinkedIn account credentials, financial account information, or other sensitive personal data. We also encourage you to only connect with people you know and trust. If you'd like to keep up with someone you don't know but that publishes content that is relevant to you, we encourage you to follow them instead." "WANT TO LEARN MORE"?
How Hackers Steal Your Passwords and How To Defend Yourself
Despite the world's best efforts to get everyone off passwords and onto something else (e.g., MFA, passwordless authentication, biometrics, zero trust, etc.) for decades, passwords have pervasively persisted.
Today, nearly everyone has multiple forms of MFA for different apps and websites AND many, many passwords. The average person has somewhere between three to seven unique passwords that they share among over 170 websites and services.
Here are some related statistics:
• The average person has 19 passwords - but 1 in 3 don't make them strong enough
• The average employee manages nearly 200 passwords
• The average business user has 191 passwords
Unfortunately, those passwords often get stolen or guessed. This is why I recommend the following password policy guide.
Most computer security experts agree with these policy recommendations, but more than a few readers might be shaking their heads, especially at the recommendations to use 20+ character passwords/passphrases.
Why in the world would anyone need a 20+ character password to protect against password hacking attacks? Major Categories of Password Attacks In general, password attacks fall into four different major categories:
• Password theft
• Password guessing
• Password hash theft and cracking
• Unauthorized password resetting or bypass
