TPx Blog

Cybersecurity Horror Stories

This time of year, we’re all acutely aware that ghosts are ghoulish, shadowy figures are spooky, and vampires are hiding in the night. But if there’s one thing you should truly be afraid of, it’s the threat of a cyberattack hitting your business.

October is about more than the frights of Halloween – it’s also National Cybersecurity Awareness Month (NCSAM). TPx is joining the mission to educate the community on the dangers of cybersecurity threats.

We all regularly see the headlines of companies paying millions of dollars as a result of data breaches. As a small or mid-size business, you might brush it off as “it won’t happen to me.” But just because the news doesn’t report on attacks on smaller companies, it doesn’t mean they aren’t happening. In fact, nearly two-thirds of cyber breach victims are small to mid-size businesses. They don’t make it into the news because they don’t affect as many people and don’t cost millions of dollars; however, they do cost enough to make or break a smaller business. According to an October 2017 report from UPS Capital, the average cyberattack costs small businesses between $84,000 and $148,000. Of course, aside from monetary damages, there are damages to customer trust and brand reputation which may never quite return to the pre-attack state.

Let’s take a look at some noteworthy examples of cyberattacks from the last 12 months. Warning: these are so frightening that you might want to sleep with the lights on tonight.

Two Terrifying Tales of Ransomware Infiltrating Government Systems

This March, the city of Atlanta was hit by a massive ransomware attack. Atlanta’s residents were unable to perform simple tasks like paying parking tickets or utility bills because the ransomware attack locked down the city’s files. The hackers demanded payment of approximately $50,000 in Bitcoin. But the real damages supersede this amount by far: the city will now need to come up with $9.5 million to address the remaining damage, more than 6 months after the attack. That amount is on top of the more than $2 million in emergency procurements Atlanta Information Management sought following the attack. But remember, it’s not always just about monetary damages – the cyberattack also destroyed “years” worth of police dash-cam video footage.

More recently, the Port of San Diego fell victim to a ransomware cyberattack, only days after a similar ransomware attack hit the Port of Barcelona in Spain. Such attacks can have ripple effects throughout a variety of industries. They not only bring the movement of goods to a halt in the targeted country, they also slow or stop operations in any other country that ships goods to or from the affected port.

Government organizations like these are frequently a popular target for cyber adversaries. Experts that study public administration and local government especially worry about small to medium-size cities and counties that hold a lot of data, but may not have the in-house resources to keep that data secure.

Three Horrifying Stories of Attacks on the Healthcare Industry

Healthcare is another industry where you can find many cybersecurity horror stories. Last December, a cyberattack knocked the University of Rochester’s Jones Memorial Hospital offline for a week. Fortunately, this small rural provider was prepared and used standard downtime operations that its team regularly trained for. Otherwise, the damage could have been far worse.

Another recently-reported cyberattack happened to an Indiana hospital. A computer virus forced the hospital to cancel elective surgeries and divert ambulances as a result. Protecting hospitals’ computer networks is crucial to preserving patient privacy – and more importantly, life itself. Even so, recent research shows that the health care industry lags behind other industries in securing its data.

Yet another recent example from the medical field comes from the Fetal Diagnostic Institute of the Pacific (FDIP) in Honolulu, which just notified 40,800 patients of a potential data breach after it fell victim to a ransomware attack in June. Only after discovering the ransomware, FDIP tapped a cybersecurity firm to remove the malicious software and restore its data via backup files. However, the cybersecurity firm was unable to determine whether the hackers had viewed or removed any of the information on FDIP’s servers. They only knew that the cyberattack enabled hackers to access current and former patients’ names, dates of birth, home addresses, account numbers, diagnoses, and other types of personal information.

Banks, schools, accountants… the list of companies hit by cyberattacks keeps on going across all industries. Don’t be next! Talk to TPx about how we can help you stay secure so that you’ll have no horror stories to tell.

 

About the Author

Lucie HysLucie Hys is a Senior Product Marketing Manager at TPx. She is currently leading the marketing efforts for the company’s MSx suite of managed services. She has been working in marketing for more than 9 years, with the last four focusing on the cybersecurity industry. Lucie graduated with an MBA from Florida Gulf Coast University. In her spare time, she is an avid fitness enthusiast and a passionate traveler.

When we talk to customers, it’s clear that, slowly but surely, the mindset of SMBs is changing to be more hyper-vigilant when it comes to cybersecurity.

Sure, cybersecurity has traditionally been a back-burner issue for small- and medium-sized businesses (SMBs) – whose resources are laser-focused on customers, business growth and technology development. But the threat surface is growing, and SMBs are realizing they need to step up their security practices in order to survive.

In fact, according to the Ponemon Institute, a full 70 percent of SMBs have experienced a cyberattack within the last year. These attacks include ransomware, cryptomining, social media attacks, credential theft and business email compromise (BEC) – all of which are becoming top-of-mind.

Here’s a short recap of these top threats:

Ransomware

Most attacks (in general) typically involve attackers sending an email to unsuspecting employees with the aim of getting them to click on a malicious link or attachment that will execute malware on a victim’s machine. Ransomware is no different; from there, the malware infiltrates the company network, sniffing out endpoints and servers to lock up by encrypting their contents. The attackers then demand payment in exchange for the decryption key. Sometimes the adversaries threaten SMBs with extortion, saying they’ll make the data public if they don’t pay up. These attacks are becoming more targeted against specific businesses too, with attackers taking the time to know their victims to ensure they can craft convincing emails, inflict maximum disruption and garner higher ransoms.

Cryptomining

Cryptomining malware arrives on victims’ desktops and spreads through networks in the same way that ransomware does. But the payload is a piece of code that highjacks computer’s processing resources in order to apply them to mining for cryptocurrencies (most often Monero). It’s a complex blockchain process that can be lucrative for those doing it – especially if they’re not paying for their own processing power. Cryptominers are quieter by nature than ransomware, and tends to quietly leach CPU cycles while remaining hidden on a client PC or inside the datacenter. For SMBs, this translates into degraded computing performance, system-crashing and more, and can plague everyday tasks and radically reduce productivity.

Social Media Attacks

Phishing is a well-known attack vector, where cyberattackers looks to scam users via fraudulent emails. As users get more savvy at recognizing fraud mails, adversaries are moving to more trusted platforms, like social media. At SMBs, where personal social media use and business machines mingle in the absence of hard-core web policies, scammers use fake profiles to trick users into turning over sensitive info, like passwords, account numbers, tax ID numbers, credentials and more. Scammers launch thousands of phishing attacks like these every day—and they’re often successful.

Credential Theft

Speaking of credentials, the market for these is booming on the Dark Web. SMB usernames and passwords for cloud accounts, email, financial apps and more are all sought-after treasure for cyberattackers, which can be uncovered via phishing, brute force attacks or via spyware attacks. Those that steal credentials can easily sell them to other adversaries looking to take over accounts: Financial accounts to steal money directly, cloud accounts to steal company data, email accounts to carry out fraud (like BEC, our next top threat), social media accounts to cause brand damage and more. And, crooks can bank on employees using the same credentials across accounts – so, if an attacker has the password for, say a LinkedIn account, odds are the same combination will work against a more important service.

Business Email Compromise (BEC)

And finally, there’s BEC. While consumers mainly use their devices and various messaging apps to communicate, business users still predominantly use email. Cybercriminals are taking great advantage of this by impersonating executives, senior managers and supply-chain partners to dupe employees into authorizing fraudulent wire transfers or providing confidential information that can be used to defraud companies. These attacks are obviously at their most compelling when a cybercriminal has email account credentials and can log in and send a fraud email from the executive’s real account; but there are ways to spoof email addresses that are quite convincing.

No Business is Immune

The reality is, no one is immune to cybercrime, and SMBs need to take stronger action as they go forward. However, SMBs do face challenges when it comes to shoring up their armor: They have smaller budgets and limited resources to spend on training and security software. This makes them not only an ideal target for external cyberattackers that look for low-hanging quarry with limited defenses, but also ups the potential for negligent employees to make mistakes that have consequences (insider mistakes are to blame for 54 percent of SMB data breaches, according to Ponemon).

Luckily, they can turn to managed service providers (MSPs) like TPx to help. With our Managed Firewall and Managed Endpoint services, you gain your own dedicated team of security professionals working for you. And, we keep your defenses consistent: You never need to worry about installation, configuration, maintenance, patching or updating of your security infrastructure – and it’s all provided at a price you can afford.

Make your business more secure with TPx, so you can focus on growing your organization with the peace of mind that you have the latest, most up-do-date modern security defenses possible. Visit www.tpx.com/services/managed-it or contact your TPx representative to learn more!

 

About the Author

Erik Nordquist is the Senior Product Manager for TPx Communications’ managed security services. He’s led a broad range of critical activities, including Field Operations and the Hostmaster team where he built TPx’s anycast DNS network to service its 55,000 customer locations. His work on the Network Integrity team made him the resident expert for mitigating Denial of Service (DoS) attacks. After interfacing with customers for years, Erik is bringing his customer-focused approach to his Product Manager role, helping to deliver first-in-class security services to TPx clients with unsurpassed customer support.

Horror stories and thrillers are back in style, but you don’t have to go to the theater or queue up Netflix to get your fear on this year—especially if you’re a business owner or IT manager. Cybersecurity incidents are increasing, thanks to an expanding attack surface fueled by an explosion of connected devices, better network speeds and the move to the cloud and mobile working. While some hacks, vulnerabilities and malware attacks are fairly tame, 2019 has seen some true horror stories so far, showing us just how scary things that lurk in the darkness of cyberspace can be. Here are just a few of the horror stories we’ve seen so far in 2019.

BlueKeep Vulnerability Lurks in the Shadows

In May, Microsoft alerted Windows users to the BlueKeep vulnerability (CVE-2019-0708), which, if exploited, would allow a remote attacker to take over a victim’s computer and execute code. The main thing that sets BlueKeep apart from other bugs is that it’s wormable – which means that it can self-propagate from machine to machine, setting up the scene for a fast-moving, global pandemic infection wave.

The concern was big enough that Microsoft even took the unusual step of deploying patches to Windows XP and Windows 2003, which are end-of-life and no longer supported by the computing giant. And, the National Security Agency issued a dire warning: “It is likely only a matter of time before remote exploitation code is widely available for this vulnerability. NSA is concerned that malicious cyber-actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.”

There are still hundreds of thousands of unpatched machines in the U.S.; and working proof-of-concept exploits have been created, including one showing how an unauthenticated attacker can achieve full run of a victim machine in about 22 seconds.

Financial Security Hacked Away

Banks just can’t catch a break. They’ve been the targets of robbers and tricksters throughout time, and our migration to the digital realm is no different. Capital One learned this lesson the hard way in July when it starred in its own summertime horror show. A single hacker demonstrated all the ways financial services firms are vulnerable in massive hack of Capital One that opened doors to the data of more than 100 million people through various avenues, including credit card applications, bank account numbers and social security numbers.

Ransomware Dirty Tricks

Ransomware operators carry out dirty tricks year-round. Last month, a rash of ransomware attacks crippled hospitals worldwide, forcing them to turn away patients and cancel surgeries. The cyberattacks froze the computer systems of several medical facilities in the U.S., with the cybercrooks demanding their treat (payment) in order to restore files.

One of the victims was DCH Health System, a regional hospital and medical complex located in Alabama, which resulted in three satellite hospitals turning away patients. The three regional hospitals, located in Tuscaloosa, Fayette and Northport, were “closed to all but the most critical new patients, because cybercriminals were limiting the hospitals’ abilities to use their computer systems in exchange for an ‘as-yet unknown payment.’” The Alabama hospitals decided to pay up, eventually, even though the FBI typically does not recommend doing so.

Ransomware attacks in 2019 have become more targeted against specific vertical businesses, such as local governments and healthcare organizations, with attackers taking the time to know their victims to ensure they can inflict maximum disruption and garner higher ransoms.

Damned by a Data Breach

In September, the rampant data breach trend reached food delivery service DoorDash, which said that a hack affected almost 5 million customers, drivers and local restaurants using its platform.

DoorDash, an on-demand food delivery service, connects end users with local restaurants and relies on contracted drivers who use their own vehicles for delivery, also known as “Dashers.” A variety of personal data was accessed including names, email addresses, delivery addresses, phone numbers and hashed passwords. Also accessed was payment information including the last four digits of payment cards and driver’s license numbers.

This is only one example: Businesses are increasingly facing data breach horrors, as the Dark Web thirst for personal information that can be used for fraud and payment card data shows no signs of abating.

These are but a few of the cybersecurity nightmares we’ve seen so far in 2019, which show that every business, in any industry, is at risk from ransomware and other malware, security bugs, data thieves and more.

To protect your business from cybersecurity ghouls, it’s critical to invest in proactive monitoring and patching of desktops and servers; intrusion prevention and detection; next-gen firewall and antivirus; and remote troubleshooting and repair. If that sounds scarily complex and resource-intensive, don’t worry: TPx has invested in the best IT security technologies, so you don’t have to. In other words, we can help you banish the horrors with all of the above functions, all at one cost-effective price.

If you’re looking for a reliable managed service that will keep your business safe from cyber-monsters, consider TPx. Visit https://www.tpx.com/services/managed-it/  or contact your TPx representative to learn more.

About the Author

Lucie Hys is a Senior Product Marketing Manager at TPx. She is currently leading the marketing efforts for the company’s MSx suite of managed services. She has been working in marketing for more than 9 years, with the last four focusing on the cybersecurity industry. Lucie graduated with an MBA from Florida Gulf Coast University. In her spare time, she is an avid fitness enthusiast and a passionate traveler. 

 

When it comes to the company network, cybercriminals are always looking for ways to infiltrate and uncover lucrative data that the can either sell on the Dark Web or use as reconnaissance fodder to plan follow-on attacks. And you don’t have to be a large business for threat actors to set their sights on you — small and medium-sized (SMBs) are just as targeted, if not more so, than their bigger rivals.

What’s also true is that company endpoints – the places where individual employees interface with both the internet and the internal company network – are among the weakest links when it comes to corporate security. So, while there are a lot of reasons to turn to a managed service provider (MSP) for your mission-critical IT and communications needs, endpoint protection should be at or near the top of the list.

Here are the basics that SMBs should know about managed endpoints and security. We’ve also put together a quick, two-minute video overview of what they are and why they need management:

1.What are endpoints, exactly? [0:11]

An endpoint is any device that is connected to your network that employees use to carry out their job functions. These include the web-facing servers that run the applications that power your business, as well as the desktop and mobile computers/devices that your employees use to do their jobs every day.

2.Why do endpoints matter? [0:32]

Think of unprotected endpoints as wide-open doors and windows to your business. If they’re not secured and managed properly, bad actors can easily get in, installing malware, monitoring employee communications or snooping around the files on a computer. They can also pivot, get onto the network, and reach other corporate resources beyond the endpoint itself. The result? Security breaches, frequent system crashes and performance issues, lost productivity, frustrated employees and possibly even competitive harm or legal trouble.

3.It sounds like I really need endpoint protection. Can I handle it myself? [0:54]

While many companies would love to handle things in-house, this is really only feasible if you have the right tools for the job and dedicated IT security staff who have the know-how to cover all the bases. Those bases include making sure every single application and operating system is patched and updated; running daily malware and antivirus scans; purchasing and maintaining the latest endpoint security software for intrusion detection and performance monitoring; ensuring employees are using only sanctioned cloud services; requiring strong passwords; and implementing employee education around things like phishing threats. Unfortunately, it’s often far too complex and expensive for small business owners to put all of these things into place on an in-house basis, especially the technology pieces.

4.Is there anyone who can help me? [1:32]

Yes! Fortunately, managed service providers (MSPs) can act as an extension of your staff, guaranteeing that all of the technical details – like patching and malware scans – are done and that all the tools in use are continuously up-to-date.

TPx, for example, has invested in the best endpoint management technologies, so you don’t have to. We manage troubleshooting and repair, and more, all at one cost-effective price. That way, you can focus on growing your business, with peace of mind that the doors and windows are locked.

If you’re looking for a reliable managed service that will keep your endpoints safe, consider TPx. Visit www.tpx.com/endpoints and contact your TPx representative to learn more.

 

About the Author

Joe Royer is the Product Manager for IT/Cloud services at TPx. He has 25 years of industry experience in sales, consulting, and product management for several leading MSPs.

Small and medium business (SMB) retailers are particularly vulnerable to cyberattacks because their in-house expertise and monetary resources for cybersecurity are typically modest. In fact, according to the 2018 Security Scorecard Retail Cybersecurity Report, small retailers are more likely to be the subject of cyberattacks, accounting for 43 percent of all attacks last year in the retail space.

In addition to looking at managed security services  as a cost-effective way to implement protections and mitigate cyberattacks, SMB retailers can shore up their security profile by addressing these six issues.

1. Don’t Focus Exclusively on Compliance.

Many SMB retailers orient their security strategies around maintaining compliance with the Payment Card Industry Data Security Standard (PCI DSS) for handling credit and debit card transactions; it’s mandated by law, and non-compliance carries steep penalties. However, focusing only on PCI DSS compliance often means neglecting other areas where threat actors are operating: for instance, retrieving tempting morsels of personally identifiable information (PII) from cloud storage. Make sure that any security approach takes into account the protection of all of your data, not your customers’ card information.

2. Don’t Rely on Legacy Tools.

Many existing systems and tools can’t keep up with new cybersecurity demands. As companies continue to move their applications, data, and workloads to the cloud, embrace mobility and SaaS apps, and implement IoT, the network is no longer restricted to a physical footprint. And because cyberattacks evolve so quickly, security policies and tools that were put into place even 18 months ago may be outdated. Make sure to do an audit of your existing security tools; ensure they address your entire footprint, even the parts that are off-site, and update them often.

3. Take Preventative Action.

Most cybercrime is financially motivated, with groups of hackers looking to knock over a store (digitally speaking) very quickly, grabbing lucrative information that they can sell or use for phishing attacks, and moving on. The adversaries’ business model is one built on volume. They can’t afford to spend a lot of time or effort penetrating a business, so low-hanging fruit is often the target. Instead of waiting for inevitable attacks and only focusing on remediation plans, SMB retailers should take action to stay out of the “easy pickings” category by making sure that internet-facing servers are properly protected, changing default passwords, patching all software as new versions come out, training employees on how to recognize phishing emails, and so on.

To the latter point, it should be noted that the Security Scorecard report found that 62 percent of attacks on retail SMBs arose out of phishing and social engineering.

4. Keep Up with New Threats.

Cyber criminals are always crafting new malware and stealth tactics with the goal of remaining undetected; it’s a space that never stands still. For the retail sector, new types of point-of-sale malware and ransomware variants are always cropping up. Take for instance the card-skimming crime conglomerate known as Magecart. The group generally installs a skimmer code on vulnerable e-commerce pages to scoop up payment-card data, but in March, they started injecting malicious code into third-party Java libraries used by e-commerce websites to serve advertisements. Make sure you know what’s going on out there so your security strategies can evolve accordingly.

5. Avoid Supply-Chain Woes.

Even if your own infrastructure is locked down, up-to-date, and actively assessed, many SMB retailers fail to protect their business-to-business (B2B) vendor connections. These can be significant weak links if suppliers have direct network interfaces with the retail infrastructure or are exposed to sensitive customer data. Make sure to do your due diligence around the security of your supplier connections.

6. Don’t Spend Too Little.

Organizations only dedicate an average of about 5 percent of their overall IT budgets to security and risk management, according to a recent Gartner report. That’s a woefully small amount given the damage that can come from a successful cyberattack. According to IBM’s 13th annual “Cost of a Data Breach” study conducted by Ponemon Institute, the global average cost of a data breach was up 6.4 percent in 2018, reaching $3.86 million per incident. The average cost for each lost or stolen record containing sensitive and confidential information also increased by 4.8 percent to $148. These costs add up quickly, and could be enough to send many SMB retailers into bankruptcy.

Cyber criminals will continue to target retailers as long as their efforts remain successful. Given retailers’ ongoing adoption of new technology and ways of working, it’s likely that the cyber criminals will find holes in the armor that they can use to continue to compromise businesses that don’t prioritize cyber defense.

This is particularly challenging for SMB retailers, because maintaining a strong IT security posture requires skills and resources that often strain their budget. Hiring a cost-effective managed services provider like TPx could be the remedy.

Visit tpx.com or call your TPx representative today to find out how TPx can help you stay up-to-date and prepared for the latest threats, without breaking the bank.

 

About the Author

Erik Nordquist is the Senior Product Manager for TPx Communications’ managed security services. He’s led a broad range of critical activities, including Field Operations and the Hostmaster team where he built TPx’s anycast DNS network to service its 55,000 customer locations. His work on the Network Integrity team made him the resident expert for mitigating Denial of Service (DoS) attacks. After interfacing with customers for years, Erik is bringing his customer-focused approach to his Product Manager role, helping to deliver first-in-class security services to TPx clients with unsurpassed customer support.