Blog

Horror stories and thrillers are back in style, but you don’t have to go to the theater or queue up Netflix to get your fear on this year—especially if you’re a business owner or IT manager. Cybersecurity incidents are increasing, thanks to an expanding attack surface fueled by an explosion of connected devices, better network speeds and the move to the cloud and mobile working. While some hacks, vulnerabilities and malware attacks are fairly tame, 2019 has seen some true horror stories so far, showing us just how scary things that lurk in the darkness of cyberspace can be. Here are just a few of the horror stories we’ve seen so far in 2019.

BlueKeep Vulnerability Lurks in the Shadows

In May, Microsoft alerted Windows users to the BlueKeep vulnerability (CVE-2019-0708), which, if exploited, would allow a remote attacker to take over a victim’s computer and execute code. The main thing that sets BlueKeep apart from other bugs is that it’s wormable – which means that it can self-propagate from machine to machine, setting up the scene for a fast-moving, global pandemic infection wave.

The concern was big enough that Microsoft even took the unusual step of deploying patches to Windows XP and Windows 2003, which are end-of-life and no longer supported by the computing giant. And, the National Security Agency issued a dire warning: “It is likely only a matter of time before remote exploitation code is widely available for this vulnerability. NSA is concerned that malicious cyber-actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.”

There are still hundreds of thousands of unpatched machines in the U.S.; and working proof-of-concept exploits have been created, including one showing how an unauthenticated attacker can achieve full run of a victim machine in about 22 seconds.

Financial Security Hacked Away

Banks just can’t catch a break. They’ve been the targets of robbers and tricksters throughout time, and our migration to the digital realm is no different. Capital One learned this lesson the hard way in July when it starred in its own summertime horror show. A single hacker demonstrated all the ways financial services firms are vulnerable in massive hack of Capital One that opened doors to the data of more than 100 million people through various avenues, including credit card applications, bank account numbers and social security numbers.

Ransomware Dirty Tricks

Ransomware operators carry out dirty tricks year-round. Last month, a rash of ransomware attacks crippled hospitals worldwide, forcing them to turn away patients and cancel surgeries. The cyberattacks froze the computer systems of several medical facilities in the U.S., with the cybercrooks demanding their treat (payment) in order to restore files.

One of the victims was DCH Health System, a regional hospital and medical complex located in Alabama, which resulted in three satellite hospitals turning away patients. The three regional hospitals, located in Tuscaloosa, Fayette and Northport, were “closed to all but the most critical new patients, because cybercriminals were limiting the hospitals’ abilities to use their computer systems in exchange for an ‘as-yet unknown payment.’” The Alabama hospitals decided to pay up, eventually, even though the FBI typically does not recommend doing so.

Ransomware attacks in 2019 have become more targeted against specific vertical businesses, such as local governments and healthcare organizations, with attackers taking the time to know their victims to ensure they can inflict maximum disruption and garner higher ransoms.

Damned by a Data Breach

In September, the rampant data breach trend reached food delivery service DoorDash, which said that a hack affected almost 5 million customers, drivers and local restaurants using its platform.

DoorDash, an on-demand food delivery service, connects end users with local restaurants and relies on contracted drivers who use their own vehicles for delivery, also known as “Dashers.” A variety of personal data was accessed including names, email addresses, delivery addresses, phone numbers and hashed passwords. Also accessed was payment information including the last four digits of payment cards and driver’s license numbers.

This is only one example: Businesses are increasingly facing data breach horrors, as the Dark Web thirst for personal information that can be used for fraud and payment card data shows no signs of abating.

These are but a few of the cybersecurity nightmares we’ve seen so far in 2019, which show that every business, in any industry, is at risk from ransomware and other malware, security bugs, data thieves and more.

To protect your business from cybersecurity ghouls, it’s critical to invest in proactive monitoring and patching of desktops and servers; intrusion prevention and detection; next-gen firewall and antivirus; and remote troubleshooting and repair. If that sounds scarily complex and resource-intensive, don’t worry: TPx has invested in the best IT security technologies, so you don’t have to. In other words, we can help you banish the horrors with all of the above functions, all at one cost-effective price.

If you’re looking for a reliable managed service that will keep your business safe from cyber-monsters, consider TPx. Visit https://www.tpx.com/services/managed-it/  or contact your TPx representative to learn more.

About the Author

Lucie Hys is a Senior Product Marketing Manager at TPx. She is currently leading the marketing efforts for the company’s MSx suite of managed services. She has been working in marketing for more than 9 years, with the last four focusing on the cybersecurity industry. Lucie graduated with an MBA from Florida Gulf Coast University. In her spare time, she is an avid fitness enthusiast and a passionate traveler. 

 

When it comes to the company network, cybercriminals are always looking for ways to infiltrate and uncover lucrative data that the can either sell on the Dark Web or use as reconnaissance fodder to plan follow-on attacks. And you don’t have to be a large business for threat actors to set their sights on you — small and medium-sized (SMBs) are just as targeted, if not more so, than their bigger rivals.

What’s also true is that company endpoints – the places where individual employees interface with both the internet and the internal company network – are among the weakest links when it comes to corporate security. So, while there are a lot of reasons to turn to a managed service provider (MSP) for your mission-critical IT and communications needs, endpoint protection should be at or near the top of the list.

Here are the basics that SMBs should know about managed endpoints and security. We’ve also put together a quick, two-minute video overview of what they are and why they need management:

1.What are endpoints, exactly? [0:11]

An endpoint is any device that is connected to your network that employees use to carry out their job functions. These include the web-facing servers that run the applications that power your business, as well as the desktop and mobile computers/devices that your employees use to do their jobs every day.

2.Why do endpoints matter? [0:32]

Think of unprotected endpoints as wide-open doors and windows to your business. If they’re not secured and managed properly, bad actors can easily get in, installing malware, monitoring employee communications or snooping around the files on a computer. They can also pivot, get onto the network, and reach other corporate resources beyond the endpoint itself. The result? Security breaches, frequent system crashes and performance issues, lost productivity, frustrated employees and possibly even competitive harm or legal trouble.

3.It sounds like I really need endpoint protection. Can I handle it myself? [0:54]

While many companies would love to handle things in-house, this is really only feasible if you have the right tools for the job and dedicated IT security staff who have the know-how to cover all the bases. Those bases include making sure every single application and operating system is patched and updated; running daily malware and antivirus scans; purchasing and maintaining the latest endpoint security software for intrusion detection and performance monitoring; ensuring employees are using only sanctioned cloud services; requiring strong passwords; and implementing employee education around things like phishing threats. Unfortunately, it’s often far too complex and expensive for small business owners to put all of these things into place on an in-house basis, especially the technology pieces.

4.Is there anyone who can help me? [1:32]

Yes! Fortunately, managed service providers (MSPs) can act as an extension of your staff, guaranteeing that all of the technical details – like patching and malware scans – are done and that all the tools in use are continuously up-to-date.

TPx, for example, has invested in the best endpoint management technologies, so you don’t have to. We manage troubleshooting and repair, and more, all at one cost-effective price. That way, you can focus on growing your business, with peace of mind that the doors and windows are locked.

If you’re looking for a reliable managed service that will keep your endpoints safe, consider TPx. Visit www.tpx.com/endpoints and contact your TPx representative to learn more.

 

About the Author

Joe Royer is the Product Manager for IT/Cloud services at TPx. He has 25 years of industry experience in sales, consulting, and product management for several leading MSPs.

Small and medium business (SMB) retailers are particularly vulnerable to cyberattacks because their in-house expertise and monetary resources for cybersecurity are typically modest. In fact, according to the 2018 Security Scorecard Retail Cybersecurity Report, small retailers are more likely to be the subject of cyberattacks, accounting for 43 percent of all attacks last year in the retail space.

In addition to looking at managed security services  as a cost-effective way to implement protections and mitigate cyberattacks, SMB retailers can shore up their security profile by addressing these six issues.

1. Don’t Focus Exclusively on Compliance.

Many SMB retailers orient their security strategies around maintaining compliance with the Payment Card Industry Data Security Standard (PCI DSS) for handling credit and debit card transactions; it’s mandated by law, and non-compliance carries steep penalties. However, focusing only on PCI DSS compliance often means neglecting other areas where threat actors are operating: for instance, retrieving tempting morsels of personally identifiable information (PII) from cloud storage. Make sure that any security approach takes into account the protection of all of your data, not your customers’ card information.

2. Don’t Rely on Legacy Tools.

Many existing systems and tools can’t keep up with new cybersecurity demands. As companies continue to move their applications, data, and workloads to the cloud, embrace mobility and SaaS apps, and implement IoT, the network is no longer restricted to a physical footprint. And because cyberattacks evolve so quickly, security policies and tools that were put into place even 18 months ago may be outdated. Make sure to do an audit of your existing security tools; ensure they address your entire footprint, even the parts that are off-site, and update them often.

3. Take Preventative Action.

Most cybercrime is financially motivated, with groups of hackers looking to knock over a store (digitally speaking) very quickly, grabbing lucrative information that they can sell or use for phishing attacks, and moving on. The adversaries’ business model is one built on volume. They can’t afford to spend a lot of time or effort penetrating a business, so low-hanging fruit is often the target. Instead of waiting for inevitable attacks and only focusing on remediation plans, SMB retailers should take action to stay out of the “easy pickings” category by making sure that internet-facing servers are properly protected, changing default passwords, patching all software as new versions come out, training employees on how to recognize phishing emails, and so on.

To the latter point, it should be noted that the Security Scorecard report found that 62 percent of attacks on retail SMBs arose out of phishing and social engineering.

4. Keep Up with New Threats.

Cyber criminals are always crafting new malware and stealth tactics with the goal of remaining undetected; it’s a space that never stands still. For the retail sector, new types of point-of-sale malware and ransomware variants are always cropping up. Take for instance the card-skimming crime conglomerate known as Magecart. The group generally installs a skimmer code on vulnerable e-commerce pages to scoop up payment-card data, but in March, they started injecting malicious code into third-party Java libraries used by e-commerce websites to serve advertisements. Make sure you know what’s going on out there so your security strategies can evolve accordingly.

5. Avoid Supply-Chain Woes.

Even if your own infrastructure is locked down, up-to-date, and actively assessed, many SMB retailers fail to protect their business-to-business (B2B) vendor connections. These can be significant weak links if suppliers have direct network interfaces with the retail infrastructure or are exposed to sensitive customer data. Make sure to do your due diligence around the security of your supplier connections.

6. Don’t Spend Too Little.

Organizations only dedicate an average of about 5 percent of their overall IT budgets to security and risk management, according to a recent Gartner report. That’s a woefully small amount given the damage that can come from a successful cyberattack. According to IBM’s 13th annual “Cost of a Data Breach” study conducted by Ponemon Institute, the global average cost of a data breach was up 6.4 percent in 2018, reaching $3.86 million per incident. The average cost for each lost or stolen record containing sensitive and confidential information also increased by 4.8 percent to $148. These costs add up quickly, and could be enough to send many SMB retailers into bankruptcy.

Cyber criminals will continue to target retailers as long as their efforts remain successful. Given retailers’ ongoing adoption of new technology and ways of working, it’s likely that the cyber criminals will find holes in the armor that they can use to continue to compromise businesses that don’t prioritize cyber defense.

This is particularly challenging for SMB retailers, because maintaining a strong IT security posture requires skills and resources that often strain their budget. Hiring a cost-effective managed services provider like TPx could be the remedy.

Visit tpx.com or call your TPx representative today to find out how TPx can help you stay up-to-date and prepared for the latest threats, without breaking the bank.

 

About the Author

Erik Nordquist is the Senior Product Manager for TPx Communications’ managed security services. He’s led a broad range of critical activities, including Field Operations and the Hostmaster team where he built TPx’s anycast DNS network to service its 55,000 customer locations. His work on the Network Integrity team made him the resident expert for mitigating Denial of Service (DoS) attacks. After interfacing with customers for years, Erik is bringing his customer-focused approach to his Product Manager role, helping to deliver first-in-class security services to TPx clients with unsurpassed customer support.

With payment-card details and personal data remaining a lucrative cash cow for cybercriminals on the dark web, retailers are firmly on criminals’ radar these days. E-commerce and business-to-business (B2B) transactions are the norm for most shops, which opens up a big digital avenue straight into the heart of the business for capturing card information and personally identifiable information (PII) including names, addresses, shopping preferences, and loyalty program information. Exacerbating matters is the fact that retail tends to be a vertical that falls behind on the security front – something that cyber criminals are well aware of.

All of this means that if you’re in charge of a company in the retail space, you need to make cybersecurity a priority. In case it’s not already, here are eight stats to think about as you plan strategic decisions going forward.

1.Retailers are top targets for cyber criminals.

According to a recent Alert Logic cybersecurity report, retailers topped the list of cyberattack targets out of eight different types of organizations (4,000 organizations in total). Alert Logic’s analysis of the attacks in this vertical revealed aggressive scanning, including indicators of extensive directory-guessing techniques and a large array of automated code injection and vulnerability scanning. Application attacks, where hackers infiltrate a victim company’s mission-critical services in order to capture the information flowing to and from them, are by far the dominant attack type in this industry group, accounting for 85 percent of all attacks.

2. Retailers lack social-engineering awareness.

The retail industry ranks dead last in foiling social-engineering efforts, where cyber criminals pose as a legitimate correspondent in an email to get an employee to click on a malicious link or open a weaponized attachment. According to the 2018 SecurityScorecard Retail Cybersecurity Report, since the retail industry employs younger, less experienced people at a higher rate than other industries, these employees may be less aware of these attack vectors.

3. Most retailers miss the mark on PCI compliance.

Also, according to SecurityScorecard, more than 90 percent of retailers are out of compliance with the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is a standard for those that handle credit and debit card transactions. It’s mandated by law, requiring steps such as maintaining a firewall around customer data, practicing good hygiene when it comes to account passwords, and so on. Penalties for non-compliance are as high as $100,000 every month or $500,000 per security incident.

4. Retailers fall behind on encryption for data in the cloud.

According to the retail edition of the “2018 Thales Data Threat Report,” despite being among the primary adopters of cloud storage for company and customer information, retailers tend to put encryption for the data they keep in the cloud on the back burner. Only 26 percent of U.S. retailers are implementing encryption in the cloud today.

5. Data breaches are accelerating.

The Thales report also revealed that half of U.S. retailers experienced a data breach in the past year, up from 19 percent the year before. Further, a full 75 percent of retailers have experienced at least one data breach in the past.

6. Retailers see data theft as the biggest challenge this year.

According to the SecurityScorecard report, eight in 10 retailers think that their biggest IT challenge for 2019 is combatting data theft. And no wonder: a majority (79 percent) of those hit with an incident in 2018 said they lost customers, while 62 percent admitted to incurring legal costs.

7. Breaches impact customer loyalty.

According to a study by KPMG, a fifth (19 percent) of consumers would take their retail business elsewhere after a breach, and 33 percent would take a break from shopping at a store for an extended period. Examples of 16 retailers that have been affected by data breaches since January 2017 can be found here.

8. Security spending is on the rise.

The good news is that many retailers seem to be waking up to the cyber-dangers out there and the implications of a break or attack. According to the Thales study, 84 percent of U.S. retailers plan to increase their security spending in the next year.

The bottom line is that cybersecurity trends are growing worse for retailers in terms of the volume and success rate of attacks. This, combined with a lack of awareness and poor security posture within the vertical, makes retail an attractive target for information thieves. All too often, retail locations don’t have in-house expertise, which can be an obstacle for security preparedness.

The good news is that a growing number of retailers are increasing their use of managed security services  to fill the gaps in personnel and budgetary resources. For example, TPx has a full range of state-of-the-art protections and mitigation services, all offered on a cost-effective, managed basis. Call your TPx representative today to find out how we can help your retail business navigate the always-evolving threat landscape.

 

About the Author

Erik Nordquist is the Senior Product Manager for TPx Communications’ managed security services. He’s led a broad range of critical activities, including Field Operations and the Hostmaster team where he built TPx’s anycast DNS network to service its 55,000 customer locations. His work on the Network Integrity team made him the resident expert for mitigating Denial of Service (DoS) attacks. After interfacing with customers for years, Erik is bringing his customer-focused approach to his Product Manager role, helping to deliver first-in-class security services to TPx clients with unsurpassed customer support.

 

 

simple cybersecurity tips

If you run a small- to medium-sized business (SMB), chances are that you’re already aware that cybersecurity should be a concern. In fact, a recent survey from AppRiver found that more than half (58%) of SMBs in the U.S. are more worried about getting hacked than they are about a flood, a fire, a transit strike, or even a physical break-in of their offices.

The question is, what are you going to do about it? Staying secure on a budget can be a challenge for SMBs – a problem that’s often exacerbated by a lack of in-house security expertise. Turning to cost-effective managed services is a good solution – but there are also plenty of tactics that you can implement to minimize your risk.

Understand the Hacker Tricks of the Trade

Cyberattackers are savvy and adaptable, but there are a few common techniques that they use on a regular basis. Understanding what these are can help you protect your business.

Far and away, the most common way an attacker infiltrates networks and harvests sensitive data is through phishing.

Phishing works like this: A victim will receive an email claiming to be from someone they know, or from an organization they recognize or perhaps even deal with often. These emails sometimes clearly stand out as spam, but in other cases, the impersonation will be hard to spot: the adversary will take great pains to make it look and sound like a legitimate email, complete with authentic-looking logos.

Within that phishing email will be a malicious link, attached document, or an app. When a user clicks on a link, it will take them to what looks like a legitimate page with a log-in screen. That page is actually fake (or “spoofed”), and when the victim puts in his or her credentials, the hacker is able to grab them and gain unauthorized access to the victim’s account. In the case of an attachment or app, opening it usually results in malware being installed on the victim’s machine. That virus or a trojan gives hackers access to the data on the victim’s computer or phone (for instance, it could be a keylogger, which captures what the victim types to uncover user names and passwords), and also allows them to gain a foothold on the company network.

There are also watering-hole attacks to worry about. Here, an attacker might create a fake website that offers information that a specific target might be interested in – industry-specific articles or “how-to” blogs, for instance – while in the background it is executing malware on the visitor’s computer. In a variation of this, adversaries create fake mobile apps that appear to do something useful; but when installed, they turn out to be malware.

A third common attack method is via malicious Wi-Fi networks in public places. A hacker can use software to set up a wireless access point (with an innocuous or attractive name like “free public Wi-Fi”) – and once someone has connected to it, a hacker can intercept and eavesdrop on any traffic that flows through it.

There are other techniques out there as well, but these are common tricks to watch out for.

Employee Training: A Crucial Line of Defense

All three of these attack types require the user to take some kind of action – click on a link, download an attachment, visit a dodgy website, download a rogue app, or connect to an untrusted Wi-Fi network. And that means that the attacks can be prevented with good security hygiene.

Training your employees is a critical first line of defense against these opportunistic kinds of attacks. For starters, implement the doctrine of verification: Before clicking on a link or downloading an attachment in an email, send a separate email to the supposed sender to make sure the person did indeed send the message – especially for anything unsolicited. Better yet, pick up the phone and call the person.

Another training tactic is to learn to always hover over a link to make sure it’s the legitimate address. Malicious links won’t have the proper URL – however, they may have similar-sounding URLs. If the message claims to be from the Bank of Peter, the malicious link may read something like www.bankof.peter.com or www.bankofpeeter.com instead of www.bankofpeter.com.

In a similar vein, employees should be trained to never download an app from a third-party app store. Even if they do download something from Google Play or the Apple App Store, advise them to read the reviews to make sure all is on the up-and-up; sometimes bad apps do get through.

And finally, on-the-go employees should be wary of public Wi-Fi, and should always verify the legitimate SSID with the airport, café, or other operator of the space. It’s also a good idea to use a VPN – there are plenty of free offerings.

Require Best Practices

Along with basic security training, SMBs should always ensure that best practices are being carried out. For instance, all software should be kept up-to-date. Most of the time, a malicious attachment or watering-hole attack will only be successful if there are unpatched software vulnerabilities on the target machines.

For any cloud services, employees should be required to enable two-factor authentication (2FA), which will make it necessary to enter a one-time password that’s sent to a mobile phone before the user can log in. That way, even if hackers somehow gain a user’s credentials, they still won’t be able to log in because they don’t have access to that user’s mobile device.

Speaking of which, password hygiene is critical as well. Businesses should be thinking about complex passwords which include a combination of letters, numbers, and special characters. SMBs should require that their users change these often, are unique and not used anywhere else. In a similar vein, users should make sure that their website security questions are difficult – not information that could be gleaned from social media or elsewhere, such as your mother’s maiden name or the city where you were born – and consider making up the answers to thwart hackers even further.

Simple Administrative Fixes

Beyond user actions, there are simple actions that SMB network administrators can take to help their companies get out of the “low-hanging fruit” camp. Most hackers are looking for an easy score. Anything that raises the bar of effort for them – even a little bit – will cause them to move onto the next potential victim rather than expend any more time and effort on something that isn’t easy.

To start, enable firewalls and traffic encryption – you can easily enable the basic tools that come with your networking gear. Secondly, make sure that all default passwords on devices connected to the network are changed to unique combinations, and keep the software and firmware up-to-date. Next, replace any systems with outdated operating systems like Windows 7 – Microsoft no longer supports these, and there are known vulnerabilities that hackers can easily exploit to gain access.

And finally, think about permissions. Take steps to manage and limit access to data, drives, and systems for those employees that don’t need it. Also, don’t forget to deactivate access for those who don’t need it anymore – ex-employees are a leading cause of data theft.

The bottom line: as a small business, you are a primary target for hackers. Make time for these easy steps today to avoid difficult situations in the future. Need help securing your business or want to learn more? Visit www.tpx.com/managedIT or call 888-407-9594.

 

About the Author

Erik Nordquist is the Senior Product Manager for TPx Communications’ managed security services. He’s led a broad range of critical activities, including Field Operations and the Hostmaster team where he built TPx’s anycast DNS network to service its 55,000 customer locations. His work on the Network Integrity team made him the resident expert for mitigating Denial of Service (DoS) attacks. After interfacing with customers for years, Erik is bringing his customer-focused approach to his Product Manager role, helping to deliver first-in-class security services to TPx clients with unsurpassed customer support.