Semper Fi: Never Negotiate With Cyberterrorists

A recent report by the U.S. Marine Corps indicates an unintended data disclosure, the result of a single accidental keystroke. Never backing down from a fight, learn from Jarheads how to best defend yourself from a data breach and strengthen your position!

US Marines Data Disclosure

Have you ever thought twice about clicking “send” after drafting an email? We’re sure you have; everyone has. The most common reasons involve editing the text for clarity, context, or tone. Sometimes you verify the email addresses for the “to” field. These are all great measures that everyone can — and should — take before sending an email, especially one with sensitive data enclosed.

Yet, accidents happen. A recent accidental keystroke shared an email to an incorrect distribution list, which included the unencrypted personal data of more than 20,000 U.S. Marines, their families, and civilians. Social security numbers, bank details, credit card information, home and mailing addresses, and emergency contact information were all disclosed. Does this fall under the label of “data breach” if the disclosure was part of an “oops” and not a cyber attack?

Marine Forces Reserve spokesperson Andrew Aranda has said the Marines’ IT staff is reviewing cybersecurity and information assurance processes to update their overall guidelines and to better train team members at every level. More importantly, this was an accident without malicious intent, and a cybersecurity vulnerability was not the cause. Additionally, the United States Armed Forces branches fully understand the great responsibility to protect highly-confidential personally identifiable information (PII) stored in their records and a lengthy history of excellence in this arena.

More than 20,000 individuals will now need to diligently check their credit report on a regular basis to ensure this disclosure doesn’t leave them open to identity theft. Add to this number the family members potentially impacted, and the full amount affected could double or triple. This is a story too well-known by millions of Americans in recent years. Customers of Anthem, Target, eBay, and The Home Depot are just a few examples of organizations whose customers have been impacted by data breaches. Cybercriminals and cyberterrorists — hackers — are just waiting for a weakness to exploit. This introduces two key questions:

  • How effective are an organization’s cybersecurity protocols and training?
  • What can consumers do to protect themselves if they’ve been impacted by a data breach?

How aware are the individuals behind this incident of security protocols and risks? The basic information assurance training from as recent as a year ago isn’t current for today’s needs as a means of self-awareness and protection.

  • What is information assurance? When information is processed, stored, or transmitted (data) involving systems, there are risks. Information assurance is the effort a group takes to protect this data and these systems to ensure the security of the data and minimize risks involved.

The focus of information assurance is on the security of data. While “protection of data” may not be the first concept that comes to mind when you think of the United States armed forces, the protection of its people is an inherent byproduct of its very nature. The military does not operate in the same ways as Corporate America, with many factors contributing to the differences. One thing is certain: the military takes its duty to serve and protect American citizens very seriously and is dedicated to assisting those impacted.

How can consumers protect themselves?

Credit Reports

As we already mentioned, check credit reports regularly. Once a cybercriminal has a name, address, and a few pieces of personal information, this data can be used to misrepresent an identity online.

  • Consumers are entitled to one free credit report each year, at https://www.annualcreditreport.com/
  • Anyone can add a fraud alert to their credit report with each credit reporting agency for added protection. This will prompt a two-step verification process for any attempt to open a new account in someone’s name, and is a very helpful feature to protect someone’s identity from being used by other parties.

Passwords

Aside from checking credit reports, we strongly suggest changing all passwords. Most importantly, start with changing passwords for online banking, credit cards, email, and social media accounts. After these, move on to seemingly innocuous accounts like the United States Post Office and those for magazines or local newspapers, with active subscriptions.

  • It’s worth it to keep a list of all locations with usernames and passwords. Imagine how helpful this list might be in this situation, cutting response time drastically and potentially reducing the overall impact. Just don’t store the list somewhere online, like email. If that is the first thing a hacker can access, they have access to everything after discovering this data goldmine!
  • Make sure new passwords created are complex, using a combination of capital and lowercase letters, numbers, and symbols like ?!@#$%.
  • Change passwords on desktop systems to prevent a sophisticated hacker from accessing further personal data, or giving them the smallest access point to plant a virus or ransomware, or even mine cryptocurrency.
    • Running the most recent updates and install these packages immediately will help close any security gaps discovered by operating system manufacturers and application developers.

Credit Cards

In this case, credit card numbers were included in the disclosed data. It’s a huge pain, but it’s worth it in the long run for protection to report the accounts as compromised and have new card numbers issued.

Every day brings a story of new ways hackers use to access PII of consumers and how this information is used to their advantage – and to the detriment of the consumers affected. Consumers need to regularly assess their risk and do their best to eliminate the unknown, where possible by taking these measures to protect themselves. Maintaining a realistic perspective on this risk will be instrumental as “an ounce of prevention” here.

In modern days of digital communication, we can never be too careful as hackers are becoming far more sophisticated and staying one step ahead of consumers. Imagine if cybercriminals used their power for good!

Don’t let one mistake cause years of hassles and headaches – talk to an expert if you think you’ve been compromised in this or any other data breach, and protect yourself.

Problems with Two-Factor Authentication in Office 365?

We noticed that some people are having problems using Microsoft Office 365 with two-factor authentication (2FA) (also known as multi-factor authentication).

Office 365 Two Factor Authentication

 

We have a few tips for you here.

First: It’s important to know that when your admin sets up 2FA for your Office 365 users, they must enable Modern Authentication (MA) for Exchange Online if users are accessing Exchange using Outlook 2016. (The versions of Microsoft Outlook before 2013 don’t support Modern Authentication.)  For details on how to enable MA for Exchange Online tenants, see Enable Modern Authentication in Exchange Online.

Second: You shouldn’t have any problem using 2FA with Microsoft’s mobile Office apps, Outlook Groups, Office 2016 desktop apps, and OneDrive for Business in Windows 10. However, other applications may be incompatible, so make sure you test all the apps in your organization before enabling 2FA.

How to Connect to Office 365 Security & Compliance Center PowerShell Using 2FA.

If you set up 2FA for tenant administrator accounts, they can’t sign in to Office 365 using PowerShell. Instead, you must set up a specialized account for administrators. To do this, you must install the Exchange Online Remote PowerShell Module and use the Connect-IPPSSession cmdlet to connect to Security & Compliance Center PowerShell.

Important note from Microsoft: You can’t use the Exchange Online Remote PowerShell Module to connect to Exchange Online PowerShell and Security & Compliance Center PowerShell in the same session (window). You need to use separate sessions of the Exchange Online Remote PowerShell Module.

This is what Microsoft recommends you do:

  1. Open the Exchange admin center (EAC) for your Exchange Online. See Exchange admin center in Exchange Online.
  2. In the EAC, go to HybridSetup and click the appropriate Configure button to download the Exchange Online Remote PowerShell Module for multi-factor authentication.
  3. In the Application Install window that opens, click Install.

Windows Remote Management (WinRM) on your computer should allow authentication by default. If basic authentication is disabled, you’ll get an error message. Now you should be able to sign into the Security & Compliance Center PowerShell by using 2FA.

After you sign in, the Security & Compliance Center cmdlets will be imported into your Exchange Online Remote PowerShell Module session and tracked by a progress bar. If you don’t receive any errors, you’ve done this successfully.

If not, and you receive errors, check the following requirements:

  • Limit your open remote PowerShell connections to three. This prevents denial-of-service (DoS) attacks.
  • Make sure the account you connect to the Security & Compliance Center is enabled for remote PowerShell. For more information, see Enable or disable access to Exchange Online PowerShell.
  • The TCP port 80 traffic must be open between your local computer and Office 365. It may not be if your organization has a restrictive Internet access policy.

How to Enable 2FA in the Office 365 Admin Portal

Two-factor authentication (multi-factor authentication) can be enabled for individual users or in bulk. Before continuing, be sure to install Microsoft Authenticator on your user’s mobile devices, (not Authenticator, a similar app from Microsoft but without support for push notifications).  Here’s what Microsoft says to do to enable 2FA one user at a time:

  • Log in to the Office 365 admin portal using an administrator account.
  • In the menu on the left of the portal, expand Users and Active users.
  • In the list of users, click the user for which you want to enable 2FA. Note that only licensed users can use 2FA.
  • In the user’s pane, click Manage multi-factor authentication under More settings.
  • On the multi-factor authentication screen, select the user account to enable, and then click Enable under quick steps on the right.
  • In the About enabling multi-factor auth dialog box, click enable multi-factor auth.

The MULTI-FACTOR AUTH STATUS should change to Enabled. Close the browser window and sign out of the admin portal.  

How to Enroll an Account for 2FA

Once the feature is enabled, the user must now enroll for 2FA, and sign into Office 365 with their username and password, and then click Set it up now on the sign in screen and follow Microsoft’s instructions below:

  • On the Additional security verification screen, select Mobile app
  • Select Receive notifications for verification
  • Click Set up
  • Open the Microsoft Authenticator app on your phone and click Scan Barcode.
  • Use the camera on your phone to scan the barcode in the Configure mobile app You’ll then need to wait a couple of seconds while the app activates the new account.
  • Click Finished in the browser window.
  • Back on the Additional security verification screen, click Contact me.

The user will receive a notification on their phone. They should open it, and they’ll be taken to the Microsoft Authenticator app.

  • Click Verify to complete the sign-in process.
  • Click Close in the Microsoft Authentication app.
  • In the browser window, they must enter a number to receive verification codes in case they lose access to the Microsoft Authenticator app and click Next.

Web-based and mobile apps can use Microsoft Authenticator app verifications for 2FA logins, but Office desktop apps require an app password.

This final step provides the user with an app password for these apps.

  • They should copy the app password by clicking the copy icon to the right of the password and paste it somewhere safe. Click Finished.
  • They’ll be prompted to sign in again, this time by verifying the login using the Microsoft Authenticator app.

Important note from Microsoft:  If you want to use only Multi-Factor Authentication for Office 365, don’t create a Multi-Factor Authentication provider in the Azure Management Portal and link it to a directory. Doing so will take you from Multi-Factor Authentication for Office 365 to the paid version of Multi-Factor Authentication.

We hope this helps. It can be complicated to implement the proper settings for two-factor authentication in Microsoft Office 365.  If you have any problems doing this, feel free to contact our Microsoft Experts.

Are You Playing The Internet’s Latest Game Of Cops And Robbers?

Make no mistake – if you show the slightest bit of weakness around a bully, they will pounce. The Internet is no different, with hackers just waiting for a cybersecurity vulnerability to seize their opportunity.

Internet Crime

 The latest form of cyberterrorism to take root and have explosive growth is incredibly dangerous. Forget about Trojan horse viruses and identity theft — well, not really, those are still a threat — but the hot topic today is cryptocurrency mining. This phrase is used in reports and articles all over the Internet, but what it means can vary.

  • Cryptocurrency is an alternative currency in a digital format that is uncontrolled by a financial authority where the authority determines the supply and value. The most widely-known type of cryptocurrency is bitcoin. The decentralized nature of cryptocurrencies is what makes them so appealing to cybercriminals, but also what makes the industry minimally regulated.

Have you ever had a virus on your computer or smartphone? We know that pain. They range from annoying to debilitating and are time-consuming to eradicate. What’s worse is when we connect our smartphones via charging cable to a computer, and we allow access to our smartphone, we run the risk of inadvertently allowing the virus to transfer. Can we ever win?

  • In 2017, a version of malware for cryptocurrency mining targeting Android devices was discovered and proved its effectiveness of physically damage a mobile device.

Why are we talking about cryptocurrencies and viruses at the same time? Because you’d be amazed at what lengths cybercriminals — hackers — will go to accomplish their goal. Have you ever heard of ransomware? It’s a type of malicious software, “malware”, and sometimes more advanced malware is involved where the victim’s files are encrypted using code deployed by the hacker, called cryptoviral extortion. These all function the same as a basic virus, where an executable program is planted on a user’s computer with the intention of restricting user access in some way. With ransomware, to remove this restriction and regain access, the user is prompted to pay whatever fee the hacker demands — their “ransom” — otherwise the user’s data is blocked entirely and permanently. This type of extortion is being used more commonly in cryptocurrency mining.

  • Cryptocurrency mining uses specialized software programs to automate the process of solving complex math problems in exchange for a small amount of cryptocurrency.

How is this possible? We mentioned that the beauty of cryptocurrency mining is in automation. A cybercriminal gains access to a computer — without the knowledge or permission of the computer’s owner — and installs the software that runs the mining file(s). Has this ever happened to you? But…would you even realize it?

How do cybercriminals access a computer to fulfill their devious plan? Through dark and devious means in a dimly-lit basement at a desk filled with candy wrappers and empty cans of energy drinks? This isn’t a Hollywood film – it’s much more likely the cybercriminal is at a coffee shop or somewhere benign. They could be next door, across town, or around the globe from the computer that they’re hacking. While proximity isn’t meaningless, it’s far less necessary than it once was. The Internet has made consumers that much more vulnerable, and that much more valuable to a hacker. The sad reality is that the devices most consumers use to access the Internet — either wireless routers or networks lacking sophisticated means of protection — are the most common culprit. Most consumers don’t realize how important it is to established layered levels of cybersecurity protection at their home, nor do they understand how to go about protecting themselves adequately. This is something best left to the experts – especially if you need to establish this protection in your office, and it’s your business!

Still wondering why a hacker targets a personal computer for cryptocurrency mining? The answer is money. We can look at this from a few different perspectives.

  • Using someone else’s computer, a hacker doesn’t need to worry about overhead, like:
    • Reliable power and resulting power bill.
    • The purchase and maintenance of the expensive hardware needed to process the thousands of complex problems that generate the cryptocurrency, though fractional portions with each solution.
  • Hacking into many computers offers the chance to increase the amount of cryptocurrency generated in the same time frame from multiple sources.
    • When one option is eliminated, another option replaces it quickly, so a hacker avoids “downtime”.
  • The goal of any hacker varies, but when it comes to cryptocurrency mining, the goal is to make money. The next step in a natural progressing — one born of greed — is to hold the hacked device hostage for ransom.

The terms “cyberterrorism” and “cyberespionage” are just fancy ways of redefining a hacking situation that is getting uglier each year. The more sophisticated any cybersecurity network is, personal or professional, the more sophisticated hackers need to become in response. Adversely, the more vulnerable a network is, the more attractive the victim is to a hacker, and the more expensive the situation the victim is likely to find themselves in – repeatedly.

The value of cryptocurrencies keeps increasing, as well. Bitcoin is valued around $9,000, meaning that the cost to buy one Bitcoin is $9,000. A newer cryptocurrency, Monero, has increased exponentially in its first year. The value of Monero is lower than that of Bitcoin, closer to $250, but its newness also makes it more discreet. There is also value in mining early. Consider the price of an ounce of gold; the weight does not change, but the value of an ounce does, so buying one ounce for $500 and keeping that ounce until the value of an ounce reaches $1,000 gives a greater return on investment It’s ironic to be reading about legal investments in the same spot as cryptoviral extortion – but it helps law-abiding citizens understand the mindset of the cybercriminal. More importantly, the process to mine these isn’t the point: where there is money to be made by little effort, those with a serious lack of ethics seize the moment. Cybercriminals are evolving with cryptocurrency paradigm shifts, including fileless miners.

  • Fileless cryptocurrency-mining malware is a newer mining method and involves deploying code into the victim’s system memory. This code is what activates the computer’s mining processes.

Yes, cybercriminals can now use wireless networks to access your computer and use your computer to mine cryptocurrencies without files. If a hacker can take over your computer entirely and require you to pay them real money to get your computer — and everything on that computer — back, how can you protect yourself?

Cybersecurity and protecting yourself isn’t just a case of setting a “really strong” password anymore. Some programs and platforms encourage — or even require — two-step verification processes for each login. The greatest advantage you can give yourself is teaming with the best cybersecurity partner and making all staff members aware of the risks. Let your trusted partner do what they do best — cybersecurity — and you can focus on what you do best: running your day-to-day operations.

My IT is Compliant, So I Guess That Means It’s Secure, Right?

Short answer? No. Despite what you may have been led to believe, there’s a big difference between compliance and security.

Compliance and Regulations

IT compliance and security are not the same. IT Security refers to the best practices and IT solutions used to protect your technology assets, information, and data. It’s the process of implementing specific measures and systems that are designed to protect and safeguard your information. The right IT Security Plan utilizes various forms of technology based on your business’ unique needs to store and exchange data while preventing unauthorized access or improper disclosure.

Compliance refers to regulations imposed by a government, industry or regulatory entity to protect users’ confidential, private information. Examples of these standards include HIPAA, PCI, FINRA, and SOX.

Your IT can be compliant but not secure. “Why is this?” Compliance is a point-in-time snapshot assessment of your technology proving that you meet a minimum standard of security. You can be compliant one day, and not the next (although, you wouldn’t want this to happen).

Plus, IT compliance standards change predictably and slowly over time. These standards provide minimum guidelines for the amount and type of data protection required. IT security, on the other hand, is in a constant state of flux due to the ever-evolving, and more sophisticated cyber threats that appear on the IT landscape. Hackers are innovative and skilled at developing ways to steal your data. What happens is that compliance regulations don’t always keep up with these threats. Some require security protections and others don’t.

The main difference between compliance and security is that IT compliance is measured against prescribed controls, where IT security is defined by the ability to respond to and protect against cyber threats. IT security measures and techniques protect your data, users, networks, and assets from cybercriminals, hackers or other malicious threats.

Unfortunately, some businesses function with the bare minimum of IT security solutions they need to remain compliant. They check to make sure they meet the specific IT compliance requirements and think their data is secure when it’s not. This is a recipe for disaster. Cybercrime is growing at an explosive pace. If you restrict your defenses to only what you need to be compliant, your data and business could be at risk. To ensure IT security, your business needs a comprehensive approach to protection. The good news is that if your IT is secure, you’ll likely be compliant.

“How do I ensure IT Security?” It’s always best to consult with an IT Managed Services Provider who can assess your unique requirements and establish an IT Security Plan with a holistic, layered approach. Make sure that your provider includes the following in your IT Security Plan:

24/7 Remote IT Management and Monitoring to detect threats and block them before they affect your security posture. This includes applying patches via the cloud in real time.  

A Firewall Solution that continuously mitigates cyber-threat intrusions. This will filter the data in transit (data that comes in and leaves your network) by checking packets of information for malicious threats like Trojan viruses and worms, and other forms of malware that can steal or lock up your data. It’s best to use GEO IP Filtering whenever possible, and use a next-generation firewall with perimeter malware protection.

An Up-to-Date Antivirus Solution. Even though firewalls are an excellent source of protection from viruses, they can’t do everything. You also need an antivirus solution that constantly scans your computers to detect suspicious files, isolate and delete them before they infect your system.

A Data Encryption Solution that obfuscates data that’s stored or in transit to prevent others from accessing or reading it. The proliferation of cyber espionage has led to the need for encryption to protect your sensitive data and intellectual property from prying eyes.

A Web-Filtering Solution. This routes web traffic and applies security-filtering policies to protect your computers, laptops, and tablets from malware, botnets, and phishing.

Regular Backups Make sure you always have reliable backups of your data both onsite in a device you can unplug and take with you in case of a disaster, and offsite in a secure cloud so you can retrieve your data remotely if necessary.

Ensure Your Mobile Devices Are Secure. With the proliferation of Bring Your Own Device (BYOD) policies, your business requires secure mobile device solutions that protect your data whether it’s deployed across multiple mobile service providers or on a variety of mobile operating systems. Mobile Device Management provides for remote wiping of data if your mobile devices are lost or stolen.

Security Awareness Training for Your Employees. This should be a formalized training on the latest threats and how to mitigate them. Security Awareness Training for your employees will reduce the risk to your organization’s data and IT systems and limit the chance of a data breach. Some compliance regulations specify the need for Security Awareness Training including HIPAA, PCI DSS, SOX, and FISMA.

Vulnerability Audits to identify security gaps in your computers, network, or communications infrastructure and develop appropriate mitigation countermeasures to protect them.

Penetration Testing. This is an analysis that focuses on where security resources are needed most. When accompanied with Vulnerability Audits they locate the weakest links in your network, identify and document weaknesses in your security, and remove them. Independent Penetration Testing and Vulnerability Audits will help you meet regulatory compliance standards like HIPAA, FINRA and PCI DSS.

Ongoing Updates to your Operating Systems and Software. Whenever there’s an opportunity to update, it’s important to do so. Rather than worrying about this yourself, your IT Managed Services Provider can include this responsibility in your overall IT Security Plan. This will safeguard your system from debilitating cyber attacks and keep your IT system running at peak performance.

There will always be overlaps between compliance and security guidelines but remember that IT security provides a more extensive assurance than IT compliance alone. For help with the unique IT security requirements your business faces, contact a certified IT Managed Service Provider in your area and ask for an assessment of your entire IT network.