Ulistic Projects Blog

Why Every Business Should Invest in Cybersecurity

Cyber security is essential to businesses of all sizes. Learn how to keep your business up to date and protected from the most common digital threats.  

Cybersecurity is no longer a concern exclusive to large corporations. Since the infamous attacks on Equifax, Target, and Apple, cybercriminals have started to shift their focus towards smaller businesses. Without proper security protocols, small businesses are sitting ducks even for novice hackers.

In recent years, the cost of data theft targeting small and medium-sized businesses (SMBs) has risen significantly. The Ponemon Institute reports a 17% increase in the average cost of theft and damages, and a 26% increase in the average cost of disruption to operations. The threat has prompted many SMBs to invest more heavily in third-party data security services.

Cybersecurity in a Continuously Evolving Digital Space

Ever-evolving technology makes the world more connected, but also makes data more vulnerable to attackers. Gone are the days when an antivirus, firewall, and email filter were enough to earn a passing cybersecurity grade. As criminals refine and improve their methods of attack, businesses and IT professionals must step up their defenses.

The most recent trend in cyberattacks is a shift towards SMBs, many of which lack the breadth and depth of data security that larger corporations are likely to have. Illicit tactics such as email phishing, direct hacking, and installing ransomware can spell big trouble for SMBs. If your data is compromised, the results can extend to your customers and other members of your supply chain.

Consequences of a Data Breach

The fallout from a data breach depends on the scale of the attack and the value of the data stolen. Hackers may be able to seize control of accounts, drain funds, freeze assets, and access sensitive customer information. If you operate in the healthcare or financial sectors, you may be liable to pay reparations in addition to suffering the cost of stolen capital and the inability to continue operations. The cost of a large-scale data breach can devastate even the wealthiest of corporations, and will most certainly overwhelm a small business.

How to Improve Cybersecurity

A common misconception is that only large corporations can afford effective cybersecurity. In most cases, implementing cybersecurity isn’t merely a matter of money, but of proper training and awareness. A Ponemon Institute study linked 54 percent of data breaches to employee or contractor negligence. This includes email phishing, which is often the first step attackers use to conduct large scale theft of usernames, passwords, and other sensitive data.

Educating and training your employees on cybersecurity minimizes the risk of data theft at the point of contact. Your business should have protocols to identify signs of phishing, choose secure passwords, and grant or deny access to information. You can also inform your customers about how to keep their information secure. Taking this two-pronged approach shows customers how committed you are to keeping their data safe.

Being proactive and spreading the word on cybersecurity threats will help you protect your business from hackers. Whether you’re a multinational corporation or a two-person mom-and-pop shop, your customers rely on you to safeguard their data. Implementing the latest security practices lets them know that you value their trust.

What Is the Dark Web and How Can You Stay Off It?

Ever heard of the dark web? It’s definitely not a place you want your company’s information to be. Learn everything you need to know about the dark web here.  

Most people have heard about the dark web in one form or another. It’s a place where criminal activity happens — from the purchase of illegal drugs to the hiring of assassins.

Of course, there is a legal side to the dark web as well; though, most people don’t know about. In fact, the origin story of the dark web is entirely legitimate and is even linked to the government.

Still, as a business owner or CEO, your relationship with the dark web (should you unfortunately have one) will not likely be good. It’s a bad sign if any of your information is found there. That’s why it’s important to know about what exactly the dark web is: Where it came from, what’s on it, and what you should do to stay as far away from it as possible.

What Is the Dark Web?

The dark web is essentially one “section” of the Internet. Specifically, it’s a section that isn’t included in mainstream search engines like Google. So, when you search a normal search inquiry, such as, “Where’s the best hamburger joint in downtown Pittsburgh?” you don’t get results from the dark web.

Instead, this section includes all sorts of illicit goings-on. Mostly, it’s a marketplace for things you shouldn’t be buying because they’re illegal to sell and/or buy. For instance, you can buy lifelong access to Netflix for a small price (six bucks). You can hire someone to hack into someone else’s computer for you and download their data or track their keystrokes. You can purchase credit card credentials. You can obtain prepaid debit card numbers and security codes.

How Does One Access the Dark Web?

We’ll reiterate again that the dark web is not a place you want to find yourself (or your information). However, for the sake of knowledge, we’ll explain that in order to access the dark web, you must download what’s called the Tor browser.

Tor stands for The Onion Router. This is basically the software that makes the dark web operate in the dark.

Where Did the Dark Web Originate?

The dark web began in the late 1990s as a way for the United States Naval Research Laboratory (NRL) to better hide their online communications. At this time, The Onion Router or Tor was brand-new.

Soon after its initial creation in 2004, the dark web’s Tor software was released for public use. Since that time, it has ceased to be solely a government resource and has turned into the “back alley” of the Internet.

How Can the Dark Web Affect Business Owners?

The dark web is a potential danger to all businesses of all sizes and in all industries. In fact, it can be a potential danger to individuals as well. But let’s talk about your business and the dark web.

Basically, it has been found that 60% of the web listings on the dark web could harm a business. That’s because, these listings offer individuals searching the dark web ways to obtain things like the following:

• Customer data
• Tips for hacking computers
• Tips for hacking networks
• Malware
• Financial data
• Phishing advice
• Operational data
• Intellectual trade secrets
• Tutorials for cyber crime
• Remote access Trojans (RATs)
• Espionage services
• Credentials access

How Can You Keep Your Business Safe From the Dark Web?

The best way to keep your business safe from the dark web is to have the proper cybersecurity measures in place. This means hiring a cybersecurity team or a managed service provider (MSP) to handle your company’s cybersecurity. Even if you’re a small business, hiring an MSP to have on retainer is a good idea.

They will make sure that you have firewalls and other detectors of malware in place for adequate security. It’s also essential to back up your data and to make everyone who works for or with your company aware of how to avoid phishing attempts.

Lastly, your cybersecurity team should be monitoring the dark web to make sure that none of your information lands there. This goes for personal information for you and your employees, as well as overall company information. Taking these measures is the only surefire way to ensure that your company does not end up on the wrong end of the dark web.

Check Your IoT: URGENT/11 Zero-Day Vulnerabilities Impacting 2 Billion Devices

It was only a matter of time before connected devices become a target. The current vulnerability allows remote attackers to gain full control over IoT devices.  

Security professionals have known that connected devices are a risk, but the latest news around the URGENT/11 vulnerabilities may surprise even the most hardened security professional. Over 2 billion connected devices are thought to be vulnerable, including a range of printers, VOIP phones, routers, medical equipment, firewalls, elevators and industrial controls. Any connected device that is running the VxWorks operating system created by Wind River has the potential to be affected, allowing users to remotely gain control over the device.

URGENT/11 Vulnerabilities

Dubbed “URGENT/11”, these security risks include six critical vulnerabilities connected with VxWorks 6.5 or higher that includes the IPnet stack. There are a few versions of the OS that may not be affected, according to security research firm Armis, such as their VxWorks Cert Edition and VxWorks 653. Whether devices are within the network perimeter or on the edge, they can still be leveraged for remote access directly into networks. The vast range of manufacturers of the devices at risk means the level of security at the device level is likely to vary dramatically between product types. Fortunately, Wind River Systems provided critical patches during a recent July 19 release, but that may not be enough to reduce the risk for organizations utilizing these connected devices.

What is VxWorks?

“VxWorks is the most widely used operating system you may never have heard of,” said Ben Seri, vice president of research at Armis. “A wide variety of industries rely on VxWorks to run their critical devices in their daily operations—from healthcare to manufacturing and even security businesses”. As an RTOS, or real-time operating system, VxWorks has generally been considered to be a stable solution for IoT and other interconnected devices with only 13 vulnerabilities reported in over 32 years of operation for the platform. Since it is only older versions of the RTOS that are vulnerable to attack, it’s thought that newer devices should be relatively safe and many affected devices are already reaching end-of-life. These devices are generally ones where chipsets only need to manage a few basic pieces of information, such as input/output operations, where little data processing is required.

How to Protect Your Business

While officials at VxWorks and Armis note that there are no indications that the URGENT/11 vulnerabilities have been exploited, the extreme disruption that could be caused within an organization is reason enough to warrant a proactive effort to protect your organization. Here are the recommended steps from Wind River security professionals and engineers:

• Apply the recent patch immediately
• Deploy specific firewall signatures/rules that will help mitigate the danger if patches cannot be applied immediately

You can view the full URGENT/11 whitepaper with a breakdown of the vulnerabilities and suggestions for remediation online. Experts note that the level of disruption could be significant, perhaps even rivaling the EternalBlue 2017 vulnerability or the WannaCry ransomware attack. In each of these instances, it was challenging for many small businesses to determine the best steps to move forward and protect their organization.

Partnering with an IT services firm helps ensure that your business is alert to this type of critical attack vector. Staying vigilant for vulnerabilities and quickly applying patches may mean the difference between a few hours of work patching devices or servers and months of remediation as you attempt to recover from a major attack.

Capital One Data Breach Affects More Than 100 Million Customers and Small Businesses in The U.S. & 6 Million in Canada

On July 29, 2019, Capital One reported that their customers’ confidential information was compromised. This includes the Social Security and bank account numbers of more than 100 million people and small businesses in the U.S., along with 6 million in Canada.

The McLean, Virginia-based bank discovered the vulnerability in its system July 19 and immediately sought help from law enforcement to catch the perpetrator. They waited until July 29 to inform customers.

How Did The Hacker Get Into Capital One’s System?

According to court documents in the Capital One case, the hacker obtained this information by finding a misconfigured firewall on Capital One’s Amazon Web Services (AWS) cloud server.

Amazon said that AWS wasn’t compromised in any way. They say that the hacker gained access through a misconfiguration on the cloud server’s application, not through a vulnerability in its infrastructure.

Capital One says that they immediately fixed the configuration vulnerability that the individual exploited and promptly began working with federal law enforcement.

Who Breached Capital One’s Data?

Paige A. Thompson, a former software engineer in Seattle, is accused of stealing data from Capital One credit card applications.

Thompson was a systems engineer and an employee at Amazon Web Services from 2015 to 2016. In a statement, Amazon said that she left the company three years before the hack took place.

The FBI arrested Thompson on Monday, July 29 for the theft, which occurred between March 12 and July 17. Thompson made her initial appearance in U.S. District Court in Seattle and has been detained pending an August 1 hearing. Computer fraud and abuse are punishable by up to five years in prison and a $250,000 fine.

What Information Was Compromised?

Thompson stole information including credit scores and balances plus the Social Security numbers of about 140,000 customers and 80,000 linked bank account numbers of their secured credit card customers. For Capital One’s Canadian credit card customers, approximately 1 million Social Insurance Numbers were compromised.

The largest category of information obtained was that of consumers and small businesses when they applied for one of Capital One’s credit card products from 2005 through early 2019.

Capital One said, some of this information included names, addresses, phone numbers, email addresses, dates of birth and self-reported income.

Other data obtained included credit scores, limits, balances and transaction data from a total of 23 days during 2016, 2017 and 2018.

This is one of the top 10 largest data breaches ever, according to USA TODAY research.

What Is Capital One Saying About The Breach?

They will offer free credit monitoring services to those affected. Capital One said it was “unlikely that the information was used for fraud or disseminated by this individual” but committed to investigating the hack fully.

They’ve set up a consumer website about the breach at www.capitalone.com/facts2019 that you should refer to if you’re worried that your information was compromised.

Capital One expects that this hack will cost them approximately $100 million to $150 million in 2019.

What Should Capital One Customers Do?

If you’re a Capital One customer, you should check your account online. You should also freeze your credit through each of the three main credit bureaus: Experian, Equifax and TransUnion.

It’s important to remain vigilant. Businesses should sign up for Dark Web Scanning to detect whether your confidential business information is there for cybercriminals to use.

Prevention is always the best remedy. Ask your IT provider to ensure your that your firewall is properly configured and to continuously remotely monitor your network for intrusions.

Major Fines for IT Data Breaches

Outdated machines, software or employee practices can lead to major security problems. These big companies faced painful fines for their IT mistakes.

As companies increase their online activity, data collection and eCommerce, the stakes will continue to rise. Companies that are lax, poorly prepared or sloppy are facing disastrous tech breaches. Equifax, Uber, TJX and Visa are just a few of the companies that have had to face hefty payouts for data breaches. The public relies on companies to act professionally and secure their information. Many companies that face a security breach or lost data will not be able to stay in business.

With a security breach, the customer’s trust is lost. Not only will the reputation harm business, but fixing the issue will cost more than preventing it. Fines and payouts will also add to that cost. And, the more consumers affected by a major problem in the company’s security, the more painful the clean up. You can’t afford to slack when it comes to IT security.

Equifax Data Breach Settlement of $700 Million

The infamous Equifax data breach of 2017 has lead to 147 million affected customers. The settlement announced by the credit reporting company included $175 million to 48 states, $300 million towards free credit monitoring services for the impacted customers and $100 million to the Consumer Financial Protection Bureau for civil penalties.

Federal Trade Commission (FTC) Chairman Joe Simons said, “Equifax failed to take basic steps that may have prevented the breach that affected approximately 147 million consumers. This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud.”

Facebook Faces $5 Billion in Fines for Privacy Violations

The FTC smacked Facebook with a $5 billion fine for the Cambridge Analytica incident. This privacy violations fine was in response to personal data taken from over 87 million Facebook users to create more persuasive and personalized ads.

Uber Faces $148 Million in Fines for Covering Up Hacked Accounts

In 2016, Uber had over 57 million user accounts compromised–and then tried to cover it up by paying the perpetrator $100k. This lead to the largest data-breach payout at the time of $148 million because they broke data breach violation laws.

Anthem Faces $131 Million for Data Breach of Customers

When the US health insurer Anthem was hacked in 2015, over 79 million customers had their names, birthdates, social security numbers and medical IDs compromised. The company paid out $115 million in a class-action lawsuit in 2017 regarding the breach. The US Department of Health and Human Services fined them an additional $16 million for HIPAA (Health Insurance Portability and Accountability Act) violations.

TJX and Visa Pay Out $40.9 for Data Breach

When over 96 million credit and debit accounts were hacked in a widely-publicized data breach that lasted from 2003 to 2007, TJX promised pay outs. This came under the terms that 80% of card issuers agreed to the recovery offer and promised not to take further legal action. TJX agreed to fund the settlement as a resolution to those U.S. Visa holders with cards from taking further legal action. This amount was not part of the $256 million the company said it had budgeted to deal with the breach.

Texas Cancer Center Fined $4.3 Million for Unencrypted Equipment

Between 2012-2013, the University of Texas MD Anderson Cancer Center lost one unencrypted laptop when it was stolen from an employee’s house and two unencrypted USBs that contained sensitive patient data. The health information of over 33,500 individuals was compromised and the center faced a $4.3 million fine for HIPAA violations.

FMCNA Fined $3.5 Million for Five Data Breaches

In 2012, Fresenius Medical Care North America (FMCNA) was fined $3.5 million for HIPAA violations after five separate breaches in different company locations. The Office for Civil Rights noted that FMCNA could have avoided this with a thorough risk analysis to find the potential risks and vulnerabilities. Many of their breach problems included lacking security policies and failing to encrypt sensitive health data.

A good company will take proactive IT security measures with a great tech team. By outsourcing IT security through a managed IT service company, you can get the best security without hiring a team full-time. Your IT team will provide an audit of your company to help you find the places where your security, devices or practices might be a threat to your company. Ensure you are using the right equipment and your employees are trained to meet compliance standards, privacy laws, customer expectations and more so your company can succeed.

Phishing Attacks Target OAuth Credentials to Gain System Access

Discover how an increasingly popular authentication process, OAuth, can be exploited by hackers and wreak havoc on applications and access sensitive data.

What Is OAuth?

OAuth is a widely used framework that allows applications to share access to assets. It lets unrelated services and servers to allow authentication without sharing the initial single login credential. It’s often referred to as secure third-party user agent delegated authentication.

OAuth lets you access a resource — secure password-protected sections of a website, for example. Once the access is granted it remains in place until revoked, even if passwords or reset or 2-factor authentication changes.

It’s the technology that allows you to log in to a website or an app using Facebook or Google credentials. Instead of creating and using a password for, say, ESPN.com, you can log in using your Facebook account. Facebook, Google, Microsoft and Amazon are among those that use OAuth to allow access to other platforms as well as their own.

OAuth does not share password data across sites, but it does share the authorization tokens to confirm your identity.

What Is the Oauth Phishing Attack?

The OAuth tactic is unlike those used in traditional phishing attacks. By targeting the authorization tokens, hackers can essentially act as a compromised account holder throughout any platform on which the hacked person uses OAuth.

A hacker can create a simple app that is loaded into an email message. When users click on the phishing email, they can inadvertently allow access via the OAuth protocol.

“These techniques have been observed in sophisticated attacks in the past¹ but are becoming easier to execute and are gaining in popularity,” notes a recent article.

What Can Attackers Do if a Phishing Attack Is Successful?

A successful phish attack lets a hacker do any number of things, depending on the resource to which access was granted. For example, if access is granted to your Microsoft Office or Office 365 account, a hacker could:

• Search your mailboxes
• Read your email messages
• Download messages and any attachments
• Search for keywords in your email and extract that data
• Send messages on behalf of your account … to anyone
• Access your contacts
• Search shared drives like OneDrive and Sharepoint, read documents and download and extract files
• Create malicious Outlook rules
• Inject disruptive macros into stored Word documents
• Create and install filtering and forwarding rules

Data accessed, reviewed and stolen can have severe consequences, as could macros and rules that make it difficult or impossible to use these common office productivity apps.

What Can Be Done to Defend Against a Phishing Attack?

More platforms are using OAuth to make it easier for customers or users to access information. That proliferation of uses means more opportunities for hackers. It’s likely that the number of OAuth phishing attacks is likely to grow.

The best defense against OAuth and other phishing attacks is awareness. Employees and other users need to be aware of the risks and potential outcomes of a phishing attack.

That means training and simulations that help users look for telltale signs of a phishing attack, such as poor grammar and spelling and the use of an unusual email address. Explaining how OAuth phishing attacks work also helps to raise awareness and let users take a skeptical approach to providing those credentials if something doesn’t feel right.

Your organization should also make it easier for employees to submit any suspect email messages that they believe are a phishing attempt.

Some other recommendations are:

• Limit the number of third-party apps that can 3^rd party apps that your network accepts
• Disable any third-party apps across the organization that are unnecessary
• To identify rare or suspicious instances, search for and monitor all consented applications

To reduce the likelihood and impact of an OAuth phishing attack, be sure to work with your managed IT services provider to ensure that training, anti-phishing solutions and monitoring are in place for your entire network.