Data Alert

Data Alert News

Who is Going to Help the Police?

September 10, 2019

Think it is safe to be the police?  This is not always true, especially when it comes to data breaches.  The LAPD HR System was attacked and almost 20,000 LA police officers and job seekers were compromised. The hackers were able to access the HR Department and stole Social Security numbers, date of birth and home addresses.

The Personnel Department received an email from the hackers with evidence of their data to inform them. They said the information was stolen 'through external sources', rather than through a contact in the department.

The general manager of LA's IT Agency told the media they would be bolstering their security. "Out of an abundance of caution we're applying extra layers of security around our personnel system and enhancing defenses,"

It will likely take weeks or months to understand how the attack happened, and what exactly was taken - whether it was full files, or merely scraps.

Officers are outraged, the union the Los Angeles Police Protective League issued a statement: "We call upon the city to provide the necessary resources and assistance to any impacted officer who may become the victim of identity theft as a result of this negligence, so that they may restore their credit and/or financial standing."

An LAPD spokesman said: 'Data security is paramount at the Los Angeles Police Department, and we are committed to protecting the privacy of anyone who is associated with our agency.'

 

Marriott discloses a massive data breach

September 3, 2019

Marriott disclosed that hackers had access to the reservation systems of many of its hotel chains for the past four years, starting in 2014 and not discovered till 2018. This breach exposed private details of up to 500 million customers while underscoring the sensitive nature of records revealing, where and when people traveled and with whom.

The breach of the reservation system for Marriott's Starwood subsidiaries was one of the largest in history and was particularly troubling for the nature of the data that was stolen. The hackers got names, addresses, credit card numbers, phone numbers, passport numbers, travel locations and arrival/departure dates.

The potential value of such information on such a large percentage of the world's travelers triggered speculation that Marriott may have been the target of nation-state hackers seeking to track the movements of diplomats, spies, military officials and business executives. Even if the hackers were in search of profit, such data offered the hackers an easy way to steal the identity of those affected.

"This is extraordinarily intimate data," said Edward Hasbrouck, a San Francisco-based travel writer "The travel industry has been grossly negligent compared to many industries when it comes to data privacy and security."

The hackers gained access to the reservation database of Starwood properties, which includes St. Regis, Westin, Sheraton, Aloft, Le Meridien, Four Points and W Hotels according to a Marriot spokesperson. They acquired Starwood in 2016 and kept the reservation databases separate from its own until recently. Arne M. Sorenson, said in the news release. "We deeply regret this incident happened,". "We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward."

Once news of the breach came out, the company's shares were down nearly 6 percent.

An internal security tool flagged the unauthorized party's activity on September 8. Marriott then discovered that the hackers had accessed the information, encrypted it and attempted to remove it. It took Marriott until late November to decrypt the information.

"It's not just that it's been continuing for four years, but that there were significant opportunities for higher scrutiny," said Paige Boshell, an attorney with Privacy Counsel LLC.

Connie Kim, a Marriott spokeswoman, declined to comment on whether other personally identifiable information, including names, addresses, phone numbers, email addresses and passport numbers was protected.

The company acknowledged they could not rule out the possibility that encryption keys were taken by hackers.

"The fact that they can't rule out that the keys were taken sounds like a problem," said Matthew D. Green, a Johns Hopkins University cryptographer.

It's not the first time Starwood has been hacked. In 2015, they fell prey to credit card breaches. Malware aimed at stealing credit and debit card information was found on payment systems at restaurants and stores at 54 Starwood hotels in North America.

Cybersecurity experts debated whether the hackers were criminals collecting data for identity theft or nation-state spies collecting information on travelers worldwide. Hotel chains, with their vast customer databases and proprietary WIFI networks make appealing targets.

Without taking proper steps, your business could face a similar situation. It only takes one employee to open one wrong email, and you could be inviting hackers into your systems.

 

Ransomware - two fold problem

August 22, 2019

Ransomware is now a real threat to businesses, governments, and individuals worldwide. The problem with ransomware is twofold.

First, ransomware completely encrypts a victim's file system, potentially causing an irreversible loss of data. Second, an increasing number of cybercriminals are utilizing ransomware to extract money out of victims. Ransomware losses for businesses can average $2,500 for each incident, with businesses willing to shell out upwards of close to a million dollars to decrypt their data in some instances.

The Beazley Group found that small-to-midsized businesses were at the largest risk. The highest ransom paid out for its clients in 2018 was over $930,000.

 

Cyber Threat Trends

August 13, 2019

Today there is a host of new and evolving cyber security threats. Ever-more sophisticated cyber-attacks has the information security industry on high alert. Big Corporations, Government and individuals are becoming more aware of and susceptible to attacks involving malware and phishing to name just a couple.

Phishing - Phishing attacks, carefully targeted digital messages are designed to fool people into clicking on a link that can then install malware or expose sensitive data.

As employees are being trained and more aware of the dangers of email phishing or clicking on suspicious-looking links, hackers are changing up how they operate. Crafting convincing fake messages hoping the recipients will compromise their organization's networks and systems. These attacks enable hackers to get user logins, credit cards and other personal financial information.

Ransomware - These attacks cost victims billions of dollars every year. Hackers deploy Ransomware that enable them to literally kidnap an individual or organization's databases and hold all the information for ransom.

Cryptojacking - The cryptocurrency movement also affects cyber security in other ways. For example, cryptojacking is a trend that involves cyber criminals hijacking third-party home or work computers to "mine" for cryptocurrency. Cryptojacked systems can cause serious performance issues and costly down time as IT works to track down and resolve the issue.

State-Sponsored Attacks - Entire nation states are now using cyber skills to infiltrate other governments trying to attack critical infrastructure. Cyber crime today is a major threat not just for the private sector and for individuals but for the government and the nations. A major concern, state-sponsored attacks are expected to increase with attacks on critical infrastructure.

McAfee has predicted that: "Nation-state cyberwarfare will become an equalizer, shifting the balance of power in many international relationships just as nuclear weapons did starting in the 1950s. Small countries will be able to build or buy a good cyber team to take on a larger country. In fact, cyberwarfare skills have already become part of the international political toolkit, with both offensive and defensive capabilities."

IoT Attacks - The Internet of Things is becoming more ubiquitous by the day (according to Statista.com, the number of devices connected to the IoT is expected to reach almost 31 billion by 2020). It includes laptops and tablets, of course, but also routers, webcams, household appliances, smart watches, medical devices, manufacturing equipment, automobiles and even home security systems.

Connected devices are handy for consumers and many companies now use them to save money by gathering immense amounts of insightful data and streamlining.businesses processes. However, more connected devices mean greater risk, making IoT networks more vulnerable to cyber invasions and infections. Once controlled by hackers, IoT devices can be used to create havoc, overload networks or lock down essential equipment for financial gain.

Smart Medical Devices and Electronic Medical Records - The health care industry is still going through a major evolution. Patient medical records are migrating to the cloud and medical professionals are beginning to realize the benefits of smart medical devices. As the health care industry adapts to the digital age, there are several concerns, privacy, safety and cyber security threats.

According to Carnegie Mellon University Software Engineering Institute, "As more devices are connected to hospital and clinic networks, patient data and information will be increasingly vulnerable. Even more concerning is the risk of remote compromise of a device directly connected to a patient. An attacker could theoretically increase or decrease dosages, send electrical signals to a patient or disable vital sign monitoring."

Many hospitals and medical facilities are still adapting to the digitalization of patient medical records and hackers are exploiting the many vulnerabilities in their security. Patient medical records are almost entirely online and have become a prime target for hackers.

Third Parties - Third parties, vendors, contractors and partners pose a huge risk to corporations. The majority have no dedicated IT teams in place to manage these third-party employees.

Cyber criminals are becoming increasingly sophisticated and cyber security threats are growing. Organizations are more aware of the risk third parties pose than ever before. Several years ago, Wendy's fell victim to a data breach that was caused by a third-party vendor that was hacked.

Jamie Woodruff said: "As more technology comes out, we're ever more reliant on third-party vendors. Look at how APIs work, and how we feed them into third parties. That's a potential way into the corporate network."

Connected Cars - A connected car uses onboard sensors to optimize its own operation. This is done through embedded, tethered or smartphone integration.By 2020, an estimated 90 percent of new cars will be connected to the internet.

For hackers, this means yet another opportunity to exploit vulnerabilities in insecure systems and steal sensitive data and/or harm drivers. In addition to safety concerns, connected cars pose serious privacy concerns.

If you have concerns that your company may be at risk, please contact BizCom Global, we keep your employees from doing dumb things.

Ransomware Attack via MSP

July 30, 2019

Another MSP that fell victim to a ransomware attack.

The attacker simultaneously encrypted endpoint systems and servers of all their customers of a US-based managed service provider. This happened by exploiting a vulnerable plugin for a remote monitoring and management tool used by the MSP.

This ransomware attack resulted in some 1,500 to 2,000 systems belonging to the MSP's clients getting crypto locked and the MSP itself facing a $2.6 million ransom demand.

Discussions this week on an MSP forum on Reddit over what appears to be the same - or at least similar - incident suggest considerable anxiety within the community over such attacks, with a few describing them as a nightmare scenario.

"From the MSP's standpoint, the tool they use to manage everything was just used against them" to inflict damage on customers, says Chris Bisnett, chief architect at Huntress Labs. "Everyone is looking at this attack and saying, "This could have been me."

Huntress provides managed detection and response services to the MSP that was attacked. An initial investigation showed that the MSP's systems itself had not been compromised, Huntress eventually linked the attack to a vulnerable plugin for a remote management tool from Kaseya.

Many MSPs use Kaseya's VSA RMM tool to remotely monitor and manage client systems and servers. The vulnerable plugin for Kaseya that was exploited in the MSP attack itself was from ConnectWise. Bisnett said: "The vulnerability basically gave the attackers a way to run remote commands and allowed them complete access to the Kaseya VSA database." "They were able to task the RMM tool as if they were an administrator at the MSP,"

The executable was Gandcrab, a widely distributed ransomware tool that has been used in numerous previous attacks. All customer systems that the MSP was managing via the Kaseya RMM tool were encrypted simultaneously, locking users out of them.

Previously, attackers have installed crypto mining tools on business systems and stole data by gaining access to their networks via the MSP connections. MSPs have reported one or two clients getting hit with ransomware. "But this was extra alarming because all customer systems were encrypted at the same time," Bisnett notes.

Attacks on MSPs are a growing concern. Recently, threats, some sponsored by nation states, have begun targeting MSPs to get to the networks of their clients. APT10, a threat group believed to be working for the Chinese Ministry of State, is one of the best-known operations targeting MSPs. This group has been conducting a cyberespionage operation called Cloud Hopper attempting to steal data from banking, manufacturing, consumer electronics, and other sectors by attacking their MSPs.

Concerns over attacks are so high the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security were scheduled to brief MSPs on Chinese malicious activity.

Joshua Liberman, president of Net Sciences, a New Mexico-based MSP said: "The only way we'll survive this as an industry, short of stopping the threat at its source, which is well beyond our scope, is to tighten our own defenses, share information with each other, and create an 'offensive defense posture,'" he says.

Why Store Your Data in the Cloud

Junly 16, 2019

What is the Cloud? It's a remote, server-based storage and processing. By keeping your documents and media files in the cloud, you have anywhere, anytime access.

Why move to the Cloud? A recent study noted that 54% of people recently lost data or know someone who has. Add to that with how many businesses have hardware that gets lost or stolen, you can see the real need to move your storage off your devices.

Another problem with local storage is people/businesses do not follow United States Government recommended plan for backups, the 3-2-1 Plan. You should always have at least 3 copies of your data. This means having at least 3 total copies of your data, 2 of which are local but on different devices, and keeping 1 copy offsite.

Local storage is not Scalable, as your storage needs grow, it is simple and inexpensive to increase your online needs. Technology is moving away from local storage to the Cloud. The Cloud provides access to all your important data, docs, PDFs, spreadsheets, and any other digital assets needed from anywhere and anytime. You no longer need to be sitting in front of a work computer to access your files. With cloud syncing you can access what you need on your smartphone, your tablet or a laptop in your hotel room. Using a service like ours means no more having to email files to yourself or using a USB thumb drive.

If you don't yet have a service for storing and syncing your data in the cloud, you should seriously consider one. No matter what you are trying to accomplish we have a solution that will satisfy you needs. Our services are extremely user-friendly, even if you're not the most technologically advanced user, with our simple to use software, you will be up and protected in no time.

What Can Cloud Storage Do for You?

You want your other software and apps to be able to retrieve or access your files, so make sure you use a service like ours that gets along with the other tools you use.

The backup agent component of Acronis Backup runs in the secure Acronis Cloud instead of on your premises, which streamlines and simplifies the process of configuration and maintenance.

We offer a complete solution, not just backing up your computer's files, we can provide you with Disaster Recovery. In the event of a disaster, we can have you up and running "virtually" until your local equipment is functioning. 93% of companies that who lost data for 10 days or more filed for bankruptcy within 1 year, what's your plan?

 

ThreatTest- A tool that helps users self resolve potentially malicious email AFTER it has been delivered

Learn More

Spam and Virus Protection - keep your inboxes safe with email hygiene tools.

Learn More

Backup and Recovery - Protect your company from lost data regardless if it is malicious or accidental.

Learn More

Email Archiving - Securely preserve, search, and access electronic communications in the cloud.

Learn More

Email Encryption - Protect PHI and PII send email encrypted.

Learn More

Customer Reviews

It is so pleasing to know that there are still businesses around that somehow manage to seamlessly combine a top quality product with a focused attention to customer needs and individual requirements...

Kevin Walls, President - Stameys Walk HOA

More Reviews