locky-ransomware-FB

Due to their activities, hospitals need to be highly secure. However, a recent ransomware hack on UK hospitals has questioned just how secure they are.

Huge swathes of data are held by hospitals and the majority of it is highly personal and sensitive. Not only that, but hospitals rely on their IT systems to carry out highly important work such as maintaining operating equipment, retrieving patient information and even refrigerating blood samples.

Therefore, anything which even slightly impedes these operations can have a huge, disruptive impact. Unfortunately, for the UK’s hospitals (mostly run through the government NHS system), they have been hit hard by the WannaCry ransomware. Let’s take a look at how this major hack happened.

What’s WannaCry?

WannaCrypt

WannaCry is a form of ransomware that exploits a vulnerability contained within the Server Message Block (SMB) which is a network protocol to help facilitiate access to shared files and printers etc. It’s not yet been revealed exactly how WannaCry has managed to infect the UK’s hospital systems, but it’s rumoured to be through the usual infection methods of Microsoft Office attachments or suspicious links.

Once WannaCry is executed in the SMB it begins to encrypt almost all the files on that PC with an extension of “.WRCY” and then displays a ransom window which demands payment of $300 worth of bitcoins to decrypt the compromised files. A ransom note is also placed on the users system in the form of a text document to detail the ransom demands once more.

What’s surprising about this attack is that the SMB vulnerability was actually patched by Microsoft almost two months previously in March. Those users and networks who implemented this patch will have survived the WannaCry attack, but countless others failed to install the patch. It’s suspected that many of the UK hospitals attacked were unable to install this patch due to the number of legacy systems involved.

And it’s not just the UK’s hospitals which felt the wrath of WannaCry. Car giant Nissan found that their UK manufacturing plant was also attacked and this led to production of their cars being halted. However, it isn’t just the UK which was targeted as reports show that over 40,000 similar attacks have now been registered in over 70 countries.

Avoid the Ransom Demands

wannacry

It may seem difficult to combat such a huge, global cyber-attack which is capable of bringing government organizations to their knees, but prevention can make a real difference in these situations.

The most important lesson to learn from WannaCry is that updates issued by software manufacturers must never be ignored. Sure, it may require a quick reboot, but surely a few minutes inconvenience is preferable to having all your files compromised and in the hands of an anonymous attacker?

It’s also vital that you have up to date antivirus software and network protection as, in the case of WannaCry, these can identify the ransomware before it has a chance to take hold of your computer. Again, these can be inconvenient due to the cost, but the long term benefits to your organization can be immense.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


 

cloud-storage-1

Cloud storage has been a huge revolution in how businesses store their data, but as it’s relatively new, there’s still a lot of uncertainty surrounding it.

Understanding cloud storage is essential to ensure that your business is able to maximize the cloud’s benefits, but, more often than not, businesses are making the same old mistakes and missing out on value and performance.

Seeing as value and performance are critical for any successful business, it’s essential that you don’t make these 5 cloud storage mistakes.

  1. Not Selecting the Right Storage Option

Every day there seems to be more and more service providers offering cloud storage options, so all this choice is surely a good thing, right? Well, yes, but all their claims of “the best package” can make it difficult for businesses to select a storage option which is right for their needs. And this can lead to businesses overpaying for cloud storage options which aren’t necessary.

The key to avoiding this – and securing the system which suits your business – is to work with reputable cloud brokers who can conduct surveys on your storage needs. With this data in hand, they’ll be able to search out the best cloud storage to suit your budget and infrastructure.

  1. Not Planning For DisastersBusinessman with head and hands resting on desk, elevated view

Whilst your data in the cloud is regularly backed up, the fact remains that this storage remains prone to failure. And this means that there’s the potential for you to be facing some significant downtime for your business.

Therefore, you need to ask yourself some serious questions about contingency plans for such scenarios. Perhaps a certain amount of data should also be stored on site to ensure that business critical operations can continue or, maybe, go through disaster recovery exercises to explore all your options.

  1. Not Maximizing Connectivityfast-internet-tucson_1

You’re potentially going to be accessing large amounts of data from the cloud, so you need to ensure that your internet connection can cope with all the accompanying bandwidth demands. Obviously, networks run much faster and are more stable than broadband, so the enhanced costs shouldn’t be a deciding factor. After all, having maximized access to your data at all times is a luxury you can’t afford to dismiss.

  1. Not Using the Cloud’s Full Potential

Many businesses view their cloud storage as just that, storage. No more, no less. And whilst, yes, it’s an amazing resource for storage, there’s the potential for so much more, but not enough businesses take advantage of this and, effectively, lose value from their cloud system. One of the main benefits of the cloud is that it allows collaboration between remote users and dispenses with the need for sending huge files over email or having to wait to download them.

  1. Not Realizing Any Maintenance is Required

With the cloud out of sight, it may almost feel, at times, that it’s also out of mind. However, maintenance is still an essential part of working with cloud storage. Your IT providers will still need to work closely with the providers to ensure connections are maintained and be ready to run diagnostic tests. And this is why it’s essential that your IT providers are involved with the implementation of the system from the very moment you start shopping around.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


qqzwoxk

Backdoors are a point of access which can be illegally installed to give hackers free and easy network access; they’re also very difficult to detect.

Unfortunately, for all computer users, backdoor hacks are a form of cyber-attack which is on the rise. And what’s particularly galling for businesses is that they’re becoming harder and harder to combat.

I’ve previously covered variants of backdoor attacks – such as the GlassRAT Trojan – but it’s time I took a closer look at how these backdoors operate.

What is a Backdoor Attack?

Gaining remote access to a computer network is a hacker’s dream, so anything that makes this a possibility will be pursued by hackers; a backdoor to your network is the most straightforward way of achieving this.

It literally is a ‘backdoor’ which hackers can use to come and go as they please without leaving any signs of forcing an entry. And with free rein to access your network, a hacker will seriously compromise the safety of your data and all your systems.

How Do Backdoor Attacks Take Place?

hackw0rm-website-hacking-with-c99shell-backdoor

What’s particularly tricky about backdoor attacks is the number of different strategies they employ to breach your defenses:

  • Software Exploits – Many pieces of software have backdoors built into them that only the developer is aware of. Sometimes this can be to help aid in maintenance, but there have also been reports of government agencies insisting ‘secret backdoors’ are installed to aid security. However, no matter how secret these backdoors are, there’s always the chance a hacker will discover them.
  • Malware – One of the most common methods of establishing a backdoor is through malware which first breaches the network before downloading code to setup a backdoor. As we’ve learned previously, malware can come in many forms such as email attachments and phishing.

Both these methods are troubling as they can take the form of a zero day exploit, so firewalls and anti-malware software are oblivious to these new security threats which leads to a period where the attack simply isn’t detected.

Secondly, the backdoor establishes the hacker with seemingly legitimate credentials and this fails to create any suspicion around the connections being made into your network, so they’re not easy to pick up and gives the hacker plenty of time to run riot.

How to Defend Against Backdoors

Although backdoors are tricky attacks that are difficult to counter, you can still protect your network by taking the following measures:

  • Don’t Forget The Old Methods – Firewalls and anti-malware software still have a place and can detect a high proportion of backdoor activity e.g unauthorized incoming traffic. Therefore, it’s not quite time to dispose of these quite yet otherwise you run the risk of a simple and quick hack taking place.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Computer crime concept

The latest evolution in hacking is here and it’s known as Cybercrime as a Service (CaaS) and it promises to create faster, more powerful hacks, but how?

Well, many people have a need to carry out hacking operations, but don’t have the technical skills to design or even launch these types of cyber-attacks. Therefore, there’s a niche in the market for those who do know how to design a piece of malware to monetize their skills. And this is what the foundations of CaaS are built upon – money and cybercrime.

How exactly does it work, though? And what does it mean for the future of cyber security?

What is CaaS?

Hacking has rarely been referred to as an ‘industry’ despite a few individuals willing to carry out cyber-attacks in exchange for money. However, with CaaS, hacking appears to be turning into an industry which means big bucks and nightmares for computer owners all over the world.

Say, for example, a disgruntled ex-employee wants to sabotage their previous employer’s website to cause disruption to their activities. Now, it’s highly unlikely that this employee would be skilled in the world of cyber-crime, so what would they do? Well, previously they would have tried reading a few online articles about hacking and then given up when they realized how difficult it was.

With the advent of CaaS, though, this ex-employee could easily purchase the software or the execution services of a skilled hacker. Naturally, this is a highly illegal act for both parties, so the resources for these types of services tend to be hidden on the dark web to lower the chances of identification.

Consumers can expect to find malware kits, access to infected computers and even botnet rentals which allow the initiation of Denial of Service attacks. Therefore, it’s somewhat of an Aladdin’s Cave for someone who is looking for quick, easy access to cybercrime e.g. exploit kits can be purchased for just $50 per day and, believe me, they can cause a lot of damage in one day.

What Does CaaS Mean for Hacking?

mobile phone crime concept of thief stealing money when mobile phone is on insecure network

CaaS is making hacking much more accessible for the average computer user whereas, before, it was purely the preserve of those who had the skill to design malicious software and carry out sophisticated attacks. This means that we can expect to see an increase in attacks in the future, so safeguarding your networks is more important than ever.

One of the most troubling aspects of CaaS, though, is that when a service becomes a business it drives competition amongst the vendors. And this means that those hackers who are designing exploit kits and various other hacking tools are going to have to up their game to remain in the market.

Therefore, we’re going to see a rapid evolution in the capabilities of hacking tools, so expect faster and more devastating attacks which are harder to stop. In order to protect yourself from these enhanced attacks you’re going to have to ensure that your cyber security protocols enhance visibility of such attacks and prevent them taking hold of your systems.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


new-hempacks-logo

We like to think that once a cyber-attack takes place that a solution will be found. However, malware is evolving and becoming harder and harder to stop.

In Q1 2016, Kaspersky prevented just over 228 million malware attacks and this is a   figure which has been increasingly rapidly for the last few years. In fact, several years ago, it would have been unlikely to see pushed 228 million malware attacks in an entire year.

Malware, therefore, remains big business for hackers so, naturally, they’re constantly looking to upgrade their weaponry to beat the firewalls and antivirus software we rely on. And it’s a digital arms race which the cyber security experts are struggling to keep up with.

Let’s take a look at why malware is getting harder to stop.

Ransomware Arrives

499979-ransomware-feature

One of the most reported evolutions in the malware landscape has been the rise in ransomware attacks such as Locky.

Ransomware is a form of malware which encrypts users’ files and then demands a ransom to decrypt them. Being a relatively new form of malware, knowledge regarding their build and execution capabilities is somewhat limited, so this is making them particularly difficult to combat.

What’s also crucial to the success of ransomware is that the majority of attacks are routed through anonymous Tor servers which mask the attacker’s true IP address. This means that identifying the hackers becomes very difficult and they’re able to continue operating impeded and improve their malware. And this evolution of existing ransomware is best demonstrated by the Locky Trojan which began as a .DOC file, but is now being identified as a .ZIP archive in order to evade detection.

Targeted Attacks

Malware has, traditionally, followed the same execution regardless of which network it has been deployed upon. However, hacking groups such as Poseidon are now ensuring that their attacks are, after the standard breach, able to customize the attack depending upon the network.

Poseidon maps their victims’ networks and harvests all the available credentials to ensure they can gain the maximum privileges on the network. And the reason for this customized attack is because Poseidon is actively hunting the computer which operates as the local Windows domain controller. If the hackers are able to take control of this computer then they will have free rein over the entire network.

It’s this type of attack which is a cyber-security firm’s worst nightmare as it involves extensive research into the intricacies of individual networks. This is very time consuming and underlines how hackers are actively looking to make themselves more powerful.

Long Term Evolution

adwind-rat-console

One of the biggest problems with Malware is that certain strains are constantly evolving into new strains. The best example of this is the Adwind RAT (remote access tool) which first appeared in 2012 as a tool for online spying.

Originally debuting under the name Frutas, it evolved into Adwind, Unrecom, AlienSpy and JSocket over the next three years. Starting off as a Spanish language piece of software, it soon received an English language interface which allowed it to spread worldwide.

All these changes have allowed the Adwind RAT to enjoy a long career and cause so many cyber-attacks. By actively changing its exterior appearance and name, it has fooled firewalls and antivirus software to leave security experts scratching their heads.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More