backup Archives

Threat actors are determined to harvest as much sensitive data as possible, and the Housing Authority of the City of Los Angeles (HACLA) know all about this.

It’s been revealed that HACLA has recently been attacked by the Cactus ransomware gang. First emerging in early 2023, the Cactus group has gained a reputation for stealing confidential data. Around 260 organizations have been affected by Cactus’ activities in the last year and a half, with no sign of them slowing up. HACLA, unfortunately, has previous form for data breaches, with the LockBit ransomware group gaining access to their IT systems for nearly a full year in 2022.

To help you bolster your organization’s defenses, we’re going to explore the Cactus attack in closer detail.

Cactus Get Prickly with HACLA

With 32,000 public housing units falling under its administration, HACLA is a prime target for any threat actors hungry for personal data. Accordingly, Cactus have struck at the heart of HACLA to harvest significant amounts of data.

Understandably, in order to protect their defenses, HACLA have revealed very little about the attack. They acknowledge that, after becoming aware of suspicious activity, IT professionals were contacted to investigate a possible cyberattack. HACLA’s systems remain operational as of this writing, but they haven’t confirmed exactly what happened or whether any data was stolen.

Cactus, on the other hand, has been more forthcoming with details. Announcing that they’ve managed to steal 891 GB of files from HACLA’s network, Cactus has clearly carried out an audacious attack. The data stolen, as Cactus claims, is highly sensitive and includes personal client details, financial documents, database backups, and correspondence. To demonstrate that they’re not just showboating, Cactus has published screenshots of some of this stolen data. Alongside this, Cactus has also followed up their claims by uploading an archive containing some of the stolen data.

Shielding Your Business from Breach Risks

While it’s currently unclear whether HACLA’s systems or data has been encrypted by ransomware, it’s a very real possibility. Regardless of whether encryption has taken place, the 891 GB of stolen data is a seriously worrying amount of personal data to leak. Therefore, you need to be on your guard against such attacks by practicing the following:

Data Backup Strategy: To minimize the impact of ransomware, it’s always a good idea to carry out regular, automated backups of your data. As well as keeping these backups close to hand on site, it’s crucial that you also keep copies stored on secure, off-site locations such as in the cloud. The 3-2-1 backup method is an excellent strategy to employ in order to keep your data secure and retrievable.
Regular Software Updates: Many data breaches are the result of vulnerabilities being exploited within software. These vulnerabilities allow threat actors to gain a foothold with IT infrastructures and start implementing malware infections or stealing data. Consequently, to plug all of these security holes, you should automate all software updates to optimize the strength of your defenses.
Employee Training: Regular training of your employees, both at the induction stage and through refresher courses, provides your organization with its strongest form of defense. It just takes one wrong click by an employee to expose your entire network, so it’s vital that you can sharpen their cybersecurity skills to secure your IT infrastructure.

For more ways to secure and optimize your business technology, c ontact your local IT professionals.

Snowflake Passwords Leaked Online Due to Malware

default settings, info-stealing malware, malware, multi factor authentication, offline backups, Ophtek, security audits, Snowflakebackup, malware, Ophtek, security, Snowflake, updatesOphtek, LLC

Jul 2024

Snowflake, a cloud data analysis company, has found itself under attack from malware, with the result that its customers passwords have been leaked online.

A leading cloud data platform, Snowflake was founded in 2012 and has experienced a rapid rise in the industry, with its current revenue estimated at $2.8 billion. This success has been founded upon innovative data analytics solutions and a number of leading clients such as Santander, Dropbox, and Comcast. For threat actors, Snowflake represents a tempting target, both in terms of the sheer amount of data they hold and financial value. And this is clearly why Snowflake has been attacked.

With threat actors claiming to have stolen hundreds of millions of customer records from Snowflake environments, the attack is clearly a significant one. Perhaps the most interesting aspect of the attack is that it appears to result from a lack of multi-factor authentication.

Cracking the Snowflake Infrastructure

Live Nation, a popular ticket sales service, was the first company to announce that their stolen data had been hosted on the Snowflake platform. Other Snowflake customers have come forwards to acknowledge a breach but are yet to name Snowflake as the hosts for this data. The attack appears to have been fueled by info-stealing malware, with the attack targeting PCs which had access to their organization’s Snowflake network.

How the initial attack was instigated remains unclear, but Snowflake has revealed that a demo account, protected with nothing more than a username/password combination, had been recently compromised. Whether this gave the threat actors direct access to Snowflake customer accounts is unknown, although it does point towards the threat actors establishing an early foothold. Snowflake has also disclosed that each customer is put in charge of their own security, and multi-factor authentication isn’t automatically enabled. This, Snowflake states, is how threat actors succeeded in hacking the compromised accounts.

Snowflake has advised all of its customers to switch on multi-factor authentication, but it appears to be too late for many. Whole lists of Snowflake customer credentials can be found available on illegal websites, with this data including email addresses alongside username/password combinations. Ticketmaster, another ticket sales platform, has been reported of having close to 560 million customer records compromised. This is a huge data breach, and one which has deservedly earned headlines.

The Importance of Multi-Factor Authentication

For Snowflake to have selected multi-factor authentication as an optional function, rather than a default security measure, is negligent. Regardless of this negligence, it’s also the responsibility of the compromised accounts to double check the available security measures. Therefore, to stay safe in the future, always carry out the following when working with external hosting providers for your data:

Always Check Default Settings: you can’t assume your default security settings are suitable for your organization, so always double check them before going live. For Snowflake customers, understanding multi-factor authentication wasn’t in place as default, could have avoided these data breaches.
Regular Security Audits: check with your hosts that regular security audits and penetration testing forms part of your agreement. These tests can help identify vulnerabilities and allow you to implement security measures, protecting the security of your network and data.
Schedule Offline Backups: while cloud computing offers fantastic benefits for backups, you should never rely solely on cloud networks. Instead, utilize offline backups as part of your backup strategy. These can be kept on site and, in the case of a network breach, will remain off-limits to external threat actors and ensure your data is preserved.

For more ways to secure and optimize your business technology, contact your local IT professionals.

The Best Ways to Secure Your Digital Documents

Backup, Data Breach, Data Security, digital documents, Ophtek, password protection, strong passwords, windows encryptionbackup, digital documents, Ophtek, password protection, security, strong passwords, vulnerability, windows encriptionOphtek, LLC

May 2024

Every business relies on digital documents, but the threat of data breaches and cyberattacks mean these documents must be correctly secured.

There are many types of documents a business uses daily such as Word, Excel, PDF, and digital images. All of these can contain sensitive information, and it’s no surprise threat actors want to get their hands on them. Not only can a threat actor use these to compromise other accounts, but they can cause real financial damage with them. Accordingly, it makes sense to secure your organization’s digital documents to keep them safe.

Securing Your Digital Documents

Your business may contain numerous files in different locations, but the good news is that securing all of them is straightforward. Just make sure you follow these best practices:

Password Protection: the simplest way to secure your digital documents is by implementing password protection. A common security measure for decades, passwords put a major barrier in the way of unauthorized access. Not all files can be password protected, but common files such as Microsoft 365 documents and Adobe PDF documents can.
Use Strong Passwords: central to good password protection is strong passwords. Never use passwords which are easy to guess e.g. using “password” or “admin”. Instead, always use passwords which combine upper and lower case characters with numbers and symbols. It’s also recommended that passwords are longer than 8 characters and different passwords should be used for different documents.

Restrict Access: it’s important to remember not every employee needs access to every single file within your organization. Your marketing team, for example, doesn’t need access to your finance team’s documents and vice-versa. Accordingly, you need to restrict access to only those who need it. The best way to achieve this is by setting up ‘restricted’ drives for each team to store their department-specific documents.
Use Windows Encryption: compromised devices present a goldmine of data for threat actors, but it’s possible to avoid this disaster by encrypting your devices. Yes, if you’re running Windows 10/11 Pro or Enterprise versions, it’s possible to encrypt data and provide access only to those with authorization. This is easy to put in place and, if Windows encryption is not available on the device, you may still be able to use BitLocker encryption to encrypt it.
Always Create Backups: in the event of a ransomware attack, your organization could find all of its documents encrypted and inaccessible. This is why creating backups is the surest way to enhance the security of your digital documents. The preferred method for executing this is with the 3-2-1 backup method, as this provides you with multiple copies in different locations. Complete loss of your data is minimized and there’s no need to pay any ransom fees.

Final Thoughts

All it takes is for a single file to be compromised by threat actors to cause major damage, so it’s crucial that you prioritize securing your digital documents. Putting the suggestions above into practice is relatively easy, and it ensures your data remains safe. So, don’t delay, secure your digital documents today and benefit from the peace of mind it provides.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Healthcare Organizations Targeted by new Lazarus Attack

Backup Strategies, Data Security, Lazarus, North Korea, Ophtek, Phishing, QuiteRATbackup, North Korea, Ophtek, phishing, QuiteRAT, security, updatesOphtek, LLC

Oct 2023

Healthcare organizations across the United States and Europe have recently found themselves targeted by Lazarus, the North Korean hacking group.

Lazarus, who are believed to have ties to the North Korean government, are well known in the world of cybersecurity. In 2022, Lazarus were rumored to have stolen a total of $1.7 billion worth of cryptocurrency across the year. So, yes, Lazarus is a force to be reckoned with. As their latest attack targets organizations rich in sensitive data, it’s important to understand their methods and determine the lessons that can be learned.

What Is Lazarus’ Latest Campaign?

At the heart of this new attack by Lazarus is the ManageEngine ServiceDesk. This management suite is used to help organizations manage their entire IT infrastructure. From networks and servers through to mobile devices and applications, ManageEngine helps make life easier for IT teams. It’s a highly popular management suite, with numerous Fortune 100 businesses implementing it. For healthcare organizations, it’s a crucial service which allows them to stay productive and support their IT systems.

However, as with all, applications, ManageEngine is not 100% secure. The CVE-2022-47966 vulnerability, which was discovered in January 2023, was first exploited by threat actors in February of the same year. This vulnerability allowed the deployment of QuiteRAT, a new and complex brand of malware. QuiteRAT let the threat actors steal data relating to the compromised device and, cleverly, allowed QuiteRAT to “sleep” in order to appear dormant and stay off the radars of security professionals.

Another part of the attack also involves a new strain of malware dubbed CollectionRAT, which has the ability to perform typical remote access trojan tasks such as executing commands on a compromised system. As with previous campaigns, this latest strike utilizes many of the trademark Lazarus tactics and innovations. For example, by using open-source tools to create CollectionRAT, the threat actors are able to launch their attacks more quickly and without raising the alarm immediately.

How Do You Protect Your Organization from Lazarus?

Naturally, the most obvious way to protect your IT infrastructure from Lazarus is to be prompt with installing software patches. Lazarus appears to have infiltrated these healthcare organizations due to a known vulnerability, so patching any holes within your IT systems is essential. Luckily, many updates, such as Windows, can be set to automatic and ensures that your applications are as secure as they can be.

Hacking groups, however, don’t rely solely on vulnerabilities to launch their attacks. In fact, they will deploy almost every technique you can think of to launch an attack. The best practices to stay safe from these are:

Create backups: when confronted with any form of malware, there’s a good chance that your business data will be at risk or being compromised or even permanently erased. Therefore, it’s important that your organization creates regular backups to preserve your data and productivity. One of the most comprehensive methods you should use is the 3-2-1 backup method.
Educate your staff on phishing: staff awareness of phishing is crucial due to the rising risk of phishing and social engineering attacks. Recognizing the telltale signs of a phishing email prevents the chances of data breaches and compromised credentials. This will result in a securer IT landscape for your organization and protect your networks and data.

For more ways to secure and optimize your business technology, contact your local IT professionals.

5 Easy Ways to Improve Your Organization’s Cybersecurity

Backup, cyber attacks, cybersecurity, Ophtek, secure WIFI, Training, two-factor authentication, VPNbackup, Cyber Attacks, Cybersecurity, Ophtek, secure WIFI, Training, two factor authentification, VPNOphtek, LLC

Oct 2023

With cyber-attacks showing no signs of slowing up, it’s more important than ever before to make sure your organization’s IT systems are protected.

Luckily, this doesn’t necessarily involve huge amounts of investment. In fact, some of the most effective ways to protect your IT infrastructure are the simplest. But not ever business realizes this, and this is why so many find themselves falling victim to cybercriminals. Therefore, it’s crucial that you start implementing the best solutions for protecting your organization.

How Do You Keep the Cybercriminals at Bay?

To help you get started with securing your defenses, we’ve put together 5 easy ways to improve your organization’s cybersecurity:

Two-factor authentication: passwords are an amazing method of protection, and this is why they have been used as a security measure for decades. However, a breached password is of little use when it comes to securing your IT systems. Therefore, implementing two-factor authentication should be a major priority. This extra layer of security involves a user receiving a unique code – via registered text or email – to confirm their identity after entering their login credentials. This means that, even if a password is stolen, there is a further security hurdle to overcome.

Training as a team: training sessions are essential when it comes to educating your staff on the dangers of malware and threat actors. However, one-to-one IT induction processes aren’t enough. You also need to develop programs which train your team as a whole. Studies have shown that group learning is more effective and this is exactly what you need when building your IT defenses.

Secure your networks with a VPN: one of the best ways to protect your organization’s data and internet connections is by using a virtual private network (VPN). A VPN establishes secure connections between remote employees and the organization’s network, maximizing data privacy and preventing data breaches. It does this by encrypting data transmissions, shielding sensitive information from hackers, and preventing unauthorized access. Combined with tunneling protocols and authentication mechanisms, a VPN will help you create a secure digital barrier.

Create backups: many cyberattacks, particularly ransomware campaigns, focus on stealing and restricting access to data. This is why backups should form a major part of your IT defenses. By creating multiple backups – see our guide to the 3-2-1 backup method – you are essentially creating a safety net for your business in the event of a data breach. While it may not mitigate every negative impact of a data breach – such as customer data being leaked – it will minimize the risks of data loss.

Secure your Wi-Fi network: there’s absolutely no need for your Wi-Fi network to be publicly visible. By advertising the presence of your Wi-Fi network, you are inviting threat actors to test your defenses. Therefore, you need to not only secure and encrypt your Wi-Fi network, but also hide it from public view. This can be achieved by instructing your router to never broadcast its network name, also known as the Service Set Identifier (SSID).

For more ways to secure and optimize your business technology, contact your local IT professionals.

1 2 3 … 7 Next »

Tag Archives: backup