Security Firms Unite to Help Ransomware Victims

The website, nomoreransom.org, began as an offshoot of the collaboration between McAfee, Europol, the Dutch National Police and Kaspersky one year ago. Since that time the site has grown to represent the collaborative efforts of over 109 security and law enforcementpartners including Konsultek partners Checkpoint according to the website ZDNet.com.

Popularity Exceeds Forecast

When pioneering partner and chief scientist at McAfee, Raj Samani, set out to find hosting for the fledging site he figured that it would become popular because of its subject matter but his estimates of just how popular were way too low.

“Part of my responsibility was to find a hosting provider and I remember at the time I was asked how many HTTPs requests do you think you’ll get a day and I thought 12,000 a day would be reasonable,” says Samani.”

To put things in perspective, during the peak of the WannaCry incident the site received more than 8 million hits!

Open Collaborative Sharing and Free Hosting from AWS

What has made nomoreransom.org so successful and such a thorn in the sides of aspiring ransomers is the fact that there are so many partners, each with different perspectives and insights and they are all sharing information freely for the greater good of all. Another huge benefit is that while law enforcement agencies are frequently hampered by the nature of their bureaucracies and the rule of law when they want to act directly, by cooperating with the other partners in the group such as security companies they can effect change more quickly.

AWS is supporting the project by hosting the website (and the enormous amount of traffic and bandwidth) for free. Nice job Amazon!

On the flipside, security firms can’t seize an identified botnet by themselves but by collaborating with law enforcement agencies that can, they now have a more direct path to taking down bad actors.

A Model Similar to Konsultek’s

Konsultek collaborates with the best security companies in the world like Checkpoint, CarbonBlack, Aruba, Forescout and others to develop security solutions that no single company alone could provide by themselves. If it is time for your organization to step up to world class security solutions then by all means give us a call!

 

GhostCtrl Android Malware is Downright Scary

Remember that time you let your tween borrow your phone and they “helped” you out by downloading WhatsApp for you? Well let’s hope what they downloaded was a legitimate copy of the app from a legitimate source or you may now be unwittingly sharing way more of your personal life with total strangers than you ever thought possible!

Dubbed GhostCtrl by the researchers at Trend Micro who first caught it in the wild, this nasty little malware beast, which typically masquerades as popular apps such as WhatsApp and Pokémon Go can give the hackers who unleashed it unprecedented control over a victim’s device.

A Rapidly Evolving Scary Ghost

GhostCtrl continues to evolve and there are at least 3 versions operating in the wild right now.  The first iteration steals information and controls some of the devices function, the second added the ability to hack more features and according to Trend Micro, “The third iteration combines the best of the earlier versions’ features—and then some.”

Based upon clues in its source code, GhostCtrl appears to be a scion of OmniRAT, the commercially sold Remote Access Tool that allows the takeover of Windows, Linux and Mac systems with the push of an Android button.

You Will Obey My Commands

Like some evil hypnotist, GhostCtrl can make the victim’s device do virtually anything the hacker wants it to do by sending commands from a remote control server.

Here is a partial but frightening list of those commands:

  • ACTION CODE =10, 11: Control the Wi-Fi state
  • ACTION CODE= 34: Monitor the phone sensors’ data in real time
  • ACTION CODE= 37: Set phone’s UiMode, like night mode/car mode
  • ACTION CODE= 41: Control the vibrate function, including the pattern and when it will vibrate
  • ACTION CODE= 46: Download pictures as wallpaper
  • ACTION CODE= 48: List the file information in the current directory and upload it to the C&C server
  • ACTION CODE= 49: Delete a file in the indicated directory
  • ACTION CODE= 50: Rename a file in the indicated directory
  • ACTION CODE= 51: Upload a desired file to the C&C server
  • ACTION CODE= 52: Create an indicated directory
  • ACTION CODE= 60: Use the text to speech feature (translate text to voice/audio)
  • ACTION CODE= 62: Send SMS/MMS to a number specified by the attacker; the content can also be customized
  • ACTION CODE= 68: Delete browser history
  • ACTION CODE= 70: Delete SMS
  • ACTION CODE= 74: Download file
  • ACTION CODE= 75: Call a phone number indicated by the attacker
  • ACTION CODE= 77: Open activity view-related apps; the Uniform Resource Identifier (URI) can also be specified by the attacker (open browser, map, dial view, etc.)
  • ACTION CODE= 78: Control the system infrared transmitter
  • ACTION CODE= 79: Run a shell command specified by the attacker and upload the output result

With this type of control the hackers can choose to be a nuisance, ransomer, evil spy or blackmailer depending upon their motives.

Scared? Who ya Gonna Call?

When it comes to mobile security, BYOD security and Network security our engineers are real life “ghost” busters who can develop comprehensive and holistic security solutions for your organization. So, who ya gonna call? Call Konsultek!

 

Two Multinationals See Earnings Drop Because of Petya Cyber Attack

Last Thursday within hours of one another two huge consumer multinationals announced that their second quarter earnings would be negatively impacted because of Petya based cyber-attacks.

According to the Financial Times, Mondelez International, purveyors of confections including Cadbury chocolates and Oreo cookies announced their financial pruning just a few hours after UK-based consumer goods conglomerate Reckitt Benckiser had announced theirs.

Petya Having a Greater Impact than Wanna Cry

If you were to look at a map of the distribution of Wanna Cry vs Petya you might think that Wanna Cry would be having the larger negative impact on global enterprises. However, this is turning out not to be the case, with Petya causing far more turmoil within large corporations because files are vanquished, not held for ransom.

From the Financial Times

“Cyber security experts dealing with the attack, which started in Ukraine, have advised stricken clients there is no hope of recovering infected systems. Unless organisations have backups of encrypted data, it is lost for good, they have warned. Western security officials say the severity of Petya’s impact points to its true purpose: not monetary gain, but pure destruction. Researchers at many of the world’s largest cyber security firms — including FireEye, Talos, ESET, Symantec and Bitdefender — have come to the same conclusion. “We believe with high confidence that the intent of the actor behind [Petya] was destructive in nature and not economically motivated,” Talos, the cyber security arm of Cisco told clients this week.”

Security Needs a Holistic Approach

What’s next? No one knows for certain, but with the NSA’s bag of tricks having been released into the wild a little under a year ago you can bet that the number and potency of attacks is only going to get worse. A holistic approach to security that includes encrypted data backup is going to become de ri·gueur.

At Konsultek we assess each client’s needs and develop security solutions that meet those needs in the most economical way possible. If this sounds like a sensible approach to security to you, give us a call to discuss your particular situation.

 

UK Classifies Cyber Crime as a Crime of Prosperity

In a recently released report on crime in the United Kingdom, the UK’s National Crime Agency breaks serious and organized crime into three principle categories, Vulnerabilities, Prosperity and Commodities.

A Crime of Prosperity

According to the National Strategic Assessment of Serious and Organised Crime, Cyber Crime, once a relatively benign area of crime whose offenders were solo techno-geeks has matured into a full-fledged organized crime alongside activities such as:

  • Money Laundering
  • Fraud and Other Economic Crime
  • Bribery, Corruption and Sanctions Abuse.

Cyber Crime and Technology Enable Fraud

The report notes that fraud in the UK is increasing and it is estimated that losses could be as much as GBP 193 billion. UK residents are now more likely to be a victim of fraud than any other type of crime. The use of malware and phishing emails to obtain customers’ details is a key driver of fraud.  And, it is probable that new technology value transfer methods (you have to love how the British can make even hacking sound cool!) will increase in criminal use as their popularity for legitimate use increases.

Cyber Crime In the UK Similar the USA

It is interesting to note that the findings of this report, specific to the UK, are quite similar to what we are experiencing in the USA. For example, the most competent cyber criminals are moving towards targeting businesses as the potential for higher returns on investment is much greater. Readily available hacking toolkits and ransomware are making it easier for less sophisticated individuals and organizations to enter the cyber crime space.

Some Businesses Stockpiling Bitcoins

One very interesting finding in the report that I have never seen documented anywhere else is their finding #79…

“79. A survey of security professionals by industry identified that some businesses are stockpiling bitcoins in anticipation of a ransomware attack. Ransomware has become one of the most profitable malware types in history. Its success is best illustrated by the sharp increase of varieties in the marketplace.”

Konsultek Knows Security

Konsultek’s UK office enables us to respond to the needs of our European clients quickly and efficiently. So whether your organization is located in the UK or continental Europe our expertise is ready to be deployed to help your organization become more secure.

 

Too Smart to Fall for a Phishing Ruse? Think Again!

Ever wonder how stupid or careless someone has to be to be fooled by a phishing scam? Well, according to research conducted by a group of German experts, virtually anyone can be fooled.

In their study “Unpacking Spear Phishing Susceptibility” the researchers showed that although email  phishing scams get more publicity, Facebook scams would appear to be more effective.

“By a careful design and timing of a message, it should be possible to make virtually any person click on a link, as any person will be curious about something, or interested in some topic, or find themselves in a life situation that fits the message’s content and context.”

The Goal of the Study

The researchers, sensing there was a dearth of research related specifically to spear phishing decided to create a study that would fill the gap. They constructed a study that would explore the differences in delivery medium effectiveness (Facebook vs. email) while at the same time quantify the personal motivations that led to people either clicking on the phishing link, or just as importantly, not clicking on the link.

The Phishing Scam

The selected participants were sent a phishing link either as part of an email or a personal Facebook message from fake, non-existing person. The message claiming the link led to pictures from a party.

Facebook Gets 2X Clickthrough Rate

As Table 2 shows, when the same phishing message is presented via Facebook as compared to email individuals are over 2X more likely to click on the link and begin the phishing process.

Source:  Zinaida Benenson, Robert Landwirth, Friedrich-Alexander-Universitat, Freya Gassmann, Universitat des Saarlandes

 

Why Did They Click?

Source:  Zinaida Benenson, Robert Landwirth, Friedrich-Alexander-Universitat, Freya Gassmann, Universitat des Saarlandes

Why Didn’t They Click?

Just as important to the researcher’s was attempting to understand why people didn’t click. Here is what they found.

Source:  Zinaida Benenson, Robert Landwirth, Friedrich-Alexander-Universitat, Freya Gassmann, Universitat des Saarlandes

How Can Konsultek Help?

Whenever humans are involved there are going to be errors in judgement and successful phishing. That’s why all of our custom security solutions take a holistic approach to network security using a proven model of intrusion prevention, detection and mitigation. When you are ready to take your network security to the next level, give us a call.

 

Chipotle Breach Affects More than 100 Illinois Locations

Last week Chipotle completed its investigation into the breach they initial reported on in late April.

The breach, which took place during the time period March 24, 2017 and April 18, 2017, has been attributed to malware that infected the POS systems at Chipotle locations around the country.

What Information Was Lost?

According to Chipotle’s public release, “the malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device.”

Illinois Locations Affected

If you visited any of the Chipotle locations below between March 24, 2017 and April 18, 2017 there is good reason to believe your data may have been compromised.

  • Addison: 1078 N. Rohlwing Rd.
  • Algonquin: 412 N. Randall Road
  • Arlington Heights: 338 E. Rand Road
  • Aurora: 848 N. Route 59, 2902 Kirk Road, 1480 North Orchard Road
  • Berwyn: 7140 W. Cermak Road
  • Bloomingdale: 396 W. Army Trail Road, 170 E. Lake St.
  • Bloomington: 305 N. Veterans Parkway
  • Bolingbrook: 274 S. Weber Road
  • Bourbonnais: 1601 Route 50
  • Champaign: 903 W. Anthony Drive, 528 East Green Street
  • Chicago:(Over 50 Locations) Visit Chipotle for full list
  • Cicero: 2201 S. Cicero Ave.
  • Countryside: 5801 S. La Grange Road
  • Crestwood: 13340 S. Cicero Ave.
  • Crystal Lake: 5006 Northwest Highway
  • Deerfield: 675 Deerfield Road
  • DeKalb: 2383 Sycamore Road, 1013A W. Lincoln Highway
  • Downers Grove: 1556A Butterfield Road, 1203 W. Ogden Ave
  • East Peoria: 300 W. Washington St.
  • Effingham: 1207 Keller Drive
  • Elk Grove Village: 910 Elk Grove Town Center
  • Elmhurst: 353 S. Route 83, 139 York Road
  • Evanston: 711 Church St.
  • Fairview Heights: 6415 N. Illinois St.
  • Frankfort: 11129 W. Lincoln Highway
  • Geneva: 1441 S. Randall Road
  • Glen Ellyn: 695 Roosevelt Road
  • Glenview: 3846 Willow Road, 2341 Willow Road
  • Gurnee: 6040 Gurnee Mills Boulevard
  • Highland Park, 1849 Green Bay Ave.
  • Hoffman Estates: 4600 Hoffman Boulevard, 15 E. Golf Road
  • Homer Glen: 14114 S. Bell Road
  • Homewood: 17700 Halsted St.
  • Joliet: 2848 Plainfield Road, 2609 W. Jefferson St.
  • Kildeer: 20505 N. Rand Road
  • La Grange: 40 N. La Grange Road
  • Lake Bluff, 945 Rockland Road
  • Libertyville: 139 N. Milwaukee Ave.
  • Lincolnshire: 950 Milwaukee Ave.
  • Lincolnwood: 7150 N. McCormick Ave.
  • Machesney Park: 1570 W. Lane Road
  • Matteson: 4815 W. 211th St.
  • McHenry: 2304 Richmond Road
  • Melrose Park: 1401 W. North Ave.
  • Mokena: 19130 S. LaGrange Road
  • Moline: 3941 41st Avenue Drive
  • Mount Prospect: 102 E. Kensington Road
  • Naperville: 2856 Route 59, 22 E. Chicago Ave, 1516 North Naper Boulevard
  • Niles: 8480 W. Golf Road
  • Normal: 701 S. Main St, 1601 E. College Ave.
  • Norridge: 4234 N. Harlem Ave.
  • Northbrook: 786 N. Skokie Boulevard
  • Oak Brook: 2103 Clearwater Drive
  • Oak Lawn: 6230B W. 95th St., 11018 S. Cicero Ave.
  • Oak Park: 1128 W. Lake St.
  • Oak Brook: 18W050 22nd St.
  • Ontario: 291 E. Ontario
  • Orland Park: 15240 S. LaGrange Road: 2432 Route 34
  • Oswego: 2432 Route 34
  • Palatine: 781 E. Dundee Road
  • Park Ridge: 119 S. Northwest Highway
  • Peoria: 4512 N. Sterling Ave.
  • Plainfield: 12720 S. Route 59
  • Rockford: 751 S. Perryville Road
  • Rolling Meadows: 1211 Golf Road
  • Romeoville: 253 S. Weber Road
  • Rosemont: 7020 N. Manheim Road
  • Round Lake Beach: 1936 N. Route 83
  • Schaumburg: 601 N. Martingale Road, 2570 W. Schaumburg Road
  • Skokie: 9408 Skokie Boulevard, 5373 Touhy Ave.
  • South Elgin: 348 Randall Road
  • Springfield: 2579 Wabash Ave.
  • St. Charles: 3821 Main St.
  • Tinley Park: 15980 S. Harlem Ave.
  • Vernon Hills: 375 N. Milwaukee Ave.
  • Villa Park: 298 W. North Ave.
  • Warrenville: 28251 Diehl Road
  • Waukegan: 940 S. Waukegan Road
  • West Dundee: 201 N. 8th St.,
  • Westmont: 300 E. Ogden Ave.
  • Wheaton: 811 E. Butterfield Road, 2119 W. Roosevelt Road
  • Wheeling: 1572 W. Lake Cook Road
  • Willowbrook: 7173 Kingery Highway

Affected? What Do You Do Now?

Since the exact time frame of the breach varies by location you should visit here, scroll to the bottom of the page and fill in the locations you may have visited during the broader time frame.  If you find that you are indeed the likely victim of a breach you can follow the directions from Chipotle regarding account monitoring and identity protection.

Here is the overview of what Chipotle advises…

“It is always advisable to remain vigilant to the possibility of fraud by reviewing your payment card statements for any unauthorized activity. You should immediately report any unauthorized charges to your card issuer because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner.  The phone number to call is usually on the back of your payment card.  Please see the section that follows this notice for additional steps you may take.”

 

Hackers Stoop to New Lows and Publish Plastic Surgery Images

Having your sensitive information held for ransom is never good. But what if your sensitive data were the before and after pictures of tens of thousands of plastic surgery patients that had entrusted their bodies, faces and privacy to your clinic?

How much ransom would you pay to keep your patients most intimate secrets private? That is exactly the dilemma facing the Lithuainian based Grozio Chirurgija clinic and its director Jonas Staikunas according to the BBC. And apparently the ransom demanded was more than the director was willing to pay…

 

“An Outrageous Fee”

The breach, perpetrated by the Tsar Team, this April was quickly followed up with a ransom demand the group called “a small penalty fee” – 344,000 Euros – for having a vulnerable network.

On Tuesday this week the images were made public after the clinic refused to pay the ransom. On or about the same time, the hackers started contacting individuals with compromised images directly demanding smaller, single serving ransoms of up to $2,000 Euro.  Tsar Team has also lowered the demands for the whole database to 133,500 Euro stating “a lot of people have paid us to delete their data.”

Medical Facilities Will Continue to be Targeted

With their highly sensitive and personal data, as well as life-support systems ripe for extortion, medical facilities will continue to be targeted by opportunistic cyber-thieves looking to cash in. The recent ransoms of the MedStar Health Network and the Hollywood Presbyterian Medical Center in Los Angeles are just two of the more well publicized breaches. On the heels of WannaCry, you can bet there will be more.

Konsultek Can Help

Our custom security solutions for the medical industry help eliminate the vulnerabilities cyber-criminals use to gain access to sensitive data. So, if you don’t “wanna cry” over lost records or ransoms, please give us a call. Our experienced team is ready to help get your network secure and make sure you never have to cry or shed a tear again!

 

Symantec Report Provides Insights into Top 10 Most Hacked Industries

Symantec’s 2017 Internet Security Threat Report (ISTR) lists the Services Industry at the top of its 2016 list of most hacked industries followed by Finance, Insurance, & Real Estate. These two industries were at the top of the list for 2015 showing that their popularity with cyber-criminals has not waned.

Drilling down to a more granular level we see that specifically, Business Services and Health Services top the charts. Given the strict reporting requirements in the healthcare segment it is really no surprise to see this niche at the top of the list. Business Services, a still rather broad sub-niche, tops the list accounting for nearly a quarter of all incidents.

Some Historical Perspective

According to Symantec’s data, by the end of 2016 over 7 billion identities have been stolen over the last 8 years! That is nearly 1 identity for every single living person on the planet.

Looking at just the past 3 years, the trend in breach and data loss looks like this:

At first glance 2015’s Identities Stolen figure might seem like a misprint with approximately half the identities stolen as compared to 2014 and 2016. But as the chart below shows, major breaches just on either side of 2015 led to the spikes in its neighboring years.

2014 of course reflects both the Home Depot and Target breaches while 2016 includes the mega breach of Friend Finder Networks.

You have a friend in Konsultek

No matter what your industry or your business size, Konsultek can help you secure your business network and data. Our custom solutions are both robust and cost effective and our suite of managed services give even the smallest organizations access to world class security solutions with little to no capital expense. Gives us a call and learn more about our free vulnerability assessments.

Symantec’s 2017 Internet Security Threat Report (ISTR) lists the Services Industry at the top of its 2016 list of most hacked industries followed by Finance, Insurance, & Real Estate. These two industries were at the top of the list for 2015 showing that their popularity with cybercriminals has not waned.

 

Drilling down to a more granular level we see that specifically, Business Services and Health Services top the charts. Given the strict reporting requirements in the healthcare segment it is really no surprise to see this niche at the top of the list. Business Services, a still rather broad sub-niche, tops the list accounting for nearly a quarter of all incidents.

Some Historical Perspective

According to Symantec’s data, by the end of 2016 over 7 billion identities have been stolen over the last 8 years! That is nearly 1 identity for every single living person on the planet.

Looking at just the past 3 years, the trend in breach and data loss looks like this:

At first glance 2015’s Identities Stolen figure might seem like a misprint with approximately half the identities stolen as compared to 2014 and 2016. But as the chart below shows, major breaches just on either side of 2015 led to the spikes in its neighboring years.

2014 of course reflects both the Home Depot and Target breaches while 2016 includes the mega breach of Friend Finder Networks.

You have a friend in Konsultek

No matter what your industry or your business size, Konsultek can help you secure your business network and data. Our custom solutions are both robust and cost effective and our suite of managed services give even the smallest organizations access to world class security solutions with little to no capital expense. Gives us a call and learn more about our free vulnerability assessments.

While WannaCry is Making Headlines Docusign Breach Quietly Endangers Users

Rather than write the 1000th post about WannaCry (although our Partners at Proofpoint, their Engineer Darien Huss and a fellow called MalwareTech deserve a serious shout-out from the world for stopping WannaCry) I decided to cover something with potentially huge financial implications that has virtually gone under the radar by comparison.

While WannaCry was grabbing the cybersecurity headlines for the week, it turns out that online signature giant DocuSign was more quietly and in a rather methodical fashion, publicly disclosing the details of a significant and serious cyberbreach themselves.

Here’s an abbreviated timeline of what we know so far from DocuSign themselves.

Update 5/9/2017 – Malicious Email Campaign

DocuSign is tracking a malicious email campaign where the subject reads: “Completed: docusign.com – Wire Transfer Instructions for recipient-name Document Ready for Signature”.

The email contains a link to a downloadable Word Document which is designed to trick the recipient into running what’s known as macro-enabled-malware.

Update 5/15/2017 – Malicious Email Campaign

DocuSign is tracking a malicious email campaign where the subject reads: Completed *company name* – Accounting Invoice *number* Document Ready for Signature;The email contains a link to a downloadable Word Document which is designed to trick the recipient into running what’s known as macro-enabled-malware.

These emails are not associated with DocuSign. They originate from a malicious third-party using DocuSign branding in the headers and body of the email. The emails are sent from non-DocuSign-related domains including dse@docus.com. Legitimate DocuSign signing emails come from @docusign.com or @docusign.net email addresses.

Update 5/15/2017 – Latest update on malicious email campaign

Last week and again this morning, DocuSign detected an increase in phishing emails sent to some of our customers and users – and we posted alerts here on the DocuSign Trust Site and in social media. The emails “spoofed” the DocuSign brand in an attempt to trick recipients into opening an attached Word document that, when clicked, installs malicious software. As part of our process in response to phishing incidents, we confirmed that DocuSign’s core eSignature service, envelopes and customer documents remain secure.

However, as part of our ongoing investigation, today we confirmed that a malicious third party had gained temporary access to a separate, non-core communication system used for service-related announcements that contained a list of email addresses. A complete forensic analysis has confirmed that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.

Update 5/16/2017 @ 8:55 Pacific Time – Key Update on Malicious Campaign

Q: Have the email addresses of my employees, customers or customers’ customers been exposed as part of this incident?
A: As part of our ongoing investigation, we can now confirm that no signers were on the list of email addresses that was accessed maliciously unless they had signed up for a DocuSign account. That could include direct DocuSign customers; someone who signed a document and elected to open a DocuSign account; or someone who signed up for a DocuSign freemium account – via docusign.com, through a partner integration, or via the DocuSign mobile client.

Update 5/17/2017 @ 1:02 PM Pacific Time – New Phishing Campaign Discovered Today

DocuSign has observed a new phishing campaign that began the morning of May 16 (Pacific Time). The email comes from “dse@dousign.com” with the subject “Legal acknowledgement for <person> Document is Ready for Signature” and it contains a link to a malicious, macro-enabled Word document. We suggest you do not open this email, but rather delete it immediately.

The Ultimate Phishing Scam?

This may very well be the ultimate spear phishing campaign. While the number of email addresses compromised has not been disclosed, we can assume it is A LOT and a considerable portion of those affected routinely use DocuSign multiple times a month, if not weekly or daily. Since DocuSign emails are both expected and “trusted” we can only further assume that these phishing campaigns are being effective. No official report on just how effective, so far, but perhaps we’ll get an update further details emerge.

It seems likely that this scam will continue for a very long time given that DocuSign reportedly has 100 million users.

The Lesson You Can Learn

“However, as part of our ongoing investigation, today we confirmed that a malicious third party had gained temporary access to a separate, non-core communication system used for service-related announcements that contained a list of email addresses.” (Emphasis added)

The lesson to be learned here is that in today’s world no part of your network can be considered “non-core” when it comes to security. If the data is worth saving within your network, it is worth protecting!

Konsultek and Its Partners

Konsultek and its partners like Proofpoint, CheckPoint, ForeScout, CarbonBlack and many others work together to build custom security solutions for businesses of all sizes in all markets. When you’re ready to learn about your network vulnerabilities and how to correct them please give us a call.

 

Cyber-Espionage Exploding in Education Services Sector

There has been a major shift in the type of breach incident happening in the education services sector according to the Verizon 2017 Data Breach Investigations Report.

Can you spot the shift in the graphic below?

Source: Verizon 2017 DBIR

Cyber-Espionage has exploded since mid-2012! That’s right, because of the cutting-edge research that happens at many colleges and universities they have become a target for state-sponsored hacking.

As Verizon puts it…

“So college isn’t just pizza and tailgates—research studies across myriad disciplines conducted at universities put them in the sights of state-affiliated groups.”

So while of course the personal information of students and faculty were commonly extracted during breaches (a little more than half of all breaches) intellectual property losses were tied to a little more than a quarter of all breaches.

Targeted or Random Acts of Unkindness?

The evidence is clear that state-sponsored hacking and some criminal, profit based hacking is specifically targeting the hallowed halls of our academic institutions.

How do They do it?

Good question. Here is the answer in a graphic from the Verizon report.

Phishing email was the predominant threat vector in the social category while the use of stolen credentials was the dominant hacking technique. One interesting thing to note is the number of incidents involving Social and one or more other vector.

How Would You Like to Get a Threat Vulnerabilty Education for FREE?

At Konsultek we believe an educated client is the best client. That’s why we offer a variety of free vulnerability assessments to help you determine both your risk exposure and the likelihood of that exposure in regards to the veracity of your current security measures. Who would you rather educate you, the good guys at Konsultek or the bad guys out in the wild? Well, what are you waiting for? Pick up the phone and give us a call today so we can get your vulnerability assessment scheduled ASAP!

 

© Copyright 2018 Konsultek