Category: Cyber Attacks

Two Multinationals See Earnings Drop Because of Petya Cyber Attack

Posted on by konweb

Last Thursday within hours of one another two huge consumer multinationals announced that their second quarter earnings would be negatively impacted because of Petya based cyber-attacks.

According to the Financial Times, Mondelez International, purveyors of confections including Cadbury chocolates and Oreo cookies announced their financial pruning just a few hours after UK-based consumer goods conglomerate Reckitt Benckiser had announced theirs.

Petya Having a Greater Impact than Wanna Cry

If you were to look at a map of the distribution of Wanna Cry vs Petya you might think that Wanna Cry would be having the larger negative impact on global enterprises. However, this is turning out not to be the case, with Petya causing far more turmoil within large corporations because files are vanquished, not held for ransom.

From the Financial Times

“Cyber security experts dealing with the attack, which started in Ukraine, have advised stricken clients there is no hope of recovering infected systems. Unless organisations have backups of encrypted data, it is lost for good, they have warned. Western security officials say the severity of Petya’s impact points to its true purpose: not monetary gain, but pure destruction. Researchers at many of the world’s largest cyber security firms — including FireEye, Talos, ESET, Symantec and Bitdefender — have come to the same conclusion. “We believe with high confidence that the intent of the actor behind [Petya] was destructive in nature and not economically motivated,” Talos, the cyber security arm of Cisco told clients this week.”

Security Needs a Holistic Approach

What’s next? No one knows for certain, but with the NSA’s bag of tricks having been released into the wild a little under a year ago you can bet that the number and potency of attacks is only going to get worse. A holistic approach to security that includes encrypted data backup is going to become de ri·gueur.

At Konsultek we assess each client’s needs and develop security solutions that meet those needs in the most economical way possible. If this sounds like a sensible approach to security to you, give us a call to discuss your particular situation.

 

Chipotle Breach Affects More than 100 Illinois Locations

Posted on by konweb

Last week Chipotle completed its investigation into the breach they initial reported on in late April.

The breach, which took place during the time period March 24, 2017 and April 18, 2017, has been attributed to malware that infected the POS systems at Chipotle locations around the country.

What Information Was Lost?

According to Chipotle’s public release, “the malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device.”

Illinois Locations Affected

If you visited any of the Chipotle locations below between March 24, 2017 and April 18, 2017 there is good reason to believe your data may have been compromised.

  • Addison: 1078 N. Rohlwing Rd.
  • Algonquin: 412 N. Randall Road
  • Arlington Heights: 338 E. Rand Road
  • Aurora: 848 N. Route 59, 2902 Kirk Road, 1480 North Orchard Road
  • Berwyn: 7140 W. Cermak Road
  • Bloomingdale: 396 W. Army Trail Road, 170 E. Lake St.
  • Bloomington: 305 N. Veterans Parkway
  • Bolingbrook: 274 S. Weber Road
  • Bourbonnais: 1601 Route 50
  • Champaign: 903 W. Anthony Drive, 528 East Green Street
  • Chicago:(Over 50 Locations) Visit Chipotle for full list
  • Cicero: 2201 S. Cicero Ave.
  • Countryside: 5801 S. La Grange Road
  • Crestwood: 13340 S. Cicero Ave.
  • Crystal Lake: 5006 Northwest Highway
  • Deerfield: 675 Deerfield Road
  • DeKalb: 2383 Sycamore Road, 1013A W. Lincoln Highway
  • Downers Grove: 1556A Butterfield Road, 1203 W. Ogden Ave
  • East Peoria: 300 W. Washington St.
  • Effingham: 1207 Keller Drive
  • Elk Grove Village: 910 Elk Grove Town Center
  • Elmhurst: 353 S. Route 83, 139 York Road
  • Evanston: 711 Church St.
  • Fairview Heights: 6415 N. Illinois St.
  • Frankfort: 11129 W. Lincoln Highway
  • Geneva: 1441 S. Randall Road
  • Glen Ellyn: 695 Roosevelt Road
  • Glenview: 3846 Willow Road, 2341 Willow Road
  • Gurnee: 6040 Gurnee Mills Boulevard
  • Highland Park, 1849 Green Bay Ave.
  • Hoffman Estates: 4600 Hoffman Boulevard, 15 E. Golf Road
  • Homer Glen: 14114 S. Bell Road
  • Homewood: 17700 Halsted St.
  • Joliet: 2848 Plainfield Road, 2609 W. Jefferson St.
  • Kildeer: 20505 N. Rand Road
  • La Grange: 40 N. La Grange Road
  • Lake Bluff, 945 Rockland Road
  • Libertyville: 139 N. Milwaukee Ave.
  • Lincolnshire: 950 Milwaukee Ave.
  • Lincolnwood: 7150 N. McCormick Ave.
  • Machesney Park: 1570 W. Lane Road
  • Matteson: 4815 W. 211th St.
  • McHenry: 2304 Richmond Road
  • Melrose Park: 1401 W. North Ave.
  • Mokena: 19130 S. LaGrange Road
  • Moline: 3941 41st Avenue Drive
  • Mount Prospect: 102 E. Kensington Road
  • Naperville: 2856 Route 59, 22 E. Chicago Ave, 1516 North Naper Boulevard
  • Niles: 8480 W. Golf Road
  • Normal: 701 S. Main St, 1601 E. College Ave.
  • Norridge: 4234 N. Harlem Ave.
  • Northbrook: 786 N. Skokie Boulevard
  • Oak Brook: 2103 Clearwater Drive
  • Oak Lawn: 6230B W. 95th St., 11018 S. Cicero Ave.
  • Oak Park: 1128 W. Lake St.
  • Oak Brook: 18W050 22nd St.
  • Ontario: 291 E. Ontario
  • Orland Park: 15240 S. LaGrange Road: 2432 Route 34
  • Oswego: 2432 Route 34
  • Palatine: 781 E. Dundee Road
  • Park Ridge: 119 S. Northwest Highway
  • Peoria: 4512 N. Sterling Ave.
  • Plainfield: 12720 S. Route 59
  • Rockford: 751 S. Perryville Road
  • Rolling Meadows: 1211 Golf Road
  • Romeoville: 253 S. Weber Road
  • Rosemont: 7020 N. Manheim Road
  • Round Lake Beach: 1936 N. Route 83
  • Schaumburg: 601 N. Martingale Road, 2570 W. Schaumburg Road
  • Skokie: 9408 Skokie Boulevard, 5373 Touhy Ave.
  • South Elgin: 348 Randall Road
  • Springfield: 2579 Wabash Ave.
  • St. Charles: 3821 Main St.
  • Tinley Park: 15980 S. Harlem Ave.
  • Vernon Hills: 375 N. Milwaukee Ave.
  • Villa Park: 298 W. North Ave.
  • Warrenville: 28251 Diehl Road
  • Waukegan: 940 S. Waukegan Road
  • West Dundee: 201 N. 8th St.,
  • Westmont: 300 E. Ogden Ave.
  • Wheaton: 811 E. Butterfield Road, 2119 W. Roosevelt Road
  • Wheeling: 1572 W. Lake Cook Road
  • Willowbrook: 7173 Kingery Highway

Affected? What Do You Do Now?

Since the exact time frame of the breach varies by location you should visit here, scroll to the bottom of the page and fill in the locations you may have visited during the broader time frame.  If you find that you are indeed the likely victim of a breach you can follow the directions from Chipotle regarding account monitoring and identity protection.

Here is the overview of what Chipotle advises…

“It is always advisable to remain vigilant to the possibility of fraud by reviewing your payment card statements for any unauthorized activity. You should immediately report any unauthorized charges to your card issuer because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner.  The phone number to call is usually on the back of your payment card.  Please see the section that follows this notice for additional steps you may take.”

 

Symantec Report Provides Insights into Top 10 Most Hacked Industries

Posted on by konweb

Symantec’s 2017 Internet Security Threat Report (ISTR) lists the Services Industry at the top of its 2016 list of most hacked industries followed by Finance, Insurance, & Real Estate. These two industries were at the top of the list for 2015 showing that their popularity with cyber-criminals has not waned.

Drilling down to a more granular level we see that specifically, Business Services and Health Services top the charts. Given the strict reporting requirements in the healthcare segment it is really no surprise to see this niche at the top of the list. Business Services, a still rather broad sub-niche, tops the list accounting for nearly a quarter of all incidents.

Some Historical Perspective

According to Symantec’s data, by the end of 2016 over 7 billion identities have been stolen over the last 8 years! That is nearly 1 identity for every single living person on the planet.

Looking at just the past 3 years, the trend in breach and data loss looks like this:

At first glance 2015’s Identities Stolen figure might seem like a misprint with approximately half the identities stolen as compared to 2014 and 2016. But as the chart below shows, major breaches just on either side of 2015 led to the spikes in its neighboring years.

2014 of course reflects both the Home Depot and Target breaches while 2016 includes the mega breach of Friend Finder Networks.

You have a friend in Konsultek

No matter what your industry or your business size, Konsultek can help you secure your business network and data. Our custom solutions are both robust and cost effective and our suite of managed services give even the smallest organizations access to world class security solutions with little to no capital expense. Gives us a call and learn more about our free vulnerability assessments.

Symantec’s 2017 Internet Security Threat Report (ISTR) lists the Services Industry at the top of its 2016 list of most hacked industries followed by Finance, Insurance, & Real Estate. These two industries were at the top of the list for 2015 showing that their popularity with cybercriminals has not waned.

 

Drilling down to a more granular level we see that specifically, Business Services and Health Services top the charts. Given the strict reporting requirements in the healthcare segment it is really no surprise to see this niche at the top of the list. Business Services, a still rather broad sub-niche, tops the list accounting for nearly a quarter of all incidents.

Some Historical Perspective

According to Symantec’s data, by the end of 2016 over 7 billion identities have been stolen over the last 8 years! That is nearly 1 identity for every single living person on the planet.

Looking at just the past 3 years, the trend in breach and data loss looks like this:

At first glance 2015’s Identities Stolen figure might seem like a misprint with approximately half the identities stolen as compared to 2014 and 2016. But as the chart below shows, major breaches just on either side of 2015 led to the spikes in its neighboring years.

2014 of course reflects both the Home Depot and Target breaches while 2016 includes the mega breach of Friend Finder Networks.

You have a friend in Konsultek

No matter what your industry or your business size, Konsultek can help you secure your business network and data. Our custom solutions are both robust and cost effective and our suite of managed services give even the smallest organizations access to world class security solutions with little to no capital expense. Gives us a call and learn more about our free vulnerability assessments.

While WannaCry is Making Headlines Docusign Breach Quietly Endangers Users

Posted on by konweb

Rather than write the 1000th post about WannaCry (although our Partners at Proofpoint, their Engineer Darien Huss and a fellow called MalwareTech deserve a serious shout-out from the world for stopping WannaCry) I decided to cover something with potentially huge financial implications that has virtually gone under the radar by comparison.

While WannaCry was grabbing the cybersecurity headlines for the week, it turns out that online signature giant DocuSign was more quietly and in a rather methodical fashion, publicly disclosing the details of a significant and serious cyberbreach themselves.

Here’s an abbreviated timeline of what we know so far from DocuSign themselves.

Update 5/9/2017 – Malicious Email Campaign

DocuSign is tracking a malicious email campaign where the subject reads: “Completed: docusign.com – Wire Transfer Instructions for recipient-name Document Ready for Signature”.

The email contains a link to a downloadable Word Document which is designed to trick the recipient into running what’s known as macro-enabled-malware.

Update 5/15/2017 – Malicious Email Campaign

DocuSign is tracking a malicious email campaign where the subject reads: Completed *company name* – Accounting Invoice *number* Document Ready for Signature;The email contains a link to a downloadable Word Document which is designed to trick the recipient into running what’s known as macro-enabled-malware.

These emails are not associated with DocuSign. They originate from a malicious third-party using DocuSign branding in the headers and body of the email. The emails are sent from non-DocuSign-related domains including dse@docus.com. Legitimate DocuSign signing emails come from @docusign.com or @docusign.net email addresses.

Update 5/15/2017 – Latest update on malicious email campaign

Last week and again this morning, DocuSign detected an increase in phishing emails sent to some of our customers and users – and we posted alerts here on the DocuSign Trust Site and in social media. The emails “spoofed” the DocuSign brand in an attempt to trick recipients into opening an attached Word document that, when clicked, installs malicious software. As part of our process in response to phishing incidents, we confirmed that DocuSign’s core eSignature service, envelopes and customer documents remain secure.

However, as part of our ongoing investigation, today we confirmed that a malicious third party had gained temporary access to a separate, non-core communication system used for service-related announcements that contained a list of email addresses. A complete forensic analysis has confirmed that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.

Update 5/16/2017 @ 8:55 Pacific Time – Key Update on Malicious Campaign

Q: Have the email addresses of my employees, customers or customers’ customers been exposed as part of this incident?
A: As part of our ongoing investigation, we can now confirm that no signers were on the list of email addresses that was accessed maliciously unless they had signed up for a DocuSign account. That could include direct DocuSign customers; someone who signed a document and elected to open a DocuSign account; or someone who signed up for a DocuSign freemium account – via docusign.com, through a partner integration, or via the DocuSign mobile client.

Update 5/17/2017 @ 1:02 PM Pacific Time – New Phishing Campaign Discovered Today

DocuSign has observed a new phishing campaign that began the morning of May 16 (Pacific Time). The email comes from “dse@dousign.com” with the subject “Legal acknowledgement for <person> Document is Ready for Signature” and it contains a link to a malicious, macro-enabled Word document. We suggest you do not open this email, but rather delete it immediately.

The Ultimate Phishing Scam?

This may very well be the ultimate spear phishing campaign. While the number of email addresses compromised has not been disclosed, we can assume it is A LOT and a considerable portion of those affected routinely use DocuSign multiple times a month, if not weekly or daily. Since DocuSign emails are both expected and “trusted” we can only further assume that these phishing campaigns are being effective. No official report on just how effective, so far, but perhaps we’ll get an update further details emerge.

It seems likely that this scam will continue for a very long time given that DocuSign reportedly has 100 million users.

The Lesson You Can Learn

“However, as part of our ongoing investigation, today we confirmed that a malicious third party had gained temporary access to a separate, non-core communication system used for service-related announcements that contained a list of email addresses.” (Emphasis added)

The lesson to be learned here is that in today’s world no part of your network can be considered “non-core” when it comes to security. If the data is worth saving within your network, it is worth protecting!

Konsultek and Its Partners

Konsultek and its partners like Proofpoint, CheckPoint, ForeScout, CarbonBlack and many others work together to build custom security solutions for businesses of all sizes in all markets. When you’re ready to learn about your network vulnerabilities and how to correct them please give us a call.

 

Cyber-Espionage Exploding in Education Services Sector

Posted on by konweb

There has been a major shift in the type of breach incident happening in the education services sector according to the Verizon 2017 Data Breach Investigations Report.

Can you spot the shift in the graphic below?

Source: Verizon 2017 DBIR

Cyber-Espionage has exploded since mid-2012! That’s right, because of the cutting-edge research that happens at many colleges and universities they have become a target for state-sponsored hacking.

As Verizon puts it…

“So college isn’t just pizza and tailgates—research studies across myriad disciplines conducted at universities put them in the sights of state-affiliated groups.”

So while of course the personal information of students and faculty were commonly extracted during breaches (a little more than half of all breaches) intellectual property losses were tied to a little more than a quarter of all breaches.

Targeted or Random Acts of Unkindness?

The evidence is clear that state-sponsored hacking and some criminal, profit based hacking is specifically targeting the hallowed halls of our academic institutions.

How do They do it?

Good question. Here is the answer in a graphic from the Verizon report.

Phishing email was the predominant threat vector in the social category while the use of stolen credentials was the dominant hacking technique. One interesting thing to note is the number of incidents involving Social and one or more other vector.

How Would You Like to Get a Threat Vulnerabilty Education for FREE?

At Konsultek we believe an educated client is the best client. That’s why we offer a variety of free vulnerability assessments to help you determine both your risk exposure and the likelihood of that exposure in regards to the veracity of your current security measures. Who would you rather educate you, the good guys at Konsultek or the bad guys out in the wild? Well, what are you waiting for? Pick up the phone and give us a call today so we can get your vulnerability assessment scheduled ASAP!

 

Just 1 in 5 Financial Institutions Confident they can Detect a Data Breach

Posted on by konweb

Yet, Consumers Implicitly Trust Them According to a CapGemini Report

According to the CapGemini report, while banks and financial institutions enjoy an extraordinary 83% positive level of trust in the cybersecurity of their systems, just 1 in 5 banking executives surveyed are “highly confident in their ability to detect a breach, let alone defend against it.”

For comparison, e-commerce firms enjoy just a 28% positive level of trust while telecom companies and retailers score a paltry 13%.

The full CapGemini Report Can be downloaded here

Trust is a HUGE Factor In Consumer Choice

According to the report authors, trust in an institution’s ability to protect private data and provide a secure environment is a significant factor for 65% of consumers when choosing which bank to do business with.

And yet, while approximately 25% of all financial institutions have reported being a victim of some level of hack only 3% of consumers believe that their own financial institution has ever been breached. It would seem that indeed there is a “trust halo” being enjoyed by banks that the numbers suggest they do not deserve.

If this halo were to become tarnished banks could be in trouble. According to the report 74% of consumers would switch their bank or insurer if they became aware of a breach.

GPDR Regulations Will Likely Drive Transparency

The GPDR regulations set to be introduced next year should drive more transparency and quicker reporting of breaches and this may result in some tarnished halos.

“When GDPR is introduced and all breaches are likely to be made public soon after they occur, many people will be in for a surprise,” said Zhiwei Jiang, Global Head of Financial Services, Insights & Data at Capgemini. “The introduction of GDPR legislation next year is a prime opportunity for business transformation for banks and insurers to become the digital fortresses consumers believe them to be.”

Konsultek Knows Security

From financial institutions to university and healthcare organizations, Konsultek builds customized security solutions that protect networks and the data they house. If you are interested in learning exactly how your network may be vulnerable just give us a call and we’ll discuss how we can find your vulnerabilities before they are found by cybercriminals and hackers.

 

© Copyright 2018 Konsultek