Ransomware, Phishing and other Malware

General Security Issues Ransomware, Phishing and other Malware Supply Chain Security

Supply Chain Security, Spear Phishing and Remote Working

Reports on Cyber trends abound, and you could be forgiven for thinking that they are often produced by organisations trying to sell you something. And I might be tempted to agree. Am I any different, well I’ll leave you to judge but I do think that it is very important to educate, and not just sell, into the SME market. I’ve said many time times before, that the SME market has been badly served by the Cyber security industry, in that it tends to get ignored. However, that doesn’t mean that they are any less at risk, or any less important to the UK economy. Quite the reverse. I do read several reports about cyber trends, and if I think they are of use, then I do pass them on via this newsletter. I have read one recently which I think is worth passing on. It highlights 3 different scenarios, all of which I have blogged about in the past. They are, in no particular order, supply chain attacks, spear phishing and attacks against hybrid workers. These are clearly not exhaustive, but they are relevant to SMEs.

An often forgotten element of Cyber security lies within a company’s supply chain.  Manufacturers for instance, often use what is known as ‘just in time supply’, i.e., they have an electronic connection to their key suppliers who are connected to the company’s inventory, and automatically resupply when an item runs low.  It’s efficient and prevents the holding of unnecessary stock.  But it can, if not done correctly, drive a coach and horses through your security.

In short, a supply chain attack is a cyber-attack that seeks to damage an organisation by targeting less-secure elements in the supply chain.

Small to medium enterprises are at greatest risk from cyber security threats, and their vulnerability in turn poses a danger to the major corporations that they do business with.  Why, well the problem with small to medium sized enterprises is that they are in the unique position of having disproportionate access to important information. They are often mission critical suppliers that produce niche products, and they generally have the weakest cybersecurity arrangements in terms of size, resources, and expertise. They open up large clients to leapfrog cyber security attacks.

Spear phishing is an email or electronic communications scam targeted towards a specific individual, organisation, or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.

Spear phishing is a more targeted cyber-attack than phishing. Emails are personalized to the intended victim. For example, the attacker may identify with a cause, impersonate someone the recipient knows, or use other social engineering techniques to gain the victim’s trust.  In other words, this is what might be referred to more as a scam than a cyber-attack, but it is no less illegal.

The common characteristics of spear phishing emails are not unlike traditional phishing scams:

  • The email uses email spoofing to masquerade as a trusted person or domain. …
  • Social engineering is employed to create a sense of urgency to exploit the victim’s desire to be helpful to a friend or colleague.

Hybrid working has been the subject of several of my blogs and newsletters of late.  We are all now seeing the ‘new normal’ and are embracing it to some extent.  There are now surveys by HR consulting companies, suggesting that 60 to 70% of companies of all sizes are planning to adopt a hybrid model.  In the IT industry, particularly amongst IT consultancies, this model has been in use for many years and is well regarded, allowing the downsizing of office space and a lower cost base.

As organisations of all sizes begin the decision making process which allows them to seriously consider the recalibration of their operating model to adapt to the new normal, then there is a real need to re-evaluate their cyber security stance, involving policies, processes, people training and technical defences.

Cyber criminals have used this shift in working patterns to their advantage and their attacks have increased hugely, across the globe.  Working from home has increased the footprint of IT operations whilst weakening its defences and the scope for cyber criminals to develop new attack methods, new scams, and to generally increase their revenue, exponentially.

Cyber-attacks and data breaches tend to only hit the headlines when it’s a large company involved.  However, SMEs are hit every day, but for somewhat smaller sums of money and there is an argument that often these attacks go unreported to protect reputations and even go undiscovered for long periods of time.  Data breaches do get reported because of the requirement to make such a report to the Information Commissioners Office, but even then, actions taken by the ICO often fly under the radar.  For instance, this year alone there have been over 40 fines by the ICO, many to companies categorised as SME.  A finance company was fined £48k and a solicitor was fined £98k.  You can research all of this on google if you want confirmation.

Ransomware, Phishing and other Malware

A bit more on Ransomware, at the risk of over emphasising it, not that I think you can.

According to the NCSC, responsible for cyber security in the UK, ransomware continues to be a clear and present danger to UK companies, both at the Enterprise and SME level. It has now become the most significant cyber threat facing the UK, with the impact of an attack on critical national infrastructure stated in the UK National Cyber Strategy 2022 as potentially as harmful as state-sponsored espionage. There remains a pervasive opinion within SME management, that ransomware only affects the big companies, that SMEs are just too small to provide a level of reward that cyber criminals are looking for. I also said that there was evidence that when an SME gets hit, the amount asked for is quite small, from around £500 to £1000, and therefore many SMEs simply pay up. There is of course a real danger there because often their data has already been stolen, and sometimes the criminal doesn’t release the data back to the company, leaving the SME not only out of pocket, but unable to continue with business.

How much better if you can avoid getting hit in the first place.  Here I list some ways that you could perhaps use to avoid the problem.

  1. Arguably, the biggest and most effective step an SME can take is Cyber Awareness Training for staff. It is simply a fact that 90% of data breaches are caused by human error.  It is very unlikely that an employee will do something deliberately to damage your business.  But humans are fallible and, if they haven’t had any awareness training, they simply don’t know what they shouldn’t be doing.  Cyber security awareness training remains the most significant step you can take in this regard.  You can’t expect your staff to help you avoid cyber security attacks if they don’t know what they are looking for.  Cyber security is NOT an IT issue, it’s very much a business issue and responsibility lie with everyone in the business.  Clearly this training needs to be part of an overall strategy, which again, need not be complex or onerous.  Most successful strategies follow the KISS principle – Keep It Simple Stupid.
  2. The next reasonably low-cost thing that ties in with Cyber Awareness Training and a security strategy is robust, well thought out policies and procedures, that have been rolled out across the work force and are monitored to ensure they remain relevant and that they are understood by all. Giving an employee the means to check what they should do if they suspect there is something nefarious going on, is simply giving them support, it is not there to catch them out or to use as a stick against them.  Many SMEs don’t have any such policies in place and many others have downloaded specimens from the internet, topped and tailed them and expect them to be enough, which they very rarely are.
  3. Next think about your backup strategy. Even when you are using a cloud-based provider, that doesn’t necessarily mean that your data is secure, although many providers would disagree, at least in their advertising.  How much better to have a strategy whereby your data is backed up overnight to a magnetic media storage point, which can be taken off line and stored in secure storage.  If you do that, then if you are subject to an attack and your data is locked up, you can have some or all workstations wiped and reloaded, and then have data restored from the tape, all of which would not take most SMEs off line for more than a day.  You then have a breathing space to sort everything out in the longer term.
  4. Email remains the top attack vector for many attacks and this is one of them. There are many products on the market that will tell you that they will block as many malicious emails as possible, and many of these are very good at what they do.  For an SME, it will nearly always come down to a matter of cost and some of these products are more expensive than others.  Unfortunately, there are still a considerable number of SMEs out there, either using the cheapest anti malware product they could find, or even a free product.  You get what you pay for and if its free, you’ve got a problem.  Any product you choose to use must be mitigating an identified risk.  If a risk hasn’t been properly identified and a product selected that covers that risk off, as well as it can be covered off, then you’ve quite possibly wasted your money.

There is a product on the market from a company called Platinum-HIT, which takes a very innovative approach to this.  Quite simply it blocks any executable not on your whitelist from running.  It takes a free 30 day evaluation for it to profile your network and build a list of executables that are in use daily by users.  So those that run your applications, email etc etc, and produces that list for human inspection.  Once agreed, that becomes your whitelist.  It’s extremely effective and so far, we haven’t found another product that takes this approach in blocking all forms of malware, including ransomware.

The overall message I would like to put across to all SMEs, is that you are just as vulnerable as anyone else, to this, and many other attacks.  Have you identified your risks?  Have you identified ways to mitigate those risks, enabling you to maximise your defensive spend.  Or, have you just bought into an argument that says that you have a firewall and some anti-virus, you’re using a cloud provider and you’re therefore covered?  I’d welcome the opportunity to have that debate with you.

[/et_pb_blurb][/et_pb_column][/et_pb_row][/et_pb_section]

Data Breaches and their consequences Ransomware, Phishing and other Malware

Another look at Ransomware

I’ve been reading about how Ransomware is affecting the insurance industry. A Ransomware group has added 90 organisations to their data leak site as victims of the MOVEit exploitation campaign. Currently the insurance industry is listed as having the highest number of victims. Now clearly the insurance industry is not alone in this, although it’s an obvious target given that it holds considerable amounts of personally identifiable data (PII), as defined in UK GDPR. It’s long been known that personal data, misappropriated or downright stolen, has been available for sale on the dark web, for many years. It’s one of the reasons why paying ransomware demands can be so wrong. Whilst I know the stated purpose of ransomware is to obtain a few to release the data and make it available again to the victim, it is also often a cover for a larger stealth attack which steals data without you knowing it.

Ransomware demands on SMEs tend to be very modest, often under 1K, so you have to wonder how many people are being hit to make it profitable.  And the small amounts are why company’s often pay up to get back access to their data quickly.  But as I said above, while this is going on the attacker is already on your system siphoning of any personal data you might have, safe in the knowledge that you’re going to pay up and they don’t have to worry about any investigations, even if such investigations are likely to bear any fruit.

But back to the news I opened with.

A criminal online marketplace selling millions of sets of stolen personal information for as little as 56p per entry has been taken down in an international crackdown.

The sting, led by the FBI and Dutch police and involving law enforcement agencies across 18 countries including the UK’s National Crime Agency (NCA), took Genesis Market offline on Tuesday night.

Users trying to access the site were greeted with a page emblazoned with the FBI investigation name Operation Cookie Monster.

The marketplace, one of the most significant of its kind in the world, had 80 million sets of credentials available for sale, affecting two million victims. Details, including online banking, Facebook, Amazon, PayPal and Netflix account information were up for sale alongside so-called digital fingerprints containing data from the victims’ devices. This enabled criminals to bypass online security checks by pretending to be the victim.

Investigators from the NCA carried out a series of raids yesterday targeting around 20 users of the site, with dozens of arrests abroad.

Source – Evening Standard

The Head of Cyber Intelligence at the NCA has said that Genesis Market is one of the top criminal marketplaces anywhere in the world, enabling fraud and a range of other criminal activities online by facilitating that initial access to victims, which is a critical part of the business mode in a whole range of nefarious activity.

I am often asked, ‘how do hackers hack’?  Often the first step is to profile businesses and their employees.  There is a plethora of data available on open sources if you google it.  Company’s House, for a small fee, can disclose who the key players are, what you last set of accounts looked like etc.  Social Media accounts are another rich source of data, but buying personal information is a quick and easy way of obtaining data and at the cost of 59p a record, also cheap.

This type of attack can by a real double or even triple whammy for an SME.  First you have to fork out to get your data released, then if the data breach becomes public, there is a risk of a very punitive fine from the ICO, (check out their website, they publish fines handed out), and there is a very real risk of being sued by those whose data has been breached, (check out the no win no fee lawyers out there now advertising their services for anyone who suspects their data has been stolen or made public).

How much better to secure your data and systems to prevent this from happening. The threat landscape has always been ever changing and we have long been playing catch up to the cyber criminals and scammers but working patterns have now changed so much and in such a short space of time, that we have created a whole new avenue of problems for ourselves.  The global pandemic has changed working patterns so that the office is no longer the bastion that it was, and our network boundary is now our laptop, phone, or tablet, wherever we may be working from.

Here at H2 we have been very busy coming up with solutions to meet these new requirements.  We have aimed at driving down complexity and cost and at the same time recognising the ‘new normal’, whatever that may mean for your company, and covering off zero day attacks and ransomware, two of the most dangerous threats to all organisations. But our solutions are aimed at the SME which means they must be affordable as well as innovative and comprehensive.  We think we’ve done just that.

Our solution is based on sound risk management techniques allied with products which work seamlessly together or as individual solutions.  Whether you need one of these, two, three or all four, depends on your requirements and to some extent, your size of company and the vertical you operate in.  Two of these products are very new to the UK market but are tried and tested in other countries, notably the US.  The access management solution has been in use in Europe for some time whilst the anti-malware solution which covers off zero day and ransomware, has been in use in the enterprise market, especially government and CNI for some years and is only now available in an affordable way, for SMEs.

[/et_pb_blurb][/et_pb_column][/et_pb_row][/et_pb_section]

Cyber Awareness Training Data Breaches and their consequences General Security Issues Identity and Access Management Ransomware, Phishing and other Malware Risk Analysis and Security Strategy Security Tools

Protecting Your Business from Cyber Attacks – Part 2 – Plus some info on a Ransomware Attack

efore I begin I thought it would be appropriate first, to discuss an issue that has cropped up in the news, which I believe is extremely pertinent to SMEs, because many use MS365 and Azure in part or in whole, for storing their data and as part of their access controls.  Many IT companies that service SMEs, will claim that Azure provides excellent protections, and that it’s enough on its own.  Now, I’m not here to denigrate Microsoft, heaven forefend, but it would be remiss of me not to point out a recent breach, which might well be a state backed attack, but nonethess has created what is known as an Advanced Persistent Threat (APT), known as Storm-0558 breach.

This breach has allowed China-linked APT actors to potentially have single-hop access to the gamut of Microsoft cloud services and apps, including SharePoint, Teams, and OneDrive, among many others.  It is estimated that the breach could have given access to emails within at least 25 US government agencies and could be much further reaching and impactful than anyone anticipated, potentially placing a much broader swathe of Microsoft cloud services at risk than previously thought.

A lack of authentication logging at many organizations means that the full scope of actual compromise stemming from the situation will take weeks, if not months, to determine.  This of course raises issues with authentication even amongst large enterprises and government departments.  SMEs are far more reliant on such technologies and are subsequently far more at risk.

This breach was caused by a stolen Microsoft account key which allowed the bad guys to forge authentication tokens to masquerade as authorised Azure AD users, and therefore obtaining access to Microsoft 365 enterprise email accounts and the potentially sensitive information contained within.  However, it gets worse, as it turns out that the swiped MSA key could have allowed the threat actor to also forge access tokens for “multiple types of Azure Active Directory applications, including every application that supports personal account authentication, such as SharePoint, Teams and One Drive.

It should be noted that Microsoft took swift action and revoked the stolen key, however despite this some Azure AD customers could potentially still be sitting ducks, given that Storm-0558 could have leveraged its access to establish persistence by issuing itself application-specific access keys, or setting up backdoors.  Further, any applications that retained copies of the Azure AD public keys prior to the revocation, and applications that rely on local certificate stores or cached keys that may not have updated, remain susceptible to token forgery.

OK, now back to the original subject.  Steps 6 to 10 in my suggested top ten list.

  1. What steps should I take to protect my business from ransomware attacks? A very good question with a multi thread answer.
  • Keep Software Updated. Regularly update your operating system, applications, and antivirus software to ensure you have the latest security patches.
  • Use Strong Passwords. Use unique and complex passwords for all your accounts and consider using a password manager to keep track of them securely.
  • Enable Two-Factor Authentication (2FA).  Add an extra layer of security by enabling 2FA whenever possible, as it helps prevent unauthorized access to your accounts.
  • Be Cautious with Email. Avoid opening attachments or clicking on links from unknown or suspicious senders. Be wary of phishing attempts.
  • Backup Your Data.  Regularly back up your important files and data to an external hard drive or a secure cloud service. This way, even if you fall victim to ransomware, you can restore your files without paying the ransom.
  • Use Reliable Security Software. Install reputable antivirus and anti-malware software to help detect and block ransomware threats.
  • Educate Yourself and Others. Stay informed about the latest ransomware threats and educate your family or colleagues about the risks and preventive measures.
  • Secure Network Connections. Use a firewall and be cautious when connecting to public Wi-Fi networks.
  • Limit User Privileges. Restrict user access privileges on your devices, granting administrative rights only when necessary.
  • Monitor for Suspicious Activity. Regularly monitor your devices and network for any unusual or suspicious activity that might indicate a potential ransomware attack.
  1. What can I do to ensure that my data is backed up in case of a cyber-attack? This is straight forward and highlights a problem whereby many SMEs think that if their data is on a cloud service, they don’t need to back it up.    You need a backup routine that separates your backed up data, from your data storage.  What I mean by that, is that if an attacker, or a piece of malware, can jump from one system to another, then having a live connection to your back up defeats the object, but it’s surprising how many people do this.  So, there are a number of methods.  The first is the good old fashioned tape backup.  Becoming less and less used nowadays but still very effective.  Another is that several cloud providers also provide a backup solution that disconnects once the backup has been done and will allow you to go back to a ‘clean’ backup if the current one has been compromised.  Check this out, but do back up your data, don’t be convinced that you don’t need to, you do.
  1. What cyber security measures should I put in place to protect my business from external threats? To protect against external cyber threats, you should consider implementing the following cybersecurity measures:
  • Strong Passwords: Encourage employees to use complex passwords and enable multi-factor authentication wherever possible.
  • Regular Updates: Keep all software, operating systems, and applications up to date to patch known vulnerabilities.
  • Firewall: Set up and maintain a firewall to control incoming and outgoing network traffic.
  • Antivirus Software: Install reputable antivirus software to detect and remove malware.
  • Employee Training: Educate your staff about cybersecurity best practices and potential threats, such as phishing and social engineering.
  • Data Encryption: Encrypt sensitive data to prevent unauthorized access if it gets intercepted.
  • Access Control: Implement role-based access control to limit users’ access to only the data and systems they need.
  • Regular Backups: Regularly backup your important data and keep the backups in a secure location.
  • Network Monitoring: Use intrusion detection and prevention systems to monitor network activity for suspicious behaviour.
  • Incident Response Plan: Develop a comprehensive incident response plan to handle cybersecurity incidents effectively.
  • Vendor Security: Ensure third-party vendors and partners also have strong security measures in place, especially if they have access to your data.
  • Physical Security: Protect physical access to servers and sensitive equipment.
  1. How can I stay up to date with the latest cyber security threats and best practices? There is a number of things you can do but a lot depends on how much time you have available to devote to this.  Probably not much and you may wish to consider having an advisor on tap, and surprise, we provide such an advisor.  But pointers that might want to consider include:
  • Subscribe to reputable cyber security news sources and blogs, like this one!
  • Attend cyber security webinars.
  • Follow cyber security experts on social media.
  • Sign up for security alerts: Many organizations and government agencies offer email alerts for the latest cyber threats.
  • Participate in cyber security training. I can’t emphasise enough the value of cyber awareness training for your staff.
  • Read official reports and advisories: Stay informed about security bulletins and advisories released by software vendors and security organizations.
  • Practice good cyber hygiene: Implement strong passwords, use multi-factor authentication, keep your software up to date, and regularly backup your data.
  1. What steps should I take to ensure my business is compliant with relevant regulations and industry standards?

This is going to depend on several factors, such as the business you are in.  Many organisations must adhere to a variety of standards within their area of business and of course, many use a variety of International Standards such as ISO9000 series.  On top of this there are legal frameworks that you also must adhere to, amongst those are UK GDPR and financial services regulations.  Not an exhaustive list.  It can be a minefield.

It is somewhat surprising to me, that many SMEs that I visit don’t know what data is subject to these regulations and what isn’t, and where that data is actually stored, how it is processed and protected.  They will argue that they do know most of this, at least at a high level, but that they outsource to their local IT provider.  That won’t help you if a regulator comes after you.  You can outsource your IT, but not your responsibility.  Take advice, get guidance, there are some great protections and audit tools out there which don’t have to cost a fortune.  Check them out.

[/et_pb_blurb][/et_pb_column][/et_pb_row][/et_pb_section]

General Security Issues Ransomware, Phishing and other Malware Risk Analysis and Security Strategy Security Tools

Protecting your business from cyber attacks – Part 1

Protecting your business from cyber attacks and scams is a challenge, and I get it, it can be expensive, especially when the most effective solutions are aimed at enterprise businesses with big budgets that SMEs simply can’t match. And that of course, is why they are so tempting to the cyber criminal. Cybersecurity is an ongoing effort. It’s important, no matter how difficult you may think it is, to stay informed about the latest threats and continuously adapt your security measures to address emerging risks. SMEs and local IT company’s simple can’t afford professional cyber security advice and skills, so consider consulting with cybersecurity professionals for additional guidance tailored to your specific business needs.

There are a number of protections that you need to consider.  I’ve picked the top 5, at least in my opinion, but that’s far from exhaustive.

  1. What are the best practices for keeping my business secure from cyber threats? A sound strategy is a mixture of process, procedure and technical controls, coupled with sound security awareness training.  Here are some of the highlights:
  • Strong Passwords: Enforce the use of complex, unique passwords for all accounts, and consider implementing multi-factor authentication (MFA) for an extra layer of security.
  • Regular Updates: Keep all software, operating systems, and applications up to date with the latest patches and security updates to address known vulnerabilities.
  • Employee Education: Train employees on cybersecurity awareness, including recognising phishing attempts, social engineering, and safe browsing habits. Regularly remind them about the importance of maintaining security practices.
  • Network Security: Use firewalls, intrusion detection and prevention systems, and virtual private networks (VPNs) to safeguard your network against unauthorised access.
  • Data Encryption: Encrypt sensitive data both in transit and at rest. This helps protect data if it is intercepted or stolen.
  • Backup and Recovery: Regularly back up critical data and test the restoration process. This ensures that important information can be recovered in the event of a cyber incident.
  • Access Controls: Implement a least privilege approach, granting employees access only to the resources they need for their job roles. Regularly review and revoke access for former employees or those who no longer require it.
  • Incident Response Plan: Develop an incident response plan that outlines the steps to be taken in case of a cybersecurity incident. This helps minimize damage and facilitates a swift recovery.
  • Vendor Management: Assess the security practices of third-party vendors and partners to ensure they meet your standards. Establish clear security requirements and monitor compliance.
  • Periodic security assessments, remember nothing stays the same and new vulnerabilities and threats emerge all the time.
  1. How can I protect my business from phishing, malware, and other online attacks?
  • Employee Education: Train your employees to recognise and avoid phishing attempts. Teach them how to identify suspicious emails, links, and attachments. Encourage them to report any suspicious activity promptly.
  • Strong Passwords: Enforce the use of strong, unique passwords for all business accounts. Consider implementing two-factor authentication (2FA) for an extra layer of security.
  • Regular Updates and Patches: Keep all software and operating systems up to date with the latest security patches. Regularly update antivirus and anti-malware software as well.
  • Secure Network: Implement robust network security measures, including firewalls, intrusion detection systems, and secure Wi-Fi networks. Regularly monitor and audit network activity for any anomalies.
  • Email Protection: Deploy email filters and spam blockers to prevent malicious emails from reaching employees’ inboxes. Consider using email authentication protocols such as SPF, DKIM, and DMARC.
  • Web Browsing Security: Advise employees to exercise caution when visiting websites, especially those with suspicious or unknown origins. Encourage the use of secure browsing practices, such as avoiding clicking on unfamiliar links.
  • Data Backups: Regularly back up all critical business data to secure, off-site locations. This ensures that even if malware or ransomware attacks occur, you can restore your data without paying a ransom.
  • Incident Response Plan: Develop a comprehensive incident response plan outlining the steps to be taken in case of a security breach. This plan should include communication protocols, containment measures, and recovery procedures.
  • Ongoing Security Awareness: Maintain a culture of security awareness within your organisation. Regularly remind employees about the importance of staying vigilant and following security best practices.
  1. What type of cyber security training should I provide for my employees? It’s important to cover several key topics.  Here are some suggestions:
  • Phishing Awareness: Teach employees how to recognise and report phishing emails, suspicious links, and potential scams.
  • Password Security: Educate employees on creating strong passwords, using password managers, and avoiding password reuse.
  • Social Engineering: Raise awareness about social engineering techniques, such as pretexting and tailgating, and provide guidelines for handling suspicious requests.
  • Data Protection: Train employees on handling sensitive data, including proper data classification, encryption, and secure file transfer methods.
  • Malware Defence: Teach employees about malware threats, safe browsing habits, and the importance of keeping their devices and software up to date.
  • Mobile Security: Highlight best practices for securing mobile devices, such as using secure Wi-Fi networks, enabling device encryption, and being cautious about downloading apps.
  • Incident Reporting: Establish clear procedures for reporting security incidents, so employees know how to promptly and effectively respond to potential breaches.
  • Remote Work Security: Provide guidelines on securing home networks, using VPNs, and maintaining the security of devices when working remotely.
  • Physical Security: Emphasise the importance of physical security measures, such as locking screens, securing work areas, and preventing unauthorized access to sensitive areas.
  • Ongoing Training and Updates: Keep employees informed about emerging threats, new attack techniques, and evolving security practices through regular training sessions, newsletters, or online resources.

Remember to tailor the training to your organisation’s specific needs and provide practical examples to reinforce the concepts. Training should reflect the policies and processes that you have put in place.  Additionally, consider conducting periodic security assessments and simulations to test employees’ knowledge and readiness.

  1. How can I secure my customer data, and what regulations and best practices should I follow?

To a large extent, this is going to depend on what regulations and requirements the industry that you work in, require of you.  However, there are some things that remain common.  For instance, UK GDPR, the Computer Misuse Act, Financial regulations requiring you to maintain records for 7 years, which, for some industries (financial services, legal etc), can require a considerable effort.  One of the first requirements will be finding out where all your data actually is.  I know many will say well, I know where it is, it’s on my cloud and/or network storage.  But is it?  How many records containing personal identifiable information (PII), has been copied from one directory to another, usually for sound working reasons, or perhaps attached to email and not removed thus leaving a copy of it residing on your email server, etc.  Once you know where it is, then you can start to assess the risk.

  1. How can I quickly and effectively respond to a cyber security incident?

This is a procedural issue.  Do you have a sound incident response plan, which ideally is linked to a business continuity plan?  Are these the same thing?  An incident response plan is just what it says, it’s how you respond and technically recover from a security incident.  Whilst business continuity is about how you continue to work and service your customers whilst recovering from the incident.  Deeply related but not the same thing.

Next week I’ll take a look at the next 5 steps on my list, which are:

  1. What steps should I take to protect my business from ransomware attacks?
  1. What can I do to ensure that my data is backed up in case of a cyber attack?
  1. What cyber security measures should I put in place to protect my business from external threats?
  1. How can I stay up-to-date with the latest cyber security threats and best practices?
  1. What steps should I take to ensure my business is compliant with relevant regulations and industry standards?

[/et_pb_blurb][/et_pb_column][/et_pb_row][/et_pb_section]

Data Breaches and their consequences Ransomware, Phishing and other Malware

DATA BREACHES AND RANSOMWARE

Data breaches just keep on coming don’t they. Probably one of the worst, in terms of potential impact, is the leak of Police Service Northern Ireland (PSNI), personnel data. As we’ve seen many times before this wasn’t a technical breach, but a procedural breach where someone either ignored the rules, or more probably, didn’t know them and didn’t think. Cyber Awareness Training anyone?

Police officers in Northern Ireland are frightened and their families and friends could be “jeopardised” after details were published in error, a former NI justice minister has said.

Naomi Long said some officers would consider their futures with the force.

In response to a freedom of information (FoI) request, the Police Service of Northern Ireland (PSNI) shared names of all police and civilian personnel, where they were based and their roles. 

The details were then published online. 

They were removed a few hours later. 

More than 300 police officers were murdered in Northern Ireland during the 30 years of violence known as the Troubles and officers and staff remain under threat from republican paramilitaries.

The Electoral Commission has revealed it has been the victim of a “complex cyber-attack” potentially affecting millions of voters.  The unspecified “hostile actors” had managed to gain access to copies of the electoral registers, from August 2021.  Hackers also broke into its emails and “control systems” but the attack was not discovered until October last year.  So, for over a year this data was available to cyber criminals without anyone knowing about it.  It frankly beggars’ belief that there weren’t significant protections in place so that even if they breach was stopped, it was at least discovered and known about in a timely manner.

Unlike the attack on PSNI, this one was described as a sophisticated technical attack.

Data belonging to the University of the West of Scotland (UWS) has been put up for auction by a cyber-criminal gang.  The university first said it was facing a “cyber incident” earlier this month and police have been investigating.  The data has now been ransomed by the ransomware gang Rhysida, demanding 20 bitcoin (£450,000) for the confidential data and says it will be sold to the highest bidder.  UWS said it was a “victim of a cybercrime” and the attack affected several digital systems and staff data.  It has been reported by BBC Scotland that the incident has affected staff laptops, shut off around half of the university’s IT systems, and affected student submissions.

There remains a pervasive opinion within SME management, that ransomware only affects the big companies, that SMEs are just too small to provide a level of reward that cyber criminals are looking for.  I also said that there was evidence that when an SME gets hit, the amount asked for is quite small, from around £500 to £1000, and therefore many SMEs simply pay up.  There is of course a real danger there because often their data has already been stolen, and sometimes the criminal doesn’t release the data back to the company, leaving the SME not only out of pocket, but unable to continue with business.

How much better if you can avoid getting hit in the first place.  Here I list some ways that you could perhaps use to avoid the problem.

  1. Arguably, the biggest and most effective step an SME can take is Cyber Awareness Training for staff. It is simply a fact that 90% of data breaches are caused by human error.  It is very unlikely that an employee will do something deliberately to damage your business.  But humans are fallible and, if they haven’t had any awareness training, they simply don’t know what they shouldn’t be doing.  Cyber security awareness training remains the most significant step you can take in this regard.  You can’t expect your staff to help you avoid cyber security attacks if they don’t know what they are looking for.  Cyber security is NOT an IT issue, it’s very much a business issue and responsibility lie with everyone in the business.  Clearly this training needs to be part of an overall strategy, which again, need not be complex or onerous.  Most successful strategies follow the KISS principle – Keep It Simple Stupid.
  2. The next reasonably low-cost thing that ties in with Cyber Awareness Training and a security strategy is robust, well thought out policies and procedures, that have been rolled out across the work force and are monitored to ensure they remain relevant and that they are understood by all. Giving an employee the means to check what they should do if they suspect there is something nefarious going on, is simply giving them support, it is not there to catch them out or to use as a stick against them.  Many SMEs don’t have any such policies in place and many others have downloaded specimens from the internet, topped and tailed them and expect them to be enough, which they very rarely are.
  3. Next think about your backup strategy. Even when you are using a cloud-based provider, that doesn’t necessarily mean that your data is secure, although many providers would disagree, at least in their advertising.  How much better to have a strategy whereby your data is backed up overnight to a magnetic media storage point, which can be taken offline and stored in secure storage.  If you do that, then if you are subject to an attack and your data is locked up, you can have some or all workstations wiped and reloaded, and then have data restored from the tape, all of which would not take most SMEs offline for more than a day.  You then have a breathing space to sort everything out in the longer term.
  4. Email remains the top attack vector for many attacks, and this is one of them. There are many products on the market that will tell you that they will block as many malicious emails as possible, and many of these are very good at what they do.  For an SME, it will nearly always come down to a matter of cost and some of these products are more expensive than others.  Unfortunately, there are still a considerable number of SMEs out there, either using the cheapest anti malware product they could find, or even a free product.  You get what you pay for and if its free, you’ve got a problem.  Any product you choose to use must be mitigating an identified risk.  If a risk hasn’t been properly identified and a product selected that covers that risk off, as well as it can be covered off, then you’ve quite possibly wasted your money.

There is a product on the market from a company called Platinum-HIT, which takes a very innovative approach to this.  Quite simply it blocks any executable not on your whitelist from running.  It takes a free 30 day evaluation for it to profile your network and build a list of executables that are in use daily by users.  So those that run your applications, email etc etc, and produces that list for human inspection.  Once agreed, that becomes your whitelist.  It’s extremely effective and so far, we haven’t found another product that takes this approach in blocking all forms of malware, including ransomware.

The overall message I would like to put across to all SMEs, is that you are just as vulnerable as anyone else, to this, and many other attacks.  Have you identified your risks?  Have you identified ways to mitigate those risks, enabling you to maximise your defensive spend.  Or have you just bought into an argument that says that you have a firewall and some anti-virus, you’re using a cloud provider and you’re therefore covered?  I’d welcome the opportunity to have that debate with you.

But is about defence in depth, marrying up people, process, and technology to give you the best protection you can afford.

[/et_pb_blurb][/et_pb_column][/et_pb_row][/et_pb_section]

Ransomware, Phishing and other Malware

Phishing, Ransomware and Other Malware

There are of course several things that we can do to protect ourselves, both procedurally and technically, providing defence in depth.  Protecting businesses from phishing and other malware is crucial for maintaining a secure online environment. Here are some key steps to help protect your business:

  • Employee Education: Train your employees to recognize and avoid phishing attempts. Teach them how to identify suspicious emails, links, and attachments. Encourage them to report any suspicious activity promptly.
  • Strong Passwords: Enforce the use of strong, unique passwords for all business accounts. Consider implementing two-factor authentication (2FA) for an extra layer of security.
  • Data Backups: Regularly back up all critical business data to secure, off-site locations. This ensures that even if malware or ransomware attacks occur, you can restore your data without paying a ransom.
  • Incident Response Plan: Develop a comprehensive incident response plan outlining the steps to be taken in case of a security breach. This plan should include communication protocols, containment measures, and recovery procedures.
  • Ongoing Security Awareness: Maintain a culture of security awareness within your organization. Regularly remind employees about the importance of staying vigilant and following security best practices.

Alongside these there is some other stuff that can, to a large extent, be automated in order to reduce your administrative burden and reduce support costs.

  • Regular Updates and Patches: Keep all software and operating systems up to date with the latest security patches. Regularly update antivirus and anti-malware software as well. All sounds great but what if you could reduce this requirement to a manageable level.  Manageable not only because it must be done, but also because of the disruption it can cause to your working environment.  Have a word with us.  We have an app for that!!
  • Secure Network: Implement robust network security measures, including firewalls, intrusion detection systems, and secure Wi-Fi networks. Regularly monitor and audit network activity for any anomalies. This is all good, there is still very much a place on your network for firewalls.  But what about protective monitoring?  Is that affordable?  Is it manageable?  Is protecting the network layer good enough?  Should we be looking at the application layer instead?  Have a word with us.  We have an app for that!!
  • Anti-Malware: Are you considering renewing your AV licence?  Have a word with us first.  We recommend a system which uses a Hard Disk Firewall (HDF).  All data on your systems is stored either as non-runnable data or runnable application programs.  Malware is a type of runnable program with undesirable behaviours.  HFD prevents malware infection, stopping malware program files from being stored and run on a computer.
  • Web Browsing Security and email protection: Advise employees to exercise caution when visiting websites, especially those with suspicious or unknown origins. Encourage the use of secure browsing practices, such as avoiding clicking on unfamiliar links. Deploy email filters and spam blockers to prevent malicious emails from reaching employees’ inboxes.  Protective monitoring has a play here also and we have an app for that!!

Remember, cybersecurity is an ongoing effort. Stay informed about the latest threats and continuously adapt your security measures to address emerging risks. Consider consulting with cybersecurity professionals for additional guidance tailored to your specific business needs.

Ransomware, Phishing and other Malware

Ransomware and SMEs

REvil, Wizard Spider, Grief, Ragnar, they sound like they should be in a Marvel comic.  But there’s nothing funny about these guys.  Operating in countries that do not cooperate with international law agencies and not caring who they attack, including health care organisations, Ransomware gangs are on the increase.

Ransom money in the millions has been paid by some very respectable companies, in order to recover access to their data and keep their companies going.  A quick trawl of the internet produces results that how diverse ransomware targets are.  Whilst the largest target area appears to be the US, the UK targets have included Amey, Hackney Council, Wentworth Golf and Country Club, Scottish Environment Protection Agency, UK Research and Innovation and last month, Serco.  (Source Blackfrog).The way it works remains relatively the same, regardless of the method used.  Criminal gangs hack into connected IT systems, lock access to them, and then sell a decryption key in exchange for payment in bitcoin.  They have targeted schools, hospitals (you may remember the well reported attack on the NHS a couple of years ago), councils, airports, government bodies (local and central), insurance companies, this list is far from exhaustive.

Anyone who is connected to the internet, is vulnerable to a Ransomware attack.  An emerging sweet spot though, is mid-sized companies that generate enough revenue to make them a target, but aren’t yet large enough to have dedicated cybersecurity resources on board.

Make no mistake, these hackers operate as organised gangs who compartmentalise themselves into specialties.  Some specialise in identifying compromised systems and gaining access, whilst others handle the ransom negotiations.  These hackers operate as organised gangs: some members specialise in identifying compromised systems and gaining access, while others handle the ransom negotiations. It is not uncommon for an investigation to see cryptocurrency transferred into many different cyberwallets).  These gangs to have a ‘signature’ which is often recognizable.  REvil and Psya have flair whilst Ryuk are somewhat robotic in their approach.

A worrying trend is that recently, these gangs have pivoted into extorting individuals.  If victims don’t pay, their data is dumped online, or sold on the dark web to the highest bidder, and of course, there is no way of ensuring that the data isn’t sold anyway, regardless of the victim paying up.

Of course, most people don’t have incriminating or embarrassing data on their private systems, but some do, particularly important people in the public eye for whom data release can be at least damaging, if not crippling.  According to a report from cybersecurity software firm Bitdefender, attacks increased by 485% in 2020 alone. “It’s taken off since Covid because we have more people working from home,” says Sophia, a crisis communications expert who specialises in advising companies who have been targeted by ransomware hackers. Poorly secured remote access logins are a common route in. “More of a digital environment leads to more points of entry for the attackers,” she says. “The last year and a half has been a whole new ballgame.”

So, if you are running a medium size business, or perhaps running a local organisation using your own home systems where you have personal data belonging to others which you are obliged to protect under the DPA2018/GDPR, then you are a target and you need to take some precautions against an attack of this nature.  If you want to know more please don’t hesitate to contact us for a chat.  We specialise in looking after SMEs and understand your challenges.

Ransomware, Phishing and other Malware

A little bit more about Phishing protection and awareness

Think phishing is old news? You won’t believe why it’s still the number one nightmare for CEOs and business owners. Ever find it odd that phishing, an old trick in the cyberbook, keeps CEOs awake at night? Guess what, it’s not budging from that top spot.

Here’s the deal: cyber villains always stay ahead. If you develop a shield, they craft a spear. They’re all out to make your employees act impulsively, falling into traps on all communication fronts.

Ever thought about arming your business against phishing, without the tech jargon? Let’s discuss uncomplicated, everyday measures to secure your digital turf.

  1. Training: Educating your team about phishing scams is the first step. A well-informed team can spot such scams.
  2. Double-checking: Emails from ‘official’ sources often aren’t. Encourage your team to verify before replying.
  3. Regular updates: Keep your systems and software updated, they often include security enhancements. Phishing is a persistent threat, but with the right non-technical measures, your business can uphold security. Ready to fortify your cyber defences? I’m here to help.

Questioning the efficiency of your cyber defence is valid. But to provide any assurance about your training methods we need to monitor and measure.

Explore our Protective Monitoring service. For just a tenner per user, it’s a shockingly affordable way to both test your defences and uplift your team’s cyber consciousness – all under that ten-pound note. Zilch hidden charges, and a 14-day free trial to sweeten the deal.

From simulating phishing to rooting out insider liabilities, and safeguarding email privacy to mobile security – we’ve got you covered with a whopping 28 distinct campaigns. Are you prepared to test your cyber fortitude?

These campaigns won’t help against point number 3, regular updates.  For most that will mean ensuring that regular updates on desktops, laptops, tablets etc, are switched on and can’t be switched off.  But of course, installing these updates can be a problem and users regularly try to find ways to delay it, or cancel it, because they find it an irritation.  And you are at the mercy of cloud providers and other suppliers to ensure that their systems are patched fully, and on time.  What if you were running an anti-malware system that made updates and patches, not obsolete, that would be nice, but far less urgent because it stops executable files from running, unless you have said they can.  Give us a call to discuss, it really is innovative.

Here’s a challenge for you: Take the right steps to fortify your cyber walls.

Ransomware, Phishing and other Malware

I Never Get Tired of Talking About Ransomware

Many of you outside of the legal profession might not have heard of the Ince Group and what happened to it. The 157-year old law firm collapsed into administration last year following a cyber-attack. To be fair a much bigger crisis came after it was rescued by a firm that almost no one had heard of. There are many out there much better qualified than me, to comment on its legal and accounting problems, I’ll stick to the cyber-attack.

So, what happened to Ince and is it a story of what can happen, in terms of cyber security, to pretty much anyone?

Things started to go south for Ince following a cyber-attack in March 2022, which was later revealed to have cost the company £5m.  Their share price tumbled, and they struggled to get on top of the crisis.  They went from trading at around 80p per share to are the 5p mark.  Pretty devastating for any company of any size.

What was the nature of the cyber-attack?  Well, Ince did everything they could to stop the exact nature of the attack becoming public, but it appears that it was our old friend ransomware.   In March 2022, Ince was granted an interim injunction to stop hackers from releasing confidential data on the dark web if it does not pay a ransom, following the unknown perpetrator threatening to publish the stolen data on the dark web if the firm did not pay a “substantial ransom”.

Now, I don’t know about the rest of you, but given that the perpetrators are already criminals, and are unknown criminals to boot, I’m a little confused as to how such an injunction could have any tangible effect, except to show perhaps, that Ince were taking this very seriously and were trying to prevent the release of client data.

Of course, this was an attack perpetrated on what was, at that time, a major company, publicly listed, and that supports the impression amongst many, that only such companies are targeted by cyber criminals.  Not so.

According to the NCSC, responsible for cyber security in the UK, ransomware continues to be a clear and present danger to UK companies, both at the Enterprise and SME level.  It has now become the most significant cyber threat facing the UK, with the impact of an attack on critical national infrastructure stated in the UK National Cyber Strategy 2022 as potentially as harmful as state-sponsored espionage. There remains a pervasive opinion within SME management, that ransomware only affects the big companies, that SMEs are just too small to provide a level of reward that cyber criminals are looking for.  I also said that there was evidence that when an SME gets hit, the amount asked for is quite small, from around £500 to £1000, and therefore many SMEs simply pay up.  There is of course a real danger there because often their data has already been stolen, and sometimes the criminal doesn’t release the data back to the company, leaving the SME not only out of pocket, but unable to continue with business.

How much better if you can avoid getting hit in the first place.  Here I list some ways that you could perhaps use to avoid the problem.

  1. Arguably, the biggest and most effective step an SME can take is Cyber Awareness Training for staff. It is simply a fact that 90% of data breaches are caused by human error.  It is very unlikely that an employee will do something deliberately to damage your business.  But humans are fallible and, if they haven’t had any awareness training, they simply don’t know what they shouldn’t be doing.  Cyber security awareness training remains the most significant step you can take in this regard.  You can’t expect your staff to help you avoid cyber security attacks if they don’t know what they are looking for.  Cyber security is NOT an IT issue, it’s very much a business issue and responsibility lie with everyone in the business.  Clearly this training needs to be part of an overall strategy, which again, need not be complex or onerous.  Most successful strategies follow the KISS principle – Keep It Simple Stupid.
  2. The next reasonably low-cost thing that ties in with Cyber Awareness Training and a security strategy is robust, well thought out policies and procedures, that have been rolled out across the work force and are monitored to ensure they remain relevant and that they are understood by all. Giving an employee the means to check what they should do if they suspect there is something nefarious going on, is simply giving them support, it is not there to catch them out or to use as a stick against them.  Many SMEs don’t have any such policies in place and many others have downloaded specimens from the internet, topped and tailed them and expect them to be enough, which they very rarely are.
  3. Next think about your backup strategy. Even when you are using a cloud-based provider, that doesn’t necessarily mean that your data is secure, although many providers would disagree, at least in their advertising.  How much better to have a strategy whereby your data is backed up overnight to a magnetic media storage point, which can be taken offline and stored in secure storage.  If you do that, then if you are subject to an attack and your data is locked up, you can have some or all workstations wiped and reloaded, and then have data restored from the tape, all of which would not take most SMEs offline for more than a day.  You then have a breathing space to sort everything out in the longer term.
  4. Email remains the top attack vector for many attacks, and this is one of them. There are many products on the market that will tell you that they will block as many malicious emails as possible, and many of these are very good at what they do.  For an SME, it will nearly always come down to a matter of cost and some of these products are more expensive than others.  Unfortunately, there are still a considerable number of SMEs out there, either using the cheapest anti malware product they could find, or even a free product.  You get what you pay for and if its free, you’ve got a problem.  Any product you choose to use must be mitigating an identified risk.  If a risk hasn’t been properly identified and a product selected that covers that risk off, as well as it can be covered off, then you’ve quite possibly wasted your money.

There is a product on the market from Abatis, which takes a very innovative approach to this.  Quite simply it blocks any executable not on your whitelist from running.  It takes a free 30 day evaluation for it to profile your network and build a list of executables that are in use daily by users.  So those that run your applications, email etc, and produces that list for human inspection.  Once agreed, that becomes your whitelist.  It’s extremely effective and so far, we haven’t found another product that takes this approach in blocking all forms of malware, including ransomware.

The overall message I would like to put across to all SMEs, is that you are just as vulnerable as anyone else, to this, and many other attacks.  Have you identified your risks?  Have you identified ways to mitigate those risks, enabling you to maximise your defensive spend.  Or have you just bought into an argument that says that you have a firewall and some anti-virus, you’re using a cloud provider and you’re therefore covered?  I’d welcome the opportunity to have that debate with you.

This is about defence in depth, marrying up people, process, and technology to give you the best protection you can afford.

Defend Your Business Against The Latest Cyber Threats

Please get in touch and a member of our team will be in touch with you soon to discuss your requirements.
CHAT WITH OUR TEAM
Phone

0845 5443742 / 0845 5443730

EMail

hello@hah2.co.uk

Address

57 High St
Somersham
Huntingdon
PE28 3JB

Privacy Policy
All rights reserved H2 CRAS 2023

Facebook-f Twitter Linkedin Envelope
Scroll to top