A new security vulnerability has been discovered in Citrix devices. The Canadian Centre for Cybersecurity has advised Canadian businesses to temporarily disconnect their Citrix devices from the internet. The repair patch has been rolled out as of January 19th 2020, with additional patches scheduled for January 24th. Users are advised to patch their devices as soon as possible.

The vulnerability, codenamed CVE-2019-19781, has been officially confirmed to be circulating in Canada. Exploiting the vulnerability allows for a cyberattacker to gain control of a computer without the use of valid credentials.

Products that are affected by the vulnerability include Citrix application Delivery controller, Gateway, and SD-WAN WANOP devices.

Why are Citrix Devices being targeted by Cyberattackers?

In many organizations’ networks, Citrix devices are often connected to both employee workstations as well as backend servers. Therefore, if a cyberattackers gains access to a Citrix device, they are in position to further the attack by spreading malware throughout the network. London-based cybersecurity company Positive Technologies noted that Citrix devices are often the first point of attack for many cyberattackers.

The exploits have been released publically

On January 10^th, Project Zero, a group of cybersecurity researchers, released the first Proof of Concept (PoC) of the Citrix device exploit. PoC exploits are often released to the public as non-harmful attacks meant to show vulnerabilities in software to help companies patch them. However, FireEye researchers discovered that malicious versions of the exploit were circulating shortly after the PoC was made public.

What can you do to protect yourself?

Citrix has provided a list of protective measures. You can read more about them here. However, the Canadian Centre for Cyber Security noted that these defensive measures won’t be effective for all devices. In the case that they cannot be applied to your device, they recommend that it is disconnected from the internet until a new patch is rolled out.

Our cybersecurity experts can help you find vulnerabilities in your company’s network. Don’t fall victim to cyberattack. Call us at +1 888 366 4443 or email us at info@gige.ca for more information.

With 2019 drawing to a close and 2020 almost here, we can take a look sat how the cybersecurity landscape has evolved over this past year. By far the two most prevalent topics of the year have been ransomware and data privacy.

Ransomware

By far the most relevant cybersecurity threat of 2019 was the rise of ransomware. This is strain of malware that encrypts user data behind a paywall, and demands payment for its safe release. Targets have ranged from multinational corporations to governments. Worryingly, ransomware attacks have recently become more organized, as seen in an attack in August 2019 where 22 Texan governments were simultaneously hit with ransowmare.

Data Privacy

As collecting and storing sensitive user data grows as a core requirement of many companies, so too does the risk of leaking this data to unwanted eyes. 2019 saw several enterprises falling victim to data breaches, often leading to devastating financial and legal consequences. New York’s Retrieval-Masters Creditor Bureau Inc. filed for bankruptcy due to a $3.8 million dollar data breach where its customers home addresses, SSNs, and credit card information were leaked. In another attack, Capital One Financial reported between $100 million USD to $150 million USD in damages caused by a data breach leaking customer SSNs and bank account numbers.

In 2020, ransomware will become more dangerous than ever.

A new strain of ransomware named Maze has confirmed a cyberattacker’s bluff as a real threat. In a ransomware attack, data on a victim’s computer is both encrypted and stolen by cyberattackers. Until Maze, it was not known whether cyberattackers actually had access to the stolen data. In November, Allied Universal refused to pay a ransom fee of $2.5 million USD, resulting in cyberattackers releasing 700MB of the company’s sensitive data to the public.

With the threat now confirmed, organizations must prepare for more vicious strains of ransomware in the coming year. Cybersecurity company McAfee Labs predicts that “two-stage extortion attacks” will be a major threat in 2020, where stage 1 is data encryption, and stage 2 is data theft. With 2 leverage points, cyberattackers will have more extortion power than previous attacks.

To counter the new threats coming in 2020, cybersecurity will need to improve in both preventative and restorative measures in order to fully prepare organizations for attack. Call GIGE IT Solutions at +1 888 366 4443 or info@gige.ca. With over 30 years of network security and data backup experience, we can help keep you protected against cyberattack.

The list of ransomware victims continues to grow. Florida’s Lake City and Riviera Beach City have both fallen victim to cyberattack. Both cities have been forced to pay $500 000 each to the attackers in attempts to unlock the encrypted files.

On June 5^th, the City of Riviera Beach released an official announcement stating that a “data security event” has occurred. One day later, the Lake City Police Department released a similar announcement, detailing that a ransomware attack had disabled many of the city’s systems, including email, VoIP and credit card channels.

As a result of the attacks, both governments have been thrown back to analog working environments, hand-writing bills and permits while the systems are recovered. Despite the ransom payments, there is no guarantee that the lost data will, or even can, be decrypted by the cyberattackers.

Riviera Beach released that the ransomware virus infected their systems through a malicious link in an email. Lake City, on the other hand, stated that their system was intruded after attacks on multiple fronts of their network.

What is Ransomware?

Ransomware is a type of cyberattack that encrypts data on a computer and asks for a ransom fee for an unlock key. Encryption renders ordinary data unreadable, and can only be decrypted by using the key supplied by the attackers.

This type of attack has seen a massive uptick in recent years. Since January 2016, over 4000 ransomware attacks have occurred daily, according to the U.S. Department of Homeland Security. Targets of these attacks range from households and small organizations to governments.

There are many factors that caused the widespread use of ransomware. Firstly, the rise in cryptocurrency popularity have given attackers an ideal payment channel. Recent years has seen digital currencies such as Ethereum and Bitcoin rise in both usage and value. Bitcoin, for instance, costs around CAD 14 000 as of July 3^rd 2019. Some of these currencies are designed to be difficult to track, therefore making them perfect for cyberattackers.

The unpreparedness of companies and governments to deal with ransomware attacks is another reason why this type of attack has been so successful. As demonstrated by the attacks of the Florida cities, ransomware causes significant damage to day-to-day functions. Therefore, businesses and governments are often forced to simply pay the fee to avoid compounding damage.

Don’t fall victim to ransomware. Managed IT service providers can help you design and monitor backups of your data to restore your systems in the event of an attack. GIGE IT Solutions provides customizable backup and security solutions tailored to your business goals. Call us at +1 888 366 4443 for an immediate consult.

A cryptojacking attack has forced St. Francis Xavier University to temporarily shut down its computer network systems. The university reports that the cyberattackers attempted to use the school’s computers resources to collect digital currency.

What are cryptomining and cryptojacking?

Cryptomining is the use of computer resources to collect cryptocurrencies such as bitcoin. The act of doing this is entirely legal, and many people voluntarily use their computers to do so.

However, cryptojacking is the illegal act of installing malicious software on unsuspecting victims and using their computers’ resources to cryptomine without their consent. In cryptojacking attacks, the currency earned is then sent back to the attacker.

Risks and consequences of cryptojacking attacks include the following:

• Slow-down of normal computer functioning
• Overheating of computer graphics, processor, or memory due to overuse

There are many ways that a computer can become infected with cryptojacking malware. For instance, they can be transmitted through malicious email attachments. The DDE Exploit is an example of this, and this malware is passed through an infected Microsoft Word document.

Next, cryptojacking malware can also attach itself to your computer through malicious websites. For instance, Coinhive is a cryptomalware that can enter your computer through unprotected websites. Once it infects a pc, it then uses its resources to collect the cryptocurrency called Monero.

Finally, cryptomining malware can enter your computer though compromised cloud services. A recent incident involved numerous large organizations such as Aviva and Gemalto being infected with mining software due to cloud accounts lacking password protection.

How to protect yourself:

There are any steps that you can take to protect your organization’s network against cryptomining attacks. Firstly, you can ensure that your employees are educated in spotting malicious links and files in suspicious emails. By minimizing the human error in the equation, you will be able to reduce the risk of infection. Next, ensure that your email service has antivirus and antispam installed. These software use databases of known malicious websites and automatically block potentially harmful emails.

Ensure that your organization’s computers are running up-to-date antivirus software that blocks cryptomining programs. Finally, ensure that you constantly monitor network activity in your organization. This allows for anomalies to be spotted quicker.

Don’t fall victim to cryptomining attacks. Contact GigE at 888 366 4443 to ensure that your sensitive data is backed-up and protected.

Increase in Mining Popularity

Crypto-currency mining saw a massive increase in popularity in Q4 2017 due to spikes digital currency value. During this time, the value of the “Bitcoin” currency was at an all-time-high, at nearly $20 000 per coin. Other currencies such as Monero also saw increase in value. While their financial worth has since decreased, the recent spike has encouraged many cyberattackers to develop many dangerous cyptojacker tools.

What are Cryptomining and Cryptojackers?

Cryptomining is a method of earning digital currencies such as Bitcoin by using a computer’s physical resources to verify digital transactions. In other words, by dedicating their computer’s processing power to contribute to transaction calculations, a cryptominer is compensated with digital currency.

Cryptojacking is when attackers install malware onto a computer to forcibly use its resources to cryptomine while gaining all the earned currency for themselves. While this malicious technology has been present ever since the advent of cryptocurrencies, their value has never been high enough to attract widespread attention of attackers until late last year. In their 2018 Cyberthreat report, Mcafee stressed the appeal of cryptojacking for cyberattackers, citing that it is a relatively simple and low-risk method of attack. Therefore, it is now imperative that organizations become aware of the risks and symptoms of cryptojacking attacks on their systems.

The Effects of Cryptomining Malware

Because cryptojacking malware relies on remaining in the victims’ computer to continually use their resources for cryptomining, they are inherently designed to avoid detection. Therefore, it is difficult to immediately identify when a system is infected with this type of malware. However, due to the fact that it forcibly uses the computers’ resources, common symptoms include computer slowdowns, overheating leading to hardware damage, and decreased battery life.

Therefore, while the impacts of cryptojacking are not as immediate as data-stealing Trojans or Ransomware, their effects can be devastating in the long-term. If hardware damage or software corruption occurs due to overuse of the system’s resources, time and financial resources will need to be wasted to repair and restore the affected systems.

How is cryptojacking malware spread?

Like any other form of malware, cryptojacking software can be spread in a variety of ways. For instance, a computer can be infected via Social Engineering. This is the manipulation of victims to trick them into installing malware or giving away sensitive information. An instance of this is if an individual receives a fake advertisement for a career opportunity. By clicking on this malicious link, the malware is then allowed to infect the individual’s computer.

Another strategy is using websites with high traffic to distribute malware. In cryptomining, a specific malware called “Coinhive” infects victims’ computers and turns them into cryptomining tools.

Thirdly, attackers in recent times have abused an exploit called “EternalBlue” in order to install malware onto vulnerable systems. This was the case in May 2017 when the ransomware Wannacry infected thousands of computers due to organizations neglecting an essential Microsoft update in the prior month.

Attackers are also constantly in search of unprotected credentials to exploit. For instance, the cloud computing resources of Tesla and Aviva were both victims of cryptojacking due to unprotected sectors of their Kubernotes platforms.

Finally, attackers can infect computers into a botnet, and then use them as cryptominers for their own gain. For more information on the dangers and symptoms of Botnets, check out our previous blog titled “How to Protect Yourself Against Botnet Malware”.

At GigE, our experts can help your organization protect itself against cryptomining malware. Contact us today at +1 (888) 366-4443 to get started today.

Increase in Mining Popularity

Crypto-currency mining saw a massive increase in popularity in Q4 2017 due to spikes digital currency value. During this time, the value of the “Bitcoin” currency was at an all-time-high, at nearly $20 000 per coin. Other currencies such as Monero also saw increase in value. While their financial worth has since decreased, the recent spike has encouraged many cyberattackers to develop many dangerous cryptojacker tools.

What are Cryptomining and Cryptojacker Attacks?

Cryptomining is a method of earning digital currencies such as Bitcoin by using a computer’s physical resources to verify digital transactions. In other words, by dedicating their computer’s processing power to contribute to transaction calculations, a cryptominer is compensated with digital currency.

Cryptojacking is when a cryptojacker installs malware onto a computer to forcibly use its resources to cryptomine while gaining all the earned currency for themselves. While this malicious technology has been present ever since the advent of cryptocurrencies, their value has never been high enough to attract widespread attention of attackers until late last year. In their 2018 Cyberthreat report, Mcafee stressed the appeal of cryptojacking for a cryptojcaker, citing that it is a relatively simple and low-risk method of attack. Therefore, it is now imperative that organizations become aware of the risks and symptoms of cryptojacking attacks on their systems.

The Effects of Cryptojacker Malware

Because cryptojacking malware relies on remaining in the victims’ computer to continually use their resources for cryptomining, they are inherently designed to avoid detection. Therefore, it is difficult to immediately identify when a system is infected with this type of malware. However, due to the fact that it forcibly uses the computers’ resources, common symptoms include computer slowdowns, overheating leading to hardware damage, and decreased battery life.

Therefore, while the impacts of cryptojacking are not as immediate as data-stealing Trojans or Ransomware, their effects can be devastating in the long-term. If hardware damage or software corruption occurs due to overuse of the system’s resources, time and financial resources will need to be wasted to repair and restore the affected systems.

How is cryptojacker malware spread?

Like any other form of malware, cryptojacking software can be spread in a variety of ways. For instance, a computer can be infected via Social Engineering. This is the manipulation of victims to trick them into installing malware or giving away sensitive information. An instance of this is if an individual receives a fake advertisement for a career opportunity. By clicking on this malicious link, the malware is then allowed to infect the individual’s computer.

Another strategy is using websites with high traffic to distribute malware. In cryptomining, a specific malware called “Coinhive” infects victims’ computers and turns them into cryptomining tools.

Thirdly, attackers in recent times have abused an exploit called “EternalBlue” in order to install malware onto vulnerable systems. This was the case in May 2017 when the ransomware Wannacry infected thousands of computers due to organizations neglecting an essential Microsoft update in the prior month.

Attackers are also constantly in search of unprotected credentials to exploit. For instance, the cloud computing resources of Tesla and Aviva were both victims of cryptojacking due to unprotected sectors of their Kubernotes platforms.

Finally, a cryptojacker can infect computers into a botnet, and then use them as cryptominers for their own gain. For more information on the dangers and symptoms of Botnets, check out our previous blog titled “How to Protect Yourself Against Botnet Malware”.

At GigE, our experts can help your organization protect itself against cryptomining malware. Contact us today at +1 (888) 366-4443 to get started today.