A prime example of a cloud application is Microsoft’s Office 365 suite. It brings the well-known Office applications such as Word and Excel and makes it easier for teams to collaborate, share files, and use video calls for communication over the internet. While these tools have been available for years, COVID-19 has brought them into the spotlight, as they have become invaluable assets for companies to maintain their workflows. Some other cloud based tools include Zoom and Slack.

In a recent study conducted by cybersecurity company McAfee on cloud application usage rates, it was found that between January and April of this year, the usage of cloud based tools increased by 50%. It was also discovered that cyberattacks targeting these cloud applications increased by a factor of 630%.

In their study,  these cyberattacks were identified using two main methods. The first method, ‘activity from an uknown location’, flags suspicious log in attempts made on an account in a location that is unusual, based on historical log in data. The second method, ‘suspicious superhuman’, detects login attempts that would be geographically impossible. An example of this would be two logins attempts from across the globe within 5 minutes of each other.

What are their methods of intrusion?

One of the most common methods of infiltrating cloud based accounts is by using “spraying attacks”. This is a type of brute-force attack that attempts to guess a user’s password based on commonly used passwords, and a common habit for users to reuse passwords across services.

The most effective method of protecting yourself from spraying attacks is by enabling multifactor authentication. This makes sure that external cyberattackers cannot get into your cloud accounts. An account protected by MFA cannot be accessed by someone who does not have access to both the credentials and the external device or mailbox associated with the account.

Don’t let your cloud accounts be compromised. Protect yourself by calling GIGE at +1 888 366 4443 or emailing us at info@gige.ca to get started.

The post Increase in Cyberattacks Targeting Cloud Applications appeared first on GIGE IT Solutions: IT Services Mississauga.

The dark web is a network of underground sites that are known for trading illegal goods and services. It has recently been found that illegal RDP accesses to corporate networks can be found on sale on sites within this network. Prices ranged between USD$10 to USD$100 000 depending on the size of  the company. These illegal connections are often being sold by cyberattackers that have managed to hack into insecure or misconfigured RDP connections.

A buyer of these illegal connections can then utilize it to gain access to an organization’s network, using the infiltration to carry out further cybrattacks. Once a malicious actor gains access to a corporate network, they can launch a variety of malicious attacks on the victim. This can range from implanting malicious software such as data stealing trojans, or installing ransomware to extort money out of their victims.

Best practices to employ when protecting your Remote Connections

Make sure that RDP is only available while your employees are connected to the corporate VPN. This adds an extra layer of security when individuals are trying to connect and remotely control your organization’s computers. Furthermore, employ multifactor authentication on your employee accounts to ensure that malicious individuals who gains access to an employee’s login credentials cannot gain access to the system.

Next, an essential aspect to securing VPN connections is setting up clear policies for employees to connect into the network. Set up clear guidelines for supported operating systems and antivirus software that is up-to-date. Individuals who try to set up connections while on vulnerable machines that are not updated can pose security risks to your organization’s network, as these insecure connections become security vulnerabilities that can be exploited by cyberattackers.

Don’t let insecure RDP and VPN connections cause your organization to be vulnerable. Call GIGE at +1 888 366 4443 or send us an email at info@gige.ca. Our team of network experts will identify and rectify vulnerable areas in your current remote workforce set up.

The post Securing your Organization’s Network amid COVID-19 appeared first on GIGE IT Solutions: IT Services Mississauga.

Remote Desktop Connections, or Remote Desktop Protocol (RDP) is a Microsoft proprietary feature that allows for one computer to remotely control another computer over the internet. It is a useful feature for IT administrators who need to diagnose and troubleshoot issues remotely. However, a unsecured or misconfigured RDP connection can be a severe security vulnerability for an organization’s network.

Cybersecurity company McAfee has stated that the increase in work-at-home caused by COVID-19 has caused many organizations to rely on RDP connections for their employees to connect remotely to their company network. McAfee also discovered that the number of insecure RDP connections has increased to 4.5 million from 3 million in January of this year. RDP Threats such as  BlueKeep (CVE-2019-0708) are particularly dangerous due to their ability to worm, which allows them to spread malware across a network after initial infiltration, without any additional input from a victim.

VPN Vulnerabilities

Vulnerabilities in Virtual Private Network (VPN) devices are also critical points that need attention when protecting your organization’s network. Known flaws in VPN devices from Puse Secure and Citrix are still relevant today due to unpatched systems running out-of-date firmware. Some threats of note include CVE-2019-19781, which allows for a cyberattacker to hijack a Citrix VPN device to execute arbitrary code, and CVE-2019-11510, which allows attackers to gain access to passwords and other sensitive information in Pulse Secure devices.

Office 365 Vulnerabilities

In light of COVID-19, many organizations have migrated to using cloud based platforms like Office 365 for centralized collaboration and communication. However, Office 365 environments have some vulnerabilities that are important to address for a secure network. Firstly, multifactor authentication is not automatically activated on administrator accounts. This means that cyberattackers that brute force a username and password can gain full access to the administrative portal.

Don’t fall victim to cyberattack. GIGE IT Solutions can help you configure and maintain your RDP and VPN connections to ensure that your organization’s network is never left unprotected. During COVID-19, GIGE is offering a promotion to resolve your technical issues at $95 flat, no contract and no assessment. There will be no charge unless your issue is resolved. You can get started here.

The post Covid 19 Has Increased Exploitation Of These Vulnerabilities appeared first on GIGE IT Solutions: IT Services Mississauga.

It was discovered that APTs, or Advanced Persisted Threat groups, pose the greatest cyberthreat to these organizations. APTs are nation or state sponsored groups that aim to infiltrate into computer networks and remain undetected with malicious intent.

Why are these organizations being targeted?

These organizations often collect sensitive information including personal names and medical history in their efforts against Covid-19. The goal of many of these cyberattacks is to gain access to this sensitive information. Using APTs to gain access to this information is beneficial to their own research.

There are several vulnerabilities that are being exploited by APTs to gain access to these organizations’ networks. Firstly, the security hole named CVE-2019-19781 allows for cyberattackers to gain access to sensitive information and execute arbitrary code through a Citrix device.

Next, several vulnerabilities in VPN products from Fortinet, Pulse Secure, and Palo Alto are still relevant today despite having been patched last year. This is because a device that has not had the latest security update applied would still be vulnerable to these known security flaws. Some of these security holes include CVE-2018-13382, which allows a malicious actor to edit a VPN password without authentication, and CVE-2018-13380, which allows cross-site scripting.

Finally, malciious actors are using a strategy called “Password Spraying” to try to infiltrate Covid-19 response organizations. In this type of attack, cyberattackers attempt to guess a user’s password through trial-and-error of the most  commonly used passwords, similarly to brute force attacks.

GIGE IT Solutions ensures that your organization is protected against malicious attacks from cybercriminals. Don’t leave your network open to attack – call us at +1 888 366 4443 or info@gige.ca for a consultation on the best ways to protect yourself today.

The post Cyberattackers Are Targeting Organizations Aiding In Covid-19 Response appeared first on GIGE IT Solutions: IT Services Mississauga.

What are steps that you can take to protect yourself?

It is essential to keep your organization’s patch management up-to-date. Vulnerabilities such as CVE-2019-11510 exploit networks that do not have the latest patches on their devices. By keeping your devices patched, you ensure that you are protected from all the known vulnerabilities that have already been repaired by software developers.

Constantly monitor your devices for suspicious activity and logins. In the event that a device is compromised, time is a critical element in minimizing the damage that the attack can cause. If an incident is identified early, damage can be mitigated segmenting off your network and then identifying the extent of the breach. This can reduce the effectiveness of worm-capable malware, which can quickly spread over a company’s network after initial infection without any input from the victim.

Enable multifactor authentication on your devices. With the increase in VPNs and Remote access, it is essential that you keep your company accounts safe from unauthorized actors. By enabling MFA, you ensure that even if a cyberattacker has your credentials, they cannot access your account without access to your secondary device or your email.

Don’t fall victim to network cybersecurity attacks during this time. Contact us today at +1 888 366 4443 or email us at info@gige.ca to get started with GIGE’s network experts today.

The post Network Hacks Increase With Work-from-Home Adoption appeared first on GIGE IT Solutions: IT Services Mississauga.

The data breach was the result of unauthorized access to Cathay Pacific’s servers that dated back to October of 2018.  In a statement on the breach, Cathay Pacific stated that it would like to “sincerely apologize for this incident”.

The UK’s Information Commissioner’s Office discovered that the  data breach had resulted in the records between October 2014 and May 2018 to be leaked.

This incident illustrates the importance of applying security patches to protect organization server. Cathay stated that it suspects the data breach occurred due to a known security vulnerability being exploited by cyberattackers. In its investigation, the UK Information Commissioner discovered that the company did not apply the security update fixing the patch, which was released over a decade prior to the attack. The vulnerability, which was not publically named, was in fact discovered in February 2007. It is known that attackers exploiting this vulnerability does not need technical skills and is able to get administrative access to a victim’s computer. Cathay pacific admitted that its regular vulnerability scans, which are used to detect potential security flaws in the company’s network, was not able to detect the vulnerability for over 10 years. It was discovered that one of the systems that was compromised had 16 security updates that were pending.

Another reason that the Cathay Pacific data breach occurred was that one if its servers was running an operating system that was no longer supported by its developer. Operating systems (O.S.), like many other software, requires constant updates to repair new security vulnerabilities that are discovered. After an operating system becomes end-of-life, however, the developer no longer releases software updates for it, leaving computers still running the operating system vulnerable to cyberattack. The most recent instance of this occurring is the Windows 7 End of life, which occurred on January 14^th of 2020. You can read more about operating system patches in our article here.

It is clear from the Cathay Pacific data breach that proper patch management is an important facet of keeping your organization’s IT safe from cyberattack. GIGE IT solutions’ network experts help you organization identify vulnerabilities in your organizations’ network. We audit and provide consultation and remediation strategies to help you stay protected from data leaks and cyberattacks.

The post Lessons Learned From The Cathay Pacific Data Breach appeared first on GIGE IT Solutions: IT Services Mississauga.

Information that was leaked to the public included customer addresses, phone numbers, birthdays, and email addresses. The information was posted publicly on a hacking forum.

In the post-leak security audit, MGM discovered that the breach was caused by an unauthorized individual gaining access to one of the company’s cloud servers in the summer of 2019.

In a statement, MGM assured the public that credit card information or password data was leaked in the incident.

Best practices if your personal data has been leaked

In today’s information environment, it is almost impossible to avoid becoming the victim of data leaks such as the above incident. However, what are some damage mitigations steps that you can take if you are notified that your data has been exposed?

Monitor your accounts diligently

Constantly monitor your inboxes, as companies will often notify account holders of suspicious logins from unfamiliar locations. If you receive an email that your account has been accessed from an unfamiliar location or device, change your credentials and log out of all other locations immediately.

Using 2 factor authentication

If your password was among information that was leaked, it is important to update any other accounts that share the same password. As an additional security measure, it is also best practice to enable 2 factor authentication on your accounts, as they will prevent a cyberattacker from entering your account even if they are in possession of your login credentials. To read more about 2 factor authentication and password management, read our article here.

Don’t let your business fall victim to data leaks. Call GIGE IT Solutions at +1 888 366 4443 for a consultation on weak points in your organization’s network infrastructure. Get started with us today.

The post 10.6 Million Customer Records Leaked by MGM Resorts appeared first on GIGE IT Solutions: IT Services Mississauga.

SSH, or Secure Shell, is a method used to establish a secure login between two systems. It is widely used across many operating systems. Using an SSH key, an IT administrators can gain access to servers and computers. Because SSH keys do not expire, and unauthorized individual in possession of and SSH key to a server can be a cyberscurity risk, as they would be able to gain access to the organization.

SSH malware is now widely available

Previously, SSH backdoor malware was only used by highly organized cyberattacker threats. However, in recent times it has been observed more widely in the wild. SSH key backdoor malware is now available to anybody who browses the dark web.

Oftentimes, such as in the case of malware strains such as Trickbot and CryptoSink, cyberattackers abuse known vulnerabilities in operating systems or software in order to gain a foothold in a company’s infrastructure. An example of this is CVE-2014-3120, an exploit that allowed cyberattackers to run arbitrary code on a victim’s system.

New vulnerabiltiies such as CVE-2014-3120 are constantly being discovered and repaired by software engineers and cyber security professionals. It is essential that you patch your computers to the latest software to keep them protected from such vulnerabilities.

Monitoring and updating outdated SSH keys is also another effective method in preventing cyberattack By doing so, cyberattackers would not be able to create malicious SSH keys to gain access to your organization’s systems. Furthermore, like defending against all types of cyberattacks, time is an important resource. The faster that your IT management can catch the vulnerability, the less damage that a cyberattacker can do.

Don’t fall victim to SSH backdoor malware. GIGE’s cybersecurity experts have over 30 years of experience in auditing and protecting organizations’ networks. We can help your organization identify and rectify vulnerabilities in your network. Call +1 888 366 4443 or email us at info@gige.ca to get started with us today.

The post SSH Key Malware Is Spreading appeared first on GIGE IT Solutions: IT Services Mississauga.

Artificial intelligence is the field of computer development concerned with simulating human problem solving and cumulative learning in computers. Systems with artificial intelligence get progressively better at doing tasks that they are designed to do, without the need for humans to ‘hard program’ new techniques or strategies for them.

There are many advantages to artificial intelligence in computing. For example, as AI develops, it will be increasingly useful to the medical industry, detecting and diagnosing cancers and other diseases with more accuracy and less bias than human doctors. Robots with artificial intelligence can also be useful for tasks such as exploring hazardous areas.

Identity impersonation for phishing attacks

One of the major uses of AI in cyberattack is for spearphishing attempts. Spearphishing is a highly targeted type of phishing attack that relies on researching a company to create highly tailored ‘fake’ emails to trick victims into providing sensitive credentials or information. An example of a spear phishing attempt would be a fake email from the CEO of a company to an employee asking for credentials to an account.

With AI, spearphishing emails can be made even more difficult to detect. AI can use machine learning to learn patterns of speech of a specific individual through social media and email communications. Using this, they are able to imitate their writing style almost identically.

Automating large scale cyberattacks

One of the limiting factors in today’s world of cyberattack is the time investment that cyberattackers need to plan and execute cyberattacks. This limitation has already been reduced by cyberattackers using automatic processes to detect vulnerable computers via internet scans and automatically infecting them with malware. However, by using AI, these automated cyberattacks become even more of an immediate threat, and can constantly adapt and change their strategy without any input from the cyberattacker who released it into the wild.

The post How Will Artificial Intelligence (AI) Change Cybersecurity? appeared first on GIGE IT Solutions: IT Services Mississauga.

The ransomware malware strain, called “Clop ransomware”, encrypted 267 of the university’s Windows servers, including backups. The University’s full infrastructure consists of 1647 servers running either Linux or Windows, and 7307 workstations. The university reported that it has several network security measures in place including firewalls, antivirus, and spam filters, but that the ransomware was able to bypass these measures through two phishing emails on October 15^th and 16^th 2019.

The university stated that despite the IT department constantly receiving alerts on security threats, there is still a need for more education on avoiding phishing techniques to help alleviate the constant pressure of cyberattack. For tips on how to detect phishing emails, read our article on the topic here.

Nick Bos, VP of Maastricht university, discussed the decision to pay the ransom to the attackers. He stated that while the University does not ethically stand by the act of succumbing to ransomware extortion, it ultimately made the decision to pay the ransom due minimize the damage that the attack would have on its students’ education, staff, and researchers.

What can we learn from this attack?

1. Phishing attacks are as prevalent as ever, and can lead to significant financial damage to an organization. Any organization’s firewall is only as strong as its weakest link. As shown in the Clop Ransomware attack, even a network that is protected by antivirus and spam filter software can be penetrated if a malicious link is accidentally clicked on by an employee. Therefore, employee education on common phishing methods and signs to look out for should still be a top priority for your organization’s cybersecurity strategy.
2. Following the attack, Maastricht University employed Fox-IT to conduct an independent investigation on the incident. In their audit, Fox-IT discovered that the malware was able to leverage a server that was missing critical patches that fixed known vulnerabilities. Exploiting this single security hole allowed the attackers to spread the malware to 267 Windows servers. This highlights the importance of keeping your organization’s server OS up-to-date.

GIGE IT Solutions can keep your organization protected from ransomware. We manage all your servers and workstations to ensure that they are always up-to-date and protected from malware such as ransomware. Call us at +1 888 366 4443 or email us at info@gige.ca to get started.

The post Maastricht University Hit By Clop Ransomware, Pays $220 000 USD for Decryption appeared first on GIGE IT Solutions: IT Services Mississauga.