IT infrastructure | GIGE IT Solutions: IT Services Mississauga

Cyberattackers Are Targeting Organizations Aiding In Covid-19 Response

gigE — Thu, 07 May 2020 20:51:25 +0000

It has recently been discovered that cyberattacker threats are targeting organizations involved in the global Covid-19 response, according to the UK’s National Cybersecurity Centre and US’ Cybersecurity and Infrastructure Security Agency. Industries that are being targeted include healthcare, academic institutions, medical organizations, and pharmaceuticals.

It was discovered that APTs, or Advanced Persisted Threat groups, pose the greatest cyberthreat to these organizations. APTs are nation or state sponsored groups that aim to infiltrate into computer networks and remain undetected with malicious intent.

Why are these organizations being targeted?

These organizations often collect sensitive information including personal names and medical history in their efforts against Covid-19. The goal of many of these cyberattacks is to gain access to this sensitive information. Using APTs to gain access to this information is beneficial to their own research.

There are several vulnerabilities that are being exploited by APTs to gain access to these organizations’ networks. Firstly, the security hole named CVE-2019-19781 allows for cyberattackers to gain access to sensitive information and execute arbitrary code through a Citrix device.

Next, several vulnerabilities in VPN products from Fortinet, Pulse Secure, and Palo Alto are still relevant today despite having been patched last year. This is because a device that has not had the latest security update applied would still be vulnerable to these known security flaws. Some of these security holes include CVE-2018-13382, which allows a malicious actor to edit a VPN password without authentication, and CVE-2018-13380, which allows cross-site scripting.

Finally, malciious actors are using a strategy called “Password Spraying” to try to infiltrate Covid-19 response organizations. In this type of attack, cyberattackers attempt to guess a user’s password through trial-and-error of the most commonly used passwords, similarly to brute force attacks.

GIGE IT Solutions ensures that your organization is protected against malicious attacks from cybercriminals. Don’t leave your network open to attack – call us at +1 888 366 4443 or info@gige.ca for a consultation on the best ways to protect yourself today.

The post Cyberattackers Are Targeting Organizations Aiding In Covid-19 Response first appeared on GIGE IT Solutions: IT Services Mississauga.

The post Cyberattackers Are Targeting Organizations Aiding In Covid-19 Response appeared first on GIGE IT Solutions: IT Services Mississauga.

Lessons Learned From The Cathay Pacific Data Breach

gigE — Tue, 10 Mar 2020 20:15:09 +0000

Hong Kong airline company Cathay Pacific was fined 500 000 pounds by the UK Information Commissioner’s office due to a data leak where 9.4 million user records were leaked. Of the affected individuals, over 100 000 were from the UK.

The data breach was the result of unauthorized access to Cathay Pacific’s servers that dated back to October of 2018. In a statement on the breach, Cathay Pacific stated that it would like to “sincerely apologize for this incident”.

The UK’s Information Commissioner’s Office discovered that the data breach had resulted in the records between October 2014 and May 2018 to be leaked.

This incident illustrates the importance of applying security patches to protect organization server. Cathay stated that it suspects the data breach occurred due to a known security vulnerability being exploited by cyberattackers. In its investigation, the UK Information Commissioner discovered that the company did not apply the security update fixing the patch, which was released over a decade prior to the attack. The vulnerability, which was not publically named, was in fact discovered in February 2007. It is known that attackers exploiting this vulnerability does not need technical skills and is able to get administrative access to a victim’s computer. Cathay pacific admitted that its regular vulnerability scans, which are used to detect potential security flaws in the company’s network, was not able to detect the vulnerability for over 10 years. It was discovered that one of the systems that was compromised had 16 security updates that were pending.

Another reason that the Cathay Pacific data breach occurred was that one if its servers was running an operating system that was no longer supported by its developer. Operating systems (O.S.), like many other software, requires constant updates to repair new security vulnerabilities that are discovered. After an operating system becomes end-of-life, however, the developer no longer releases software updates for it, leaving computers still running the operating system vulnerable to cyberattack. The most recent instance of this occurring is the Windows 7 End of life, which occurred on January 14^th of 2020. You can read more about operating system patches in our article here.

It is clear from the Cathay Pacific data breach that proper patch management is an important facet of keeping your organization’s IT safe from cyberattack. GIGE IT solutions’ network experts help you organization identify vulnerabilities in your organizations’ network. We audit and provide consultation and remediation strategies to help you stay protected from data leaks and cyberattacks.

The post Lessons Learned From The Cathay Pacific Data Breach first appeared on GIGE IT Solutions: IT Services Mississauga.

The post Lessons Learned From The Cathay Pacific Data Breach appeared first on GIGE IT Solutions: IT Services Mississauga.

Travelex falls victim to “Sodinokibi” Ransomware

gigE — Thu, 16 Jan 2020 18:12:45 +0000

The list of ransomware victims continues to grow. On New Year’s Eve 2020, Travelex, an international foreign exchange company, disclosed that it was struck by the “Sodinokibi” ransomware strain. Also known as REvil, Sodinokibi ransomware prevents users from accessing their computer data by encrypting it behind a ransomwall. The ransom demand for Travelex was $6M USD. They also stated that failure to pay the payment within 2 days will result in double the ransom demand.

In an effort to mitigate the spread of the ransomware, Travelex immediately disconnect infected computers from its company network.

The cyberattackers revealed to BBC that it had actually infiltrated Travelex’s network 6 months prior, and had been able to steal over 5 GB of customer data. According to the group, they have got access to customer information including birthdays and credit card information. This has been a common strategy of newer ransomware strains. Releasing the stolen data is used as a second point of leverage to extort money out of victims.

Cyberthreat intelligence company Bad Packets stated that it had notified Travelex of 7 security vulnerabilities present in their systems in September 2019. The vulnerability was caused by a security flaw in the Pulse Secure Virtual Private Network. According to Bad Packets, the vulnerability was actually patched April of that year, but that Travelex had failed to update its systems to the newest software version, leaving them vulnerable to attack.

The vulnerabilities present in the Pulse Secure VPN were widely known in the second half of 2019. In August of that year, the Canadian Center for Cyber Security urged for Canadian businesses to update their software to the latest versions to protect against attack. In October, the US National Security Agency, and the UK National Cyber Security Center issued similar warnings.

What does the vulnerability allow cyberattackers to do to unprotected systems?

Cybersecurity researcher Kevin Beaumont stated that the VPN vulnerability, also called CVE-2019-11510, allowed for attackers to remotely gain control of unprotected systems even without the use of the user credentials of the computer.

As illustrated by the Travelex, keeping computers up-to-date with current software updates to protect against cyberattack.

The post Travelex falls victim to “Sodinokibi” Ransomware first appeared on GIGE IT Solutions: IT Services Mississauga.

The post Travelex falls victim to “Sodinokibi” Ransomware appeared first on GIGE IT Solutions: IT Services Mississauga.

Ransomware Attack Temporarily Shuts Down The Heritage Company

gigE — Fri, 10 Jan 2020 17:03:43 +0000

The Heritage Company has temporarily shut down its operations due to a ransomware attack. In December of last year, CEO Sandra Franecke announced to the company’s 300 employees that the company had not fully restored its systems following a ransomware attack that October. As a result of the attack, the company would be temporarily suspending all its functions. In a statement to the company’s employees, she stated that “we do not prevent you from searching for other employment”.

What is data encryption?

Ransomware attacks are a type of cyberattack that encrypts data on a victim’s computer, demanding ransom payment for its release. Encryption is the act of scrambling data into a format that cannot be read unless it is decrypted using a digital key.

Unfortunately the Heritage Company has not been the only ransomware victim in recent times. Over the past year, ransomware has become increasingly common among small sized businesses. In August of 2019, Wood Ranch Medical, a medical clinic located in California, announced that it was a victim of a ransomware attack. The attack had a widespread impact on the company’s IT infrastructure including its servers and backups, where personal client information was stored. On December 17^th 2019, the clinic closed as a result of the damages, stating that the records that were encrypted were lost and could not be recovered.

Ransomware attacks are now targeting backup systems

Ransomware attacks rely on the leverage of releasing encrypted data to extort money from victims. Therefore, if the victims have up-to-date backups of all the sensitive information, it eliminates the pressure point that attackers use. Knowing this, ransomware attacks have started to target the backup systems of victims as well, as illustrated by Wood Ranch Medical. In particular, since mid 2019, data backup manufacturers began warning customers that ransomware attackers were now targeting Network Attached Storage (NAS) devices.

Does paying the ransom fee guarantee safe release?

There have been many instances where encrypted data has not been released even after ransom has been paid. These strains of ransomware, called wipers, are designed to simply destroy the data. An example of a wiper ransomware is “NotPetya”. However, because the victim has no way of guaranteeing that the data cannot be restored, ransom payment is still the only option in many attacks.

Learn more about NotPetya and other ransomware strains by calling us today at 888 366 4443 or emailing us at info@gige.ca

The post Ransomware Attack Temporarily Shuts Down The Heritage Company first appeared on GIGE IT Solutions: IT Services Mississauga.

The post Ransomware Attack Temporarily Shuts Down The Heritage Company appeared first on GIGE IT Solutions: IT Services Mississauga.

Microsoft Urges Users To Patch Windows To Defend Against BlueKeep Exploits

gigE — Thu, 14 Nov 2019 20:41:14 +0000

To protect yourself from ongoing BlueKeep exploit attacks, Microsoft urges users with systems running Windows 7, Windows Server 2008, and Windows Server 2008 R2 to update their operating systems.

BlueKeep is a vulnerability with the ‘worm’ capability. This means that the malware can spread itself to other vulnerable computers on the network without additional input from the victim, making this type of malware particularly dangerous.

An example of the ‘worm’ malware is WannaCry, which was able to globally infect over 100 000 computers within a 24 hour period in 2017 due to its worm capability.

Ongoing BlueKeep Exploits

To detect malware on the internet, Cybersecurity professionals often set up ‘honeypots’ – decoy computers that are designed to study cyberattack methods by baiting attackers into infecting them with malware.

On October 23d, cybersecurity researcher Kevin Beaumond noticed that honeypots that he had set up around the world were crashing and rebooting themselves with increasing regularity. Hutchins, another cybersecurity researcher, confirmed that the reboots were caused by the BlueKeep exploit.

Upon further investigation, Hutchins also discovered that the BlueKeep exploit that was detected had the goal of installing a cryptomining malware on infected PCs. You can learn more about cryptomining in our article here.

What are steps that you can take to protect yourself?

Keep your system Updated

The most effective way of protecting yourself from BlueKeep exploits is by keeping your PC up-to-date. Security engineers are constantly detecting repairing security vulnerabilities in their software. It is essential that you download security patches from your software manufacturers in order to protect yourself from publicly known dangers.

Disable RDP

Remote Desktop Protocol (RDP) is a Windows feature that allows for a computer to remotely connect and control another PC. It is useful for IT management and remote troubleshooting, but can also be a security liability. BlueKeep exploits RDP in order to infiltrate PCs, so it is important to keep this feature turned off to protect yourself.

Don’t fall victim to cyberattack. We can help you protect your company from cyberattacks such as the BlueKeep. Call us at +1 888 366 4443 or email us at info@gige.ca to get started immediately.

The post Microsoft Urges Users To Patch Windows To Defend Against BlueKeep Exploits first appeared on GIGE IT Solutions: IT Services Mississauga.

The post Microsoft Urges Users To Patch Windows To Defend Against BlueKeep Exploits appeared first on GIGE IT Solutions: IT Services Mississauga.

3rd Party Programs: Are They Cybersecurity Weakpoints?

gigE — Thu, 12 Sep 2019 15:02:40 +0000

Almost 400 dental offices were infected with ransomware in a cyberattack this August. The computers became infected after DDS Safe, a 3^rd party cloud backup software that all the affected offices were using, was compromised. The software was developed by Dental Technology Company PerCSoft.

Affected offices had their computer files encrypted behind ransomwalls. On August 26^th, the Wisconsin Dental Association noted that the 400 offices were unable to access their client files due to the attack.

A ransomware attack typically locks files behind walls, demanding ransoms to be paid for its safe release.

A few days after the incident, PerCSoft began distributing decryption keys on its Facebook page. They did not state whether ransom was paid to the attackers, nor did they release details on how they acquired the keys. A few of the dental offices that used the keys noted that only some of the lost data was unlocked.

As with other malware categories, there are many strains of ransomware. It is believed that the strain responsible for this attack was Sodinokibi, also known as REvil or Sodin. This particular type of ransomware was first discovered by cybersecurity research group Cisco Talos in April 2019.

This is not the first incident caused by Sodinokibi. On August 16^th, 22 local Texan governments were hit simultaneously by the first highly co-ordinated ransomware attack. It is believed that Sodinokibi was also responsible for that attack.

How can you defend your data from 3^rd party compromise cyberattacks?

As shown by DDS Safe, a software specifically engineered to keep off-site backups of sensitive data, keeping online backups is not enough to be an air-tight protection against ransomware. Instead, it is important to keep sensitive data in an offline storage location that is completely disconnected from the internet. If an up-to-date backup of critical data is always available, ransom demands can be ignored without consequence.

Second, it is important to keep all software and your operating system up-to-date. Cyberattackers and cybersecurity engineers are constantly battling to discover and patch new vulnerabilities. Oftentimes, publicly-known and fixed bugs are the cause of infection due to victims neglecting to update their software.

Finally, practicing network segmentation can help your protect computers by preventing the spread of malware across your network. By keeping important computers disconnected, malware with worm capabilities will not be able to access them if other PCs are infected.

GIGE Corporations’ IT technicians have years of designing and deploying cybersecurity measures to help protect companies from cyberattack. You can get a consultation today by e-mailing info@gige.ca or calling us at 888 366 4443.

The post 3rd Party Programs: Are They Cybersecurity Weakpoints? first appeared on GIGE IT Solutions: IT Services Mississauga.

The post 3rd Party Programs: Are They Cybersecurity Weakpoints? appeared first on GIGE IT Solutions: IT Services Mississauga.

22 Governments in Texas Hit By First Coordinated Ransomware Attack

gigE — Wed, 28 Aug 2019 19:11:23 +0000

On August 16^th, the Texas Department of Information Resources (DIR) stated that 22 local Texan governments were simultaneously hit by coordinated ransomware attacks. They also stated that most of the victims were small-sized local governments.

While government-targeted ransomware attacks are not new, this is the first incident of this scale and level of coordination. According to the Texas DIR, a single attacker was behind all of the attacks.

The city of Keene was one of the 22 cities that were affected. Mayor Gary Heinrich stated that the cyberattacker demanded a total ransom amount of $2.5 million. According to Heinrich, many of the compromised cities had IT software that was externally managed by a third party organization.

What is a ransomware attack?

Ransomware is a type of malicious software cyberattack where sensitive data on a victim’s computer is encrypted by an attacker, who demands a ransom to be paid for decryption.

Ransomware attacks have become more prevalent in recent years. Just last month, Florida’s Lake City and Riviera Beach City were both hit by ransomware attacks costing the cities $500 000 each. In September of last year, the town of Midland Canada suffered a similar attack. Laredo, another city in Texas, had in fact been hit by a ransomware attack in May 2019 that heavily impacted their email systems and computers. Their IT has since recovered.

The US Conference of Mayors estimates that at least 170 government bodies have been affected by ransomware since 2013.

What are the strategies to protect yourself from Coordinated Ransomware attacks?

This latest attack illustrates the immediacy of ransomware protection. While the victim in this case was a government, organizations and personal computers are also in constant danger of this type of cyberattack.

Ransomware causes major damage to day-to-day company functions. By ensuring that your most sensitive data is backed up, you can restore data in case of cyberattack. Don’t fall victim to ransomware. Managed Service Providers like GIGE Corporation can help you design and maintain network security and backup solutions. Call us at +1 888 366 4443 or email us at sales@gige.ca to learn more.

The post 22 Governments in Texas Hit By First Coordinated Ransomware Attack first appeared on GIGE IT Solutions: IT Services Mississauga.

The post 22 Governments in Texas Hit By First Coordinated Ransomware Attack appeared first on GIGE IT Solutions: IT Services Mississauga.

Cyberattackers Are Targeting IOT Devices: How Do You Defend Yourself?

gigE — Thu, 22 Aug 2019 14:40:28 +0000

A new threat group, called “STRONTIUM”, was recently discovered by the Microsoft Threat Intelligence Center (MSTIC). In April 2019, this cyberthreat infiltrated private company networks through 3 different IoT devices – a VoIP phone, printer, and video decoder.

The Microsoft researchers reported that the devices were compromised as a result of the devices running out-of-date software. Furthermore, it was discovered that the log-in credentials on some of the hacked devices were also left on factory defaults, making them vulnerable to compromise.

Once the threat had infiltrated a company’s network, it would carry out a network scan to locate other devices that are vulnerable, and spreading itself to these new devices. It was also discovered that the hacked devices were communicating with an external device controlled by the attackers.

It was discovered that common devices that were used for initial infiltration included office VoIP phones and printers. Infected devices are often used by cyberattackers in a network known as a botnet. A botnet is a network of devices controlled by a cyberattacker for malicious activity, including mounting DOS attacks, sending spam, or stealing data.

Microsoft reported that in the past year, it had notified close to 1400 companies affected by the STRONTIUM threat.

The FBI noted that VPNFilter, a malware that was prominent in May 2018, was also related to the STRONTIUM vulnerability. That month, technology company Cisco reported that half a million IoT devices worldwide were infected with VPNFilter, with affected brands including NETGEAR, Linksys, and TP-Link.

What can you do to protect yourself and your IoT Devices?

As shown by the attacks described above, cyberattackers are looking to exploit more simple devices to intrude into victims’ networks. One of the most effective method of protecting yourself against this is by ensuring that the default credentials used to log into the device are changed.

To further protection, you can also segment your network, disconnecting your IoT devices from your more critical systems. This way, if an attacker does gain access to your IoT devices they will still not be able to access your administrative systems.

GIGE Corporation can help you protect your devices from cyberattack. Contact us today at +1 888 366 4443 or info@gige.ca for more information.

The post Cyberattackers Are Targeting IOT Devices: How Do You Defend Yourself? first appeared on GIGE IT Solutions: IT Services Mississauga.

The post Cyberattackers Are Targeting IOT Devices: How Do You Defend Yourself? appeared first on GIGE IT Solutions: IT Services Mississauga.

A Windows BlueKeep Exploit Is Now Commercially Available

gigE — Wed, 31 Jul 2019 16:21:29 +0000

Immunity Inc., an IT security consulting company, announced that a BlueKeep Exploit will now be included in CANVAS – the company’s commercially available security penetration-testing tool.

BlueKeep is a security vulnerability that affects Windows 7, Windows 2003, Windows XP, Windows Server 2008 R2, and Windows Server 2008. Also known as CVE-2019-0708, the flaw allows attackers to exploit Remote Desktop Protocol (RDP) in order to execute code on a victim’s computer without their permission. After infiltration, attackers are able to do everything from installing malicious software to stealing personal information. Microsoft patched the critical vulnerability on May 14th 2019 through a security update, but cybersecurity company BitSight still estimates that over 800 000 computers are still vulnerable as of July 2nd 2019.

Chris Day, Chief Cybersecurity Officer of Immunity Inc.’s parent company Cyxtera, states that the BlueKeep Exploit included in their penetration kit is not self-propagating. This means that if infection occurs during security testing, the virus does not have the ability to spread on the network.

Immunity Inc. is not the only company to have developed proprietary BlueKeep exploits. For example, cybersecurity company McAfee similarly developed a working exploit. Reverse Engineer Zǝɹosum0x0 had also done the same June of this year. However, neither of these parties released details of their exploit to the public, citing that it was too dangerous to release a working exploit to the public.

How do you protect yourself against the BlueKeep Exploit?

The most effective way to protect yourself against BlueKeep exploits is to ensure that you are using a supported and up-to-date operating system. If you are using one of the affected operating systems listed above, it is essential that you have installed the Microsoft updated issued on May 14th, 2019. Disabling Windows’ Remote Desktop Protocol on your PC and enabling Network Level Authentication will also make it more difficult for cyberattackers to infect your computer, but does not provide absolute protection against BlueKeep attacks.

We can help audit, design, and deploy customized internet security solutions to make sure your data is secure. Call us at +1 888 366 4443 or email us at info@gige.ca to learn more.

The post A Windows BlueKeep Exploit Is Now Commercially Available first appeared on GIGE IT Solutions: IT Services Mississauga.

The post A Windows BlueKeep Exploit Is Now Commercially Available appeared first on GIGE IT Solutions: IT Services Mississauga.

Debt-Collector Firm Files For Bankruptcy Following Data Breach Costing Millions

gigE — Thu, 27 Jun 2019 14:16:39 +0000

New York-based debt collection company Retrieval-Masters Creditors Bureau, Inc. has filed for bankruptcy due to a massive data breach.

Following the leak, the legal obligation on the company to notify the 7 million affected by the data breach cost it $3.8 million. Another $400 000 was also spent on external IT consultants to determine the extent of the damage.

3 independent IT firms determined that the compromise had occurred as early as August of 2018. However they could not determine the magnitude of the damage, forcing countermeasures to assume that all company data was compromised.

Russell Fuchs, founder and CEO of the firm, stated that the company keeps highly personal information of its clients due to its work of collecting bills for clinical labs. Therefore, information that was stored and leaked by their servers included the names, home addresses, SSNs, credit card and bank account information, birth dates, and personal medical information of its clients.

The breach was discovered March of this year when the company received an alarming amount of credit card activity on its web portal. Following the discovery, Retrieval-Masters Creditors Bureau immediately shut down its web access to mitigate the damages. The company had shifted to storing its data on the web in 2015 due to market pressure for increased connectivity and client convenience.

This event illustrates the immediacy of cyberthreat to companies that store sensitive information. As demonstrated, a compromise can remain undetected for months, and a single attack could lead to devastating financial and legal consequences.

How can you stay protected?

Here are some best practices to help you protect your sensitive data from cyberattack:

Update your Operating System:

With the end of security support to Windows 7 coming soon, it is absolutely essential for any company running Windows 7 to upgrade to Windows 10. Remaining on an unsupported O.S. instantly makes you vulnerable to backdoor exploits, ransomware attacks, data theft, and more. GIGE IT Solutions can help make your transition as smooth and affordable as possible. Learn more about the Windows 7 End of Life here

Network Segmentation:

Network segmentation is the security practice of “splitting” your company’s network into disconnected sections. If a cyberattacker is able to gain access to one section, they will be unable to infect your entire network. This is particularly effective against viruses with the worm capability, which allows it to spread from one device to the next without any input from the victim.

Multifactor Authentication:

Many cyberattacks are now automated. Brute-force hacks gain access to your accounts by ‘guessing’ your credentials through trial-and-error. This can be prevented by activating multifactor authentication, which requires a second ‘temporary’ password to be input every time you log in from an unfamiliar device. This password is sent to a second destination such as a phone or a secondary email, preventing an attacker to easily hack into your account with only the username and password.

Don’t fall victim to cyberattack. Managed IT service providers such as GIGE IT Solutions help keep your company safe by maintaining healthy backup protocols, monitoring your systems 24/7 and designing customized security solutions. Call us at +1 888 366 4443 for an immediate consult.

The post Debt-Collector Firm Files For Bankruptcy Following Data Breach Costing Millions first appeared on GIGE IT Solutions: IT Services Mississauga.

The post Debt-Collector Firm Files For Bankruptcy Following Data Breach Costing Millions appeared first on GIGE IT Solutions: IT Services Mississauga.