In a recent report, Microsoft has stated that supply chain attacks have become an increasingly pressing concern for cybersecurity professionals.

What are Supply Chain Attacks?

Computer software is constantly updated by developers. These are released to the public through cycles of patches. A supply Chain Attack is a type of cyberattack that infiltrates a victim’s computer through one of these updates.

By hacking into a software developer’s update code before it is released to the public, cyberattackers are able to avoid detection by antivirus protocols that are designed to allow these updates from trusted developers through their firewalls. In the past few years, this type of cyberattack has become more and more prominent, as illustrated by these following examples.

In June 2017, more than 10 000 computers in Ukraine were infected by a ransomware known as Petya. Incidentally, ransomware is a type of malware that locks sensitive data behind ‘ransomwalls’ and demands payment for its safe release. In its investigation, Microsoft uncovered that the attack originated from a hacked patch of the tax-accounting software MEDoc. It is now known that the attackers had illegally inserted a line of malicious code into one if its patches.

Three months later in September 2017, CCleaner, a software that unclutters old computer files, was also hacked using Supply Chain. The software’s developer Piriform stated that the malware inserted into its code stole sensitive data from victims’ computers and sent it to the cyberattacker’s computer.

A Growing Threat towards Cloud Computing

As the percentage of computers relying on cloud computing and online data storage grows, so too does the threat of cyberattacks such as Supply Chain. We are already seeing devastating damage being done to cloud servers with this kind of cyberattack. For example, Docker Hub, a cloud-storage service, was hacked in mid-2018 – an attack that lead to over 5 million infections.

Because it is often difficult for antivirus software to detect these attacks, Microsoft suggests that companies need to develop countermeasures to handle post-infection scenarios to protect themselves against Supply Chain cyberattack. An example of this is using network segmentation, which involves keeping critical computers permanently disconnected from the company network, so that it is not in danger even if a virus were to infect the main server.

Do you need help setting up or protecting your servers? Our technicians at GigE can help. Our networking solutions can help your company protect itself from cyberattack. We also provide IT consulting to help you identify weak points in your network. Call us today at +1 888 366 4443!

The WannaCry malware saw its peak infections on May 12^th 2017, during which 300 000 computers across 150 countries were affected. This piece of malicious software locks computer data behind ransomwalls and demands Bitcoin payments for the release of this information.

However payment of this ransom does not even guarantee the safe release of the information. This is because the author of the WannaCry code did not include a method of storing and collecting the unique computer IDs of the victims’ computers. In other words, the attackers using the malware do not have any way to identify those who have paid the ransom, and therefore no way of knowing which information to release.

WannaCry exploits a vulnerability in the code for a component of Windows PCs called the “Windows Server Message Block”. It accomplishes this via a tool called “EternalBlue”, which is believed to have been developed by the NSA (US National Security Agency) for spying. This code was released to the public on April 14^th 2017 by a group of cyberattackers called the “Shadow Brokers”, and has therefore become widely accessible since. By utilizing this vulnerability, attackers are able to insert the WannaCry malware directly into a system. This malware is particularly difficult to stop once it has gained ground, due to its ability to self-spread throughout an organization’s network without any further input from users.

Because it exploits a Windows vulnerability, WannaCry affects Microsoft Windows XP, Vista SP2, Server 2008 SP2, R2 SP1, 7, 8.1, RT 8.1, Server 2012 and R2, 10, and Server 2016.

The Repair has been Available

The Windows vulnerability that was exploited by EternalBlue was in fact repaired in a patch released by Microsoft in March of 2017, even before the “Shadow Brokers” released the spying tool to the public. The enormous impact of WannaCry was the result of many organizations being uninformed-of and neglecting important updates released by software developers. These updates often contain critical security fixes that protect your computers against the latest cyberthreats. In fact, ServiceNow completed a survey which discovered that 467 financial companies were impacted by cyberattack attempts that had in fact been patched prior to each incident.

It is this continued neglect of updates that has kept WannaCry relevant and dangerous even now, over a year after its peak. The Taiwan Semicondictor manufacturing Company (TSMC) has been one of the latest in the long list of WannaCry victims. The computer chip manufacturer reported that the ransomware attack resulted in production halts in numerous plants in Taiwan during early August 2018.

The Chief Executive Officer of the company reported that the breach was caused by a fake malicious supplier that was connected to the organization’s network. From there, the malware was able to spread to several of the plants owned by the company. The total financial cost of the damages are predicted to reduce the company’s Q3 revenue by 3%.

How to protect yourself from WannaCry

The TSMC attack demonstrates the importance of keeping your organization’s computers up-to-date with the latest software. The widespread neglect of the windows update that patched the WannaCry malware resulted in the amplification it its impacts across the world.

Below are some other best practices to keep your organization safe from malware like WannaCry:

Ensure that the url: “www[dot]iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com” is not blocked on your computers. This domain was developed as a “kill switch” by the author of the WannaCry malware. If the URL is connected to your computer, the malware simply disables itself.

Disable old protocols on your computer such as the “SMB protocol” which contain the vulnerabilities that are exploited by cyberattackers. Also, do not open links or downloads found within email sources that you do not trust, or that seem malicious. This is one of the primary ways that malware can enter your system.

GigE Solutions can help your company protect itself from malware attacks by keeping your computers always up-to-date with the latest security patches. Contact us at +1 (888) 366-4443 to get started with us today!

The Zero-Day-Recovery Cybersecurity Strategy

One of the most immediate and adverse effects of a malware attack is the potential for the affected company to come to a complete productive halt. This is the case for all sorts of malware ranging from data-stealing Trojans to data-locking ransomware. Every moment that a company spends offline to deal with the infected systems compounds the financial damages of the malicious software, and in turn the leverage that the cyberattackers have on the situation.

Zero Day Recovery is a cybersecurity strategy which focuses on thoroughly testing the efficiency of backup and restore protocols. By increasing the effectiveness of these systems, a company can be assured that their data will be quickly restored in the event of a malware attack. This means that the resultant impact on their productivity would be kept to a minimum. Therefore by using this strategy the potential damages of such an incident would be drastically mitigated.

The importance of Zero Day Recovery was illustrated by a recent cyberattack that ravaged the Matanuska-Susitna Borough of Alaska. Due to the fact that their backup systems were not tested prior to the attack, many of their systems had to be kept disconnected for significant periods of time in order to isolate the spread of the virus. As a result, the staff working in the borough were forced to resort to analog typewriters and hand-writing documents while the technicians contained the breach.

The malware attack on the Matanuska-Susitna Borough was an example of a Zero-Day Cyberattack. This is an attack that exploits vulnerabilities in computer software that either have not been identified by their developers, or have not been repaired. This makes them extremely difficult to predict and defend against, due to the fact that the flaws have not yet been discovered.

The specific malware that was used during this attack was called “Emotet”. This software is dangerous for numerous reasons. Firstly, it operates as a “banking trojan” that steals sensitive information from online banking transactions. In addition to this, it is also able to infect computers with more malware. In the case of the Matanuska-Susitna attack, attackers were able to introduce a Cryptolocker ransomware which encrypted data behind ransomwalls.

The United States Computer Emergency Readiness Team (US-CERT) reported that Emotet was introduced into computers through email download links. However, it was also reported that this malware had “worm capability”, allowing it to spread itself throughout the company network after the initial infection.

Learning from the Matanuska-Susitna Borough malware attack, we are able to see that Zero-Day Recovery is an essential part to minimizing the damage that malware can cause to your organization. Due to the lack of recovery options, the productivity impact of this attack was widespread and immense.

Best Practices against Zero Day Attacks

Zero-day recovery is essential in mitigating the damage that malware can inflict on your company’s productivity. Below are some general safe practices to protect yourself from Zero-Day malware:

Firstly, always have antivirus software installed on your computer. It is essential to keep this software and other programs constantly updated, as new patches often contain security updates that repair vulnerabilities in their code.

Next, ensure that employees are well informed in identifying suspicious links in emails, as this is one of the most common methods for viruses to infect company computers. A further step that can be taken is to block the automatic download of file types such as .exe or .dll files, which are often connected with malware infection.

At GigE, our experts can help your organization protect itself against Zero-Day Attacks, and setup Zero-Day Recovery protocols. Contact us at +1 (888) 366-4443 to get started today.

A server is a computer that is connected to other systems in a company through either the internet or a local network, and that dedicates its resources to ‘serving’ these computers. Because of this, servers are in constant communication with all company systems, storing, processing, and communicating data. Due to the fact that they are the central nodes of an organization’s network, they are often the targets of malware attacks. This is because servers are connected to most, if not all company systems, and therefore give easy avenues for the attackers to spread their malicious software to all computers on the network. In light of this, protecting your server should be viewed as critically important when it comes to company cybersecurity.

Recent Malware Attacks that Ravaged Company Servers

On July 16^th, Algonquin College reported that its servers were affected by a malware attack on May 16^th. The infected server, they stated, contained sensitive information belonging to students, employees, and alumni. It is believed that data such as date-of-birth and home addresses of 4,568 individuals was leaked, and that the non-sensitive data of another 106,931 individuals could also have been compromised.

Another recent case of malware infecting server systems was the “Wannacry” malicious software. In 2017, this ransomware was able to lock the files of hundreds of thousands of systems behind ransom-walls. The widespread reach of the malware was attributed to the fact that it has “worm capability”, allowing it to spread to computers connected to a server without any input from the user. In other words, once this malware attached itself onto the central server of an organization, all connected systems became at-risk of infection.

Finally, the “Adylkuzz” malware also demonstrates the importance of protecting your server. This malware is categorized as “cryptomining malware”, which transforms the infected system into a cryptomining slave that wastes its resources making digital currency for the attacker.

How to protect your servers against Malware Attacks

In many of the above instances, malware was able to infiltrate an organizations’ servers due to the fact that the companies neglected to keep their systems up-to-date with current patches. Servers, like any other system, use operating systems such as Windows. Therefore, they need to be constantly updated to receive the latest security measures developed by vendors such as Microsoft.

Following the Wannacry outbreak, Microsoft released a statement noting that “EternalBlue”, the security vulnerability that was exploited by the attackers, had in fact been patched two months prior to the incident. However, many companies failed to install the fix, leaving their systems open to infection. Similarly, the vulnerability used by “Adylkuzz” called CVE-2017-7269 was also repaired prior to the event by Microsoft in an update released on June 13^th, 2017. The severity of both of these incidents could have been drastically mitigated if organizations had been more diligent in keeping their servers’ operating systems up-to-date.

Therefore, it is clear that protecting your company’s server is critical to the safety of all systems on your network. Because they are connected to many of an organization’s systems, malware-infected servers become extreme threats to the security of all computers connected to it.

At GigE, our experts have years of experience in ensuring that your organization’s servers and computers are up-to-date with current software. Do not fall victim to malware and contact us today at +1 (888) 366-4443.