Hacking - A sophisticated threat to business

Posted by Michael Trimblett on 25 January 2019

Unfortunately, a business was harmed in the making of this true story.

"Your files have been encrypted. Please submit payment within 48 hours to restore your data."

Can you imagine turning on your computer tomorrow and finding all of your business data inaccessible?  Could you continue trading, or would your business come to a halt?  This is the precise scenario a small business was recently faced with.

The business owners in this article, like many people, relished in the ability to complete work remotely from the comfort of home. But without the right security in place, their open connection to the network was like an unlocked door, and it was all too easy for hackers to gain access to the company's files.

So who are these hackers? Anyone with an internet connected computer is capable of attacking you. With anonymous cryptocurrencies and the ability to attack victims across the globe, cybercrime is virtually untraceable.

What are they after? Your data and information because it is not only extremely valuable to you, but is also a valuable commodity on the dark web. Your business data is like currency. Even in a small to medium business, data is just as attractive to hackers as a corner store cash register.

Hackers have two options with your data.

  1. They recognise that its worth more to you than it is to them, so they encrypt it (locking your files) and hold your business data for ransom-Usually this is referred to as Ransomware.
  2. They recognise that the data is valuable to them as well. Your customers' bank details, credit card numbers, and Medicare numbers fetch high prices when sold on the dark web. Once sold, such data is often used to commit identity fraud. A data breach like this could have a huge impact on the life of your clients.

The situation faced by the business I alluded to in the first paragraph is an example of how hackers make money from Ransomware. Through inadequate security measures, a hacker gained access to their server, encrypted all of their files, and then issued a ransom note for 0.8 Bitcoins (at time of attack - approximately A$7,500.00). The files were largely worthless to the hacker, BUT the files were the currency and life blood for the business. Bitcoin is a digital tender and can be used to buy and sell items anonymously on the internet meaning hackers have a way of being anonymously paid.

The challenge for any hacker is to gain access to your data storage (your laptop, server etc). There are many vectors for infection (the placing of malicious software in your system) and many methods where you can be tricked into letting the infection in including spam, social engineering and malicious advertising. Other ways that hackers can break in include website hacking and exploiting insecure remote access, insecure communications, aging equipment, and vulnerabilities in your software and/or equipment.

In the example of the Business mentioned earlier in this article, it was all too easy for a hacker to break in via the remote access.

But why this business? Well, it wasn't personal. It was simply a random leveraging of opportunity and high vulnerability increases opportunity. A hacker can go on any number of public websites that lists every device open to the internet and can apply his or her automation tools to choose targets to attempt to hack into. If you are reading this on your computer right now and you're online, your IP address is one of millions around the world that may come up in such a search.

Hackers utilise products such as Shodan (like a 'Google for hackers') and Masscan, meaning they can scan all four billion internet IP addresses, looking for vulnerabilities in less than six minutes. If a vulnerability or insecure practice is found, the hacker will look to leverage this into an attack. They don't necessarily know you, they just know your IP address is vulnerable and they will try to exploit it to see if they can earn some money.

Vulnerabilities are found in devices daily. They can take the shape of mistakes in programming, insecure policies by the device manufacturer or the deliberate inclusion of backdoor access in programming. But most vulnerabilities are just human error, with programmers often working under a lot of pressure to deliver a product this is why so many updates to Windows and Mac operating systems are pushed out each month.

So, the hackers have an easy way to scan the internet, they can access the known and published vulnerabilities, they have developed toolkits which will automate the entire process, they have tools to break in (a common example is automated password guessing-or brute force password hacking) and they can make untraceable money. 

With these hacker strategies in mind, what happened with the small business in this article?  The hackers, via their search engine and automation tools, were able to isolate a venerable IP address, which in this case it was the remote connection at the server. The hacker easily found their way to the server and started a brute force password attack. This sort of attack is not flagged by Windows and can only be determined by checking the event logs of the server. The hackers eventually guessed the right password which allowed them into the server. They deployed their ransomware software which encrypted all their data and then issued the ransom.

This catastrophe could have been avoided. If you are storing your data on a server at your business and accessing it remotely, there are three key ways to prevent hacking.

  1. Set up a secure remote connection to the business via a Virtual Private Network (VPN) appliance.
  2. Have a bulletproof backup solution in place that follows the 3-2-1 backup framework.
  3. Have a strong password management regime.

Without the VPN, a remote connection opens a portal into your server that is visible and easily accessed by anyone else. A VPN reduces the 'visibility' of the remote connection and provides the security to prevent any unauthorised entry.

If the business in this article had a bullet proof 3-2-1 back-up solution in place; then at least they could have ignored the ransom, purged the server, installed the necessary VPN and endpoint security and then loaded their back-up data.

Lastly, with an appropriate password management regime, maybe the hackers would not have been able to crack this Business's password.

So, how did this story end for the Business in this article? Not too well I am afraid.  The ransom was paid but then the hackers went quiet. There has been no contact since.  They did not deliver the decryption key nor the program to decrypt the data. They had to downsize their operation significantly.

The moral to this story is this: regular security audits should be implemented on business networks to ensure best practices are being adhered to and when issues are found, it is always best to action them with urgency.

 

Download our Insight Feature on Hacking - A Sophisticated Threat to Business

 

You may also like to read these fact sheets:

Posted in: Security IT IT Consulting Networking Security  

How to ensure your I.T. is working for your business

Posted by Michael Trimblett on 14 September 2018

To be successful, a small to medium business must be seamlessly efficient and provide an outstanding customer experience. Your Information Technology should be the backbone of this goal. By investing in quality, reliable, proven I.T. infrastructure, you remove the likelihood of down-time, allowing you to concentrate on running your business and providing excellent service. Anything less will be costing you money in inefficiencies and downtime.


The Four Pillars of an effective I.T. Network
 

SPEED-The speed of your system impacts everything from staff productivity to customer satisfaction.  For optimal speed, you need to have business grade equipment, enough internet bandwidth, a server (onsite or remote) that can handle the workload and that is configured properly for your business.  You should also have a trusted I.T. provider that can perform maintenance on your system and head off downtime before it happens, and to respond quickly if things go wrong.

SCALABILITY- Scalability is simply the ability for your systems to grow seamlessly as your business does.  It means staying up to date with equipment, software and licensing, and being able to add users, updates, new applications or servers as needed.  A good I.T. provider will analyse your system and offer advice to ensure it will grow with you.


SECURITY- There are many ways in which small and medium businesses are vulnerable to security breaches, and the consequences can be devastating.  There are several things that need to be in place for full protection, including physical protection of your equipment, antivirus, password protections, your perimeter and the cloud, and solid backup policies. Your I.T. provider should be able to assure you that your business is secure from threats like hacking, accidents, data corruption and ransomware.

RELIABILITY- You need your I.T. system to be working for you all the time and at optimum speed. This means having equipment that is up to the task, warranty cover and the necessary backup. It also means having your system monitored and managed by a good I.T. service provider.  Your system is a bit like a car you wouldn't buy a car and then not get it serviced, expecting it to never break down.

Click here to download the Insight in full How to make your I.T. work for you or if you would like to know more, please contact Naomi or Michael. Alternatively, give us a call on 02-43370700

LOYAL I.T.- We specialise in I.T. solutions for your business; providing software, hardware, networks, configurations, consulting and support for 15 years from their base on the Central Coast.

Posted in: IT IT Consulting Networking Security Computer Software  

Scam Alert! Aug 2018

Posted by Maddie McKechnie on 1 August 2018

The latest phishing attack has made its way to the Loyal I.T. helpdesk today - with a cleverly disguised PDF attachment that asks for your email credentials.

You may have email correspondence back-and-forth with a potential client or customer that on the surface appears legitimate, but quickly goes sour once they attach a PDF document they say is related to their query, or is confirmation of their purchase.

This PDF may also appear legitimate - with a warning inside that says it has to be viewed in Adobe Reader (see left image below). If you click on this warning, you are then taken to a website that asks you to login with your email credentials in order to view the document (see right image below). These email credentials are then sent straight to the attacker, who now has full access to your email account - as well as any accounts that use those same credentials.

Phishing attempts put your business at risk, as attackers gain access to your email accounts and can send fraudulent correspondence on your behalf. This can include false bank details, theft of data, or correspondence that may damage the reputation of your business.

If you think your password has been compromised, please do not hesitate to give our office a call on 02 4337 0700.

 

Posted in: Misc IT Networking Security  

Business data backup by the numbers 321

Posted by Michael Trimblett on 11 June 2018

Like currency, your business data is life-blood; and there are many ways that business data can be lost.

Why is a reliable backup process necessary? Small to medium-sized business are statistically more likely to lose data and it can be devastating. Here's why:

  • You lose a big part of your currency to operate
  • You spend a significant amount of time and money re-working important files
  • You could be unknowingly contravening the privacy act
  • Unscrupulous people or competitors could gain access to your business information
  • Your customers' details such as email and/or mail addresses, credit card or bank details and other personal information could become available publicly

There are a series of ways to help prevent the loss of business data such as having up to date anti-virus and software security plus simple procedures and cybersecurity awareness for staff. But no matter what and how much, these will not entirely eliminate the risk. Therefore, a simple but reliable backup plan must be part of any business's procedures. The backup process will then ensure that in the event of data loss, you can recover an up-to-date duplicate record of files. And just to confirm, there are many simple (and not so simple) ways that your business data could be lost forever:

  • Theft of, or an employee loses or damages, a laptop
  • Accidental (or deliberate) deletion of files
  • Loss or damage of portable storage devices (USB or similar)
  • Physical access by an individual to unsecured documents
  • Inappropriate access to personal records by an employee
  • Breaches from hacking including ransomware
  • An employee (usually without malice) changing key attributes in 'settings'
  • Non-compliance to simple procedures such as password management and email/links protocols

Chances are, one or more of these have happened to you, or you know someone who has experienced one of these.

The 321 Backup process

You probably know about it, it's been tried and proven for many years but still to this day, not everyone has a reliable backup process in their business. The 321 backup process is simply:

3 separate copies of files
2 on different local devices devices/medium
1 offsite (NOTE: Dropbox, Google Drive or OneDrive are not strictly backup because if you delete a file on your device, it will also delete in the offsite folder).

Here is an example of an effective 321 backup process. Your business has an onsite server with 5 onsite PC's on the network and 3 offsite laptops also connected to the server via the internet. All files reside on the server. There is a hard drive backup on site hooked to the server that copies all the files. There is also a backup "in the cloud", where the files are updated and stored offsite. In this example, there are 3 copies of the files, 2 of which are on independent onsite devices and 1 copy is offsite. There can be variations on this theme depending on the configurations of desktops, laptops and users but the ratio of 321 shouldn't change. The challenge is to configure your 321 process so that backups occur at an appropriate frequency through a mix of automation and procedures.

If you would like to discuss your computer and network security or if you would like to know more, please contact Loyal I.T. Solutions on 02-43370700 or email Michael Trimblett

LOYAL I.T.- We specialise in I.T. solutions for your business; providing software, hardware, networks, configurations, consulting and support for 15 years from their base on the Central Coast.


Posted in: Services Security IT IT Consulting  

Most businesses must now report data breaches

Posted by Michael Trimblett on 9 May 2018

Protecting your business data is no longer just common sense

The chances are that if you experience any form of data breach, then not only is your company's information at risk but you are also at risk of breaching the privacy act. It's often assumed that data breach only means being hacked by a sophisticated gang from a rogue nation trying to influence votes or steal national secrets; It is more often associated with the wrongful acquisition of personal information that is residing in the databases of small to medium-sized businesses.

From February 22nd this year, the federal government has amended the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988.  It now includes mandatory reporting if your business:

  • Turns over more than $3M per year or;
  • Is a credit reporting body or;
  • Is a health service provider or;
  • Is a Tax File Number recipient.

You might be surprised at what constitutes an eligible data breach and how a breach could occur. An eligible Breach refers to the unauthorised access, loss, or disclosure of personal information that could cause serious harm to the individual whose personal information was involved in the data breach.

"Serious harm" in this context, may include physical, psychological, emotional, financial or reputational harm.  This affects any business who holds personal information about their clients such as medical records or credit card details.

Examples of data breaches can be in the form of:

  • Lost or stolen laptops or other mobile electronic devices.
  • Database breaches from hacking.
  • Physical access by an individual to unsecured document recycling.
  • Unauthorised access to personal records by an employee.

Data security is an on-going issue for all businesses and this change to the privacy act has added another dimension to the responsibility of most businesses.

To notify of a data breach, visit the Office of the Australian Information Commissioner's (OAIC) website and fill in the "Notifiable Data Breach Form".  If a business fails to disclose a data breach on more than two occasions, the OAIC can seek a penalty of up to $21M.

Digital information loss is by far the hardest to protect against as hacking attempts can take place from anywhere at any time.  Simply clicking on the wrong email or visiting a compromised website can lead to your customer's data being leaked.

If you would like to discuss your computer and network security or if you would like to know more, please contact Loyal I.T. Solutions on 02-43370700 or email Michael Trimblett

LOYAL I.T.- We specialise in I.T. solutions for your business; providing software, hardware, networks, configurations, consulting and support for 15 years from our base on the Central Coast.

 

Posted in: News Services Security IT Consulting Networking Security  

Latest News

Meet our Staff

Feb 20 2020
Loyal I.T. Community
Apart from being known as the leading provider of I.T. solutions to bu...

Email contact

help@loyalit.com.au

for enquiries or log a job.

I would like to pass on how impressed I am with Josh. His attitude and desire to provide a quality service is excellent.

Warren Manners
Read All
Bookmark SiteTell a FriendPrint