SpireTech Blog - Category: Security
IT Security topics
We’re starting to hear from clients and insurance brokers that cyber insurance costs are on the rise, in some cases up to 200%. Of course, this comes with insurers cracking down on IT controls – making sure their insureds are operating as securely as possible.
Clients can expect increased scrutiny over their application or renewal. The length of the questionnaires vary greatly, but at a minimum, insurers will ask about and want to see the following things in place:
- Multi-factor authentication across all systems and accounts including email, remote access, vendor access, VPN’s, SAAS/cloud applications, etc.
- An enterprise-grade endpoint protection solution (antivirus and malware).
- Employee security awareness training, including phishing training.
- Email spam and phish filtering software.
- No end-of-life software.
- Closed remote access ports, including remote desktop protocol (RDP).
- Security patches applied in a timely manner.
- Offsite, tested, and monitored backups that are not accessible from your network.
Clients that implement all security best practices and tools will likely face lower Cyber insurance costs, easier renewals, and enjoy the benefits of increased security. Read more...
Let’s start by describing what an app registration is: An app registration happens when you allow an external program to integrate with your Microsoft 365 tenant. A common example might be allowing a scheduling tool like Calendly to access your companies’ calendars stored in M365.
What we are noticing more of is the requirement for mobile phones to require an app registration to be able to access company email if the employee is not using the mobile Microsoft Outlook app (eg, when using the mobile phone’s built in mail client).
It is also possible for these permissions remain after the application is no longer needed or in use. Because app registrations are persistent, they may present a security risk long after the permissions have been forgotten about.
Examples of things we’ve seen include: Zoom, Samsung email, Apple Business Manager, Quickbooks desktop (for email), Zapier, Smartsheet, Addevent, Calendly, Atlassian, LinkedIn, Polly, Doodle, and so on. Read more...
An interesting development came to light recently wherein the FBI intervened on behalf of people who had not updated their watchguard firewalls and had gotten hacked by Russian threat actors. In a clandestine takedown operation cloaked by a federal warrant, FBI agents remotely accessed infected WatchGuard firewalls, hacked in, kicked out the intruders, and closed the vulnerability.
Watchguard firewalls are used by some businesses to protect their networks. Although the vulnerability had been addressed in May of 2021, as recently as February of 2022 some people still hadn’t updated.
The botnet infecting the firewalls was dubbed “cyclops blink” and was controlled by the Kremlin, according to an advisory jointly issued by the UK’s National Cyber Security Centre (NCSC), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI).
SpireTech VIP Support Managed IT Service provider clients receive regular firewall updates, and emergency firewall updates when needed. Read more...
By now we hope that our clients understand that IT security is never “done”. It is a constantly evolving and maturing process involving additional tools, training, and knowledge. This image shows the journey many clients are on with us to improve and mature the security posture of your organizations. Some of you fall in different places on this journey – do you know where your company sits?
As mentioned in the previous article, we are now including Huntress threat hunting in our VIPSupport managed services packages. We are referring to the current iteration of our managed services plan as “version 3.5” or “v3.5”. We encourage all clients to be on at least v3.5 or better for security purposes.
This is an evolutionary journey, and some clients are hesitant to increase expense to further limit risk by implementing additional security services. Limiting the “included” security features, while we feel it is important, helps keep the base price affordable for cost-sensitive clients. Read more...
Moving forward in 2022 SpireTech VIPSupport managed services package renewals will have Huntress included in the base package.
Huntress is specialized Managed Detection and response software backed by humans that looks for persistent footholds, backdoors, and other sorts of malware that anti-virus technology misses. When we tested huntress on over 1000 computers, we found that 2% of those systems contained things that conventional anti-virus software missed, the most common problem was banking trojans – lying in wait to steal bank passwords.
Each threat detected gets analyzed by their ThreatOps team, a remediation plan is developed, and put into action – usually without needing any disruption of the person working. If ransomware is detected, Huntress will isolate the system from the internet and network to prevent spread.
Multiple cyber news sources and email protection vendors have warned of increased phish and spearphishing activity coming from Russian hackers since the attack on Ukraine.
The strategies are largely the same as in the past: using phish emails or social networking with the intent of harvesting your credentials. However, the volume of the attacks has increased. Extra vigilance is encouraged at this time, because there is concern the methods employed will become more sophisticated or convincing.
SpireTech offers a security awareness training program for your employees – including micro trainings, “autophish” automated phish testing, employee secure score, dark web monitoring, and more. This program can also help meet certain cyber insurance employee awareness requirements. Please let us know if you are interested in learning more about strengthening your employee security posture.
“Authentication” is the process of proving that you are who you say you are. Traditionally that’s been done with a username and a password. Unfortunately, authenticating with a username/password alone is simply not good enough in today’s world. Usernames are often easy to discover; sometimes they’re just your email address. Since passwords can be hard to remember, people tend to pick simple ones, or use the same password at many different sites. Credentials compromised by attackers in breaches of public websites are then used against corporate accounts to try to gain access. Considering that up to 73 percent of passwords are duplicates, this has been a successful strategy for many attackers and it’s easy to do. According to Microsoft research, there are over 300 million fraudulent sign-in attempts to their services every day, and over 80% of breaches are caused by credential theft.
Enter MFA. By providing an extra barrier and layer of security that makes it incredibly difficult for attackers to get past, MFA can block over 99.9 percent of account compromise attacks. Read more...
During the course of the COVID-19 pandemic, cybercrime has seen an incredible 600% increase — and it’s not slowing down. This alarming trend means that proper cybersecurity implementation is more important than ever.
A large number of these attacks are ransomware attacks. Although the first ransomware software hit the scene back in the ‘80s, the use of this type of attack has seen a massive explosion in recent years.
In this article, we will explain what ransomware is and explore six ways a small business can avoid being the victim of a ransomware attack.
Ransomware is a malicious type of software (malware) that infects the host computer and encrypts all of the files and data before demanding payment for the decryption key. Typically, the hacker requests the money via either a credit card or, more commonly, a cryptocurrency like bitcoin.
The attackers aren’t picky about who they go after either. Read more...
As you may or may not be aware, the well-known brewery and hospitality chain McMenamins suffered a data breach following a ransomware attack during the month of December. During the attack, threat actors stole business records, payroll and human resources data files dating back as far as 1998!
The attack temporarily disrupted their operations over a weekend as several of their servers, workstations, and point-of-sale systems were encrypted. It was later determined that hackers had been in their systems since December 7th, days before they executed their final attack on December 12th. McMenamins was forced to shut down all credit card point-of-sale systems, corporate email, and any IT systems to stop the spread of the attack internally.
According to the breach disclosure, stolen data potentially included names, addresses, phone numbers, email addresses, birthdates, race, ethnicity, gender, disability status, medical notes, performance and disciplinary notes, Social Security numbers, health insurance plan elections, income amounts, and retirement contribution information. Read more...
Much of what we write about, and often repeat around security in this newsletter is based on actual experiences and real-world stories that SpireTech has been a part of or privy to learn about from others in the security industry that often may not hit the news. We never reveal the identity of those affected – but we do use these experiences to improve, and hopefully advise our clients of things to do (or not do). We hope you take our advice to heart.
We’ve talked about how people working from home should be using company-secured computers, or at least subscribe to our add-on package for securing home computers. Many recent stories of attacks have the same common trends that we’ve written about before. Lack of multi-factor-authentication on email or services on the web that can lead to compromise, aged hardware such as firewalls or network equipment that contain firmware vulnerabilities the vendor is no longer supporting or providing updates on, and often relying on some of the ‘ease of access’ that is present in software but may not be ‘safe’ to use. Read more...