It’s been a cold month in Texas–an Arctic front covered most of the middle and southern American states in snow. Some parts of the southernmost state received over a foot of icy accumulation, and temperatures fell to single digits. While areas of the US can handle those conditions, Texas’s infrastructure was drastically unsuited to the task. When you combine houses with little to no insulation, a lack of snowplows, and a failing electrical grid, you get the kind of tragedy that Texas is slowly recovering from. So much of the damage done has been to the state’s citizens. However, the continual power outages and shutdowns are also impacting technology-focused businesses around the world in unexpected ways.
First, some background: a large proportion of the world’s technology requires semiconductors in order to operate. These are substances that help form most modern circuits, including those in everything from cars to iPhones to refrigerators. Without semiconductor chips, most modern technology cannot function. Because they are so important to modern manufacturing, a shortage of semiconductors can transform from a supply issue to a national crisis. In 2020, experts predicted that a such a shortage was imminent as consumer demand for products like cars outpaced corporate expectations. By January 2021, that shortage was fully realized. Then, the blizzard hit Texas.
Texas hosts the largest amount of semiconductor manufacturing facilities in the country, each of which relies on Texas’s energy grid in order to function. When the blizzard began disabling power plants, several of these manufacturers were forced to halt production indefinitely. For some companies, the uncertainty surrounding the power grid made work impossible. Others shut down voluntarily so that power could be redirected to nearby hospitals and residential areas. Either way, the gap in production represents another blow to semiconductor supply.
As of now, the ultimate impact of the semiconductor deficit is unknown. More important than the immediate supply chain failure is what the situation signifies: uncontrollable physical disasters can have major ripple effects. Whether your business is a semiconductor manufacturing firm or a small local bakery, our modern economy requires some degree of interdependence. You cannot predict everything, which is why a disaster recovery plan is a crucial aspect of any business. If you don’t currently have a disaster recovery plan for your business, consider reaching out to us at firstname.lastname@example.org–we’re always happy to help!
Almost 10 million devices have been compromised by a popular scanning app.
Lavabird Ltd’s Barcode Scanner was a popular barcode and QR code scanner downloaded to almost 10 million devices from the Google Play Store. Android devices, unlike newer generation Apple products, do not have a built in QR code scanner or a barcode reader, making an app like Lavabird’s a must have for many consumers. Unlike some malicious apps, Lavabird’s Barcode Scanner had been on Google’s official app store for years. The app had a clean security certificate, thousands of positive reviews, and no obvious malicious code. This meant that security-conscious consumers, who are aware of potential dangers, downloaded the app believing it was safe. That made it all the worse when what should have been a routine update transformed the app into malware
Malwarebytes, a cybersecurity company dedicated to identifying and preventing malware infections, began receiving complaints from customers in late December. These customers were experiencing ads opening themselves using their device’s built in internet browser. This type of malware, sometimes called “malvertising”, is typically connected with new app installations. However, those consumers had not downloaded any new apps that could have been causing the problem. The company eventually discovered that this malware was coming from Lavabird’s Barcode Scanner, which had been operating on these devices without issues for years.
The good news is that, if your device has been infected, uninstalling the app seems to remove the malware as well. What’s more concerning is the fact that an app was able to build up a large following before discretely pushing a malicious update. For consumers, this means that doing due diligence on an application prior to downloading it is no longer enough. So how do you keep your devices and your data safe?
The first step is knowing what apps you have downloaded on your phone. Make a point of deleting apps that you no longer use, and monitor your phone for any changes in performance after an app is downloaded or updated. If you are a decision-maker at a business that issues ‘work phones’ to employees, consider restricting app downloads and updates so that you can monitor the phone’s performance. If you’re looking for outside assistance in developing a security plan for your company’s mobile devices, you can always reach out to us at info@optfinITy.com.
“Why can’t I be the admin of my own computer?”
It’s a question that everyone who works in IT dreads being asked. Admin privileges are a useful thing to have, after all. They’re required for major system changes to a device, which can cover everything from editing files to downloading software. It can get incredibly frustrating to have to call up your IT provider just to have them type in a passcode. When your role requires regular software downloads, it makes sense to want to ‘cut out the middle man’ so to speak. After all, what’s the worst that can happen?
Principle of Least Privilege
No two IT providers are exactly the same–we’re all special little snowflakes like that. However, like snowflakes, that’s almost impossible to tell when you aren’t an expert (and even then, you have to get really close). Many of the basic principles of IT and cybersecurity are shared among various providers. One of those principles is that of least privilege. Essentially, least privilege is the idea that each user should have the least amount of privilege necessary to get their job done. Some end users may require admin-level privileges to complete their work, but the vast majority do not.
The goal of the principle of least privilege is to limit the damage that any one account can do to a system. That damage could be the fault of the end user, like if they deleted an important file or downloaded malware to the device. In many cases, the end user is not at fault, and their account was compromised by a threat actor. Whatever the scenario, it’s one that could have been limited or even prevented by the principle of least privilege.
For each additional admin account on a device, that device’s exposure to threats increases dramatically. When that device is used for work, additional admin accounts raise the business’s exposure to threats as well. An admin account allows a threat actor to make major changes to a device that can damage an entire organization before being contained-if they are contained at all.
In short, is the principle of least privilege annoying? Yes. Is it much less annoying than a full-blown security failure? Definitely.
As a leading managed server in the Mid-Atlantic region, we are pleased to announce today that the Mount Vernon-Lee Chamber of Commerce has named OptfinITy as its Best Mid-Sized Business of 2020. This award recognizes exemplary local businesses who best embody the values of the Chamber.
In today’s new and often uncertain business environment, OptfinITy plays an important role in helping companies adopt the technologies they need to stay afloat without straining shrinking budgets. OptfinITy combines efficiency with cost-effectiveness to better serve their clientele, allowing small businesses to make the most of their investments into IT and digital security.
The list of all Mount Vernon-Lee Chamber of Commerce honorees is featured online at https://mountvernonleechamber.org/business-awards/.
In late 2020, the technology world was shaken by a massive attack involving SolarWinds, the creator of a popular networking software with over three hundred thousand customers worldwide, including 412 of the companies that make up the Fortune 500. Initially, onlookers believed that the attack was directed at the massive software corporation and their high-profile clients because of malicious code found in SolarWinds networking software and a large initial degree of overlap between SolarWinds clientele and victims of the hack.
However, recent information has revealed that over a third of known victims had no connection to the software company whatsoever, implying that there were multiple, as-of yet unknown, vectors of attack. Even larger government bodies such as the National Telecommunications and Information Administration and the Treasury Department reported that the hackers had limited success in breaching secure data, such as internal government emails. The full scope of what data was compromised, as well as who launched the attack and how it was initialized, is still unknown.
These types of far-reaching cyberattacks can feel like the stuff of nightmares for everyone involved. Private citizens may have had sensitive data leaked to malicious third-party actors, the affected corporations lost money and consumer trust, and the full extent of the damage done to United States domestic security is still unknown. SolarWinds is still currently investigating the root cause of the attack, and allegedly is pointing to Microsoft’s cloud as the potential first attack vector. Federal law enforcement and Microsoft itself have not yet commented on this possibility.
At this point in early 2021, there’s still a lot we do not know about what was once called the SolarWinds attack. Everything from a list of affected entities to possible motivations for the hack are still unknown. In the meantime, all everyone else can do is maintain their cybersecurity standards and keep an eye on the news. If your company is looking for help designing a cybersecurity plan, reach out to us at email@example.com–we’re always happy to help.
What does a cyberattack look like? There’s no specific technique, target, or goal to unite them. They can be part of an anti-terrorism campaign, like the United States’ Stuxnet attack on Iranian nuclear refineries. They can be motivated by financial gain, like the recent trend of ransomware attacks that demand payment in Bitcoin before unlocking the target’s data. Some attacks are simply done for hacker clout, like the spade of DDoS attacks done in the 90s and early 00s. As time goes on, new cyberattack strategies are emerging that may define the rest of the decade.
In 2020, observers noticed an uptick in attacks that focused on securing and/or releasing corporate data. Attacks that resulted in a data ‘leakage” increased over the past year, and 2021 has continued that trend through January. On the first day of the year, over nine thousand data leakages occurred, a larger single day number than any day from 2020. With 2020 already representing a 93% increase in leakages over 2019, any continuation of the trend is threatening. Without a strong response to this trend from the public and private sector actors who work with confidential consumer data, it is likely to continue its astronomic growth.
So what are some of the steps that possible targets of these attacks can take to minimize their risk?
- identify what sensitive data your company holds and where it is stored
- periodically review whether the sensitive data your company holds can be deleted
- monitor user activity as it relates to sensitive data and limit non-essential access
In the case that prevention fails, and your business is affected by a possible data leakage attack, time is essential. Creating a strategy for security response teams prior to an attack is crucial to properly identifying the attack, quarantining the data, and limiting the scope of the leakage. If you or your company are looking for assistance in creating that plan, reach out to us at firstname.lastname@example.org.
The coronavirus has changed how we work dramatically. With new methods of communication, new threats, and less time in the office, some businesses have discovered that remote work is making them more productive. Many remote workers are reporting higher levels of job satisfaction and even improved mental health after gaining more control over their workday. However, not all work is equally suited to this new normal. Some businesses that regularly process confidential information are struggling with how to adapt their in-office privacy standards for home work.
A recent study conducted by Go Shred found that almost two-thirds of home workers admitted to printing out office documents on their home printer. While some of these materials were not sensitive, others admitted to printing documents that contained confidential client and employee data, ranging from home addresses to personal medical information. The problems, however, don’t end at the printer. Disposal methods are also shoddy for many home workers. 24% of those surveyed who had printed confidential information had not disposed of those materials at the time of the survey. Of the 76% who had destroyed the documents, roughly 20% used their home shredder and municipal trash removal to do so–another privacy failure.
It’s understandable why this occurs: convenience is king at the home office. That doesn’t excuse the practice, which significantly increases business liability and consumer risk. Remote workers need a defined procedure that they can follow, and consequences for failure. Decision-makers who need to navigate COVID safety protocols and confidentiality best practices to design those guidelines will be the ones who control how secure their data really is. Maximizing worker safety, data privacy, and ease-of-use will all be crucial components of that process–but creating guidelines to regulate that behavior is the only way we can solve the issue of confidentiality. Until we’re back in the office, that is!
If you’re interested in learning more about data privacy, check out this article summarizing Go Shred’s findings. If you’re interested in working to develop a comprehensive compliance plan for your company, or if you’re just looking for everyday IT solutions, you can reach out to us via email at email@example.com, or call us at (703) 790-0400.
Ransomware attacks have been on the rise for years. The software necessary for these attacks are more sophisticated, anonymous currencies like Bitcoin are more prevalent, and companies are collecting more data, creating a perfect storm for bad actors looking to make money off of security lapses. These scams take several forms. The group could lock workers out of their devices, delete important data and offer to restore it upon payment, or steal data and threaten to release it to the public. When people are victims of this kind of scam, the hacker offers to delete the data if the victim pays the group. Some companies take the offer–but the hacker rarely delivers on their end of the deal.
Nearly half of all ransomware attacks include the threat to publish stolen data. This was not always the case. Previously, companies with a secure backup of their data could restore their data and ignore the hacker’s threats. The threat of releasing data removes any leverage the company would have from a backup. In addition, a company can never have a full guarantee that their data was deleted. Both sides of the interaction know this, so why do companies pay? Research suggests that fear of the public’s response to a data breach is a major factor. The backlash against companies who have lost sensitive data to hacks in the past has been severe. This public pressure combined with hope for a return to before the security breach took place is part of what pushes companies to make deals that are not in their best interest.
So what should you do if a ransomware attack breaches your company’s security? First of all, do not engage with the hackers. Their goal is to make money, not to help you. Second, contact a legal expert to understand what liability you might have, and what your options are. Finally, invest in your security. Once data has been stolen, it is difficult to get back to ‘normal’. Prevention is key to keeping you and your data safe. If you or your company are in need of increased security, you can always reach out to us at firstname.lastname@example.org.
We’ve written a lot of posts about how hackers are infiltrating corporate data and systems, but we haven’t spent much time discussing how they monetize that access. A recent article discusses how a group of hackers used their access to their victim’s email services to the tune of $1.7 billion in losses.
Threat actors first gain access to an e-mail network through social engineering, the process of manipulating individuals within an organization to gain access to sensitive information or areas. Once they have that access, the threat actor observes the organization’s pattern of communication so that they can mimic it. At that point, the infiltrators will impersonate an employee to redirect payments to fraudulent bank accounts
The FBI sent an alert highlighting the dangers of this e-mail forwarding technique, stating that:
“The web-based client’s forwarding rules often do not sync with the desktop client, limiting the rules’ visibility to cybersecurity administrators. While IT personnel traditionally implement auto-alerts through security monitoring appliances to alert when rule updates appear on their networks, such alerts can miss updates on remote workstations using web-based email.”
We need to internalize how impactful these hacks are. We also need to contrast those costs with the relative cheapness of how to prevent them. While only 7% of spear-phishing attacks use this technique, it is a remarkably effective one. The almost 2 billion dollars in losses caused by this type of hack makes it the single costliest kind of attack in the past two years.
If you want to prevent these kinds of attacks at your own business, there are several important steps you can take.
- Ensure that your mobile and desktop version of your email application can synchronize with each other, and have the latest updates.
- Set up your email to flag communications where the sender’s address and addresses from replies do not match.
- Enable multi-factor authentication.
If you need help protecting your company from threat actors, or if you’re just looking for new technology solutions, consider reaching out to us at email@example.com.
For 45 minutes on Monday morning, a variety of Google services were inaccessible across Europe and North America. Google Search, Gmail, and a variety of Drive programs were all down. Google’s physical devices also reported critical errors during the outage. Initial reports blamed this on an error in the service’s authentication system, but a new report from the company shows that the problem was more widespread than initially thought.Google revealed that the root issue was a flaw with the company’s storage management system. The issues only cascaded from there: limiting the authentication system’s capacity meant that the entire identity-management system was broken. All users of Google Cloud Platform and Google Workspace at the time of the outage were affected.
So what lessons do this outage teach?
Big Tech Companies Aren’t Infallible
This is the third major failure in as many months, along with the five hours Amazon Web Services was disrupted in November and Microsoft Azure’s outage in October. It can be tempting to trust blindly when a company has a track record of reliability and success, but track records won’t keep you afloat if a failure occurs.
Diversify and Monitor
If all your tools for support, monitoring, servicing, collaborating, etc. are on the same platform, you’ll be wiped out by those platform’s errors. While it can be tempting to unify your systems for simplicity’s sake, your monitoring tools should always be separate so that you can be notified in case of an outage. End-to-end visibility is the goal.
Backups Are Your Friend!
Having independent access to your data is crucial when your cloud host fails. Backups create overlapping coverage so that no one failure impacts your company. On top of that need for access, backups remove any worries about losing data that’s stored remotely.
In short, these failures should keep us from becoming complacent. Security isn’t just about preventing attacks, it’s about preventing all disruptions in service. Take care of your technology, be aware of what these outages can do to your business, and take steps to prevent failure before it happens.
If you need more information on preventing service disruptions, leave a comment or email us at firstname.lastname@example.org.