Microsoft’s Response to Midnight Blizzard Data Breach

By -- 2024-02-2 in Blog

Immediate Response and Detection

On Friday Microsoft released an official statement on its actions following a cyber breach by Nation State Actor Midnight Blizzard against its corporate systems. This breach raises concerns about the ongoing threat from nation-state actors and highlights potential shortcomings in Microsoft’s cyber practices. Common issues such as poor password management and disabled 2FA contribute to cybersecurity risks, and Microsoft is not exempt from these challenges.

Cybersecurity Practices and 2FA Implementation

Through targeting a legacy test tenant account, the bad actors were able to bypass more vigorous security measures to alter account permissions. Hackers were then able to access a small percentage of corporate email accounts, including members of the senior leadership team and employees in the cybersecurity and legal divisions.

The success of a spray attack signifies that Microsoft was not fully enforcing 2FA/MFA on its own systems, despite recommending it to its users. The attack highlights the importance of enabling 2FA across all platforms as an added layer of defense, despite having other cybersecurity measures in place.

In response to the breach, Microsoft is redefining the balance between security and business risk. Immediate measures include applying current security standards to legacy systems, even if disruptions occur.

This incident serves as a reminder of the constant need for vigilance in cybersecurity practices to mitigate risks from sophisticated adversaries. Cyber disaster response plans need to be frequently reviewed and updated as new vulnerabilities and risks appear.

Contact us for a free consultation at sales@optfinITy.com or 703-790-0400 to review vulnerabilities in your network and create a plan of action today.

The QR Code Quishing Threat: Unraveling the Risks

By -- 2024-01-19 in Blog

Despite having 2FA enabled, Mandiant, a Google-owned company, was recently the victim of a cyber-attack against their Twitter account with over 100,000 followers.

To appear more legitimate, the hackers renamed the account “Phantom” and updated the bio to pose as the Phantom Cryptocurrency wallet. The hackers then used the account to promote links to a phony website claiming to offer free $PHNTM cryptocurrency tokens.

Aside from attempting to gain access to financial information, the hackers also mocked Mandiant in a series of tweets suggesting that the company change the password and check the account bookmarks once they got control of the account again. Upon regaining control of the account, Mandiant confirmed that they had 2FA enabled and were looking into the issue.

2FA, also known as multifactor authentication, requires an extra layer of security where you need to insert a code from an app, fingerprint, facial scan, or an additional method to authenticate your identity. You can check out our previous blog post on how 2FA can help you make your passcodes more secure to learn more about it.

The Mandiant breach serves as an important reminder that 2FA does not completely defend against cyberattacks. You should still enable 2FA to protect yourself, but it should be used in addition to safe cyber habits and frequent monitoring.

Don’t leave your cybersecurity to chance: visit www.optfinITy.com or contact us for a free consultation at sales@optfinITy.com or 703-790-0400.

5 Essential Cybersecurity Measures for Healthcare Providers: A Guide to Protecting Patient Data

By -- 2024-01-16 in Blog

Healthcare organizations possess vast amounts of sensitive data that cybercriminals may find valuable, making them prime targets for cyberattacks. With the increasing volume of electronic patient data, it’s crucial to ensure the protection and confidentiality of this information. This post explores five essential cybersecurity measures that every healthcare provider should adopt to protect patient data.

Implement Strong Passwords and Multifactor Authentication on ALL accounts

Cyberattacks can be deterred by the first line of defense—strong passwords. Employees should be encouraged to use complex passwords that are difficult to guess, incorporating a variety of characters and avoiding password reuse across multiple accounts. Once strong passwords are in place, it is essential and required to use 2FA to ensure that only authorized individuals gain access, even if a password is compromised. We highlight the importance of 2FA and how you can enable it in more detail here.

Avoid Phishing Scams

Cybercriminals commonly employ phishing scams to steal sensitive information. Employees may unwittingly grant access to cybercriminals by clicking on seemingly legitimate links or downloading attachments. Healthcare providers should educate their employees about the dangers of phishing scams and provide training on identifying and avoiding them.

Use Encryption Technology

Encryption technology transforms data into an unreadable format that requires a decryption key for access. It can protect confidential patient information, including medical history, social security numbers, and payment details.

Conduct Regular Security Audits

Identifying vulnerabilities and promptly addressing them is crucial for the healthcare provider’s system. Regular security audits should be conducted to identify potential weaknesses and take appropriate measures to fix them. Employees should be made aware of the importance of security audits and their role in maintaining cybersecurity.

Provide Cybersecurity Training for Employees

Employees often constitute the weakest link in the cybersecurity chain, emphasizing the need for training to identify and prevent cyberattacks. Regular cybersecurity training should be provided to educate employees on cybersecurity’s importance, how to identify potential threats, and implementing best practices for protecting sensitive patient data. Refer to our previous blog on cybersecurity testing for more information.

Cybersecurity is critical for healthcare providers in protecting patient data from cyberattacks. Implementing the five essential cybersecurity measures mentioned above enables healthcare providers to safeguard sensitive patient information and build trust with their patients.

Learn more about how our team can protect you and your business today at 703-790-0400 or sales@optfinITy.com.

Google Settles Lawsuit for Tracking Users in Incognito Mode

By -- 2024-01-12 in Blog

Is your search activity truly private in private mode?

Google has finally settled a lawsuit from June 2020 alleging that users were misled by having their activity tracked while browsing in incognito mode. According to The Hacker News, the plaintiffs filed a claim that Google violated federal wiretap laws by using Google Analytics to collect information when in private mode.

The case is a vital reminder of the importance of reading the fine print when it comes to your privacy. Google’s displayed message informs users that their search activity is potentially still visible to websites they visit, employers or schools, or to their internet service provider.

A common misconception is that enabling private mode ensures searches will not be traced or tracked whatsoever. In reality, incognito mode simply means that user activity will not be saved locally to the browser. This means that websites utilizing advertisement technologies and analytics APIs can continue to track and monitor all activity.

Ultimately, the court could not find evidence that Google explicitly consented to the alleged data collection. The terms of the settlement have not been disclosed.

Users must inform themselves of best cyber practices to browse securely. Clearing cache and cookies regularly can help protect your information from websites tracking your data for advertising purposes. To truly be safe, avoid searching or browsing on any websites that you wouldn’t want your employer or anyone else to see.

Update: April 3rd, 2024

In response to the 2020 lawsuit Google has agreed to destroy billions of data records. The step holds significant implications for the conversation surrounding online security and privacy.

For more cyber safety tips visit www.optfinITy.com or contact us for a free consultation at sales@optfinITy.com or 703-790-0400.

Can Hackers Still Bypass 2FA?

By -- 2024-01-10 in Blog

Despite having 2FA enabled, Mandiant, a Google-owned company, was recently the victim of a cyber-attack against their Twitter account with over 100,000 followers.

To appear more legitimate, the hackers renamed the account “Phantom” and updated the bio to pose as the Phantom Cryptocurrency wallet. The hackers then used the account to promote links to a phony website claiming to offer free $PHNTM cryptocurrency tokens.

Aside from attempting to gain access to financial information, the hackers also mocked Mandiant in a series of tweets suggesting that the company change the password and check the account bookmarks once they got control of the account again. Upon regaining control of the account, Mandiant confirmed that they had 2FA enabled and were looking into the issue.

2FA, also known as multifactor authentication, requires an extra layer of security where you need to insert a code from an app, fingerprint, facial scan, or an additional method to authenticate your identity. You can check out our previous blog post on how 2FA can help you make your passcodes more secure to learn more about it.

The Mandiant breach serves as an important reminder that 2FA does not completely defend against cyberattacks. You should still enable 2FA to protect yourself, but it should be used in addition to safe cyber habits and frequent monitoring.

Don’t leave your cybersecurity to chance: visit www.optfinITy.com or contact us for a free consultation at sales@optfinITy.com or 703-790-0400.

An Advanced iPhone Hack is Putting Apple Users at Risk

By -- 2024-01-9 in Blog

If you’re an Apple user, your data may be vulnerable to one of the most sophisticated attacks  of 2023. A recent discovery by Russian cybersecurity company, Kaspersky, has brought to light an advanced spyware attack that was able to target Apple iOS devices. According to Hacker News, the attack, which was dubbed Operation Triangulation, used four never-before-seen zero-day vulnerabilities to bypass hardware-based security protections and gather sensitive information from devices running iOS versions up to iOS 16.2.

The attack begins with an iMessage carrying a malicious attachment that automatically processes and deploys a spyware module without user interaction. This means that the user wouldn’t even need to open the attachment for the attack to be successful. The severity of the attack is evident in the fact that it was able to bypass Apple’s strong security protocols, which is a major cause for concern.

Apple did release patches for some of the vulnerabilities in January 2023, but others were addressed in iOS 15.7.7, iOS 15.8, iOS 16.3, iOS 16.5.1, and iOS 16.6.1. One of the vulnerabilities, CVE-2023-38606, was used to bypass hardware-based security protections. The exploit allows the threat actor to gain complete control of the compromised system.

The discovery of Operation Triangulation is a wake-up call for Apple and its users. It shows that even the strongest security measures can be breached, and users need to stay vigilant and keep their devices updated with the latest security patches. With the increasing number of cyber threats, it’s imperative to take security seriously and take all necessary steps to protect ourselves and our devices.

For more cyber safety tips visit www.optfinITy.com. Book a free network consultation at sales@optfinITy.com or 703-790-0400.

Is Your Smart TV Spying On You?

By -- 2024-01-3 in Blog

Are you planning to upgrade to a smart TV? You might want to think twice before making that purchase.

According to a recent warning from an FBI field office, Smart TVs could leave owners vulnerable to advanced cyberattacks. Features of these high-tech devices include facial recognition, internet streaming, and microphone sensors – all of which create a field day for cybercriminals looking to take control of your unsecured smart TV and wreak havoc on your life.

Once cybercriminals gain access to the Smart TV, they can change channels, adjust volume levels, and display inappropriate videos and media. More alarming, however, is the potential for cyberstalking via hacking the device’s camera and microphone settings.

To avoid falling victim to such cyberattacks, the FBI recommends that smart TV owners should:

  1. Educate themselves about their device’s security settings
  2. Create complex passwords
  3. Routinely install software updates by Smart TV manufacturers
  4. Disable microphones and cameras

If your smart TV doesn’t allow the disabling of cameras, placing black tape over the camera is a simple solution to keep your privacy intact.

It’s easy to get caught up in the exciting perks of the latest fancy device and forget potential drawbacks. So, while you’re out shopping for those super sales this holiday season, don’t forget to be mindful of the risks of using smart TVs and take the necessary precautions to protect yourself from potential cyberattacks.

For more cyber safety tips visit www.optfinITy.com or contact us for a free consultation at sales@optfinITy.com or 703-790-0400.

Use of Blockchain Poses New Cybersecurity Risks

By -- 2023-12-14 in Blog

Blockchain technology is most commonly associated with cryptocurrencies, but it has many potential applications for cybersecurity. Blockchain is a decentralized ledger that records transactions securely and transparently. This makes it ideal for storing sensitive data such as financial records or personally identifiable information.

However, the use of blockchain also poses new cybersecurity risks. For example, if a hacker gains control of a blockchain network, they could potentially manipulate or delete data. Additionally, blockchain networks are only as secure as their weakest link, so it is important to ensure that all participants in the network are properly secured.

Organizations must guarantee that their blockchain networks are appropriately safeguarded and supervised. This includes implementing strong authentication and access controls, regular vulnerability assessments, and penetration testing. It is also important to ensure that all participants in the network are properly vetted and secured.

With the appropriate measures in place, organizations can harness the full potential of these emerging technologies while minimizing cybersecurity risks.

Unsure of vulnerabilities in your network? Schedule a FREE consultation with OptfinITy Today. Contact 703-790-0400 or sales@optfinITy.com to learn more.

23andMe Data Breach Impacts 6 Million Users

By -- 2023-12-8 in Blog

23andMe, the popular genetic testing company, reported a data breach in October, which was later found to have impacted nearly 14,000 user accounts. Unfortunately, recent information has uncovered that the actual impact of the breach extended much further than a small fraction of users. According to Wired, the attackers collected the personal data of around 5.5 million people who had opted to use the company’s DNA Relatives service, along with an additional 1.4 million DNA Relatives users.

The data stolen included display names, relationship labels, predicted relationships, and percentage of DNA shared with DNA Relatives matches. Additional data including ancestry reports, self-reported locations, ancestor birth locations, family names, profile pictures, birth years, links to self-created family trees, and other profile information was also compromised.

The incident speaks to the importance of user data sharing between companies and software features that promote social sharing, especially when the information puts personal details about user identity at risk.

The devastation of the breach is a wake-up call for businesses to bolster cybersecurity efforts. While no industry is fully safe from a cyberattack, sectors in healthcare, financial services, legal services, and any company like 23andMe that deals with confidential data on a large scale are especially vulnerable.

Cyber breaches can be devastating to any organization’s reputation and bottom line, regardless of company size or revenue. To stay ahead of cyber risks in your organization’s network, you can schedule a free consultation with us today.

Contact us for a free consultation at sales@optfinITy.com or 703-790-0400.

Apple iPhone iOS17 Sparks Privacy Debate: Should You Be Worried?

By -- 2023-12-5 in Blog

Apple fans have been enjoying the latest iOS 17 upgrade and the iPhone 15 series for several months now. However, Apple fans are divided on the new NameDrop feature, because some bad actors could use it to steal information based on recent law enforcement advisories.

Apple ensures that users are safe and can select which pieces of information are shared when they use NameDrop. Additionally, you have the option to either Receive Only or share when the NameDrop feature is presented. This means you are able to be selective with what information you choose to share while using the feature.

If you still don’t feel comfortable with NameDrop, you can easily disable the feature manually by following these steps:

  1. Open the Settings app
  2. Tap on General
  3. Navigate to the AirDrop tab
  4. Toggle the Bring Devices Together option off

Once you disable the feature, it will no longer appear as an option in AirDrop. If you change your mind later, you can easily toggle the Bring Devices Together option. For more cyber safety tips visit www.optfinITy.com or contact us for a free consultation at sales@optfinITy.com or 703-790-0400.