This month, we are featuring Elon Grad, our VP of Technology and Innovation here at Platte River Networks. Elon is responsible for vetting and adopting new technology for our staff and clients as well as managing PRN’s tools, products, infrastructure, and datacenter/cloud. He loves investigating new technologies and seeing the impact a new tool or product has on staff and clients. His favorite part of his job is solving problems and helping people, which he finds very rewarding.
Elon is originally from Chicago and spent most of his life in Florida before coming to Colorado. He got his Bachelor’s in Business Management from CSU. Prior to PRN, he was an IT consultant in Chicago and a Franchisee owner. He has now been at PRN for over 7 years.
Elon and his wife have a little girl that is about to turn 1 year old, so he has very little spare time. But when he does, he enjoys woodworking, leatherwork, small electronics, anything he can make with his hands. He also enjoys photography, hiking, and camping. They also have a cat named Esme. Being with his friends and family is what makes him happiest.
When asked who he most admires, Elon chose Steve Wozniak because he pioneered the personal computer and innovated so many other technologies. He is considered one of the greatest problem solvers of his times and also managed to live a simple, low-key lifestyle out of the spotlight and craziness that wealth and status can bring. Elon also enjoys the recent superhero movies and says his favorite superhero would be the current iteration of Spiderman, an innocent, flawed kid trying to figure it all out. He is given tremendous power and chooses to do good with it.
We are thankful to have Elon as a part of the Platte River team!
It’s not often that Rolling Stone Magazine discusses Network Security. So when they do, you know to pay attention.
Did network security just become “cool?”
Unfortunately no, that will never happen anywhere but in our most outrageous pipe dreams. What happened was: the Entertainment law firm representing celebrities such as Lady Gaga, Bruce Springsteen, and Madonna, was hacked. And the private data of their most prestigious clients was held for ransom.
“It seems that GRUBMANS doesn’t care about their clients or it was a mistake to hire a recovery company to help in the negotiations,” the hackers wrote. “As we promised, we [published] the first part of the data because the time is up.”
From Rolling Stone, “Celeb Law Firm Refuses Hacker Ransom as Lady Gaga Files Leak”
This is bad news for more than Grubman Shire Meiselas & Sacks, more than their clients, and the countless fans who do not want to see the backstage legal dealings of the music industry; it is bad news for law firms, which are now much more likely to be targeted in the future.
REvil — the hacker organization responsible for the data heist — has been perfecting this strategy for the last year, leaving a wide trail of data breaches and extortions in their wake. This group has become a “Google” of the hacker community, and these attacks still only show signs of expanding to larger and larger targets.
Whether REvil continues to target law firms or moves on, the fact that they have targeted one could potentially set a new trend. The likelihood of that grim possibility depends on a number of factors ranging from success to adoptability. Clearly Google can do some things no one else can do. But if the strategies, tactics and tools deployed against Grubman Shire Meiselas & Sackswith are easy to mimic, then we could potentially see many mid-sized and smaller firms under attack.
Why Does REvil Target Law Firms?
First it will help to understand the historical progression of this strategy because it reveals certain tactics that are likely to persist simply because they have persisted in a strategy that has evolved constantly since its inception.
Platte River Networks wrote about REvil four months ago in “Ransomware Now Threatens to Publish Your Data” because they were metastasizing at an alarming rate and had already rewritten the rules of ransomware. They had developed two new ideas about how to ransom an organization.
1. Data is worth more as a hostage than business continuity
Until 2019 the focus of ransomware was exclusively business continuity. A piece of malware would hold IT assets hostage until a fee was paid, disabling critical systems. If you think about it, it isn’t obvious at all that data should be worth more than critical functionality. It seems like the whole system should be worth more than one thing the system contains. But in practice, a potentially dead business is worth less to save than a live one. This, and the fact that shame of losing sensitive information is a public relations nightmare, far harder to recover from than the tragedy of a destroyed IT infrastructure, make data extortion more valuable than IT assets.
2. Financially sensitive information is worth less than privileged information
REvil is not the only group to try its hand at extortion, but it has improved the tactics and tools used to leverage private information. The group releases private information in waves, on publicly available, anonymized websites. This makes the information public knowledge for paparazzi, journalists, and just your average curious person.
3. Higher returns from one breach affecting many tied records than many breaches.
Late last year REvil discovered they could ransom dozens or even hundreds of victims with only one breach. A number of IT firms fell victim, and REvil proceeded to extort each individual client with the data they reaped. We see this idea at play in this most recent case, but to date we have not seen a victim as sensitive to this tactic as a law firm.
Will Other Hackers Be Able to Mimic REvil Easily?
Now that we’ve looked at the “returns,” it’s time to look at the costs. The hacker group clearly has some talented hackers working for it. So, how good do you need to be in order to copy REvil?
There are always proprietary mechanisms for gaining entry to well-defended organizations that cannot be copied, if only because they have a low shelf-life. These cannot be copied, and even if REvil sells its software on the black market, security firms will be able to adapt and defend their clients against copycats.
However, the threat increases for smaller law firms that might not have sophisticated defenses. Typically we see copycats try to pick off smaller targets with older systems. That’s why municipal governments were popular targets at first. With older systems, breaching was simpler. This allowed REvil to fund their operations while developing the basic toolkit, almost like a prototype. Now it’s about scaling. This latest heist demanded $42 million, and we only know about it because instead of paying, Grubman Shire Meiselas & Sacks did the right thing and hired a security company rather than pay the ransom and feed a growing cancer.
How Can Small and Mid-Sized Law Firms Protect Themselves from Ransomware?
It is impossible to say how many firms have been targeted thus far, or how many will be targeted in the next year or two. However, judging from the success of these emerging tactics we would highly recommend taking action to add additional layers of network protection.
If you do not have an IT/security firm, consider hiring one. If you have one, take additional steps to increase security, such as multi-factor authentication, Zero-Trust protocols, employee trainings, encryption, and additional security features that will not only make your firm harder to penetrate, but also protect your sensitive data against intruders. Platte River Networks deploys a full suite of online and offline protections. We adapt our protections in response to the most recent cyberattacks across the globe and since founding in 2002 have had a 100% defense rate. Not a single client of ours has been hacked.
We cannot say whether REvil will continue to target law firms, or for how long. Perhaps the group will soon find another target profile that returns even more value. But we do urge extra precautionary measures for all previous REvil victim profiles, especially municipal governments and law firms.
We have worked extensively in the legal space for 20 years and currently provide full managed IT services to over 20 law firms. If you have any questions please feel free to contact David DeCamillis at firstname.lastname@example.org for more information.
This report looks at general trends in cyber-attack and business network security that have been emerging over the last year. We believe these findings are important for businesses to consider, in large part because they can help you defend your business from the latest threats.
Intended as a high-level summary, this report does not delve into specific scenarios that have become more prevalent recently, such as Covid-19 scams. However, in many cases we do supply links for further reading.
#1 The highest priority of cyberattacks is business disruption.
You might have heard that ransomware is on the rise. It is. 2019 and early 2020 have shown a clear and increasing prevalence of attacks to target disruption with the intent to ransom. CrowdStrike Services reported in their 2019 Cyber Front Lines Report that over one-third of incidents they investigated last year intended to disrupt organization IT functionality — either through ransomware, malware, or denial of service attacks.
In early 2020 we are seeing further escalation, with public utilities, municipalities, and service provider networks being ransomed. This is important for businesses because business continuity plans can deter many, but not all, of these attacks.
Bottom Line: Continuity Planning should, therefore, add a ransomware scenario to be effective.
#2 Business cybersecurity detection improving
Businesses continue to detect and deter more attacks than ever before. In fact, detection is an important element to keep in mind when addressing the also-increasing number of cyberattacks because many of these are reported after early identification and defeat. Judging from the increasing sophistication of attacks, however, we believe attacks are increasing at a larger rate than detection capabilities.
Bottom Line: Sharp increases in the reported number of cyber attacks mean that security professionals are doing an incredible job but also indicates a growing threat.
#3 And yet dwell time is still increasing
Another note on sophistication. Dwell time records the time from initial entry to the trigger — whether the trigger is pulled by the defenders (in the case of discovery) or attacker (in the case of ransomware). This figure is particularly skewed by trends because of the wide variance between attack types.
Bottom Line: SMBs are especially prone to pick up malware and adware that can sit for years in many cases. The average dwell time for these attacks was 798 days according to Infocyte’s Mid-market Threat and Incident Response Report. However, ransomware dwell time averaged just 43 days.
#4 To avoid detection, attacks often use malware, either alone or in combination with other techniques.
Malware often abuses trusted processes to hide. Meanwhile, additional algorithms will attack security software, in some cases uninstalling or disabling the software, or indirectly by obfuscating the data that could lead to a detection. More sophisticated attacks may resort to multiple techniques to avoid detection for months, or years.
Bottom Line: In almost three out of four cases malware is deployed.
#5 Third-party service providers are being targeted to compromise their customers in larger-scale attacks.
From NotPetya to more recent actions by hacker group Sodinokibi (aka REvil), the hacking community is learning how to leverage service providers as an entry point for large-scale attacks. But there is a key difference.
Bottom Line: Take time to consider the security practices of every service provider you do business with.
#6 Attackers are automating and simplifying complex tasks with the biggest ‘gains’ in Active Directory reconnaissance.
With one compromised account, hackers have historically faced a significant grind as they track down all linked accounts and ultimately plot their course to the next target, whether that is sensitive information, security software, or administrative controls. Not only has this been a time-consuming, methodical, and boring leg of the journey; it has also required skill and experience.
Bottom Line: New tools such as BloodHound have simplified and automated this process, making attacks easier, cheaper, and faster to deploy.
It should be noted that BloodHound can also be used by security companies as a tool to identify network weaknesses so that they can harden those weaknesses.
If you have any questions about how to protect your IT assets please contact Platte River Networks 303-835-9202 or email@example.com
This month, we get to know Andrew Frank, a systems technician here at Platte River Networks. Andrew has been with us for just over a year and works on installing, maintaining and troubleshooting customer IT equipment such as computers, smartphones, some servers, and networking equipment.
Andrew loves being able to help clients with issues that prevented them from doing their job. He also enjoys the team spirit and comradery at PRN, which makes it extra special. Prior to joining the PRN team, Andrew worked as a Comcast tech both in Colorado and in the DC, Maryland area. He was also a cab driver in the late 90’s in Boulder so Andrew knows all the streets, back alleys, and all the in and outs of Boulder.
Andrew was more and raised in Budapest, Hungary, but has been living in the US for over 25 years. His family is also all from Europe and everyone speaks at least 3 languages. His hobbies include Snowboarding, Cuban salsa dancing, and traveling. He especially loves traveling to Cuba for dance! He is happiest when he is on the dance floor, or on a double diamond run after a 3-foot dump of snow.
Andrew was and is still a musician and during most of his childhood, he wanted to make a living doing, composing, and playing music. Although it is still a huge part of his life, he is happy that he has had the opportunity to expand and grow in other areas as well.
Yuval Harari is the person that Andrew admires the most and his favorite book is Sapiens by Harari as well. Andrew always strives to be a better person than he was yesterday, and his favorite motto is, “There is no completion, there is only the journey.”
Thank you Andrew for being a part of our team and letting us get to know you a bit more!
In a crisis, the companies that come out of it sooner and stronger than their competitors have a detailed plan and are nimble, aggressive but smart both during the crisis and in their recovery. We’ve created an infographic on how to prepare to reopen your business.
Have a plan
You need a well thought out ramp-up plan and timeline. Prepare for all scenarios even worst case, if COVID returns. Look to where you can cut costs without hurting revenue or operations and how to improve cash flow in preparation for a fall outbreak.
Get your office ready
You need to confirm what state and federal COVID guidelines apply to your business. Once confirmed you will need to get your office ready and inform your staff of these guidelines so they can both participate and feel safe coming back to work. Do you have to take everyone’s temperature before they enter the building? Do you have to provide masks and gloves? Do you have to move cubicles or desks six feet apart? Lean on HR and get ready.
Who is the 50%?
Determine who on your staff are the 50% of the workforce that can return to the office. Check your employees’ productivity at home; you may have found new stars who were more productive at home. It might be time to improve your work-from-home capabilities further for future use.
Let your customers know
Inform all your customers that you are back in business. Reach out to them and see what has changed. Figure out what you can do to help them. Show them you are still a good value.
Have you adjusted your marketing to reflect the changes to your company, industry, community, and customers? Deliver content to help educate and inform your audience rather than to sell. This is not the time to poach and it is not time to cut marketing efforts. Your audience is aware now more than ever before looking for more value and meaningful partnerships.
Cloud Applications and Infrastructure
Is your staff working from home having difficulty connecting to your office network, data, and applications? It may be time to consider moving to more cloud applications and cloud server infrastructure so your employees working remotely or from home are not depending on your network for connectivity.
Look at offering your prospects in the pipeline discounts to help them out if they sign now. Don’t be afraid to reach out; your competition may have faltered during the shutdowns or may not be offering discounts. Look for new markets that may have opened up. Don’t wait for your competition to swoop in.
Did you apply for PPP or Disaster loans? If not, be prepared for the second round of funding. You can also talk to your bank and ask what they can do to help you such as defer payments, lower rates, provide quick loans with no fees, etc. Establish a relationship with more than one bank hopefully a local bank so you have options. Be prepared for a future crisis.
Check your insurance policies for possible business interruption insurance and consider that coverage is often conditioned on timely notice to the carrier of an insurance claim.
What did you learn?
Do you need to make any operational changes to better prepare for next time? Did you see unforeseen improvements that you can implement permanently? Can more of our workforce work from home permanently or part-time? Do you need to implement a documented crisis plan so you are better prepared for the next crisis? Learn from this crisis so you are better prepared next time. Start applying those changes and improvements now so you ready for the next crisis; including, possibly a flare-up of COVID in the fall.
Finally – a Work from Home Tip Sheet that covers EVERYTHING!
We’ve all been sent a ton of “Work from Home” tips, recommendations and ideas and frankly it has become confusing on what all to do. To make it easier, we have combined all the best tips into one, easy-to-follow infographic covering technology, security, communication, productivity and general well-being. We hope this helps!
The spread of COVID-19 has pushed many of our employees to working from home creating a gap in cybersecurity protection. Cybercriminals are exploiting COVID to target individuals working from home as a way to access their company’s data and assets.
How Cybercriminals Are Exploiting COVID
According to WeForum, COVID has led to the creation of more than 100,000 new COVID-19 web domains, many of which are malicious or suspicious.
Cybercriminals are taking advantage of our need for information when working remotely. These cyber-attacks are nothing new, but the shift to remote work environments is allowing the attackers to now focus more on the home work environment which historically is less secure.
Cybercriminals are sending COVID themed phishing emails that claim to have official information on the virus in order to lure individuals to click on malicious links that downloads remote access tools onto their home devices.
Cybercriminals are hacking into personal networks and attempting to steal data from open devices. Many users working from home have not applied the same level of security standards on their personal networks, in comparison to their corporate environment.
Cybercriminals are targeting video conferencing as well. Applications like Zoom are being targeted. Attackers are joining calls, copying information, and sharing unsettling images to users.
How Do You Protect Your Remote Workforce
Promote a company culture of cybersecurity: Business leaders should work with IT at ways to further protect the most sensitive and business critical information including, if needed, increasing the company’s security posture by adding additional security tools such as ongoing employee training. They also need to ensure that the C-suite and IT promote and support all employees practicing effective and possibly new cybersecurity policies and processes.
Inform your employees: Periodic reminders of good password hygiene and being wary of phishing attacks will keep employees engaged and secure during these critical times. Once again ongoing cyber security training will help with this. We send out Tip Sheets as well.
Add additional security tools: Additional security tools can harden your defense; automatically alerting and responding to suspicious behaviors to keep your organization secure. We recommend implementing DNS filtering and Managed Incident Response through a USA based security network operation center putting expert eyes on your network 24x7x365.
Secure your conference calls: When hosting conference calls, make sure you can managed the access and your attendees. Your conference call vendor should have security recommendations that you can be easily applied. Use one-time meeting codes as opposed to regular meeting codes. Utilize waiting rooms so you can manage who is allowed in. Utilize passwords for meeting access.
On April 8 US Cybersecurity and infrastructure Security Agency (CISA) and UK National Cyber Security Center (NCSC) released a joint special advisory on new threats emerging as a result of COVID-19. Cybercriminals and Advanced Persistent Threat (APT) groups are using the pandemic for financial gain, specifically by deploying:
Phishing, using COVID-19 as the compelling reason for the email and immediate action
Registration of domain names related to COVID-19 that attract unsuspecting traffic
Attacks against remote access workers; these are more successful due to the hurried deployment of these distributed network infrastructures
Malware and ransomware distribution, as always
To prevent these new attack trajectories from compromising your organization we will outline the most important takeaways from the report, so that employees can take right-sized precautionary measures.
We will focus on various forms of phishing attacks in this article but also point you to additional resources for help with protecting remote workers.
Protecting against COVID-19 Cyber Attacks
Phishing, nefarious domain names, and remote-access attacks are not new. The last of these has only become more common because many organizations have been forced to deploy distributed work environments without proper planning. This has left many organizations “out in the open.”
In addition, everyone operating a workstation within your endpoint security solution should be aware of the latest scams and ploys.
COVID-19 Domain Names: Watch where you click, no matter where
At this point most employees know about email phishing scams. The trick is to recognize a scam when it comes from a “trusted” source.
APT groups are always developing new ways to exploit trust, but in the midst of an unprecedented situation like the one in which we find ourselves, the opportunities magnify. No one knows what to expect in the form of communication from authorities. These unknowns become opportunities for social engineering attacks like phishing and domain hijacking.
Sophisticated attacks will use multiple touchpoints across email, but also SMS communications, false websites, and voice calling. UK NCSC reported one such attack launched from SMS:
Close inspection quickly reveals the falsification of this web address, as the real domain name is webredirect.org, not uk-covid-19. But you can see how someone who is unaware of SMS fraud and who does not know how to parse domain names might easily take this clickbait.
Clicking on the link led unsuspecting victims to the following website, designed to look like a gov.uk landing page.
Again, close inspection of the page would reveal significant differences from the real site. But many people are tricked by the professional level of detail, down to the “Tell us what you think of gov.uk.” Here is the official www.gov.uk site for comparison:
If a business is the ultimate target, all it takes is one compromised account to begin the breach.
We always recommend that our clients keep their workforces refreshed with general practices, knowledge, and emotional habits that harden them against phishing attacks, no matter where they are. Some of these include:
Emotional awareness: If a message makes you feel a strong emotion, a sense of urgency, a feeling like time is running out, or instills a sense of panic, then make a habit of taking a step away and asking a real person for a second opinion
Double Triple-check authority: If a message claims to be sent from an authority, take extra care to check the message against previous communications. Don’t follow links in the initial message before you type in the institution’s real domain address and corroborate the message.
Requests for information: Be extra wary any time you are entering personal information or passwords. Make sure the domain address is an exact match.
Know how the authorities will contact you in case of an emergency: Many authorized agencies and institutions outline their communications protocol so that you will be able to recognize official messages easily.
Businesses can also help by publishing communications updates on their homepage, so that customers can know what to expect from them.
For hackers and APTs the game is to induce strong emotions and entice people outside their comfort zone. We can all thwart these attempts to steal information and incite panic by cultivating positive habits of defining trusted space, keeping contact with trusted persons and entities, and remaining vigilant about any changes in protocol or boundaries.
For more information about how to prepare your business against the latest Covid-19 tactics, email firstname.lastname@example.org. We are happy to help your organization stay safe during these unprecedented times.
Zoom has become ubiquitous with companies that rely on their workforce to work from home. The rise in popularity of Zoom has made Zoom meetings targets for hackers. Zoom released a white paper outlining recommended security measures you can take to protect your company and meetings. Below are some highlighted features that can keep your conversations confidential.
Use One-Time use Zoom Meeting Codes – This obscures regular meetings codes.
Utilize Waiting Rooms – Only allow in who you know.
Lock a meeting once all participants are present.
Email Zoom Meeting IDs rather than a link to a meeting – Real looking links are often used by hackers to deploy malicious payloads.
Additionally, here are some helpful guides for using Zoom:
This month in our employee spotlight, we get to meet Joseph Bagwell, a specialist here at PRN. Joseph works on tickets and supporting our customers and has been with us for 8 months. He enjoys assisting others and helping them learn better ways to do things to improve the efficiency of their jobs. Joe also enjoys the challenges presented and uses every opportunity to learn something new.
Prior to joining PRN, Joe worked at his family restaurant, Beltrans Meat Market from the time he was 11 until he was 18. He has also worked at Comcast as a COMM tech Level 3 installer and is a member of the United States Coast Guard. In the coast guard, he was a fireman aboard the USCG Cutter Reef Shark in San Juan Puerto Rico and was an information systems technician petty officer in California and Kansas. The most interesting job he has had was conducting search and rescue missions and drug and migrant interdictions. Joe is currently the only Coast Guard member working in Cyber Security at NORAD/NORTHCOM.
Joe was born in Ft. Stewart, Georgia, and was raised in Denver Colorado and Las Cruces, New Mexico. He comes from a huge family with 5 boys and 1 girl and therefore has hundreds of cousins and other relatives. He admires his parents who are small business owners and are always fighting to move forward and come out on top. Joe would like to be more like his grandfather who he has always looked up to. He was a positive person that never judged Joe and always pushed him to follow his dreams.
Since he was a child, Joe has wanted to be in the IT field. In fact, he always annoyed his family when he was younger because he would take all their electronics apart and learn how things work. Although, at that time, he wouldn’t always get them back to work.
Joe likes any book he can learn something from, and his favorite movies include Finest Hours, Lonesome Dove, and Vision Quest. His favorite superhero is Batman. Joe is happiest when he is working at the family restaurant, hunting, fishing, or going to Rockies games. He also has two dogs named Marks and Rommel.
Joe’s favorite motto is “Semper Paratus” which means always ready.
We are lucky to have Joe as a member of our awesome team here at PRN!