Tag : Security

9Jan 2023
Hackers selling corporate network access for cashHackers selling corporate network access for cash

Hackers selling corporate network access for cash

If a single hacker, or hacker group, running amok in your network isn’t bad enough, how about the idea of them selling access to others too?

That’s apparently what’s happening on the dark web.

A recent report from Israeli cyber-intelligence firm KELA has outlined the fact Initial Access Brokers (IABs) are selling access to 576 corporate networks for a total of $4 million.

That access is now being sold for more than before. While the cost of living crisis concerns itself with mortgages and energy costs, it seems criminals aren’t immune either.

The KELA report mainly centres on American businesses, but you can be sure it’s happening here too.

Initial Access Brokers

Initial Access Brokers are hackers who penetrate networks, establish some kind of foothold so they can come back and then sell that access to others.

It’s an incredibly lucrative business where they do the initial hard work and then rent out their backdoor to others.

Those others will then steal data, mine for secrets, deploy ransomware, perform industrial espionage or something else entirely.

The main barrier to entry for most cyber criminals is the strength of defences.

If someone else handles that for you and all you need to do is rent some time within a network, it’s a whole lot easier to do.

We’re not sure why Initial Access Brokers became a thing.

It may be because they are experts at penetrating networks and not experts at mining data. They may like the challenge of the initial attack and not be interested in what comes after, or there may be more money in renting out access.

Whatever the reasons, IABs are more common than ever and more damaging.

That KELA report showed 110 IABs offering a total of 576 network access samples for a combined total of $4 million.

The average cost for an individual access was $2,800 (£2,495).

Access was being sold on the dark web and hacking forums and prices varied from a few hundred dollars up to $3 million for a single network access.

The scale of unauthorised access

Most businesses recognise the need to protect networks from unauthorised access but we’re not sure everyone realises the scale of the problem.

Or how easy it is now to get access.

KELA themselves recognised that few companies they interviewed were truly aware of just what threats were out there and in what form.

“We found organizations may be less prepared for threats emerging from the cybercrime underground than they should be,” said David Carmiel, KELA CEO.

“At KELA, our extensive intelligence expertise has shown us just how complex the cybercrime underground really is. The threats are much more comprehensive, and what organizations know and refer to as the dark web is changing within the hour.

“With these findings, we hope to proactively educate the security community about the state and future of cybercrime so they can stay ahead of the curve.”

Protecting networks from intruders

A coherent network security policy is more important than ever and defence in depth plays an integral part of that.

Your current corporate firewall may be good at what it does, but it isn’t enough on its own. Neither is any single layer of defence.

We are now in the realms of multi-layered cyber defence where a combination of access controls, encryption, VPNs, multi-factor authentication and other measures are required.

A small to medium-sized business might wonder how they could afford, or manage such defences. Or whether a hacker network would target them at all.

The answer to the second question is yes, SMBs are priority targets primarily because they cannot usually afford first-rate cyber defences.

Or can you?

There’s no need to spend thousands on your own defences and spend days or weeks training your own cyber security team.

Use ours instead.

Work with Cloud Heroes, use our cloud services and you could benefit from cutting-edge cyber security, 24/7 intrusion monitoring, encryption and support from an expert team.

All for less than you might think!

Read More
7Dec 2022
Tackling the rise in supply chain cyber attacksTackling the rise in supply chain cyber attacks

Tackling the rise in supply chain cyber attacks

The National Cyber Security Centre (NCSC), part of GCHQ has issued new guidance to help businesses manage the cyber security of supply chains.

Authorities are taking the threat so seriously, they have made the prevention a priority. We all should make it a priority too.

Only 13% of businesses actively review risks presented by suppliers. That’s a tiny number for what is a huge and complex web of suppliers and consumers in the UK.

That number is nowhere near high enough.

What is a supply chain cyber attack?

A supply chain cyber attack is where a hacker gains access to a system owned by a supplier and uses it to access your network.

It may seem a little convoluted but it’s a way for hackers to access potential blind spots within enterprise networks.

The now infamous SolarWinds attack attributed to Russia is an example of a supply chain cyber attack

SolarWinds were infiltrated via a supplier system linked to the SolarWinds network. As the supplier didn’t have anything like the security SolarWinds had, they were an easy target.

The hackers then managed to load a backdoor into SolarWinds, thus providing access to anyone using their products.

It was an incredibly sophisticated attack that took the world by surprise.

Its success has spawned many hundreds of copycats, which is why we, and NCSC, want you to be aware of the threat.

New NCSC guidance for supply chain attacks

Ian McCormack, NCSC Deputy Director for Government Cyber Resilience, said:

“Supply chain attacks are a major cyber threat facing organisations and incidents can have a profound, long-lasting impact on businesses and customers.

“With incidents on the rise, it is vital organisations work with their suppliers to identify supply chain risks and ensure appropriate security measures are in place.

“Our new guidance will help organisations put this into practice so they can assess their supply chain’s security and gain confidence that they are working with suppliers securely.”

There’s a lot to unpack in the revised NCSC guidance, but in essence it covers:

Understanding the threat

Recognising that suppliers can offer an easy target that can be leveraged to infiltrate more sophisticated networks.

That means checking with suppliers to assess their security, mitigating any identified risks and securing your systems against outside access from suppliers.

Mitigating the threat

Mitigating the threat has a range of topics, including:

  • Prioritising your own system security
  • Creating restricted profiles for suppliers
  • Determining the cyber security requirements for suppliers
  • Managing compliance and monitoring performance
  • Contract clauses for suppliers and their obligations
  • Educating internal staff and external suppliers of threats
  • Embedding controls throughout the entire process
  • Regular reporting of the situation at board level

We won’t repeat the whole guidance verbatim, but it’s here if you want to read it.

Protecting your business from attack

There are a number of practical measures you can take to protect your business aside from what the NCSC suggests.

They include:

Using cloud computing wherever possible

The cloud won’t insulate you from hacking and malware completely, but it provides a robust platform that’s secure and that can be instantly recovered from backups should anything happen.

You can use the cloud for email, data storage and even Windows desktops.

Backups for everything

Not all cyber attacks want to harvest data or hold you to ransom. Some just want to disrupt operations. Every business needs to be protected.

Having current backups for all critical data is the best way to protect your systems. Daily backups and even constant incremental backups mean very little producitivty is lost should the worst happen.

Managed services

Working with experienced providers for essential services is also key. They will have the security solutions, policies, procedures and experience to mitigate all but the worst attacks.

They will also have the manpower and skills to help you recover should the worst happen.

Zero trust methodology for suppliers

Using the principle of zero trust or least privileged for suppliers is a key way not becoming the next SolarWinds.

Grant enough privileges for a supplier to perform their work but no more, and monitor everything they do.

It may sound harsh, but it’s your network and your data so protect it at all costs.

The rise in supply chain cyber attacks isn’t good news, but there is a silver lining to every cloud. If you partner with a reliable service provider and follow our and the NCSC’s guidance, you can prevent all but the most sophisticated attacks.

Contact one of our team today for expert cyber security protection!

Read More
17Nov 2022
Fake Windows update scams targeting companiesFake Windows update scams targeting companies

Fake Windows update scams targeting companies

We have seen a number of Windows update scams over the years, but according to McAfee, they are on the rise. The latest attack type is smarter and more effective than ever.

If you manage Windows machines, this is definitely something to watch out for!

A report published by McAfee throws new light on an old problem. A new type of scam targeted Windows users.

The problem is called Magniber and its ransomware disguised as a legitimate Windows update.

Magniber ransomware

The Magniber ransomware has been very cleverly designed. It hides its true purpose until the very last minute and only reveals itself once all your files are locked down and it makes its demands.

The good news is that it hasn’t integrated into Window’s built-in update mechanism and still depends on user action.

The bad news is that every aspect of the Magniber ransomware has been designed to quietly infiltrate user devices until it’s too late.

Machines are compromised when a user visits an infected website.

These websites include fake Windows 10 update links. Once the link is clicked, the malware will download a JavaScript file to the device and open in memory.

As not all antivirus or malware scanners monitor memory, it can be missed until it’s too late.

Once active, the malware encrypts all files on accessible drives and sets itself up as an administrator.

Once its work is complete, it will open a ransom window and demand payment in return for restoring access.

If you refuse to pay, data is deleted for good. If you do pay, presumably your files are restored.

As the malware sets itself up as an administrator, there’s nothing stopping a hacker gaining access to the device directly to plant more malware or copy data.

That’s much more involved than running the ransomware but there have been instances where hackers piggybacked malware to see what they can find.

Mitigating against Magniber ransomware

As we mentioned, the main weakness of Magniber ransomware is that it requires users to visit an infected website and click a download link.

This is where IT policies, staff training and awareness and internet security controls come in.

Teaching staff to not visit such websites and to never click links can be very effective.

As can showing staff how Windows update really works or that IT will take care of system updates so staff don’t have to.

This is your first line of defence.

A network security solution that can detect websites with infected links can also be useful.

This is your second line of defence.

Using a security solution that can scan device memory for malware is also valuable.

This is your third line of defence.

While prevention is always better than cure, its situations like this where backups prove their worth.

Backups are your final line of defence.

The power of backups against ransomware

Most ransomware will encrypt files and promise to unlock them in return for a crypto fee.

What we don’t know is the proportion of ransomware that actually unlocks those files once paid.

If we were betting people, we would bet on that being a relatively low number. Which means it’s likely to be futile to pay the hacker what they are asking for.

If you applied the rules of rational economics, the vast majority of ransomware payments would result in data being unlocked.

After all, if word got around that data was lost even after paying up, that revenue stream would soon dry up.

But, neither economics, nor malware is rational, so all bets are off.

This makes the case for regular backups.

Regular backups means if you don’t pay the ransom, you can wipe the infected system and rebuild it from backup.

At the most, you lose a few hours or a day of productivity.

As most backup solutions cost less than the average ransom and can cover any number of devices, it’s money well spent.

Staff education and training is a great preventative measure but nothing beats a strong secondary defence in IT policies and security solutions.

If you need help with any of that, Cloud Heroes are here to help.

Read More
1Nov 2022
How cloud services balance productivity and securityHow cloud services balance productivity and security

How cloud services balance productivity and security

The modern business environment is one of competing priorities. The business needs to make information accessible to help productivity. IT teams and security admins need to lock down information to prevent it being lost or hacked.

Both are viable priorities.

Information is essential for a business to run. We have to share information to be able to function and that will typically involve sharing, making copies and sending outside the business to clients.

Security still needs to be maintained though as information is currency. In the right hands, it’s your currency that helps build relationships and gets business done. In the wrong hands, it can be held against you, shared without your permission or given to competitors.

How do you manage the two?

The cloud can help.

Cloud services and productivity

Not that long ago, information was locked down. Businesses were divided into silos and information and responsibility was kept within those silos.

It wasn’t a particularly efficient way to work, which is why it failed.

We are now working in a more open environment but there’s still a battle between keeping information accessible so it can help productivity and locking it down to keep it safe.

Overzealous managers or security admins can often get in the way of productivity and collaboration.

We have all seen it and we have all rolled our eyes at it when trying to share information with others.

We can avoid all that by switching to the cloud.

Let’s look at a real life example.

If your business is anything like ours, you would identify a piece of data, a file, a document or information relevant to the task at hand.

You will make a copy of that information and share it via email, Slack or company channels.

There will now be several copies of that information that need to be secured and controlled.

Once you share copies of data, you lose control over it. That’s not a great way to manage data security. While you may trust everyone in the distribution list, accidents happen. We all know they do.

Auditing is impossible and it’s difficult to notify all interested parties when an update has been made to any of that information.

It gets business done, but not in a particularly efficient way.

Now let’s look at a cloud example.

This is how we and thousands of other firms now work and we encourage you to work this way too.

You identify a piece of data, a file, a document or information relevant to the task at hand.

Rather than make a copy and share it, you share access to the actual piece of data within the cloud.

You add the relevant people to the access list for the document, provide read-only, edit or administrative permissions as required and share the link to that document.

Only the people with that link or with permission can access it, so your security admin is happy.

Relevant parties have access to the information and can act upon it, which makes managers happy.

Every change to that data is tracked, with a full audit trail for every change by every user, which makes your data controller very happy.

The core copy of the information can be secured and updated as required and everyone can see the changes.

Access can be changed or revoked at any time to help maintain data security.

All without having to make multiple copies of information, lose control of that information or risk colleagues or clients working on outdated documents or obsolete data.

That’s just one example of one particular instance that happens millions of times around the world.

There are likely many other ways controlling access to data can benefit your business without impacting productivity, but you get the idea.

Balancing productivity and security with the cloud

Switching to cloud services like Office 365 means you regain control of your data, increase security, maintain access and can effectively audit any changes.

All without impacting productivity and actually improving the way you work by making data available anywhere at any time. But only for authorised users.

It’s no wonder more businesses than ever before are switching to the cloud!

Not only is it cheaper and easier to manage, it helps you maintain full control over business intelligence while providing access to those who legitimately need it.

When data is currency, control is everything!

Read More
19Oct 2022
CH blog - Cost of living scamsCost of living scams on the increase and set to get worse

Cost of living scams on the increase and set to get worse

Reports are coming thick and fast reporting a drastic increase in scams targeting the general public using cost of living, energy and discounts.

High Street banks and Citizens Advice are calling for people to be aware of a range of scams.

Scams include phishing emails supposedly from energy companies or Ofgem, WhatsApp messages from relatives who need help paying for a new phone, emails from the Department of Work and Pensions telling you to apply for cost of living payments and others.

As always when things get tough, scammers seek to benefit from it.

You don’t need us to tell you how tough these times are, but we are going to highlight some particular scams and what to do about them.

Energy companies or Ofgem

Given the energy situation right now, there’s an obvious nervousness about what the future holds. This gives scammers an edge as messages around energy costs are emotional and sidestep the rational side of our brain.

One scam doing the rounds is purportedly from Ofgem, the energy regulator.

It asks you to apply for a pair of energy rebates of around £700. The email looks convincing but some have said it is dated 2020.

Ofgem isn’t sending emails like this. They regulate the energy companies, they don’t get involved in the rebate scheme.

WhatsApp messages to help family members

Another scam doing the rounds right now is a WhatsApp scam. You’ll receive a message from an unrecognised number purporting to be from a family member.

The message says they lost their phone or were mugged and need you to send them some money to buy a new phone. They are borrowing a phone right now, hence the unknown number.

This is another very convincing scam that uses emotion to try to sidestep the logical side of the brain. It is apparently proving very successful.

Top tips to avoid the worst cost of living scams

If you or your staff are receiving messages or emails that aren’t being filtered by your systems, train everyone to spot them.

Here are some things to look out for:

Spelling and grammar – Some scam messages look really good, while others have obvious errors. Look for things that just don’t ‘feel’ right like informal greetings, wrong names, wrong dates or poor layout.

Unknown numbers or email addresses – We receive hundreds of emails a day at work and at home, but we’ll recognise the vast majority of them. Ignore any messages that request information that your team doesn’t recognise. You can always follow up directly with the supposed sender via other channels to verify.

Attachments – Businesses send attachments all the time, but we recognise them or the sender. If a message gets through your filters with an attachment, train staff to never open it if they are unsure of the sender or the contents.

Offers that are simply too good – If an offer sounds too good to be true, it probably is. Use the same principles you would in business, at work or at home to decide whether an offer sounds legitimate or not.

Most of all, remind staff that most organisations won’t email directly from unknown email addresses or call them from unknown numbers.

If in doubt, delete the message and follow up with the organisation directly through another channel.

If it’s important, the organisation will get in touch another way.

For energy scams, most discounts are being applied automatically, so there’s no need to give bank details or personal details to any organisation, whoever they are.

If your email filters aren’t capturing email scams or filtering out junk, perhaps it’s time to look at an alternative solution. Contact one of our team to see how hosted email can help!

Read More