New Virulent, Wide-Spread and Expensive Ransomware Outbreak Coming to You Soon

Orange County, CA - We have seen a surge in ransomware attacks in the past week.  While only two Alvaka clients have gotten hit, they are a tale of different system administration acumen. 

1.  A multi-state firm got hit with the latest breed of ransomware on Friday.  Where an otherwise non-event for the most part went wrong was that a key user insisted on having elevated administrative rights for their IT infrastructure.  Instead of using a regular user account, with very limited user rights for day-to-day activities, this more powerful account, when struck by the ransomware, infected all the important file shares of the firm, including the branch location file stores.  Fortunately they had good backups, but because of poor folder naming conventions and structures it took the guys in our Alvaka Networks’ Network Operations Center about 28 hours straight to get all the user permissions back in order for client to get back to work.  The lack of least-permissions as used by this client goes in direct opposition to what we recommend at Alvaka.  Least-permissions is the practice of using accounts that grant the user to only the locations on the network for which they have a business need to access.

2.  In another example, that struck today, a $200m manufacturer/distributor got hit by the same ransomware.  This time it was a Jr executive.  He saw some problems with his system, but did not report the problem not knowing what it was and went home.  The problem was detected after he left, but the outcome was very different than the prior scenario.  Why?  Because this user only...

New Virulent, Wide-Spread and Expensive Ransomware Outbreak Coming to You Soon2024-03-14T00:20:41-07:00

What 12 Security Things Should I Focus on to Be Defensible in 2016?

Here is a sneak-peek and what is likely my most important blog for the upcoming New Year.  This is just a partial teaser....

----------------------------------------------------------------------

Irvine, CA - I was recently asked by a roundtable of CEOs to advise them on network security.  They had a lot of questions and a lot of misinformation.  I was surprised as this was a group of technology company CEOs and what I quickly found out is that they did not know much more than my non-tech company CEO clients.  From that discussion they asked me to come back and present to them a short list of actions they should take in 2016 to better secure their systems.  Initially I wanted to present them with a list of 10 things they should focus upon.  For anyone that knows, it is easy to create a list of 100 things that should be done to secure a system. However, I decided in order to make the list actionable and not overwhelming I needed to focus on the 10 things I have seen in the past year or two that have caused the most real-life grief for our new and existing clients.  I wanted to keep the list to 10 items, but I had to fudge a bit and expand to 12 core items. Then I added three bonus items for those who are over-achievers and another three for those in regulated businesses like healthcare, financial services and Sarbanes-Oxley.

This list is not complete nor absolute.  It is a list I have created largely in order of my perceived importance based upon the real-life hacks, breaches and other maladies related to failures of network security to keep the bad guys out.  You will need to assess the requirements that are appropriate for your firm.  If you are looking for a good place to start, I offer up my suggestions below.

1.       You need to do a vulnerability assessment or security assessment.  It is impossible for you to know what actions you should take to properly secure your systems without first doing an assessment.  Assessments are common practice at many firms, yet completely ignored at others.  It is fairly easy for you to order a vulnerability assessment and the best part is that it takes very little time and participation from you and your IT staff.  The cost for this service ranges from a few thousand dollars for a very small firm to several tens-of-thousands or even hundreds of thousands of dollars for larger enterprises.  These should be done at least once per year just like your financial audit.

2.       Patching for Software Security Updates is perhaps one of the most overlooked and under-rated security measures you can implement to better secure your systems.  I maintain that good software patching measures are in some ways more important than your firewall.  A firewall is a formidable device that once it gets set-up has a number of ports opened up so that your firm can transact business.  That is where it gets weak.  Through these legitimately opened ports attackers will send nasty payloads that compromise your system, often without you knowing.  Imagine a hardened castle all buttoned up, but the draw bridge must be opened in order to conduct commerce.  Through that legitimately opened bridge come the sneak attacks, the scammers, crooks, mischievous and spies....

What 12 Security Things Should I Focus on to Be Defensible in 2016?2015-11-12T03:10:52-08:00

Do You Accept Credit Cards? If Yes, Read This….

VISA just released this Security Alert.  It affects everyone who uses a Point-of-Sale (POS) terminal to accept credit card payments.  If you use that small device by your register to slide cards in order to accept payment you may be at risk.

VISA has identified malicious code that can allow hackers to gain access to the credit card information you are receiving through these POS terminals.  Some of the service providers who maintain these devices are not following good security practices and

Do You Accept Credit Cards? If Yes, Read This….2019-07-16T21:17:59-07:00

Beware – There is a New Ransomware Variant Running Loose

I just read on BleepingComputer.com a new post about a variation of the CoinVault ransomware.  This one is called BitCryptor and unless you have a good backup it sounds like you will be paying the ransom if you are hit.

Here are some key characteristics:

Beware – There is a New Ransomware Variant Running Loose2015-05-19T02:55:34-07:00

Is Antivirus Software Really Dead?

I am curious what Dye’s definition is for "cyber-attack?" One this is for sure, the motivation of hackers and malware has changed dramatically over the years. The threats are new and different today. Going back in history most malware was related to someone wanting cyber fame, making a political statement or just plain mischievousness. Now with the advent of ransomware, spam mailing bots and

Is Antivirus Software Really Dead?2017-11-13T07:30:06-08:00

The Java Problem Just Got Worse

Be careful where you go to update your Java software.  There is new malware masquerading as a Java update. If you are a current client and your company is concerned about this security risk and you feel you need some [...]

The Java Problem Just Got Worse2018-08-22T11:22:39-07:00