Vaults through the Ages
The Evolution of Vaults
Vaults are lockable enclosures that protect valuables against damage, theft or intrusion. In the history of data vaults, the first two thousand years saw vaults that were more intimidating than protective. They were mostly highly decorated boxes secured by an easily defeated lock. In ancient Egypt, locks were made of wood and vulnerable to forceful entry and the effects of age. With the advent of iron, locks became smaller and more reliable but were still easily picked. In the Middle Ages, the wooden box was reinforced by iron bands but still used ineffective locks. By the seventeen hundreds, locks were made more complicated in an effort to make them more effective; featuring elaborate keys, multiple locks, fake and hidden locks and other techniques — but vaults were still vulnerable to fire.
The introduction of steel ushered in a revolution in vault security and vaults became much more effective. Fire and chemical resistant, modern vaults often feature walls more than 15 inches thick encased in reinforced concrete and secured by the most complicated locking mechanisms ever devised. Some are designed to take 20 hours or more to break into. One vault in Hiroshima even survived a nuclear blast.
The Importance of Data Vaults
Today, information is often as valuable – sometimes more so — than the precious metals, currency and paper securities vaults were originally built to protect. Keeping information, or data, safe requires a much different sort of vault. Instead of thick walls of steel and concrete, data vaults require effective firewalls to keep intruders out. Instead of complicated mechanical locks, they require impenetrable encryption technologies to keep their contents from being stolen. Protecting information from destruction by fire or natural disaster lies in remote backup storage systems, not in concrete and steel.
Although data vaults look and work very differently than traditional vaults, they still serve the same function — keeping valuables secure against theft or damage – and nobody does it better than Global Data Vault. We can capture and secure information as it is generated anywhere in the world and protect it in multiple sites with state of the art encryption and firewall technologies in real time. That’s along way from a wooden box with a wooden lock.
The OpenSSL Heartbleed bug threatened the security of data across the internet. This vulnerability affected anyone who visited a compromised website and put them at an increased risk for identity theft, credit card theft, and hacking. While this security threat was found in over half a million webservers, we have concluded that our production environment and webservers are not at risk.
The Heartbleed bug allows encryption keys to be bypassed, giving unauthorized user access to unsecure data like passwords and account numbers. The concerning issue is that the bug has been in existence for 2 years already, but only been made public. We can only assume the prolific hacker community has been aware and exploiting this for some time, and now even the amateurs can get in on the game.
The GDV production systems that provide your backup and disaster recovery services were never exposed to the Heartbleed vulnerability.
Our website does use OpenSSL but we have completed our remediation. We see no evidence of any data loss or theft and the site has always functioned as it is intended.
If you have any concerns about your backup account or your disaster recovery services, please contact us directly. More information about Heartbleed can be found at http://heartbleed.com. A comprehensive list of companies who were exposed can be found here: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
There are two new nasty computer malware and ransomware strains currently terrorizing both PC’s and Mac’s. They have gained momentum since their first reports early this year. Both are prolific, becoming more sophisticated in their delivery, and demand a ransom from their victims. We think they’re the new age version of pirates searching for prey on the Cyber Sea.
Internet Pirate #1: Crypto Locker
Crypto Locker is a sneaky ransomware that makes its way onto a user’s computer via an email suggesting a free trial for something desirable, or simply posing as an email from a trusted service provider. The user clicks on the link and that begins the download to install the “freebie” or survey on their device. Crypto Locker then uses an RSA-based encryption to lock files on the user’s computer, rendering them useless without a decryption key. Crypto Locker also creates a registry entry so even restarting the computer presents the same message and blocks the user from their files.
Users discover the Crypto Locker attack via a warning message boasting of the encryption and offering a decryption key for $300 dollars.
Experts say that the encryption is at a level that only the NSA could break it, (and you know they aren’t going to help you). That leaves infected users with two choices: pay up or wipe the system clean and restore the files from a backup.
Two of our customers just this week were held hostage by the Crypto Locker. Because we maintain regular backups for them, we were able to get their systems back in business in short order. Others are not so lucky.
Some people attacked by the Crypto Locker actually choose to pay the ransom. Surprisingly the decryption key does work after funds are delivered – although experts warn of future activations of the malware.
Internet Pirate #2: Reveton
Reveton behaves a little bit differently than Crypto Locker but like its nasty cousin, Reveton also demands ransom payment to undo the damage. However, Reveton doesn’t require someone to open a file or download anything. Reveton is labeled “drive-by” malware because it will install itself when you simply click on a compromised website. User’s computers are locked down, and they are given a message saying that their Internet address has been recorded by the FBI or the Department of Justice’s Computer Crime and Intellectual Property Section as having been involved in child pornography or other illegal activity. In order to remove the lock, victims must pay a fine via a prepaid money service.
According to Symantec, (producers of Norton Security Software), incidents of ransomware have increased over the past year. While cybercrime victims are fewer, the loss per victim has increased. The best way to protect your data from Internet Pirates is to have a secure backup in place so you can restore your business after they strike.
Hackers make our online lives dangerous. We never know when we’ll be subject to a nefarious attack on either our own computer system or that of our bank or other service provider that houses our private data.
Protecting, encrypting and backing up our files has never been more critical in our technology dependent world. Now it seems, even our own government is compounding that risk of attack.
Recent events have brought to light that the network systems we rely on for both business viability and every day conveniences, have been purposefully made more vulnerable in the name of national security.
As highlighted in the Economist on September 14th, internet snooping by the National Security Administration (NSA) is not an unheard of activity, in fact it is commonplace and without constraints. “Backdoors” have been created by or on behalf of the NSA to embed deliberate errors in software and hardware design so that discrete monitoring can occur freely. The revelation that the NSA has been awarded backdoors into otherwise and formerly considered secure network systems in an effort to more effectively ferret out terrorism is concerning on a number of levels.
Many don’t remember that back in the 1990’s, the NSA openly lobbied for these types of backdoors to be added to both public and private communications systems, but the NSA lost their fight. Apparently this is a classic case of not taking no for an answer” because the NSA has gone and done it anyway at the nations expense. Knowing those backdoors exist is what makes hackers truly salivate.
By weakening the security and encryption protocols in the name of national defense, the internet has unilaterally become less safe for everyone. That’s disturbing news if you have any kind of personal or financial information online – not just your personal information within your control, but any institution that you have ever done business with that has an internet presence. Absent of reliable encryption technologies, our entire ecommerce network has a giant target on its back. (Read more in this article )
Because the NSA created these windows without any approval or guidelines, the internet has become a second gold rush for hackers and thieves. Furthermore, it guarantees a higher level of distrust not only for US Citizens and their opinion of government, but for any foreign company previously interested in US based technology companies that have dominated the internet and cloud space.
Going forward, it will be much more difficult to gain the trust of overseas business partners knowing full well that there are embedded and deliberate weakened flaws in our systems that they, in doing business with us, would be subjected to. That’s not to mention the suspicions of unknown agendas of potential business partners. All around, that’s bad for business, bad for the economy, and bad for everyone.
Computer Code Exploits
In part one of our Cyber Attack series, we highlighted the massive DDoS attack raining on spam list provider SpamHaus. In most DDoS attacks, your data is likely safe, but the nefarious activities are just one step away from more serious forms of attacks that can steal your data – cyber attacks with exploits.
These “exploits” are packets of computer code that allow hackers to sneak in and sometimes control computers running software with a known design flaw or a “vulnerability.” Criminals, terrorist groups and even governments are all likely customers for the purchase of exploits.
It’s an emerging market for companies who discover new vulnerabilities called “zero day exploits” in software and sell their findings for anywhere from tens to hundreds of thousands of dollars. And generally it’s legal to sell them. In fact, more than half of exploits sold are now bought from upstanding firms and not hackers, according to the magazine The Economist. (more…)
The rate and intensity of cyber attacks is escalating and probably affecting your internet activity and you don’t even know it. (Read more.)
In late March, spam-fighting organization Spamhaus was the target of a massive DDoS (distributed denial of service) attack and it was considered the most severe attack since the invention of the Internet – or at least that anyone is admitting to.
It was called, “the worst cyber attack ever.” And there’s more to come.
DDoS attacks utilize an army of commandeered computers to point huge volumes of web traffic at a company’s server to the point of overload until it crashes. This latest cyber attack was so large, experts don’t even think they have a measurement system capable of determining the full scope, but some experts are confident that Internet users worldwide were impacted by sluggish Internet connectivity during that time.
It is speculated — with unconfirmed reports — that this cyber attack was an act of revenge by groups ticked off at their blacklist status awarded by SpamHaus, who generates widely used and continually updated blacklists of sites who are guilty of sending spam. These grumpy spammers took advantage of what’s called a “DNS reflection,” a technique that tricks thousands of servers to send a landslide of junk to an unsuspecting victim, in this case SpamHaus.
The attack came as a surprise for Spamhaus, as it would your own company. What can a company do to combat a DNS reflection other than putting a crisis communication plan in place?
Experts say that locking down the infrastructure that hackers use is the number one imperative. In the Spamhaus cyber attack, the DNS reflection attack was likely due to the hackers taking advantage of “misconfigured DNS servers to amplify the power of a much smaller botnet,” said Chester Wisniewski, a senior security adviser at Sophos Canada, in a blog post. He goes on to say that 25 million open DNS resolvers hosted by service providers across the Internet currently are insecure or misconfigured, posing “a significant threat.” His advice is that it’s critical that you configure your recursive name servers to only reply to your own network,” Wisniewski said. “If you must provide public DNS, be sure to apply filtering for abusive queries and ensure the frequency of queries is commensurate with your expected volumes.”
Spamhaus is not the lone victim. If you’ve ever experienced an inaccessibility to your bank website or a sluggish response, it could very well be the work of a DDoS attack. On March 27th, Wells Fargo admitted to suffering from disruptions to their website connectivity. The al-Qassam Cyber Fighters hacktivist group has vowed to continue its long-running campaign of U.S. banking website takedowns, and while Wells Fargo is reported by Sitedown.co to have the majority of the downtime reports, Bank of America, Chase, Capital One, Citibanks and PNC Bank were all the subject of reported difficulties.
Wells Fargo spokeswoman Bridget Braxton confirmed Tuesday that the bank’s website was being disrupted, but told Reuters that “the vast majority of customers are not impacted and customer information remains safe.”
As Ms. Braxton rightly commented, during a DDoS attack, your data is likely safe, but if you’re the target for a DDoS attack, it’s going to be a tough few days before you can get back online.
In the next installment of our continuing series on cyber attacks and how to protect your data, we’ll look at “exploits” and the damage they can do.