The Cyber Kill Chain

The Cyber Kill Chain

Lockheed Martin, known for defense and security technologies, among other things, has developed a new “kill chain” method of describing each stage of an cyber attack. This CSO article talks in depth about the Cyber Kill Chain method and says, “each stage presents an opportunity to detect and react.” Though it is rare for a cyber attack to be the same, these steps provided by Lockheed Martin could be effective for many companies around the world in protecting their data.

It may come as a surprise, but an actual thief trying to break into a building to steal goods takes very similar steps to that of a cyber thief, who instead of breaking into a building, is trying to break into your network to steal data. The cyber “kill chain” could help companies have a better understanding of where the vulnerabilities lie in their infrastructure. The more quickly you identify an attack taking place, the more rapidly you’ll be in recovery from said attack.

The first steps in the cyber kill chain is reconnaissance, “which is a military term that means to locate an enemy or ascertain strategic features.” The cybercriminal must decide who to target, what valuable data they may be holding onto, and is it worth the effort to infiltrate their network. Like we saw a few weeks back in the city of Atlanta, cyber criminals decided to go after a vulnerable network full of sensitive customer information. The criminals in the Atlanta instance probably sent phishing emails which were opened and spread unbeknownst by employees of the city leading to the data being held for ransom. This was a classic case of ransomware, and many cities around the world should be worrying about how to protect their systems from similar attacks.

This first step is one of seven Lockheed Martin has described in detail to help companies and consumers protect their data from cyber thieves. With each step a company or individual can look and decide which step they are on and what action they can take to reverse what damage has been done.

Even with the help of Lockheed Martin and their “Cyber Kill Chain,” cybercriminals can go beyond the reach of a kill chain by as the CSO articles states, “attackers share lists of compromised credentials, of vulnerable ports, of unpatched applications. The traditional cyberattack life cycle also misses attacks that never touch enterprise systems at all. For example, companies are increasingly using third-party software-as-a-service (SaaS) providers to manage their valuable data.” And that is a critical vulnerability that companies need to be aware of.

It’s now more  important than ever to have your systems secured and protected. Can your company survive an attack like the ones we see almost every week in the news? Will this Cyber Kill Chain provided by Lockheed Martin help businesses stay on top of all the malicious activity taking place ? These questions are serious questions for companies or individuals carrying sensitive data. One of the best ways to make sure you are secure enough is having adequate or better backup. Backing up your data is a great way to protect yourself from cyber criminals. If cybercriminals are able to break through your securities and tamper with or steal your data will you have a clean backup easy to restore? Backing up your data gives you a safety net to prevent further damage after a breech.

Ransomeware Attack in Atlanta

Ransomeware Attack in Atlanta

There’s nothing worse than serving up a great idea to a hacker on how to make money, and that’s exactly what’s happening in Atlanta. that collect critical citizen records and information.

The city of Atlanta is currently struggling to rebound after a multi-day Ransomeware* attack which caused the city’s website outage. The outage prevented customers from paying bills and fees online, which freezes revenues to the city. According to this Reuters article the city was instructed to pay $51,000 in bitcoin to unlock their systems – which gives the municipality pause for so many reasons. The city is trying to identify which cyber group is responsible for this attack as they have only confirmed publicly that their systems were accessed remotely.

Wired reports that this particular malware is called a “Sam Sam” attack which, ‘infiltrates by exploiting vulnerabilities or guessing weak passwords in a target’s public-facing systems, and then uses mechanisms like the popular Mimikatz password discovery tool to start to gain control of a network. This way, the attack doesn’t need to rely on trickery and social engineering to infect victims. And SamSam has been adapted to exploit a variety of vulnerabilities in remote desktop protocols, Java-based web servers, File Transfer Protocol servers, and other public network components.

Attackers deploying SamSam are also known to choose their targets carefully—often institutions like local governments, hospitals and health records firms, universities, and industrial control services that may prefer to pay the ransom than deal with the infections themselves and risk extended downtime.

Another really frightening trend is hackers are using ransomware attacks to cover their tracks. They steal personal data or worse, then deploy the ransomware, thus making the theft much harder to detect, prosecute or remedy.
The discouraging bit of this event is that it highlights the vulnerability common to most government municipalities. Due to employees who are not well-trained on security threats, paired with tightening budgets, nearly all cities lack the funding to support proper defenses for cutting edge cyber security defense. This characteristic seems to have caught the attention of hacker groups around the world and sadly, could prompt more ransomware attacks across the nation. In fact, According to a recent report by Symantec, the number of ransomware attacks tripled in 2017.

It’s part of a growing trend that we’ve seen in the world of data management. As Bryce Austin, the author of Secure Enough states, “The problem is that cyber criminals have figured out an important new angle to their business model: companies that don’t have information that is valuable on the black market still have information that’s valuable to the company itself.”
It pains us to hear about the ongoing disruption in service that the City of Atlanta is going through, as GDV maintains DRaaS for several municipal and other government entities. We’ve performed numerous recoveries which have led to fast resolution after ransomware or other cyber attack.

Critical systems for first responders and financial portals for customers are pressure points that hackers would love to have access to, and we have mission priority to ensure any disruption in service is minimal for each of these entities. For more information, see our video below.

*Ransomware as defined by Reuters, “is a type of malware that infects computers networks and then freezes them, with the attackers demanding a ransom in order to restore services. The initial assault often comes via a phishing link that someone within the network opens on their email.”

In the Mind of the Hacker

In the Mind of the Hacker

“The problem is that cyber criminals have figured out an important new angle to their business model: companies that don’t have information that is valuable on the black market still have information that’s valuable to the company itself.”

– Bryce Austin, author of Secure Enough20 Questions on Cybersecurity for Business Owners and Executives. 

According to online security software company McAfee, there are both good (white hat) and bad (black hat) hackers, and they generally can be classified within 7 types motivation. Most are not the stuff of Hollywood movies, but they can cause havoc within your everyday business operations. You likely have a white hat hacker within your team. These are the good guys, people who test IT system security, searching for vulnerabilities to keep your data safe. The Black Hat hackers are growing in sophistication at a rapid pace, and they seek ways to make money with various types of cyber attacks. Another type, “Script Kiddies,” are ego-driven black hat hackers who use programs to cause network and website issues in an effort to make a name for themselves. “Hacktivists” are harassing hackers, looking for revenge or they are politically motivated, and their cyber misdeeds are generally for their own entertainment.

The next level cyber criminals are where things get really ugly.

McAfee describes state-sponsored hackers as having limitless time and funding to target governments, corporations and people of influence. Spy hackers are paid to steal trade secrets. They may even infiltrate a company by working as an employee mole. Lastly, a cyber terrorist’s sole motivation is to create fear and chaos by disrupting critical infrastructure. They are the most dangerous and murder is not outside their consciousness.

It’s impossible to put a number on how many “hackers” there are in the world, but the FBI has a list of their most wanted cyber criminals. Recently Trip Wire decided to take a closer look into this list and has a fascinating featuring running of the top ten over the next few weeks, beginning one you may have been effected by: Behzad Mesri

Behzad Mesri is responsible for last year’s hack of Home Box Office (HBO). He spent a total of two months compromising employees accounts so that he could attack larger assets like servers and sensitive data. He claims he stole more than 1.5 terabytes of HBO’s data which included footage from upcoming episodes of popular HBO shows like “Curb Your Enthusiasm,” as well as full scripts and cast lists for “Game of Thrones” and other data for unaired shows. Mesri demanded 5.5 million in Bitcoin or he threatened to release the data to the public. HBO refused to pay the ransom and as you know, some of that information led to spoilers of your favorite shows all over the interwebs.

The data that was stolen from HBO is their greatest vulnerability but for many companies, the biggest risk is having data locked, encrypted, or destroyed. It is not only critical to have good backups, but to monitor it and test it and secure it. Global Data Vault not only backs up important and sensitive data but we continuously monitor, and test and transmission to ensure encryption and security.

You might also like:
2017 Security Breaches: Frequency and Severity on the Rise
10 of the World’s Most Famous Hackers & What Happened to Them
List of Hacker Groups

IRS Warning about CPA Firm Data Loss

IRS Warning about CPA Firm Data Loss

No one likes a warning from the IRS, but CPA firms are taking heed of the most recent message from the stalwart government agency: “Step Up” security for the mountains of sensitive information you obtain each year. CPA firms regularly keep digital files of names, addresses, social security numbers, and reported income, not to mention a cadre of additional personal information for their many clients. They are creating a “one stop shop for criminals because all the information they need is housed in one location,” according to NBC Nightly News in this clip. The IRS is urging all CPA and tax firms to encrypt all sensitive client data, password protect Wifi networks, and install anti-virus software immediately.

Some firms are even going the extra mile to hire cyber security experts to expose their own firms’ vulnerabilities, as seen in the video feature.

The IRS should know, they are privy to many tax schemes and go to far as to issue a yearly report of their “dirty dozen tax scams” on their website at irs.gov. Repeat offenders this year include identity theft, phishing schemes and thieves posing as IRS agents via phone and text. They encourage individuals to use the same best practices as tax professionals: Always use security software with firewall and anti-virus protections. Make sure the security software is always turned on and can automatically update. Encrypt sensitive files such as tax records stored on the computer. Use strong passwords.

With the increasing rates of data theft, it’s imperative to increase security protection and data backup. CPA firms with a solid DRaaS plan and air-gapped backup can ensure business continuity during this busy time of year, but can also help provide forensic information to identify where the vulnerability occurred and what information was at risk. If your CPA firm isn’t 100% confident in your data protection, contact GDV to discuss how we can make sure you get those taxes files on time even if a hacker targets your company.