Double Extortion Ransomware is in Fashion This Summer

In a tough economy, everybody’s looking for a way to make a little more money and increase profitability – even cybercriminals. Why should a cybercriminal only benefit once from the hard work of hacking into systems and deploying ransomware, when they could benefit twice?

Double extortion ransomware is becoming more trendy as a means of cybercrime because it opens up extra opportunities for profit as cybercriminals not only attempt to get paid by selling you the encryption key to unlock your systems and data, they also try to extort a little extra by threatening to release especially sensitive information on the Dark Web. 

The majority of ransomware infections are delivered via phishing- and phishing isn’t just an email threat these days. Instead of the proverbial malware-laced attachment, phishing has expanded to include attack attempts through malicious links, SMS messages, texts, chats, and more. 

By implementing and updated regular phishing resistance training, companies can improve their defense against ransomware. Choose an innovative solution like BullPhish ID that offers constantly updated, plug-and-play phishing training in bite-sized pieces using engaging video lessons in 8 languages to keep staffers on alert for suspicious messages and stop ransomware attacks before they start.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

The BlackBaud Breach Fallout Continues to Pile Up

The recent data breach at fundraising technology provider BlackBaud is an object lesson in how third party risks can compromise cybersecurity and cause huge problems for other businesses, leading to a cascade effect that keeps the damage rolling. 

Initially, BlackBaud obfuscated the details it released about the breach, including insinuating that the initial ransomware attack was unsuccessful. Two weeks ago, we reported on the real story of that breach, noting that BlackBaud had actually paid the ransom demanded for the encryption key. The company also claimed that very little user data was stolen and the breach would only impact a small subset of its users. 

Once again, that wasn’t necessarily the case. As the ripple effect of the initial breach became more apparent,large universities and institutions around the world began disclosing that information including details about their alumni, donors, and fundraising efforts had been compromised in the BlackBaud breach, Including The National Trust (UK), Texas Tech, the University of York, the University of South Wales, Aberystwyth University, and UK Charities including The Wallich, Crisis, Sue Ryder, and Young Minds.

The UK’s Information Commissioner’s Office (ICO) told the BBC that 125 organizations had reported that they were impacted by the event, including dozens of universities and 33 charities. Internationally, the breach is expected to impact many more universities, trusts, museums, schools, churches, and food banks.  

So how can you protect your clients’ sensitive data and systems from breach danger or exposure because of third party service providers? We’ll be coming out with a new book addressing that problem soon, but here’s a sneak peek at our advice – and you can put this into practice right now.

Start employing single sign-on (SSO) and multifactor authentication (MFA) immediately. Those two tools combines add a strong barrier between cybercriminals and sensitive data and systems by giving IT staffers more control. MFA is often the star of the show when considering secure identity and access management solutions, but single-sign-on is the unsung hero. 

SSO allows for the creation of a unique Launchpad for every user, giving IT staff the opportunity to control each user’s access to applications and data with one action. If someone’s account is compromised, instead of figuring out what they ad access to and turning each one off individually, IT staffers can cauterize the bleeding quickly by simply deactivating that user’s Launchpad, eliminating their access to everything.

Get these essential protections and more with our freshly updated secure identity and access management solution Passly. Not only do you get MFA and SSO, Passly also includes easy remote management tools, secure password storage vaults, and seamless integration with over 1,000 commonly used business applications. Start using Passly now to provide an essential upgrade in protection from unexpected threats that won’t break the bank – and gets to work securing data and systems from Day 1.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Cybercrime Boom Means Data Breach Risks are Rising

In a challenging economy, even cybercriminals have to work a little bit harder – and they’re working overtime. A 23% overall increase in cybercrime in 2020 so far (and a more than 600% increase in phishing attacks) means that your data is at greater risk than ever before. So what can you do right now to improve data security immediately, and add additional protection that keeps your data safer in the future?  

For the quickest security upgrade, a secure identity and access management solution like Passly has the most immediate bang for your buck. Passwords are a thorny problem for IT departments, but they don’t have to be. By combining multifactor authentication, single sign-on, and secure password vaults with easy management, Passly immediately puts an extra layer of protection between bad actors and your business – and it seamlessly integrates with the business applications that you use every day to start working from day 1.

For a longer term solution, increase security awareness training, especially phishing resistance. Many of today’s most dangerous cyberattacks, like ransomware, have an element of phishing – and the lastest breach news shows that over 90% of incidents that end in a data breach start with a phishing email. Phishing attacks aren’t always attempted with an email attachment either; they can be links, PDfs, even SMS messages. BullPhish ID has simple, plug-and-play phishing training that’s constantly updated to keep your staff ready for the latest threats, including COVID-19 bait.

By taking an approach that combines both a fast fix and continuous improvements in security awareness, businesses can reduce their risk of falling victim to cybercrime like a potentially disastrous data breach and be ready for future threats as they crop up. 

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Billions of Leaked Credentials Create New Risk

Two huge data dumps of leaked credentials in recent weeks have drawn attention in breach news this week raising questions about the risk posed by these treasure troves of information for cybercriminals. These batches of information from past breaches demonstrate the danger of a third party data breach and how that can create a cascade effect that damages other companies. 

In early July, Dark Web researchers found over 15 billion credentials from more than 100,000 data breaches on the Dark Web, including everything that a bad actor might need for unrestricted access to everything from streaming services to banking accounts and financial services. 

Later in the month, cybersecurity analysts found another giant cache of sensitive information on the Dark Web, this time including personally identifiable information including names, addresses, dates of birth, Social Security numbers, and other sensitive personal information for an estimated 40,000 Americans. 

This is far from a rare occurrence. As time goes on, more data dumps of this type will happen regularly as data accumulates from a constant spate of breaches, putting even more peoples’ personally identifying information on the Dark Web – and putting the companies that they work for in danger. 

Two major concerns about how cybercriminals may use this information to damage other companies are credential stuffing attacks and spear phishing. With a bit of research and a big enough list of email addresses and potentially associated passwords, cybercriminals can mount dangerously accurate credential stuffing operations that can quickly bypass many data protections. They can also use personal details collected from other breaches to craft extremely convincing phishing emails touse against targeted companies that lure in unwary staffers to unwittingly deploy ransomware or give up access credentials, passwords, and data.

What’s the first thing to do to throw up a roadblock against attacks that make use of these huge data dumps? Deploy a secure identity and access management solution like Passly. It seems like an easy fix because it is. Passly is simple yet effective protection that goes to work immediately to mitigate the consequences of things like staff credential compromise from a third party data breach – because they’re almost inevitably recycling passwords. 

In one affordable tool, Passly adds peace of mind for businesses that their entry points are protected as it uses the combined security power of MFA, single sign on, and easy remote management to add crucial layers of protection between cybercriminals and company systems and data fast, while making sure that the right people have access to the right things at the right level – and only the right people.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Ransomeware is on the rise!

From Inc.com: Yikes!

While there’s no shortage of examples of ransomware attacks, a recent study by data protection firm Veritas suggests an even bigger problem that few, if any, companies are prepared for: Customers are increasingly laying the blame on companies, specifically their CEOs, rather than on the hackers perpetrating the attacks.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Covid phone scam

Apparently, we need to prepare for these phone calls ...just in case 🙄

‘Good morning, According to our system, you are likely to have been in close proximity to someone who has tested positive for COVID-19. This means that you now need to self-isolate for 7 days and take a COVID-19 test.'

'OK. Can you tell me who that person was?'

'I'm not able to tell you that. That is confidential information.'

'Right. Um... so ....'

'But you do need to be tested within the next 72 hours. So can I just get the best mailing address so that we can send a kit to you?'

'Ok (gives address)'

'Thank you - and I just need to take a payment card so that we can finalize this and send the kit to you.'

'Sorry - a payment card? I thought this was all free?'

'No - I'm afraid not. There is a one-off fee of $50 for the kit and test results. Could you read off the long card number for me, please, when you're ready.'

'No - that's not right.

'I'm afraid it is. Can you give me the card number please - this is very important, and there are penalties for not complying.'

Puts the phone down.

This is how scammers work. And vulnerable people will fall for it.”

Don't fall for it...! COPY and PASTE

watch out ...🤬

Tell our elderly.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

What is a Network Security Audit and Why Do I Need One?

As a business owner, you know that data security is one of your most vital concerns. You know that a single data breach could erode the trust of your customers, and that repeated breaches could subject you to fines or even put you out of business.

As a result, you have taken steps to lock down your network, from requiring strong and unique passwords and frequent password changes to installing firewalls and security software to keep the bad guys at bay. And while those are all crucial steps on the road to cyber security, they may not be enough to safeguard your network infrastructure and the massive amounts of proprietary and customer data it contains.

You may think that your network is as secure as it can be, but without a formal audit you can never know for sure. A network security audit is an important next step for every business owner, and the sooner you conduct one the better off you and your business will be.

What is a Network Security Audit?

A network security audit, also known as a network security assessment, is a formalized process during which the entire data infrastructure is carefully evaluated. During the process, previously unknown vulnerabilities or weak spots may be uncovered, and each one of those will be addressed once the formal assessment has been completed.

Once the network security audit is over, a formal list of recommendations will be made. These points will then be followed up on, either by the internal IT staff at the company, by the organization that conducted the audit or by an outside managed IT service provider. After these deficiencies have been addressed, a follow up audit may be conducted to ensure that all vulnerabilities have been adequately addressed.

The Many Benefits of a Network Security Audit

Subjecting your network infrastructure to a formal security assessment may seem like a cumbersome process, but the many benefits of the audit make it more than worthwhile. If you are running your business and simply hoping for the best, it is only a matter of time until a ransomware demand, hacker attack or security breach comes your way. These threats are not going away; if anything they are getting worse, and you cannot afford to fly blind in such a dangerous environment.

If you have not yet conducted a formal network security audit of your network, now is the time to get started. Here are some of the benefits of having your network infrastructure professionally evaluated.

•   Regulatory compliance - Some types of businesses, including those operating in the governmental or healthcare space, may be required to undergo regular network security assessments and intrusion detection testing.

•   Finding hidden vulnerabilities - Even if you have secured your network against all known threats, there may be other dangers hidden in plain sight. A network security audit can uncover those previously unknown vulnerabilities and address them.

•   Enhancing the security of cloud storage accounts - If your business has moved to the cloud, conducting a formal network security assessment can enhance the value and safety of those stored files.

•   Strike a balance between top security and easy access for employees - Finding the right balance between network security and usability is no easy task, but a professional network assessment can help a lot.

•   Take advantage of specific expertise - You are an expert at running your business, but you are probably not a tech guru. When you schedule a network security assessment, you gain access to the specific expertise needed to keep you and your data safe.

•   Employee education - The members of your staff should be the first line of defense in your cyber security strategy, not the weakest links in the chain. Investing in a formal network security assessment is a great way to educate workers on the value of data protection and their vital role in the process.

No matter where your business operates or what its niche, you have a vested interest in the protection of your network and the data it contains. With data breaches almost a daily event, it has never been more important to protect the information with which your business has been entrusted.

By conducting a formal data security assessment, you can decrease the odds of a data breach, educate your workers on the growing dangers and shore up your cyber defenses. If you have not yet conducted such an audit, now is the time to get started.

by

Robert Blake

For More information contact Bit by Bit 877.860.5831 x190

Bit by Bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863