Ostra Cybersecurity

2,400 Nursing Homes Immobilized in Ransomware Attack

/in /by

Ostra’s Intrusion Detection Layers Prevent Advanced Persistent Attacks

Cyber criminals found a vulnerable target when they attacked Virtual Care Provider Inc (VCPI). This classic advanced persistent threat began with a breach over a year ago, and in the 14 months after VCPI was first compromised, the groundwork was laid for a full-fledged ransomware infestation. Businesses that don’t have intrusion detection as a part of their cybersecurity strategy are particularly vulnerable to this type of attack.

VCPI faces the long road to recovery when (and if) the attack is brought under control.

The Wisconsin-based company that provides cloud data hosting, security and access management to more than 100 nursing home management companies across the United States is currently crippled by an infection of a ransomware strain known as Ryuk. All data the company hosts for its clients was encrypted on November 17, and core offerings such as Internet service and email, access to patient records, client billing and phone systems across the 2,400 facilities served have all been impacted. VCPI is unable to pay the nearly $14 million ransom demand, and is focused on restoring services to the 80,000 computers and servers that assist those facilities.

While an advanced persistent attack typically stems from an email attachment that is used to download malware, it differs from a traditional attack in a number of ways. Targeted attacks such as these may go undetected because they are specifically designed to avoid detection by signature-based antivirus solutions. The malware in these types of attacks is designed to keep installing itself, establishing persistence and furthering its ability to spread. This type of sophisticated malware also stays in contact with its “command center” (the cyber-criminal masterminding the attack) to receive instructions. This ongoing undetected contact with the infected system allows cybercriminals to slowly compromise the entire network, map out the target’s internal networks, undermine key resources and data backup systems, disable antivirus, run customized scripts, and deploy ransomware. Because the infection is persistent, if the criminals don’t succeed on the first they can just keep trying.

An effective cybersecurity solution can combat an advanced persistent threat because it combines layers of intrusion prevention and intrusion detection. Partner with Ostra’s to protect your business with an Enterprise Grade security solution that detects and halts reconnaissance activity associated with a ransomeware infestation.

 

Ostra Cybersecurity

Disney+ Accounts Hacked Within Hours of Launch

/in /by

Ostra Prevents Info-Stealing Malware

Disney+ streaming service launched last week, and only hours later thousands of stolen account credentials were up for sale. Disney customer complaints flooded popular social media networks like Twitter and Reddit, reporting that hackers accessed their accounts, changed email and passwords to take over the account, locking the rightful owner out. This crime of opportunity was possible in part because users tend to reuse passwords which were leaked and used by hackers to gain access to the new Disney+ accounts. In many instances, however, passwords unique to the Disney+ streaming service were obtained through the use of “keylogging” malware.

As the name implies, this type of malware works behind the scenes of an infected computer, sniffing out the keystrokes while the system continues to operate normally. The software can steal passwords, take screen shots, record viewed web pages, grab sent emails and instant messages, as well as sensitive financial information such as credit card numbers, PIN codes, and bank accounts. All of this data is sent over the network to a remote computer or web server where the person operating the logging program can retrieve and sell it to third parties for criminal purposes.

Malware creators know that most people use popular antivirus or anti-keyloggers so they create sophisticated malware to bypass it — much like if everybody used the same door lock, the criminals would only need to learn how to pick one lock. Ostra’s security platform is different from popular anti-virus programs because it tests the intention of keylogging malware before it can install and start spying; and detects when stolen data is being transmitted.

Thousands of hacked Disney+ account illustrate how easy keylogging malware can be used for credential theft. Protect yourself from info-stealing malware with Ostra’s Enterprise Grade security solution.

Ostra Cybersecurity

Simple Mistake, High Price Tag

/in /by

Ostra Prevents Business Email Compromise Scams 

Social engineering has propelled Business Email Compromise (BEC) to new heights of scammer success. Cyber-criminals can construct well crafted and highly detailed emails due to the wealth of information they can collect from social media and also purchase on the dark web. In an increasingly digital age of banking, more businesses are falling victim to Business Email Compromise billion-dollar industry scams.

A three-pronged approach of training, process, and technology can stop a Business Email Compromise attack before it succeeds. Ostra’s security solution has the capability to use advanced analytics to evaluate and capture BEC emails based on attributes, and authenticate partner, vendor and customer emails to verify they don’t originate from a fraudster.

SMBs operating in a digital environment need strong protection against modern day threats. Partner with Ostra for Enterprise Grade Security that provides best-in-class security services to avoid sophisticated Business Email Compromise attacks.

Ostra Cybersecurity

ConnectWise: Hackers Target Remote Management Tools

/in /by

Ostra’s Best-In-Class Security Prevents Management System Attacks

Remote IT management systems provide what cyber-cyber-criminals want the most — access to potential victims and infrastructure designed to make that access easy and direct. Florida-based ConnectWise publicly acknowledged last Thursday that malicious actors were targeting open ports of ConnectWise in an active and ongoing campaign with the purpose of introducing ransomware to on-premise application customers. The specific ports, type of ransomware and targeted ConnectWise customers were not disclosed.

This is undoubtedly a worst-nightmare scenario for businesses who use ConnectWise to remotely manage computer networks. Such an obvious and lucrative entry point — an approved, privileged, understood, knowledgeable and centralized system used to manage a company’s computer systems — allows an attacker to “rapidly inflict as much pain as possible, bringing the company to its knees and maximizing the attacker’s reward.”

 

Exposing vulnerable RDP endpoints, preventing removal of anti-virus, and detecting unusual network activity are all functions that a comprehensive enterprise-grade security solution provides. Partner with Ostra for Enterprise Grade Security that provides best-in-class security services to integrate prevention, detection and response tools that recognize and halt attacks such as the one facing ConnectWise customers.

Ostra Cybersecurity

High Stakes for Small and Medium Business

/in /by

88% of Small Businesses Feel Vulnerable to Cyberthreats. Ostra Changes the Math.

Eileen Mannings Minneapolis-based event group was attacked a few years ago on the eve a a Cyber Security conference she stages every fall. By current standards, the attack against Manning’s firm was relatively tame and manageable. Much has changed in recent years as attack tools and methods have become much more sophisticated and SMBs across the board are increasingly the targets. Ostra has responded to the evolving threats against SMBs with an affordable solution that leverages the same enterprise-grade cyber-security protection against modern day attacks that large corporations use to protect their business.

The attack against Eileen Mannings SMB Event Group resulted in a $5000 ransomware demand, which would be modest by today’s standards. The average ransom paid increased from $6,733 in 2018 to $12,672 in 2019. 

Attacks during the same timeframe increased by 118% with “code innovations and a new, much more targeted approach” which greatly increases the damage potential and recovery costs for the intended victim. The majority of targeted ransomware attacks also wipe or encrypt backups, making infections more debilitating and recovery more costly. In a modern day ransom attack, almost half of small to midsize businesses experience at least 8 hours of downtime with the average ransomware incident lasting 6 days. Costs to restore access to critical systems, replace damaged or stolen assets and mitigate brand damage, public relations, legal fees and fines have also sharply increased in recent years. The “attack vector” against Mannings’ company was an email attachment, which is still the source of over 90% of malware delivery. But it is very likely that a modern day attack would be undetectable to traditional signature virus identification because protection is limited to threats with known signatures. Recent industry research found that 80% of observed malware is single use, meaning it is undetectable by traditional signature-based anti-virus solutions.

Ostra’s security layers are built using top tier security appliances and services. We’ve partnered with PaloAlto, FireEye, Cisco, Netskope and Splunk to offer Tier One Enterprise Grade Security to small and medium businesses. The solutions offered by these industry leaders are specifically designed to detect and prevent modern day threats. Ostra is the SMB security partner for today’s digital world.

 

Ostra Cybersecurity, Inc.
6101 Baker Rd, Suite 202
Minnetonka, MN 55345
contact@ostra.net
(866) 336-7872

Access our Partner Portal
Subscribe to Our Newsletter