Ostra Cybersecurity

Cybersecurity: 2020

/in /by

Threat actors have a very real opportunity to make big returns. 

In the cybersecurity world, the bad guys are picking up the pace and the deluge of attacks isn’t likely to let up. Experts predict bolder actions and attacks by threat actors, and stricter regulations and lawsuits by regulators and consumers. Cybercrime will intensify in 2020 and could cost a lot.

 

Collaboration across criminal groups with differing specialities is one of the most significant developments in criminal techniques that will shape cybercrime in 2020. Hackers are now selling access to networks they previously compromised to other threat groups. This type of collaboration among threat actors allows one group of criminals to leverage the work of another group of criminals. By purchasing access to a target’s breached network, a cybercriminal can distribute ransomware without having to do any initial breaching on their own.

Cyber-criminals also refined attack techniques that will become more the norm in 2020. Bad actors began to commonly use precursor infections to find high-value systems and encrypt data on them, making victims more likely to pay. Targets themselves are no longer mass-scale victims of spam, but instead are specifically selected. Many criminals know with whom they are dealing and act accordingly.

“Malware threat actors are increasingly trading their work…”

 

Sophisticated tools developed in 2019 also give a foretaste of what is to come in 2020. Ransomware that uses “kill lists” to try and terminate anti-malware tools, or malware that sets itself up as a service running in Windows’ Safe mode avoids all built-in protection tools and increases the criminals chance of success. Malware can now be automated to quickly profile an infected environment and laterally spread within a targeted network, or trigger simultaneous infections across multiple machines within the same environment.

Government regulations are expected to become more strict as vulnerabilities to cyberattacks increase. In 2019 Juniper Research predicted that annual costs of data breaches will rise 11% per year to over $5 trillion in 2024, driven mainly by higher fines as well as business losses incurred due to a cybersecurity incident.

“Most fines and lost business are not directly related to breach sizes.”

Late in 2019, a proposed class-action lawsuit against a medical services company LifeLabs sought more than $1.13 billion in compensation for LifeLabs’ clients after a database hack compromised personal and health information of up to 15 million customers. While this large-scale suit will grind through the slow legal process, the verdict in the court of public opinion is in. Customers in 2020 will presume their data is protected and will expect companies of all sizes to be punished for failing to protect it.

In 2020 cybersecurity will only become more important for companies doing business in a digital world. Near-constant breaches in 2019 have created a numbness to security risks, while the complexity of technology and sophistication of cyber threats makes IT security feel daunting to businesses. Partner with Ostra in 2020 for an Enterprise Grade Security solution that combines top tier appliances and services for strong cybersecurity protection.

 

Ostra Cybersecurity

Ransomware: 2019 A Gangbuster Year for the Cybercriminals

/in /by

Explosive and sustained growth made ransomware infections the top cyber scourge of 2019 for businesses of all sizes. Ransomware operators swarmed government, healthcare and education targets in unprecedented numbers. A recent report tallies the total number of incidents in 2019 at nearly a thousand.

“It’s Schrödinger’s backup: the state of a backup isn’t known until you have to restore from it…”

While cybercriminals spawned public attacks on cities across the U.S., they were also quietly launching lethal assaults against SMBs. Attackers used new strains of malware to snake their way through networks until they compromised everything possible. Then they unleashed ransomware that took everything down – often including servers and backups. In the first half of 2019 over 50% of MSPs reported this type of attack against SMBs.

Excessive Costs

Some victims who relied on insurance reimbursements to pay ransomware demands discovered that damages exceeded cyber policy limits. The city of Baltimore’s $18.2M loss in May 2019 far outstripped the $102,000 extortion demand. In December, New Orleans mayor announced the city would be increasing its coverage from $3 million to $10 million next year.

On a smaller scale, many SMBs continued to see paying a ransom as the lesser of two evils. Costs to restore systems and loss of business during the time systems were down drove victims to pay up. Businesses in this position were forced to gamble that operators behind the attack would actually release the data, and that payment would not incentivize the criminals to attack them again.

The FBI reported that losses from ransomware attacks increased significantly in 2019 and expects that trend will continue. What cybercriminals learned in 2019 is that ransomware works. As one security expert put it, there’s “really good money in ransomware, not only for the attackers, but recovery experts brought in after that fact and insurance companies that profit from selling coverage against extortion threats.”

Ostra Fights Back

SMB’s need affordable protection against the “unprecedented and unrelenting barrage” of ransomware attacks seen in 2019. We’ve partnered with PaloAlto, FireEye, Cisco, Netskope and Splunk to offer Tier One Enterprise Grade Security to small and medium businesses. The solutions offered by these industry leaders are specifically designed to detect and prevent ransomware attacks.

 

Ostra Cybersecurity

Ignoring a Ransom Demand Just Got Harder

/in /by

[

Attacks and Stolen Data Published By Attackers. Ostra Provides Protection.

Ransomware attackers have turned up the nasty dial by outing victims who refuse to pay and threatening to go public with their stolen data. Several modern ransomware strains capable of collecting and stealing a victim’s data before encrypting files play into a broad new trend in the ransomware scene, where attackers threaten to publish data stolen from victims who refuse to pay up.

Earlier this week, cybercriminals behind one of these ransomware strains created a website and published company information for eight victims of malware that have declined to pay a ransom demand.

“Now that ransomware operators are releasing victim’s data, companies will have to treat these attacks like data breaches.”

Information for each victim includes the initial date of infection, examples of stolen files, the total volume in Gigabytes of files the attackers claim to have stolen, as well as the IP addresses and machine names of the victim’s infected servers. The attacker’s intent to publish the entirety of this stolen data — “wait for their databases and private papers here” — is hardly subtle. It’s probably not an idle threat either. Recently the US security company Allied Universal ignored a similar threat, and the cybercriminals behind the attack released 700MG worth of their data on a hacking forum. Postings by cybercriminals on the dark web also spotlight the use of stolen data as public leverage to get victims to pay.

Theft of data during a ransomware attack should be considered a data breach, even though many victims quietly rebuild systems and hope no interested parties ever find out. This is particularly concerning to companies that are required by law to launch a post-breach investigation and establish legal notification requirements. As cybercriminals go public with their ransomware attacks, victims who refuse to pay could face fines and penalties for failing to report breaches.

The security solution offered by Ostra layers top tier security appliances and services such as PaloAlto, FireEye, Cisco, Netskope and Splunk specifically designed to detect and prevent modern ransomware attacks. Partner with Ostra for Enterprise Grade Security to keep your data and business secure.

 

 

Ostra Cybersecurity

Phishing Attack: The Power of One Email

/in /by

Ostra Delivers Smarter Protection to Minimize Security Risks

All it takes is one unsuspecting employee to click a malicious link in a phishing email and attackers will have all the information they need to compromise a business.

Access is everything – and phishing attacks give attackers access. As an attack method, phishing is easy and it works. All it takes is a believable email to get people to click on, and a fake website to land on.  According to industry research, over one third of phishing messages get opened by targeted users.

It’s not surprising that one of the most prevalent ways attackers are breaching data is via phishing. With no sign of cyber attacks slowing down, it is important that anyone who operates in a digital world — which is nearly everyone — is fully awake to the threat posed by phishing attacks, and the consequences of failing to recognize and respond when an attack occurs.

According to 2019 trends, phishing emails are much more likely to have a malicious link than a malicious attachment. These links lead to impersonated websites designed to harvest credentials, trick the victim into installing malware, or inject drive-by exploits into vulnerabilities in the user’s browser. A majority of these websites appear safe to the victim because they use HTTPS and legitimate certificates.

In an indiscriminate attack, phishing emails contain links leading to fake websites impersonating popular brands such as Facebook, Apple, Amazon, Netflix or Paypal. This “spray and prey” tactic is used against a big list of email addresses with the a goal of successfully luring some of the many recipients.

A targeted attack involves an email that impersonates an organization known to the targeted group. Some common tactics in a targeted attack encourage the recipient to click a malicious link disguised as a holiday bonus from HR, an invoice from vendor, or a resumé matching open jobs. Criminals use the credentials gathered from this type of attack to access protected information — for example a list of bank customer names and email addresses — or to gain illicit network access for reconnaissance and future attack.

A single individual, usually a C-level, is targeted in a spear-phishing attack. The email impersonates someone known to the target and often achieves credibility by using details sourced from the target’s digital identity (social media). Fraud via wire transfer or fake invoice, ransomware injection, and theft of secrets are the high-dollar goals of a personalized attack.

A phishing response strategy is a modern necessity. Security awareness is a part of that response, but users are not a strong last line of defense in cybersecurity. Modern day attacks spawned by phishing emails often go undetected by traditional security solutions. Ostra’s Enterprise Grade Security solution provides the technical security controls necessary when the bad guys find a way to trick someone into clicking something malicious.

 

 

Ostra Cybersecurity

Major US Managed Service Provider Attacked

/in /by

Ostra Offers Access to Best-In-Class Security Products

One of the largest data center providers in the US, CyrusOne, was infected with ransomware yesterday which encrypted customer devices and network data. The same ransomware family was used in a rash of attacks earlier this summer, which included several managed service providers, local governments in Texas, and over 400 US dentist offices.

The attack caused a cloud service outage for at least one major CyrusOne customer, the financial and brokerage firm FIA Tech. At least five other large customers of their New York data center have also experienced availability issues due to encryption of their data and devices. A CyrusOne spokesperson said they are currently performing forensics to investigate the attack and help customers restore impacted systems. CyrusOne owns 45 data centers globally and has more than 1,000 customers. 

The data center provider does not intend to pay the ransom demand, “barring any future unforeseen developments.”

The ransom note indicated this was a targeted attack against CyrusOne’s network. Targeted attacks rely on single-use strains of malware specifically designed to avoid detection by signature-based antivirus solutions. Successful defense against this type of attack requires integrated prevention, detection and response tools that recognize and halt advanced threats. 

Managed Service Providers have increasingly become targets of cyberattacks. Even a relatively small MSP may offer attackers as many endpoints as a major corporation, and an MSP may not have the robust security capabilities that a large corporation has to prevent sophisticated cyberattacks. Earlier this year CyrusOne explicitly listed ransomware in an SEC Filing as a risk factor for its business.

To face the rising tide of targeted attacks, Managed Service Providers need to improve their security posture. Ostra’s Enterprise Grade Security solution gives MSPs access to best-in-class security services, such as FireEye and PaloAlto, which large corporations use to combat targeted attacks. Contact Ostra to learn how to protect your clients and MSP business.

 

 

Ostra Cybersecurity, Inc.
6101 Baker Rd, Suite 202
Minnetonka, MN 55345
contact@ostra.net
(866) 336-7872

Access our Partner Portal
Subscribe to Our Newsletter