Tag Archive for: cyber training

The Hidden Dangers of Insider Threats

Possibly one of the most underrated catalysts for a cyberattack is the insider threat. Take a look at some recent statistics:

  • An article by Identity Management Institute stated that 65-70% of all security incidents arise from insider threats to system and data security.
  • According to IBM Security Intelligence, 40% of insider incidents involve an employee with privileged access to company assets.

Many companies do not account for the damage that an insider threat could do. An insider threat can be anyone with access to an organization’s network, like employees, contractors, business associates, or friends. Insider threats are the biggest contributors to cyberattacks, especially in the last couple of years.

22% of all folders were available to every employee. (Varonis)

What is an insider threat?

An insider threat is anyone who has special access to the organization and can possibly use that access to attack or help hackers target the company. There are a few different types of insider threats to be aware of: malicious insiders, inside agents, emotional employees, reckless employees, and third-party users. Each one of these types of insider threats all could have access to an organization in some way and can use it to their advantage.

Insider threat attacks have only been growing in the past years and experts predict that number to skyrocket as more businesses switch to remote work. The increasing mix of remote, hybrid, and on-site employees means that companies must be extra vigilant about managing network access and permissions. Even the most loyal employees who retire or leave on good terms should no longer have access to company files or systems after their last day. In addition, it is important to ensure that dissatisfied or disgruntled employees—whether they are still there, or were recently laid off—cannot use their access in retaliation against the company.

“The overall cost of insider threats is rapidly rising. There is a 31% increase from $8.76 million in 2018 to $11.45 million in 2020”. (Cost of Insider Threats Global Report)

Online Hygiene

Although cybersecurity has become a loaded concept, it’s important to make cybersecurity a priority. Good online hygiene should be part of any organization’s onboarding or off-boarding process, but if it not, then take it upon yourself to exercise best practices to keep your company safe.

Some basic precautions include performing regular software updates and enabling MFAs. You can also contact Ostra to explore how a cybersecurity assessment can reveal what vulnerabilities you may have, and how you can stay ahead of threats.

Avoiding Apathy

How can companies best protect their data from insider threats? While it is tempting to succumb to either apathy or paranoia, neither of these extremes is the right approach. Rather, awareness that leads to action is the goal. You can read more about this approach in Ostra’s blog about data privacy.

How to protect against insider threats?

  1. Update and maintain the user access/privileges list and be aware of which employees have access and to what—especially as you are onboarding new employees or removing access from departing employees.
  2. Ensure sensitive/confidential information is not accessible by anyone who does not need it.
  3. Educate employees on insider threats and how they can help defend against a possible attack.
  4. Implement a cybersecurity program that can defend immediately against any lurking vulnerabilities.

Ostra Cybersecurity provides active defense protection for your businesses’ data and act immediately instead of monitoring and alerting as many antiviruses do. Ostra keeps everything up to date meaning the latest threats are already neutralized before they attack.

Want to find out more? Contact us today to see how Ostra can help you and your clients minimize risk from insider threats.

Ostra-small-business-security-tips-998x681px

Small Business Cybersecurity Tips

Many small businesses are currently struggling because of the pandemic. The last thing any small business needs now is a cyberattack, which could easily put a company out of business. So now more than ever there is a need for strong cybersecurity practices, especially in smaller businesses with less cybersecurity devoted resources.

60 percent of companies that are victims of a cyber-attack go out of business within six months. -NCSA

The average loss of a cyberattack in 2019 was around $200,000, which is a lot of money for a small business to pay. This helps to understand why so many companies struggle to succeed after a cyberattack.

These are some helpful tips to help improve cybersecurity in small business

Train your staff

Employee training is the first and one of the most important steps in maintaining quality cybersecurity. Your employees are the main entry point that hackers try to exploit. Hackers try to gain access through employees by tricking them with phishing and social engineering attacks. They also target employees who are working from home on unsecured personal internet networks. Business owners should train their employees to back up data regularly, avoid any suspicious links, and to report any possible phishing scams. Trained employees will reduce the risk of an attack and should be wary of any future attack.

A 2019 Accenture study found that 43 percent of cyber-attacks are aimed at small businesses but only 14 percent are prepared to defend themselves. This is alarming news especially since small businesses are a top-tier target for most cybercriminals. Shows just how many small businesses lack preparedness and how many need to quickly improve their security.

Find a cybersecurity solution

Perhaps one of the best ways to defend your business against cyber threats is to find and install a solid cybersecurity solution. Small businesses usually are short on cybersecurity resources, to begin with, and usually do not have dedicated IT/Cybersecurity experts. Which is why small businesses need a low-cost solution that is extremely effective.

Your business technology should be protected with anti-virus and anti-malware software, this will find and identify any threats to your business. These have security features that will make it harder for any information to be stolen. Every business should have a virtual private network (VPN) that hides your IP address, making it almost impossible for hackers to track you. VPNs are very useful and a necessity if you have employees working from home on unsecured networks. Email protection and maintaining a firewall are also highly recommended in the cybersecurity community.

Ostra offers an affordable and quality cybersecurity solution for your business, that incorporates the very best security tools to protect small/medium-sized businesses. We operate behind the scenes to protect businesses and their most valuable asset, their data.

We leverage known platforms such as FireEye and Palo Alto, to create a sphere of protection for your business and employees, no matter where they are located or what machine they are on.

Want to find out more? Contact us today!

Cybersecurity Awareness Month

October is Cybersecurity Awareness Month, Ostra is proud to take part in helping to create a safer and more trusted cyberspace for everyone.

History of Cybersecurity Awareness Month

Cybersecurity Awareness Month was founded by both government and industry to make sure every American consumer and business has the resources needed to stay safe and secure online. Originally, 17 years ago, cybersecurity month messages were about updating antivirus software and the threat of a “virus”. But as technology advanced, so did the efforts needed to educate people on growing cybersecurity threats.

Today, organizations of every kind, non-profit/for-profit, corporations, universities, small businesses, and other groups all participate in Cybersecurity Awareness Month. These groups all have one goal in mind, to educate their employees/customers/members on the importance of creating a safer, more secure internet for everyone. Awareness efforts today highlight the basics of keeping your technology and information safe. Companies and organizations share tips and tricks throughout October.

Cybersecurity Awareness Month Resources

To get involved and learn more about Cybersecurity Awareness Month, check out these cybersecurity focused partners.

The National Cyber Security Alliance (NCSA) builds strong public/private partnerships to create and implement broad-reaching education and awareness efforts to empower users at home, work, and school with the information they need to keep themselves, their organizations, their systems, and their sensitive information safe and secure online and encourage a culture of cybersecurity. https://staysafeonline.org/cybersecurity-awareness-month/

Information Systems Security Association (ISSA) is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk, and protecting critical information and infrastructure. https://www.issa.org/

The Cyber Security Hub is an online news source for global cybersecurity professionals and business leaders who leverage technology and services to secure the entire perimeter in their enterprise. https://www.cshub.com/

Ostra’s Cybersecurity 101

For those who are new to the world of cybersecurity or just need a refresher, check out our Cybersecurity Terms 101 post. We cover the basic terms that everyone should know to better protect their own devices and to help keep cyberspace safe.

Want to find out more about Ostra and how we can help your business? Visit Ostra.net or contact us today at protection@ostra.net

Cybersecurity Terms 101

October is Cybersecurity Awareness Month and a time to spread the importance of understanding cybersecurity and cybercrime. As cybersecurity evolves, so do the threats that come with it. To stay safe in today’s cyber world it’s important to understand all the different types of threats that could harm you and your business. Everyone is vulnerable to a cyberattack, not just businesses and computers, your personal devices like your phone, watch, and tablet can all be hacked. This is a shortlist of the many different cybersecurity terms that are important to know to increase your cybersecurity awareness.

Cybersecurity

Cybersecurity is the practice of protecting computer systems and networks from the theft of hardware, software, and data. Cybersecurity works in many ways to defend against all types through hardware, software, and even internal threats. Cybersecurity works as an immediate defense against all types of ways that cybercriminals try to attack.

Hacker

A hacker is someone who gains access to devices or networks by breaching defenses and exploiting weaknesses. Hackers are usually motivated by personal gain or just because they know how to, for fun.

Malware

Malware, short for malicious software, is any type of software that is designed to cause damage and gain access to a computer, network, or database. Examples of malware are computer viruses, ransomware, spyware, adware, and more.

Ransomware

Ransomware is a new and very popular form of malware that locks the users out of their devices and prohibits access to files. After locking the user out, the hackers behind the ransomware then demand an anonymous online payment (ransom) to get their data and device access back.

Spyware

Spyware is a form of malware that hides on a device or network and steals information discreetly without the user’s knowledge. Spyware is used to steal things like bank details and personal information.

Adware

Adware is a form of malware that also hides on your device and annoyingly makes advertisements pop up, usually on web browsers. The adware is meant to gain revenue for the adware developer by monitoring online behavior and spamming the user with targeted ads.

Phishing

Phishing is the practice of sending malicious emails that appear to be from a reputable company to trick victims into the opening and sharing their sensitive personal information. Usernames/passwords, bank account, and credit card details are the main targets for phishing scams. The elderly are one of the most targeted groups for phishing scams. Educate your parents/grandparents on how to avoid phishing scams!

Data Breach

A data breach is an incident that exposes sensitive and protected information, intentionally or unintentionally. A data breach is usually the result of a successful cyberattack, where the hacker then steals information to sell back for a ransom, sell on the dark web, or any other personal gain. Data breaches can force business operations to completely stop, which can cost a lot of money and lost profits.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

 

Ostra-largest-medical-cyberattack-998x681px

Largest Medical Cyberattack in US History?

Universal Health Systems is a major US hospital and healthcare provider that has more than 400 different locations throughout the country. The hospital system was hit with one of the largest medicals cyberattacks ever in the United States. Experts believe it could be the biggest ever.

The attack, that left the IT network offline across the 400 healthcare facilities, was reported as a security incident. The facilities had to resort to their back-up plan which includes offline documentation methods. Nurses had to work with pen and paper and could not access their medication system. Many reported that their computers either shut off on their own or slowly stopped working.

The way the entire system was compromised at once and many computers seemed to be taken over, makes this seem like a ransomware attack. Many experts are speculating that this is the case. We know that cybercriminals like to target healthcare systems because the probability of a ransom payment is higher. Hospitals would rather pay than have a patient become more injured, sick, or die due to a security incident.

Protect your business

To protect the organization, company IT security programs should be in the hands of professionally managed security teams or outsourced to managed security firms. Ostra Cyber Security is the professionally managed security team for your business. Managing everything from desktops and laptops, to tablets and BYODs, Ostra’s technology keeps everyone safe.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://bit.ly/30ov82h

Ostra-legislation-security-standards-998x681px

House Passes Legislation To Set Internet Of Things Security Standards

A new bill that was just passed will require that all Internet of Things devices purchased by the US government must meet set security requirements. Internet of Things devices is any everyday objects that connect via the internet to send/receive data. Things like smartwatches, smart home security devices, and wireless inventory trackers are all IoT devices.

This bill, called the IoT Cybersecurity Improvement Act, instructs the National Institute of Standards and Technology to enforce security standards that any government agency needs to follow when buying IoT devices.

“These devices must be secure in order to protect Americans’ personal data.” Rep. Kelly (IL)

Even though this bill doesn’t directly improve the security of millions of consumer Internet of Things devices that are already being used by Americans. Such as home voice assistants, smart TVs, and smartwatches. It is still a huge deal for long-term IoT security. Because government agencies are big customers, IoT manufacturers will have to adjust to meet the new standard if they want to keep their business. Most IoT manufacturers sell to the government and consumers, so it should encourage them to only follow one set of standards. Resulting in improved security standards for all future IoT devices.

Stay protected

This bill gives manufacturers 2 years to update their security standards. Some say this is too long of a wait considering there are currently millions of devices in the US that could be vulnerable to unknown or known exploits.

Ostra Cyber Security provides active network defense protection for your home or businesses’ Internet of Things devices and acts immediately instead of monitoring and alerting as many antiviruses do.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://washex.am/34euwxj

Companies are Looking for Affordable Cybersecurity Solutions

It is estimated that more than half of the US workforce has transitioned to remote working. With more people working from home businesses are way more vulnerable. This has really increased overall cybersecurity spending for companies.

58% of companies represented in a recent Microsoft survey have increased their cybersecurity budgets in response to the pandemic.

Companies have spent the last months working overtime to meet business goals while also protecting the business from new and dangerous threats. Even though many companies are spending more to play defense, many are still being impacted by social engineering attacks, like phishing scams. Phishing scams have only become more popular as employees are now working on personal networks and devices.

Companies are Struggling with Complex Cybersecurity Programs

The COVID situation has made companies rethink their cybersecurity approach. Now companies are finding ways to increase the efficiency of their cybersecurity while also simplifying them.

“Companies are looking for simplicity, to date, security is too complicated.” – Andrew Conway, GM for Microsoft’s security marketing

Companies are struggling with complex and hard to use/install cybersecurity programs that use many different security tools from different vendors. Many programs require too much set-up or maintenance work. Companies and cybersecurity managers are looking for an affordable cybersecurity program that simplifies cyber defense and protects what matters.

Businesses NEED a simple and affordable cybersecurity program in place

Ostra is your cyber-security-solution that offers a 360 degree, 24/7 protection that works seamlessly in the background, protecting sensitive data and communications at every access point. Ostra Cyber Security is a software solution that knits together the top security solutions in the industry. We leverage known platforms such as FireEye and Palo Alto, to create a sphere of protection for your business and employees, no matter where they are located or what machine they are on.

Want to find out more? Contact us today!

Financial Sector is the Most Targeted During Pandemic

Cybercriminals are attacking businesses like never before, and they have way more of an interest in the financial services sector than in past years. The pandemic has caused difficult financial situations for many, that includes cybercriminals too, which is why they have their targets locked on the most lucrative sector.

Remote work is part of the reason for the sudden spike in financial sector related cyberattacks. Experts highlighted remote access inefficiencies, due to the increase in the number of people working from home, as the greatest security challenge. They also mentioned virtual private network (VPN) vulnerabilities as another security challenge. These are challenges for every business but especially for remote workers in the financial sector, who must protect more sensitive information.

The financial sector was the most commonly targeted sector, receiving 51% of attacks. This was followed by healthcare (35%), professional services (35%) and retail (31%).

Because organizations in the financial services industry are entrusted with highly valuable and personally identifiable information, they are an attractive target for cybercriminals. Businesses in the financial sector have the most valuable information for cybercriminals. Such as social security numbers, bank information, insurance information, names, contact information, and addresses. All this personally identifiable information can sell for a high price on the black market.

A cybersecurity company has reported a 238% increase in cyberattacks between February and April 2020. With the financial sector receiving a majority of pandemic attacks, a cybersecurity solution is essential in the fight against cybercrime.

Protect your business from the rapid increase in cyberattacks on the financial industry

Ostra is your cyber-security-solution that offers a 360 degree, 24/7 protection that works seamlessly in the background, protecting sensitive data and communications at every access point. We offer a secure VPN connection to protect your remote workers. We also offer email protection, to protect against one of the financial sectors’ biggest threats, phishing scams.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://yhoo.it/3bmcZqa

Financial Sector Cybersecurity Spending Up 15% in 2020

Banks and other financial service-related businesses are spending 15% more this year to defend against cybercrime.  The pandemic and remote working are influencing this change in spending, and the number will keep increasing, a survey found.

The average spending per employee in 2019 was $2,337. That number has increased to $2,691 per employee in 2020. For example, a company like Wells Fargo with thousands of employees is paying $850 million annually on cybersecurity. This change is due to the increased need for effective cybersecurity that can defend against cyberthreats no matter where the employee is located. The financial services industry on average pays the most per cyberattack than any other industry.

The financial services industry takes in the highest cost from cybercrime at an average of $18.3 million per company surveyed. (Accenture)

Since the financial sector is one of the most targeted it makes sense that overall cybersecurity spending has only increased in the last 5 years. The sector has also been the most targeted sector in the last few years as well.

Improve your cybersecurity without breaking the bank

With cybersecurity spending only going to increase nationally in the next years, it is important for your business to keep systems up-to-date and secure. Ostra is a software solution that knits together the top security solutions in the industry. We leverage known platforms such as FireEye and Palo Alto, to create a sphere of protection for your business and employees, no matter where they are located or what machine they are on.

Comprehensive cybersecurity made simple & affordable.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://bloom.bg/2Z4407W

The Biggest Cyberattacks on the Financial Services Industry

The financial services industry is one of the most targeted out of all industries for cybercriminals. It is the most lucrative industry for cybercriminals to attack, which is why it is the most important to defend. These are a few of the biggest cyberattacks in recent years.

The Capital One Data Breach

In March of 2019, a hacker gained access to the Capital One server by a misconfigured firewall. The hacker could access credit card applications all the way back to 2005. It took Capital One 4 months to detect the breach. In July of 2019, Capital One found that a former tech worker gained access through the vulnerability and had been stealing data since March.

What was exposed?

According to Capital One, 140,000 social security numbers and 80,000 bank accounts were leaked in the United States. Over 1 million Canadian social insurance numbers were also exposed. The exposed data cost Capital One, hundreds of millions of dollars in damages.

How they could have prevented it?

Experts agree that this attack was very preventable if Capital One had correctly configured their firewall and ensured there were no vulnerabilities. A cybersecurity program like Ostra helps prevent data breaches by always running seamlessly in the background and protecting all digital entry points. Ostra detects and responds immediately to any threat.

The First American Financial Corporation Breach

Last May, the website for First American Financial Corp. was breached by hackers. The breach occurred due to an error in the backend of their website, specifically in the document management system, making it easy for any hacker to access. Being a financial company, their servers are full of private and extremely sensitive information dating back years.

What was exposed?

It is reported that the data breach exposed over 885 million financial records related to real estate deals. All the way back to 2003, that’s 18 years of sensitive information. These documents were made viewable to absolutely anyone. The leaked documents included emails, phone numbers, names, addresses, and financial information.

How could they have prevented it?

Penetration tests conducted by First American found this vulnerability in 2018 but failed to prioritize the fix for it. The company failed to patch any weaknesses, and they really paid for it. Not only did this breach cost them millions in damages, but they could be facing steep fines for rule violation by financial regulators. First American could have prevented this issue if they acted immediately instead of waiting to secure their weak spots. Websites are a huge vulnerability for the financial services industry, as they are the gateway to data breaches like this one.

Ostra’s cybersecurity solution can prevent weak spots from being exposed. Ostra allows systems to update & patch automatically with no business interruption or end-user engagement needed.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

Source:

https://bit.ly/2QKQp0N

https://bit.ly/3hQ77rC

Tesla Employee Prevents Massive Ransomware Attack

Ransomware attack on Tesla

A Tesla employee working in a Gigafactory in Nevada was offered a $1 million bribe to help a hacker install malware into the Tesla computer systems. The hacker who has since been arrested is a Russian citizen by the name of Egor Igorevich Kruichkov. This attack was well planned out by the Russian hacker, as the Tesla worker who he contacted was also Russian and spoke it too.

The Tesla worker met with Kruichkov in early august after being contacted but didn’t know the reason for the rendezvous. After meeting, Kruichkov asked the Tesla employee to help him install malware that once installed, would launch a massive DDoS attack. Which would effectively allow the hackers to occupy the Tesla system, giving them access to steal sensitive corporate data. The hackers would then hold the data until the electric car manufacturer pays big. Kruichkov mentioned that a reward of $1 million would be sent to the Tesla worker in cash or bitcoin.

Enter the FBI

Kruichkov and the hacking group could only hope that the worker would accept the offer. However, the results did not favor the Russians. As soon as the Tesla worker left the meeting he contacted the FBI who then, with the help of the Tesla worker, communicated with the Russian hackers and got as much information as possible. The FBI discovered that the Russians were the ones responsible for the recent $4.5 million ransomware attack on CWT travel.

On August 21st the hacker contacted the Tesla employee and said “the project was delayed” and said he was leaving the area. The FBI followed and arrested the Russian hacker the next day during a failed flee attempt.

This Tesla employee prevented a possible cyberattack on Tesla that could have cost them millions of dollars. Not just in ransom payments but also in the lost operating time that could cost way more than the ransom.

Protect your business from ransomware attacks

Ostra Cyber Security provides active defense protection for your businesses’ data and acts immediately instead of monitoring and alerting as many antiviruses do. Ostra keeps everything up to date meaning the latest threats are already neutralized before they attack.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://bit.ly/3hH961h

Ostra-cybersecurity-in-education-998x681px

The Challenge of Cybersecurity Education at Colleges

Colleges around the nation have dealt with an increase in pandemic-related cyberattacks. Colleges have always been a target for many cybercriminals as they hold a lot of sensitive information and research, which are valuable on the dark web. With the increase in attacks, many college security chiefs say the real challenge is educating professors and students on cybersecurity training and data protection.

Many of the attacks have been targeted towards medicine schools that conduct COVID-19 related research. The academic community has always worked together and relied on shared information, which is what makes training difficult.

“In an environment where it is intrinsic for our people to say, ‘Give away the information,’ there’s also a national interest in keeping it protected, too. It’s a super delicate balance,” -Erik Decker, CISO at University of Chicago Medicine

Mr. Decker says that the overall solution includes educating the students and any faculty on cyberattacks and how they work. As well as what the best security practices are even though they might add more time to the research process. Emphasizing the idea of data protection is necessary.

Importance of data protection

Most organizations are experiencing an increase in pandemic related cyberattacks currently. However, many companies fail to properly train their employees or install a cybersecurity program, which creates a huge vulnerability for the company. This is why a cybersecurity solution is necessary no matter the size of the company, big or small.

Ostra Cybersecurity prevents problems before they happen. Ostra operates behind the scenes to protect businesses and their most valuable asset, their data.

Want to find out more? Contact us today!

Cybersecurity Challenges and Concerns of Remote Working

A new report by Malwarebytes wanted to investigate the new normal of working from home (WFH). They measured the immediate reaction to the pandemic and also businesses’ future cybersecurity strategy. The cybersecurity company surveyed more than 200 executives and managers in IT and cybersecurity roles at US companies.

Organizations’ challenges to remote working

Switching to working from home created a new set of challenges for companies. The biggest challenge for most was maintaining efficient cybersecurity, especially those who had already been facing cybersecurity threats before the pandemic.

55% of the respondents said their biggest challenge was training employees how to work from home securely and compliantly.

Image: Malwarebytes

Biggest cybersecurity concerns

There are a lot of concerns for IT and cybersecurity managers/executives with the switch to remote work. Many of the concerns involve the inevitable increase of ransomware and malware attacks overall. Many employees do not have proper cybersecurity training and don’t know how to avoid common cyberthreats, like phishing scams. Employees also lack cybersecurity protections for their home devices and ISP.

45% of respondents say their biggest concern is other individuals who have access to an employees device and may inadvertently compromise it.

Image: Malwarebytes

Protect your business, keep your employees secured

Human mistakes are inevitable and its what cybercriminals depend on to exploit and hack a business. These mistakes are much more likely to happen when employees are working from home. It is important for your business to manage and secure the scattered endpoints, which are your employees. Working from home could be the new normal for a long time, consider using an affordable and effective cyber-security program.

Ostra specializes in protecting business data for remote workers with elite security using Fortune 100 caliber tools. Managing everything from desktops and laptops, to tablets and BYODs Ostra’s technology keeps everyone safe.

Want to find out more? Contact us today!

Ransomware Gang Attacks Billion-Dollar U.S. Liquor Maker

The hacking group called REvil ransomware, who have hacked numerous million-dollar companies, have hacked and encrypted Brown-Forman. Brown-Forman is a top U.S. based liquor maker with brands like Jack Daniels, Finlandia Vodka, Early Times, and Old Forester.

The REvil gang reportedly had access to Brown-Forman’s systems for over a month. They were able to completely explore any system/device they had access too. Even the company’s cloud services were exposed. A Brown-Forman representative has claimed that they detected the attack early enough that no data could have been encrypted.

Even though the Liquor company stopped the attack before any encryption took place, the hackers claim to have stolen a terabyte of data. The REvil gang is using this data to hopefully extort Brown-Forman and get paid.

“Screenshots posted by REvil provide a glimpse into the full scope of the breach. Internal communications, financial documents, contracts and personnel data all appear to been accessed”.

A Brown-Forman representative has said some information included employee data. Employees at Brown-Forman now have a huge increase in risk for identity theft or attacks on personal accounts. This is a big reliability for the company. REvil hackers believe that the company will end up paying. The hackers could be right, especially if they start to leak files to force payment, as they have done before.

REvil Ransomware

REvil ransomware has been a threat to many smaller companies in the past. Recently, however, this ransomware group and others alike have been targeting governments and billion-dollar corporations. These ransomware attacks are growing worse by day as hackers develop increasingly more sophisticated ransomware strains. REvil has recently started to auction off stolen data on the dark web and is one of the first hacking groups to popularize it.

Protect your company from ransomware

Ostra Cyber Security provides active defense protection for your businesses’ data and acts immediately instead of monitoring and alerting as many antiviruses do. Ostra keeps everything up to date meaning the latest threats are already neutralized before they attack.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://bit.ly/3aCaL5E

Cloud Service Costs Rise During Pandemic

The COVID-19 pandemic has increased the need for cloud computing services. Companies are racing to meet the demand for cloud computing tools needed for their remote workers. While also battling the rising costs of the cloud. There are a lot of company budgets being stretched as companies search for more affordable cloud costs.

“The corporate shift to the cloud has accelerated, with businesses last year spending an estimated $96.4 billion on cloud infrastructure services”

This cloud usage boom has positively impacted the big cloud companies like Amazon, Microsoft, and Alphabet Inc. The cloud services industry leader, Amazon, said its cloud usage grew 33% in the first quarter to $10.22 billion. This is good for cloud providers and the cloud industry. However not for the companies who need to expand their cloud usage while struggling with the economic impact of the pandemic.

The biggest companies pay hundreds of millions of dollars every year for their cloud services. Many smaller companies’ cloud budgets are being optimized to decrease the financial strain from the pandemic. These businesses are finding that they are overestimating their needs and have been paying too much. Companies have found that their cloud bills have increased even when the cloud use decreases because “the applications had to be kept running”.

Experts recommend keeping your cloud budget updated and tuned up. Cloud providers can charge plenty of hidden fees which makes it important to know how much your business needs and how much you are paying for.

Ostra not only specializes in protecting business data for remote workers with elite security but also keeps costs affordable and makes budgeting predictable.

Want to find out more? Contact us today!

 

Cybersecurity Training Company SANS Hit by Phishing Attack

The cybersecurity training company SANS has fallen victim to a data breach. The attack started after a successful phishing scam against one of SANS employees. The breach compromised over 28,000 records of personal identifiable information, like names, emails, phone numbers, and addresses. No sensitive information like credit card info or login credentials were exposed.

The cybersecurity training company detected the breach during a systematic review of its email configuration. Where they found that 513 emails were forwarded to an unknown email address. This means that the company did not even know there was a breach until they found it on accident. “After finding the activity, SANS said it’s IT and security team deleted the forwarding rule as well as a malicious O365 add-in”. This breach is surprising for a company like SANS, whose employees should be very informed and alert to phishing scams.

This incident shows that no organization is immune from a cyberattack, even companies that specialize in the information security industry. Phishing attacks rely on human error which is what makes social engineering attacks so dangerous to organizations. If an employee at a cybersecurity training company can fall victim, then so can anyone else.

Many employees are working from home which can make it hard to conduct the cybersecurity training necessary.

”With remote working, the proper training is more essential than ever. In the case of phishing attacks, training should include phishing simulations where employees are taught how to respond to suspicious emails.”

Even with extensive employee training, training just isn’t enough.

Protect your business with a cybersecurity solution

With today’s increased risk of a phishing scam it is important to have cybersecurity that will protect your network and information immediately when faced with a threat. Your business has a greater chance now than ever to be targeted for a phishing scam or worse. Ostra Cyber Security provides active defense protection for your businesses’ data and acts immediately instead of monitoring and alerting as many antiviruses do.

Ostra protects your company from all threats including the number one way attacks can happen; email.

Want to find out more? Contact us today at protection@ostra.net

News Article

Twitter Could Pay $250 Million for Using Private Information for Advertising

Twitter could be paying a hefty fine to the U.S. FTC for its use of private information (phone numbers and emails) in targeted advertising campaigns. This fine comes after the FTC filed a complaint against Twitter for using “phone number and/or email address data provided for safety and security purposes for targeted advertising during periods between 2013 and 2019”.

Many Twitter users have voluntarily submitted both their phone number and email to better secure their accounts with two-factor authentication. Usually when creating an account. But the users had no idea their information would be used in advertising campaigns. Twitter has now stopped requiring users to submit their phone number.

Twitter has said that its most recent breach has affected its business with advertisers. This is an issue that has occurred with many other social media companies, for example, the Facebook-Cambridge Analytica data scandal.

Protect your email

Email inboxes are the most common entry-point for ransomware attacks. Twitter being caught distributing private information like email addresses means that cybercriminals most likely have access to this information now too. Especially with the recent Twitter data breach, nobody knows what kind of information has been stolen.

Ostra protects your company from all threats including the number one-way attacks can happen; email.

https://bit.ly/31JvX5v

Travel Management Firm CWT Pays $4.5 Million to Hackers

The US business travel management firm CWT just paid a $4.5 million bitcoin payment to hackers who stole terabytes of information. CWT claims that the hackers stole sensitive corporate files and put 30,000 computers offline. CWT represents more than 1/3 of companies on the S&P 500, which makes them a very valuable target for hackers.

Ransomware. Why did it have to be Ransomware?

Just like Indiana Jones hates snake’s, business executives hate ransomware. When ransomware is used by experienced hackers it can be very effective and can give all the leverage to the criminals, leaving businesses stuck with limited options. A majority of the time the hackers end up getting paid, which is why ransomware is a CFOs worst nightmare. In the case of CWT, the strain of ransomware used was called “Ragnar Locker” which encrypted computer files and made them useless until the ransom was paid. The hacking group originally asked for a $10 million payment, but a CWT negotiator brought the ransom to $4.5 million instead.

CWT was quick to pay the hackers as they wanted their systems online and sensitive information returned. On July 28th a bitcoin payment for 414 bitcoin or $4.5 million US dollars was paid to the hacking group and the attack was over.

Cybersecurity experts say that paying ransoms encourages future attacks, but these situations leave business executives with a difficult decision.

Protect your business from ransomware

Ostra Cyber Security provides active defense protection for your businesses’ data and acts immediately instead of monitoring and alerting as many antiviruses do. Ostra keeps everything up to date meaning the latest threats are already neutralized before they attack.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://nyti.ms/2DAnObP

 

Hospitals Face Wave of Cyberattacks Trying to Crash Websites

The healthcare industry has been one of the most targeted industries during the COVID-19 pandemic. With cybercriminals trying to steal COVID vaccine-related information or disrupt hospital operations in the hope of receiving a quick ransom payment. The healthcare industry currently has the largest number of cybersecurity openings of any other industry.

Researchers have said that hospitals dealing with many COVID-19 patients have had a giant increase in DDoS attacks. DDoS attacks, or Distributed Denial of Service attacks, are when cybercriminals attempt to overwhelm and crash websites by flooding the server with millions of rogue requests. These attacks can crash systems for hours or even days and are used in blackmail schemes or distraction methods.

This specific cyberattack on these hospitals came from over 300,000 different IP addresses. The attacks took place on hospitals in the US, Germany, Canada, and the UK.

Protect your business and your employees working from home

Numbers don’t lie, and the possibility of your business falling victim to a cyber-attack has never been higher. Protecting your business and sensitive data is a priority in the era of cybercrime.

Ostra Cyber Security offers a total solution for cybersecurity that combines Fortune 100 tools and is easy to deploy without needing to purchase any hardware.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://bit.ly/30HrxNv

Remote Work Boosts Cybersecurity Hiring

It is estimated that more than half of the US workforce has transitioned to remote working. With more people working from home businesses are way more vulnerable. This has increased the need for cybersecurity-related positions.

According to LinkedIn, there were 261 thousand open cybersecurity positions in April, 244 thousand in May, and 348 thousand in June. This has made the Cybersecurity and IT job market one of the top performers since the start of the pandemic. The sectors with the biggest need for cybersecurity positions have been Healthcare, Financial Services, IT and Services, and Retail.

Businesses NEED a cybersecurity plan

The threat of a cyberattack grows every day, especially if you’re a business that operates with remote workers. Cybercriminals are more active than ever, and they target the weakest links who do not have a good cybersecurity program/team in place.

Ostra is your security team of experts, without having to hire a full-time cybersecurity role. We manage and update the technology daily. Use your budget wisely and let the experts keep you safe.

Want to find out more? Contact us today!

Connected-Car Cyberattacks Have Doubled Since Last Year

There are more connected cars on the road every year than ever before. Even though these cars make everyday life more convenient for consumers, they are way more likely to be targeted in a cyberattack than traditional cars. It is estimated that connected car cyberattacks have doubled in the last year alone.

The average connected car has over 150,000,000 lines of code

A cyberattack is more likely to occur when there are more lines of code for hackers to attack. Hackers only need a small portion of the code to gain access to all the data available.

Recently Nissan had to shut down one of their connected car apps after security testers found a vulnerability. Cybercriminals “were able to connect to the car via the internet and remotely control the car’s heated seating, fans, air conditioning, and heated steering wheel”. This means that cars could have their battery drained without the owner realizing it.

Keyless Theft

The main way that theft of connected cars occurs is through the keyfob. Most thefts occur while the car is parked at the owner’s house, and the thieves don’t even need the key. By amplifying or duplicating the signal from the car key inside the house, they can trick the car into thinking the key is being used. When successful, thieves can steal cars in under 30 seconds.

Stay Protected

Protect yourself and your connected car by only downloading official apps, keeping your car software up to date, and limit the personal data you trust your car with.

Ostra Cybersecurity extends multiple layers of protection around your network, hardening the defenses and creating active barriers preventing criminals from exposing any lurking vulnerabilities, like installing malware and taking control of your car.

Want to find out more? Contact us today!

Vulnerability in Website Builder Exposes 700,000 sites

In late July, a threat intelligence team found a vulnerability in themes by Elegant Themes. The themes were Divi, Extra, and the WordPress plugin, Divi Builder. These products combined are downloaded on over 700,000 websites.

The vulnerability allowed attackers the ability to upload PHP files onto any website with the programs downloaded. The attackers also used remote code execution on the website servers.

Elegant Themes is the company that created Divi and Divi Page Builder. These are website editing tools that make website design easy and completely customizable. Divi editor users can import and export page templates with ease, however, this is where the security issue was found. The import/export feature was missing a server-side verification check, which means that the server function that determines if a file is safe was not working.

“This flaw made it possible for authenticated attackers to easily bypass the JavaScript client-side check and upload malicious PHP files to a targeted website. An attacker could easily use a malicious file uploaded via this method to completely take over a site.”

This vulnerability has been patched completely in a new update released in early August. It is recommended that any company using these website builders, updates immediately.

Protect against vulnerabilities

Ostra Cyber Security extends multiple layers of protection around the Internet Service Provider hardening the defenses and creating active barriers preventing criminals from exposing any lurking vulnerabilities.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://bit.ly/2PnOeQ9

Garmin in Trouble for Paying Ransom

The GPS company Garmin became the victim of a ransomware attack late July. The suspected hackers, known as EvilCorp, encrypted a lot of company data and attached a ransom note to each file. The ransom note had directions to email one of two email addresses to get a price for the encrypted data. Garmin confirmed that the price was around $10 Million for the decryption key.

Garmin has paid the ransom to get their stolen information back. There is no official explanation yet how Garmin paid the hackers. But now Garmin could be in more trouble for paying the ransom. This time with the United States Government.

EvilCorp is on a US sanction list

Because the hacking group is on a US sanction list, that makes any transaction illegal and a punishable offense. Garmin reached out to a cyber response company, but the company refused due to legal implications.

Eventually, Garmin found a cyber response company that would help them with the transaction and securing their stolen data. The company, Arete IR, is confirmed to have assisted Garmin but no official statements have been released about the payment.

Even though Garmin was faced with no other choice but to pay the ransom, the company may be facing more punishment by the US government if the hackers are confirmed to be EvilCorp.

Protect your business

Ostra eliminates the human errors that can lead to a ransomware attack by preventing the phishing emails, suspect inquiries, and social engineering campaigns from reaching employees. Ostra will help secure your network and keep your businesses private data out of the hands of cybercriminals.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://bit.ly/3k94LWd

Cybersecurity is a Business Decision

Today, many companies struggle with their cybersecurity budget. Either not spending enough or spending too much, both issues result in unreliable cybersecurity.

Several CISOs have said that their cybersecurity budget comes from the ROI and contribution it adds to the business. Making sure the business is secure while creating growth and profit is what makes cybersecurity a business decision.

When cybersecurity spending is not calculated and not part of a solid business plan, many endpoint security issues arise. Businesses need to track the effectiveness of their cybersecurity to define the ROI and create a budget.

“More than one of every three enterprise devices had an Endpoint Protection (EP), client management or VPN application out of compliance, further exposing entire organizations to potential threats”.

Businesses must keep their devices up to compliance otherwise the risk of a breach is imminent. Especially as most workers are remote which makes network security much more difficult to maintain.

Ostra keeps everything up to date meaning the latest threats are already neutralized before they attack.

Want to find out more? Contact us today!

Blackbaud Pays After Ransomware Attack

Blackbaud, one of the largest providers of fundraising technology to nonprofits, universities, and other charities was hacked. After a ransomware attack left important data encrypted, Blackbaud was forced to either pay the ransom or let the data be sold to other cybercriminals. Blackbaud paid in Bitcoin and received confirmation that the data was destroyed.

It is unknown how much was paid to the hackers, but the ransom was not paid until there was sufficient proof that the data was destroyed. Blackbaud officials say that credit card info, bank account info or social security numbers were not stolen. To ensure the privacy of its customers, the company hired outside-experts to monitor the internet and dark web. To make sure that no information was released or sold by the hackers.

Blackbaud is the target of millions of cyberattacks each month

The company follows the industry best practices and they conduct aggressive tests on the security of their systems and infrastructure. They are a part of many Cyber Security related organizations. Officials claim to have implemented additional security measures to prevent this from happening again.

This is the second time this year that a major provider for the nonprofit sector was hacked. Earlier this year MIP, a financial software company, was hacked and users were locked out for 3 weeks.

Protect your data

Ostra Cyber Security provides active defense protection for your businesses’ data and acts immediately instead of monitoring and alerting as many antiviruses do. Ostra keeps everything up to date meaning the latest threats are already neutralized before they attack.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://bit.ly/3jYC0eL

Twitters Biggest Threat: Its Own Employees

Twitter demonstrated an example of the biggest cybersecurity threat that companies cannot defend against. Their own employees.

When Twitter was breached mid-July, many highly followed blue checkmark accounts became pawns in a coordinated bitcoin scam. Some accounts included Joe Biden, Elon Musk, Jeff Bezos, even the Twitter Support account. It took twitter multiple hours to contain the breach, while the hackers received over $115,000 in bitcoin transfers.

Twitter tweeted, saying the breach was “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools”. What that means is that the attack was not through malware or a technical problem, but an employee let it happen.

Humans are the biggest threat to cybersecurity

Twitter told a tech-focused news website that whoever was behind the breach had gained access from an employee. An employee who was paid and willingly gave the hackers access. Insider attacks like this are common, and a huge threat since humans are unpredictable compared to technology. You can apply updates and fix cybersecurity tech, but you cannot fix humans who would turn on their company for a handful of cash.

35% of attacks are insider attacks — SpectorSoft

Insider attacks occur more often when the economy and job market are in poor condition. A pandemic is a perfect time for hackers to target employees who need money.

Ostra protects against known and unknown threats even when they come from inside.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://nbcnews.to/2De2ubx

Garmin Hit by 4-Day Ransomware Attack

The navigation company became the victim of a ransomware attack on Thursday. The attack left many Garmin systems offline, including fitness apps, aircraft navigation systems, and customer service centers. Garmin factories had to close production lines, and planes that use Garmin navigation were grounded.

The attack completely crippled the navigation company. A cybersecurity company reported that Garmin’s IT department shut down all the company’s computers, including employee computers at home. Anything connected to the Garmin network, even by VPN, was cut off to stop the ransomware from spreading through the network.

10 Million dollar ransom

Garmin employees say that the attack was due to WastedLocker ransomware. The hackers encrypted a large number of company files, with a ransom note attached to each file. The ransom note has directions to email one of two email addresses to get a price for the encrypted data. Garmin has confirmed that the price was $10 Million for the decryption key.

The attack lasted 4 days, with Garmin systems becoming operational again on Monday (July 27th). Currently, it is not known whether Garmin paid the $10 Million, but the real price was paid in the number of lost profits from 4 days of operation.

Protect your business

Ostra eliminates the human errors that can lead to a ransomware attack by preventing the phishing emails, suspect inquiries, and social engineering campaigns from reaching employees. Ostra will help secure your network and keep your businesses private data out of the hands of cybercriminals.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://bit.ly/3g7FdX3

Why One Data Breach Can Lead to More Cyber Attacks

Recently, cyberattacks have skyrocketed during the COVID-19 pandemic, which is a huge issue in the long run. Most businesses have become too used to these attacks, and usually, disregard the long-term effects that the breach has caused. Especially when gigabytes of personal customer information is stolen and posted on the dark web.

Personal Details Can Lead to Endless Threats

When a business becomes the victim of a data breach, usually they can pay the hackers and get the data back. But that is when the real threat starts. The business will do damage control and send out emails to their affected customers. The goal of the email is to establish a perception of safety and security. Even though the business has no idea who has access to their customers’ information.

The data that is lost in these incidents, like stolen personal data, lead to ransomware or “man-in-the-middle” breaches in the future.

“Ransomware exploits can arrive in email, text, messaging and social engineering. The success of these attacks counts on the appearance of legitimacy, which is why they often offer links, attachments, and messaging from familiar sources, sites, and people”.

The more personal information gathered from past breaches, the more likely they are to be the target of a social engineering attack. With loads of information, it’s easy for a hacker to pretend to be a close associate.

Data leaks that occur today may not even be harmful for years to come. As personal information is being sold, traded, and bought all over the dark web, long term security issues will emerge. Private information gathered throughout the next 5 years could help cyberattack hold an entire business network hostage.

Protect your customer information

To protect the organization, company IT security programs should be in the hands of professionally managed security teams or outsourced to managed security firms.

Ostra is the professionally managed security team for your business. Managing everything from desktops and laptops, to tablets and BYODs Ostra’s technology keeps everyone safe.

Want to find out more? Contact us today!

Outdated Budgets are a Threat to Business Cybersecurity

Its 2020 and business are operating online more than ever before. But many organizations are looking to decrease their overall spending as things move online. That is an issue for cybersecurity teams who are expected to keep the same security, now with more vulnerabilities, while on a lower budget.

Cybersecurity budgets are usually the first to get cut, even in a pandemic when phishing attacks have increased more than 600%. One of the biggest issues that companies are facing is the lack of funds for an up-to-date cybersecurity team/program.

“Cybersecurity budgets aren’t revised for current threatscapes. Even though many organizations are still in the midst of extensive digital transformation, their budgets often reflect the threatscape from years ago”.

When cybersecurity budgets aren’t updated, so are the old security systems and programs. Hackers can easily take advantage of a security system when they use tools that are more updated than the system they’re attacking.

Stay Updated

Ostra Cyber Security is your security team of experts. We manage and update the technology daily. Use your budget wisely and let the experts keep you safe.

Want to find out more? Visit our website or contact us today!

 

Hackers are Selling Your Data to the Highest Bidder

It is never a good situation when data is stolen by hackers. In the best-case scenario, the victim would pay the ransom and hope the hackers give back and delete the data. But that is not typically how it goes.

Usually, if the victim does not pay the ransom, the data is auctioned off on the dark web for the highest bidder. Sometimes even if the victim pays to get the data back, the hackers will still sell the data online.

How is the data auctioned off?

Researchers at a cybersecurity company have published a report that shares the details of these dark web data auctions. Once the data is put up for auction, anyone with dark web access can bid on it. No identity proof is required, only a simple CAPTCHA checkpoint. The highest bid must be paid in cryptocurrency, which is untraceable.

The company discovered many listings on the dark web. A simple 50 gigabytes of sensitive files and data from a U.S. law firm are sold for $30k. The most expensive found was a full library of trade secrets, patents, and executive-level communication history, all for the price of $1.2 Million.

“Email inboxes are still the most common starting point for ransomware attacks. Being able to identify a phishing message could keep your secrets from being spilled to the highest bidder”.

Cyberattacks are only increasing and victims are paying the ransoms. Cybercriminals have no reason to stop attacking, especially when they can make a fortune from one successful phishing email.

Protect your data

Ostra protects your company from all threats including the number one-way attacks can happen; email.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://bit.ly/3jtMuTl

What a Cyber Attack on the Energy Sector Could Mean

Even though the energy sector faces the same threats as every other sector, an attack on the energy industry could cause the most damage. A cyber-attack targeting a major power grid could completely shut down an entire economy. The attack could be so widespread that it could knock out the power for many large cities, resulting in disastrous damages.

In 2016, a Russian hacking group is believed to have attacked the Ukraine power grid. Resulting in the loss of power in Ukraine for a long duration. This example is evidence that there are many cybercriminal organizations that have the power to take away energy for an entire population.

“If one country wants to inflict major damage on another, they don’t need to drop bombs. All they need to do is hack into their power grid.”

Just one successful phishing email or a hidden security issue and an entire power grid can be attacked. Even if your business is not an electric company with access to a power grid. You still have something that cybercriminals want access to, and they will try their best to get it.

Protect yourself with Ostra Cybersecurity

Ostra protects your company from all threats including the number one way that attacks can happen; email.

Want to find out more? Contract us today!

Android Faces New Security Threat, Malware That Spreads Itself

Self-Spreading Android Malware

There is a new type of malware that has recently appeared on Android phones throughout the world. This malware can steal personal information, bank details, and can read your text messages. Once the phone is infected, it uses the user’s contact list to spread itself through text messaging.

FakeSpy Malware is linked to a Chinese-speaking cybercriminal group called ‘Roaming Mantis’. There have been other campaigns of this malware in the past. However, it is always evolving and is updated to stay undetected by updated security measures.

Recently Android users in the US, UK, Germany, China, and others have been under threat of this new malware. The attack starts through a phishing campaign, users receive a message related to a missed package from the post office. The link then leads them to download a fake app that appears to be the real post office app. Once the app is downloaded and users have granted minimal access, the data-stealing begins. Once the app is downloaded, the page even redirects to the actual website to appear more authentic.

Once the phone is infected, FakeSpy can steal all personal information on the phone, including all text messages sent & received. The malware spreads itself too, by using the stolen contact list, it sends the fake delivery message to all the user’s contacts.

Protect against phishing attacks

With phishing scams like this always being sent between phones, it is important to have cybersecurity that will protect your network and information immediately when faced with a threat. Your business and employees have a greater chance now than ever to be targeted for a phishing scam or worse.

Ostra Cyber Security provides active defense protection for your businesses’ and employees’ data and acts immediately instead of monitoring and alerting as many antiviruses do.

Want to find out more? Contact us today at protection@ostra.net

https://zd.net/32AhWci

Many High-Profile Twitter Accounts Simultaneously Hacked in Bitcoin Scam

Many popular twitter accounts have been hacked in a giant bitcoin scam. The accounts include Bill Gates, Joe Biden, Barack Obama, Warren Buffet, Bitcoin, Elon Musk, Jeff Bezos, Apple, Uber, Kanye West, and many more.

The twitter accounts seemed to all be simultaneously hacked, as the tweets were all identical and carried out at the same time. The tweets all had the same message, claiming to double any Bitcoin payment sent to them.

This is one of the largest coordinated attacks that Twitter has ever seen. How they did is unknown, but the scammers have managed to hack into all these accounts with ease. All with the goal to exploit possible bitcoin traders into sending them money.

The screenshot below is from Elon Musk’s twitter account. The identical message was shared multiple times on all the accounts mentioned above.

These are big names to have all their accounts hacked at the same time. The story is still developing and the details as to how the hackers gained access is still unknown.

If you think your personal accounts are safe, you will want to reconsider. The private twitter accounts of some of the worlds richest people have been hacked. Cyber-criminals are smart and always evolving, they will try to gain access to your confidential information. The odds of being hacked decrease dramatically if there is a security measure in place to catch social engineering attacks and possible mistakes.

Ostra Cyber Security uses tools that only Fortune 100 companies have access to, but Ostra delivers it at an affordable price. Ostra will help you keep you and your employee’s credentials out of the hands of cybercriminals.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

There are 15 Billion Stolen Logins on the Dark Web

A new report found the true number of stolen account logins that are currently circulating around the dark web. After auditing dark web forums and marketplaces for 18 months, the report found a 300% increase in the number of stolen account logins since 2018. Now there are 15 billion stolen usernames and passwords from over 100 thousand data breaches.

What happens to the account logins?

With 15 billion login credentials many are just given away for free, but more valuable ones can be worth a lot of money. The average price for online banking and other financial account logins is $70.91 each. Some banking accounts are reported to sell for upward of $500. Anti-virus and security program logins sell for an average price of $21.67. Many social media, music, and video streaming accounts sell for under $10 on the dark web.

The real money comes from domain administrator accounts that can give hackers access to the business network. These account logins sell in auction-style for cybercriminals who will pay up to $120,000. The price depends on the access privileges of the account. Account logins like these are stolen through phishing emails and other social engineering campaigns on employees.

Protect your employee’s logins

Protecting your passwords is extremely important. Especially since most compromised credentials belong to consumers. It is necessary to avoid re-using passwords and to use two-factor authentications if possible. One compromised employee login could lead to a lot of damage for your business.

Ostra Cyber Security eliminates the human errors that can lead to stolen logins by preventing the phishing emails, suspect inquiries, and social engineering campaigns from reaching employees. Ostra will help you keep your employee’s credentials out of the hands of cybercriminals.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://bit.ly/3ewbJAF

When It Comes To Cyber Training, It’s Quality Over Quantity

Conducting cyber security training more frequently than others does not mean less security incidents, according to a report by security software company, Tessian.

The percentage of employees who sent emails to the wrong people was highest in businesses that provide more frequent cyber training. 63% of employees that get training every 1-3 months remember sending emails to the wrong people. However just 43% of employees who get training once a year or less remember sending emails to the wrong person.

Quality over Quantity

This shows the importance of creating an effective and meaningful cyber security training for your employees. It is more effective to deliver quality training, that will change the behavior of the employees. Training needs to be engaging and meaningful, not boring and taught just because it needs to.

It is more important now than ever to deliver quality cyber training, as many employees are more vulnerable working remotely.

To protect against the inevitability of human error, an effective Cybersecurity Program is essential for businesses. Especially ones with remote workers operating on unsecured home networks.

The Ostra solution provides 360-degree 24/7 proactive protection to all employees, regardless of where they are located. What that means is that Ostra becomes a secure ISP for remote employees working on a home or public Wi-Fi connections. Ostra extends multiple layers of protection around the Internet Service Provider hardening the defenses and creating active barriers preventing criminals’ access to employee’s hardware and company data. Even if a mistake is made.

Want to find out more? Contact us today!

60% of Organizations Experience Cyberattacks Spread by Their Employees

With today’s huge increase in phishing attacks. Many organizations still do not provide regular cybersecurity awareness training, some don’t even have a security solution.

A new report from security vendor, Mimecast, highlights the current issues surrounding social engineering attacks. Many surprising statistics help to explain why phishing attacks are successful and how they affect the organizations. The lack of training, security programs, and an increase in remote work all play a role.

  • 51% of organizations have been impacted by ransomware in the last year
  • 58% saw an increase in phishing attacks
  • 82% have experienced downtime from an attack

These numbers show that many businesses are not prepared when it comes to cybersecurity. There has been an increase in phishing attacks, especially targeting remote workers who might be more vulnerable. Even though organizations know that the numbers are getting worse, statistics show that its their own employees that are responsible

  • 60% of organizations have had their own employees spread malicious emails
  • 55% do not provide regular security awareness training
  • 41% do not even have a system in place to monitor for phishing scams

Organizations need to take the security measures necessary to protect against phishing attacks. Which starts with a cyber security solution.

Ostra Cybersecurity has a solution that provides 24/7 proactive protection to all employees, regardless of where they are located. Ostra extends multiple layers of protection around the Internet Service Provider hardening the defenses and creating active barriers preventing criminals’ access to employee’s hardware and company data.

Want to find out more? Contact us today!

Number of Coronavirus-Related Scams Jump

The Internet Crime Complaint Center (IC3) has noted a large increase in cyber threat complaints per day. Before the COVID-19 pandemic began, they were receiving around 1,000 complaints daily. Now, they receive 4,000 complaints a day.

These cyber threats are foreign groups trying to steal COVID-19 related information. As well as cybercriminals trying to exploit users working from home. Health agencies have reported an increase in cyber threats as well, as they are a very profitable target for cyber criminals.

“Near the start of the epidemic, researchers at the cybersecurity company Barracuda Networks reported a 667 percent increase in “phishing” emails.”

These emails are sent with the purpose of downloading viruses onto the recipient’s computers. With the increase in reported phishing scams, it is important to understand and identify possible scams when going through your emails.

Protect your business and your employees

Numbers don’t lie, and the possibility of your business falling victim to a cyber attack has never been higher. Protecting your business and sensitive data is a priority in the era of cybercrime.

Ostra Cyber Security offers a total solution for cybersecurity that combines Fortune 100 tools and is easy to deploy without needing to purchase any hardware. Ostra Cyber Security is perfect for those who do not want to put a lot of time into their cybersecurity program. Just set it up and forget about it. It requires no IT support, it is budget friendly, and Ostra does all the work to stop threats before they reach you.

Want to find out more? Contact us today!

Hackers Selling Stolen Customer Information Online

Frost & Sullivan is a business consulting firm in Silicon Valley, who thought their private information was safe from the hands of hacking groups. Next thing they knew, all their sensitive employee and customer information was for sale, on the dark web.

Frost & Sullivan is a globally recognized consulting firm with offices all around the world. They offer information such as marketing research and analysis, among other things.

A hacking group known as “KelvinSecurity Team” managed to find a way into the Frost & Sullivan database by finding a vulnerability in the defense. The breach happened because of a mis-configured backup directory on the consulting firms cloud server. After finding a way to access the databases, the hacking group put the stolen data on an online hacker forum to sell.

The stolen data includes information on employee and customers, first and last names, emails and usernames, and passwords. In other words, a fortunes worth of information for a hacking group. Many hashed passwords can be easy for these groups to decipher. Giving whoever has the information access to the Frost & Sullivan’s database, as an employee.

The last thing you want is your company’s private information for sale on the dark web. Where many cybercriminals have access to it. It is important to have a security solution in place, as there are more cyberattacks then ever before.

Ostra Cyber Security offers a solution that uses the same security products that protect large businesses, for businesses of any size. Ostra’s solution has active defense that immediately responds to threats. It also provides insurance against human error or opening a phishing scam on accident.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

News source: https://bit.ly/2DiThyJ