ThrottleNet

Managed IT services, support and cybersecurity

Microsoft Exchange’s Data Breach: What You Need to Know

Technology News

If March’s IT news proved anything, it’s that no one is safe from a data breach — not even Microsoft. 

The hack targeted hundreds of thousands of Microsoft Exchange users across the globe, specifically businesses and government agencies. The hackers, known as Hafnium, gained access to email accounts, address books, and countless other private information.

Alarming details continue to arise as investigators delve deeper into the data breach. Here’s what you need to know and how you can protect yourself.

A Quick Look at the Data Breach

If you’re asking yourself how a leading corporation allowed itself to become vulnerable to such a large-scale breach, you’re not alone. In truth, no software is completely infallible, not even Microsoft Exchange.

Here’s what we know:

Who Did It?

Hafnium, a China-based group of hackers, is responsible for the attack. They often target private companies in the United States, and according to Microsoft, they are a “highly skilled and sophisticated actor.”

The United States government claims the attack isn’t related to the recent Solar Winds breach, which is thought to be orchestrated by the Russian government.

Who Were the Victims?

American companies were most affected by the data breach—not individual users. Investigators identified several specific victims but have not released names to the public. They have, however, identified the industries that were most heavily targeted:

  • Law firms
  • Infection disease researchers
  • Academic institutions
  • Defense contractors
  • Government agencies

There is a silver lining in all this: Microsoft’s cloud-based products weren’t breached, and that means Microsoft’s cloud users have one less thing to worry about.

How Did the Data Breach Happen?

Microsoft explained that four vulnerabilities in its software allowed Hafnium access to their data. Since the cyberattack, several other hackers have attempted to exploit those same vulnerabilities.

The hackers used the information gained from their data breach to launch large-scale phishing scams and install additional malware.

How Did Microsoft Respond?

Microsoft immediately offered patches as temporary protection against the breach, which targeted four specific weaknesses in the system. These patches contained cumulative updates for the following:

  • Exchange Server 2010
  • Exchange Server 2013
  • Exchange Server 2016
  • Exchange Server 2019

Microsoft warned users that they still needed to update to the latest supported CU and the applicable SUs. And although the response was rapid, it contained flaws. Users learned they could improperly install the patches without receiving an error message, leaving them unaware of their continued vulnerability. The security fixes also caused some users’ Outlook program to crash, another costly and frustrating development.

As with most breaches, the damage lingers. The Cybersecurity and Infrastructure Security Agency (CISA) warned that bad actors had already heavily exploited the breach in the hours and days after the original hack, and the numbers piled up in the weeks afterward. 

All users of Microsoft Exchange were urged to use the security patches even if they were not sure that hackers had breached their systems. Making these installs was more than an inconvenience for many organizations.

Protecting Your Organization Against a Data Breach

Even if you have in-house IT staff, the complications of data breaches may be too much for them to handle. The threats come from all over the world and involve hostile governments and non-affiliated groups using sophisticated hacking methods. 

Once IT experts have identified the breaches, applying the temporary fixes and permanent updates is time-consuming and sometimes difficult. And your company data may already be out there for all to access.

You can better protect your organization by outsourcing some or all of your IT security services to a managed service provider (MSP). An MSP stays current with all levels of cybersecurity, making it your first line of defense against cyberattacks, especially a large one like the one on Microsoft Exchange. These teams know how to react quickly to large-scale attacks, minimizing damage and stopping other hackers from exploiting the breach.

The ThrottleNet Solution

ThrottleNet offers you a comprehensive security strategy. We take a multi-layered approach, implementing the latest technologically advanced tools. Firewalls are just one part of a successful defense strategy. We show you how to implement multiple tools so that you have detailed recovery and disaster plans ready in case of an attack on your system.

You need an IT team that understands the programs it supports, including its strengths and weaknesses. At ThrottleNet, we don’t just offer security programs — we understand them. In today’s cyber climate, you cannot afford to do business with inadequate cyber-protection. Hiring an MSP means you can afford the same advanced service that vast organizations have, even if you are a small to mid-size company. Contact us today to learn more about our commitment-free IT programs.

 

We associate computer hackers with pop-ups and password changes. Or spotty teenagers in dark bedrooms who cause financial, not physical, harm. But last month, a cybercriminal infiltrated a Florida water treatment facility’s network security system, trying to control the amount of sodium hydroxide in the water levels. The motive? Poison the surrounding town’s entire water supply. 

Thankfully, the hacker failed. But there was a real risk to human lives. Welcome to Cybercrime 2.0. This time, it is not malware—it’s murder. The sodium hydroxide hacker proves how easy it is to attack a network security system and how any business without adequate cybersecurity could be a victim.

Most cybercriminals do not want to poison your water. But they want to access your networks, applications, devices, and your most treasured asset—data.

So what can you do about it?

Network Security — An Ever-Growing Problem

glowing computer that demonstrated the importance of technology and network securityYou might think network security concerns multinational brands. Or enormous water treatment facilities in Florida. But cybercriminals target businesses of all stripes, including those in St. Louis. Start-ups, scale-ups, medium-sized enterprises—hackers don’t care. 

The World Health Organization (WHO) has seen a five-fold increase in cyberattacks since the COVID-19 pandemic began. Email scams, data breaches, password dumps, you name it. These criminals targeted those fighting the most significant global healthcare crisis of our lifetime. 

Network Security in the Post-Pandemic World

Hackers love to exploit us when we are vulnerable. As St. Louis businesses struggle to reopen after almost 12 months of social distancing, stay-at-home orders, and sales slumps, cybercriminals continue to create carnage. 

Hackers have caused so much suffering to St. Louis businesses by exploiting network components like hardware, software, servers, and cloud services. 

For those who work at home, hackers aren’t too far away. These criminals lurk somewhere on the dark web, ready to cause destruction. Forty-seven percent of work-from-homers fell for phishing scams post-pandemic. And video conferencing data breaches affected more than half a million people worldwide from February–May 2020 alone. 

What’s the Solution?

Network security is more critical than ever, but many St. Louis businesses don’t have the time or resources to do it. That’s the trick: prioritizing cybersecurity enough to allocate significant resources to the problem. Make a list of all your data’s weaknesses, then create a step-by-step solution for each.

If you don’t know where to start or simply don’t have the time to run a business and a full-scale cybersecurity investigation, investing in a local IT security provider might be your best solution for network security. These professionals manage your network environment, preventing cyber-criminals from killing your business.

Are you looking for managed IT support and security services? ThrottleNet is St. Louis’s No.1 IT service firm for managed networks, providing custom cybersecurity solutions based on your budget. Learn more here.

 

One of the fastest-growing newcomers to the social media game, TikTok, is accused of harvesting its users’ personal data and has been pinpointed as a major security threat by authorities.

TikTok is a Chinese-owned app that has risen to startling heights among the social media community in recent years. Users of the app can make short, entertaining videos, adding filters, music, and other effects. Due to the short and engaging nature of the app, it has become very popular for viral challenges. 

The TikTok content algorithms intend for videos to have high reach potential, regardless of the number of followers that the creator has. Where popular social platforms like Instagram, Facebook, Twitter, and YouTube have become brand and monetary focused, TikTok has maintained a creative identity where like-minded people can connect as a virtual community, increasing its popularity, especially among youth.

TikTok’s Worldwide Success

Here are some statistics to demonstrate TikTok’s popular position in the marketplace:

  • In 2019, TikTok was the second most downloaded free app in the world. The only app with more downloads was WhatsApp. 
  • The app has 800 million active users worldwide and has been installed on over 1.9 billion devices all over the world.
  • It is available in 154 countries and is most popular in Asia.
  • Per post, it has the highest engagement rate of all social media channels. 
  • 20% of TikTok’s revenue comes from the USA and 69% of its revenue comes from China.
  • 90% of active users use the app multiple times every day.

With such a strong popularity worldwide, data harvesting user information would be an egregious breach of privacy. However, issues have been identified recently that position TikTok as a major security threat according to authorities.

TikTok Security Concerns

The security concerns were first brought to light publicly in early 2019. Rival social media companies questioned the data collecting and sharing processes of the app. This prompted a call for action and investigation against the company. Government officials publicly warned people of their suspicions, including that TikTok’s privacy policies and security procedures were ambiguous at best.  

The general feeling of distrust and suspicion was fueled further in early 2020. On April 8th, a Reddit thread exploded when a user claimed to have reverse-engineered the app, subsequently finding suspicious and intrusive user tracking. The thread detailed a host of privacy issues within the app. The user claimed that TikTok was a “data collection service that is thinly-veiled as a social network.” 

The Reddit user suspected that TikTok has been using an API to collect private information on users, users’ contacts, or users’ devices. There have also been claims that TikTok had been harvesting data involving the following:

  • Phone hardware: CPU type, hardware ID, memory usage, disk space, etc.
  • Other apps installed on your device.
  • Network information: IP addresses, routers, Wi-Fi information.
  • Information on whether or not your device has been rooted or jailbroken.
  • GPS data.
  • A proxy server (intended for “transcoding media”) that has zero authentication.

What We Know About TikTok’s Data Harvesting

Since these claims, some security researches have refuted the allegations and claimed that the information that TikTok collects on their users is in line with the regular standards for social media apps. Beyond the speculation and allegations, however, here are some key points that we know for sure about TikTok’s information gathering

  • TikTok records all information involved in creating content or messaging, including drafts, deleted content, and content or messaging that was never posted. 
  • Keystroke dynamics, indicating where you touch or swipe your screen, are recorded. These patterns are significant. No other social media platforms claim to capture this data.
  • TikTok absorbs all information about your device. This is standard practice for the majority of social apps. 
  • Access to your contacts is granted with your permission.
  • TikTok determines what you’re interested in and generates a custom feed to provide content that you will enjoy. The main issue with this is that developers in China can potentially manipulate what content you see. This can lead to subliminal messaging, persuasion, censorship, and other intrusive acts. 

While there is still much speculation regarding whether or not TikTok is harvesting users’ data illegally, national governments and those studying the app have noted significant security concerns tied to the app. 

What Can Users Do?

One thing that is certain is that TikTok does collect a lot of information from its users. Security experts therefore suggest working with a trained managed IT security professional to ensure your devices are properly managed to secure private data and avoid breaches of personal information. 

Working with a security expert is especially critical if as a business owner, your employees use TikTok on the same devices they access company data. This is becoming more common as employees are working from home and often subject to BYOD policies. Downloading and using TikTok on the same device your employees work from could put company data at risk. 

As studies continue on the legality of TikTok’s data harvesting and the security threats it could pose, it’s wisest to be extremely cautious when using the app, if you use it at all. Ensure your privacy settings are set to protect your private information, and make sure you are fully aware of the privacy you may be compromising by agreeing to their usage policies.

We are in unprecedented times as COVID-19 spreads across the globe. Students of all ages are forced to attend classes online from home. Office workers are now forced to work from home. Because people are now forced to stay home in this era of “Social Distancing,” there has been an uptick in finances as less money is being spent by families. People are also streaming their entertainment services more as well. These are prime situations for cybercriminals, in particular, brand phishers.

Homepage yellow horizontal boarder

What is brand phishing?

Brand phishing attacks are when a cybercriminal tries to imitate the official website of a well-known brand using a similar domain name or URL as well as using a site design that looks almost identical to the brand site they’re imitating. Cybercriminals use this technique to steal sensitive information from the people that they are targeting. This information could be credit card information, bank account information, personal details, etc. They will try and get this information through imitation by email, mobile, or fraud websites. Anyone and any business is susceptible to brand phishing, so everyone should be aware of brand phishing; but some people and business are more at risk than others.

Who is susceptible to brand phishing?

The top three types of websites that are susceptible to phishers are technology sites, banking sites, and other media sites. Sites that require you to enter personal information, credit card information, etc. are going to be the ones that are targeted by cyber criminals. Although these are the top three websites being targeted by the cyber criminals, nobody is immune from brand phishing.

What brands are known for being faked by phishers?

In Quarter 1 of 2020, Apple was the number one faked brand for phishing while Netflix was a close second. Both of those companies require credit card information to be put on the accounts of the users, which makes them prime candidates to be imitated by phishers. Other top companies that were faked in Q1 of 2020 were Yahoo, Paypal, Chase, and Amazon. Just like Apple and Netflix, each one of these websites has personal information, including credit card info. Of course not all emails and notifications from these brands are going to be from phishers; just look out for the emails or notifications that look suspicious. Again, it comes down to being aware of brand phishing as no brand or company will be immune to this.

During this unusual time, cyber criminals are licking their lips with the possibility of acquiring so much information from so many people due to the stay at home orders. There’s no way to prevent it from happening, but being cautious and being aware of brand phishing is the best defense against it. Be vigilant and be cautious when you are disclosing any type of personal information online.

Don’t become phish bait!

Looking for a secure work-from-home solution? Try EverFuel secure remote access from ThrottleNet. Just $9.95 per computer per month!

CONTACT THROTTLENET

SIM cards are necessary to operate most modern mobile devices. SIM stands for “subscriber identity module”. As anyone who’s had trouble with their SIM card can tell you, this tiny piece of tech is majorly important. It connects the user to their network, and therefore their data. Among the data linked to your SIM is one of your most valuable pieces of personally identifying information: your phone number.

A new type of social engineering attack called SIM swapping is becoming more commonHacked employees are a danger to your company’s data, so it is important to know what to look out for and keep your team up to date on best practices in mobile cybersecurity. Read on for all the details of how you can protect your network from SIM swapping scams.

SIM Swapping Defined

SIM swapping occurs when a criminal contacts the phone company and convinces the employee that they are the owner of the phone and need a transfer to a new device due to damage or it being lost.

The scammer will ask the cell phone provider to activate a new SIM card connected to your phone number on a new phone that they now own. If the scammer is successful, they will receive all of your texts, phone calls, and data.

In some circumstances, the scam occurs on the inside, where employees of the phone company help make the switch, making them part of the scam.

What Happens When You Are SIM Swapped?

Once the scammer gains control of your phone number, they can receive your text messages. With access to your texts, this can allow criminals to log into your other accounts and receive verification codes needed to log in. This occurs if text messages are used as a form of multi-factor authentication.

With this information, scammers could log into bank accounts to steal money, or take over social media and email accounts. There is also a chance they could lock you out of an account completely by changing the password.

Protecting Yourself from SIM Swapping

Protect your device and data from SIM swapping with these tips from ThrottleNet’s IT security pros.

  1. Do not reply to text messages or phone calls that request personal information.
    These texts or calls could be phishing attempts by scammers looking to get your cellular, bank, or credit card account information. Instead, contact the company directly through a phone number or website you know is legitimate if you receive a suspicious text message or phone call.
  2. Limit the amount of personal information you post on social media platforms.
    Avoid posting your full name, address, or phone number. Posting this information can make it easier for scammers to steal your identity.
  3. Set up a PIN or passcode on your cellular account.
    Creating a PIN or passcode can act as an added layer of protection, which is another piece of information a scammer would need to obtain prior to stealing your identity. PINs or passcodes can also help protect an account from any unauthorized changes.Since setting up a PIN/passcode differs depending on the cell phone company, be sure to contact your provider to see what steps to take to do so.
  4. Use an authentication application or security key.
    A newer way to authenticate your identity online is by using security keys. Security keys are small USB-powered devices that work like an actual key to your accounts by inserting them into your computer when logging in. Some security keys work with both computers and mobile devices.

What To Do If You Become A Victim of SIM Swapping

If you’re the target of a SIM swap scam, there are three important steps you should follow to help mitigate the damage and re-secure your information.

  • Contact your cell phone provider immediately to take back control of your phone number.
  • Once you regain access, change your account passwords to prevent any other issues.
  • Check bank, credit card and other accounts for unauthorized changes and charges, and report them to your company.

For more information on SIM Swapping and other ways to protect your information, contact ThrottleNet today

GET MORE INFO

What is e-Skimming?

e-Skimming, or web skimming, is a method a cybercriminal performs in order to get information from a credit cardholder. It can occur any time a cardholder uses a form of electronic payment to pay for something. Essentially, e-Skimming is a type of internet fraud that occurs when the payment page of a website is compromised. Once it is compromised, malware is added to the site to steal payment information.

These cybercriminals that are watching our online shopping carts are getting our information in real-time, making it more valuable in the black market. When an online shopper enters and submits their credit card information on the e-commerce site, their information is also transmitted to a server that is controlled by the cybercriminal.

The online shopper would not be aware that their personal information was stolen since they will receive the product that they ordered; however, their bank will discover the fraudulent activity later, when the crime has already been committed.

Keeping Your e-Store Safe

Any e-commerce site that accepts online payments is at risk for e-Skimming, which makes it important for you to take preventative measures. Here are some security measures and tips to follow:

  • Keep software current and up to date
  • Enable multi-factor authentication for all connected devices
  • Segregate network functions to limit accessibility
  • Keep all systems up to date with patches
  • Keep anti-virus and malware updated
  • Change default login credentials
  • Continue educating your employees
  • Create unique passwords
  • Report any online fraud to FBI at www.ic3.gov

Other security measures to follow include entering your credit card once for a site rather than repeatedly, using Apple Pay or PayPal, shop on well-known sites that are reputable, and paying close attention to credit card or bank account statements to see any possibility of misuse.

For websites to be compromised, their security must be weak. Make sure your e-Store has the proper security to be protected from e-Skimming by contacting ThrottleNet today. You don’t want to fall victim to e-Skimming, so get the cybersecurity you need from ThrottleNet!