Technology News

On July 2nd, Kaseya, a major provider of IT management software, reported that they were the victim of a massive ransomware attack. The cybercrime group behind the act, REvil, demanded $70 million in bitcoin as ransom for a decrypt tool that would unlock all affected businesses’ systems, giving them their data back.

Since the cyberattack happened right before the Fourth of July holiday weekend, it’s presumed that the attack was scheduled so that the trojan had time to infect as many systems as they could.

While the attack only affected 0.1% of Kaseya’s customers, many of the businesses served are MSPs. The loss of data, then, affects not just the managed service provider (MSP) but each of the small-to-medium-sized businesses that the MSPs work with to maintain cybersecurity.

How the Attack Occurred

The FBI described the attack as a “supply-chain ransomware attack leveraging a vulnerability in Kaseya VSA software.” Simply, a supply-chain attack is when malicious code is placed in trusted software. Then, trojans or backdoors can affect recipients of the infected software. 

This specific attack targeted Kaseya’s virtual systems/server administrator (VSA) software and exploited several vulnerabilities in it, inserting ransomware into the system through a fake management agent update.

The Scope and Fallout of the Attack

In a July 6th press release, Kaseya stated that “while impacting approximately 50 of Kaseya’s customers, this attack was never a threat nor had any impact to critical infrastructure.”

Yet the Kaseya ransomware attack has been called “the biggest non-nation state supply chain attack ever, and possibly the second biggest ransomware attack ever.” The full scope of those affected by the ransomware attack is not known, since many of the businesses affected were clients of Kaseya’s customers.

Businesses affected by the breach included many SMBs across multiple industries, hundreds of supermarkets in Sweden, about a dozen schools and kindergartens in New Zealand. The security firm ESET reports the most impacted countries were the United Kingdom, South Africa, Canada, Germany, the United States, and Colombia.

What This Means for SMBs

The volume of cyberattacks continues to rise, and cybercriminals have become more sophisticated and organized. Recent ransomware attacks demanded—and received—millions of dollars. Large corporations like meat processor JBL paid $11 million, and Colonial Pipeline paid a $4.4 million ransomware payment.

Because many small businesses cannot afford their own IT departments, they are especially vulnerable. Ransomware attacks can be crippling for a business, shutting down computers, potentially wiping out all of their files remotely, and being on the receiving end of the devastating financial effects these attacks bring.

Quality Cybersecurity Services Can Protect Businesses

With the Kaseya attack displaying yet again how vulnerable systems can be manipulated, it’s more important than ever that small businesses acquire strong cybersecurity services from a secure and trusted MSP.

Partnering with a quality, experienced MSP to administer and maintain cybersecurity services can help protect your business from ransomware and other cybersecurity attacks. An MSP can implement the proper security tools and provide training to stay ahead of and recover from ransomware attacks.

MSPs offer a variety of services that will provide you with the protection your business needs.

• MSPs ensure businesses follow proper backup solutions and schedules.
• MSPs can perform penetration tests to check for vulnerabilities or unpatched software.
• An MSP can send mock phishing or suspicious emails to test if employees click on links or download attachments, helping train the organization’s employees on safe cyber practices.

MSPs like ThrottleNet help small businesses get the protection they need from these dangerous and costly ransomware attacks. In the case an attack is unavoidable, the right MSP will be able to help recover your data.

Get a free cybersecurity evaluation today to get started on improving your business’s security and protecting your business’s data.

Owners of Western Digital hard drives have just experienced a devastating cyber-attack. Used by millions of individuals and businesses, Western Digital hard drives are known for their safety and security. 

Unfortunately, many users of MyBook Live and Live Duo found that all of their files were deleted via a remote attack in June. Find out what this means for you and the future of your cybersecurity.

What Was the Western Digital Hard Drive Attack?

MyBook Live and Live Duo hard drives use cloud-based connectivity to access files. This feature was compromised, allowing a cyber-attack to erase data on devices.

The attack not only removed the data but also reset the password on MyBook Live. The default password and the created password were both invalid credentials for accessing device administrative features.

In a statement, Western Digital reported on June 24 no signs that firmware servers, user credentials, or cloud infrastructure were compromised. They believe that the attacker(s) took advantage of remote command execution vulnerability to perform a factory reset of hard drives connected to the internet.

The Aftermath

Individuals and business owners who put terabytes of files, photos, and important documents on their devices woke up to find them missing due to a factory reset command.

Some users have had success with IT security services retrieving deleted files. Non-destructive recovery apps may offer a chance to restore files, but victims need a reliable way to prevent future incidents.

I’ve Lost My Data—What Now?

If you believe you’re part of the Western Digital MyBook Live cyber-attack, or if you’re using a MyBook Live or Live Duo product, here are some steps you can take if you believe your device is part of a data leak:

1. Disconnect your hard drive from the internet
2. Change credentials and passwords
3. Secure cybersecurity services to determine the extent of the leak
4. Communicate the threat to your entire team and anyone else who may be involved
5. Look for ways to improve your cybersecurity and prevent another breach

How Do I Protect My Business from Hard Drive Attacks?

The attack was noticeable as soon as users attempted to access stored files, but other cyber-attacks often go undetected. According to Statista, there were over 30,000 worldwide cybercrimes in 2020.

Cybersecurity services provided by an MSP can help you prevent a future cyber-attack in a variety of ways. Here are some key ways managed IT security services can give you peace of mind and protect your business from attacks like the Western Data hard drive attack:

• Antivirus protection
• External vulnerability scans
• Third-party updates
• Security checklists
• Backup management

While some attacks can’t be prevented, an IT security service provider can still help you restore your files. Separate file backup solutions and state-of-the-art recovery programs minimize the effects of a cyber-attack.

Work with a managed IT security service provider to establish the protection and around-the-clock monitoring you need. A secure network, separate file backup system, and immediate cyber-attack alert may have prevented some businesses from losing critical files.

Evaluate Your Cybersecurity With ThrottleNet

Throttlenet offers fully managed IT services and working with expert technicians, allowing businesses to receive updates on other current cyber-attacks, software updates, and infrastructure recommendations.

Find out how your devices are protected with a free cybersecurity evaluation by ThrottleNet. Explore your liabilities and update your security for peace of mind as you grow your business.

If March’s IT news proved anything, it’s that no one is safe from a data breach — not even Microsoft. 

The hack targeted hundreds of thousands of Microsoft Exchange users across the globe, specifically businesses and government agencies. The hackers, known as Hafnium, gained access to email accounts, address books, and countless other private information.

Alarming details continue to arise as investigators delve deeper into the data breach. Here’s what you need to know and how you can protect yourself.

A Quick Look at the Data Breach

If you’re asking yourself how a leading corporation allowed itself to become vulnerable to such a large-scale breach, you’re not alone. In truth, no software is completely infallible, not even Microsoft Exchange.

Here’s what we know:

Who Did It?

Hafnium, a China-based group of hackers, is responsible for the attack. They often target private companies in the United States, and according to Microsoft, they are a “highly skilled and sophisticated actor.”

The United States government claims the attack isn’t related to the recent Solar Winds breach, which is thought to be orchestrated by the Russian government.

Who Were the Victims?

American companies were most affected by the data breach—not individual users. Investigators identified several specific victims but have not released names to the public. They have, however, identified the industries that were most heavily targeted:

• Law firms
• Infection disease researchers
• Academic institutions
• Defense contractors
• Government agencies

There is a silver lining in all this: Microsoft’s cloud-based products weren’t breached, and that means Microsoft’s cloud users have one less thing to worry about.

How Did the Data Breach Happen?

Microsoft explained that four vulnerabilities in its software allowed Hafnium access to their data. Since the cyberattack, several other hackers have attempted to exploit those same vulnerabilities.

The hackers used the information gained from their data breach to launch large-scale phishing scams and install additional malware.

How Did Microsoft Respond?

Microsoft immediately offered patches as temporary protection against the breach, which targeted four specific weaknesses in the system. These patches contained cumulative updates for the following:

• Exchange Server 2010
• Exchange Server 2013
• Exchange Server 2016
• Exchange Server 2019

Microsoft warned users that they still needed to update to the latest supported CU and the applicable SUs. And although the response was rapid, it contained flaws. Users learned they could improperly install the patches without receiving an error message, leaving them unaware of their continued vulnerability. The security fixes also caused some users’ Outlook program to crash, another costly and frustrating development.

As with most breaches, the damage lingers. The Cybersecurity and Infrastructure Security Agency (CISA) warned that bad actors had already heavily exploited the breach in the hours and days after the original hack, and the numbers piled up in the weeks afterward. 

All users of Microsoft Exchange were urged to use the security patches even if they were not sure that hackers had breached their systems. Making these installs was more than an inconvenience for many organizations.

Protecting Your Organization Against a Data Breach

Even if you have in-house IT staff, the complications of data breaches may be too much for them to handle. The threats come from all over the world and involve hostile governments and non-affiliated groups using sophisticated hacking methods. 

Once IT experts have identified the breaches, applying the temporary fixes and permanent updates is time-consuming and sometimes difficult. And your company data may already be out there for all to access.

You can better protect your organization by outsourcing some or all of your IT security services to a managed service provider (MSP). An MSP stays current with all levels of cybersecurity, making it your first line of defense against cyberattacks, especially a large one like the one on Microsoft Exchange. These teams know how to react quickly to large-scale attacks, minimizing damage and stopping other hackers from exploiting the breach.

The ThrottleNet Solution

ThrottleNet offers you a comprehensive security strategy. We take a multi-layered approach, implementing the latest technologically advanced tools. Firewalls are just one part of a successful defense strategy. We show you how to implement multiple tools so that you have detailed recovery and disaster plans ready in case of an attack on your system.

You need an IT team that understands the programs it supports, including its strengths and weaknesses. At ThrottleNet, we don’t just offer security programs — we understand them. In today’s cyber climate, you cannot afford to do business with inadequate cyber-protection. Hiring an MSP means you can afford the same advanced service that vast organizations have, even if you are a small to mid-size company. Contact us today to learn more about our commitment-free IT programs.

 

We associate computer hackers with pop-ups and password changes. Or spotty teenagers in dark bedrooms who cause financial, not physical, harm. But last month, a cybercriminal infiltrated a Florida water treatment facility’s network security system, trying to control the amount of sodium hydroxide in the water levels. The motive? Poison the surrounding town’s entire water supply. 

Thankfully, the hacker failed. But there was a real risk to human lives. Welcome to Cybercrime 2.0. This time, it is not malware—it’s murder. The sodium hydroxide hacker proves how easy it is to attack a network security system and how any business without adequate cybersecurity could be a victim.

Most cybercriminals do not want to poison your water. But they want to access your networks, applications, devices, and your most treasured asset—data.

So what can you do about it?

Network Security — An Ever-Growing Problem

You might think network security concerns multinational brands. Or enormous water treatment facilities in Florida. But cybercriminals target businesses of all stripes, including those in St. Louis. Start-ups, scale-ups, medium-sized enterprises—hackers don’t care. 

The World Health Organization (WHO) has seen a five-fold increase in cyberattacks since the COVID-19 pandemic began. Email scams, data breaches, password dumps, you name it. These criminals targeted those fighting the most significant global healthcare crisis of our lifetime. 

Network Security in the Post-Pandemic World

Hackers love to exploit us when we are vulnerable. As St. Louis businesses struggle to reopen after almost 12 months of social distancing, stay-at-home orders, and sales slumps, cybercriminals continue to create carnage. 

Hackers have caused so much suffering to St. Louis businesses by exploiting network components like hardware, software, servers, and cloud services. 

For those who work at home, hackers aren’t too far away. These criminals lurk somewhere on the dark web, ready to cause destruction. Forty-seven percent of work-from-homers fell for phishing scams post-pandemic. And video conferencing data breaches affected more than half a million people worldwide from February–May 2020 alone. 

What’s the Solution?

Network security is more critical than ever, but many St. Louis businesses don’t have the time or resources to do it. That’s the trick: prioritizing cybersecurity enough to allocate significant resources to the problem. Make a list of all your data’s weaknesses, then create a step-by-step solution for each.

If you don’t know where to start or simply don’t have the time to run a business and a full-scale cybersecurity investigation, investing in a local IT security provider might be your best solution for network security. These professionals manage your network environment, preventing cyber-criminals from killing your business.

Are you looking for managed IT support and security services? ThrottleNet is St. Louis’s No.1 IT service firm for managed networks, providing custom cybersecurity solutions based on your budget. Learn more here.