WoodWare was excited to welcome local Memphian Nick Gant, the President and Founder of Gant Systems, who shared a presentation with us on what his company does to help their customers implement strategies to keep their data safe from cyber hackers.
Some facts that Nick opened up with in his power point presentation:
There are 3 layers to selling breached accounts on the dark web:
1st layer-> auction off a breached account to the highest bidder
2nd layer-> steal data from the beached account, then drop a ransomware on the company
3rd layer -> the hacker breaches the account, leaves a back door open to come back at a later date, then takes time on deciding how to attack
One eye opening factor that Nick stated was that 1/3 of their newly acquired accounts with Gant systems have an active breach in place. He also shared his login attempt log showing 15 attempts of hacking into his email server between midnight and 7 a.m. of that day. They came from Brazil, Thailand, Russia, Columbia, Czech, Ukraine, and Indonesia.
Nick gave a couple of examples that they have seen in recent years.
One of his customer’s HR staff email account was hacked. They had access to the company’s system for 10+months and learned everything about the employees and how the business operated. The hackers sent out a request for the employees to confirm their home address so they can be sent their W2’s. Also, with this request was a prompt to login to the customer portal. After the employees logged in through the fraudulent customer portal they were taken to the legitimate website and had no idea their login information had just been harvested. The hackers logged into ADP accounts and changed the direct deposit information to receive the employees' paychecks.
So who was to blame for the breach? The employees were to blame for falling for the false request. The company was to blame for having their email server compromised and not having the proper defense in place. In the end, the company had to shell out an additional paycheck for all 41 employees affected.
Hackers found an RDP port that was open and brute force attacked that port until entry was gained. This allowed the hackers to gain access to the network of this financial institution. With access, they found the disaster recovery platform and used it as a sandbox to avoid detection by staying off the live network. They gained understanding of the company and the network and then that Friday night went in and deleted all backup data. They destroyed the data center over an 8 hour period and then Saturday morning dropped the ransomware on the company. The hackers bricked 68 computers and 12 servers. The ransomware was for 1.2 million dollars since they had time to research the business to learn how much that data would be worth to them. The company paid the ransom and received 12 recovery keys. Of those 12, only 6 worked. All of the infected computers had to be detained for forensic work and the company had to purchase brand new computers in the meantime to keep the business operating.
Fortunately, Nick followed the above examples with some of the best ways that companies can protect themselves:
Effective Methods for Protecting against Security Threats
Improving your company’s security is largely about making yourself less of an easy target. Do that by implementing several or all of the below
- Ignore employee pushback to implementing additional security measures.
Don’t feel bad for asking employees to carry out a few extra tasks in order to improve the company’s defense against malicious attacks.
- Phish your employees
Send out controlled security threats to see who would benefit from training on improving defense against outside threats. Have someone inside the company attempt to hack other employees by sending emails from outside/unknown email account with suspicious attachments. With employee’s 1st strike, 10 min training, 2nd strike 1hr training.
- Multi-Factor-Authentication (MFA): Require employees to use this.
Example: identity is verified by confirmation via multiple devices, i.e. code is texted to mobile device of individual to confirm they are the ones attempting to login. In Office 365, an administrator can require employees use MFA.
- Remove unused / non-updated applications
Non-updated applications contain security layers that are outdated and thus more vulnerable to attack.
- Create Company policy disabling office macros
Example: Excel spreadsheet macros can give malicious access to hackers. Having a company policy disabling these macros through Microsoft Office can improve defense against outside entry.
- Purchase Cyber Risk Insurance with coverage for Prior Events
It is common to see a company which has fallen victim to attack be denied coverage by their Cyber Risk Insurance because the “Initial Breach” occurred before insurance coverage was acquired.
- Pair Endpoint Detection and Response (EDR) with AntiVirus with DNS filtering
There are companies out there that will (24/7) monitor attempts to access your network and determine if these attempts are unusual or suspicious and block or detain these attacks.
- When employees leave a company, the IT department needs to deactivate that user’s account.
These inactive / orphaned accounts are often targets for hacking.
- Disable RDP (Remote Desktop Protocol)
Windows operating systems come with RDP’s installed which allow a user to access a computer from an outside location. These are commonly used for malicious attacks. Finding an alternate RDP with multi-factor authentication will increase your chances of avoiding infiltration.