This week’s Breach Report

This week in Breach

This week’s Breach Report

Highlights from The Week in Breach:

– You’d better reboot your router… NOW!

– Nation states injecting malicious apps into play stores to steal your stuff.

– Malware infects healthcare system impacting 500,000 Marylanders.

– Time from detection to acknowledgment and response getting slower and slower and slower. 

It’s back to business as usual in the world of breach, and we are seeing no signs of it slowing down this summer. This week’s headlines have been dominated by targeted attacks of SOHO Routers.  “SOHO” was coined to describe “small office – home office” routers used to set up local area networks by small businesses. According to DHS, “The size and scope of this infrastructure impacted by VPNFilter malware is significant. The persistent VPNFilte malware linked to this infrastructure targets a variety of SOHO routers and network-attached storage devices.” The initial exploit vector for this malware is currently unknown. Here is the link to US-CERT’s alert TA18-145A detailing the threat and what you should do the protect yourself from exploit!   


What we’re STILL listening to this week!

Security Now – Hosted by Steve Gibson, Leo Laporte

Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)

Small Business, Big Marketing – Australia’s #1 Marketing Show!


TeenSafe (Update)

Small Business Risk: High: App server hosted on AWS accessible by anyone without a password.
Exploit: AWS/Suspected Misconfiguration
Risk to Exploited Individuals: High: Even though less than 10,000 individuals were impacted, this is a highly vulnerable segment of the population. 

TeenSafe: The TeenSafe app allows parents access to their children’s web browser history, text messages (including deleted SMS and iMessages and messages on WhatsApp and Kik), call logs, and device location, plus lets them observe which third-party apps have been installed.

Date Occurred
Discovered
 Unknown, but accounts from past three months were compromised.
Date DisclosedMay 21, 2018
Data CompromisedHighly personal data including Apple IDs. The compromised data did not include photos, messages, or location data. The server stores parents’ email address used for their TeenSafe account and their child’s email address, the child’s device name, and the device’s identifier.
How it was CompromisedAt least one of the app’s servers, which are hosted by Amazon’s cloud service, was accessible by anyone without a password. The data, including passwords and user IDs, were reportedly stored in plaintext, even though TeenSafe claims on its website that it uses encryption to protect user data. TeenSafe requires two-factor authentication to be switched off for the app to work, so anyone with just a password can easily gain access to compromised accounts. The app is available for both iOS and Android and doesn’t require parents to seek their child’s consent for access to their phone.
Customers Impacted
Around 10,200 accounts from the past three months were compromised, though that number also includes duplicates.
Attribution/VulnerabilityUndisclosed at this time.

https://www.theverge.com/2018/5/21/17375428/teensafe-app-breach-security-data-apple-id

https://www.zdnet.com/article/teen-phone-monitoring-app-leaks-thousands-of-users-data/

Google Play

Small Business Risk: Low: Targeted nation state exploit.
Exploit: Mobile Device Malware Exploit
Risk to Exploited Individuals: High: Nation-state exploit targeting defectors.

North Korean Defectors / Google Play malware

Date Occurred
Discovered
The apps had been live in the Google Play store for three months — from January to March.
Date DisclosedMay 2018
Data Compromised
Google Play store has allegedly hosted at least three apps designed to collect data from specific individuals. Two of these apps were posing as security apps, while the third claimed to provide food ingredient information. But what they really did was steal information from devices and receive a certain code that allowed them to further access data like photos, contact lists, and even text messages.
How it was Compromised
A North Korean hacking team was recently able to upload three Android apps to the Google Play Store that targeted people who escaped from the authoritarian country, according to a report from McAfee. The malware campaign, nicknamed RedDawn, involved the hackers contacting the targets through Facebook to invite them to install seemingly innocent apps from the Google Play Store.
Customers Impacted
By the time McAfee privately notified Google as to the existence of these apps, 100 folks had already downloaded them.
Attribution/VulnerabilityBack in January, McAfee noted that it had found malicious apps intended to infect North Korean journalists and defectors’ devices. The group behind these apps was subsequently named Sun Team and is apparently the same group behind these latest apps. The apps were all linked to the same developer email address. McAfee found that the words used in the control servers were common in North Korea. There was also a North Korean IP address discovered in a test log file of some Android devices connected to account used to send out the malware.

https://www.digitaltrends.com/mobile/mcafee-malware-google-play/

http://www.techtimes.com/articles/228100/20180520/north-korea-hackers-use-android-apps-with-malware-to-harass-defectors.htm

LifeBridge Health
Small Business Risk: 
Extreme: Malware designed to inject healthcare systems and extract PHI/PII.
Exploit: Server/Security Exploit with Malware Injection
Risk to Exploited Individuals: Extreme: Although data has not been validated for sale on the Dark Web, the extracted data included “lifelong” PII & PHI that can be used to profile and/or exploit an individual for decades.

Lifebridge Health 

Date Occurred
Discovered
The breach occurred more than a year ago; discovered May 18.
Date DisclosedMay 2018
Data Compromised
The breach could have affected patients’ registration information, billing information, electronic medical records, social security numbers and other data.
How it was CompromisedAn unauthorized person accessed the server through LifeBridge Potomac Professionals on Sept. 27, 2016. Malware infected the servers that host LifeBridge Potomac Professionals’ electronic medical records, and LifeBridge Health’s patient registration and billing systems.
 

Attribution/Vulnerability

Outside actors
Customers ImpactedMore than 500,000 Maryland patients.

https://healthitsecurity.com/news/data-on-500k-patients-exposed-in-lifebridge-healthcare-data-breach

T-Mobile
Small Business Risk: High: Website configuration error revealing customer data for anyone to exploit.
Exploit: Website, Database & Security Misconfiguration
Risk to Exploited Individuals: Moderate: A threat actor would really have to develop a targeted threat plan to fully exploit the exposed population.

T-Mobile

Date Occurred
Discovered
Research done by ZDNet indicates that this T-Mobile.com web data breach was likely active as far back as October of last year.
Date DisclosedApril, 2018
Data Compromised
Allowed people to access the following info easily by attaching a cell phone number to the end of the web address:

  • Customers’ full names
  • Their mailing addresses
  • Account PINs used as a security question for customer service phone support
  • Billing account numbers
  • Past due bill notices
  • Service suspension notices
  • Tax identification numbers (in some instances)

 

How it was Compromised
A website bug on T-Mobile.com allowed anyone with access to a web browser to run a phone number and determine the home address and account PIN of the customer to whom it belonged.
Attribution/VulnerabilityOutside actors / undisclosed at this time.

https://www.statesman.com/business/personal-finance/mobile-website-data-breach-exposed-customer-addresses-pins/Ht3PZSdXMJkEKlDnggh3EL/


Chicago Managed IT Services

Eight Reasons Why Small and Mid-Sized Businesses Need Managed IT Services

Chicago Managed IT Services

Managed IT services is rapidly becoming one of the hottest solutions in business today because it dramatically improves an organization’s profitability, frees up internal resources, and offers a unique competitive advantage.   Simply put, managed IT services are designed to assist companies in maintaining and supporting their network and IT infrastructure with the assistance of an outsourced managed services provider (MSP).  Types of services may include remote network monitoring, programming and reporting (24/7), firewall monitoring, intrusion detection, preventative tasks, disaster recovery, data backup and help desk support.  There are eight critical reasons why small to midsized businesses (SMBs) need managed IT services now and throughout the life cycle of their business.

Dependence On IT

Almost all businesses have become more dependent on computer technologies in the past few years.  And, it’s a rapidly changing environment.  Every business has become dependent on its IT infrastructure to perform at a high level, while effectively delivering its products or services.  As a result, it has become more difficult to maintain the expertise to properly deploy, manage, and monitor this new technology, especially as a business evolves.

Complexity

The fact that this new technology is new makes it more difficult for the average employee to understand and use effectively.  The level of demand and sophistication from today’s businesses are driving up complexity.  Distinct disciplines or specialties are emerging in a variety of technology related areas such as telephony, desktop, network, application and database support.  The breadth and depth of technology an organization requires immediately places the resources at a small to mid-sized businesses (SMBs) at a distinct disadvantage.

Insufficient Solutions

Traditional support options such as a one man IT consultant, or a one or two person in-house IT department cannot effectively handle the occasional network breakdowns that are bound to occur. This is especially true when compared to a team of external resources that  proactively monitor the SMB’s installed technology at all times.

Lack of Process

An IDC study reinforces the notion of lack of process, showing that 78% of all IT downtime is caused by change.  If you could simply eliminate change from the computing environment, you would substantially decrease the risk. Unfortunately, most SMBs lack the procedures, documentation standards, and scope of work, which often results in major disruption and downtime.

Increased Use of Technology

Increasing use of computers, new software and procedures, often leads to increased complaints and loss of productivity. Typically, when network or desktop problems arise and escalate inside a company, the response time of the one man shop or internal staff is quite slow. This dramatically increases employee complaints and lowers productivity.  In many situations employees have to wait in line to receive help.  As a result the downtime and morale will impact the organization’s bottom line as well as their ability to meet their customers’ needs.  By implementing a managed IT services program, the demand on internal IT resources are lessened, and they can now be utilized for other purposes such as directly supporting strategic business objectives rather than becoming bogged down in frequent break/fix issues.

Controlling Costs

During these challenging times, the IT budget is frequently reduced.  In a recent survey of nearly 950 IT managers at companies in North America and Europe; nearly half of the U.S. respondents said they have already cut their IT spending budgets.  Unfortunately, a cut in IT spending doesn’t mean there is a cut in demand for services.  This adds tremendous stress and pressure on internal departments to support the same amount of work with fewer resources.

Technology Erosion

Computer systems must be maintained just like any other systems used within the business. Vehicle fleets, manufacturing equipment, and the physical plant, have all moved to a preventative approach. If a company does not implement this preventative maintenance strategy for its technology components, disaster might be the unpleasant and unprofitable result.

Compliance

Finally, the technology utilized within an organization in most cases must meet specific compliance standards.  For example, a company’s business processes supported by technology may need to comply with Sarbanes-Oxely, Health Insurance Portability and Accountability Act (HIPPA), Gramm-Leach-Bliley Act (GLBA) and other requirements. Most companies don’t have the resources to fully understand and comply with all the detailed requirements of these regulations.

All of the above issues are driving the popularity of partnering with a managed IT services firm.  Companies that have made the transition already answered this question.  If deploying, managing and monitoring my IT infrastructure has absolutely nothing to do with the core competency of my business, why wouldn’t I outsource it to an expert?  This is a fairly easy question to answer and these organizations have reaped the rewards of increased profitability and a competitive advantage.


Managed IT as a Service

Making the Transformation to IT as a Service

The shift to the cloud over the past several years has been more a transformation of mindset than a simple adoption of new technology. With the widespread proliferation of cloud, IT teams needed to determine how to incorporate it globally throughout a company. IT as a service (ITaaS) was eventually born. This new model would revolutionize the way business IT operates.

Why ITaaS?

In the not-so-distant past, IT departments considered themselves entities that served up applications and performed tasks. The dictum of the Information Technology Infrastructure Library (ITIL) redirected this outdated approach to more of an end-to-end management strategy responsible for high quality solutions and process improvement.

With so many technical solutions now available, companies do not have to use internal resources that cannot fulfill business objectives. Therefore, it is in IT’s best interest to follow the as-a-service model. Flexibility, visibility into performance and organizational metrics, and efficient and practical results are expected on a consistent basis. The ITaaS strategy must incorporate all of these qualities to be successful.

Successful Shifting

One method that has been fruitful for companies making the shift to ITaaS is to employ a service catalog. This “product list” of obtainable services can help establish realistic expectations with the internal customer base. A ticket portal may be used to allow requestors to submit an order and follow it through to delivery. Resources can be effectively allocated to fulfill tickets by urgency and subject matter. The process grows to be more automated and repeatable over time, increasing productivity.

Reporting

ITaaS ticket portals are also helpful in tracking statistics of frequently requested services and demand by department. IT performance becomes transparent, and leaders can see the length of time that tickets are open, identify gaps in processes and skill sets, or call out compliance issues.
Budgeting is simplified as historical metrics can be used to forecast future business needs. Departments can better understand the burden they place on IT and how it affects the financial performance of the enterprise. The result is more educated decision making.

Creating Transparency and Accountability

The shift to ITaaS places more responsibility on the IT team to be fiscally responsible and show added value to the organization. The team might help minimize spending, avoid it altogether, or shine a light on ineffective consumption within various departments. Greater culpability and visibility are natural results of the transition to ITaaS.

The days of IT simply filling orders for application development and system maintenance are over. This entity is now responsible for helping to decrease tech spending, exposing those who are using resources irresponsibly, and incorporating cloud into the organization in an organized and logical manner. ITaaS is the key to successful IT in the new world.


Cloud Security

National Computer Security Day: Is Your Business Protected?

 

We all use computers for something in our lives, but for businesses that rely on them, National Computer Security Day is a great reminder to review the security measures you have in place. We’ve discussed in several posts how important it is for your business to keep your security measures up-to-date, but in honor of the holiday,  we are going to focus on the different areas of security that might be at risk and how to best keep them safe.

Email
Your email systems can be at risk for a number of reasons. If the server fails, you might not be able to access important information, and if any emails contain sensitive information, that information could be obtained by hackers.  There is also the age-old scam where people send viruses through email. Having a good email security system in place will make sure that emails containing questionable content will be blocked and quarantined. It will also ensure that your emails are backed up for easy access in case of emergency. You and your employees, with the right protection, are able to enjoy inboxes that are spam-free, contain no unsafe content and are properly backed up.

Firewall
What are your security objectives? How much of a block do you want between your computer network and the outside world? Having a well-managed firewall lets you call the shots and ensures that your network is constantly being monitored. You can reference web-based reports at any time to identify any erratic behavior and address any issues.

VPN
If you have employees or clients who access your network remotely, you need your VPN to be secure. VPN security means that you can have people work from home without worrying, and that any data sent through the network will be encrypted so that it cannot be intercepted and obtained, avoiding any cyber-attacks.

Internet Policy
What types of websites would you like to allow your employees to access from the at-work network? Having a security system that enables internet-use management allows you to put filters on accessible URLs to avoid any legal issues or potential issues for your employees who might access dangerous sites. Some managers also employ internet policy management systems in order to boost workplace productivity.

Data Storage
Storing your business’s critical data in a place that is easily accessible, secure, and backed-up is imperative. Having a good managed security service means that your data will be backed-up on a regular basis, which reduces the amount of time it would take for your business to recover from a potential security threat, as well as the amount of time you’d be exposed to any risk. This is hugely important to have In place to ensure that your sensitive data is monitored and secure 24/7.

What steps is your business taking to avoid security threats? Are you using a managed security service? National Computer Security Day is the perfect time to make sure all of your security management efforts are up-to-date and that you have the right protection in place for your business. Broadview offers a variety of managed security services and is always here to help you get started.