The two people who shut down four Washington power stations in December were arrested. This is the interesting part:

Investigators identified Greenwood and Crahan almost immediately after the attacks took place by using cell phone data that allegedly showed both men in the vicinity of all four substations, according to court documents.

Nowadays, it seems like an obvious thing to do—although the search is probably unconstitutional. But way back in 2012, the Canadian CSEC—that’s their NSA—did some top-secret work on this kind of thing. The document is part of the Snowden archive, and I wrote about it:

The second application suggested is to identify a particular person whom you know visited a particular geographical area on a series of dates/times. The example in the presentation is a kidnapper. He is based in a rural area, so he can’t risk making his ransom calls from that area. Instead, he drives to an urban area to make those calls. He either uses a burner phone or a pay phone, so he can’t be identified that way. But if you assume that he has some sort of smart phone in his pocket that identifies itself over the Internet, you might be able to find him in that dataset. That is, he might be the only ID that appears in that geographical location around the same time as the ransom calls and at no other times.

There’s a whole lot of surveillance you can do if you can follow everyone, everywhere, all the time. I don’t even think turning your cell phone off would help in this instance. How many people in the Washington area turned their phones off during exactly the times of the Washington power station attacks? Probably a small enough number to investigate them all.

Read More

Ransomware. Even the name sounds scary. 

When you get down to it, ransomware is one of the nastiest attacks a hacker can wage. They target some of our most important and precious things—our files, our photos, and the information stored on our devices. Think about suddenly losing access to all of them and being forced to pay a ransom to get access back. Worse yet, paying the ransom is no guarantee the hacker will return them. 

That’s what a ransomware attack does. Broadly speaking, it’s a type of malware that infects a network or a device and then typically encrypts the files, data, and apps stored on it, digitally scrambling them so the proper owners can’t access them. Only a digital key can unlock them—one that the hacker holds. 

Nasty for sure, yet you can take several steps that can greatly reduce the risk of it happening to you. Our recently published Ransomware Security Guide breaks them down for you, and in this blog we’ll look at a few reasons why ransomware protection is so vital. 

How bad is ransomware, really? 

The short answer is pretty bad—to the tune of billions of dollars stolen from victims each year. Ransomware targets people and their families just as explained above. Yet it also targets large organizations, governments, and even companies that run critical stretches of energy infrastructure and the food supply chain. Accordingly, the ransom amounts for these victims climb into millions of dollars.  

A few recent cases of large-scale ransomware attacks include:  

JBS Foods, May 2021 – Organized ransomware attackers targeted JBS’s North American and Australian meat processing plants, which disrupted the distribution of food to supermarkets and restaurants. Fearing further disruption, the company paid more than $11 million worth of Bitcoin to the hacking group responsible.   
Colonial Pipeline, May 2021 – In an attack that made major headlines, a ransomware attack shut down 5,500 miles of pipeline along the east coast of the U.S. Hackers compromised the network with an older password found on the dark web, letting the hackers inject their malware into Colonial’s systems. The pipeline operator said they paid nearly $4.5 million to the hackers responsible, some of which was recovered by U.S. law enforcement.  
Kaseya, July 2021 – As many as 1,500 companies had their data encrypted by a ransomware attack that followed an initial ransomware attack on Kaseya, a company that provides IT solutions to other companies. Once the ransomware infiltrated Kaseya’s systems, it quickly spread to Kaseya’s customers. Rather than pay the ransom, Kaseya’ co-operated with U.S. federal law enforcement and soon obtained a decryption key that could restore any data encrypted in the attack.  

Who’s behind such attacks? Given the scope and scale of them, it’s often organized hacking groups. Put simply, these are big heists. It demands expertise to pull them off, not to mention further expertise to transfer large sums of cryptocurrency in ways that cover the hackers’ tracks.  

As for ransomware attacks on people and their families, the individual dollar amounts of an attack are far lower, typically in the hundreds of dollars. Again, the culprits behind them may be large hacking groups that cast a wider net for individual victims, where hundreds of successful attacks at hundreds of dollars each quickly add up. One example: a hacker group that posed as a government agency and as a major retailer, which mailed out thousands of USB drives infected with malware.  

Other ransomware hackers who target people and families are far less sophisticated. Small-time hackers and hacking groups can find the tools they need to conduct such attacks by shopping on the dark web, where ransomware is available for sale or for lease as a service (Ransomware as a Service, or RaaS). In effect, near-amateur hackers can grab a ready-to-deploy attack right off the shelf. 

Taken together, hackers will level a ransomware attack at practically anyone or any organization—making it everyone’s concern. 

How does ransomware end up on computers and phones? 

Hackers have several ways of getting ransomware onto one of your devices. Like any other type of malware, it can infect your device via a phishing link or a bogus attachment. It can also end up there by downloading apps from questionable app stores, with a stolen or hacked password, or through an outdated device or network router with poor security measures in place. And as mentioned above, infected storage devices provide another avenue. 

Social engineering attacks enter the mix as well, where the hacker poses as someone the victim knows and gets the victim to either download malware or provide the hacker access to an otherwise password-protected device, app, or network. 

And yes, ransomware can end up on smartphones as well.  

While not a prevalent as other types of malware attacks, smartphone ransomware can encrypt files, photos, and the like on a smartphone, just as it can on computers and networks. Yet other forms of mobile ransomware don’t have to encrypt data to make the phone unusable. The “Lockerpin” ransomware that has struck some Android devices in the past would change the PIN number that locked the phone. Other forms of mobile ransomware paste a window over the phone’s apps, making them unusable without decrypting the ransomware. 

Avoiding ransomware in the first place 

Part of avoiding ransomware involves reducing human error—keeping a watchful eye open for those spammy links, malicious downloads, bogus emails, and basically keeping your apps and devices up to date so that they have the latest security measures in place. The remainder relies on a good dose of prevention.  

Our Ransomware Security Guide provides a checklist for both. 

It gets into the details of what ransomware looks like and how it works, followed by the straightforward things you can do to prevent it, along with the steps to take if the unfortunate ends up happening to you or someone you know. 

Ransomware is one of the nastiest attacks going because it targets our files, photos, and information, things we don’t know where we’d be without. Yet it’s good to know you can indeed lower your risk with a few relatively simple steps. Once you have them in place, chances are a good feeling will come over you, the one that comes with knowing you’ve protected what’s precious and important to you. 

The post Your Guide to Ransomware—and Preventing It Too appeared first on McAfee Blog.

Read More

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

With the explosive growth of technology, businesses are more vulnerable than ever to malicious cyber attacks. And as cybercriminals become more sophisticated, new methods of attack are popping up left and right.

To add fuel to the fire, the average cost of a data breach increased from $3.86 million to $4.24 million in 2021. That’s costly enough to put most SMBs into the red. Not to mention the reputational damage it can cause for your brand.

Avoid this dreaded fate by protecting yourself against the latest cybersecurity developments — like Malware-as-a-Service (MaaS) — to protect your networks, data, systems, and business reputation.

If you’ve never heard of Malware-as-a-Service (MaaS) before, don’t fret. This article is for you.

We’ll teach you everything you need to know about Malware-as-a-Service and wrap it up by sharing some best practices for protecting your proprietary company data from potential threats.

Let’s dive in.

What is Malware-as-a-Service (Maas)?

Malware-as-a-Service (MaaS) is a type of cyber attack in which criminals offer malware and deployment services to other hackers or malicious actors on the internet.

These services typically are available on the dark web. When purchased, a bad actor can carry out various malicious activities, such as stealing sensitive information, disrupting computer systems, or encrypting data and demanding a ransom to unlock it.

Some of the most common types of malware include the following:

Viruses: Programs that can replicate themselves and spread to other computers. They can cause various problems, such as disrupting computer operations, stealing information, or damaging files.
Trojan horses: These programs masquerade themselves as legitimate software but can carry out malicious activities, such as stealing data or giving attackers unauthorized access to a computer.
Worms: A self-replicating program that can spread across networks, disrupting computer operations and consuming network resources.
Adware: Software that displays unwanted advertisements on a computer. It can be intrusive and annoying and sometimes track a user’s online activities.
Ransomware: Encryption of a victim’s data with the demand for a ransom payment to unlock it. It can devastate businesses, resulting in losing important data and files.
Spyware: Software designed to collect information about a user’s online activities without their knowledge or consent to steal sensitive information (like financial statements and passwords).
Bots: Often used in conjunction with other types of malware, such as viruses or worms. For example, a virus could infect a computer and then download and install a bot, which could carry out malicious activities on that computer or other computers on the network.

MaaS makes it easier for cybercriminals to launch attacks, as they can purchase and use pre-made malware without developing it themselves. This distinction can make it harder for law enforcement, cybersecurity experts, and IT teams to track down the people responsible for the attacks.

And sadly, cyber-attacks are industry agnostic. For example, in the transportation industry, cybercriminals exploit vulnerabilities of electronic logging devices and steal valuable information from cloud-connected trucks.

MaaS is also a significant threat to online job boards like Salarship, Indeed, UpWork, or any other platform where job applications are stored. Attackers can easily access the personal data of thousands or millions of people by targeting these sites.

The bottom line: As a business with priority company data, it’s essential to be aware of the different types of malware and take the necessary precautionary steps to protect against these heinous services.

Ransomware-as-a-Service (RaaS) vs. Malware-as-a-Service (MaaS)

Ransomware falls under the umbrella of malware. But what’s the difference between Ransomware-as-a-Service (RaaS) and Malware-as-a-Service (MaaS)?

The main difference between MaaS and RaaS is the specific type of malware offered as a service. MaaS involves the development and deployment of any malware, while RaaS specifically consists of the development and deployment of ransomware.

Ransomware is a type of malware that restricts access to the infected computer system or its data and demands a ransom payment to regain access. It typically spreads through phishing emails, malicious websites, and targeted exploits.

MaaS and RaaS are online services on the dark web that make it easy for anyone with no experience or knowledge to launch an attack.

In some RaaS cases, the attackers may steal the victim’s data and hold it for ransom, demanding payment to return it to the victim. Or the attackers may encrypt the victim’s data and demand payment to unlock it without stealing it.

Regardless, the goal of ransomware is to make money by extorting the victim.

How to protect your business against MaaS

As malware becomes more sophisticated and accessible, it’s imperative to have some defense programs in place that can offer your extra business protection against bad actors.

According to a recent study, 64% of Americans would blame the company, not the hacker, for losing personal data.

Thankfully, there are ways to lessen the impact. ​​A report from Cisco states that adhering to General Data Protection Regulations (GDPR) has been shown to minimize the effects of a data breach.

Why? Because if a company complies with the GDPR, attackers might not find any data to exploit. And with the help of a privacy policy generator, your business can be GDPR-compliant with the click of a button.

Here are a few additional steps that your business can take to protect itself from MaaS:

Implement strong network security measures, such as a web application firewall, intrusion detection, and secure passwords.
Regularly update and patch all software and operating systems to fix known vulnerabilities.
Educate employees about Malware-as-a-Service risks and how to avoid them, such as not opening suspicious email attachments or visiting untrusted websites.
Use reputable anti-virus and anti-malware software and regularly scan the network for signs of infection.
Back up any necessary data regularly so your business can quickly restore its operations if anything goes south.

One of your company’s most significant assets is its data privacy and reputation, which directly affects how much your business is worth. So it’s critical to protect it against MaaS with a strong and well-implemented cybersecurity plan.

Wrapping up

Cybercriminals no longer need a strong technical background to pull off a malicious hack. The MaaS model has made it possible for anyone to become a cybercriminal.

But that doesn’t mean you have to avoid the internet forever — which is pretty challenging to do in today’s day and age.

With preventative measures and a robust cybersecurity strategy, you can sleep soundly at night, knowing your company data is safe from a MaaS attack.

For more advice on staying secure online, check out the AT&T Cybersecurity blog for additional insight.

Read More

Last year was also worst on record for UK businesses

Read More

Little in the modern IT world lends itself to manual or siloed management, and this is doubly true in the security realm. The scale of modern enterprise computing and modern application stack architecture requires security tools that can bring visibility into the security posture of modern IT components and integrate tightly to bring real-time threat detection, possibly even automating aspects of threat mitigation. This need has given rise to extended detection and response (XDR) tools.

What is XDR and what does it do?

XDR is a relatively new class of security tool that combines and builds on the strongest elements of security incident and event management (SIEM), endpoint detection and response (EDR), and even security orchestration and response (SOAR). In fact, some XDR platforms listed here are the fusion of existing tools the vendor has offered for some time.

To read this article in full, please click here

Read More