Author Archives: IT Pro Tech

There is a growing threat in the digital world known as SIM swapping. SIM swapping is a type of identity theft in which a hacker tricks or coerces a mobile carrier into transferring a victim’s mobile number to a SIM card that the hacker controls. Once this is done, the hacker can use the victim’s phone number to reset passwords, access email and social media accounts, and make unauthorized purchases.

 

The hacker usually obtains your mobile number and telco provider details by hacking your emails and obtaining your phone bills.

 

Here are some steps you can take to protect yourself from SIM swapping:

 

1. Enable two-factor authentication (2FA) on all your online accounts. This will make it much more difficult for a hacker to access your accounts even if they have your phone number.
2. Keep your mobile carrier informed of any changes to your contact information. This will help them flag any suspicious activity.
3. Be aware of the warning signs of SIM swapping, such as your phone suddenly not working or receiving calls or messages intended for someone else. If you suspect that your phone number has been transferred to a different SIM card, contact your mobile carrier immediately.
4. Use a security software for your phone which can detect any suspicious activity on your phone.

 

We are dedicated to keeping our clients safe and secure in the digital world. If you have any questions or concerns about SIM swapping or any other security issues, please do not hesitate to reach out to us.

 

Contact us today to find out more about how you can protect your infrastructure against the latest Ransomware attacks.

Call 02 9387 3888 or use our Contact Form.

 

Australian businesses have embraced digital transformation (DT) with gusto. About two-thirds of businesses surveyed by professional services consultancy KPMG said they’d accelerated their DT strategy and boosted their budgets accordingly, thanks to the pandemic.

As a result, KPMG points out five key challenges now facing online businesses that you should consider:

• Ramp up technology to link front, middle and back offices
• Streamline how customers deal with your business online
• Improve your digital connection with your suppliers and service providers
• Rethink your talent pipeline to look internally as well as externally
• Ensure digital technology enhances the resilience and agility of your business.

These are overarching challenges, and this article will cover a range of strategies and tips to keep your business ahead.

Exposure to new cybersecurity risks

As Forbes Tech Council says, we’re seeing a business and technology do something of a tango dance. This year, we’ve been hearing about data breaches, phishing, ransomware attacks and targeted cyber attacks. They target:

• Personally identifiable data
• Information that identifies customers
• Financial information
• Behavioural data including facial recognition, contact tracing, temperature measurements, and location-tracking systems.

Hackers can hold data or operations to ransom. In fact, hackers’ ‘dwell time’ within an organisation’s IT system is usually up to 20 days. You may not even know they’re lurking there. As soon as you’ve found out your business has been cyber attacked, whether it involves ransomware or not, you should report it to the proper authorities.

The emerging network security threats

Chances are cyber threats to your business won’t come from Australian ‘bad actors’. Business Australia says less than 10% of cybercrime happens in the same geographic location as the target.

An emerging threat to watch out for is through IoT (Internet of things) devices, such as cars, home appliances, that have electronic sensors for connectivity and data exchange. Your IoT systems are vulnerable if they don’t have the same security level as your network. Botnets, a collection of Internet-connected devices that each run a bot, can wreak havoc through Distributed Denial-of-Service attacks, send spam, steal data or take over the electronic device and connection. Worse, botnets have been morphing into hivenets – botnets that think for themselves.

Another increasing risk involves a hacker sending an email purportedly from senior management to a co-worker asking for funds or information.

You may have heard of what The Guardian calls possibly the most powerful spyware developed – Pegasus. It can infect your iPhone or Android device with a ‘zero click’ attack via the operating system’s bugs. You won’t even know Pegasus is on your phone. The malware turns it into a 24-hour surveillance device. It can use your camera and turn on the microphone to record you. Find out more from this article in The Conversation.

How’s your cyber hygiene?

Shockingly, human error underpins 90% of successful cyber attacks. Check out the Australian Government’s Cyber Security Assessment Tool, which will prompt you to:

• Back up your data
• Secure your electronic devices and online network
• Ensure you encrypt important information
• Use multi-factor authentication
• Better manage passphrases (use them instead of passwords)
• Monitor who’s using your business computer equipment and systems.

You can also boost your risk management with cyber security policies, procedures and frameworks you roll out for your entire business. These, as well as staff training, clear delegation of roles and a breach response plan, should be your priority. How to triage, treat and mitigate cyber risks should be an integral part of your business continuity plan.

That might sound like a lot for a small-to-medium-sized enterprise, but hackers know and hence target this sector because they’re unlikely to have in-house security experts. It’s important to know that eight in 10 SMEs who suffer a breach go under within 12 months, says Business Australia. A new trend is for a group of small businesses and not-for-profit organisations to join forces with cybersecurity specialists for a collective cyber defence that offers real-time scanning and intelligence sharing. Keep a look out for cyber security firms offering this solution.

Where does insurance fit into cybersecurity risk management?

Cybersecurity insurance adds an extra level of protection and peace of mind for digital businesses. Make sure the one you opt for covers:

• Liability
• Cyber investigations costs
• Public and customer relations
• Legal
• Compensation
• Regulatory fines.

Some policies also offer free cyber consultation, access to an around-the-clock cyber incident response team, multimedia liability, system damage, computer crime cover and unlimited period for business interruption cover. There’s a lot of complexity with this cover, so we’d be happy to guide you through the options for your digital transformation journey.

The script used to hijack the company’s VM setup was only 6kb in length but contained variables including different sets of encryption keys, email addresses, and options for customising the suffix used to encrypt files in a ransomware-based attack.

The malware created a map of the drive, inventoried the VM names, and then powered each virtual machine off. Once they were all disabled, full database encryption began. OpenSSL was then weaponised to encrypt them all quickly by issuing a command to a log of each VM’s name on the hypervisor.

Once encryption is complete, the reconnaissance files were overwritten with the word f*ck and were then deleted.

Big game ransomware groups including DarkSide — responsible for the Colonial Pipeline attack — and REvil are known to use this technique. Sophos says the sheer speed of this case, however, should remind IT administrators that security standards need to be maintained on VM platforms as well as standard corporate networks.

“Python is a coding language not commonly used for ransomware,” commented Andrew Brandt, principal researcher at Sophos. “However, Python is pre-installed on Linux-based systems such as ESXi, and this makes Python-based attacks possible on such systems. ESXi servers represent an attractive target for ransomware threat actors because they can attack multiple virtual machines at once, where each of the virtual machines could be running business-critical applications or services.”

SOURCES: https://latest.insure/

Contact us today to find out more about how you can protect your infrastructure against the latest Ransomware attacks.

Call 02 9387 3888 or use our Contact Form.

 

For many businesses, taking care of their tech needs themselves is the option that makes the most economical sense to them. But, this DIY practice could end up costing them more and risk their customer information and other company data.

Their business will be less efficient having Jane, in accounting, who’s good at figuring out technical problems, spending her time assisting with things she is not best at. Managed services providers (MSPs) are a way for businesses, big and small, to get the technical support they need without having to bring everything in-house.

What are MSPs?

MSPs are businesses that help other companies with their IT, security, and other technical infrastructure. Often, this work is done remotely, but MSPs can also be used on-site to help with major projects or to help fix problems that can’t be dealt with any other way.

MSPs offer a range of services, including helpdesk, managed IT security solutions, virtual CIO, and strategy (among others) that remove the task of looking after the tech stack from your business. Even if you have an in-house IT team, MSPs can be helpful because they free up your staff from low-level tasks.

Want to learn just how great an MSP can be?

If you need help with your tech or want to explore how you can work with an MSP in your business, let’s chat. We love meeting new people and discovering how we can help make their lives easier. Contact us today to learn more.

Can I move my business into the cloud – and is it safe?

Here are my practical thoughts about “the Cloud”. Moving your business to the cloud can be economical if you have a large team and growing, or if you are just using File Storage and Email Services.

Cloud Systems offer a multitude of Security Features, and normally have teams of technicians dedicated to maintenance and security. Moving existing infrastructure to the cloud is recommended to be implemented in stages.

We help businesses execute that move. We tailor the systems to their needs and in line with the best security protocols.

Which cloud services do you already use in your business?

The Federal Government has announced its plans to combat ransomware including new offences and a mandatory notification obligation for victims of a ransomware attack.

The Parliamentary Joint Committee on Intelligence and Security (PJCIS) has recommended the amending Bill be split so that certain requirements and powers become law while risk management program rules come back to parliament in a second Bill which also include a range of significant amendments.

On Tuesday the 5th of October 2021, Sophos said the malware, a new variant written in Python, was deployed ten minutes after threat actors managed to break into a TeamViewer account belonging to the victim organisation.

How did the ransomware got spread?

TeamViewer is a control and access platform that can be used by the general public and businesses alike to manage and control PCs and mobile devices remotely.

As the software was installed on a machine used by an individual who also owned domain administrator access credentials, it took only ten minutes – from 12.30 am to 12.40 am on a Sunday – for attackers to find a vulnerable ESXi server suitable for the next stage of the assault.

VMware ESXi is an enterprise-grade, bare-metal hypervisor used by vSphere, a system designed to manage both containers and virtual machines (VMs).

The researchers say the ESXi server was likely vulnerable to exploit due to an active shell, and this led to the installation of Bitvise, SSH software used – at least, legitimately – for Windows server administration tasks.

In this case, the threat actors utilised Bitvise to tap into ESXi and the virtual disk files used by active VMs.

“ESXi servers have a built-in SSH service called the ESXi Shell that administrators can enable, but is normally disabled by default,” Sophos says. “This organization’s IT staff was accustomed to using the ESXi Shell to manage the server, and had enabled and disabled the shell multiple times in the month prior to the attack. However, the last time they enabled the shell, they failed to disable it afterwards.”

Three hours in, and the cyberattackers were able to deploy their Python ransomware and encrypt the virtual hard drives.

The script used to hijack the company’s VM setup was only 6kb in length but contained variables including different sets of encryption keys, email addresses, and options for customising the suffix used to encrypt files in a ransomware-based attack.

How did the ransomware impact the machines?

The malware created a map of the drive, inventoried the VM names, and then powered each virtual machine off. Once they were all disabled, full database encryption began. OpenSSL was then weaponised to encrypt them all quickly by issuing a command to a log of each VM’s name on the hypervisor.

Once encryption is complete, the reconnaissance files were overwritten with the word f*ck and were then deleted.

Big game ransomware groups including DarkSide – responsible for the Colonial Pipeline attack – and REvil are known to use this technique. Sophos says the sheer speed of this case, however, should remind IT administrators that security standards need to be maintained on VM platforms as well as standard corporate networks.

Why was Python used for this cyber attack?

“Python is a coding language not commonly used for ransomware,” commented Andrew Brandt, principal researcher at Sophos. “However, Python is pre-installed on Linux-based systems such as ESXi, and this makes Python-based attacks possible on such systems. ESXi servers represent an attractive target for ransomware threat actors because they can attack multiple virtual machines at once, where each of the virtual machines could be running business-critical applications or services.”

SOURCES: https://www.zdnet.com/

Contact us today to find out more about how you can protect your infrastructure against the latest Ransomware attacks.

Call us on 02 9387 3888 or fill the Contact Form.

We recommends that you work closely with your IT Provider to establish a Security and Data Handling Policy for your staff. This should include information about password policies, email phishing, data sharing, personal device usage with company data, phone scams, Social Media accounts, and Multifactor Authentication (2FA). The weakest link in many cases is human error. You can combat this today by giving your staff the insight into how to stay protected.

Contact us today to find out more about how you can best educate staff on how to protect your client data.

Call us on 02 9387 3888 or complete the Contact Form.

 

Does your business network cabinet look like a pasta dish?

The master chef at CB Computers is able to convert this into a Fine Dining experience!

Having your IT infrastructure neat and organised will enable efficient operations, allow easy troubleshooting, and ability to securely lock your equipment as it should be.

Contact us today to find out more to see the menu.

Call us on 02 9387 3888 or complete the Contact Form.