Researchers: Booming Cyber-Underground Market for Initial-Access Brokers

Ransomware gangs are increasingly buying their way into corporate networks, purchasing access from ‘vendors’ that have previously installed backdoors on targets.

It’s well known that email is often the gateway for cyber criminals looking to infiltrate a corporate network. But rather than do the heavy lifting themselves, ransomware gangs are buying their way onto networks, partnering with other criminal groups that have already paved the way for entry with first-stage malware, researchers have found.

Researchers from Proofpoint have uncovered a “lucrative criminal ecosystem” that works together to mount successful ransomware attacks, like the ones that have made headlines (Colonial Pipeline) and caused significant disruption around the world recently, according to a report from the cybersecurity firm published Wednesday.

Before the ultimate ransomware payload hits the network, known ransomware gangs such as Ryuk, Egregor and REvil first team up with threat actors who specialize in initial infection using various forms of malware — such as TrickBot, BazaLoader and IcedID, according to the report.

“Ransomware operators often buy access from independent cyber criminal groups who infiltrate major targets, and then sell access to the ransomware actors for a slice of the ill-gotten gains,” according to the report. “Cyber criminal threat groups already distributing banking malware or other trojans may also become part of a ransomware affiliate network.”

Specifically, Proofpoint tracks at least 10 threat actors who use malicious email campaigns to distribute first-stage loaders via various tactics, that ransomware groups then take advantage of to deliver the ultimate payload.

The relationship between these threat actors and ransomware groups is not one-to-one, however, researchers found, as multiple threat actors use the same payloads for ransomware distribution.

“Ransomware is rarely distributed directly via email,” according to the report. “Just one ransomware strain accounts for 95 percent of ransomware as a first-stage email payload between 2020 and 2021.”

Moreover, banking trojans (TrickBot, Emotet) seem to be the preferred initial method of choice for these access brokers to establish backdoors using malicious email links and attachments, with about 20 percent of the malware seen in the first half of 2021 infiltrating networks this way, researchers found.

Proofpoint has also observed evidence of ransomware deployed via malware called SocGholish, which uses fake updates and website redirects to infect users, as well as via Keitaro traffic distribution system (TDS) and follow-on exploit kits that operators use to evade detection, researchers said.

Attackers and Malware of Choice

Specifically, Proofpoint in the report links 10 threat actors that researchers have been tracking as initial access facilitators to their malware and tactics of choice for establishing network access, which they then sell to various ransomware groups for further nefarious purposes.

TA800 is a large cybercrime actor that Proofpoint has tracked since mid-2019 that distributes banking malware or malware loaders, including TrickBot, BazaLoader, Buer Loader and Ostap, to the Ryuk ransomware gang, researchers found.

TA577 is a prolific cybercrime threat actor tracked by Proofpoint since mid-2020 that “conducts broad targeting across various industries and geographies” to deliver payloads including Qbot, IcedID, SystemBC, SmokeLoader, Ursnif and Cobalt Strike, via emails with malicious Microsoft Office attachments. The Sodinokibi or REvil ransomware group is affiliated with TA577, which has seen a boost in activity of 225 percent in the last six months, according to the report.

TA569, tracked since 2018 but known to be active since 2016, is a traffic and load seller known for compromising content-management servers and injecting and redirecting web traffic to a social-engineering kit, according to the report.

The threat actor is associated with WastedLocker ransomware campaigns that appeared in 2020 that leveraged the SocGholish fake update framework for payload distribution, and also has connections to Russia’s infamous cybercrime gang Evil Corp, researchers found.

Proofpoint has tracked TA551 since 2016. The threat actor typically use thread hijacking to distribute malicious Office documents via email to distribute Ursnif, IcedID, Qbot and Emotet. Specifically, the Maze and Egregor gangs leveraged the group’s use of IcedIT in 2020 to deliver ransomware, according to researchers.

TA570, tracked since 2018, is one of the largest Qbot malware affiliates in campaigns to deliver ProLocker and Egregor ransomware, likely using compromised WordPress sites or file-hosting sites to host their payloads, according to Proofpoint.

Another group, TA547, has been seen distributing primarily banking trojans to various geographic regions including ZLoader, TrickBot and Ursnif, that are later leveraged by ransomware gangs. Activity from TA547 has spiked nearly 30 percent in the last six months, researchers found.

TA544 is also in the malware business but also uses other payloads and primarily attacks targets in Italy and Japan. Researchers have observed the group distributing Ursnif and Dridex trojans, sending upwards of 8 million malicious messages in the last six months, according to Proofpoint.

Another group affiliated with ransomware gangs is TA571, which Proofpoint has tracked since 2019. The threat actor distributes Ursnif, ZLoader and Danabot banking malware, using legitimate file-hosting services or compromised or spoofed infrastructure for payload hosting.

Tracked since June 2020, TA574 is a group of “high-volume cybercrime threat actors” that’s been seen distributing more than 1 million malicious emails over the last six months that attempt to deliver and install malware, including Zloader via malicious Office attachments, according to the report.

Finally, TA575 is a Dridex affiliate tracked by Proofpoint since late 2020 that distributes malware via malicious URLs, Office attachments and password-protected files, on average distributing about 4,000 emails per campaign to hundreds or organizations.

Posted in Uncategorized | Leave a comment

As More Ransomware Attacks Hit, Kansas City Companies Step Up

A rapid increase in the frequency and severity of ransomware attacks around the country is making cyber defense essential. Kansas City’s cybersecurity industry is rising to the challenge.

The explosion of ransomware attacks is shining a light on the importance of cybersecurity. And Kansas City’s cyber defense industry is growing to meet the increasing demand.

In a ransomware attack, hackers gain control of a company or government’s servers and demand money to unlock the network. Cryptocurrency has allowed hackers to receive ransoms anonymously after taking control of businesses’ networks.

These attacks happen everywhere, including Kansas City. In the last two years, Metropolitan Community College, Truman Medical Center and the city of Independence have all been targeted.

Byron Clymer is the chief information officer at Lockton Companies, a global insurance company headquartered in Kansas City. Clymer said he has been on the front lines of too many cyberattacks to count.

“The threats come out daily, so you’re on the wall daily preventing and looking for attacks, trying to prevent them, trying to figure out other ways that they might be trying to get in,” Clymer said.

Clymer said hackers used to get in and get out, focusing on stealing data and selling it on the dark web.

But now, after the hackers get into the system, Clymer said they will follow a trail of interconnected devices and networks, latching onto anything they can, including other businesses.

“Now it’s about as they break in and they get on that one box, that one computer, how can they figure out how to move to the next one and the next one and the next one,” Clymer said.

This is how a ransomware attack on one company can turn into an attack on hundreds of companies, like the attack on U.S. tech firm Kaseya, which halted operations for over 1,000 companies worldwide over the Fourth of July weekend.

Insuring against cyberattacks

While ransomware attacks have increased in frequency and scope, cybersecurity insurance has expanded. Global insurance broker Marsh McLennan reported that its percentage of clients that used cyber insurance almost doubled from 2016 to 2020, according to a report from the U.S. Government Accountability Office.

Travis Holt is the founder of Brush Creek Partners, a cybersecurity insurance and contract review company. While his business still works on preventing cyberattacks, the main focus is insuring businesses when they are hit with an attack.

He said he started reaching out to businesses with sensitive data like banks and hospitals more than 10 years ago.

“They had zero desire to have a conversation,” Holt said. “And our phones now rings off the hook with companies calling us saying, ‘I need help.’”

A survey from the Council of Insurance Agents and Brokers also states that cybersecurity insurance premiums increased 10%-30% in late 2020 for most respondents because of higher demand after the increasing frequency and severity of cyberattacks.

Protection doesn’t have to be expensive

Holt said companies should view their investment like running away from a bear.

“You don’t have to be the fastest; you just can’t be the slowest,” Holt said.

And while Holt said it’s very costly to get to 100% cybersecurity coverage, he said it’s not necessary to invest that much.

“In most cases, getting to 90% is sufficient because there is so many people that are so inadequate that the hackers will pick on the easy targets,” Holt said.

But for businesses that can’t afford to hire someone, it can be relatively inexpensive to protect against attacks. Things like employee education, backing up data and multi-factor authentication can go a long way.

If you need assistance in protecting your business against ransomware attacks, please give us a call any time: INFO-TEK Enterprises, LLC – 816.859.9257 or

Posted in Uncategorized | Leave a comment

The Importance of Email Security in the Workplace

Every time we look at the news, we’re bombarded with one of four things, COVID news, political scandals, celebrity drivel, or the latest data security breach. With so much attention being given to cybersecurity you’d think we could all relax a bit. The truth of the matter is cybercrime advances continuously, meaning cybersecurity measures are in a constant, never-ending race to defend against these attacks. Email security is one of the most pertinent cybersecurity topics that businesses should be focusing on. Here’s what you need to know about the importance of email security in the workplace, even if your current workplace is your sofa/sanctuary due to the pandemic.

Why Email Security in the Workplace Should Be a Priority

Most companies don’t think of just how important email security really is until it’s too late.., Email security should be a priority for businesses of all sizes. Just think of how much sensitive information passes through company email accounts on any given day. That’s information that could be sold to a competitor or leveraged for ransom.

Think of it this way. Although pirates still exist in a sense, they aren’t chasing Spanish galleons full of bullion. The new bullion-laden galleons are digital. They have taken the form of the valuable information that passes back and forth between businesses via email. It’s important to think of data as money. We hear about hackers cracking into bank accounts and draining the funds all the time, but when they steal data instead, it’s just as valuable.

Either way, if your business email is compromised, it’s going to cost someone a lot of money which is why email security is so important.

How Managed IT Service’s Can Boost Email Security

When thinking about ways to enhance email security, Managed IT Services should be your first thought. Managed IT service can provide much more than routine IT maintenance. They can administer robust security measures that include 24/hour monitoring.

Superior managed IT services like INFO-TEK go even farther and offer business continuity services as well as training. The more you invest in email security, the safer your company, and your money will be.

When it comes down to it, your business can’t afford to be compromised via email. That said, it can afford to invest in managed IT services to enhance email security in the workplace and avoid expensive problems.

Why it’s Important to Provide Employees with Cybersecurity Training

In the end, all of the security software in the world won’t do a lick of good unless your employees have been given adequate cybersecurity training. Ultimately, it’s the human element that makes the difference. The more cybersecurity training that your workforce has, the less susceptible it will be to being duped and victimized by phishing attacks.

Respectable managed IT service companies like INFO-TEK can provide your company with the training services that it needs to stay safe on top of 24/7 monitoring and support.

Got Protection? Get Yours From The Purple Guys

There are countless digital threats to your company’s safety including phishing emails, buffer overflows, inbound/outbound email flooding, etc.

Protect your business from all of these threats and more by partnering with INFO-TEK.

Call INFO-TEK today and watch those cybersecurity worry-related wrinkles fade away!

Posted in Uncategorized | Leave a comment

Fileless malware: The invisible threat

Scanning the files you download is not enough to detect malware these days. Hackers have found a clever way to get around antivirus and anti-malware software by using fileless malware. Since this malware is not as visible as traditional malware, it can infect your entire infrastructure without you even knowing. Let’s take a closer look at how fileless malware works and what you can do to defend against them.

What is fileless malware?

Fileless malware is malicious software that doesn’t rely on executable files to infect your infrastructure. Rather, it hides in your computer’s random access memory (RAM) and uses trusted, legitimate processes such as Microsoft Office macros, PowerShell, and Windows Management Instrumentation (WMI).

Fileless malware isn’t as visible as traditional malware. They use a variety of techniques to stay persistent, and can adversely affect the integrity of a business’s processes and the infrastructures that run them. Because there are no files to trace, fileless malware escapes detection from most anti-malware programs, especially those that use the databases of precedent threats. Most automated sensors cannot recognize illicit scripts, and cybersecurity analysts who are trained to identify them usually have a hard time establishing where to look.

Fileless malware by the numbers

In November 2016, attacks using fileless malware saw a 13% uptick, according to a report by Trend Micro. Also, in the third quarter of 2016, attacks were 33% higher than in the first quarter. During the first quarter of 2017, more PowerShell-related attacks were reported on over 12,000 unique machines.

Kaspersky Lab uncovered over 140 infections across 40 different countries. Almost every instance of the fileless malware was found in financial institutions and worked toward obtaining login credentials. In the worst cases, infections had already gleaned enough information to allow cyberattackers to withdraw undisclosed sums of cash from ATMs.

In 2018, Trend Micro also detected a rising trend of fileless threats throughout the first half of the year.

Is your business at risk?

It is unlikely that your business has been targeted in the earliest stages of this strain of malware, but it’s better to be safe than sorry. Businesses should practice defense in depth, where multilayered safeguards are implemented to reduce exposure and mitigate damage. But apart from cultivating a security-aware workforce, what actionable countermeasures can organizations carry out?

While your business might not be in immediate danger, you should employ solutions that analyze behavioral trends. It is also wise to invest in a managed services provider that offers 24/7 network monitoring, proper patches, and software updates. Call us today to get started.

Posted in Uncategorized | Leave a comment

COVID-19 Free Remote Work Solutions

This is a challenging time for everyone around the globe. Concerns about the COVID-19 virus have led to a boom in remote working and left organizations scrambling to ensure their remote workforce can stay connected. In an effort to help lead our community through this ever-changing situation we have compiled a list of free remote work solutions vendors that are now offering free tools to small businesses to help your team remain connected.

Remote Work Solutions

  1. Microsoft Teams

The premium version of Microsoft Teams is now available as part of a six-month trial offer for Office 365 E1 plans. A free version of teams is already available, and Microsoft is lifting restrictions on user limits as well as letting users schedule video calls with coworkers.

Learn more here:

  1. Go To Meeting

Is offering Emergency Remote Working kits for critical front-line service providers and healthcare providers with free access. The collaborative communication tool will be free for 3-months, helping businesses to stay connected through webinars, virtual events, and video. You can also access tools for the remote management of employee devices.

Learn more here:

  1. Google Hangouts

Google is now offering advanced Hangouts Meet video-conferencing capabilities to all G Suite and G Suite Education customers at no extra cost. This feature includes access to larger meetings of up to 250 participants, live streaming for up to 100,000 viewers in a single domain and the ability to record meetings and save them on a Google Drive. This offer is set to remain in place until July 1.

Learn more here:

  1. Cisco Webex

As a part of Webex, Cisco has made a variety of features free, including, support for up to 100 participants, and unlimited usage. Customers not already using the service can sign up for a 90-day free license.

Learn more here:

  1. Zoom

Although Zoom has had a free version of its software available for some time now, it had limitations. In response to recent events, you can now access Zoom for free and host up to 100 participants, access free 1-to-1 meetings, and create group meetings lasting up to 40 minutes.

Learn more here:

* Update 4/6/2020: If you have seen the recent security reports about Zoom and have concerns, there are other options and tools available for staying connected.  We feel Zoom remains a very viable option, especially with how they rapidly responded to the situation.  You can read more from Zoom Here:

Zoom’s message on uninvited guests having access:

Zoom’s overall message on the recent Security issues:

  1. Intermedia

Offering free video conferencing through the end of 2020.  Includes the ability to do large on-line broadcasts up to 200 people.

Learn more here:

  1. LogMeIn

LogMeIn is offering three months free use of their suite of tools.  They also have some great resources for how to effectively work remotely and remotely manage teams.

Learn more here:

     8. Houseparty

Houseparty is a free face-to-face social networking service that enables group video chatting through mobile and desktop apps. Users receive a notification when friends are online and available to group video chat.

Learn more here: 

Looking for additional information to keep your business and team safe?  We can help answer any specific questions, we are happy to help! Please email or call us @: 816-914-8826

Please stay safe and informed as we navigate a world with COVID-19.

Posted in Uncategorized | Leave a comment

What can you do with an old PC?

If your PC has been struggling to perform all the tasks you have at hand, we completely understand why you would be itching for a new one. But even if it’s old, sluggish, and always crashing, your old desktop or laptop may still prove to be useful. Here are some things you can do with an old PC.

Make a NAS server

Network-attached storage (NAS) is a server for your small business network that lets you store files that need to be shared with all the computers on the network. If your old PC has at least 8 GB of RAM, you can use it as your own NAS.

Simply download FreeNAS, a software accessible on Windows, MacOS, or Linux, that enables you to create a shared backup of your computers. FreeNAS has access permissions and allows you to stream media to a mobile operating system (OS), like iOS and Android.

But if you’d rather convert your PC into a private cloud for remote access and data backup, Tonido is a great alternative. This free private cloud server turns your computer into a storage website, letting you access files from anywhere on any device. Tonido offers up to 2 GB of file syncing across computers, and there are even Tonido apps for iOS and Android.

Secure your online privacy

Install The Amnesic Incognito Live System (TAILS) on your old computer and enjoy your very own dedicated privacy PC.

TAILS routes all your internet traffic and requests through TOR Project, a software that makes it difficult for anyone to track you online. All of this Linux-based software’s integrated applications like web browsers, Office suite, and email software are preconfigured for robust security and privacy protection.

Activate kiosk mode

In Windows 10, enabling Assigned Access “kiosk mode” ensures that only one app is allowed to run in the system. To activate this mode, open Settings and go to Accounts > Family & other users, then click on the Set up assigned access option. From there, you can choose which app the system can access.

For example, if you want a dedicated audio and video conferencing system, you can choose to give assigned access to Skype or other online communication apps. This mode is also perfect for setting up a public information desk for walk-in customers or a dedicated point-of-sale system for cashiers.

Create a guest computer

When you have to accommodate for consultants and temporary staff, it may be worth setting up a bare-bones guest computer. First, reformat your PC and reinstall the latest Windows or Mac operating system. Then, install security updates and set up guest restrictions to prevent unauthorized access to critical systems. Ideally, temporary staff should only be able to use guest computers for things like email, web browsing, and standard productivity software.

Salvage PC parts

If your old computer can’t be transformed into a NAS server or service kiosk, consider reusing certain hardware components. For instance, you can reuse RAM sticks for another computer, repurpose hard disk drives as external hard drives, and set up a second display with an old monitor.

Reselling hardware components like motherboards and video cards is also a good idea if you’re saving up for a new PC. Finally, keep your cables. Many USB adaptors, ethernet cables, and AUX cords are compatible with a wide array of electronics.

We’re always on the lookout for ways to help our clients make the most out of their technology investments. Want to know more about how to utilize hardware to your business’s advantage? Give us a call.

Posted in Uncategorized | Leave a comment

Ransomware: What You Should Know About the Latest Attacks

Ransomware is a multi-cloud problem for organizations of all sizes, especially small and medium-sized businesses (SMBs), which have become a new favorite target for cyber criminals. A couple of the latest attacks have highlighted the increasing need for SMBs to take proper precautions to better protect themselves against malicious software infiltrating networks across the country.

Ransomware attacks aren’t going away anytime soon. There was a 363 percent year-over-year increase in ransomware attacks during the first half of the year, according to a Malwarebytes report, which explored the evolution of ransomware attacks. Businesses are taking note of the nasty threat.

Nearly 90 percent of companies consider ransomware a critical threat to their businesses. According to a report on how IT executives are implementing disaster recovery (DR) throughout their organizations, many companies have recently experienced DR events caused by ransomware attacks.

Published by Datrium, a multi-cloud data platform company, the report, titled “State of Enterprise Data Resiliency and Disaster Recovery 2019,” found that more than 36 percent of businesses that have experienced a DR event in the past year identified ransomware as the primary cause of the incident.

Here are a couple of the latest ransomware events in the news you should know about if you want to stay up to date on what’s been happening in the cybersecurity threat landscape.

Cybercriminals attack Louisiana’s state servers, again

Louisiana recently fell victim to a ransomware attack, which interrupted several services across the state, but no data was compromised in the cyberattack.

The attack impacted several state services being used by agencies at the time — including email, websites, and other applications — but it didn’t directly interrupt services, according to Louisiana Governor John Bel Edwards, who tweeted about the incident numerous times. The state directly caused the service interruption by shutting down some of its servers to prevent infection.

In response to the attack, the state activated its cybersecurity team. The state’s Office of Technology Services (OTS), which oversees the team, confirmed that the attack was similar to the ransomware that was targeting school districts and government entities in the U.S. this past summer.

The state didn’t pay the ransom demanded by the cybercriminals.

Many cybersecurity professionals and government agencies, including the FBI, advise against entities complying with ransom demands. One of the main reasons why is that it’s not guaranteed an organization will regain access to its data after paying the ransom requested by the hacker.

Louisiana has been through this before. Ransomware hit three school districts in the state over the summer.

Russian hackers hold IT provider’s data hostage

Even IT providers are having a difficult time preventing ransomware attacks.

The Cybersecurity and Infrastructure Security Agency (CISA) in October 2018 issued a warning about the increasing number of cyberattacks on IT service providers. Instead of gaining access to a single company’s network, cybercriminals can infiltrate many networks when successfully attacking IT services providers. These targets have access to customer data that they can easily exploit.

For example, hackers recently launched a ransomware strain inside a Milwaukee-based IT provider’s networks; this malicious act affected more than 80,000 computers in 45 states across the country.

The cybercriminals demanded $14 million from the company, Virtual Care Provider Inc. (VCPI), which provides IT support and services for long-term post-acute care, in exchange for a digital key needed to unlock access to the files; at the time of the attack, VCPI couldn’t afford to pay the ransom.

The attack impacted facilities under VCPI’s jurisdiction differently. Some locations couldn’t gain access to patient records, pay employees, or order medications.

Ransomware attacks are evolving. The best way to stay on top of what’s going on in the space is by paying close attention to how the latest types of ransomware attacks are impacting businesses, local school districts, and health care providers. Staying informed helps with preventing future attacks.

Posted in Uncategorized | Leave a comment

What Do You Know About Business Intelligence?

What Do You Know About Business Intelligence?

If you don’t know much about business intelligence (BI), that’s okay. What’s important is you’re open to learning how BI can help grow your business, which means you’re more than likely ahead of your peers.

Honestly, BI isn’t a difficult concept to understand. Simply, think about it this way: BI solutions assist businesses with analyzing business data — that’s as much as you need to know.

Businesses are always gathering data, but they’re not always processing it, which, in the grand scheme of things, isn’t good for businesses looking to improve their bottom lines.

Unstructured data leaves too much money on the table. In other words, businesses not using BI solutions to increase their bottom lines aren’t taking full advantage of the opportunities BI solutions can provide.

With the cloud, it’s easier now than ever before to adopt BI solutions. SMBs no longer have to purchase additional hardware to convert unstructured data to structured data.

BI solutions are providing real-time data to users throughout entire organizations. Instead of targeting decision makers at the top, BI software is more often than not accessible to various departments.

There are plenty of businesses in numerous markets looking to leverage what the BI market as a whole has to offer.

The proof is this: The global business intelligence market size is set to exceed $26.50 billion between 2016 and 2021, according to a Zion Market Research (ZMR) report.

One industry where investments in business intelligence solutions have become essential to driving business growth in agriculture.

Over the years, farmers have been turning to BI solutions to help their farm field operations grow.

For example, at a high level, many farmers are using BI software to help with boosting their yields, which improves the overall financial performance of their farms.

Many farmers are seeing a positive impact from using BI software to improve their farm operations. Instead of being unaware of how business operations are impacting their bottom lines, many in the agriculture industry are now seeing what can increase market share, productivity, and profitability.

In fact, globally, there’s been a continued interest in analytics software geared toward the agriculture analytics market. For example, the global agriculture analytics market size is expected to grow from $585 million in 2018 to $1,236 million by 2023, at a compound annual growth rate (CAGR) of 16.2% during the forecast period, according to a report published by MarketsandMarkets.

Basically, the reason why the market has been growing so much is there’s been an increasing need to improve farm productivity and associated farming operations, according to the report. The study also pointed out the growing demand for specialized digital agriculture service providers.

For this industry, BI enables farmers to evaluate crops and determine whether anything should be done to improve a farm’s profitability.

Businesses across the board are investing in BI. Forty-eight percent of respondents indicate cloud BI is either “critical” or “very important,” and current use and future plans for deploying cloud BI continue to grow, according to a Dresner Advisory Services report.

When it comes to the kind of technology, software as a service (SaaS) and cloud computing now ranks 12th in importance among a list of 37 BI technologies under study, up five places since 2018, the report revealed.

Used correctly and BI can help your business grow. Businesses of all shapes and sizes are using BI solutions to improve bottom lines. Agriculture is one industry using BI effectively to increase productivity and profitability, especially when it comes to determining pricing and forecasting. BI technologies can help businesses leaders from all industries making informed business decisions.

Posted in Uncategorized | Leave a comment

Still Running Windows 7? It’s Time To Upgrade

Still Running Windows 7? It’s Time To Upgrade

If you still haven’t upgraded from Windows 7 to Windows 10, you’re not alone, but just because you’re in the company of others, doesn’t mean you should continue pushing off upgrading desktop computers at your business locations.

Even though routine maintenance is essential to protecting data from an evolving threat landscape, many businesses aren’t updating software, which has become apparent by the speed at which cyber attacks are spreading from user to user.

To reverse this worldwide trend of neglecting software, businesses should look no further than the operating systems running their desktops.

Windows 7 is still popular among desktop users

Globally, more than 38% of desktop computers are still running on Windows 7 — even after the tech giant revealed it would be ending extended support for the OS.

Microsoft will no longer provide security updates or support for PCs running Windows 7 after January 14, 2020. Customers will still be able to run Windows 7 after the end of support (EOS) date; however, their PCs will become more vulnerable to security risks, including viruses and malware.

To avoid gaps in Windows 7 support, the software giant has been urging its users to “keep the good times rolling by moving to Windows 10.”

What businesses can do

There are a couple of options businesses can take if they’re still running Windows 7 on their PCs.

First, businesses can simply upgrade their desktops to Windows 10. For businesses, Windows 10 Pro is recommended. Upgrading to Windows 10 allows businesses to sidestep additional hardware costs — unless their hardware is also out of date.

Buying new PCs is another option for businesses. If your PCs are older than three years, Microsoft recommends upgrading your hardware to avoid any potential compatibility issues.

Even though support for Windows 7 is officially ending in less than a year, there’s one last option for businesses continuing to ignore the inevitable — if they’re willing to pay for it, of course.

Microsoft’s desktop initiative

Microsoft has its own vision for desktop: It’s called “modern desktop.”

“A modern desktop not only offers end users the most productive, most secure computing experience — it also saves IT time and money so you can focus on driving business results,” said Jared Spataro, corporate vice president for Microsoft 365, in a company blog post in September 2018.

The tech giant kicked off its initiative by making servicing and support changes to provide “additional deployment flexibility,” according to Sapataro.

What this means is the following: Not all Windows 7 users will need to upgrade to Windows 10 before EOS; customers willing to pay Microsoft additional fees will receive Extended Security Updates (ESU) through January 2023.

The tech giant is expected to charge customers as much as $200 per Windows 7 PC after ending its extended support for the operating system on January 14, 2020.

While it’s comforting to know Microsoft is willing to work with its Windows 7 customers, especially those unable to upgrade their PCs by early 2020, delaying your upgrade isn’t the best way to go.

The longer you wait to upgrade to Windows 10, the more money your business is going to end up paying in the long run.

Upgrade your PCs from Windows 7 to Windows 10 today to ensure they’re protected from today’s ever-evolving security risks.

Posted in Uncategorized | Leave a comment

22 Texas Towns Hit With Ransomware Attack In ‘New Front’ Of Cyber Assault

Texas is the latest state to be hit with a cyberattack, with state officials confirming this week that computer systems in 22 municipalities have been infiltrated by hackers demanding a ransom. A mayor of one of those cities said the attackers are asking for $2.5 million to unlock the files.

The Federal Bureau of Investigation and state cybersecurity experts are examining the ongoing breach, which began Friday morning and has affected mostly smaller local governments. Officials have not disclosed which specific places are affected.

Investigators have also not yet identified who or what is behind the attack that took the systems offline, but the Texas Department of Information Resources says the evidence so far points to “one single threat actor.”

Elliott Sprehe, a spokesman for the department, said he was “not aware” of any of the cities having paid the undisclosed ransom sought by hackers. He said the areas impacted are predominantly rural. The department initially put the number of cities attacked at 23.

Two cities so far have come forward to say their computer systems were affected. Officials in Borger in the Texas Panhandle, said the attack has affected city business and financial operations. Birth and death certificates are not available online, and the city can’t accept utility payments from any of its 13,25o residents. “Responders have not yet established a time-frame for when full, normal operations will be restored,” city officials said.

Keene, Texas, a city of some 6,100 people outside Fort Worth, was also hit, officials announced. The city’s government is also unable to process utility payments.

Keene Mayor Gary Heinrich told NPR that the hackers broke into the information technology software used by the city and managed by an outsourced company, which he said also supports many of the other municipalities targeted.

“Well, just about everything we do at City Hall is impacted, Heinrich said.

Heinrich said the hackers want a collective ransom of $2.5 million.

“They got into our software provider, the guys who run our IT systems,” Heinrich said. “A lot of folks in Texas use providers to do that, because we don’t have a staff big enough to have IT in house.”

State officials would not comment on the nature of the attack or confirm the ransom amount. But Heinrich said there is no way his city will be coughing up anything for the hackers.

“Stupid people,” he said of the cyber-attackers. “You know, just no sense in this at all.”

Experts say that while government agencies have increasingly been hit by cyberattacks, simultaneously targeting nearly two dozen cities represents a new kind of digital assault.

“What’s unique about this attack and something we hadn’t seen before is how coordinated attack this attack is,” said threat intelligence analyst Allan Liska. “It does present a new front in the ransomware attack,” he said. “It absolutely is the largest coordinated attack we’ve seen.”

Liska’s research firm, Recorded Future, has found that ransomware attacks aimed at state and local government have been on the rise, finding at least 169 examples of hackers breaking into government computer systems since 2013. There have been more than 60 already this year, he said.

In recent months, the data networks of Baltimore, the Georgia courts system and a county in Utah have all been hit by ransomware.

The hacker bait tends to come in the form of a seemingly benign email with links or attachments that, once opened, can infect a system. There are other popular ways of tapping into government networks, Liska said, like through remote desktop systems, which can be vulnerable to hackers.

While the attackers tend to be anonymous and their locations undisclosed, Liska said his research has found that few are based in the U.S. Many, he said, are breaching local government computer systems from operations based in parts of Eastern Europe or Russia.

And sometimes local governments see no other option to restoring their crippled networks than paying a ransom demanded by hackers. In Lake City, Fla., a town of about 12,000 residents, officials paid $460,000 in the form of bitcoin, the preferred payment method among cybercriminals.

“They turned off the servers. They literally went room through room through city hall, unplugging people’s networks cables and turning off all the computers,” Mike Lee, a sergeant with the Lake City Police Department, told NPR in July.

The ransom was paid by insurance, but taxpayers were still on the hook for a $10,000 deductible.

The Recorded Future study found that about 17% of local agencies hit with ransomware viruses paid up, a practice federal law enforcement officials discourage, saying it incentivizes cybercriminals to keep engaging in the activity.

Liska said in cities he has worked with that have been preyed upon by hackers, there are instances in which ponying up for the return of data is the only viable option.

“Sometimes the reality of the situation may call for it,” he said. “If the backups aren’t working or if the bad guys have encrypted your backups, then unfortunately that’s what you’re left with.”

Individuals, businesses and institutions such as hospitals have been targeted by ransomware attacks for years. With the recent attacks on state and city government, local officials are rushing to secure their computer systems, holding new training and backing up their servers, Liska said. But in smaller, cash-strapped localities, there could be challenges to building a security defense.

Tad McGalliard studies local government cybersecurity at the Washington-based city manager group ICMA. He has been pushing for municipalities to find more funding to fight back against hackers.

“Somebody out there on the bad guy front is seeing an opportunity in local governments and we got to make a better job of making sure our employees are as well-trained and as well-equipped as possible,” McGalliard said.

McGalliard said the Texas case should be a wake-up call to cities in remote parts of the country.

“We might have thought this was a big city problem, or at least an affluent city or county problem, but I think what’s clear now is just about any local government is vulnerable,” he said.

In Texas, state authorities have not yet disclosed where exactly the attacks were based or how many computers have been swept up in the breach, meaning it is not yet known what services or data might have been compromised.

“Hitting 23 towns at once was bad, but we don’t know how much damage was done,” Liska said. “One computer in each town versus 100 computers in each town is a big difference.”

Posted in Uncategorized | Leave a comment