Data Breach at Norton Healthcare After Ransomware Attack 

ALPHV, Data Backup, Data Breach, Employee Training, Norton Healthcare, partition hard drives, Ransomware, , , , , ,
30
Jan 2024

Healthcare data is some of the most sensitive and confidential data to exist in IT systems, so the ransomware attack at Norton Healthcare is a big deal. 

Based in Kentucky, Norton Healthcare is a provider who delivers health services to adults and children in over 40 clinics. Their objective, as with all healthcare providers, is to improve the lives of their patients. However, a recent data breach has done little to inspire a sense of wellness in their patients. The breach, which occurred in May this year but is only just being reported, was part of a ransomware attack. Norton Healthcare’s network was breached for two days, but there appeared to be no evidence that their medical record system had been accessed. 

Nonetheless, healthcare data should always be secure, and breaches in local networks represent a major cause for concern. 

The Norton Healthcare Attack 

The exact nature of the attack has, at present, not been released. But we do know what the impact of the breach was. After discovering that an attack was taking place, Norton was forced into turning its network off, the last thing a healthcare provider wants to do. As the attack was unfolding, Norton received, in a novel twist, a faxed ransom note featuring threats and demands. Later that month, a ransomware group known as ALPHV claimed responsibility for the attack. 

ALPHV released a statement to the dark web which claimed that they had managed to compromise 4.7TB worth of data from Norton Healthcare’s servers. As proof, ALPHV uploaded numerous files – containing patients’ bank statements and Social Security numbers – to backup their claims. Norton’s official line is that only some network storage devices were breached, and these only contained identifying information rather than any medical data. 

How Can Healthcare Providers Protect Themselves?

With more and more healthcare providers coming under attack from threat actors, it’s important that they understand how to minimize their risk. In fact, these lessons are valuable for any business running an IT network, so it’s time to find out how. So, to stay safe from ransomware attacks, make sure you follow this best guidance: 

  • Regular backups: it’s vital that you perform regular backups of your data to ensure, if it becomes encrypted by ransomware, you still have access to it. Ideally, these backups should be completed daily at the very least, and they should always be saved to secure locations. It’s important to keep copies of your backups offline as well, this will allow you to access your data even if you need to take your network down. 
     
  • Partition your hard drives: to minimize the impact of a breach, it’s a good idea to partition you hard drives and data storage. By separating these from your main network, and from each other, you’re limiting the files and data that malware can access. This minimizes the risk of data loss and allows you to keep important systems online. 
     
  • Employee training: educating your staff about the dangers of social engineering and phishing emails is one of the most important steps you can take. Ransomware, such as the strain encountered by Norton Healthcare, is often spread through emails and your employees need to be able to identify these threats before clicking on them. 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More

Safeguarding Your Business Against Social Engineering 

complex passwords, malware, multi factor authentication, Ophtek, Phishing Email, Ransomware, social engineering, vulnerability, , , , , , ,
05
Dec 2023

One of the biggest threats to your organization’s IT comes in the form of social engineering attacks. Therefore, you need to keep your business protected. 

In the digital age, there are many threats to your IT infrastructure. These can include ransomware, software vulnerabilities and malware. However, perhaps the most dangerous, and easiest to launch, attack involves social engineering. This attack relies on exploiting human psychology to gain a foothold within a targeted network. In many ways, it’s an age-old deception strategy from the physical world, but simply transferred over to the digital world. This article looks deep into the world of social engineering and should provide you with a better understanding of how to safeguard your business. 

What is Social Engineering? 

The main objective of social engineering, for a threat actor, is to convince individuals that divulging sensitive information or performing network actions is the right thing to do. Often, this strategy relies on phishing emails. These are emails which are sent to targets and claim to have been sent from someone they know e.g. a work colleague or a supplier. However, what the threat actor is trying to do here is either extract confidential information – such as login credentials – or encourage the target to click a malicious link. 

Get Your Team to Recognize Social Engineering 

Social engineering attacks will always be targeted at your employees, so this means that you need to invest in educating your employees. While an IT induction represents a good opportunity to warn them of the telltale signs of social engineering, the sheer range of social engineering strategies requires something more intensive. Accordingly, regular training courses which are followed up with refresher courses are highly recommended. Even better, sending randomised ‘spoof’ phishing emails internally can indicate which employees require tailored training. 

Strengthen Your Authentication Processes 

If you want to add an extra layer of defense to your IT infrastructure, strengthening your authentication processes is an excellent way of achieving this. Not only will this thwart social engineering campaigns, but it will also protect you against almost all other security threats. Therefore, make sure you focus on the following: 

  • Integrate password rules which require your employees to create complex passwords e.g. using a mixture of case types, numbers and symbols. 
  • Bring in multi-factor authentication to help protect your employees’ existing login credentials and place a further obstacle in the way of unauthorized access. 
  • Put a time limit on passwords and ensure that they have to be updated within a set time e.g. every two months. 

Secure Your Communication Channels 

Applications such as Microsoft Outlook and Teams have revolutionized the way that businesses communicate, but they also represent a rich source of data. With this in mind, you need to secure these communication channels against the threat of social engineering. Encrypting data flowing in and out of these applications is paramount to protect the type of data that social engineering is hungry for. So, use VPN’s where possible and make sure your employees avoid using their devices on public Wi-Fi. 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More

Where is Cybersecurity Heading in 2023?

Artificial Intelligence, cryptojacking, cybersecurity, malware, Ophtek, Phishing, Ransomware, remote workers, , , , , , ,
08
Aug 2023

We’re already halfway through 2023 and threat actors are showing no signs of slowing up, but just where is cybersecurity heading?

It may feel as though you’re waging a never-ending battle against hackers and, well, that’s exactly what you’re doing. However, the strategies and techniques of threat actors has changed significantly in the last two decades. Back in 2003, for example, ransomware was less prevalent, but now it’s a major player in terms of cyber-attacks. Therefore, it’s always good to keep one step ahead of the hackers and understand where they are likely to go next.

What Will Future Cyber Attacks Look Like?

The future of cybersecurity will be concerned with maintaining defenses against existing threats and tackling new, innovative strategies launched by threat actors. These attacks are expected to be based in the following categories:

Artificial Intelligence: the impact of artificial intelligence (AI) has been huge in the last couple of years, just look at the interest generated by ChatGPT in 2023. However, the power to cause damage with AI is causing just as many headlines. You can, for example, ask AI systems to help generate code to build computer programs. The exact same code which is used to build malware. This means that designing and executing malware could be easier than ever before, and lead to a surge in new attacks.

Remote working: since the pandemic, more and more employees have been working remotely. While this is convenient, and has been shown to enhance productivity, it also increases the risk of falling victim to malware. Although many remote workers connect to their employers through a VPN, they are often accessing this through devices which aren’t secure. Also, as they will not have colleagues directly around them to offer advice, employees will be more vulnerable to, for example, clicking a malicious link.

Phishing: threat actors have been launching phishing attacks for nearly 20 years, and this means that many PC users can easily spot a phishing email. But this doesn’t mean we’re safe. Instead, it’s likely that future attacks will be more sophisticated to be successful. Taking advantage of AI and machine learning, threat actors will be able to craft phishing emails which are both engaging and convincing. This will allow their attacks to be more successful and harvest more stolen data.

Cryptojacking: despite several significant attacks, cryptojacking is yet to hit the mainstream PC user in the same way that ransomware has. Nonetheless, cryptojacking attacks are on the rise. Accordingly, PC users are likely to become more familiar with them in the next few years. Cryptojacking, as the name suggests, involves hijacking a PC and using its computing resources to mine cryptocurrencies. Due to the huge amount of processing power required to mine cryptocurrency, these attacks target entire networks and can grind them to a halt.

Final Thoughts

These four attack strategies may not be troubling you every day, but they could soon become regular headaches. That’s why you need to adopt a proactive approach to cybersecurity. Make sure that you

keep updated on the latest threats, regularly review your security measures, and ensure that your staff are fully trained in cybersecurity best practices.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Qbot is Back and Causing Digital Chaos Once Again 

malware, Ophtek, Qbot, Ransomware, spear phishing, , , ,
06
Jun 2023

It appears that you can’t keep a good piece of malware down as Qbot, first seen over 15 years ago, has reared its ugly head once again. 

Qbot was discovered in the late 2000s and, since then, has gone through numerous developments to keep pace with modern IT systems. Also known as Qakbot, this malware has strong capabilities to cause damage, a scenario which can be attributed to its longevity as a threat vector. Qbot has a habit of suddenly emerging after a period of inactivity and its most recent spike in activity was seen at the end of 2022. With a long history of stealing data and being used to deliver further malware, Qbot is a threat which could easily target your IT infrastructure. 

What Does Qbot Consist Of? 

Historically, and still to this day, Qbot has been used to steal login credentials by logging keystrokes and giving remote access to threat actors. Alongside this, it has also been used to download additional malware – such as ransomware – and hijacking email threads. Now, you may not be familiar with email hijacking, but it’s important you’re aware of what this is. 

Qbot is a sneaky piece of malware, and this is most readily demonstrated by its ability to hijack email threads. This is basically when it jumps into your email threads and messes with the messages. It does this to try and trick you into thinking you’re having a genuine conversation. This technique makes you more likely to click on a malicious link. It’s most effective in a work environment where people are used to communicating frequently via email. Qbot has been deploying this attach method regularly since 2020 and has been highly successful. 

How Much of a Threat is Qbot? 

Given its longevity, it should come as no surprise that Qbot is successful. However, Qbot is, in fact, the most prevalent malware currently active in the digital landscape. Therefore, you’re more likely to be infected by Qbot than any other piece of malware. It’s a serious feather in the cap for the developers behind Qbot’s latest incarnation, but it spells trouble for most PC users. This means it’s crucial that you know how to defend your IT systems. 

Staying Safe From Qbot 

The threat from Qbot is very real, but you can strengthen your IT defenses by employing the following best practices: 

  • Always install updates: make sure you install all updates as soon as they become available. Qbot thrives upon vulnerabilities in software, such as the Follina exploit, so keeping everything updated is an easy way to secure your network. It may feel time consuming for what is a small step, but allowing automatic updates ensures it makes a big difference in the long run.
  • Beware of phishing emails: email hijacking is very similar to spear phishing in that it attempts to trick your employees into clicking malicious links. Accordingly, you should you encourage your team to take their time and double-check emails for things like strange links and unusual writing styles. Even a quick 10-second check of an email will reduce your risk of being compromised. 
  • Backup: Qbot is often used to distribute ransomware and, as we know, ransomware can often rob you of your data. Often, it won’t even return your data if you pay the ransom fee. Therefore, protecting your data with regular and multiple backups is essential. With backups readily available, you will be able to navigate away from the threat actors and simply restore your data. 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More

What is Ransomware as a Service?

Ophtek, Phishing, Ransomware, Security, Suspicious links, Updates, , , , ,
28
Feb 2023

There’s a lot of money to be made in hacking and threat actors are now turning it into a business with Ransomware as a Service (RaaS).

Ransomware, of course, is well known to anyone who steps online in the digital age. With the ability to encrypt your data and demand a ransom fee, it has not only generated headlines, but also caused significant headaches for business owners. And, with ransomware attacks increasing by 41% in 2022, it’s a strategy which is showing no signs of slowing up. Therefore, not only do you need to be aware of ransomware, but you also need to keep up with associated developments such as RaaS.

As RaaS has the potential to create attacks which are both wider ranging and easier than before, it’s crucial you understand how it operates

The Basics of Ransomware as a Service

We’re all aware of what ransomware is, but what is RaaS? After all, surely ransomware is the opposite of a service? Unfortunately, for PC owners, ransomware software and attacks are now available for hire in the form of RaaS. Similar to Software as a Service (Saas) – examples of which include Gmail and Netflix – RaaS allows threat actors to harness the power of hacking tools without having to design them. If, for example, a threat actor doesn’t have the time (or skills) to build a ransomware tool, what do they do? They purchase one.

Typically, RaaS kits are found on the dark web, so don’t expect to find them taking up space on Amazon. Depending on the sophistication of the RaaS, the cost of purchasing them can range between $30 – $5,000. Threat actors looking to purchase RaaS are also presented with several different purchasing options such as one-time fees, subscription tiers or even affiliate models. It’s estimated that over $10 billion exchanges hands each year – mostly in cryptocurrency – for RaaS kits.

Examples of RaaS include Black Basta, LockBit and DarkSide, with more available for those looking to unleash ransomware easily and quickly. These RaaS kits are also much more than just hacking software, they also offer user forums and dedicated support teams to help customers get the most out of their ransomware. Again, this is very similar to the way in which successful SaaS developers provide extra value for their product. However, whereas SaaS is provided by legitimate developers, RaaS tends to be created by criminal gangs with the sole intent of generating illegal funds.

Staying Safe from Ransomware as a Service

The end result of an RaaS attack is the same as a standard ransomware attack, so there’s nothing specific you need to do if an attack comes through RaaS. Instead, you just need to stick to good old fashioned ransomware security practices:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 2 3 6