Blog

Midmarket organizations simply cannot avoid the potential of a cyber attack. These basic steps can help protect your organization in the face of growing cyber security threats.  

It isn’t just enterprise-level organizations that are being hit by cyber security breaches, and it’s high time for midmarket companies to sit up and take notice. Cyber security is far from simply being a technology problem; instead, it’s a problem that needs to be analyzed by risk management throughout the organization. The reason for the spread of responsibility is because hackers and others attempting to infiltrate your secure network cannot be stopped simply by purchasing newer, better or more software and hardware. The response to creating a more secure organization isn’t a simple one, so many smaller and midmarket organizations simply give up on the level of complexity required and do nothing — which can prove to be an exceptionally expensive decision. The healthcare industry is the most likely to be breached, with companies experiencing over $6.2 billion in losses in 2016 alone. Fortunately, there are some relatively simple steps that non-enterprise organizations can take to provide additional layers of security against cyber attacks.

Plan Ahead

The unfortunate reality is that many organizations are not aware that they’ve experienced a breach until more than six months down the road — far too long to protect individuals from negative impact. Part of the reason for this lack of awareness is due to the lack of a protection plan that looks for markers within a system’s infrastructure that indicate that a breach has occurred. The first step is a deep understanding of where data is stored within your organization, and detailed steps for backup and security of that data. Cybersecurity partners may be able to help you define a structured plan to mitigate the risk within your company, by restricting access to specific types of data, properly training associates and putting adequate processes and technology in place. The first step in building any cybersecurity plan is to fully comprehend the various entry and exit points for your data, and define parameters around how the data is accessed.

Training and Security

The reality is that many cyber attacks are carried out by either malicious insider actions or through employee carelessness that leads to an open incursion point. Perhaps the number one threat to organizations is email and social media — and employees who react to phishing and spear phishing attacks by clicking on a link. Hackers are becoming more savvy, using social engineering to find a plausible target for attack. These emails are sneaky and can often take the form of personalized information that seems very legitimate. With URL masking and other tactics at their disposal, cyber criminals are becoming even more brazen in their attacks against well-meaning employees. Constant training and reiterating the dangers of clicking on links that look “too good to be true”, or that contain unexpected instructions are some of the only ways to guard against this type of incursion. Additionally, it’s important that your technology team regularly review administrative rights that are granted at a global level. While they may seem like a convenience for the worker, having someone with administrative rights on a machine connected to your network can be a tempting option for hackers to take advantage of.

BYOD

A huge challenge in today’s mobile business world is the trend of employees to BYOD — or bring their own device. A non-secure mobile phone with random apps installed by the employee, that has access to your network, is a hack waiting to happen. Technology teams are often focused on serving their employees more effectively and providing them with the conveniences that employees need to work effectively, but there is a fine line there that should be observed. When organizations embrace a zero-trust philosophy, they are much less likely to fall victim to a cyber attack.

Cybersecurity Insurance

Depending on the type of business, it may be important to purchase cybersecurity insurance. Healthcare organizations, legal entities and other midmarket companies who make their living through a wealth of customer knowledge are prime targets for cyber criminals. Unfortunately, the wake of an attack can also involve lawsuits from those affected by the hack and if your organization is not prepared to weather the storm it could be very difficult to stay afloat. Companies who manage hundreds of thousands to millions of records, in particular, should take care to mitigate the risk of civil liability. While the federal government offers some insurance against attacks, regulatory and legislative environments could change at any time.

Stay Current

Breaches are happening on an almost daily basis, but it is next to impossible to keep up with the broad spectrum of threats that are facing midmarketing organizations all the time. While headline-grabbing cyber attacks do not happen exceptionally often, there are always organizations out there looking to make a quick buck on “protections” for your company. It’s increasingly important to find a vendor in Omaha who truly understands your business and how to protect you from rising cyber security threats. Breach detection systems are among some of the more recent entrants to fight cyber attacks, and they include logs of login activity, user authentication, database access and also track system modifications that may be malicious. As the threat grows, so do the tools utilized to fight these threats — and they’re becoming increasingly affordable to midmarket companies.

Do not let the evolving digital challenges threaten your organization. At InfiNet Solutions, our cyber security professionals work closely with your leadership team to define data structures and entry points, create successful training, and document risk management plans to ensure the safety of your organization. In the event of an incursion, our teams leap into action to resolve the situation and get your business back on track — quickly. Contact us today via email to [email protected] or call us at (402) 895--5777.

Incorrectly hardening servers are one of the biggest challenges in cyber security. Watch from the driver’s seat to see what (ethical!) hackers are looking for so you can protect against vulnerabilities.

Security experts on both sides of the house recognize that bringing up a new server improperly can create a wide open door for cybercriminals, but how can you know for sure that you’re closing every nook and cranny and completely hardening your server? Small- to medium-sized organizations are particularly vulnerable, as they may not have the full complement of IT staff required to specialize in cyber security and are likely following a set of directions instead of fully understanding the challenges they’re facing. With the rapid pace of change and the complexity of technology today, it can be difficult to keep up with the myriad options available for your network. InfiNet Solutions agrees, so we’ve put together a first-hand view of how an ethical hacker quickly takes down a business Avaya server in a very short period of time. This cautionary tale may offer you some ideas for keeping your organization’s data such as your customer and employee personal information safe from cybercriminals.

Types of Attacks

There are some standard types of attacks that we see on a regular basis, many of which are perpetrated when an unethical individual gains access to a key internal server:

• DoS: Denial of Service attacks can cause a web server to come to a halt, making your website(s) completely unavailable to users.
• Phishing: Perhaps the most well-known type of attack, phishing occurs when individuals within your organization click on a link or navigate to a website that is fake. Individuals are then tempted to enter personal information or passwords so the hacker can gain entrance to your company.
• Defacement: A scare tactic that is often used towards politicians or large corporations, defacement occurs when a hacker gains access to a web server and replaces the company’s website with a different page that includes a message, music or even the hacker’s name.
• DNS Hijacking: Hijacking your domain name server (DNS) redirects all web traffic from your site to another location on the web.
• Sniffing: Hackers attempt to “sniff out” sensitive information that is being passed internally and externally to your organization through an intercept, in an effort to gain unauthorized server access.

Cybersecurity Risks

Let’s say your organization’s servers have been hacked. What does this really mean in terms of data loss and security? Not only can your organization’s reputation be ruined by a DNS hijacking that sends your customers to a nefarious website, but cybercriminals can also install malicious viruses that can utilize your systems as a replication tool, sending viruses out to all your clients and contacts. Additionally, a true data breach could be incredibly expensive in terms of lost business and even lawsuits against your organization if the personal financial information is breached and then utilized by hackers. However, perhaps the most troubling and damaging effect of an attack is the loss of trust from your customers, which can have a long-term negative impact on your organization.

Let the Hacking Begin

The penetration testing was done against three different Avaya servers, exploiting different vulnerabilities each time. In all three instances, the white-hat security tester was able to gain access to all three servers.

LDAP Scenario

The first activity was to run a Nessus vulnerability scan, which showed that anonymous LDAP queries were a possibility: a hacker’s goldmine of data. Once this was determined, the hacker determined it was an easy step to scan for an Avaya phone tree by using JXplorer and looking for an LDAP tree with root “vsp” with a branch labeled “People”. After that, it was simple enough to scan for the two important entries: “cust” and “admin”. After determining that the passwords within the entries were hashed, it took only a moment to break the encryptions using a software tool called John the Ripper, even with the default settings. Turns out, the passwords were still the default passwords for the system “admin01” and “cust01”. After trying a few different tactics to get a full shell, the hacker eventually was able to utilize a combo of a Meterpreter reverse tcp payload via a Linux binary executable file delivered by msfvenom to essentially backdoor into the system. Next, the hacker was able to gain access to a second box that was tied into the first one, simply by following root SSH keys — which can indicate a way for users to log into the system remotely without a password. An additional find was user passwords on the second server, none of which were difficult for the hacker to guess using easy counter-encryption methods.

Two Down . . .

On the final server on the same subnet, the security expert quickly got a bonus find: easy logins with a full shell using the default “cust” and “admin” passwords. While they did receive a full shell from the system, the passwords and usernames uncovered in the first two servers also worked on the third. However, the shell would not allow access to the root directory and this third server was proving a difficult nut to crack. After utilizing linuxprivchecker.py script to identify any potential locations to run a binary, the hacker uncovered that the majority of locations on the box were covered with noexec commands — effectively halting binaries from executing to protect the server. Eventually, however, the white hat hacker noticed that there was a diag program setuid binary that was only available to a few users within the group, and not the users whose accounts were already compromised.

Getting to the Root

After several circuitous attempts, the security expert managed to gain access to a shall as a secondary user, by running through voice-only setup binaries and leveraging the diag command, which runs as root regardless of where the command is executed. The meterpreter reverse payload was used again in this instance, to gain access to the /msg/database/vm/tmp directory, which eventually led to full root access by the hacker.

There are several vulnerabilities in this scenario that could have been prevented with successfully-hardened servers. If all security patches were in place, no default user passwords and configurations were successfully updated, penetration would have been much more difficult if not impossible. Our cybersecurity experts are standing by in Omaha to help support and protect you from attacks such as this one. Contact InfiNet Solutions today at (402) 895--5777 or via email to [email protected], and we’ll work with you to ensure that hackers will not have such an easy time gaining access to your protected information.

Work/life balance isn’t just about wellness: Here’s how data systems are an integral part of the puzzle.

The work/life balance used to be primarily about wellness benefits – what sort of health perks to offer at work, how to encourage people to take time off, and more. But now that the concept of a work/life balance has become more integrated into company strategies, we’re seeing that a surprisingly important part of the balance is the data systems that you and your company use: IT is an integral part of your wellness strategy! Here are the top ways that new data solutions and applications can impact your current workspace in stress-reducing ways.

1. Setting Personal Goals

Personal goals are surprisingly important for work/life balance and has become a common piece of advice for busy professionals who are looking at ways to reduce their stress and help clear up their schedules. While it may seem odd to write down more goals as a way of relieving stress, it certainly appears to work: Writing new goals, especially at night, allows you to get rid of worries you’ve accumulated throughout the day, and often leads to be better sleep and more confident morning preparations. Of course taking time to write a few goals every night can get tiresome, which is where technology steps in to help. Why not use an app like Microsoft To-Do that makes goal-creation and lists easy while also tying into Outlook and other common business software? List apps and calendars aren’t just there for organization, they also play an important role in stress relief.

2. Locking Away Distractions

A few years ago a new category of apps gained a lot of popularity – apps that blocked distractions from people who really needed to get work done instead of surfing Facebook for the 15^th time or composing the perfect message on Reddit. These anti-distraction apps still have a place, and are now quite versatile, allowing you to add a surprising amount of productive time to your day – and isn’t that what everyone wants? Incorporate smart, selective blocking at work (which most modern companies need to be doing anyway, and not just with the X-rated content), and you can also see productivity rise among your employees. It’s also easy to find more personal, customizable apps for limiting time spent on specific sites based on your own habits.

3. Automating Email Replies to Reduce Stress

Even the simplest email clients available these days offer automation features, from Gmail’s mobile ability to create short automatic responses to categorization options that allow you to apply complex filters based on sender or subject. We highly advise you to take advantage of these tools and make them a common part of the workplace. One of the common work stressors is a long list of unanswered emails: It’s a feeling everyone hates, and it frequently leads to avoiding your inbox or ignoring emails for far too long, both at work and at home. Bringing in some automated tools and voice assistants like Cortana can make a huge difference when dealing with busy email inboxes.

4. Remote Work and Scheduling Options

Remote work and flexible scheduling have been vital parts of work/life strategies, allowing employees to plan their work life around the immovable parts of their personal lives, leading to a lot less worry and a lot more flexible thinking when completing projects. Data systems are one of the most important tools available for making flexible and remote work options available to employees. It just isn’t possible to easily schedule and reschedule or monitor teams no matter where they are working from without modern management software (Microsoft Teams is currently one of the top examples).

5. Digital Spaces for Workplace Fulfillment

It is understandable – and productive – if you block something like Facebook at the workplace. But that doesn’t mean employees cannot benefit from a social space: Indeed, a shared digital space can be very valuable when it comes to quick discussions, feeling like part of the company community, and keeping interested in the latest news and developments. We suggest adopting a company social space like Yammer so that employees understand their connection to the company and adopt better workplace relationships.

6. Reminders for Breaks, Meals, and Healthy Living

Speaking of scheduling and communication systems, it’s also a good idea to update these systems with broad types of company reminders. Those 10-15 minute breaks, lunches, and health benefits work a lot better if you move them from orientation into the workplace itself with a set of wellness alerts to remind employees to, well, take a break. Many of the tools we have already talked about all you to set up these types of alerts.

7. Metrics that Encourage Goal-Oriented Work

What do your current metrics study? If they focus primarily on hours and overtime worked, then you may want to rethink your goals. A number of companies are beginning to move more to a results-focused model that seeks to measure how much work employees are actually accomplishing rather than how much time they are spending at work – time that may or may not be spent working. The rise of the gig economy has helped this trend a lot, and it’s a great way for companies to check on productivity while also ensuring that employees are rewarded for completing goals and have the flexibility they need at work.

8. Automated Management of Benefits

Wellness perks can provide real help to employees – if employees know they exist, and how they work. If it’s been a while since HR has updated benefit systems, then some of the best wellness benefits may be languishing because people don’t really know how they work, how to sign up, or how it will affect their workflow. Data systems can easily automate and provide quick web forms, alerts, and other features for benefits including maternity leave, childcare, time off, yoga classes, and much more. Take advantage of technology!

Of course, your Omaha workplace also has unique work/life balance challenges and goals. To find out more about what services InfiNet Solutions offers and how we can help you, contact us at (402) 895--5777 or [email protected] to discuss our services.

Reports have begun to pour in regarding a new ransomware infection currently wreaking havoc in Russia, Ukraine, France, Spain, and several other countries. This highly sophisticated Russian strain is known as Petya or Petrwrap, and it has been advancing on a scale comparable to the recent WannaCry ransomware infection. However, unlike WannaCry, this strain lacks both the errors WannaCry contained as well as lacking a kill-switch.

A wide range of businesses have reported being hit with this infection, with victims receiving the following message: “If you see this text, then your files are no longer accessible because they are encrypted. Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service.” Sources state that the message appears as red text on a black background, and demands $300 worth of bitcoin in exchange for the decryption key.

While it has not been completely confirmed as of yet, Petya/Petrwrap looks to be taking advantage of the EternalBlue exploit, which was leaked by a group known as The Shadow Brokers. If EternalBlue sounds familiar to you, it should – it’s the same exploit WannaCry took advantage of.

If you haven’t already, you should be taking steps to protect your business against this exploit by installing the MS17-010 security update from Windows (which you can find here) and checking to see that your systems are fully patched. Like WannaCry, Petya/Petrwrap has the ability to compromise systems that are firewall protected. As this is a true worm, if the infection is able to reach a single computer within your network all of your systems and servers are at risk of becoming infected.

Take a moment to remind your staff that they need to be exercising extreme caution at all times when checking their email. If anything even slightly suspicious finds its way into an employee’s inbox, they need to know how to handle the situation and who to alert. All it takes is one mistake for your business to suffer serious damage, and events like this serve as an ugly reminder that a certain level of vigilance is required at all times to keep your business secure.

If you have concerns or want to find out more about what you can do to protect your business in the wake of this latest ransomware attack, please contact InfiNet Solutions right away at [email protected] or (402) 895--5777. Our team is here to help.