Blog

GettyImages 951445196 1

Marriott Data Breach: What You Need To Know

Heads up if you’ve stayed or made reservations at a Marriott or Starwood property over the last decade. A major security issue was just announced and the scope of the problem is actually quite astonishing. Here’s what you need to know about the Marriott International data breach.

Marriott Data Breach

What is the Marriott Data Breach?

On November 30th, Marriott International announced that the private information of up to 500 million guests became compromised. The breach is one of the largest in history and brings up a variety of concerns regarding consumer privacy safety.

They noted that an internal tool recognized a data breach in September, but wasn’t able to confirm the issue was part of the Starwood database until November. Further investigation revealed that the problem has happened since as far back as 2014 and that the exact breadth of the issue isn’t yet known.

Who is Affected by the Marriott Data Breach?

To be blunt, 500 million people is a lot. If you’ve traveled on business in the past or regularly stay at the hotel chain’s properties, your personal data is likely compromised. Additionally, those who merely made reservations but never actually stayed the night are also included in the breach.

According to NBC News, Marriott also reported that for 327 million of those people, the information includes some combination of a name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. Encrypted credit card information is also likely stolen, but the company isn’t yet sure if the thieves were able to reveal account numbers.

An additional report also suggested that employee information might have even been compromised, especially in situations where workers took advantage of employee discounts to stay at hotels around the globe.

What is Marriott Doing After the Data Breach?

While the initial statement from the company was vague, they have taken steps to improve the situation by hiring the public relations firm Kroll. Those concerned about being part of the Marriott data breach may check for more information at a website provided by the hotel chain.

Maryland Attorney General Brian Frosh is opening an investigation into the incident, citing the company headquarters in his state as the reasoning for his inquisition. Additionally, New York planned to look into the incident and other states where the company has properties are likely to follow. There is no word yet on how the breach is being reviewed internationally.

Furthermore, within hours of the news, a class action lawsuit for 12 billion dollars was filed by Ben Meiselas of Geragos & Geragos. The suit is on behalf of two plaintiffs who feel duped by the company not immediately admitting there was a security issue. In other cases in the past are any indication, there’s likely to be a settlement out of court soon.

What Can Other Companies Learn from Marriott’s Data Breach?

At this time, it is hard to tell what other companies can learn from Marriott International’s data breach since news of the incident is still relatively recent. Other companies have faced similar issues in the past, such as Yahoo’s admission earlier this year that the three billion accounts had information hacked and Under Armour’s data breach of 150 million MyFitnessPal user accounts. Those companies were able to provide customers with free credit monitoring to try to earn back trust, but time will still tell on how it affects each firm’s reputation overall. Both have made attempts to increase application cybersecurity.

In short, if you have made a reservation or stayed at a Marriott Hotel or Starwood property in the last few years, it is wise to invest in some version of identity theft monitoring. Also, consider additional discussion and concerns with your lawyer general and by making a claim on Marriott’s data breach website.

Marriott Data Breach: What You Need To Know Read More »

GettyImages 949178482

Threat Advisory: SamSam Ransomware

SamSam Ransomware is becoming a massive problem for multiple industries across the United States. In fact, the problem is so big that The Department of Homeland Security, (DHS), National Cybersecurity and Communications Integration Center, (NCCIC), and the Federal Bureau of Investigation, (FBI), have all recently issued a US-CERT alert due to the SamSam ransomware. Like other types of ransomware, files and networks are infected. In exchange for uninfected the system, hackers want a ransom, that typically costs thousands upon thousands of dollars. Every company that runs a network needs to be aware of SamSam ransomware. Here is what you need to know about this topic.

SamSam Ransomware

What is SamSam Ransomware?

SamSam ransomware is a type of ransomware that is designed to exploit Windows servers to gain access to your network. Once it is in the network, it uses the JexBoss Exploit Kit to access your JBoss applications. This type of ransomware is also able to use Remote Desktop Protocol to access your network. The virus is difficult to detect, due to the path it takes to access your system. Once the virus has made its way inside, hackers are able to get administrators rights, putting their malware on your server and basically hijacking your network. They do not release their hold on their network until you pay them the ransom they are asking.

What Can You Do to Decrease Your Chances of Getting SamSam Ransomware?

It is extremely important that you take the correct precautions to decrease your chances of getting infected with SamSam ransomware.

One of the steps you can take is to enable strong passwords and an account lockout policy. If you have strong passwords and a good lockout policy in place, it makes it much harder for the software to hack into your system and infect it. Enabling multi-factor authentication can also help. Before any new software can be installed, before software can be wiped or before changes can be made to your network, authentication is needed. The more authentication levels you have, the harder it will be for any ransomware to infect your system.

Unfortunately, while you can decrease your chances of getting infected with SamSam ransomware, there is no way to prevent infection altogether. As such, it is essential that you regularly install system and software updates and maintain a great backup system for all of your data and systems. This way, if you do get infected, you have a recent back-up for all of your system and data. You can wipe your current, infected system and start fresh from your backup point, without losing much at all.

How Can You Learn More About SamSam Ransomware?

If you are looking to learn more about SamSam ransomware, including the technical details surrounding it. It is highly recommended that you read through the SamSam Malware Analysis Reports that have been released by the US-CERT. A list of the reports, including links, are included here:

SamSam Ransomware is infecting computer systems and networks in multiple industries all across America. It is important that you learn what this ransomware is and how to protect yourself against it. Taking the right action can help to minimize the chances of your network being held ransom by SamSam ransomware.

Threat Advisory: SamSam Ransomware Read More »

GettyImages 467068210

Happy National App Day: December 11th

Even though the word App is relatively new, it has become popular in everyday terminology as its uses have changed lives in the modern world. Almost all mobile phones are now smartphones, so even those individuals who were apprehensive about using new technology now use apps on a daily basis. That is why we now celebrate National App Day every year on December 11.

National App Day

What is an App?

The word “App” was listed as the word of the year by the American Dialect Society in just 2010, showing just how quickly apps have become a regular part of society. But people already use the word so much they don’t really think of where it comes from. While the term “app” is short for “application,” common usage has changed the meaning.

An app is actually a kind of computer software or a program, and now usually refers to a very small one used on mobile devices like smartphones and tablets. Initially, the term could have meant any mobile or desktop application, but the term has quickly evolved to conform to the way people use it. Now there are thousands of apps, and some individuals and businesses design and run their own apps to make specific tasks easier.

Kinds of Apps and Main Uses

There are three basic kinds of apps, but Web Application Apps are used through a browser and Hybrid Apps have characteristics of both Web Application Apps and Native Apps. Native Apps are the ones used on mobile devices, and they only work on certain devices and have a special source code.

Of course, once someone understands how apps work they can create a new one to perform specific functions. Apps are available on Google Play for Android users, Apple’s App Store, the Windows Phone Store and BlackBerry App World. There are currently millions of apps, and prices range as widely as uses. Some apps are entirely free, while others have a recurring rate.

  • Apps can be used for communication, including encrypted phone calls or video phone.
  • Apps can be used for entertainment, providing movies, books and music.
  • Travel apps provide needed information and tools, helping with everything from transportation to finding the closest restaurant.
  • Many people use apps for games, playing simple games like solitaire or complicated games with players around the world.
  • Many apps provide important tools, helping people organize their homes or perform essential functions at work.

There is no reason to think the proliferation of apps will slow down any time soon, if ever. It only remains to be seen how many people will adopt these handy tools to perform more and more specific jobs. Hopefully, people will be thinking of the endless possibilities as they celebrate National App Day on December 11.

Happy National App Day: December 11th Read More »

GettyImages 506013008

Have You Made Up Your Mind Regarding Your 2019 Technology Plan?

December 31st is Make Up Your Mind Day

As New Year’s Eve approaches, it’s time to remember its other name: Make Up Your Mind Day. As the last day of the business year for most companies, it’s also a vital point for putting your plans for the next year into action. Unfortunately, creating a business technology strategy can be a complicated process for many IT professionals. Which way will your company go in the new year?

Make Up Your Mind Day

December 31 is Make Up Your Mind Day.  So have you made up your mind regarding your 2019 technology plan?

Here are a few ideas to keep in mind as you work on developing your business technology plan for 2019:

Have You Made Up Your Mind Regarding Your 2019 Technology Plan?

  • Look at digitizing: The process of turning your organization from a traditional one to a digital enterprise is a complex process and requires a great deal of thought and investment to pull off well. Companies that lack a solid understanding of the challenges and opportunities are among the reason why 84% of attempts at digitization end in failure. Make sure you prioritize this vital part of your company’s growth for the upcoming year.
  • Consider legacy assets: Will that old server holds out a few more years or is it time to upgrade the aging sales software instead? Though legacy assets can be challenging to incorporate into your existing scheme, it’s much easier than it was just a few years ago given the prevalence of solution-based software. However, there’s a particular point where it’s just more straightforward to say goodbye to these old classics. Fortunately, there are a few easy signs to help you recognize whether that time has come.
  • Contemplate what tech employees use: Should you dictate to employees the technology they should use when at work? Considering the prevalence of mobile devices and the focus on specific brands, the iOS versus Android battle may appear front and center at your workplace very soon. With 38% of employees resenting management dictating what tech they can use on the job, it’s important to consider more comprehensive solutions that allow employees to work more productively.
  • Take a look at the long-term goals: Trying to bring your business into the fourth industrial revolution without long-term goals to guide you would be like Columbus taking off across the Atlantic without an astrolabe. You know you’re following something, but you waste a lot of time and effort trying to get there. Our friends at Hacker Noon have a great article on how to break down large, seemingly impossible goals into shorter goals, allowing you to navigate from one point to another without being lost in an ocean of planning.
  • Consider upgrades: What condition are those old workstations in? What about that series of laptops that you’re continually making repairs to or sending out for warranty work? When you have the budget available, upgrade or replace poor-performing assets in your system to improve your overall uptime and reduce the amount of work that needs to happen to keep things rolling. This gives you more free time for strategizing to get your business ahead.
  • Make it mobile: If you’re not mobile by this point, you’re missing out. There are so many tools available to help you improve productivity, whether it’s connecting social media accounts, communicating with teams, taking remote payments or having music while you’re wrapping up quarterly reports. Adding mobile capability means your entire team can be more productive on the go, whether waiting for the VP for the meeting or dealing with an emergency from around the globe.
  • Contemplate automation: What does your workflow look like? If you still have manual processes that can be automated, you’re wasting money. Whether it’s marketing tasks that can be more easily handled by a bot on Facebook, a tracking system for your warehouse to make your pickers more efficient or any number of other tasks, automation keeps your business rolling smoothly and efficiently while making your operation more flexible.

With digitization breathing hot down the necks of most IT professionals, having a solid technology strategy in place can make the difference between success and failure of the business as a whole. As IT shifts from an ancillary department to the central core of a company, it’s important to make sure that the leadership is in place to strategize this shift and ensure that it can be made successfully without costing the business more than necessary to provide an excellent outcome.

Have You Made Up Your Mind Regarding Your 2019 Technology Plan? Read More »

GettyImages 653518120

FBI Warns Businesses Of Cyber Attack From China

Chinese Hackers

Who Has Been Impacted by Chinese Cyber Attacks?

At the beginning of the year, the FBI warned businesses to protect themselves from cyber attacks by foreign entities, saying activity has spiked in the past 18 months.

Hewlett Packard and IBM are among the businesses most recently targeted. There’s a National Counter-Intelligence and Security Center that manages intelligence efforts for the U.S. government. It recently launched a campaign to address continuing threats. The center warns that many companies need to be more to protect against cyber theft.

Foreign governments accused of cyber attacks against the U.S. include Russia, China, Iran and North Korea, with China receiving the most scrutiny in recent reports.

How Do Hackers Breach Company and Government Security?

According to Entrepreneur magazine, hackers create fake social media accounts to get people to reveal work and personal information. One of the ways to guard against bad actors is to carefully scrutinize social media requests from people that aren’t personal connections and to research apps before using or downloading them, as well as keeping antivirus software up-to-date.

The FBI warning including a brochure entitled, “Know the Risk, Raise Your Shield” that targets federal employees. The recent warnings follow a string of cases against individuals and organizations accused of stealing proprietary information from U.S. government and businesses.

Nine cases filed since July 2018 include two hackers investigators say are linked to the main Chinese spy agency. Knicknamed APT 10, they allegedly stole corporate and government information via cyber attacks on employees.

Has There Been an Uptick in Recent Activity?

The breach of private businesses by Chinese hackers first hit news headlines in 2014, when Sony Pictures was hacked. This prompted an agreement in 2015 between Chinese President Xi Jinping and then President Barrack Obama that curbed cyber attack for a while.

At FireEye, a cybersecurity firm, analysts track hackers working on behalf of the Chinese government. The firm’s representative says attacks are on the uptick recently. These hacking groups are referred to as Red Leaves, cloudhopper, and APT10.

Managed Service providers are among the groups targeted. MSPs supply technology, telecommunications and other services to business clients. If they can break the security systems of such companies, Chinese hackers gain access to the sensitive data of the MSP’s clients.

APT10 has routed malware via an MSP network to its business targets. However, there are many steps businesses can take to protect their employees and data from prying eyes in cyberspace.

What Should Business Do to Raise Their Shields?

U.S. businesses should take proactive measures to safeguard against cyber attacks from Chinese hackers via email, social media and other points of entry.

This includes ensuring that advanced detection tools are utilized on network and email servers to safeguard access to company data. Regular threat assessments and employee training can help. This provides a diagnosis of the state of a firm’s cyber defenses regarding advanced persistent threats that attempt to find breaches in the company’s firewall. Precautions taken against the intrusion of foreign governments include:

  • Fortify access controls. Evaluate the plans, policies, and procedures that govern corporate technology to keep proprietary data safe. This could include that installation of multi-factor authentication (MFA), data encryption and solidifying a layered defense system on all possible points of cyber attacks.
  • Training. Make cybersecurity education and training a top priority. Everyone from the Board of Directors and C-Suite to individual employees needs to understand how to avoid cyber attacks by avoiding fake emails, malware and weak password strategies, among other efforts.
  • Incident response plan. Organization leadership and key technical personnel must develop a protocol for dealing with threats. This should include representatives from business administration, information technology and operations.
  • Crisis communications plan. Align the protection policy to risk management methodologies and the business needs of employees.
  • Adopt a monitoring, detection and response plan. Quickly detect intrusions and breaches via rapid-respond plans to effectively eradicate the malware or other methods of entry.

FBI Warns Businesses Of Cyber Attack From China Read More »

Call Now Button