smb - X-Industry - Red Sky Alliance2024-03-28T09:49:35Zhttps://redskyalliance.org/xindustry/feed/tag/smbAI and Cyber Risks to SMBshttps://redskyalliance.org/xindustry/ai-and-cyber-risks-to-smbs2024-01-09T17:05:00.000Z2024-01-09T17:05:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}12346594062,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}12346594062,RESIZE_400x{{/staticFileLink}}" width="250" alt="12346594062?profile=RESIZE_400x" /></a>Recently, executives from SentinelOne, Protect AI and IBM Consulting provided lawmakers on the cybersecurity and infrastructure protection subcommittee with a laundry list of recommendations to better combat AI threats. Attacks by malicious hackers using artificial intelligence could swamp smaller companies that are already overwhelmed by cybercrime, experts warned lawmakers during a congressional hearing on 26 December 2023.<a href="#_ftn1">[1]</a></p>
<p>Testifying before the House Homeland Security and Governmental Affairs subcommittee on cybersecurity and infrastructure protection, experts from the private sector discussed AI-related threats, including increased efficiency for malicious hackers to develop malware, spread disinformation and elevate the scale of attacks at a time when smaller businesses are constantly being impacted by hacks.</p>
<p>Bringing up the famous and complex Stuxnet virus that took down the Iranian nuclear plant, Alex Stamos, chief trust officer at SentinelOne, said that developing the worm required a substantial amount of resources. With AI, Stamos warned, such operations could become less costly for attackers. “My real fear is that we’re going to have AI-generated malware that won’t need that,” Stamos said. “That if you drop it inside of an air gap network in a critical infrastructure network, it will be able to intelligently figure out, ‘Oh, this bug here, this bug here and take down the power grid even if you have an air gap.'” Stamos also noted that in recent years, criminal cybercrime groups have become “professionalized” with the technical sophistication that one would expect from nation-backed hackers. “The truth is, we’re not doing so hot,” Stamos said. “We’re kinda losing.”</p>
<p>Small and medium businesses, Stamos said, are “not ready to play at that level.” He advocated for moving those smaller players to the cloud so there is less responsibility on individual organizations and more “collective defense.” Stamos said that one key thing that the Cybersecurity Infrastructure and Security Agency can do is get an incident reporting regime up and running. The agency is set to require critical infrastructure owners and operators to notify them of any major cyber incident.</p>
<p>The reporting is intended to fuel a better understanding of the current threat landscape, as there are few requirements currently for companies to report breaches to the federal government. Stamos did note that the Securities and Exchange Commission’s own incident reporting requirements are likely to have a negative impact on cybersecurity efforts due to the “over-legalization” that the ruling will have.</p>
<p>See: <a href="https://redskyalliance.org/xindustry/fbi-guidance-on-delaying-sec-required-data-breach-disclosure">https://redskyalliance.org/xindustry/fbi-guidance-on-delaying-sec-required-data-breach-disclosure</a></p>
<p>Stamos also said that CISA should help break information silos apart, saying that one of the issues in cybersecurity is that firms “don’t talk to each other enough.”</p>
<p>Ian Swanson, the CEO and founder of Protect AI, said in his opening statement that in order to secure AI, there should be a “comprehensive inventory” that lists out the “ingredients” of AI. “Only then do we have visibility and auditability of these systems, and then you can add security,” Swanson said.</p>
<p>Swanson recommended that the US Department of Homeland Security (DHS) create a machine learning bill of materials and invest and protect the open source software ecosystem that AI relies on. He noted that the Biden administration should be talking to all players in the AI space startups as well as Big Tech companies like Open AI.</p>
<p>Debbie Taylor Moore, senior partner and vice president of global cybersecurity at IBM Consulting, noted in her opening statement that CISA should focus on AI education and workforce development, particularly within the critical infrastructure sectors, and share information like vulnerabilities and best practices. “Addressing the risks posed by adversaries is not a new phenomenon,” Moore said. “Using AI to improve security operations is also not new. But both will require focus and what we need today is urgency, accountability and precision in our execution.”</p>
<p><em>This article is presented at no charge for educational and informational purposes only.</em></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: https://www. redskyalliance. org/</li>
<li>Website: https://www. redskyalliance. com/</li>
<li>LinkedIn: https://www. linkedin. com/company/64265941 </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://cyberscoop.com/ai-cyber-risks-small-companies-house-hearing/">https://cyberscoop.com/ai-cyber-risks-small-companies-house-hearing/</a></p></div>BlackMatter Ransomware - CISA bulletin/TLP Whitehttps://redskyalliance.org/xindustry/blackmatter-ransomware-cisa-bulletin-tlp-white2021-10-19T17:21:48.000Z2021-10-19T17:21:48.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}9716263875,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}9725291476,RESIZE_400x{{/staticFileLink}}" width="250" alt="9725291476?profile=RESIZE_400x" /></a>This joint Cybersecurity Advisory was developed by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) to provide information on BlackMatter ransomware. Since July 2021, BlackMatter ransomware has targeted multiple US critical infrastructure entities, including two US Food and Agriculture Sector organizations. This advisory provides information on cyber actor tactics, techniques, and procedures (TTPs) obtained from a sample of BlackMatter ransomware analyzed in a sandbox environment as well from trusted third-party reporting.</p>
<p>Using embedded, previously compromised credentials, BlackMatter leverages the Lightweight Directory Access Protocol (LDAP) and Server Message Block (SMB) protocol to access the Active Directory (AD) to discover all hosts on the network. BlackMatter then remotely encrypts the hosts and shared drives as they are found. Ransomware attacks against critical infrastructure entities could directly affect consumer access to critical infrastructure services; therefore, CISA, the FBI, and NSA urge all organizations, including critical infrastructure organizations, to implement the recommendations listed in the Mitigations section of this joint advisory. These mitigations will help organizations reduce the risk of compromise from BlackMatter ransomware attacks.</p>
<p>Link to full report: <a href="{{#staticFileLink}}9716218093,original{{/staticFileLink}}">Joint-CISA-FBI-NSA_CSA_AA21-291A_BlackMatter_Ransomware.pdf</a></p></div>Secretary “Obvious” Reports: Ransomware Attacks Small Businesseshttps://redskyalliance.org/xindustry/secretary-obvious-reports-ransomware-attacks-small-businesses2021-06-09T14:24:27.000Z2021-06-09T14:24:27.000ZJim McKeehttps://redskyalliance.org/members/JimMcKee<div><p><a href="{{#staticFileLink}}9068051683,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}9068051683,RESIZE_400x{{/staticFileLink}}" width="250" alt="9068051683?profile=RESIZE_400x" /></a>Cyber threat analysts have stated that 50% to 70% of all ransomware attacks in the U.S. are targeting small and medium-sized businesses, costing the victims an estimated total of $350 million in the last year, Secretary of Homeland Security Alejandro Mayorkas said Wednesday in a speech to the U.S. Chamber of Commerce. "The losses from ransomware are staggering. And the pace at which those losses are being realized is equally staggering," Mayorkas said, noting this is why DHS has made battling ransomware a priority.</p>
<p>DHS, through the U.S. Cybersecurity and Infrastructure Security Agency and the Secret Service, offers tools and educational programs that small businesses can access to help them better defend themselves from ransomware attacks - and more resources are on the way, Mayorkas said. "We in the Department of Homeland Security are uniquely situated to assist you and to partner with you in battling ransomware and the threat it poses," Mayorkas said. He pointed out that in the past year, ransomware attacks against smaller businesses have increased 300%.</p>
<p>In March 2021, Mayorkas announced that DHS would conduct a 60-day "sprint" exercise focused on battling ransomware. Then in April 2021, the Justice Department created the Ransomware and Digital Extortion Task Force, which will include DOJ officials and representatives from the FBI and the Executive Office for United States Attorneys.</p>
<p>"We developed a series of sprints in the cybersecurity arena, and ransomware is the first sprint because of two important criteria: Number one, the gravity of the threat. And number two, the threat is not tomorrow's threat, but it is upon us," Mayorkas said in his Wednesday presentation.</p>
<p>Because small businesses are the backbone of the U.S. economy, they are a prime target for ransomware gangs, the DHS secretary noted. He told the Chamber of Commerce audience: "We stand at the ready to provide education, to provide vital information to assist you in navigating through what you perceive to be a threat, to assist you in perhaps building the defenses."</p>
<p>Mayorkas stressed: "It is important that every small business understands that this should be a priority. The term 'existential' was used in describing the threat, and it very well can be an existential threat to one's business."</p>
<p>With many organizations in sectors typically favored by ransomware operators (for example, healthcare, local government or education) vastly increasing their use of and reliance on remote IT services, victims may be more inclined to pay to restore services than under 'normal' conditions.</p>
<p>Jim McKee, CEO of Red Sky Alliance stated in a recent panel discussion that it is the responsibility of all business owners to train and protect their organizations against ransomware attacks. “No government can protect you from these attacks, all employees need cyber threat training that includes periodic phishing tests. Phishing is the primary delivery method for placing malware.” </p>
<p>Red Sky Alliance strongly recommends ongoing monitoring from both internal and external perspectives. Internal monitoring is common practice and very important, however, external threats are often overlooked and can represent an early warning of impending attacks. Red Sky Alliance can provide both internal monitoring in tandem with RedXray notifications on external threats to include, botnet activity, public data breaches, phishing, fraud, and general targeting. </p>
<p><strong>Red Sky Alliance is in New Boston, NH USA. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please contact the lab directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a>.</strong></p>
<p><strong>Interested in a RedXray subscription to see what we can do for you? Sign up here: <a href="https://www.wapacklabs.com/RedXray">https://www.wapacklabs.com/RedXray</a> </strong></p>
<ul>
<li><strong>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></strong></li>
<li><strong>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></strong></li>
<li><strong>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></strong></li>
</ul>
<p> </p></div>SMBs Need to Be Cyber-Aware More Than Everhttps://redskyalliance.org/xindustry/smbs-need-to-be-cyber-aware-more-than-ever2021-05-26T20:25:37.000Z2021-05-26T20:25:37.000ZJim McKeehttps://redskyalliance.org/members/JimMcKee<div><p><a href="{{#staticFileLink}}8989395698,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}8989395698,RESIZE_400x{{/staticFileLink}}" width="250" alt="8989395698?profile=RESIZE_400x" /></a>Cybersecurity threats are more prevalent than ever. As of 2020, 67% of small businesses (those with less than 1,000 employees) were targeted. More than half of all small businesses have been breached. As a small business owner, you have to be aware of the dangers lurking on the web.</p>
<p>Red Sky Alliance offers a suite of Intelligence Services that revolve around cyber threat analysis. Today’s post is aimed at small business owners that need a quick primer on the threats streaming into their organization.</p>
<p><strong>What is Malware? </strong>According to McAfee, malware is a blanket term for software created by cybercriminals. Typically, the malware steals data or causes other damage that’s difficult for small businesses to recover from. Sometimes, malware is intended to extort money, and data or systems are locked until a ransom is paid. Called ransomware, this can limit a business owner's access to their files. Unfortunately, criminals do not always release systems after payment.</p>
<p><strong>Cyber Strategies </strong>For small business owners, having a cybersecurity plan in place is not an option. At a minimum, business owners should work with a disaster recovery firm to have a pre-emptive action plan that can be quickly deployed if a breach happens. A disaster recovery plan should be crafted so that it’s managed through one interface and has multiple layers of protection. Ideally, it performs regular tests and makes timely adjustments in case weaknesses are found.</p>
<p>While having a recovery plan is crucial, so too is taking measures to reduce the chances of an attack in the first place. For this, it takes understanding the types of threats out there. Security Boulevard lists cloud-based threats, endpoint security, and social media attacks among some of the most common issues facing SMBs today:</p>
<ul>
<li>Cloud-based threats. Millions of Americans were suddenly thrust into a remote work situation at the beginning of the pandemic. This has complicated cybersecurity issues for companies across the board. As a small business owner, you must get ahead of these threats by utilizing only trusted cloud-based platforms. Plan to spend money on your cloud services. While there is nothing wrong with free cloud storage or software, if you aren’t paying for it, chances are good that it’s not as secure as you would like.</li>
<li>Endpoint security. Similar to cloud-based threats, remote worker — endpoint — security has become a hot topic since 2020. Talk to remote workers about ways they can mitigate risk. One thing you can do is to issue computers that are dedicated specifically to work. They should have antivirus software and other security features pre-installed.</li>
<li>Social media attacks. Social media is a part of society. Unfortunately, we tend to overshare and blindly trust information found in our feeds. Employees should never use social media from their work computers. Further, employees should be trained on how to create stronger passwords so that they do not inadvertently open themselves up for breach by playing a seemingly innocent social game.</li>
</ul>
<p>Something else to look out for is phishing emails and text messages. A phishing scam is designed to look like it comes from a trusted person, such as an employer, friend, your bank, or, commonly, Amazon or PayPal. Talk to your employees about when it’s okay to open attachments or click on links. A good way to determine who, exactly, an email is coming from is to hover over the sender. Most phishing emails come from unknown email addresses, which might show up as a known sender until you look more closely.</p>
<p>To protect yourself from cybersecurity threats, common sense is key. When you own a small business, this starts by partnering with a company that can get you out of hot water if you need it. Next, talk to your employees about ways they can help reduce threats. And, most importantly, remember that the digital climate changes often. Stay up to date so that you know how to watch for new scams as they arise.</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization and has been helping companies since 2013 with proactive approaches to cybersecurity. For questions, comments, or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com</p>
<p><strong>Weekly Cyber Intelligence Briefings</strong>:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></li>
</ul>
<p><strong><br /> Weekly Cyber Intelligence Briefings</strong>:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/3702558539639477516">https://attendee.gotowebinar.com/register/3702558539639477516</a></p>
<p> </p></div>Verizon Mobile Security Index -MSI- 2021https://redskyalliance.org/xindustry/verizon-mobile-security-index-msi-20212021-04-14T17:33:05.000Z2021-04-14T17:33:05.000ZJim McKeehttps://redskyalliance.org/members/JimMcKee<div><p><a href="{{#staticFileLink}}8793749096,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}8793749096,RESIZE_400x{{/staticFileLink}}" width="250" alt="8793749096?profile=RESIZE_400x" /></a>The COVID-19 pandemic is now a year old and has forced businesses to quickly support remote working practices, often without proper security measures in place. The Verizon Business Mobile Security Index (MSI) 2021 reveals that many businesses may have left themselves vulnerable and open to cybercriminals in the rush to ensure their workforce could operate remotely. Forty-nine (49) percent of businesses surveyed in the latest edition of Verizon's MSI stressed that changes made to remote working practices during lockdown adversely affected their company’s cybersecurity.</p>
<p>Interestingly, even though 40% of businesses surveyed recognized that mobile devices are their company’s biggest IT security threat, 45% of them knowingly sacrificed the security of mobile devices to “get the job done” (e.g., meet a deadline or productivity targets) and nearly a quarter (24 percent) sacrificed the security of mobile devices to facilitate their response to restrictions put in place due to the pandemic.</p>
<p>“The pandemic caused a global shift in the way organizations to operate, many of which ramped up their digital transformation agendas and working models to meet the fast-changing needs of both employees and customers,” said the Chief Revenue Officer, Verizon Business. “While businesses focused their efforts elsewhere, cybercriminals saw a wealth of new opportunities to strike. With the rise of the remote workforce and the spike in mobile device usage, the threat landscape changed, which for organizations, means there is a greater need to hone in on mobile security to protect themselves and those they serve.”</p>
<p>The effect of the pandemic on the workforce is going to have a lasting impact. According to the report, a large majority (70 percent) of those that had seen remote working grow following the introduction of pandemic restrictions expected it to fall again afterward. However, 78 percent said that it would still remain higher than before lockdown. Overall, our respondents said that they expected the number of remote workers to settle at around half (49 percent).</p>
<p>Small and Medium-Sized Businesses (SMB) are also under threat !!! Over half of those surveyed (52 percent) said that small and medium-sized businesses are more of a target than larger enterprises but even though this is the case, 59% of SMBs sacrificed security with 22% suffering a mobile compromise. Seventy-eight (78) percent stated that they should take mobile-device security more seriously.</p>
<p>Security should always be front and center; ALWAYS. Of those surveyed, 72% of organizations are worried about device abuse or misuse. Part of the problem is that many companies struggle to develop an effective Acceptable Use Policy (AUP), 57% did not have one at all.</p>
<p>The MSI report details people and behaviors, apps, devices and things and networks, and the cloud as the four sectors of the mobile threat landscape. Additionally, it provides expert insights into how to help safeguard against pending cybercrime attacks, such as establishing a “zero-trust network access (ZTNA)” model and a secure access service edge (SASE) architecture, which is designed for a mobile-first and cloud-first world.</p>
<p>About the Verizon Mobile Security Index 2021 - The Verizon Mobile Security Index 2021 findings are based on an independent survey of 856 businesses across Australia, the US, and the UK. Verizon surveyed professionals that are responsible for the buying, managing, and security of mobile and Internet of Things (IoT) devices for their companies. It provides unique insights into the current mobile threat landscape and what organizations are, or in many cases are not, doing to protect their data and key systems. In addition to analysis from Verizon’s experts, the report includes insights and real-world data from leading security and management companies Asavie, Blackberry Cylance, Check Point, IBM, Ivanti, Lookout, NetMotion, Netskope, Proofpoint, Qualcomm, Thales, VMware, and Wandera.</p>
<p>Red Sky Alliance has been analyzing and documenting these types of cyber threats for 9 years and maintains a resource library of malware and cyber actor reports available at <a href="https://redskyalliance.org">https://redskyalliance.org</a> at no charge. Many past tactics are often dusted off and reused in current malicious campaigns. Red Sky Alliance can provide actionable cyber intelligence and weekly blacklists to help protect your network. </p>
<p style="text-align:left;">Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com</p>
<p><strong>Weekly Cyber Intelligence Briefings</strong>:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></li>
</ul>
<p><strong>Weekly Cyber Intelligence Briefings</strong>:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/3702558539639477516">https://attendee.gotowebinar.com/register/3702558539639477516</a></p></div>Small, Medium Business's (SMBs) are in The Center Ring of Hacker Targetinghttps://redskyalliance.org/xindustry/TR-20-259-0012020-09-16T21:13:26.000Z2020-09-16T21:13:26.000ZJim McKeehttps://redskyalliance.org/members/JimMcKee<div><p><a href="{{#staticFileLink}}7934495870,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}7934495870,RESIZE_400x{{/staticFileLink}}" alt="7934495870?profile=RESIZE_400x" width="219" /></a>Cyberattacks on Small to Medium-sized businesses (SMBs) are continuing at a relentless pace for 2020, with most data breaches coming from outside the organization. Cyber-attacks are up and average 75% since the Corona pandemic. Cybersecurity analysts believe hackers are specifically targeting these smaller firms because they know SMBs lack adequate resources and enterprise-grade security tools, making them easier prey than larger businesses.</p>
<p>A new report from Cisco counters this misconception. SMBs have made significant strides enhancing their security protocols and are closing the gap with their bigger counterparts. Cisco notes 87% of SMB business owners rank security a top priority, and more than 99% have a dedicated resource focusing on security.</p>
<p>SMBs are also becoming more diligent about defining metrics to assess their security effectiveness and implementing security controls and tools at rates like large enterprises. The development of security solutions developed specifically for SMBs is supporting this trend. Security technical services providers, such as Red Sky Alliance, are now offering affordable services that cover multiple attack vectors, making it easier and more cost-effective for SMBs to improve their defenses. And keep the attackers out of their networks before they can breach them.</p>
<p>The increased focus on security and better implementation of cybersecurity solutions among SMBs are certainly positive developments. With enterprise-level protection now available to literally any size organization, the threat can be dramatically minimized for any size organization. Even with improved technology to reduce threats, the human factor is still a significant concern; one single misstep by an employee can cause a breach that leads to a major security incident. To achieve a truly effective security posture, SMBs must put systems in place to minimize human error that can turn a mistake into a security disaster.</p>
<p><strong>The Psychology of Human Error</strong></p>
<p>The truth is: humans make mistakes. Added to the normal daily stress, we have a pandemic in full force. A recent study found that 88 percent of data breaches can be linked to human error. That does not necessarily mean that humans are the only "weak link" in your organization's security, but it is important to understand how and why they make these all-too-human errors. As the study notes, employees have psychological reactions to stimuli and judgment that make them likely to commit errors and be susceptible to manipulation.</p>
<p>Hackers use social engineering attacks like phishing to take advantage of these human tendencies, cleverly manipulating users into giving up sensitive information or downloading and running malware onto their work devices. Even lower-skilled hackers carefully disguise these phishing emails to circumvent security measures like spam filters, with requests for sensitive data or access often appearing to come from a trusted colleague. Because we have little resistance to following our colleagues' requests, it is possible for a normally security-savvy team member to click on a malicious link or send sensitive information that has been requested by a higher-level employee as required ASAP. Covid-19 has been the subject line of many phishing emails this year.</p>
<p>Any seemingly innocent clicks can make ransomware a growing threat; take the recent cyberattack that successfully disrupted Garmin Connect, flyGarmin, and Garmin Pilot, resulting in days-long outages. Garmin reportedly paid the multimillion-dollar ransom to restore functionality across their network of users.</p>
<p>Massive attacks like these are the ones that get media mileage, yet SMBs are not immune. Almost half (46 percent) of SMBs have been targeted by ransomware, and nearly three out of four victims have paid a ransom to restore control of their systems.</p>
<p><strong>Addressing the Issue</strong></p>
<p>There is a critical need to adopt technical solutions that protect vulnerable areas where humans interact with possible risks. For example, installing security solutions on each workstation, especially with so much of the world's business being done remotely can protect against attacks that could occur over the course of a typical workday. Services such as Red Sky Alliance’s RedXray cyber threat notification service can alert these attacks on employees’ computers working from home. A big step for the future of telecommuting and employees who are not interested in returning to an in-office environment.</p>
<p>The human element must be considered when assessing any security strategy. Staff education and training are crucial. Team members must know how to use the organization's technical resources securely and properly. At the same time, cyber threat managers must be able to recognize social engineering attacks or dubious networks and devices. Frequent real-time training and phishing testing can help develop this security-first mindset. No one wants to be caught doing something stupid by the “Phishing Police.”</p>
<p>SMBs can now access enterprise-strength security solutions at price points that are affordable, they can also take advantage of security apps and services that minimize human input into certain tasks. Credit card acceptance and processing of payments can be accomplished with no human intervention. An inexpensive credit card solution is to use a trusted third-party payment processor that allows customers to securely pay for orders and invoices without requiring human staff to access and handle customer financial data.</p>
<p><strong>Committing to Improvement</strong></p>
<p>Cyberattacks are part of today's business landscape; it is a threat as real as fire, theft, or any other possible loss. Regardless of their size, businesses are more focused than ever on making cybersecurity a priority for their organizations. This improvement in mindset, especially among SMBs is important. The availability of affordable tech solutions should enable more SMBs to secure their infrastructure.</p>
<p>Beyond these initial measures, SMBs must be more vigilant about managing the human element of security. Simple human error continues to present a very real risk. Training, automation, and using solutions that cover previous security blind spots will help develop that critical security-first mindset.</p>
<p>Red Sky Alliance has been analyzing and documenting cyber threats for 9 years and maintains a resource library of malware and cyber actor reports. </p>
<p>The installation, updating, and monitoring of firewalls, cybersecurity and proper employee training are keys to blocking attacks. Please feel free to contact our analyst team for research assistance and Cyber Threat Analysis on your organization.</p>
<p><strong>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com. </strong></p>
<p><strong>Red Sky Alliance can help protect with attacks such as these. We provide both internal monitoring in tandem with RedXray notifications on ‘external’ threats to include, botnet activity, public data breaches, phishing, fraud, and general targeting.</strong></p>
<p><strong>Red Sky Alliance is in New Boston, NH USA. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please contact the lab directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a></strong></p>
<ul>
<li><strong>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></strong></li>
<li><strong>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></strong></li>
<li><strong>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></strong></li>
</ul></div>Hackers Still Target the SMB Markethttps://redskyalliance.org/xindustry/hackers-still-target-the-smb-market2020-07-30T18:25:19.000Z2020-07-30T18:25:19.000ZJim McKeehttps://redskyalliance.org/members/JimMcKee<div><p><a href="{{#staticFileLink}}7160138080,RESIZE_1200x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}7160138080,RESIZE_400x{{/staticFileLink}}" width="250" alt="7160138080?profile=RESIZE_400x" /></a>Researchers say it is estimated that more than 70 percent of cyberattacks target hit small businesses, many resulting in the demise of the business.</p>
<p>Small and midsize businesses (SMBs) are often easy targets for hackers. A smaller company, with a limited cyber threat defense budget, is less likely it to use multi-layered defenses that block hackers in today’s cyber environment. SMBs often think they are protected with one layer of security, such as a firewall, anti-virus, or a simple backup. In all honesty, there is no single solution for 100% protection. The key to a robust cyber resilience strategy is to layer all these solutions to protect a company from multiple threat vectors and multiple points of vulnerability.</p>
<p>Another area where businesses tend to fall short is security awareness training. The single greatest cybersecurity weakness is the user. Many employees do not know how to identify suspicious activity like phishing links or scams. This is because they do not know what to look for or what could be suspicious activity. As cyber actors have become more successful, some hackers specialize in breaching specific business types or industries, refining their expertise with each new attack.</p>
<p>All businesses are targets for cyber actors. Some industries are targeted more frequently than others. Finance and healthcare are especially attractive targets because of the value and sensitive nature of the data they store. The types of businesses that hackers are increasingly targeting include:</p>
<p><strong>Managed Service Providers</strong>: MSPs house valuable data for multiple customers across many industries, which makes them desirable targets. Hackers use a technique known as “island hopping,” in which they jump from one business to another via stolen login credentials. MSPs and their SMB customers are <u>both</u> potential targets of these attacks.</p>
<p><strong>Healthcare organizations</strong>: Hospitals, physical therapy offices, pediatricians, chiropractors, and other healthcare practices are easy targets for cybercrime because they can have such chaotic day-to-day operations, and often lack solid security practices. Medical data and research is extremely valuable and thus why the US is protected by the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Criminal hackers do not care about laws; they are hackers. Patient records alone can sell for up to $1,000 or more on the dark web.</p>
<p><strong>Government agencies</strong>: There are many reasons that cybercriminals, particularly state-sponsored terrorists, might target local and national governments. Small governments and local agencies generate terra bytes of sensitive information, while large governments can be victims of nationwide disruption, either for financial gain or sheer destruction. Regardless of size, local, state and federal systems are many times connected via procurement and grant sharing fund networks. Small city governments nearly always must pay ransomware demands if their city services are in jeopardy and lives could be at risk.</p>
<p><strong>Financial Institutions</strong>: Banks, credit unions, and other financial institutions have long been targets for hackers due to a wealth of data AND money. In 2018, over 25 percent of all malware attacks targeted banks more than any other industry. Recently, automation has further enabled cybercriminals to run advanced attacks on financial institutions. Remember the quote from the infamous bank robber Willie Sutton when asked why he robbed banks? He said, “I rob banks because that is where the money is.” The same holds true for criminal hackers.</p>
<p><strong>Celebrities, Politicians, and High-profile Brands</strong>: Hackers, who are usually politically, economically, or socially motivated - like to seek out politicians, celebrities, and other prominent organizations as targets. They may even attempt to embarrass public figures or businesses by stealing and disseminating sensitive, proprietary, or classified data to cause public disruption or for private financial gain via blackmail.</p>
<p>If you have something hackers want, you are a target. No one is immune. Business data, bank account information, credit card numbers, and anything that could be considered personal, private or financial is especially valuable. Hackers are intent on leveraging anything for a profit. Protecting business data can be straightforward.</p>
<p>Here are a few tips that can help prevent a hacker from holding your data hostage:</p>
<p><u>Think like a hacker</u>. Cybersecurity awareness training with phishing simulations is a vital component of an effective protection strategy. In fact, a recent report from Webroot showed that user training at frequent intervals 11 or more courses over a four to six-month period reduced clicks on phishing links by 65 percent. Understanding hacker practices and motivations can help employees identify potential threats and thwart attacks.</p>
<p><u>Institute Consistent Policies</u>: With the proliferation of free online storage and file sync services, it is not unusual for an employee to store sensitive business files unencrypted in the Cloud. This is very risky for businesses because there is no way to verify the security of these free services. In addition, the passwords employees use to access these services are often far less secure than official company password policies. This makes online storage services easy targets for hackers. It is important for businesses to always maintain control over where critical business data is kept. The only way to do this is to have consistent policies for storing company data in a manner that does not expose sensitive information to unnecessary risks.</p>
<p>Prevention, recovery, and resilience: Being resilient in the face of cybercrime does not just mean having powerful, automated endpoint threat detection in place. It also means having the ability to recover if an attack circumvents your perimeter security. It is very important to develop and maintain a strong disaster recovery strategy (Continuity of Operations, or COOP) in place so you know you can keep systems online when there is a disruption to your business and services. The best defense is preparation. This means preventing attacks and planning your recovery proactively, so you can be ready to resume operations immediately at the first sign of trouble.</p>
<p>Hackers are always adapting their methods to catch victims when they least expect it. Therefore, it is necessary to use a multi-layered approach to protecting your networks. This includes advanced threat intelligence at the perimeter in the form of antivirus, security awareness training at regular intervals to strengthen your weakest link (employee users), and Cloud backup to ensure you always have access to the data that fuels your business.</p>
<p>Red Sky Alliance has been analyzing and documenting cyber threats for 8 years and maintains a resource library of malware and cyber actor reports. </p>
<p>The installation, updating, and monitoring of firewalls, cybersecurity and proper employee training are keys to blocking attacks. Please feel free to contact our Red Sky Alliance analysis team for research and cyber assistance, or for a demo on our RedXray and our Cyber Threat Analysis Center tools.</p>
<p>What can you do to better protect your organization today?</p>
<ul>
<li>All data in transmission and at rest should be encrypted.</li>
<li>Proper data back-up and off-site storage policies should be adopted and followed.</li>
<li>Join and become active in your local Infragard chapter, there is no charge for membership. infragard.org</li>
<li>Update disaster recovery plans and emergency procedures with cyber threat recovery procedures. And test them.</li>
<li>Institute cyber threat and phishing training for all employees, with testing and updating.</li>
<li>Recommend/require cybersecurity software, services, and devices to be used by all at home working employees and consultants.</li>
<li>Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.</li>
<li>Ensure that all software updates and patches are installed immediately.</li>
<li>Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on nine (9) cyber threat categories including Keyloggers, with having to connect to your network. Ransomware protection is included at no charge for RedXray customers.</li>
<li>Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.</li>
</ul>
<p><strong>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com.</strong></p>
<p><strong>Interested in a RedXray demonstration or subscription to see what we can do for you? Sign up here: <a href="https://www.wapacklabs.com/redxray">https://www.wapacklabs.com/redxray</a> </strong> </p></div>Why Hackers Target Small and Midsize Businesseshttps://redskyalliance.org/xindustry/why-hackers-target-small-and-midsize-businesses2020-05-30T16:36:16.000Z2020-05-30T16:36:16.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}5477493874,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}5477493874,RESIZE_400x{{/staticFileLink}}" width="250" alt="5477493874?profile=RESIZE_400x" /></a>By Mac McKee – Red Sky Alliance<span style="font-size:8pt;"> (photo by protonmail)</span></p>
<p>There is a common misconception among small and midsize businesses (SMBs) that hackers target only large organizations. Unfortunately, this belief is completely inaccurate. According to the most recent Verizon Data Breach Investigations Report, more than 70 percent of cyberattacks target small businesses. Additionally, many attacks are now shifting to target managed service providers (MSPs), specifically because breaching an MSP can give hackers access to its entire SMB customer base.</p>
<p><strong>Why Are Hackers Targeting SMBs?</strong></p>
<p>Hackers target SMBs because it is easy money. First, the smaller the business is, the less likely it is to have adequate cyber defenses. Moreover, even larger SMBs typically do not have the budgets or resources for dedicated security teams or intrusion prevention. On top of that, smaller businesses often lack measures like strong security policies and cybersecurity education programs for end users, so common vulnerabilities like poorly trained users, weak passwords, lax email security and out-of-date applications make SMBs prime targets.</p>
<p><strong>Which Business Types Are in the Crosshairs?</strong></p>
<p>Realistically speaking, most businesses face similar amounts of risk. However, hackers target some industries more often, such as finance or healthcare. Here are some of the business types that are currently topping hacking hit lists.</p>
<ul>
<li><strong>Managed service providers: </strong>MSPs hold a great deal of valuable data for multiple customers across industries, which makes them desirable targets. Hackers use a technique known as “island hopping,” in which they jump from one business to another via stolen login credentials. MSPs and their SMB customers are both potential targets of these attacks.</li>
<li><strong>Healthcare organizations: </strong>Hospitals, physical therapy offices, pediatricians, chiropractors, and other healthcare practices are easy targets for cybercrime because they can have such chaotic day-to-day operations and often lack solid security practices. In addition, medical data and research can extremely valuable. Patient records alone can sell for thousands of dollars or more on the dark web.</li>
<li><strong>Government agencies: </strong>There are many reasons that cybercriminals, particularly nation-state terrorists, might target local, state or national governments. In particular, small governments and local agencies generate troves of sensitive information, while large governments can be victims of nationwide disruption, either for financial gain or sheer destruction.</li>
<li><strong>Financial institutions: </strong>You probably are not surprised by this list item. Banks, credit unions and other financial institutions have long been targets for hackers due to a wealth of data and money. In 2018, over 25% of malware attacks targeted banks - more than any other industry.</li>
<li><strong>Celebrities, politicians, and high-profile brands: </strong>Hacktivists–who are usually politically, economically, or socially motivated, like to seek out politicians, celebrities, and other prominent organizations as targets. They may even attempt to embarrass public figures or businesses by stealing and disseminating sensitive, proprietary, or classified data to cause public disruption, or for private financial gain via blackmail.</li>
</ul>
<p><strong>What Are Your Next Steps?</strong></p>
<p>The only real requirement for becoming a hacking target is having something that hackers want, which means all businesses are at risk. Luckily, a few relatively straightforward tips can go a long way in keeping your business secure.</p>
<ul>
<li>All data in transmission and at rest should be encrypted.</li>
<li>Proper data back-up and off-site storage policies should be adopted and followed.</li>
<li>Update disaster recovery plans and emergency procedures with cyber threat recovery procedures.</li>
<li>Institute cyber threat and phishing training for all employees, with testing and updating.</li>
<li>Recommend/require cyber security software, services and devices to be used by all at home working employees and consultants.</li>
<li>Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.</li>
<li>Ensure that all software updates and patches are installed immediately.</li>
<li>Check your insurance coverage for cyber breach and ransomware protection.</li>
</ul>
<p><strong>Lock down your business first</strong></p>
<p>The right security layers can protect you from threats on all sides. There are plenty of guides available online in the form of articles, videos, webinars, etc. that are designed to help businesses stay safe from cybercrime. Additionally, services from Red Sky Alliance, bundled with Cysurance’s cyber insurance coverage can effectively mitigate threats altogether.</p>
<p>Red Sky Alliance strongly recommends ongoing monitoring from both internal and external perspectives. Internal monitoring is common practice. However, external threats are often overlooked and can represent an early warning of impending attacks. Red Sky Alliance can provide both internal monitoring in tandem with RedXray notifications on external threats to include, botnet activity, public data breaches, phishing, fraud, and general targeting. Red Sky Alliance is in New Boston, NH USA. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a></p>
<p><strong>Reporting: </strong><a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></p>
<p><strong>Website: </strong><a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></p>
<p><strong>LinkedIn: </strong><a href="https://www.linkedin.com/company/wapacklabs/">https://www.linkedin.com/company/wapacklabs/</a></p>
<p><strong>Twitter: </strong><a href="https://twitter.com/wapacklabs?lang=en">https://twitter.com/wapacklabs?lang=en</a></p>
<p> </p></div>Cyber Security Protection for SMB’shttps://redskyalliance.org/xindustry/cyber-security-protection-for-smb-s2020-01-27T22:55:33.000Z2020-01-27T22:55:33.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}3836726219,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}3836726219,RESIZE_710x{{/staticFileLink}}" width="273" alt="3836726219?profile=RESIZE_710x" /></a>Does your company have $50 million to spare? That is how much a ransomware attack cost <a href="https://www.bbc.com/news/business-48661152">Norsk Hydro</a> in the first quarter of 2019. A total of 22,000 computers had their files forcibly <a href="https://digitalguardian.com/blog/what-data-encryption">encrypted</a> across 40 countries in which the aluminum producer operates. Employees were using typewriters and manual production lines where possible to operate the business. Norsk Hydro did not pay the hackers’ ransom and was completely honest about what happened. Its approach was praised by both law enforcement and IT security experts since it did not end up funding future hacking attempts.</p>
<p>Unfortunately, companies are more likely to go pay the ransom anyway and hope that the payment will in fact unlock their files. The reasons are various, ranging from improper (or no) backup infrastructure to needing to keep business afloat in more sensitive sectors, such as healthcare and government operations.</p>
<p>There are <a href="https://blog.emsisoft.com/en/33686/to-pay-or-not-to-pay-ransomware-a-cost-benefit-analysis-of-paying-the-ransom/">some cases</a> where paying the ransom would minimize damages and allow the company to continue operations. In those cases, the decision to pay the ransom should come after all other options are exhausted. But why end up in those situations in the first place? An effective cybersecurity plan that informs you of the cyber risks facing your organization is required for 2020. Why depend on Open Source Intelligence that may not even apply to your firm, industry segment or even country? Ransomware attacks on such a massive scale seem to happen at least once a month and are reported in the national media. The City of Baltimore was attacked in May 2019 and a similar<a href="https://medium.com/cyber-journal/the-city-of-greenville-in-south-carolina-hit-with-ransomware-attack-206c53caace4"> incident</a> was reported in Greenville, North Carolina the previous month. Why were these cities not investigating the cyber threats that were facing them every day, not every other city in the USA?</p>
<p>Massive attacks aside, cybercriminals tend to <a href="https://healthitsecurity.com/news/71-of-ransomware-attacks-targeted-small-businesses-in-2018">target small businesses</a> due to less investment in their cybersecurity infrastructure. It is predicted that a new organization will be affected by such an attack <a href="https://phoenixnap.com/blog/ransomware-statistics-facts">every 11 seconds</a> as soon as 2021.</p>
<p>This still does not compare to the constant threat of phishing attacks. Phishing is a form of social engineering where attackers use of fake emails and/ or websites to gain valuable data from their target and cause serious damage. According to a recent survey, phishing is the number one cyber threat affecting businesses and all other organizations across the country.</p>
<p>Phishing is simple to perform, inexpensive, monstrously efficient and attackers see no reason to stop. Organizations need to train all staff members to recognize and avoid malicious emails and doubt every website that asks for sensitive data. It might be a costly and time consuming investment, but less than the potential expenses of recovery and loss of business.</p>
<p>Public Wi-Fi has become an entry point<a href="https://www.inc.com/comcast/risks-of-using-public-wifi.html"> for hacking and other illegal activity</a>. Allowing staff to work remotely has some advantages and new risks. What better time to squeeze out that late report than waiting at the airport or a restaurant?</p>
<p>Small and medium-sized businesses (SMBs) have a distinct advantage against corporations that span entire continents. It is much easier to implement cybersecurity measures on a smaller scale. The days when hackers were isolated cases from the US or abroad doing it for fame and money are over. It is very easy to find hacking tools and tutorials online. And how to extort money.</p>
<p>What can SMB’s do about this growing problem? Inexpensive measures, such as using Red Sky Alliance’s RedXray service can provide the business owner with a daily cyber threat notification report covering nine (9) cyber threat categories, so threats can be investigated before they become expensive problems. What RedXray offers is another layer of protection for businesses without having to connect to their networks. How easy is it to order? It can be ordered on line in less than 3 minutes and all billing is made monthly by credit card by visiting <a href="https://wapacklabs.com/redxray">https://wapacklabs.com/redxray</a>.</p>
<p> Red Sky Alliance/Wapack Labs Corporation can help your firm protect against these threats and is now offering Cyber Insurance coverage through Chubb to help protect your organization, if the worse happens.</p>
<p>Please feel free to contact us at <a href="mailto:sales@wapacklabs.com">sales@wapacklabs.com</a> or one of our authorized RedXray sales distributors. <span style="font-size:8pt;">Photo: 123rt.com</span></p>
<p>Red Sky Alliance is located in New Boston, NH USA and is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 888-RED-XRAY or (888)-733-9729, or email <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p><em>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a><br /> LinkedIn: <a href="https://www.linkedin.com/company/wapacklabs/">https://www.linkedin.com/company/wapacklabs/</a><br /> Twitter: <a href="https://twitter.com/wapacklabs?lang=en">https://twitter.com/wapacklabs?lang=en</a></em></p></div>