Threat Landscape: Ransomware

Ransomware attacks have become increasingly common in recent years, and the threat landscape continues to evolve. Hackers are constantly developing new techniques and tactics to evade detection and target vulnerable organizations. In this blog post, we’ll take a closer look at some of the latest ransomware threats and how you can protect your organization.

Types of Ransomware

Conti:

Conti is a relatively new ransomware strain that has gained popularity among cybercriminals. It uses advanced encryption techniques to lock down victims’ files and demands a high ransom payment in exchange for a decryption key. Conti is often spread through phishing emails and exploits vulnerabilities in software and systems.

Conti ransomware was first observed in the wild in late 2019 and has since become one of the most prevalent ransomware strains. It is known for its advanced encryption techniques, which make it extremely difficult to decrypt files without paying the ransom. Conti ransomware is typically delivered through phishing emails, which trick victims into downloading malicious attachments or clicking on links to compromised websites. Once it infects a system, it uses a combination of encryption and compression techniques to lock down victims’ files.

To protect against Conti ransomware, it’s important to keep your software and systems up-to-date with the latest security patches. You should also educate your employees about the risks of phishing emails and how to spot them. It’s also a good idea to implement access controls to limit access to sensitive data and systems, and to regularly back up your data to an offsite location.

DarkSide:

DarkSide made headlines in 2021 when it was used to attack the Colonial Pipeline, causing widespread fuel shortages and panic buying in the United States. DarkSide is a highly sophisticated ransomware strain that is typically used to target large organizations. It uses advanced encryption algorithms and is often spread through phishing emails or compromised remote desktop protocols.

DarkSide ransomware was first discovered in August 2020 and has since become one of the most notorious ransomware strains. It is known for its complex encryption techniques, which make it extremely difficult to decrypt files without paying the ransom. DarkSide is typically spread through phishing emails or compromised remote desktop protocols, which allow hackers to gain access to vulnerable systems. Once it infects a system, it uses a combination of encryption and compression techniques to lock down victims’ files.

To protect against DarkSide ransomware, it’s important to implement a multi-layered approach to cybersecurity. This includes regularly updating your software and systems, educating your employees about the risks of phishing emails, and implementing access controls to limit access to sensitive data and systems. It’s also important to regularly back up your data to an offsite location and to test your backup and recovery procedures to ensure they work properly.

Avaddon:

Avaddon is another ransomware strain that has gained notoriety in recent months. It is often spread through spam emails and uses a range of encryption techniques to lock down victims’ files. Avaddon is unique in that it has its own dedicated customer support portal, where victims can pay the ransom and receive technical support for decrypting their files.

Avaddon ransomware was first discovered in June 2020 and has since become a popular choice among cybercriminals. It is known for its sophisticated encryption techniques, which make it difficult to decrypt files without paying the ransom. Avaddon is typically spread through spam emails, which contain malicious attachments or links to compromised websites. Once it infects a system, it uses a range of encryption techniques to lock down victims’ files.

To protect against Avaddon ransomware, it’s important to use up-to-date antivirus and antimalware software to detect and prevent ransomware attacks. You should also implement access controls to limit access to sensitive data and systems, and to regularly back up your data to an offsite location. It’s also important to educate your employees about the risks of spam emails and to encourage them to avoid clicking on suspicious links or downloading unknown attachments.

Egregor:

Egregor is a ransomware strain that has been active since September 2020. It is often spread through phishing emails and exploits vulnerabilities in software and systems. Egregor is known for its aggressive tactics, which include publicly shaming victims who refuse to pay the ransom.

Egregor ransomware uses advanced encryption techniques to lock down victims’ files and demands a high ransom payment in exchange for a decryption key. It is typically spread through phishing emails, which trick victims into downloading malicious attachments or clicking on links to compromised websites. Once it infects a system, it uses a combination of encryption and compression techniques to lock down victims’ files.

To protect against Egregor ransomware, it’s important to keep your software and systems up-to-date with the latest security patches. You should also educate your employees about the risks of phishing emails and how to spot them. It’s also a good idea to implement access controls to limit access to sensitive data and systems, and to regularly back up your data to an offsite location.

LockBit:

LockBit is a relatively new ransomware strain that has gained popularity among cybercriminals. It is often spread through phishing emails and exploits vulnerabilities in software and systems. LockBit uses advanced encryption techniques to lock down victims’ files and demands a high ransom payment in exchange for a decryption key.

LockBit ransomware was first discovered in September 2019 and has since become one of the most prevalent ransomware strains. It is known for its advanced encryption techniques, which make it extremely difficult to decrypt files without paying the ransom. LockBit ransomware is typically delivered through phishing emails, which trick victims into downloading malicious attachments or clicking on links to compromised websites. Once it infects a system, it uses a combination of encryption and compression techniques to lock down victims’ files.

To protect against LockBit ransomware, it’s important to keep your software and systems up-to-date with the latest security patches. You should also educate your employees about the risks of phishing emails and how to spot them. It’s also a good idea to implement access controls to limit access to sensitive data and systems, and to regularly back up your data to an offsite location.

In conclusion, ransomware attacks are becoming more frequent and more sophisticated, and it’s important to take steps to protect your organization. This includes keeping your software and systems up-to-date, educating your employees about the risks of phishing emails and spam, implementing access controls to limit access to sensitive data and systems, and regularly backing up your data to an offsite location. By taking these steps, you can reduce the risk of falling victim to a ransomware attack and minimize the impact if one does occur.

If you need assistance implementing the protections listed above, give us a call at (626) 827-1589 – our engineers are standing by!

Microsoft has Disabled Basic Authentication in 365

Microsoft has begun doing what they said they would do nearly two years ago—disabling basic authentication in 365. This is a welcome change for the security of Microsoft’s cloud-based applications and systems. Still, there could be effects from Microsoft’s disabling of basic authentication in 365 that users may need to prepare for and adjust to. For some users, their first question may be: what exactly is basic authentication? Even further, what security risks does basic authentication pose and how does this change affect the functionality and usability of 365? Read on to learn more.

WHAT IS BASIC AUTHENTICATION AND HOW WAS IT USED IN 365?

Basic authentication, also called legacy authentication, is an industry-standard that used to widely used on servers and technology services. With basic authentication, when a user engages with an application, they’re prompted to enter their username and password. This is no different for 365.

Users would be prompted to enter a username and password when they requested to use 365. Additionally, at many organizations, it isn’t uncommon for a user’s username and password to even be stored on the user’s device for easier and quicker authentication.

WHY IS BASIC AUTHENTICATION BEING REMOVED?

Each time a request is made by the server, system, or application, a user’s login credentials are transmitted over the Internet. Basic authentication, while a convenience for users, could be a gold mine for hackers and a major risk to the security of your organization’s network.

SECURITY

Organizations that only require basic authentication for widespread use in their systems and applications are at risk of being exposed to data breaches. Any valuable organization information and, especially, personally identifiable information (PII) that’s stored on your systems could be obtained by hackers. This represents a huge security risk – and a risk that, if borne out, could expose your organization to significant liability.

TARGET FOR HACKERS

Unauthorized and malicious actors can obtain access to your O365 account by grabbing your username and password credentials. Even worse, because many users often use the same credentials across multiple servers and applications, maligned actors can use these credentials to access users’ personal data and information elsewhere.

By disabling basic authentication in 365, users’ accounts will be more secure, and your systems and applications will be required to use stronger authentication protocols, such as modern authentication and multifactor authentication (MFA).

Speaking of MFA, basic authentication doesn’t support MFA. Some organizations have the more secure, MFA enabled on their systems and in their applications, including 365. But if these organizations also have basic authentication enabled, malicious actors can steal a user’s password via phishing or other hacking methods and can bypass the organization’s MFA controls entirely to breach the user’s email account.

WHAT WILL BE THE IMPACT OF DISABLING BASIC AUTHENTICATION IN 365?

Instead of requiring basic authentication, 365 will now require modern authentication. Modern authentication, dubbed OAuth 2.0, uses access tokens that are time-limited and not reusable.

If your systems and applications haven’t been adjusted to adapt to this change, users at your organization could face a rocky road filled with disruptions. Microsoft’s disabling of basic authentication – while it improves security — means that if your organization’s system or applications are using this protocol, they may no longer be functional. In a phrase, they won’t work.

WHAT SHOULD COMPANIES DO NOW?

The deadline for existing tenants to transition their organization’s operating systems and applications that use basic authentication is fast approaching: October 1, 2022. You should review your organization’s authentication protocols for your systems and the applications used by your organization users. This can be easily determined by obtaining a Sign-In report through Microsoft’s Azure Active Directory. If your organization’s systems and applications use basic authentication, you’ll need to have your IT professionals or managed service provider (MSP) enable modern authentication methods for use on your systems and in your applications.

Contact SerenIT Solutions

While Microsoft has disabled basic authentication in 365 for new tenants, many businesses still use this outdated protocol in other applications and their systems. This could be a risk to a business’ data and, ultimately, the security and health of their business. At SerenIT, we offer full cybersecurity solutions for your business needs. We can help assess the risks posed to your business’ security, like the use of basic authentication, and offer you the best solutions to mitigate those risks. Contact us for help securing your IT infrastructure.

Why You Should Join the Race Toward Cloud Computing

The power of the cloud has been a topic on everyone’s tongue for some time now. As a rapidly emerging technology, it shows no signs of letting up, which suggests that it will be around for a long time. It is a flexible technology. Businesses can mix and match their cloud exposure. They can keep some business-critical data in-house while outsourcing some non-critical processes to public and private clouds. It’s a sure strategy – create multiple backup options, be it in the cloud or with multiple carriers.

Cloud computing explained

Cloud computing refers to a network of worldwide servers and data storage farms that work together to create a ‘cloud’ of storage. Anyone can use this global cloud to store their important data off-site. You only ever need internet access to be able to retrieve your data when you need it. Most modern businesses favor a cloud-based data storage solution because of its many advantages.

The Biggest Advantages of Cloud Computing

There is an increasing number of good reasons to use the cloud. As the technology improves, many marginal gains are being realized. We will discuss those up ahead, but from the founding days of this technology, it was welcomed for the three main bases it covered—scalability, flexibility, and security.

  • You can scale

Cloud-based solutions invariably refer to an external resource managed by a third party. Many of the worries about uptime and system robustness are not the worries of the cloud computing customer.

Using cloud services, the customer only needs to be worried about their own growth. They can rely on a responsive cloud services partner to grow and scale at the click of a button. This scaling can go both ways—up or down.

  • It is flexible

Multinationals with offices all over the world love cloud computing. Businesses that operate out of many different geographical locations are no challenge for the cloud. You can access your front end and back end systems from anywhere in the world at any time of day or night.

Another boost if those important system updates do not need to be carried out by a select few at one site. In today’s fast-moving world, this is a major advantage.

  • It is secure

In its early days, cloud computing was not always trusted for its security. Businesses were afraid of putting their important company information in the hands of a third party. What’s more, the technology sounded like it could be breached—a collection of data centers around the world was thought to be less secure than keeping your own information on site.

Cloud computing can be the right security solution for an agile start-up just as easily as it can be a solution for traditional large enterprises. According to Paul Maritz, CEO of VMWare, “Cloud is about how you do computing, not where you do computing”.

Cloud computing is on the march

Industry reports say that spending in cloud computing is beating regular IT expenditure seven times over.

New reports indicate that the global cloud computing market size is on track to grow from USD 272 billion to USD 623 billion in the five-year period between 2018 and 2023. This high-powered growth is a compound annual growth rate of some 18%. This is a technology that is going places.

About 94% of all businesses use the cloud in some form. Reports show that 69% of firms have opted for a blended approach. This means that they cherry-pick services from the best of public and private cloud services.

Some emerging trends

Besides the evergreen wins of scalability, flexibility, and security, recent emerging trends show cloud computing continues to be useful.

Digital transformation ticked off

Consumers expect digital experience with businesses. Organizations access new markets at home and abroad by digitally transforming. Any ambitious organization that needs to meet the security requirements and project deadlines of big digital transformation plans, will have to engage with cloud computing services.

Hosted email solution

SMBs don’t want to host their own email servers. With cloud-based solutions, they don’t have to. For most businesses, the migration to hosted email has allowed their IT departments breathing room to tackle other important projects.

Business disruption reduced

Cloud services are a big boost to business continuity. In tough times, you can access your data and applications from anywhere. With remote working, staff can also easily work from home on personal networks.

But you don’t want to be a victim of a malicious attack that causes downtime. Make sure your staff are trained on safe remote working practices. The heightened threat level requires best-practice reinforcement, or else employees will forget.

Competitive pricing

Through competition between different firms, cloud service pricing has become more competitive for all kinds of organizations. When technology is riding the crest of the high adoption and high usage wave, economies of scale development, and this benefits the end-user.

It enables new service types

The Software as a Service segment is a rapidly-growing area which is powered by cloud services. Due to the many daily applications and tools driven by this service, the SaaS industry has been in the limelight. Remote service desks, out of the box accounting packages, customer relationship management tools, and enterprise resource planning tools all rely on the SaaS model.

Downtime reduced

Downtime is a problem no business wants to have. The global economic machine never sleeps, and any second you cannot operate represents lost sales opportunities. Cloud services can severely reduce downtime, as their highly-networked architecture means there is support for some part of the network at any given time.

Simple storage for lots of data

As we move into the age of the Internet of Things, the amount of data we handle will increase. Artificial intelligence and Machine Learning require astronomical computing power and the data storage requirement is high. Cheap, durable, always-on data storage will be the new currency.

Contracts are easy to handle

Taking on a cloud service has become a simple process. There are many different types of offerings, from free trials to contract-less offers for short periods of time. Subscriptions are designed to be as simple as making a credit card payment via a website. Gone are the days of salesmen waving detailed and lengthy contracts in your face.

Conclusion

Cloud-based services provide strategic flexibility and scalability to any kind of organization. Future growth prospects of this technology are strong. The number of reasons to use this emerging technology is ever-increasing. Now is the time for your firm to enter the race for adoption.