i.t.NOW works hard to protect our clients’ networks from security threats and ensure their safety and operability. In those efforts we frequently see what growing threats there are in the wild. Two that we particularly wanted to make our clients aware of are Business Email Compromise (BEC) attacks, and Ransomware.
Neither one of these attacks are new. In fact, they’ve been around for years. Lately we’ve observed a significant increase of these attacks in the course of our work. Recent security statistics corroborate our observations. We thought it made sense to highlight these attacks and urge action to protect against them.
BEC Attacks
Business Email Compromise attacks have been around for a very long time. This isn’t a new threat. However, it seems to be gaining popularity among bad actors because of the potential for a huge cash score.
“More than one-third of cyberattacks during the first six months of 2022 were business email compromise attacks, with incidents rising by nearly twofold between the first and second quarter, reports SiliconAngle. Significant increases in BEC attacks were observed in the finance and insurance, business services, government, and legal sectors, with 80% of organizations impacted by BECs lacking multi-factor authentication, according to a report from Arctic Wolf Networks.”
A BEC attack is where a bad actor gains access to a user’s email. Access is gained by a simple password breach, social engineering, phishing, or an infected attachment. All attack vectors aim to get a username and password. Once they have access, they wait. They observe communication coming and going.
When the time is right, they attack. Typically, they pose as one of your vendors and issue a large invoice. Of course, their banking information has changed, so they request that you make payment via wire to the new account.
BEC Attack Prevention
We’ve reported recently on a significant BEC attack that happened at Eagle Mountain City. They lost 1.13 million dollars as part of that hack. These attacks can be prevented. Here’s what will help.
- Multifactor Authentication – MFA will stop a good percentage of BEC attacks so that they never get access to begin with. If you don’t already have this in place on your email you are vulnerable and should act now to protect your business.
- Email Security Suite – A good email security suite will eliminate much of the SPAM and phishing emails from your inbox. In addition, it will have sandboxing technology that will help prevent you from getting infected attachments.
- End User Security Awareness Training – Your employees are your largest asset, and your biggest threat to security. A solid security awareness training program will help to make them more aware of what to look for and how to avoid phishing and other threats.
- Procedures – Simple procedures for your staff around transferring money will also help to make sure you don’t get duped. If banking information ever changes, there should be an additional verification process where you talk to a human and make sure it’s legit. Having the right procedure in place can save you when everything else fails.
Ransomware Attacks
Ransomware isn’t a new attack either. Again, we’ve observed an increase of these attacks in the wild over the last year and want to reiterate the dangers and how you can stay protected.
“The FBI’s Internet Crime Complaint Center reported 2,084 ransomware complaints from January to July 31, 2021. This represents a 62% year-over-year increase.”
Ransomware occurs when a bad actor gains access to your network. Once inside they use a tool to encrypt all your data. It spreads from machine to machine until all servers and workstations are inoperable. They then contact your organization and offer to give you the decryption key in exchange for a ransom payment.
This is an ugly threat that can take businesses down for days and weeks at a time if they are not prepared. The most common ways that we’ve seen bad actors infiltrate the network is through unsecured remote access. VPN or RDP without multifactor authentication, and a cracked or purchased password. Brute force attacks on the firewall are sometimes also an entry point.
Ransomware Prevention
This can be a difficult attack to defend against, but there is much that can be done to protect your network. Here are some things that will help protect your business.
- Multifactor Authentication on Remote Entry – One of the most common entry points we’ve seen recently is VPN or RDP without MFA on it. Secure these and any other remote entry points right away with MFA.
- Intrusion Prevention – Another attack vector is a brute force attack on the firewall. Intrusion prevention is a service for your firewall where if it sees numerous login attempts coming from the same IP address it will immediately block them. This is just a license with most firewalls and can easily be put in place to add a layer of protection.
- Backups – Make sure that you have a solid backup of your data that is offsite and not accessible from your primary network. Ensure this data is stored in a way that it can be recovered quickly. This ensure that even if the worst happens you can be back up and running quickly.
- Vulnerability Scanning – Regular scans of your network to identify vulnerabilities are great tools to help your IT team stay ahead of threats and know what needs to be addressed.
- Regular Patching – Ensuring that all operating systems and firmware are up to date with the latest security patches goes a long way to keeping your network safe. Make sure this happens regularly and that you have reporting to review to ensure it’s completion.
- Endpoint Detection and Response – Another potential attack vector is to infect an individual desktop or laptop first, and then spread to the rest of the network. A solid EDR solution to protect your endpoints can help to detect and stop ransomware before that happens.
Nothing New Here
There isn’t anything groundbreaking about the threats that we’re alerting on here. They’re not new, and neither are the recommended solutions that will help keep your network safe. The challenge is that even with so many recent examples, many businesses still haven’t taken the necessary steps to protect themselves.
In most cases for small businesses this is because of a lack of time and expertise in IT. Busy business owners don’t have the time needed to think about and address cyber security, and it frequently isn’t a priority until it’s too late. That can be a costly mistake.
If you find yourself in that boat, give us a call. i.t.NOW can make your cyber security simple. Better yet, we can get to work on it immediately so that your network is protected. In 2022 it’s not a question of IF you’ll get hit, it’s a question of WHEN. An ounce of prevention is better than a pound of cure. Call us today for a free security evaluation.