XSolutions’ Security Post Roundup: Mar 29, 2021

Last week’s security LinkedIn posts by XSolutions:

Having Cyber Insurance Doesn’t Mean Automatic Payment Of A Claim (3/22/21)

Insurance companies are getting very stringent in issuing policies and paying out claims. A good, honest broker is essential.

Here are a few ways insurance companies will try to deny your claim:

* Poor security practices – if, during their investigation of a claim, they find out that you didn’t have certain security practices in place or they were poorly enforced, they’ll deny payment.

* Poor documentation – Make sure your policies are in writing, enforced, and periodically reviewed. Put it all in writing!

* Someone else is the cause – if your security is breached because of a third party’s actions, your insurance company may deny the claim forcing you to file against the offending company.

* Document everything regarding the incident – make sure it is clear that you have all of your bases covered and the security measures in place, and your actions comply with the policy.

* Act quickly – if you take too long to react to an incident, your insurance company may deny the claim because, in their view, you did nothing to contain the breach.

Deal only with reputable insurance companies; find a good, honest broker to help you, read and ask questions, and document, everything!

Cyber-thief Confession: We Target Companies With Cyber Insurance (3/23/21)

Graham Cluley recently ran a post where a cybercriminal gang known as REvil said they specifically target firms with cyber insurance.

Their reasoning? If you have insurance, then you’re most likely to pay the ransom.

To add insult to injury, Revil’s process is to hack into insurance companies to get a list of their cyber insurance customers!

Our readers know that simply having a cyber insurance policy DOES NOT mean that your insurer will cover your claims. You must have EVERYTHING in order to show your insurer that all precautions were taken, etc. otherwise, they may refuse to reimburse you.

To protect yourself:

* Follow an accepted security protocol like NIST.

* Have written and tested security policies & procedures.

* Make sure to include an Employee Awareness Training Program with phishing simulation.

* Partner with a Managed Services Provider (MSP) that includes advanced security services (EDR, SIEM, and SOC) as part of their offerings.

* Install a Hybrid-cloud Business Continuity system installed to backup all data so you can recover quickly from a ransomware attack.

Why Should Email Security Be Your Top Priority? (3/23/21)

Here are a few frightening statistics:

* 91% of cyberattacks start with a phishing email

* Phishing attacks increased 350% during COVID-19

* Businesses consider phishing as a top attack threat

* Ransomware increased 715% in 2020

Malware-laden email is the number one way hackers attack their targets. Cybercriminals use sophisticated methods, leading to Business Email Compromise (BEC), identity theft, stolen data, and ransomware.

Need help? Email XSolutions at [email protected] for a free security consultation.

Breaking News: Cybercriminals Pull Off Digital Bank Heist (3/24/21)

A Michigan bank was recently the victim of a ransomware attack in which attackers also stole customer data such as Social Security Numbers, home address, full name, phone number, etc.

If it happened in Michigan to a highly regulated financial institution, then it certainly can happen in your town, your bank, and with your accounts.

Folks, we all know that our data is at risk. Do you realize that even information we gave companies long ago on paper is also vulnerable since most records were digitized and put online?

IF DATA IS ONLINE — IT CAN BE HACKED! Lock up your data!

* Put multifactor authentication on EVERY account where available (i.e., bank accounts, credit cards, email accounts, etc.).

* EVERY account should have a unique password.

* Don’t be lazy! Create strong passwords. We showed you how in a previous post.

* Use a Password Manager to store all of your passwords.

* Put alerts on ALL financial accounts so you’ll know of any suspicious activity.

* Monitor your credit and ALL financial statements for unusual activity.

Do it now. The bad guys don’t sleep.

Security Alert: Modified Purple Fox Malware Includes Worm Capabilities (3/25/21)

Purple Fox is malware that targets Microsoft Windows and repurposes compromised systems to host malicious payloads. First discovered in 2018, it was initially deployed via phishing and exploit kits.

This malware has now been modified to spread using port scanning as a search mechanism and then exploiting exposed SMB services with weak passwords. When a target is found, an SMB probe is sent to port 445. If it responds, Purple Fox will attempt authentication by brute-forcing usernames and passwords or establishing a null session.

As of this writing, almost 2,000 servers have been hijacked.

This malware uses exploits for vulnerabilities for which patches were already issued. Best defense:

* Make sure all Windows machines are fully patched and up-to-date. Patch regularly.

* Operate on the principle of least privilege to restrict access to systems.

* Utilize a defense-in-depth approach, with multiple security layers including AI, behavioral monitoring, intrusion detection, EDR, SIEM, SOC, etc.

Need help securing your network? Email us at [email protected] for a free consultation.

Why Automatic Whitelisting Is Trouble (3/26/21)

You need to watch the security applications you put in place. For instance, some email security solutions have automated processes for whitelisting emails.

How do they determine a sender is OK?

* If you respond to an email (even a phishing email), the app may assume the sender is trusted.

* Some apps use CAPTCHA. So, someone sends an email; a CAPTCHA is presented. If the sender passes the test, the address is whitelisted.

As you can see, the above methods of determining whether a sender is trusted are problematic. A phishing email in which the sender is “trusted” will get through, and the recipient has no reason to suspect that it is dangerous.

With a compromised Microsoft 365 account, a cybercriminal can launch phishing, malware, and spear-phishing attacks from inside the suite, devastating a company in short order.

A Zero trust email solution never assumes that a sender is safe. When combined with continual Artificial Intelligent (AI) driven monitoring, all emails go through a thorough examination giving you maximum protection against phishing, Business Email Compromise (BEC), and malware, including ransomware.

Email us at [email protected] for a free security consultation.

XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions. We provide Disaster Recovery as a Service (DRaaS), Backup as a Service (BaaS), Cloud Data Protection (CDP), and Managed I.T. Services (MSP). Call (845) 362-9675 for a free consultation. Managed IT Services | Managed IT Security | Backup & Disaster Recovery| Cloud Data Protection