How Prevent Your Network from Being Sold By Hackers

Locked computer ransomware with hands holding money and key flat vector illustration

Believe it or not, your organization’s network can be sold by hackers under the right circumstances. This is the unfortunate reality that we live in, where the commoditization of data and network access has become a real problem. According to a study from KELA, hackers can sell access to compromised networks for a pittance compared to the amount of work you have invested in building your business. If you have your business’s network sold by hackers, it could create a snowball effect of events that can lead to your business’s downfall. Therefore, you must do everything in your power to protect your network and prevent this from happening.

This report from KELA followed Initial Access Brokers, a term used to describe threats that sell access to compromised network infrastructures. These threats are big players in the world of cybercrime, as they can effectively facilitate some of the most devastating threats out there, including ransomware and remote access threats. The report examined one full year of listings by Initial Access Brokers to discover how much value can be assigned to this type of network access.

It is quite shocking to see just how little value is associated with access to your network. Out of the 1,000 listings, KELA found that the average price of network access credentials was about $5,400, with the median price being around $1,000. Other trends examined included the average price of credentials, as well as information on industries affected and countries affected. The top countries affected were the United States, France, the United Kingdom, Australia, and Canada. Top industries affected included manufacturing, education, IT, banking/financial, government, and healthcare.

Just take a moment to imagine how much chaos someone could inject into your business simply by purchasing access to your infrastructure. All it takes is a small investment and access to a VPN for someone to start causing some real trouble for your business. There are quite a few ways that you can minimize the damage done through these methods, including the following:

  • Implement comprehensive security measures

    In terms of sheer security, we recommend unified threat management, or UTM, to handle most of the threats your business could face. This all-in-one solution includes security measures such as a firewall, antivirus, content filter, and spam blocker to minimize exposure to threats.

  • Monitor your network traffic

    If you keep track of who logs onto your network, when, and where they are logging in from, you’ll have a greater chance of identifying suspicious traffic patterns.

  • Implement multi-factor authentication

    Password security is still important, but not nearly as important as having additional measures in place. Multi-factor authentication can help make sure that people logging into your network are who they say they are.

  • Take regular backups of your infrastructure

    You never want to use your data backup, but having it never hurts, and it will give you a nuclear option in the event that someone does manage to gain unauthorized access to your network.

If you have your business’s network sold by hackers, it can damage your business’s entire operations. To learn more about how you can protect your business, reach out to us at (954) 474-2204.

350,000+ Personal Data Exposed After Preen.Me Attack

350000 personal data exposed after preenme attack

It’s the rare business that can survive without marketing and social media efforts, so when a social media marketing company like Preen.Me comes under a cyber attack, it invariably adversely affects many, many interested parties. And with Preen.Me’s recent hack, that’s exactly what happened. Over 100,000 social media influencers have had their personal data stolen because of their connection to Preen.Me. In addition, over 250,000 social media users have had their personal data exposed on a deep web hacking forum from their use of ByteSizedBeauty, a Preen.Me application.

While Preen.Me primarily focuses their marketing efforts on beauty-related content, meaning many other types of businesses were spared, that does not provide any comfort to those whose primary business is related to personal care. Preen.Me boasts big-name customers such as Unilever, Revlon, St. Ives, and Neutrogena, who in turn interact with large customer bases. 

In this post, we will outline how the attack was discovered, the data involved, and discuss the level of sophistication that hackers and data thieves can employ in their efforts to exploit, steal from, and harass innocent parties.

The Discovery  

RBS, a world-renowned leader in cyber security, first discovered the Preen.Me leak on June 6, 2020 after they noted a known threat actor posting a message on a deep web forum about their recent hacking efforts. The attack was confirmed by the actor on the same day when they shared stolen information from 250 beauty influencers on PasteBin. PasteBin is a content hosting website service that allows users to store text on their site for set periods of time. The hacker also threatened to release the personal information of 100,000 records he/she acquired. However, as of this date those records do not seem to have been released.

The Data at Risk 

The affected clients of Preen.Me are social media influencers involved in the beauty industry. Of course, their social media efforts lead them to collect information about their followers as well. Information from both side of the equation were affected, with the threat actor exposing personal information of the media influencers such as home addresses, phone numbers, email addresses, names, and social media links. In addition, some of these social media influencers have over a half million followers, potentially exposing their information as well.  

Further Exploitation

It wasn’t enough to steal such a large amount of data to potentially hold Preen.Me for a ransom amount. On June 8th, the hacker released detailed information of the over 250,000 users of Preen.Me’s application, ByteSizedBeauty. The details include their Facebook name, ID, URL, and friend’s list, along with their Twitter ID and name. Personal information was also leaked, including their email address(es), date of birth, home address, eye color, and skin tone. 

Also found in the stolen database dump, were 100,000 user authentication tokens for social media, along with a small number of possible password hashes, and a data table consisting of over 250,000 records containing user names, email addresses, customer names, and auto-generated passwords. 

Doxing so many users of Preen.Me’s marketing tools and applications leaves all of them exposed to significant issues with spam, harassment, and especially identity theft. It remains to be seen if the hacker has accomplished their entire “mission” or if they are planning to further exploit Preen.Me and/or their clients. 

A Cautionary Tale 

Preen.Me’s recent attack is a cautionary tale for every other entity that uses the world wide web. Hackers can take very personal information and hold it for ransom, or they can release it on the dark web and allow others to commit further criminal acts against innocent affected parties. Organizations must take technology security seriously and understand their security efforts are not just protecting their own data, but the private data of clients who entrust them oftentimes with very personal information.

If you would like to know more about how to protect your business and the sensitive data of your clients from cyber hackers, please contact us.

The Marriott Breach – We Now Know Everything

marriott breach impacts millions
Marriott Breach Affects Millions

Consumers and many employers suffered a significant blow with the massive data breach recently revealed by Marriott International Hotels. Their hacked data included personal information from nearly half a billion guests. Marriott’s reservation system for their Starwood line of hotels exposed personal data including guest names, passport numbers, phone numbers, email and mailing addresses, along with some credit card information which included the encryption software that could decode the stolen numbers. Along with the enormous number of travelers affected, the fact that the data breach went undetected for approximately four years is particularly disturbing.

In addition to all the Starwood hotels, other affected hotels included Four Points by Sheraton, Tribute Portfolio, Westin Hotels, The Luxury Collection, Sheraton, Design Hotels, Aloft, Element, W Hotels, St. Regis, and Le Méridien. While the mechanism the hackers used to accomplish their heist is still unknown, there are a few things concerned companies can do that may help them avoid issues in the future, particularly if they had any interaction with the affected hotels.

Change Marriott-Related Passwords

As many as 50% of people use passwords that are at least 5 years old. Even if any company interaction with an affected hotel occurred earlier than 2014, it’s time to change all old passwords. For any Marriott passwords shared with other entities, those shared password should be updated as well. It’s also time for companies to seriously consider establishing a standard of using two-factor authentication, along with a password management tool if their corporate devices will allow it. Companies should also establish a standard of changing passwords at regular intervals, such as every 6 months or perhaps even more frequently.

Have a Backup and Disaster Recovery Plan 

Even small businesses are becoming increasingly dependent upon company data. One of the best ways to protect vital corporate data is to have an established and tested backup and disaster recovery plan. In the event a company’s data is held for ransom, they can breathe easier knowing they can restore one of their most vital assets.

Hire Professionals

Large companies can afford to have multiple teams dedicated to protecting their data resources. Small to medium-sized businesses rely on their data just as much, but cannot necessarily afford to hire dedicated staff. This is where a Managed Service Provider can step in and fill the gap. A professional MSP can evaluate a small company and find their security gaps. They can then create a complete security solution, including a backup and disaster recovery plan for their client.

If you would like to know more about how we can develop a complete security plan for your company, please contact us.

Marriott Breach Impacts Millions

marriott breach impacts millions
Marriott Breach Affects Millions

The Marriott International breach has had its online reservation system hacked and only now are we learning the true extent of the damage it has caused for consumers who have put their information into this database. First estimates state that over 500,000 million customers have had their names put into the data system. Other sensitive information has also been put into the system including their telephone numbers, addresses, credit card numbers, and their preferred guest account information.

Marriott International is now advising all customers to follow the following steps to help protect their information after their system was infiltrated:

  1. Customers need to set new passwords on their accounts. 21% of Marriott International guests are using a password that is at least 10 years old and 50% have a password that is at least 5 years old. Change your password every 30 to 180 days for the maximum protection available.
  2. Use a safe, appropriate network with secure locations where their information is less likely to get hacked than if they just connect from any remote location. 
  3. Implement an appropriate system that will help you implement a backup a plan and disaster recovery plan. Customers need to have a plan in place in case the user’s data was affected by the attack with the intent of being used for ransom. 

These are the 3 key steps that Marriott International is asking customers to take to help protect their data in the future in case another attack were to happen. Changing passwords now can also prevent the hackers from being able to access that information again to use it for malicious intent in the future.

Creating a Safer Business Atmosphere

The Small Business Administration estimates that about 45% of businesses who lose data vital to their operations never fully recover from that loss. As technologies improve, this number will only increase. It’s vital that businesses begin protecting themselves today to avoid the pain of the loss tomorrow. We now live in a generation where you can’t trust that your data is simply “safe as it is”. There is more cybercriminal activity than ever before and more people that would do your information harm if they got the opportunity to do so.

For more information on protecting your business from cyber thieves please feel free to contact us at 4 Corner I.T. for further assistance. 

How Easy Is It for Someone to Nab Your Password?

how easy is it for someone to nab your password

Network World recently came out with a list of people sent to jail in 2013 for computer crimes, whether it was stealing passwords or hacking into a system to obtain and then sell sensitive information.

Sometimes, the hackers involved demonstrated technical expertise.  Other times, the cyber-criminals didn’t have to make use of any sophisticated IT knowledge in order to access people’s private accounts and networks. 

One example is a man who was able to illegally access the private emails of celebrities simply by asking for the password to be reset and then answering security questions using publicly available knowledge about these famous people.

As the owner of a small or medium-sized business, you may already have some security measures in place, such as Firewalls and anti-virus programs, to reduce the chances of someone breaching your cyber-defenses and gaining access to your network and various private accounts. 

But don’t overlook the rather simple ways hackers can succeed in stealing your password.

Consider the following issues:

  • Is your password really simple? Sometimes a hacker would be able to figure out your password just by knowing certain things about you, particularly if you use common words or facts about yourself (e.g. the password is your last name, birthday, etc.).  Among hundreds of thousands of passwords stolenfrom social media accounts at the end of last year, an alarming number were ‘123456’ or words like ‘admin.’  Make sure your passwords are long and complex enough.
  • What kinds of password recovery options do you have in place? Do your security questions have obvious answers that people could look up through a simple Internet search? To give an example of one precaution, some people use deliberately false information as the answers to their security questions.
  • In your business, who has access to certain passwords? Don’t discount the possibility of irresponsible or malicious actions undertaken by an employee (or ex-employee).

Given that your passwords are the keys to your network and to your sensitive information, you’ll need to come up with a comprehensive strategy for protecting them, not only from theft by malware or from phishing.  

Contact us to discuss your security vulnerabilities and come up with ways to better safeguard your passwords.