alt tag

Posts Tagged ‘cyberattack’


Spectre and Meltdown: Valuable Lessons for Your IT Security Team

Monday, February 12th, 2018

At the end of 2017, the world learned about Spectre and Meltdown: two far-reaching security threats that exploit how CPUs work to expose protected information on nearly every recent PC, server and smartphone. Hackers can use these exploits to do things like steal passwords and other protected private information stored in a computer’s memory through programs such as a web browser.

These vulnerabilities essentially affect every computer, including Macs, iOS devices and Chromebooks.

Hardware and software manufacturers are hard at work fixing the vulnerabilities, but it is up to the end users to make sure the fixes go through.

How the Exploits Work

Spectre seizes the ultra-fast memory on the CPU itself, known as the CPU cache. CPUs use processes called “Branch Prediction” and “Speculative Execution” to guess the most likely upcoming instructions from branches in a program to speed up performance. Spectre attacks manipulate those processes to push data from protected memory into the cache then load that pushed data from unprotected memory. The exploit identifies protected information because it loads faster from the cache.

Meltdown exploits a flaw in processor privilege escalation that allows executed code to get access to protected memory. Essentially, Meltdown breaks the isolation between the application and the operating system. Meltdown is the easier to exploit, but the easier to fix of the two.

What It Means for IT Security

IT security staff needs to make sure that all devices impacted by Spectre and Meltdown are properly updated to mitigate the threat. For the most part, this means staff needs to take some key steps: apply the operating system patches, install firmware updates, update web browsers and update other software that works with secure data, all while keeping the antivirus active.

In many cases, it means just staying out of the way, as Windows and MacOS devices will automatically install the updates. According to Microsoft, end users mostly just need to make sure Windows Update is active. However, some anti-virus programs may block patches and others aren’t compatible with the updates, so IT staff will need to find an alternative option to update those devices.

The Damage Done

Fortunately, Spectre and Meltdown haven’t led to any major security breaches, but researchers have identified more than 130 instances of malware designed around related exploits. So far, related malware seems to be proof-of-concept attempts rather than attacks.

At this point, most of the damage comes from performance degradation associated with the security updates. Both Spectre and Meltdown exploit techniques used to improve CPU performance, so closing those vulnerabilities often involves disabling those techniques. In particular, Windows-based systems running 2015-era Intel Haswell or older CPUs may experience performance drops, with older operating systems being more likely to show symptoms.

However, the performance loss isn’t consistent and can vary between 2 and 14 percent depending on the task. Some processes are affected more than others, with “privileged” processes seeing the most slowdown. Your IT staff should be concerned about this if your business is running virtual machine clusters. The performance loss may mean a hardware update is in order.

MPA Networks offers valuable services such as desktop management that can help your business avoid the pitfalls of Spectre and Meltdown by keeping your computers updated and secure. Contact us today to learn more.

Do You Have a Crisis Management Plan for a Cyberattack?

Thursday, February 8th, 2018

A crisis management plan is your business’s best defense for minimizing cyberattack damage after technology-based preventative measures have failed. Unfortunately for most businesses, cyberattacks are not a matter of if, but a matter of when. Establishing a crisis management plan can help your business minimize data compromise, limit attack scope, decrease recovery time and reduce harm to your reputation. Having a plan in advance means your operation can immediately get to work on containing the attack when it occurs rather than allow it to incur further damage while you scramble to develop a plan during the breach.

What Threats Do Cybersecurity Attacks Pose?

Cybersecurity attacks aren’t going away. According to CBS, as of 2015, criminals contributed to 1.5 million annual cyberattacks. These attacks can have major repercussions for a business.

According to IBM, the average breach costs a business $3.6 million.

Some attacks can lead to massive fallout that can put a business in financial trouble. In 2016, there were 15 breaches that exposed more than 10 million identities, Symantec reports.

The technical side of preventing cyber-attacks is an ongoing cat-and-mouse game. The tech industry pushes to close security holes as soon as — if not before — hackers find and exploit them. Hackers like to take advantage of businesses that haven’t applied software patches to close established security holes.

Malware, ransomware, botnets, IoT vulnerabilities and email phishing were all major threat sources in 2017. In particular, ransomware is a growing problem because businesses are paying more than $1,000 on average to recover “locked” data. Many of these payouts could have been avoided by implementing proper crisis management and disaster recovery plans in advance. While big businesses offer big targets, SMBs still need to protect themselves from attacks.

What Your Plan Should Contain

A cyberattack crisis management plan revolves around three main elements: preparation, response and recovery. Every step is crucial, because a poor response can actually make the situation worse. According to WIRED, Equifax’s management response could have stopped the problem before it started in their major 2017 breach, if they had not done such a poor job. Here’s what to consider:

  • Prepare: Your business should prepare for extreme-level attacks in advance. Part of this process involves creating a response team with key players from all necessary departments. The plan should include what each group needs to do in the event of an attack. The crisis response team should take action to plug major known security holes as they are discovered to prevent a breach.
  • Respond: The response team should identify the attack, secure the compromised systems, and investigate the cause of the breach in that order. Next, the team should take action to prevent further attacks that exploit the same or similar security holes.
  • Recover: The cycle continues after your business contains the threat. The response team should next work to minimize public damage and repair customer trust. According to a 2011 Ponemon Institute study, larger businesses say they averaged $332 million in diminished business value following a customer data breach.

The disaster recovery experts at MPA Networks can be a vital part of your business’s crisis management plan. Our experts can help your staff gets back to business as usual as quickly as possible. Contact us today to find out how we can help.

Does Fintech Pose a Threat to Cybersecurity at Financial Services Companies?

Monday, January 29th, 2018

Financial services companies should embrace a healthy dose of caution when implementing new fintech in their business. Fintech, or any technological innovation in the financial sector, is not inherently more or less secure than any other new technology, but because it works with substantial sums of money, it is a common target for hackers and would-be criminals. Financial services companies need to keep up with innovations in how people transact business including cryptocurrency, digital cash, blockchain technology, smart contracts and open banking in order to remain competitive. Therefore, it’s vital that companies working with fintech pay close attention to risk mitigation and security.

Fintech Is Growing

Bitcoin is likely the best-known and most publicly discussed story in fintech today. It’s an excellent topic for discussion because it’s well known outside of the financial industry for both its potential and problems. Bitcoin shows its potential with its fluctuating value, starting at just pennies a coin and reaching a peak value of over $15,000 USD as of early 2018. However, Bitcoin also has a high-profile case of the risk associated with new technology: the 2014 MtGox theft, which resulted in more than $800,000 in stolen Bitcoins.

As of early 2018, fintech startups continue to proliferate and innovate. Fintech startup funding reached $17.4 billion in 2016 and was on track to surpass that for 2017.

According to CB Insights, there were 26 venture-capitalist backed fintech firms with a combined value of $83.8 billion in Q2 of 2017.

Fintech is chipping away at the traditional financial institution, so the traditional businesses need to embrace it in order to remain competitive. Consumer demand drives financial services companies to use these new technologies; however, it’s the businesses that shoulder security risks.

Security Vulnerabilities Thrive in Fast-Growth Environments

Fintech’s incredible level of success is the very reason it’s a cybersecurity threat at financial services companies. With such a large number of innovations being adopted in the financial services industry, it’s inevitable that some technology won’t have sufficient security in place. If the vulnerabilities exist, it’s only a matter of time before hackers will find and exploit them. Because there are so many players with so much money on the line, it could lead innovators to push technology to the market as fast as possible at the expense of proper security development. Enterprise Innovation cites a survey respondent who expresses concern that the financial services industry can’t keep pace with how quickly fintech is evolving.

Unfortunately, there’s no easy way to cover all the possible threats that can come from new fintech — because those threats don’t exist until the technology exists. However, financial services companies must ensure they employ proper security practices. Firms need to use fintech platforms securely and ensure devices are always running the latest versions of software for security purposes. Additionally, businesses should be prepared for problems outside of their control with insurance. The 2017 Equifax hack is a warning sign for any business that wants to skimp on security, because it shows exactly how destructive the financial hacks that exploit poor security can be.

MPA Networks offers extensive experience and incredible expertise in providing IT service and support to financial services. If your business is expanding into fintech use, contact us today to learn more about how we can enhance the safety of your information and your customers.

Four Security Threats Your Company Could Face in 2018

Tuesday, January 16th, 2018

Hot off the tail of the massive 2017 Equifax breach that exposed personal information of 143 million customers, businesses are on high alert concerning IT security in 2018. While the IT security industry has been successful in mitigating and cracking down on many common threats, hackers are finding new ways to exploit devices that haven’t received as much attention and protection as PCs and servers have. Trends indicate that your company could be looking at security threats from previously ignored devices and sources in 2018. Be on the lookout for the following threats this year.

1. Missing Windows Updates Over Incompatible Antivirus Software and the Meltdown-Spectre Fix

This is one security threat your company could already be facing: There’s an inherent flaw in the way modern CPUs by Intel, AMD and ARM handle data that can be exploited to leak information. This is a substantial problem because it stems from the hardware as opposed to the software, and fixing it can negatively impact device performance. To make matters worse, some types of antivirus software conflict with Microsoft’s fix. If your business is using one of those incompatible programs, you need to switch to a compatible option to continue receiving Windows Updates as of January 2018. Those Windows Update patches are vital to keeping your company’s computers safe.

2. Internet of Things Devices Become a Bigger Threat

As of 2017, there were 17.68 billion IoT-connected devices, and that number is expected to grow to 23.14 billion in 2018.

Your office may interact with devices like an Amazon Echo, a smart thermostat and dozens of smartwatches. These are all IoT devices that could be the targets of security attacks.

These devices can be used to piggyback onto your office network. Additionally, DDoS attacks from hijacked IoT device botnets could be an even bigger threat in 2018.

3. New Devices Are Targeted

Ransomware is for more than just computers now. In 2018, IoT devices could be the next major target for hackers using ransomware to get your business to fork over payment to regain control. A workplace that’s lost control of the thermostat because of ransomware might be highly motivated to pay. Hackers may also be looking to exploit security holes in your office router and modem, as these devices are often neglected when IT staff applies regular security updates. Hackers often exploit the fact that many users don’t change the default password on these devices.

4. Watch out for Mobile Malware

The growing mobile device user base is making the Android and iOS platforms much more attractive targets for hackers over the traditional PC targets. According to Kaspersky, Android devices are more vulnerable to malware, but attacks are easier to identify and fix. While iOS devices are more secure, it’s much harder to tell if a device has been compromised.

Keeping up with IT security in your workplace is your best bet to avoid disastrous breaches and downtime. Our IT consulting experts can help your company identify and protect its security weak points. Contact us today.