As some of you know, HI Tech Hui is now fully operational with our very own 24×7 Security Operation Center (SOC) which we’ve branded under CYBERUPTIVE. We are using the ‘follow the sun’ methodology, with our East Coast operations taking over while our Hawaii operations are sleeping. With our multiple shifts and 2 locations, we’re able to cover 24 hours a day, 7 days a week.
Always think, “it’s not a matter
of IF I get breached, it’s a matter
of WHEN I get breached…”
In the wake of COVID-19, we’re seeing an increase in cyber attacks, mostly in Russia and China. There has been an apparent increase in; reconnaissance, intelligence gathering from outside the country, collecting intel on your network, and checking for open ports or exploits and opportunities to attack. Before, you could use geoIP blocking to block those countries, now machines are spinning up in different data centers in the US performing the same intelligence gathering. They are using US based servers, trying to launch attacks on different US companies.
We’re seeing a huge increase in spearphishing and very specific targeted attacks. Usually, they are really easy to figure out, but the latest rounds are getting harder to decipher. The attacks are also
happening “off hours”. Friday nights and weekends are producing an increase of attacks.
Colleagues in the industry are saying that ransomware is coming back with a vengeance. Always think, “it’s not a matter of IF I get breached, it’s a matter of WHEN I get breached…” Make sure you have a process to check daily backups. Turn on MFA for everything. In the beginning of the month we saw a bunch of password spray attacks for O365 accounts that didn’t have MFA enabled.
In the last year we as well as our partners have discovered:
- 41% of malware that was seen is brand new and has never been seen before
- 70% of all samples came from 5 malware families
- 23% of the malware is publicly available, and can be used by various skill sets
The most common malware we have seen are:
- Trickbot – A modular banking trojan that uses web injects. – Credential Stealer
- Qakbot – Banking Trojan been around since 2008
- Beacon – An open-source endpoint agent for Cobalt Strike, is used by APT19, APT32,
APT40, APT41, FIN6, and FIN7 - Empire – An open-source post-exploitation framework and PowerShell endpoint agent. Provides Keyloggers and software such as mimikatz.
So for us at HI Tech Hui, we’ve not only been battling the COVID biological virus, but we’re also
battling a significant increase in cyber viruses. Many businesses in Hawaii right now are going through some hard times, the last thing we need are more cyberattacks to knock us down even more. Our desire to protect and help Hawaii’s businesses is why we worked so hard to build our very own SOC.
– A Message from Chuck Lerch, CXO and Cybersecurity Expert
Download a copy of the JUNE 2020 NEWSLETTER
Related: 3 Ways To Stop Cybercriminals Cold In Today’s Crazy Times
Related: Who Is Responsible For Your Corporate Culture?