Boyce, VA 22620

Back to School – Avoiding Cyberattacks

Back to School – Avoiding Cyberattacks

The kids have gone “Back to School” so to speak. In many cases virtually. While we have become comfortable with the whole online learning thing over the past several months, It is still ultimately up to parents to make the online learning experience safe for our young learners. If you have been tuning in/listening to my podcast ‘Into the Breach’ you have heard throughout the summer that educational institutions have been targeted with growing frequency every day.

This is an article I wrote a couple weeks ago.

This hit close to home today with the announcement that Fairfax County School system was hit with a ransomware attack.

Infosecurity Magazine reported that the threat group MAZE has claimed responsibility for the attack, and said that the group has “uploaded a zip file of data they claim was exfiltrated from the school system.”

Fairfax County schools said it is working with security experts to find out the nature and scope of the attack and how to recover from it.

The Fairfax County Federation of Teachers issued a statement urging the school system to resolve the issue and keep the school community informed.”

While it is not known how long the exfiltration of information has been taking place the MAZE group is well known for its criminal activity.

As I have been preaching for some time now ransomware is more than just a one and done payment plan. For some reason many people think that if they pas the ransom, they will be free from further exposure and threat. Nothing could be further from the truth. The fact is when ransomware is installed on a system there is no guarantee that the perpetrators have the means or the desire to decrypt your files. Furthermore, even if your files are decrypted you are still at risk for years to come.

Within a few weeks of writing my first article on ransomware explaining that the crooks can and often decrypt and then quickly strike again the first reports began coming in about “Double Extortion” and “Double Ransom”. I explained that even if you pay and they do not or unable to strike you again with ransomware, they have likely been on your systems for quite a while. In fact the average time from initial compromise to detection is greater than 6 months. Don’t think for a second that they just sat there either. It is quite possible they have been stealing your data/information the entire time and the ransomware only gets triggered when the threat is discovered.

That is where part two of their plan is revealed. Just as in this case they have stolen the data and threaten to publish it on the dark web and sell it to other cyber criminals if the ransom is not paid, but will delete it if you do. I am not sure about you but I refuse to believe they will ever delete the data they have stolen. Once it is out of your control, It can never be assumed that it is EVER private again. I feel that paying any ransom is like pouring salt into your own wounds. You give your money away and it serves no purpose other than to line the pockets of the thieves with easy money and your data/info is still going to be sold on the dark web markets.

Too many companies and individuals have the false belief that they won’t be attacked because they are too small or they do not have any data that has any value.

That is just plain WRONG thinking.

First believing you are too small to be of a great enough reward for the criminals efforts makes you the easiest target. That is because you do not feel it is valuable you do not protect it as you could or should. Because you are complacent you are the low hanging fruit and therefore the perfect target.

Second, your data holds value. It can be held for ransom. Can you afford $10,000 personally or $100K if you are a business? Even if you do not pay, as I would suggest save very specific circumstances, you data can still be sold on the dark web shopping malls. Current prices for personal information range from as little as $8 per record to upwards of $700 per record depending on the content. Those records can be sold several times over. Get the picture?

In this case of ransomware attack and stolen data from Fairfax County Public Schools is just the beginning of the problems that lie ahead. While it is unknown what the data they have stolen contains the possibilities are frightening. It could possibly have medical information, students names, schedules, emergency contact information, grades, social media profile names that may be connected with he school system, address, age, date of birth, social security numbers and much more. That is just the beginning. It is also possible that malware has also been loaded to every computer system that has connected to the school system services servers. That means ransomware could also have been installed onto those computers also. The computers of parents registering their children for classes or sports or activities.

I have heard many people argue that they do not save any personal, financial or medical information on their computer. Again this is an invalid argument. Here is why. Have you ever logged on to your bank online? How about paying a credit card online. Maybe you signed on to your doctors site to make a payment. If spyware, often loaded with ransomware, has been present on your system for six months and you have done any business online, it is likely your login/usernames and passwords have been stolen. that means it is likely that while your accounts may not have had major discrepancies that information can be used to open new accounts and can also be sold online.

I could go on but I will refrain from beating a dead horse.

Windows 7 End of Life

Most small businesses and individuals believe they are doing all they can to protect themselves. That is the first danger. They also believe that implementing good security measures is too expensive and they cannot afford it. That is the second danger. The third is they believe the technology is too complicated.

Now is NOT the time to take chances online with your family’s safety.

The problem with this mindset is that it is defeatist. There are fairly simple and inexpensive steps you can take to make sure your family, your employees and their families stay safe while participating in online activities.

  1. Install, configure and update ant-imalware, anti-virus and real time web protection. (I personally use 3)
  2. Update operating systems as soon as they are out. Uses automatic update features and set it up to install during off hours.
  3. Keep ALL apps updated. Keep websites platforms, apps and plugins updated.
  4. Use Web App Firewall (WAF) on all websites.
  5. Lock down WIFI at home.Turn off SSID Broadcast. Turn off WPS. Only use WPA-2 or higher – NEVER use WEP.
  6. Do not use public WIFI. The risk is not worth it. Instead set up Mobile Hotspot on your cell phone and do not broadcast SSID.
  7. Use Strong Passwords. Do not use passwords on different sites. Use a password manager.
  8. Turn off Location on all devices.
  9. Do not “Check In” on social media.
  10. Do not click links in emails unless you know who sent it. Then you should always confirm from the apparent sender via different communication methods. Call or Text to confirm.
  11. Do not enable content or macros on downloaded files.
  12. MONITOR your email addresses for compromises on the Dark Web. – This is the best early warning system there is.

This list is a start but Awareness and Vigilance are required to ensure that a breach of another party’s systems does not create a financial catastrophe for you and your family.

If you have questions or concerns reach out to me. Lets work together to make it safe for your family and employees to use all the resources that are available online.

Contact Us

Leave a Reply