It’s not uncommon for everyone to experience a network problem. As you can guess, everyday comes with a challenge whether it’s recovering files or fighting of a ransomware attack.

What was the Network Problem?

A local school district was targeted by cybercriminals. With a lack of budget and holding the belief that school districts are not typically targeted for cyber attacks, the school did not have the manpower or proper security in place.

Typically, cyber attacks happen on Friday nights or Saturday mornings to decrease detection. Also, they will typically attempt to break in right before a major operation, such as payroll, to add pressure to the situation. Like most hackers, the group initiated the attack late on a Friday night before payroll was due.

As Saturday morning came around, they went to access the student information database only to find an advertisement for Ryuk- a type of ransomware notorious for targeting government, education, and health-sector entities.

After doing some trouble shooting they discovered that the events happened as such:

• DBA reports issues with server
• Ryuk found, management notified
• All windows Servers powered off
• Payroll database ok, switches disconnected
• Server backups unrecoverable

Knowing that they had been hacked, the school district cut off their network and began to contact contractors for additional help with the issue at hand.

We were contacted Sunday morning and we began to help them with recovering their files and repairing their network. Looking into the issue, we discovered that they were using a flat network.

The Issue with Using Only a Flat Network

Essentially, a flat network only requires one switch to operate. A switch manages data flow in a network acting like a security door.

As you can guess, this security door determines which users are allowed in and out of a network. The problem is that if someone can get past that one security door, they have full access to your network.

How did you solve the Network Problem?

Luckily the school district had a physical backup, which helped us rebuild what they had lost. We went and installed proper malware security and segmented their network to further heighten their cyber security.

Working closely with their staff, we informed them of the backdoors they had open in their old network and gave them some best practice tips for keeping their network secure.

Over the next several months we assisted them with recovering lost files and other tasks needed to help rebuild their network.

Segmenting the Network Problem

Segmenting a network is a commonly used method to build a secure network. 

Essentially, when you segment a network, you add sub-networks. Within each new sub-network, you add a switch; or rather, a “security door”. Each security door decides who stays and who goes between each sub-network.  

Now with more sub-networks in place, an attacker has to go over more hurdles to access the entire system. Essentially, if a hacker gets into their network again, it will then be contained to a single sub-network.

After the incident was fixed, the school district acquired more funding and hired proper staff to run their network.

The post Helping a School District with a Network Problem appeared first on Wowrack Blog.

Simply put, vulnerability is a weakness that actors can use to infiltrate or access computer systems. Today, we are reminded of this vulnerability with the rise of the Log4j vulnerability.

This article will provide you with information regarding the log4j vulnerability. In addition, we also provide information in reducing or avoiding this vulnerability’s danger as a private or corporate entity.

What is the Log4j Vulnerability

Cybersecurity is a critical field to understand, especially in the digital age. While there are many glaring cybersecurity threats, such as viruses, ransomware, or phishing attacks, we often forget about the danger that arises from our own devices.

The National Institute of Standards and Technology defines vulnerability as a weakness or flaw within the security procedure, design, implementation, or internal controls that could accidentally trigger or exploit, resulting in a security breach.

The log4j is a Java-based logging utility used by billions of electronic devices to provide background information. It means, both private and business sectors who use Java-based programing language are running a risk of vulnerability in their systems. Several examples of these are websites, work applications, and even games.

CIO Dive reported that the log4j vulnerability works in a way that allows bad actors to gain access to IT systems without the use of authentication. The danger of this vulnerability doubles with how easily bad actors can exploit this vulnerability. Just a simple line of code is sufficient to access your system. Currently, Bitdefender has found out that bad actors are attempting to steal data or planting “Khonsari,” ransomware installed through backdoors and remote shells. It shows the possibility of a more dangerous attack from this vulnerability.

Mitigation of the Log4j Vulnerability

Vulnerable does not mean unfixable. With the world’s best IT practitioner and cybersecurity professional currently putting its attention to the log4j vulnerability, there is a big chance that a fix is on the way.

However, while we are waiting for fixes to be available, cyberattack threats will continue to linger around our IT systems. Therefore, while we are waiting for the patch that fixes this vulnerability, private and corporate can take preventative action to mitigate the vulnerability.

1. Use the Most Up-to-Date Version of Application

Firstly, the log4j vulnerability almost exists for all software based on the Java programming language. However, you can rest assured that most companies that develop software are already aware of the situation and the severity of the vulnerability.

It is crucial for both private and business to immediately patch up their software to the most up-to-date version. A temporary patch or hotfix can help mitigate the possibility of damage caused by the vulnerability.

2. Ensure Firewall is Active

Secondly, an attempt to access your IT systems through the log4j exploit will primarily use the internet connection as the medium. You will find malicious traffics attempting to break into your system. It may employ “spray and pray” or constant targeting techniques from the bad actors.

Ensuring your firewall protocol is active is one way to deter and reduce such attempts at your systems. Furthermore, if you already use additional firewall protection such as web application firewall (WAF), check if there is any new information, policy, or patch update regarding the exploit.

3. Constantly Backup Your Data

Then, as the vulnerability affects software applications and servers, ensuring your data backup is ready to use is essential. It ensures continuity if the data within your primary database is inaccessible. The biggest reason it might happen is primarily due to patch updates of the server.

4. Identifying Vulnerable Systems

The last step private and enterprises can take are identifying which systems are vulnerable to the exploit. Cybersecurity & Infrastructure Security Agency has already compiled all of the currently known software liable to the log4j exploit. In other word, it contains recommended actions that an entity can take if such software is used in the system.

Preventing Future Vulnerabilities

It is now generally accepted that the cost and effort required in creating preventative measures are significantly less than the cost of dealing with the fallout of a cybersecurity breach. In fact, business benefit $4 for every $1 it spend on cybersecurity effort.

While the current vulnerability is so massive in scope and may affect most IT users, properly investing in cybersecurity effort is worth doing. Especially for the protection and reduction in cost post-attack in the future.

In Wowrack, we can provide enterprises with a dedicated cybersecurity team available 24/7. We develop our in-house system to detect and respond to threats before they appear and disturb business workflow. We understand that a particular enterprise may have compliances that need to be followed. In this, we are confident that we can adjust our security service to follow the standards and compliances of your business.

Discover how Wowrack can be your best partner in protecting and safekeeping your data from today’s cybersecurity threats. Reach out to us now!

The post The Log4j Vulnerability: What You Should Know appeared first on Wowrack Blog.

Ransomware has become the root cause of many business infrastructure failures with staggering financial losses. The average cost to remediate a ransomware attack is about US$730,000, if the ransom isn’t paid. Surprisingly, the number escalates to $1.4million if the ransom is paid. Another worrying fact about ransomware attacks is that the number increased by 150% in 2020 as people started to embrace remote working or WFH. It is a threat that any business can’t afford to ignore.

Frankly speaking, no strategies could completely protect you from ransomware. For that reason, the best plan of action is to ensure the company is prepared to recover after the attack happens. Securing your data backup is critical to that process.

4 Steps to Ensure Your Backup Works against Ransomware

Do The Backup

The first thing is, obviously, do your backup. Conduct it correctly and regularly. What we suggest is to perform a 3-2-1 backup strategy. To do it properly, you need to have, at least, three total copies of your data. Two on-site/local backups on different mediums or devices and at least one off-site.

Having multiple copies of your data ensures you a higher probability of a successful recovery. Logically, you can always recover your data even if one of your backups cannot be accessed due to ransomware attacks or any other reasons.

Test the Backup and Recovery

The second step is to routinely test your backups to ensure that they truly work. During the tests, it is common to uncover things like missing software install disks and license keys that don’t refresh after recovery. For that reason, it is necessary to also store such data as install disks and license keys outside of your backup copies.

Wowrack recommends scheduling a regular test. How often you schedule the tests depends on your risks and data importance. One backup schedule does not fit all needs since different companies have different levels of tolerance. If you are not sure how often you should test your backup, you can always consult to an expert in the field.

Create and Document a Plan

Thirdly, it is necessary to create and document your plan. In the heat of the moment, it is easy to lose your way or spend critical time figuring out what to do. To put it simply, creating and documenting your plan ahead of time relieves possible stress and minimizes mistakes.

Some things to keep in mind while creating your plan are your Recovery Point Objective (RPO) and Recovery Time Objective (RTO). RPO determines how much data the business can afford to lose between backups. Meanwhile, RTO specifies the time required for system recovery.

Another tip: data worth paying extra attention to while creating the plan is Payroll and Accounts Payable/Receivable. Typically, recovering and rebuilding these data sets must be your top priority.

Separate Backups from Production

Finally, we suggest backing up off your domain to help keep your data secured. We also recommend using a unique and hard-to-guess username and password that is different from the administrator accounts. If possible, do not make a username that mimics your email address template.

Some service providers also strengthen your security by separating your backups from production. Wowrack, for instance, creates a backup network using separate NIC cards and specific ports to give you extra protection. Doing this inhibits bad actors from gaining access to your backup environment. Another extra but effective technique is having a data vault to store your backup that prevents deletion by any means other than expiration of a specific timestamp.

Bonus Recovery Tips

Even after recovery, however, similar ransomware attacks can still take place. This does not mean that your plans fail as ransomware can possibly reload during system restoration. Most of the time, the date when the ransomware attack began cannot be determined accurately. There is always a possibility that you recover a backup with ransomware in it.

To prevent it from happening, we encourage you to only recover data. Do fresh application installs instead of recovering the whole applications. By only recovering data, you can decrease the chances of reloading ransomware during system restoration.

The post 4 Steps to Protect Backup from Ransomware appeared first on Wowrack Blog.