Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

Profile

Was my information part of a breach?

by

The number of breaches seem to be escalating and with it email addresses, passwords, and other information that I am sure you were not expecting to be released. While some of these are announced and hit the news stories especially when the amount of data is astronomical, but what about those that are not in the headlines. What was disclosed? Should you be concerned?

If we all follow the correct security policy of ensuring that passwords are not used for every sign-on, changed every 90 days, and never reused – you could be good, but lets face it how many of us really do this? To make matters worse, how many have signed up for a newsletter, e-commerce site, or app used it once and then forgot about?

The data that malicious actors can obtain run the gamut of the simply email and password to answers to security questions, birth dates, gender, usernames, social media presence, and phone numbers and more. This provides a treasure trove to those with harmful intent to attack with phishing, or attempt to gain access to corporate networks.

Running an Email Exposure check from KnowBe4 can provide you with answers to whom on your network may have had their information exposed in a breach.

Contact us today to find out how to request this complimentary scan.

Phishing and stolen credentials

by

Not a huge surprise that Phishing and stolen creditials are top of list according to the Verizon DBIR 2020.

With the release of the 2020 Data Breach Investigations report the top six takeaways were:

  1. The most common threat actions that led to an organizational breach were phishing and the use of stolen credentials;
  2. User error is among the fast-growing causes of breaches cited in the Verizon report;
  3. External actors still carry out 70 percent of breaches;
  4. The report lends credence to the concept of defense in depth.
  5. Web applications comprised the vector category that was most commonly exploited in hacking-related breaches;
  6. Certain malware varieties have taken a bit of a back seat. But most of the data was gathered before several prominent ransomware groups added data exfiltration to their repertoire.

To read the complete article -> Visit SC Magazine.

To find out how to protect your organization, contact us.

Ransomware is the Biggest Threat for Small to Medium Businesses

by

From Security Magazine

Eighty-six percent Small to Medium Business (SMB) clients were recently victimized by ransomware and 21 percent report six or more SMB attacks in the first half of 2017 alone, according to Datto’s State of the Channel Ransomware Report

Key findings from the ransomware report include:

  • An estimated five percent of global SMBs fell victim to a ransomware attack from 2016 to 2017. According to 97 percent of managed service providers (MSPs), ransomware attacks are more frequent in 2017.
  • According to 99 percent of MSPs, the frequency of SMB targeted attacks will continue to increase over the next two years.
  • Less than one in three ransomware attacks are reported by SMB victims to the authorities, a marked improvement from one in four incidents reported in 2016. Additionally, 35 percent report SMBs paid the ransom, down from 41 percent in 2016. The total cost of ransom paid to ransomware hackers in 2017 is $301M. Of those victims that pay up, 15 percent still never recover the data.
  •  As a result of a ransomware attack, 75 percent of MSPs report clients experienced business-threatening downtime. Nearly 30 percent of MSPs report a ransomware virus remained on an SMB’s system after the first attack and struck again at a later time. One in three MSPs report ransomware encrypted an SMB’s backup, making recovery even more complex. 
  • Nearly 85 percent of MSPs who’ve dealt with ransomware report seeing CryptoLocker. Additional common variants include CryptoWall, Locky and WannaCry, which is a new addition to the list. 
  • Among those industry verticals who are targeted most by ransomware attacks are Construction, Manufacturing and Professional Services. SaaS applications continue to be a growing target for ransomware attacks with Dropbox, Office 365 and G Suite most at risk. Mobile and tablet attacks are also on the rise.
  • While 90 percent of MSP respondents cited they are “highly concerned” about the business threat of ransomware, only 38 percent of SMB clients felt the same. This could be due to the lack of mandatory cybersecurity training across SMBs, which MSPs cite as the leading cause of ransomware infections.

Contact us to discuss protection against ransomware.

CANADIAN POLICE RAID ‘ORCUS RAT’ AUTHOR

by

Canadian police last week raided the residence of a Toronto software developer behind “Orcus RAT,” a product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. Its author maintains Orcus is a legitimate Remote Administration Tool that is merely being abused, but security experts say it includes multiple features more typically seen in malware known as a Remote Access Trojan.

Filed Under: Advanced Persistent Threat, Blog, CyberThreats, Security News

Canadian Companies See Increases in Attacks, Breaches, and Sophistication in the Last 12 Months

by

By Stu Sjouwerman

If you read the latest Canadian Threat Report from Carbon Black, the Canadians have it bad… really bad. With increases across the board, Canadian organizations are needing to step up their security game.

Cybercriminals don’t care what country their victim is in, as long as there is money to be made. And Canada is no exception. So, security vendor Carbon Black surveyed 250 CIOs, CTOs, and CISOs to better understand what the cyberattack landscape looks like and what trends are being experienced.

According to the report, Canadian organizations have had it rough over the last 12 months:

76% reported an increase in attacks
10% an increase in attacks of more than 100% over the previous 12 months
81% reported attacks have become more sophisticated
83% report being breached
The average number of breaches is 3.2

As nice as the Canadians are, they are not just sitting back and taking it. The report highlights a few responses to all of these attacks:

59% are actively threat hunting
85% anticipate an increase in security spending

According to the report, the number one cause of successful breaches was phishing. This should come as no surprise, as phishing as long been sitting at the top of the attack vector food chain. The use of phishing means Canadian organizations need to take some of that increased security budget and spend it in a way that will materially decrease the success of phishing attacks.

Employees are the weakest link in phishing attacks, being fooled by social engineering tactics, contextual details pulled from online intel-gathering, and a general lack of vigilance on the part of the employee. Organizations using Security Awareness Training along with phishing testing can elevate the employee’s understanding of why continual security awareness is necessary, what’s at stake, and how to protect themselves and the organization from phishing attacks that can result in malware infections, data breaches, and ransomware attacks.

The Canadians have realized they need to get serious about cyber security. Adding Security Awareness Training to their strategy needs to be a primary part of the strategy.