The reality is many businesses have been compromised and they do not realize it. How could this happen? There was new client we started working with and as we began to perform a thorough security inspection, within two hours we found that one computer had an active banking trojan!! This trojan made some scheduled tasks to run specific instructions daily, calling back to the attacker computer,  and the name-brand antivirus they had at the time never knew the computer was silently working against them. What was it doing? They are known for stealing passwords from browsers, forms, provide remote access and download other malware to do the bidding of the attacker.

How did this compromise happen? It started with a word document that was sent as an attachment in an email two years earlier; the document was still sitting the documents folder. Why did the antivirus not catch this after two years?  Hundreds of thousands of new malware is created and identified daily and many are not because no antivirus signatures or vaccines were made.  Without the appropriate signature, legacy antivirus misses these malicious programs as they abuse the operating system.

What did we do differently to be able to find this?  We take the approach and assume that every new client computer we start to service has been compromised and then we bring in the human threat operations team. Once Threat Ops has found the threats we work with the client to determine the best remediation solution. Once the threat(s) have been remediated we scan all files to determine the behavioral intent, whether malicious or benign.  Once all files are in a secure trusted state we monitor all files to make sure that they stay in a trusted state and work to prevent any suspicious and/or malicious behavior.

Normally, this service was only available to our fully managed clients.  However, our goal is to do what we can to better assist #CyberSecureLaredo businesses. Thus, we decided to offer our endpoint protection as a stand-alone service, an entry-level solution that goes beyond traditional antivirus. What we have been able to pack into this service is AWESOME!!

Now, let's get back to what to do once a company realizes that it was hacked.  If you have a ransomware notification on your screen, please disconnect the network cable and get help now!

  • Determine how many other devices have been affected
  • Disconnect any affected devices by either unplugging the network cable and/or disconnect from the wireless connection so as to prevent further communication to the command and control center.
  • Contact your cybersecurity insurance agent if you have an active policy
  • Are that passwords that have been reused for multiple cloud accounts? Check the logs to determine who has been logging in, from what location(s) and when
  • Check your backups
  • Rebooting the computer could interfere with any forensics that may be required if you really want to know what happened.
  • Determine how you will communicate with your customers/clients if their data was compromised and possibly stolen
  • Determine if any regulations or state laws require you to notify customers/clients and post to a public location

There is actually much more to do but the above list will get you started. Have a real conversation with your IT whether staffed or outsourced, employees and executives in order to prepare and start implementing:

  • Cybersecurity awareness training
  • MFA (multi-factor authentication) for all accounts
  • Budget for cybersecurity
  • Update old and outdated hardware and software
  • Unique passwords for all accounts
  • Hire a trusted advisor

Not all attacks are targeted at specific companies but weaknesses in the technology and the person. This means that tightening the security posture of your business. We hope that you will never experience such an incident but the odds are slim so now is the time to prepare!

Contact us to have an informative conversation about better securing your business.

https://www.selectsecuresolutions.com/contact/