Several months ago, MSI was called for an incident response. The business was under a denial of service attack (DoS). They had no internet connectivity. They had no phone service. They were under attack.

Continue reading →

Over the past couple years we’ve encountered increasing numbers of customers using various print management vendors. Many that we have encountered are using the same application suite to manage the printers, and by default it has a blank admin password. In most of the instances we’ve observed this parameter has not been changed, or a strong password set. Likewise most of the managed printers also are not configured to use authentication or are using the default credentials.

When we encounter this one of the “benefits” this application affords us, due to the fact that it keeps a fairly detailed inventory with model number, is that it allows us to pinpoint areas of attack and compromise. Printers that we know have issues, or printers with functionality such as saving to network shares, SNMP etc. can be leveraged without doing activities that would be easily detectible on the network.

Continue reading →

Have you ever heard of the New York State Department of Financial Services regulation requiring financial services companies to adopt cybersecurity measures that “match relevant risks and keep pace with technological advancements” (23 NYCRR 500)? If you haven’t, you should take a look, even if you don’t do business in the State of New York. This regulation is having a snowball effect that is affecting financial institutions across the nation.

Continue reading →

Office 365 and G Suite MFA bypass

Multi-factor authentication (MFA) has been shown to be a critical control to prevent business email compromise (BEC) as well as compromise of other critical systems. Recently, some information came to light about attacks on Office 365 and G Suite applications that bypass the protection of MFA.

Continue reading →

In a previous blog on healthcare information access concerns, I had expressed concerns for internal origins for data breaches. Further research to help mitigate some of these concerns has led to an observation that many data breach incidents could be funneled to a few common origins. The intent for sharing below some of the more unusual or high profile cases is to drive home the point that it really does happen in real life. And passive awareness of regulatory controls are not enough; active exercising and use of in-place policies is necessary.

Be it intentional, malicious or accidental HIPAA information disclosure, information leak occurs. Continue reading →

In a previous post, we talked about compromised Office 365 (O365) mailboxes and how to identify IOC’s – indicators of compromise. Despite all of your best attempts, phishing is still the single most efficient way into most if not all organizations.

Continue reading →

A good day phishing is better than a bad day doing anything else! (Or was that fishing…)

Business Email Compromise (BEC) attacks saw a 479% increase between Q4 2017 and Q4 2018 per Proofpoint. The dramatic increase in web-based implementations like Office 365 (O365) contributes to the corresponding increase in attacks. Yeah, yeah, we’re going to talk about phishing again, @TheTokenFemale? Really?

Yes. Because no matter how well trained your people are, no matter how diligent…everyone has a bad day. Your organization may not be the “phish in a barrel” type…but it just takes once. A family member in the hospital, a rush to clean things up before vacation, or any kind of significant distraction can make the most diligent person overlook…and click.

Continue reading →