Get Started Today!  732-747-9373   

Fotolia 68929807 M new

DeckerWright Corporation Blog

DeckerWright Corporation has been serving the Red Bank area since 1984, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

The Week in Breach 10/02/19 - 10/08/19

cyber criminalsUnited States - Zynga

Exploit: Unauthorized Database Access
Zynga: Social Game Development Company

Hackers gained access to the company’s database, which exposed the personally identifiable information (PII) for millions of customers. The company discovered the breach in September, and they responded by hiring an external investigator to determine the scope and severity of the breach. Unfortunately, by the time they responded, hackers uploaded user data to various hacker forums.

The data breach applies to all users of the platform’s popular Words with Friends gaming app on Android and iOS who registered on or before September 2, 2019. In addition, some users of Draw Something, another mobile game produced by Zynga, were compromised. The exposed information includes names, email addresses, login IDs, hashed passwords, password reset tokens, phone numbers, Facebook IDs, and other Zynga account details. Since this information is already available to bad actors on the Dark Web and will be used to perpetuate additional cybercrimes, those impacted by the breach should carefully monitor their accounts while being especially watchful for other fraudulent communications.

United States - Tomo Drug Testing

Exploit: Unauthorized Database Access
Tomo Drug Testing: Medical Laboratory Providing Drug and Screening Services

An unauthorized user gained access to Tomo’s customer database, which contained a treasure trove of personal data. Upon discovering the access, Tomo hired an external forensic firm to investigate the incident, which confirmed that customer data was either deleted or removed from the database. Although Tomo can’t confirm that hackers downloaded data, they are charged with notifying their customers and regulatory bodies of the incident. This could bring additional expenses and revenue reductions to the drug testing company. Moreover, the company will certainly face additional criticism and scrutiny for its lengthy reporting process and the sensitive nature of the compromised information in question. The breach occurred on July 1, 2019 but wasn’t officially reported until this week.

Tomo confirmed that personal data, including names, driver’s license numbers, Social Security numbers, and drug test results could be compromised. The drug testing company has set up a designated helpline, and they encourage those impacted by the breach to acquire a free credit report to identify abnormalities.

United States - Zendesk

Exploit: Unauthorized Database Access
Zendesk: Customer Service Software company

More than three years after the event, Zendesk acknowledged a data breach after a third party notified the customer service software company of unauthorized data access. The breach impacts Support and Chat accounts, and it includes personal data from all categories of Zendesk users, including customers, agents, and end users. The company is resetting all passwords for users that registered before November 1, 2016. However, the platform touts many high-profile companies as clients, which means that the breach could have far-reaching repercussions for all stakeholders involved.

 The personal details of customers, agents, and end users were compromised in the breach. This includes names, email addresses, phone numbers, passwords, and other technically-oriented data. The company is contacting all customers who could be impacted by the breach, and those affected should reset their Zendesk passwords and any redundant passwords used on other platforms.

Continue reading

Security Concern #2 - Employees

security concernsDespite the industry focus on cyber-criminals and defending against different attack methods, employees continue to be the primary source of data loss to businesses. In this article we will discuss different documented ways employees have stolen corporate data for the employee’s benefit.

Employees achieve economic gain by stealing business data through three primary methods. First, an employee can steal cash from a business. Often an employee is entrusted with taking care of the company’s financials. If the employee has end to end authority over financial transactions, it is easy for the employee to divert funds into their pockets. There are many examples of this type of employee criminal behavior including processing false reimbursement vouches, cashing fraudulent checks and paying factious invoices to company’s controlled by the employee or an accomplice. Safeguarding the company’s accounting system is based on establishing clear procedures with at least two people involved in every transaction. The person processing accounts payable should NOT be the person paying the bills.  Expense vouchers and bills should be reviewed by a second person prior to payment to reduce fraud.

The second way employees attempt to profit by stealing business data is to use that data to either enhance their position with a new employer, or to start their own business. The most common theft is of client contact and sales information which can be used by the new entity to market to company’s clients.  There are two ways to combat this type of loss. One method uses tools after the theft to legally pursue the former employee, and the second relies on technology to try and stop a theft in progress. In order to pursue a former employee for possible data theft a company needs both contractual protection and electronic proof of theft. Legal protection is normally included in the employee hand book or employment contract. Electronic proof can come from phone logs, computer security logs, videos, emails and hi-tech monitoring software. Putting together the evidence of theft is often impossible for companies that haven’t done the proper up front work to retain log files and archive emails. 

The third way employees attempt to capitalize on business data theft is by selling the data. A recent example of this was the Capital One data theft. The cyber-criminals used knowledge gained as a former employee to gain access to Capital One’s client financial data. Once stolen, the employee attempted to market the data on the internet. These types of threats are increasing in frequency and intensity. Methods to prevent these types of business losses include limiting employee access to only the data they need to perform their business tasks. Make sure logging is enabled and that log files get archived so that if there's a breach, log file forensics can determine who and what was taken.

DeckerWright supports multiple employee tracking software systems including Veriato and Teramind. These software solutions track everything an employee does and can provide alerts if the employee is doing suspicious activities. While these solutions aren’t cheap, they do provide a method for using technology to both prevent and then document employee data theft.

Click HERE for more information.

Continue reading

Remote Users: Security Concern #1, Cyber Criminals

BOYDOne of the major trends in our industry has been the proliferation of remote workers using “Bring Your Own Device” (BYOD). Since the devices are owned by the employee, corporate security teams cannot install their software. Company data may be accessed by two methods, either directly through apps, or indirectly through remote desktop capabilities. Both methods rely on a device that is outside of the corporate IT infrastructure in the possession of an employee. Either method exposes the company’s data to loss to cyber criminals. To understand why, this article discusses some of the tools cyber criminals can deploy to exploit remote employees. 

In the normal course of our business, we help clients monitor activity of their employees on their devices. The “good guy” monitoring software provides a window into the types of tools used by cyber criminals to compromise a company’s security and gain access to valuable data. These tools include key stroke logging, click logging, URL logging, screen shots, access to log files and an inventory of software used by the employee. In the hands of a skilled cyber-criminal these tools would allow the cyber-criminal to impersonate the employee to gain access to the companies systems.

Here’s how. The software inventory tells the cyber-criminal what software they need installed to make the connection. The key stroke logger will provide the user name and password, and the screen shots will provide information about the connection, including clues about the multi-factor authentication. If a VPN tunnel is setup, the cyber-criminals can remote control the employee’s computer to gain access to the configuration of the VPN tunnel to gain any keys. With no multi-factor authentication (MFA), the cyber-criminal would have enough information to gain access to most systems with just this information. 

The most common form of multi-factor authentication is to a cell phone. Cyber-criminals have two methods for getting the MFA codes from a smart phone. One method is to get malware installed on the employee’s phone that forwards any codes received to the cyber-criminal, or allows the cyber-criminal remote control.  The more common method used today is for the cyber-criminals to take the employees phone number by impersonating the employee with the cellular phone company. Once the phone number is switched to their own device, the criminals can get the MFA codes directly. Both of these methods have been documented as used by cyber-criminals. 

A cyber-criminal could also use an active session to impersonate an employee when they aren’t working to gain access to information. Cyber-criminals controlling a device could also inject code into a company’s systems to search for and exploit weaknesses in internal systems. Since the screen shots will reveal the company’s internal systems, the cyber-criminals can tap the vast library of hacker’s tools to compromise the system. The success of either of these methods may allow the cyber-criminal to gather corporate information.

Any remote device compromised and controlled by a cyber-criminal can become a gateway to your company’s data.

Click here for more information.

Continue reading

The Week in Breach: 9/30/19 - 10/4/19

United States - Thinkful

Exploit: Unauthorized database access
Thinkful: E-learning website for developers

By leveraging an employee’s stolen credentials, an unauthorized third party was able to access the company’s database. While sensitive data, such as social security information, was not exposed, it’s possible that other personal information was accessed. In response, Thinkful has notified its users of the data breach, and is requiring password resets on all accounts. While the company wrote to its users that it is taking additional steps to enhance security, these efforts will not help those whose credentials were already compromised in the breach. This incident follows on the heels of the company being acquired by Chegg.

Users’ Social Security numbers were not compromised in the breach, but other personal information could have been accessed by hackers. Users should create unique passwords, enroll in multi-factor authentication, and monitor their accounts for suspicious activity in the wake of the attack.

Thinkful’s data breach announcement is especially problematic since it immediately followed news that the company was being acquired by Chegg. It’s unclear how this cyber-security incident will impact the deal, but cyber-criminals often target small companies before an acquisition, hoping to infiltrate their IT infrastructure before coming under the protection of the larger, more robust system of their new parent company. Therefore, businesses must consider cyber-security as both a moral imperative and a financial necessity, especially in the realm of mergers and acquisitions.

United States - Campbell County Memorial Hospital

Exploit: Ransomware
Campbell County Memorial Hospital: Healthcare provider operating as part of the Campbell County Health Department

A ransomware attack on Campbell County Memorial Hospital forced the healthcare provider to divert ambulance services, cancel surgeries, and stop admitting patients. The hospital’s emergency room remains operational, but many services are curtailed. Hackers did not send a ransom demand, leaving hospital IT administrators grappling for a solution. Campbell County Memorial Hospital reports that no patients were harmed because of the outage. However, with no solution in sight, patient care remains dubious and the long-term financial ramifications of the incident could be extensive.

United States - Southeastern Pennsylvania Transport Authority

Exploit: Malware attack
Southeastern Pennsylvania Transport Authority: American transport authority

The online store for the Southeastern Pennsylvania Transport Authority was victimized by Magecart malware, a data skimming attack that steals customer data at checkout. In response, the department permanently closed their online store. The malware was spotted on July 16th, but it took the agency more than two months to gather relevant data and notify customers. The lengthy delay could have compromised additional users while also exacerbating the inevitable PR nightmare that always accompanies a breach.

Hackers gained access to the most sensitive form of e-commerce data, including names, credit card numbers, and addresses. Since this information can quickly spread on the Dark Web and then used to perpetuate additional financial or identity fraud, those impacted by the breach should notify their financial institutions and enroll in identity and credit monitoring services as soon as possible.

Continue reading

The Week In Breach: 9/18/2019 - 9/24/2019

United States - Carle Foundation Hospital

Exploit: Phishing attack
Carle Foundation Hospital: Regional, not-for-profit healthcare provider

Three company employees fell victim to a phishing scam that gave hackers access to their email accounts containing patient data. Although the hospital immediately secured the accounts, the easily preventable incident will expose Carle Foundation Hospital to intense regulatory scrutiny and cascading costs related to the breach.

The compromised email accounts belonged to three physicians, and they included data from patients that received cardiology or surgery services at Carle. The data includes patient names, medical record numbers, dates of birth, and clinical information. Fortunately, patients’ Social Security numbers and financial data were not included in the breach. However, personal data is a widely accepted currency on the Dark Web, since personally identifiable information(PII) can be used to facilitate additional cybercrimes. Therefore, those impacted by the breach need to closely monitor their accounts for usual activity while being mindful of other malicious uses of that information.


United States - Miracle Systems

Exploit: Malware attack
Miracle Systems: IT services provider for government contracts

Using stolen credentials, hackers gained access to several databases that store company data related to the US military. The breach, which occurred on three separate occasions between November 2018 and July 2019, was enabled by a malware attack that was distributed via a malicious email attachment. Although the stolen data was years old, the company was closely scrutinized by the Secret Service, and company leaders estimate that they’ve lost as much as $1 million because of the breach. Of course, this doesn’t include the opportunity costs associated with a loss in trust and business with the government.

Several email account credentials were stolen during the breach, and their accessibility was broadly advertised on the Dark Web. Although the company believes that this information is outdated, all employees.

Continue reading

Cyber Criminals Business Models

cyber criminalsI am beginning a series of articles discussing the threats to companies through employees working remotely. Ultimately, cyber criminals are working to monetize their efforts. There are three dominate business models in use today by cyber-criminals that drive their behavior. The business models are employee impersonation, data theft and denial of service attacks. This article discusses these business models to gain an understanding of the “why” behind cyber criminals. 

Most cyber criminals will employ one business model for their criminal enterprise. For example, we have not seen evidence of cyber criminals doing Ransomware exploits stealing company data or employee credentials. Likewise cyber-criminals using impersonation for their exploits rarely steal company data or perform denial of service exploits. Cyber criminals stealing company data, like the recent Capital One breach, may use impersonation tools to gain access to company data stores where they make off with troves of valuable data. 

Impersonation exploits take two forms. One form of impersonation uses a set of stolen credentials to become the employee for the sake of transacting personal business as the employee. Examples of these types of attacks include credit card charges, diversion of pay checks to criminal bank accounts, long distance charges and health insurance theft. The second type of impersonation that has recently become an issue is a cyber-criminal impersonating an employee for the purpose of diverting company financial transactions.  By monitoring a compromised employee’s communication silently, a cyber-criminal can intercept and divert financial transactions. IT industry publications have documented diversion of wire transfers from an intended financial institution to a cyber-criminal’s bank account. This is a particular problem in Real Estate transactions where large sums are wired between banks. The cyber-criminals monitization of this exploit is straight forward, they divert and get the cash.

Some of the biggest headlines talk about the theft of Personal Identifiable Information (PII). PII often includes social security numbers, birthdays, health insurance policy numbers, addresses, credit card number and bank account information.  The recent Capital One exploit illustrates an exploit of company data. Cyber-criminals monetize data theft in two ways. One method is to actively use the data to impersonate a consumer to use the consumer’s credit to purchase items or establish credit lines that can be used to generate cash.  The second method for monetizing data theft is the sale of the data. Cyber-criminals have a Google of sorts for stolen consumer PII.  The fresher the PII, the more it is worth. The 110 million consumer PII records stolen from Capital One would be worth millions on the consumer data resale market. 

The final prevalent cyber-crime business model is a denial of service attack.The type receiving the most press today is Ransomware.  By encrypting a company’s data, the cyber-criminals are able to demand payment in bitcoin for the decryption keys and decryption software to return access to the data. When combined with an attack that turns employee computers to zombie computers, as was experienced by Sony, the attack is particularly paralyzing to a business. The criminals monetize the denial of service attack by seeking payment in bitcoin that is easily convertible to dollars or other local currencies.

The business models of cyber-criminals are constantly evolving and growing to turn technology into cash for their efforts. Upcoming articles will focus on the specific threats facing companies that have remote employees.

Click HERE for more information.

Continue reading

Introducing New Office 365 Backups

This past September, we began backing up client’s Office 365 data.  Starting at just $10 for 100 GIGs of storage, the backup system will backup email, contacts, calendar and SharePoint files stored in Office 365.  The backup system stores the data for a year, allowing the recovery of an email or file on any given day.   Increasingly our clients are relying on Microsoft SharePoint, Teams and One Drive for their document storage.  As more data gets stored in Microsoft’s cloud the need for external backups of the data has grown.

Microsoft in its service level agreement states that it is not responsible for backing up and protecting a user’s data.  While Microsoft does provide a way to restore lost or deleted files for several weeks after deletion, there is no way to go back three months and recover a file.  We maintain the backups for a year so that files may be recovered if a user suddenly discovers they are lost.  As clients increasingly move data to Teams, SharePoint and One Drive, the need for backups becomes greater. 

There is often a need to recover an earlier version of a file that may not exist any longer in Office 365.  In this case, the backed up file would be recoverable through the Office 365 backups.  By going backwards in time, the earlier version of the file may be identified and recovered.  This is a problem with seasonal or calendar based business processes that may only happen once a year, or only quarterly.  Having a backup copy of the files is the only method to recover these lost files.

The backups maintain old files for up to a year even after an account is deleted from Office 365.  When you delete a user from Office 365, those emails and files are deleted forever.  With the files backed up, you have the ability to recover an important email a former employee may have received.  Users often misplace emails in Outlook.  The backup system has advanced search features that can aid the recovery of misplaced emails. 

If a user’s account gets compromised, and all of the emails, contacts and files get corrupted or deleted, the only option a user would have would be to go to the backup copy of the lost items.  Between lost smartphones and cyber criminals hacking in, Office 365 data is at constant risk of being compromised.  Having a backup copy of the data is an important way to protect important business data.

Click HERE for more information.

Continue reading

Managing Remote Workers

remote workersOver the past several months we have experienced a transformation in our business.  The transformation has been driven by the expansion of our work force beyond the walls of our corporate headquarters.  While our customers are based in New Jersey, our team is now scattered around the globe.  Managing a work force with remote employees is a challenging task for even the most experienced management team.  Here are some of our findings for how to maintain employee engagement with remote employees.

I have never been a fan of meetings, but a regular cadence of meetings is critical to having a team jell and work together for common goals especially when team members are remote.  We have both daily and weekly meeting cadences which get team members to interact to discuss problems we are facing with clients.  The meetings focus on planning and collaboration to deliver services to our clients.  All of the members have input in the meetings which gets the team to engage each other. 

We work hard at having documented processes for virtually everything we do.  By having good documented processes, remote workers have a guide for how to perform their duties, and we as managers have some gauges for how to assess the remote workers contribution to the team.  A process is a living set of steps that defines how business data is transformed into action on the client’s behalf.  We have invested hundreds of staff hours to develop well defined and effected processes that are documented in staff binders for each job role.  Don’t attempt to have remote workers unless there are well defined business processes for the remote workers to follow.

Technology also plays an important role in how the remote team members interact within the team and with clients.  Using Voice Over Internet Protocol (VOIP) technology, each team member has an extension on our phone system regardless of where they are located.  Calling our support team member half way around the world is no different than dialing a team member across the hall.  Using secure access technologies, we are able to allow all of our team member’s access to our systems, while maintaining our tight security.  We utilize Microsoft Teams for chat based communications and team meetings providing any additional layer of communication between team members. 

It shouldn’t be a surprise that the generation that lives on their smartphones doesn’t have any conceptual problems with working remotely.  As business owners, there is a lot of work necessary to provide the technology, process and structure to make the remote workers feel connected and contributing team members.

Click HERE for more information.

Continue reading

5G Early Reviews

5GVerizon, AT&T, T-Mobile and the other wireless carriers have been hyping 5G technology for years now.  5G technology has recently been deployed in several metropolitan areas, so the first consumer reviews are in and the results are spotty.  When it works, the speeds are remarkable...measured at nearly 2 GIGs of wireless bandwidth.  Unfortunately, the coverage is poor and performance is not predicable yet. 

5G wireless technology offers the potential for 10 GIG speeds.  In order to achieve those speeds, the wireless infrastructure needs to be entirely rebuilt from scratch.  Unlike older wireless technologies where carriers were able to add new antennas to existing towers, 5G technology requires a completely new infrastructure with a much higher concentration of antennas.  Instead of positioning antennas every few miles, the antennas now have to be positioned within 1,000 feet of each other.  Each new antenna needs to be serviced by a new fiber optic line which in turn must be brought back to a switching station where new high-tech routers and switches are concentrated to move the vast volumes of data.  This may be the largest and most expensive communications build-out since the original Bell System installing copper lines across the country over 100 years ago.

All of the carriers see 5G technology as the ultimate replacement for wired connections, which will reduce their operating costs in the long run.  No more copper lines or fiber optic lines into buildings, only a receiver converting the signal into technology recognizable by the equipment in that site.  That is the phone company’s vision.  The build out will take at least 10 years, and will probably take 20 years to hit most of the country. 

One beneficial side effect of the 5G build-out will be much better cell phone reception and faster 4G download speeds.  Since there will be so many more antennas, it is likely that a 4G phone will always connect with five bars of strength.  Combine strong signal strength with new much faster infrastructure behind the senses, and a 4G device should connect at closer to its 300 MG potential speed. 

With the scope of the 5G build-out, it may be years before it rolls into your area.  In the meantime, keep your 4G devices and be happy with the better performance when you're in areas where 5G is deployed.

Click HERE for more information.

Continue reading

Now is the time to buy Cyber Insurance!

cyber insuranceMany insurance companies are jumping into the market for cyber insurance. It is a cut throat business with each insurance company trying to underbid the other or add additional protection features. The net result has been a flood of insurance products at low prices. 

Why do I say the prices are low? We complete the security assessment questionnaires that our clients send us from insurance companies. The vast majority of insurance companies aren’t asking the right questions to accurately determine the cyber security risk of an attack by cyber criminals. Recent awards to cities around the country highlight the poor underwriting by the insurance companies. The Wall Street Journal today reported that the town of Lake City, Florida paid $462,000 in ransom on June 17, 2019 to get its computers back online. The out-of-pocket expense for the town was only $10,000.   Towns see cyber insurance as a way to avoid spending money on cyber security defenses. 

Insurance companies covered by cyber insurance policies that don’t force clients into good cyber security practices are almost always certain to make large payouts.  Cyber criminals know this.  They have also figured out that commercial insurance sales to municipalities has included cyber coverage so they can demand higher ransoms and get paid. As cyber insurance spreads to other business entities, look for the same trend in ransom demands for businesses. If your company is attacked and doesn’t have cyber insurance, the entire IT system is at risk since the ransom will be more than the business can afford since the cyber criminals will be expecting you to have insurance to support big payouts.

Since the cyber insurance market is relatively small, most insurance carriers aren’t paying any attention to the mounting losses being generated by this type of insurance. When the insurance companies finally wake up, they will be out hundreds of millions of dollars and policy rates will rise substantially. The other thing that will happen is the insurance carriers will get better at assessing cyber risk by asking the right questions which will probably include some type of automated network scan and client provided reports to verify the answers being submitted are correct. The insurance industry will begin to treat cyber insurance like fire insurance that has strict guidelines for compliance and the availability of insurance. This realization by the insurance industry is years away, so now is the time to buy cyber security insurance. 

Ironically the insurance industry is ultimately going to do something we in the IT industry have failed at for years. Getting companies to invest enough in cyber security to protect their data.

Click HERE for more information.

Continue reading

Mobile? Grab this Article!

Qr Code

Latest Blog

United States - Zynga Exploit: Unauthorized Database Access Zynga: Social Game Development CompanyHackers gained access to the company’s database, which exposed the personally identifiable information (PII) for millions of customers. The company discovered the brea...

Account Login