Posts

Can’t wait to integrate ChatGPT into your business processes? …actually, here’s exactly why you should wait!

/in , , , , , , , , /by
ChatGPT for business

You can’t escape it. It’s all over the news and social media about this sudden wave of improvements in LLM (Large Language Models) or as most people know them at the moment Chat-GPT! 

Every large tech firm is rushing to integrate these technologies into their products with Microsoft launching co-pilot and Bing with Chat-GPT integration. Google is launching AI lead improvements to Workspace and Facebook accidentally leaked the source code to their LLM. 🤦‍♂️

With all of this going on you would expect that these products are at least secure and pose no risk to the users, businesses or the general public. And while I am wholly in favour of improvement to AI and ML, we must consider the risks these LLM pose as they begin to become part of everyday life. 

What are you talking about?

I should start by covering what an LLM is. Well in the words of Nvidia “A large language model, or LLM, is a deep learning algorithm that can recognise, summarise, translate, predict and generate text and other content based on knowledge gained from massive datasets.” To most of us what this means is that a system can take input in human language, not machine code or programming language and can then complete these instructions. Now, this can be as simple as how do you bake a cake. Or you can ask it to write an application that will convert files to pdf and upload them to an FTP server based on the IP address x.x.x.x and write an output file for me to show completion, in C++. The LLM will then go away, compute the question against the information it has been “taught” and will then come back with an answer.

chatgpt plus

 There are a few things we should all be aware of with LLMs as they stand today, these limitations are present but not always obvious. 

  • LLMs are driven by the dataset they have and may have complete blind spots to events if they occur post the data set provided, i.e Chat GPT (GPT-3) is based on a data set from 2021. So if you ask it about the F1 teams for 2023, it will either throw an error or will simply give you information it “generates” from the information it has been fed.
  • LLMs can therefore “hallucinate” facts and give you a completely incorrect answer if it doesn’t know the facts or if the algorithm works itself into a situation where it believes it has the right information.
  • LLMs are power-hungry. They need huge amounts of computing power and data to train and operate the systems.
  • LLMs can be very biased and can often be tricked into providing answers by using leading questions making them unreliable.
  • The largest risk is that they can be coxed into creating toxic content and are prone to injections actions.

Therefore the biggest question remains what is the risk of introducing an LLM into your business workflow? 

With the way that LLMs work they learn from data sets. Therefore, the potential risk is that your business data inside applications like Outlook, Word, Teams or Google Workspace is being used to help develop the LLM and you don’t have direct control over where the data goes. Now, this is bound to be addressed over time but these companies will 100% need access to your data to move these models forward so limiting its scope will have an impact on how they develop and grow. Microsoft and Google will want to get as much data as possible. 

As such you need to be careful to read the Terms of Use and Privacy Policy of any LLM you use. 

Other Risks

This one is scary, and it increases as more organisations introduce LLMs into the core workflow, is that queries stored online may be hacked, leaked, stolen or more likely accidentally made publicly accessible. Because of this, there is a huge risk of exposing potentially user-identifiable information or business-related information. 

We should be aware of the misuses risk that also comes from LLM with the chance they will be used to generate more convincing phishing emails, or even teach attackers better ways to convince users to enter into risky behaviour. 

openai

The final risk that we should be aware of is that the operator of the LLM is later acquired by a company that may be a direct rival to yours, or by an organisation with a different approach to privacy than when you signed up for the platform and therefore puts your business at risk. 

As such the NCSC recommends

  • not to include sensitive information in queries to public LLMs
  • not to submit queries to public LLMs that would lead to issues were they made public

At this point, Planet IT’s recommendation is not to integrate the new features from Microsoft and Google into your business workflow. Certainly not until proper security and data controls have been implemented by these companies and the risk of your business data being used as sample material to teach the LLMs is fully understood. These are emerging technologies, and as we continue to see change at Planet IT we are monitoring everything very carefully to understand how it will affect the security and data compliance of your business. 

More information from the NCSC can be found here : https://www.ncsc.gov.uk/blog-post/chatgpt-and-large-language-models-whats-the-risk

If you want to talk to one of our experts about how we can help you with your security and understanding of LLM then please call 01235 433900 or you can email [email protected] or if you would like to speak to me directly you can reach out to me via DM or at [email protected].

IMPORTANT!!

This article was NOT written by ChatGPT. It was written by this ChapJPD (James Peter Dell)

Cloud Security Assessment Checklist: Protecting Your Business in the Cloud

/in , , , , , , , /by
cloud security checklist

Just because your data is in the cloud, that doesn’t mean it’s secure.
What???

I know many people believe that because they use Microsoft Azure, AWS or GCP, and big tech have their own security measures in place, that means you are safe, right? It doesn’t!!

In order to protect your sensitive information and comply with industry regulations, you need to perform a comprehensive security assessment of your cloud infrastructure.

Here is our recommended cloud security assessment checklist to help you ensure that your cloud environment is secure:

Access Management

Access management is one of the most critical components of cloud security. You need to ensure that only authorized users have access to sensitive information and systems. This can be achieved through the implementation of strong authentication methods such as multi-factor authentication, the use of secure password policies and even better, biometric authentication.
Additionally, it’s important to regularly review and audit your access logs to detect any unauthorised access attempts.

MFA

Directory Service

Directory services play a crucial role in cloud security by providing centralised authentication and authorisation for your cloud environment. A robust directory service will allow you to manage user accounts, passwords, and permissions in a secure and scalable manner. Ensure that your directory service is properly configured and that it integrates seamlessly with your access management solution.

Data Loss Prevention and Backup Policies

Data loss prevention is critical in protecting your sensitive information in the cloud. Implement a comprehensive data loss prevention strategy that includes the use of encryption, data backups, and disaster recovery solutions. Ensure that your data backup policies are regularly tested and updated to ensure that your data can be recovered in the event of an unexpected outage or disaster.

Rely on a Security Team

This is key. A dedicated security team is essential for ensuring the security of your cloud environment. This team should be responsible for the implementation and management of your cloud security solutions, as well as for performing regular security assessments and audits. Whether in-house or outsourced, make sure that your security team has the necessary skills and experience to keep your cloud environment secure.

Encryption

Encryption is an essential component of cloud security. Encryption can protect your sensitive information from unauthorised access, even if it falls into the wrong hands. Ensure that your data is encrypted both at rest and in transit, and that your encryption keys are properly managed and protected.

security updates

Security Updates

Often overlooked, updates are critical for keeping your cloud environment secure. Regularly update your cloud infrastructure and security solutions to ensure that you are protected against the latest threats. Stay up-to-date with the latest security news and vulnerabilities to ensure that you are prepared for any potential security incidents.

Monitoring

Regularly monitor your cloud environment to detect any security incidents or threats. Ensure that you have the necessary tools and processes in place to quickly respond to any security incidents, and that your security team is properly trained and equipped to handle them.

In conclusion, the cloud is an essential component of modern business, but it also presents a unique set of security challenges. By following this cloud security assessment checklist, you can ensure that your cloud environment is secure and that your sensitive information is protected. Keep this checklist handy and regularly assess your cloud security to ensure that you are always protected.

Ignorance is not bliss. Why Are Some Businesses So Reluctant To Embrace The Cloud?

/in , , , , , , , /by
Why are businesses so reluctant to adopt the cloud?

Cloud computing is the future of business. I argue that it is very much the present too. The cloud benefits organisations to become more agile, efficient, and cost-effective.

But why are some companies still hesitant to join the party?

Is it the cost? Is it a lack of understanding?

Ok, Let’s call out the elephant in the room: security and privacy concerns.

Yes, security breaches make headlines, but the truth is that cloud providers have heavily invested in security measures.

This includes encryption, firewalls, and multi-factor authentication. However, many businesses are still sceptical about the effectiveness of these measures and worry that their data could be vulnerable to cyberattacks.

So, I’m going to call the cloud providers out on this. Just because your data is stored on the cloud, and despite their valiant efforts, the reality is that you still need 3 party security solutions in place to safeguard your business data. But any responsible IT manager or business leader will appreciate this is a modern business need anyway.

Another reason for the reluctance to adopt cloud computing is privacy. Many businesses are concerned about the privacy of their data, particularly in light of recent privacy scandals. They worry that their confidential information could be accessed by unauthorised third parties, either by accident or through malicious intent.

But it’s not just security and privacy holding companies back. Many simply don’t understand the cloud. And that’s understandable. But ignorance is not bliss in the digital age. The businesses that seize the cloud advantage will leave their competition in the dust. Access to cutting-edge tech, scalability, and improved collaboration – the benefits of the cloud are too good to pass up.

So, to the companies still on the fence about cloud computing: don’t be left behind. Embrace the future and take your business to the next level.

Cloud computing is the answer to your digital needs – embrace it and thrive.

The future of Cyber Security for… BUSINESS LEADERS

/in , , , , , , , /by
the future of cybersecurity for business leaders

The future of cyber threats impacts both IT managers and business leaders, but with different priorities and approaches. While both groups recognise the importance of securing their organisation’s digital assets, they have different perspectives on the impact of these threats on their respective roles.

I have written 2 articles. Both on the topic of looking at the future of the cybersecurity landscape, but this post is from the BUSINESS LEADERS, OWNERS, MANAGING AND FINANCE DIRECTORS  point of view.

If you’d like to see my take on what IT MANAGER or IT DIRECTOR‘s need to be aware of, then CLICK HERE.

The Future of Cybersecurity.

Cyber threats are becoming increasingly sophisticated and persistent, posing a significant risk to businesses of all sizes. Business owners, managing directors, CEOs, and financial directors, be Aware! It is crucial to understand the future of cyber threats and take the necessary steps to protect their organisations from devastating cyber attacks.

  1. Cost of a Cyber Attack. A successful cyber attack can have devastating consequences for a business. This includes loss of sensitive information, damage to brand reputation, and financial losses. The cost of a cyber attack can run into hundreds of thousands or even millions of pounds. In many cases, even force a business to close its doors permanently.
  2. Targeted Attacks. Businesses are increasingly becoming targets of cyber criminals who are looking to exploit vulnerabilities in their systems for financial gain. These targeted attacks are becoming more sophisticated, and businesses must be proactive in their approach to cybersecurity to stay ahead of the threat. The naive days of “Why would they want to hack us?” are long gone. Any business is a target. 
  3. Cloud Computing. The widespread adoption of cloud computing is changing the way businesses operate. It also presents new challenges in terms of cybersecurity. Businesses must ensure that their cloud environments are secure, and that sensitive data is protected from cyber threats.
  4. Human Error. Now this is a big one! Human error is a leading cause of cyber attacks. Your people are and are always likely to be your weakest link. It is crucial for business owners to educate their employees about the importance of cybersecurity and best practices for keeping their systems and data safe.

In conclusion,

The future of cyber threats and cybersecurity is uncertain, and businesses must take proactive steps to protect themselves. From the cost of a cyber attack to the risks posed by cloud computing and human error, it is crucial for business owners to understand the potential consequences and take the necessary steps to secure their organisations. By implementing robust security measures and staying informed about the latest threats and trends, businesses can mitigate their risk and protect themselves from the devastating consequences of a cyber attack.

The future of Cyber Security for… IT MANAGERS

/1 Comment/in , , , , , , , /by
the future of cybersecurity for it managers

The future of cyber threats impacts both IT managers and business leaders, but with different priorities and approaches. While both groups recognise the importance of securing their organisation’s digital assets, they have different perspectives on the impact of these threats on their respective roles.

I have written 2 articles. Both on the topic of looking at the future of the cybersecurity landscape, but this post is from the IT MANAGER or IT DIRECTOR‘s point of view.

If you’d like to see my take on what BUSINESS LEADERS, OWNERS, MANAGING AND FINANCE DIRECTORS need to be aware of, then CLICK HERE.

The Future of Cyber Threats for IT Managers

Cybersecurity has become a critical issue for companies and organisations of all sizes. Obviously, it is essential for IT managers to stay informed about the latest threats and trends in the field. In the coming years, the landscape of cybersecurity will continue to evolve, and IT managers must prepare to face new and emerging challenges.

Here are some of the key trends and predictions IT Managers and Directors need to know for the future of cyber threats.

  1. Artificial Intelligence (AI) and Machine Learning (ML). AI and ML technologies are becoming increasingly popular, and these technologies will also be used by cybercriminals to carry out attacks. AI-powered malware and bots will become more sophisticated and difficult to detect, making it crucial for IT managers to implement advanced security measures and stay up-to-date with the latest developments in AI and ML security.
  2. The Internet of Things (IoT). The widespread adoption of IoT devices will continue to grow, but the security of these devices is a major concern. Cybercriminals will target IoT devices to gain access to networks and sensitive data, and IT managers must take steps to secure these devices and ensure they are not vulnerable to attack.
  3. Cloud Computing. Cloud computing is becoming more prevalent, we know that. And as a result, cloud security will become a top priority for IT managers. Cloud-based systems and data are vulnerable to attack, and it will be crucial for IT managers to implement robust security measures to protect their cloud environments.
  4. Ransomware. Ransomware will continue to be a major threat, and the number of ransomware attacks is expected to increase. IT managers must take steps to protect their systems and data from ransomware attacks, and also have a plan in place for responding to and recovering from an attack.

In conclusion,

The future of cyber threats is uncertain, but IT managers can prepare themselves by staying informed and implementing the latest security measures. The use of AI, IoT devices, cloud computing, and ransomware will continue to present new challenges for IT managers, and it is crucial that they stay ahead of the curve to protect their organisations and data.

New Microsoft Exchange Exploit Found in the Wild

/in , , , /by
Microsoft Exchange

New year, new exploit.

This time, it’s another exploit for Microsoft Exchange Server, and it’s out in the wild being actively used to gain control of unsuspecting organisations’ email servers.

Microsoft Exchange 2013, 2016 and 2019 has an RCE vulnerability (CVE-2022-41082) that allows threat actors to open an elevated remote PowerShell service, and from there, they effectively have the keys to the kingdom. A Ransomware group known as Play has developed an exploit chain that bypasses mitigations that Microsoft had provided for the exploit chain, meaning organisations that have only implemented those but have not yet applied the patch for it needs to do so immediately.

This vulnerability is one of 2 “ProxyNotShell” flaws in Microsoft Exchange Server; the other tracked as CVE-2022-41040, is a server-side request forgery (SSRF) bug that gives attackers a way to elevate privileges on a compromised system.

Microsoft has previously recommended that organisations apply a blocking rule to prevent attackers from accessing the PowerShell remote service through the Autodiscover endpoint on affected systems. They claim the blocking rule will help prevent known exploit patterns against the “ProxyNotShell” vulnerabilities.

email security

New Exploit Chain Found

The big problem with the above is that an attack method is being observed in the wild that uses a 3rd little-known SSRF bug in Exchange server tracked as CVE-2022-41080 to access the PowerShell remote service via the Outlook Web Access (OWA) front end instead of the Autodiscover endpoint. Microsoft has assigned the bug the same severity rating (8.8) as the SSRF bug in the original “ProxyNotShell” exploit chain. This vulnerability allows attackers to access the PowerShell remote service and use it to exploit CVE-2022-41082 in the same way they could when using CVE-2022-41040. This is a previously undocumented way to reach the PowerShell remoting service through the OWA frontend endpoint instead of leveraging the Autodiscover endpoint. This new exploit chain involving CVE-2022-41080 and CVE-2022-41082 is known as “OWASSRF”.

The new exploit chain was discovered when investigating several recent Play ransomware intrusions where the initial access vector was via a Microsoft Exchange Server vulnerability. The researchers quickly found that Play ransomware attackers had exploited the “ProxyNotShell” RCE vulnerability CVE-2022-41082 to drop legitimate payloads for maintaining access and performing anti-forensics techniques on compromised Microsoft Exchange Servers.

Patch Now or Disable OWA

So what can you do to mitigate this attack risk? Microsoft themselves advise that “organisations should apply the Nov. 8, 2022 patches for Exchange to prevent exploitation since the URL rewrite mitigations for “ProxyNotShell” are not effective against this exploit method; if you cannot apply the KB5019758 patch immediately, you should disable OWA until the patch can be applied.”

microsoft exchange

What Else Can You Do?

If you still have on-premises / hosted Microsoft Exchange Servers in production, migration to Microsoft 365 should be considered for the longer term. Other practices that can be implemented now to help protect yourself:

  • Disable remote PowerShell for non-administrative users where possible
  • As previously mentioned, apply the KB5019758 patch immediately
  • If, for whatever reason, the patch cannot be installed, disable OWA
  • Implement an EDR tool to help detect web services spawning PowerShell processed; Planet IT recommends the Sophos Intercept X Advanced with EDR product if you have an in-house SOC team to manage it
  • If you don’t have an in-house SOC team, a managed SOC should be seriously considered; Planet IT highly recommends the Sophos MDR service
  • CrowdStrike has released a PowerShell script to help detect signs of exploitation and use it at your own risk.

Reach Out!

If you want to discuss anything within this article or need some advice on what to do next, please reach out via DM on LinkedIn, or email me directly.

Also check our our CyberSecurity page on our website

2022 – The Big Technology Winners & Losers

/in , , , , , , , , , , , /by
technology winners

As some of you might know, once December comes around, I sit down and take a lookahead at the at the technology that I believe will shape our year.

That article will be released the first week of January so watch this space…

Before that though, I always think it’s a bit of fun to look back at the last 12 months and see how right or wrong my predictions last year actually were.

In a change from previous years, 2022 technology landscape wasn’t as dominated by COVID-19. Instead, we were impacted by other unforeseen challenges such as the war in Ukraine, disaster mini-budgets and the loss of our head of state.

Because of this, some of our forecasts were slightly delayed, but overall, our predictions were pretty spot on. I won’t go into the detail again, but if you want to review our 2022 predictions, click here.

But now, using the powerful tool of hindsight, who exactly were the winners and losers of 2022?

 

Winners

 

Public Cloud

Once again, it has been a huge year for all things cloud technology. IaaS, SaaS, PaaS have, as predicted, accelerated to a new high, despite the critics in the market saying they are unaffordable.

Our customers have moved to the cloud in mass. The key for everyone has been looking at the workload and refining it to be cloud ready. If this is achieved, then workloads are streamlined, and the cloud is undoubtably a success.

The other interesting side effect of the success of public cloud is that the big server producers are all coming out with Hybrid cloud products. This is focused on keeping them in the game for a few more years, with products that allow easy workload migration to the cloud, cross scaling and targeted cloud leverage.

This will only continue in 2023, but my takeaway from it all is that the writing in now on the wall for the traditional server and storage world. HCI and owned equipment for servers is not far behind it.

cloud computing

 

Working From Home

The big companies of the world (mainly in finance) tried to tell us working from home was going to die off in 2022. Did they really believe people would flood back to the office?

This of course did not happen. WFH is here and it’s here to stay, with the focus for IT being on flexibility. The modern employee wants the chance to work where suits them. We are now able to tap into a globally connected market of extremely talented people who have previously been excluded from roles due to geographic location.

With Teams, Zoom, Slack and all the other tools at our fingertips, there is now no reason to not allow complete working flexibility and allow a better work life balance.

This is something that we at Planet IT have openly adopted. Without a doubt, this has seen an increase in people’s overall wellbeing and general approach to work has only gone from strength to strength.

Linux in the Mainstream

Stop right there! STOP!

Before all the IT people of the world lynch me and say “Linux has always been…..” or “Linux is the greatest operating system…..” I am in no way saying that Linux hasn’t been a very viable business operating system for the last 10 years.

Ubuntu as a distribution has been very user friendly and, for a while, even companies like Dell thought it was the future of the desktop consumer OS. Then ChromeOS came along and diverted their attention.

What I am saying is that in 2022, we saw the release of hardware running dedicated builds of Linux which are finally disrupting the market. One of these devices was the Valve Steam Deck, which was so popular this year that pre order took 11 months to fulfil.

However, the key for me is the story behind the hardware which is an operating system free from license costs. This overcomes some of the core challenges Linux has had in the past, compatibility. With this move and Apple’s move in opposite direction, 2023 looks set to be the year more business adopt the platform.

Let’s be honest, most cloud platforms are built around Linux anyway, so it only makes sense!

 

 

Losers

 

Private Datacenters

Déjà vu?

Last year, I said the coffin was ready and that we were about to hold the final goodbye for the private DC. I was pretty spot-on in fairness.

Even though a few hold outs tried to sell a revolutionary approach to private cloud, the final nail in the coffin was the energy crisis. Costs increased and private datacenters had to increase charges to customers. Meanwhile, AWS, Google and Microsoft simply swallowed most of the cost. This left most customers the choice between turning kit off or moving away.

There will always be a place for niche private datacenters for specific use cases, but for 95% of business’ the cloud is the future.

 

Meta

Having an extensional crisis about what the Metaverse is and what their products mean, Meta (previously Facebook) have struggled this year. Loosing revenue from adverts, losing ground to other platforms and heavily investing in Quest and the Metaverse which most people remain skeptical about anyway.

This shift has seen the company slip in its standing and become a bit of an outlier. This alongside a shift by Gen X and Y to TikTok and other faster social platforms is leaving Facebook and Instagram looking dated and doomed to be the next Bebo or MySpace (Sorry Tom!).

Many will say this is a good thing. The power in the hands of these super tech giants with everyone’s data makes governments and individuals nervous. So maybe a few of them shrinking may not upset too many.

P.S I won’t talk about Twitter in this section … because by the time you read anything I put about Twitter, Elon will have made huge changes, maybe renamed or deleted the platform and it will certainly be out of date! 🙂

SaaS Security

Surprised to see this in the technology loser section?

Security, is so important. It is even more important when you’re a company like Last Pass who recently suffered a data breach. They are the last in a long line of companies whose platforms have been compromised in 2022. Therefore, we cannot but think that maybe these big companies need to take platform or software security a little more seriously. This is a common trend and definitely hits my loser list because it shows how even the biggest companies can faulter.

Do better next year big tech, please!

 

The Lightning port

Why!!!??!

Its 2022! Why am I still talking about a micro connector that replaced a 30 pin USB 1 standard?

I will tell you why… because finally the EU has stood up to Apple and told them to get rid! 2022 will be the last year that a £1,400 device comes with a connector which cannot provide fast charging, cannot offer fast data transfer and is proprietary!

Long live USB C or well USB 3.2 or USB4 or Thunderbolt 3 or 4, whatever the standard, just use the same port for a couple of years. This will certainly allow me to cut down on the number of cables I hold onto!

lightening port

Conclusion

2022, like 2021, and 2020, was a year of change. Technology moves at a lightening pace (except, erm, the lightening port). We had some big winners, some little winners but overall, tech developments are moving quicker than ever. While Moore’s law may be starting to fail, the ability of technology companies to innovate is not.

Do you agree with our technology winners and losers list? What tech impressed you this year? Or what did you see crash and burn?

Comment on my post or DM me on LinkedIn, or email me directly on [email protected] if you would like to debate our choices or even talk about how the Planet experts can help you in 2023

 

The 7 Steps Of A Cyber Attack Chain

/in , , , /by
cyber attack chain

If you have been following our Planet IT webinar series this year (if not, why not? Catch-up HERE), we have been talking through the various critical aspects of protecting a business in 2022 from the modern cyber threats.

In doing so we have referenced the 7 steps of the attack chain. This conceptual idea breaks down the activity of an adversary attacker into 7 clear steps, allowing us to directly reference the techniques, tools and approach used at each stage.

In this article I am going to take a deeper dive into these 7 steps and add some additional information that we don’t always have time to share on our webinars.

 

STEP 1 – Reconnaissance

During this first phase of an attack, our threat actor is looking for a virtual open door, a window left ajar or a poorly trained security guard. In technical terms this looks like a port scan, DNS look up, physical walk around your building. The threat actor is looking for a way in. In most cases they will find this looking for open ports on your wireless network that can be used to access an exposed system which they can use later in the attack chain. However, in this phase it may be as simple as finding on your DNS that you don’t have SPF, DKIM or DMARC configured and that our only email protection is provided by Microsoft or Google as part of your email hosting.

In a physical sense, if the attacker is looking for a way in, they could be outside your office building, completing a wireless scan looking for a network which uses a pre shared key or is open to the public which could easily be leveraged.

Once this stage is complete the threat actor has what they need to begin their attack and move onto the next stage.

 

STEP 2 – Delivery

With the information gained during step 1, the adversary now has all the information to hand to begin their attack. For an email-based attack which will leverage poor inbound security, they may simply deliver an email with a hidden attachment, a special font or a tracker which will give them all the additional information about your system including your endpoint protection, operating system and patch level.

For an attack coming in via an open port, this is when they will use tools to gain access at either code level or even remote desktop level to a system. Looking to gain clear access to a system with admin rights, the delivery step will often include the use of passwords ascertained from the dark web or from shares of other threat actors who have completed steps 1 and 2 before selling the information for gain.

For a wireless, attack a similar approach is taken to the open port however for this the attacker will have to come and either sit near your site in a range of your WiFi or place a device near your building that they can access remotely. The aim for this step for the attacker will be to gain access to the network and find a system which they can then deliver software onto in step 3.

This phase finishes where access to a system has been gained by any method and is ready to deploy their tooling or attack to a device.

 

STEP 3 – Installation

As all three steps begin to merge, the next action for the attacker is to get either the tools they are going to use to take control of the system in steps 4-7 or to have their ransomware, virus or associated malware delivered onto the target system or systems if they intend to have to spread to across the network automatically.

The key to remember is in step 3, no action to trigger an attack has taken place. This is the phase very much like the move before checkmate, the attacker is moving their pieces into place surrounding you ready to press forward.

This step is the last chance to intervene before serious damage is caused by that loss of business, reputation, or finical impacts.

Cybersecurity health check

STEP 4 – Actions On Objectives

This phase is where the attacker gets what they want, however, the end goal for different threat actors will be different. For most, it is to gain Intellectual property which can be used to blackmail a business into paying for its “safe” return. Others will exploit business customer data for sale on the dark web. This may include anything from usernames and passwords to bank details and national insurance numbers. The other side to any attack could be they simply want to hurt the business causing it to fail by removing IT as a function from the business.

During Step 4, this is exactly what a threat actor is doing, getting what they need, taking control and preparing to move into step 5.

 

STEP 5 – Weaponisation

Once we hit step 5, you have lost control of your system. The attacker is in control and they have leveraged their attack to gain whatever their goal was in step 4.

Now they are going to disrupt your business and drop the nasty surprises they have on you.

This is the phase that most unprotected or unskilled business notice an attack, after the adversary has already completed all of the actions and has begun to either encrypt systems, delete system data, delete backups, access or simply corrupt the system to make it unusable.

For most business, this is when a cyber response kicks into full swing with IT professionals scabbling to understand what has happened, where it has come from and how to stop it. If you find yourself in this position, I have some clear advice for you;

  • Disconnect all internet connections to all systems
  • Call your cyber insurance provider before you try to resolve the issue. They will have an approach they want you to follow and not doing so could leave you open to liability.
  • Take a breath. This is going to be a marathon, not a sprint and you need to make level-headed decisions. If you need it, call in external help; even if it’s just to provide a calming voice to those meetings where you will be making critical choices. An external party who are not invested in your business or employed directly by you will aid this process.

 

STEP 6 – Exploitation

At this point the attacker has gained what they wanted from you and may be in control of your IP, your data, or your finances. At this step the exploitation can take many forms and it could be;

  • A ransom note demanding payment for the release of your system or return of your data
  • A threat to release the information to the public showing your breach
  • Sharing this information on the dark web and allowing other threat actors to gain your business data
  • Selling your customer data on the dark web
  • Selling your IP to a rival or leaking it for free online

Only the attacker will know why they completed the previous steps but at this point, they will show their hands if they want either financial gain or if they want to damage your business or reputation. Once we have reached this stage you should be working with your Cyber insurance provider to take the necessary steps.

In most cases paying a ransom won’t get you your data, systems or Intellectual Property back, however some insurance providers will take the risk on the payment.

backup as a service

STEP 7 – Command and Control

If the attacker is not finished with you then step 7 is where they can leverage your network, its devices and its users and systems from their own means.

Think of a Zombie army once you are infected you join the army and become part of the problem. Many attack chains will see your IT systems leveraged to accelerate the attackers next targets and allow them to spread to other systems. During WannaCry, this was one of the main issues. Interconnected systems where getting the Ransomware passed onto them after another. Linked or associated business fell victim and this is why the NHS was affected so badly by the WannaCry outbreak.

 

I hope that the above information helps you understand how the attack chain takes place and the number of steps involved by the attacker when gaining access. If you are reading this and thinking, “how do I protect against each step of the attack?”, then you are in the right terms and you will stand a better chance of protecting your systems.

If you want to talk to one of our experts about how we can help you to avoid being the next victim then please call 01235 433900 or email [email protected]. Alternatively, if you would like to speak to me directly you can reach out to me via DM or at [email protected].

 

Corridor Digital, A Story of skirting over cyber security

/in , , , /by
CorridorDigital security hack

First of all I want to start by saying I love to watch CorridorCrew by the team over at Corridor Digital on YouTube. I appreciate the skill they have in their respective fields and the work they put into high quality content, I was therefore extremely interested when they uploaded this video (Channel was TERMINATED, we got Hacked (Not Clickbait)). As someone who lives in the Cyber Security space I wanted to know more, however this video only highlighted one thing to me the lack of emphasis in their video on the real issue, their own lack of cyber security.

To summarise the video the Corridor Crew’s YouTube account was compromised and a 3rd party took over their Near 6 Million subscriber page and removed all the videos on the page, replacing the name and starting a live stream of a Crypto mining scam. In the video it is highlighted that a member of the team had full admin rights to the business’s Google account , now to be clear in the video they are vague and say that this persons phone of MFA has also been compromised, but they never expand on this. Following another admin being able to force change passwords and kick all live sessions out and with some support from Google the team manage to restore access and return to function, using their other social media outlets to let fans and followers know what is happening.

Corridor Crew security

 

What did they do wrong?

To me this video highlights a critical issue with business today which is the mentality of it what happen to us and when it does many business chalk it off to a one off event. As a specialist in the field, my concern would not only be what else does access to this account give them, but what other tools or techniques could they have put in place for a second or 3rd wave attack. While taking over a YouTubeChannel for a Crypto scam is far from they most serious of crimes.

A serious though needs to be put to what other data could they have taken or used from this account, could they have got into the business own site and in turn the customer data on it including credit card details. The list goes on but this event cannot be brushed away as well we are back online, the severity of the business failing to take cyber security seriously has to be looked at, they however are not alone.

I am not calling out Corridor Digital for any reason other than they posted this onto YouTube and highlighted the event and therefore are asking for commentary. I do feel it reflects heavily on the general approach to cyber security in business and therefore I yet again employer you to look at your business practices, look at the tools and protections you have in place and ask yourself “Is this enough” .

What tools should they have used?

If you haven’t already secure every online account you have with two factor authentication, and make sure than the second stage authentication is not a text message to your phone or an email back to your main account, you should be using tools with time sensitive codes, physical tokens or bio metrics. This is they minimum protection you should have, it therefore goes without saying that you should always have a secure pin on mobile phones and tablets and that they should also use biometrics for security where possible, companies like Apple and Google spend millions on technology to protect data so leverage them.

What can you do to avoid it happening to you?

In closing I ask you to review your cyber security now! Before it is too late.

If you want to talk to one of our experts about how we can help you can avoid being the next victim then please call 01235 433900 or you can email [email protected] or if you would like to speak to me directly you can reach out to me via DM or at [email protected].

Email Security Gateway – What is it and why should you have one in place?

/in , , , /by

I recently wrote a blog post about how to spot a phishing attack (read it here), and also incorporated some of the content in a webinar we did with Precursor Security which showed how easy it is to was to compromise a Microsoft 365 account (watch it here). In both I mentioned that if you had a sufficient Email Security Gateway in place then it should help to catch and block phishing attempts. Here I will go into more detail about what an Email Security Gateway is, and what it can do for you.

What is it?

An Email Security Gateway is effectively a security barrier between your email solution and the outside world. It has visibility of all emails sent / received and interrogates them looking for malicious content.

How does it work?

When an Email Security Gateway is put in place, the MX records for your email domain are changed to the servers of your chosen provider. This then points all email traffic to your chosen solution which will then forward the email traffic to your email servers after interrogating them. Connectors are also configured within your email solution to allow mailflow to and from the Email Security Gateway.

How does it protect you?

Traditionally, an Email Security Gateway would be hosted on-premises scan an email’s attachments for viruses and that would be that. These days an Email Security Gateway is based in the cloud and will protect you against much more. Here are just a few of the attack types that a competent solution will prevent:

  • Denial of Service (relevant to on-premises email servers)
  • Impersonation emails
  • Malicious links in emails
  • Zero-day threats
  • Email account takeover
  • Low reputation senders

Some numbers for you…

  • 91% of cyberattacks start with an email
  • 85% of organisations were hit by a phishing attack in 2020
  • 1 in 7 organisations experienced an account takeover in 2020
  • $200,000 is the average ransom fee paid in 2020

“But I am using Microsoft 365 which has built in protection”

While technically this is true, the Microsoft Defender for Office 365 product requires a license uplift to get only some of the comparable features that a dedicated Email Security Gateway would provide. Being a dedicated solution, a 3rd party product would sanitise email traffic before it even hits Microsoft 365 and provides protection against more threats than Microsoft. Additionally, in independent tests Microsoft 365 ATP tends to perform poorly against the competition (full test here):

 

Email lSecurity Gateway Microsoft

 

An Email Security Gateway would also provide an Email Continuity solution should the Microsoft 365 email servers ever go down (which they have done in the past). See a brief diagram from Barracuda on how this would work:

Email servers working

 email servers working

 

Email Servers NOT working – Barracuda’s Email Continuity service takes over

email servers not working

 

 

What do we recommend?

Planet IT recommends a capable 3rd party Email Security Gateway like Barracuda or Mimecast to protect your business against email threats, as both solutions provide all the tools and protection you need to keep your organisation safe.

If you would like to discuss further how Planet IT can help you secure your email environment and protect your users from scams like the above email, please get in touch via DM or email [email protected].

 

My name is Adam, and I am a security-focused Technical Architect. My job is to provide expert advice on security solutions and assist our customers with protecting their environment from viruses, ransomware, and other nasty attack vectors! My background is in Security as a Service, Infrastructure and Helpdesk Support; I keep myself up to date with the latest threats and security products, so you don’t have to! Want to hear more of my thoughts on Cybersecurity and other technology news? Connect with me on LinkedIn

 

Looking for a technology partner?
Let’s talk

  • This field is for validation purposes and should be left unchanged.

USEFUL LINKS

CONTACT

Managed IT Support

Security

Back-up & Disaster Recovery

Professional Services

Telephony & Connectivity

Hardware / Software & Cloud

Knowledge Base

Blog

About Us

Contact Us

Privacy Policy

Complaints Policy

TEL: 01235 433 900

FAX: 1235 433 901

EMAIL: [email protected]

85F Park Drive,
Milton Park, Abingdon,
OX14 4RY

Crown Commercial Services Logo
QSL ISO 27001 Logo
Cyber Essentials

CONTACT

TEL: 01235 433 900

FAX: 1235 433 901

EMAIL: [email protected]

85F Park Drive,
Milton Park, Abingdon,
OX14 4RY

USEFUL LINKS

Knowledge Base

Blog

About Us

Contact Us

Privacy Policy

Managed IT Support

Security

Back-up & Disaster Recovery

Professional Services

Telephony & Connectivity

Hardware / Software & Cloud