Advanced Linux backdoor found in the wild escaped AV detection

backdoor-800x533.jpg

Fully developed HiddenWasp gives attackers full control of infected machines.

Researchers say they’ve discovered an advanced piece of Linux malware that has escaped detection by antivirus products and appears to be actively used in targeted attacks.

HiddenWasp, as the malware has been dubbed, is a fully developed suite of malware that includes a trojan, rootkit, and initial deployment script, researchers at security firm Intezer reported on Wednesday. At the time Intezer’s post went live, the VirusTotal malware service indicated Hidden Wasp wasn’t detected by any of the 59 antivirus engines it tracks, although some have now begun to flag it. Time stamps in one of the 10 files Intezer analyzed indicated it was created last month. The command and control server that infected computers report to remained operational at the time this article was being prepared.

Read more at ArsTechnical.com.

Microsoft Issues 'Update Now' Warning To Windows Users

windows-10-smile-face.jpg

Microsoft really does not have the greatest track record when it comes to those security and system fixes that are usually referred to as Patch Tuesday updates. Readers of Forbes will not need reminding how these updates have recently caused Windows to freeze or simply decided to install themselves and cause unexpected restarts. Indeed, I have had more messages from readers who are fed up with Windows updates than in relation to anything else I have covered on Forbes. Yet it is precisely these people that Microsoft is now urging to apply one particular set of updates released May 14, warning that unless they do at least a million computers might be exploited by a security threat that could be as damaging and costly as WannaCry was two years ago.

Read more at Forbes.com.

The Four Best Password Managers to Secure Your Digital Life

Screen Shot 2019-06-02 at 12.44.17 PM.png

PASSWORD MANAGERS ARE the vegetables of the internet. We know they're good for us, but most of us are happier snacking on the password equivalent of junk food. For seven years running that's been "123456" and "password"—the two most commonly used passwords on the web.

The problem is, most of us don't know what makes a good password and aren't about to remember hundreds of them every day.

If you can memorize strong passwords for hundreds of sites, by all means do it. Assuming you're using secure passwords—which is, first and foremost, shorthand for longpasswords—this is the most secure, if slightly insane, way to store passwords. It might work for Memory Grandmaster Ed Cooke, but most of us are not willing to put in the effort. We need to offload that work to password managers, which offer secure vaults that can stand in for our faulty, overworked memories.

A password manager offers convenience and, more importantly, will help you create better passwords, which in turn makes your online existence less vulnerable to password-based attacks.

(Note: When you buy something using the retail links in our stories, we may earn a small affiliate commission. Read more about how this works.)

Read more at Wired.com.

Ransomware Protection, Removal and Recovery Best Practices for State and Local Governments

StateTech-Ransomware.jpg

User training and backups are critical to combating the ongoing threat of ransomware.

Baltimore is still struggling to recover from a ransomware attack that first crippled Charm City more than two weeks ago.

As NPR reports, “the online aspects of running the city are at an impasse. Government emails are down, payments to city departments can't be made online and real estate transactions can't be processed.”

Baltimore is the second apparent victim of the so-called RobbinHood ransomware attack, according to the Baltimore Sun, following Greenville, N.C. The effects are wide-ranging, Ars Technica reports:

It may be weeks more before the city's services return to something resembling normal — manual workarounds are being put in place to handle some services now, but the city's water billing and other payment systems remain offline, as well as most of the city's email and much of the government's phone systems.

The scourge of ransomware, in which attackers seize control of digital assets and hold them hostage in exchange for payment, continues to haunt state and local governments.

Government agencies should follow ransomware protection and recovery best practices to ensure their services are not taken offline the way Baltimore’s have been, experts say. That includes user education as a first line of defense to ensure they do not click on malicious links that will introduce ransomware, as well as robust and redundant backups of applications and data.

EXCEL’s cybersecurity solutions are the ideal defense against ransomeware attacks. Give us a call today to find out more about how we can help to secure your business against ransomware, phishing, spearphising, and other forms of electronic intrusion.

Read more at Statetechmagazine.

Georgia County Pays a Whopping $400,000 to Remove a Ransomware Infection

money-dollars.jpg

County hired cyber-security consultant to negotiate ransom fee with hacker group

Ransomware has become a cottage tech industry, and no one is immune. Nobody knows this better than Georgia County, who just parted with $400,000 because of lack of technical foresight.

"Everything we have is down," Sheriff Janis Mangum told StateScoop in an interview. "We are doing our bookings the way we used to do it before computers. We're operating by paper in terms of reports and arrest bookings. We've continued to function. It's just more difficult."

EXCEL can help your business avoid ransomware attacks with world-class security and prevention measures. Contact us to find out how.

Read more about Georgia County at ZDNet.

How dumb do you think your customers are, AT&T?

p-1-atandampt-reclaims-its-title-as-most-consumer-unfriendly-company-in-america.jpg

There’s a lot of money riding on whether wireless carriers and phone makers can make consumers understand the next generation of wireless service, 5G, and why they should want to buy into it. Many Americans are just now hearing of the new, faster service, which will deliver blazing speeds with very little latency. Meanwhile, the carriers are spending millions building the networks that will support the new service, and phone makers are working on the first wave of smartphones that will support it.

Read more at Fast Company.

Do You Know About RaaS? (Ransomware as a Service) (Seriously)

header-image.jpg

Yatron Ransomware Plans to Spread Using EternalBlue NSA Exploits

We ran across the article below, and we were floored that there is now Ransomware-As-A-Service (RaaS). To put this in perspective, this is a service sold by an enterprising criminal to other criminals to enable them to encrypt your files and demand a ransom to unlock your files. In exchange for the ransom, you will receive a decryption key that may or may not work to decrypt your files.

This is like a thief selling a foolproof solution to other thieves to break into your home, take all of your valuables, and demand a ransom to get them back. Data—your data—has become a highly-sought-after commodity, and the bad actors are always developing new ways to get to it.

From the article: A new Ransomware-as-a-Service called Yatron is being promoted on Twitter that plans on using the EternalBlue and DoublePulsar exploits to spread to other computer on a network. This ransomware will also attempt to delete encrypted files if a payment has not been made in 72 hours.

Read more at Bleeping Computer.

The landscape of cyber security is always changing, and changing at an extremely rapid pace. Having a strong antivirus solution in place is no longer sufficient to protect your organization from malicious actors. At EXCEL, we keep our eye on what is happening in the cyber security landscape, and prepare solutions that will greatly reduce the risk of a breach of your environment. Be sure that you have security solutions in place that provide the most up-to-date protection. If you are not completely confident that you have the right solutions in place, please give us a call or drop us a line. We can help.

No One is Immune to Ransomware

health-care.jpg

Michigan-based medical records firm Wolverine Solutions Group (WSG) says that it discovered its systems had suffered a security breach on September 25 last year—some six months ago. Malware had infected the company’s computers and encrypted “many” of the firm’s records, rendering them inaccessible.

"Sadly, it’s still all too common to discover that backups have not been maintained or that the backups themselves have also been corrupted by the attack."

Read more about the breach at Tripwire.

EXCEL offers comprehensive security packages to help your firm protect against a wide variety of threats, including ransomware. Contact us to learn more.

"That will never happen to me. It's a risk I'm willing to take."

CEO-Magazine-Ostrich-strategy.jpg

Small- and medium-sized businesses (SMBs) are the prime target for attackers because they tend to be easier targets. They’re often less secure and unprepared for attack. Think about burglars that go after houses where they know no one is home. With more cybercrime automation and the rise of hacking kits, the cost and time it takes to launch a successful attack have decreased, increasing the amount of cyber-attacks executed.

You, like many SMBs, may not think you are a target.

82 percent of SMBs say they’re not targets for attacks as they don’t have anything worth stealing (Towergate Insurance).

However, 55 percent of SMB respondents have experienced a cyber-attack in the past year, and another 50 percent have experienced a data breach involving customer and employee information (2016 State of SMB Cybersecurity).

You may underestimate the value of your information. 

It doesn’t always seem like it, but every business has data worth stealing. Did you know that the average cost per lost or stolen record is $158? It may not seem like a lot, but this number grows quickly once these records are stolen by the hundreds (Cost of Data Breach Study).

This means you might not be prepared to defend yourself.

Did you know that 79 percent of small businesses do not have an incident response plan? Without one, you may never be able to fully recover when a security incident becomes a reality—and it will. (Cybersecurity Trends Report 2017).

However, the consequences are significant and often business-crippling.

An IBM and Poneman Institute study found that the average cost of a data breach has increased to a staggering $3.79 million (Cost of Data Breach Study).

 Similarly, 60 percent of companies that lose their data due to an attack or disaster will shut down within six months (Boston Computing Network).

It’s time to get your head out of the sand. The longer you wait, the greater the risk. Give us a call at 614-500-4825, or drop us a line online.

– The EXCEL Team

Beware: Phishing Attacks Are on the Rise

Beware: Phishing Attacks Are on the Rise

We are seeing a dramatic increase in Phishing Attacks across businesses of all sizes. These attacks are sent via emails that look VERY legitimate. In order to address this rising trend, EXCEL now has the capability to launch benign simulated phishing attacks within an organization. The simulation tests employees’ willingness to open a potentially dangerous email and click an embedded link. A report will be generated showing how many targets the simulated dangerous email was sent to, who opened it, and who clicked on the link. We will then provide training material to employees on how to prevent phishing attacks. Contact us today to protect your organization through simulation and education.

“Eighty-three percent of information security professionals recently polled by Proofpoint said they experienced phishing attacks last year, up from 76 percent who said the same in 2017.”

Read more at PC Magazine.

Hot Tips: How to Feel More Accomplished at the End of the Day

At EXCEL, we are always on the look-out for valuable business information that we find helpful and that we can share with our customers and friends. Recently, we ran across an article in Fast Company with some tips on how to feel more accomplished at the end of the day. Who doesn’t want that? We liked the five steps outlined in the article and wanted to share it with our readers. Let us know what you think.

Community Spotlight: Curtis Jewell Receives Champions of Diversity Legend Award

Champions of Diversity

At age 75, Curtis Jewell, chairman and CEO of EXCEL Management Systems, is going strong, but he's stepped back from the front line. He's coaching, but doesn't want to be the No. 1 sales person.

Over the years, he has made connections and tried to walk the walk. Jewell grew up in the country, in a southern household like television's "The Waltons."

"That integrity and taking care of your neighbor and you know, being involved in the community was just natural with us always," he says.

"That's the good news of being an entrepreneur all your life and coming from an entrepreneur family

- you don't have to hedge, you don't have to lie, you don't have to sneak, you don't have to take shortcuts," Jewell says. "Because you learn that you're going to win more than you lose by telling the truth."

Win more than you lose...

To Jewell, leadership is setting an example by taking risks and giving more than receiving. He doesn't try to litigate everything or get every little piece.

"You're going to win some and you're going to lose some," he says "But you'll win far more than you lose if you approach life, and people the right way. It's all in style. It's all in integrity. It's all in honesty and openness." Jewell gives his employees space, trusting them to do the right thing and complete what needs to be done, because people are basically trustworthy, he says. He also expects his executives to own their area of the business within the enterprise.

Mentoring Others

Jewell likes to mentor aspiring entrepreneurs, because so many people helped him. For example, Robert Lazarus Jr. of Lazarus department stores first brought him to Columbus in the 1970s to head up a community substance abuse treatment center. Lazarus had Jewell serve on numerous community boards, and he enjoyed rolling up his sleeves, serving a higher purpose.

Jewell says that race relations are still stove piped in Columbus, but as a businessman he travels in all circles and he wishes more people would get out of their comfort zone. "It's not necessarily due to malice," he says "It's just people are historically moving in the circles that they're used to, and they are overwhelmingly one black and one white. I don't like that."