Attackers can harm, steal your data with a ‘simple act’ of spear phishing

It seems innocuous enough. A simple email. Maybe it looks like it’s from someone you know; maybe it looks like it’s from an organization you interact with.

There’s a link, baiting you to click for what’s beyond. Or maybe there’s an attachment and it seems important enough to open to see what it’s about.

And then you do it. With a single click, a single download, you open the door for an attack. If you’re on a company computer or device, you may even put your entire agency at risk.

“The most devastating attacks by the most sophisticated attackers almost always begin with the simple act of spear phishing,” Homeland Security Security Jeh Johnson said recently while speaking at the Financial Crimes and Cybersecurity Symposium.

While phishing campaigns aren’t new tactics, attackers are now using phishing scams to launch an alarming number of ransomware attacks.

“A lot of people still aren’t clueing in to just how dangerous clicking links or accepting downloads from unknown sources can be,” Dave Low, director of Technology Solutions for GuidePoint Security, said.

Low was a recent presenter in a webinar with RSA that highlighted some of the many ways attackers compromise systems. He also discussed tools and strategies to keep your organization’s systems and data safe. Missed it? You can catch a recording here.

“While clicking links or downloading attachments from unknown sources can have monumental consequences on personal devices, the same behaviors on a device linked to a business or organization can wipe out an entire network, halting business, putting data at risk, and compromising reputations,” Low said.

That could be what happened to the San Francisco Municipal Transportation Agency (SFMTA) when its systems were infected by ransomware on Nov. 25. Malware encrypted the agency’s office computers and limited access to several systems.

The attack disrupted SFMTA operations, forcing the company to turn off ticket machines and open fare gates that weekend. Commuters got free transportation, but the agency ended up with a lot of headaches and extra work.

“The SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls,” Kristen Holland wrote in an SFMTA blog after the attack. “Muni operations and safety were not affected. Our customer payment systems were not hacked. Also, despite media reports — no data was accessed from any of our servers.”

Infected machines displayed the message, “you hacked, ALL data encrypted.” SFMTA was instructed to pay 100 bitcoin, about $73,000, to unlock their systems. Holland said SFMTA never considered payment and instead rallied around the clock to restore backups.

The SFMTA attack and other reports of agencies and individuals being locked out of systems following spear-phishing and ransomware attacks highlight the importance of maintaining backups and never clicking links or downloading files from unfamiliar sources, Low said.

GuidePoint can help you protect your organization’s environment and reduce your risks of attacks by analyzing your existing environment for possible vulnerabilities, and helping you build a customized information security plan to keep your systems and data safe. For more information, contact GuidePoint today at (877) 889-0132 or visit www.guidepointsecurity.com.

About GuidePoint Security
GuidePoint Security LLC provides innovative and valuable cybersecurity solutions and expertise that enable organizations to successfully achieve their missions. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification is with the System for Award Management (SAM). Learn more at: www.guidepointsecurity.com.

Fast-growing information security provider recruiting top cyber talent and other positions

GuidePoint Security, one of the fastest-growing companies in America, is looking for information security professionals and related support staff to join its award-winning team.

In 2016, Inc. Magazine recognized GuidePoint as the No. 5 Fastest-Growing Cyber Security company in the nation and one of the overall fastest-growing companies in both Virginia and the Metro-D.C. area.

With an impressive three-year growth at nearly 1,300 percent, GuidePoint has a multitude of open positions to help support its ever-expanding governmental and commercial client base.

“We attract top talent because we’re focused only on information security,” Michael Volk, GuidePoint’s Founder and Managing Partner, said.

GuidePoint’s successes, Volk pointed out, are rooted in the leadership team’s focus on finding the right people and the right talent; and creating an environment that enables them to flourish, to take chances, and never be satisfied with the status quo.”

“If our team members don’t try to exceed themselves and feel they don’t have the ability to take a chance, we are failing as a leadership team. We want innovative thinking. We want them to go the extra mile, and if sometimes that doesn’t work out, we learn from it and we grow from it.”

Click here to hear more from Volk about what makes GuidePoint a great place to work.

GuidePoint offers medical, dental, and vision insurance with generous employer contributions, eligibility for 401K after six months of employment, and competitive salaries and other benefits. Current career opportunities are available in engineering, executive management, managed services, project management, and sales.

GuidePoint is consistently honored as one of the best and fastest-growing information security companies. Some of its many awards include:

To learn more about GuidePoint, why it’s a great place to work, and to see current openings, visit our Careers page.

About GuidePoint Security
Headquartered in Herndon, Virginia, GuidePoint provides innovative and valuable cybersecurity solutions and expertise that enable organizations to successfully achieve their missions. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification is with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com.

Attackers use common tools to hide among network activity

Free webinar highlights strategies to stop them before they damage your network, steal sensitive data

After attackers hit the Democratic National Committee this summer, several information security teams concluded they used a variety of persistent methods and several PowerShell exploits to pull off the attack and steal documents.

PowerShell is part of the Windows operating system. Exploits allow attackers to execute commands on remote computers. The malware is often disseminated through click bait or spam emails, and most endpoint security programs don’t detect PowerShell malicious intrusions.

“Today’s attackers use advanced techniques and tools to compromise systems and hide among normal activity,” Dave Low, director of Technology Solutions for GuidePoint Security, said. “PowerShell-based attacks are very difficult to detect using a logs-only approach. This can lead to theft of sensitive information, disruption of business operations, or destruction of assets and damage to your business’ reputation.”

Learn more about the PowerShell exploit and other ways attackers try to compromise your systems during a free webinar 1:30 p.m. Eastern Wednesday, Dec. 14.

While most computer users today know it’s risky to click on links and download files from unknown sources, malicious links and downloads continue to be a challenge for information security teams, analysts, and incident responders, Low said.

The challenges are often exacerbated by security teams’ limited time and resources, and further complicated by a growing number of devices connected to the internet.

Unsecured Internet of Things (IoT) devices are increasingly used for malicious purposes, like the October Distributed Denial of Service (DDoS) attack against domain registration company Dyn. That attack enlisted up to 100,000 malicious endpoints to slow down connections to popular websites like Amazon, Twitter, Spotify, and more.

Attackers used Mirai-based botnets on IoT devices for the large-scale Dyn network disruptions. Recently, a new Mirai worm knocked nearly a million German Deutsche Telekom customers offline, and affected customers for Post Office broadband and TalkTalk in the United Kingdom.

Powershell exploits, phishing, ransomware, and the Mirai worm are just a few of the many ways attackers try to gain access into your environment. At 1:30 p.m. Eastern Wednesday, Dec. 14, Low and Michael Godin, senior systems engineer for RSA, will talk about these tactics during a free interactive webinar, “Threat Hunting Lessons: Adversary Tools, Tactics, and Procedures.”

They’ll share real-world examples of attackers’ tactics, and will highlight tools and strategies analysts and incident responders can use to hunt for attacks before they cause damage. Register here now.

They’ll also explain how a Security Operations Center (SOC) can protect your organization by increasing your security team’s efficiency and encouraging active hunting. Low and Godin will explain how an effective information security plan and the right technology can help your team stop, think, and respond to threats quickly and calmly.

For more information, check out the webinar details here. Can’t make it? No worries. Go ahead and register and you’ll receive a recording after the webinar.

About GuidePoint Security
Headquartered in Herndon, Virginia, GuidePoint provides innovative and valuable cybersecurity solutions and expertise that enable organizations to successfully achieve their missions. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification is with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com.