DoorDash Leaks Personal Data Of Users And Drivers

Another week, another high-profile data breach.

This time, DoorDash confirmed on a recent blog post that data on nearly five million of its users had been accessed by an unauthorized (and at this point unknown) third party. According to information released by the company, the breach occurred on May the 4^th, 2019.

The unknown parties accessed information on the company’s drivers, merchants and customers who joined DoorDash on or before April 5^th, 2018.

The data taken by the unknown attackers includes:  names, email addresses, delivery addresses, order history, phone numbers, and hashed passwords.  The only silver lining in that is the last item. It will require significant effort on the part of the hackers to decrypt the passwords and make use of them.  Even so, with so much personal information, including physical addresses, the hackers have more than enough data to steal identities.

Part of the company’s formal statement into the matter reads as follows:

“We deeply regret the frustration and inconvenience that this may cause you.  Every member of the DoorDash community is important to us and we want to assure you that we value your security and privacy.”

While the response isn’t a bad one, and the company didn’t make any major missteps in the immediate aftermath of the breach, it’s all starting to feel very canned at this point.  Most companies say the same thing, and yet, these kinds of events keep happening.

Sooner or later, the platitudes aren’t going to be enough to assuage the very real concerns of consumers who are becoming increasingly fed up with seeing companies they trust lose control of their data.  Once a certain threshold has been reached, there’s bound to be a backlash.  We’re not there, but the frustration and anger are growing, and rightly so.

2019: A Refresher Course in Ransomware

Ransomware has now been a major threat to businesses and other organizations for several years, and 2019 has been no different.

It had been a sign of some relief when ransomware attacks grew less common throughout 2018, and it seemed that maybe efforts to contain these attacks had been successful…, however, according to data collected by McAfee Labs, and published in their August 2019 Threat Report, ransomware is back with a vengeance.

In the first quarter of 2019 ransomware attacks grew by 118%; new ransomware families were detected, and threat actors used new, innovative techniques.

McAfee’s data reports that the 118% increase in ransomware attacks included the discovery of new ransomware families utilizing new, innovative techniques to target and infect enterprises. The dramatic increase in ransomware attacks is being driven primarily by three families of ransomware: Ryuk, GrandCrab, and Dharma.

Ryuk is a scary bit of code that has been used to lock down entire large corporations and government agencies. It was originally credited to North Korea, but subsequent research points to the malware as being the work of a highly sophisticated cybercrime syndicate, rather than the product of a nation-state.

GrandCrab is a relatively new arrival on the ransomware scene, first emerging in 2018. Often described as one of the most aggressive families of ransomware, the original authors of the code have leased it out to other hackers around the world in exchange for a cut of the profits.

Dharma is the oldest family of the big three, first emerging on the scene in 2016. Originally, it was an offshoot of another, even older ransomware family known as Crysis. However, since branching off, it has become a potent threat in its own right, and the hackers who control the code regularly release new updates and continue to enhance its capabilities.

McAfee researchers observed cybercriminals are still using spear-phishing tactics, but an increasing number of attacks are gaining access to a company that has open and exposed remote access points, such as RDP and virtual network computing (VNC). RDP credentials can be brute-forced, obtained from password leaks, or simply bought in underground markets. Where past ransomware criminals would set up a command and control environment for the ransomware and decryption keys, most criminals now approach victims with ransom notes that include an anonymous email service address, allowing bad actors to remain better hidden.

So why-exactly-is ransomware such a threat to your data?

For those who don’t know, ransomware is a form of malicious software (malware) that threatens the elimination of hijacked and encrypted data if a user doesn’t pay a ransom. It is known to be one of the most prolific and pervasive threats seen on the Internet today. Ransomware has evolved over the past several years, so let’s look at what the future of ransomware looks like, and what you can do to protect yourself against it.

Unlike most other malware threats, ransomware isn’t designed to gain access to a system to steal data. It’s also not really a con, as anyone that is inundated with ransomware is in a real threat to lose their data (or their money). Ransomware is basically one of two types of malware. Some are computer viruses that target the CPU. These are called “locker” ransomware. The other prevalent type, called “crypto” ransomware, target and encrypt access to file systems.

Whichever strand you get (and there are dozens of different strands) the basic premise is the same. After it is unpackaged to the user’s machine (or network) it encrypts access to data/processing/both and gives the system’s user instructions on how to proceed. The user then has a decision to make, pay the ransom or try to restore the data from their backup platform.

Ransomware is such a departure from normal malware in that most strands of malware tries to camouflage itself inside a user’s system or network. Ransomware makes sure you know it’s there. The past few years has seen a huge uptick in the amount of ransomware that has been deployed, both in variant, and in frequency. These attacks have hit many municipalities, businesses, and other organizations, with one purpose, to extort money. For example, the city of Atlanta spent more than $2.6 million on emergency efforts to respond to a ransomware attack that infected their municipal operations in 2018.

So how-exactly-are these attacks carried out? The answer may surprise you.

Delivery
You may think that such a devastating computer virus would have to be delivered by those black hat hackers who sit in a basement someplace carrying out some well-concocted scheme to defraud your company. Or maybe it’s sabotage by a disgruntled former worker who didn’t get his/her 25% raise and inexplicably still had access to the network. The truth is that, while it could be either one of those examples, it is most likely the result of an honest act of negligence by someone who has access to your network.

Most ransomware attacks are perpetrated by hackers that try to spoof legitimate company’s emails. Since these emails seem to be coming from a legitimate place, unwitting end-users click on links or download attachments from these emails, resulting in the malware attached being deployed on the system. The code then goes to work encrypting files or the hard drive. These attacks are commonly known as “spear phishing.”

In a spear phishing attempt, a perpetrator needs to know some details about the victim. Using these details, the fraudster aims to instill trust in the victim and get as far as possible with the scam. So where do they find these details? These could be gleaned from a previous phishing attempt, a breached account, or anywhere else they might be able to find out personal information. Social media, in particular, is a hotbed of information regarding both individuals and businesses.

So, what does a Ransomware attack look like?
Once the ransomware has inundated the system and the file (or drive) is encrypted, the server will send a message to the victim. Typically, the user will get a notice that their files/computer has been encrypted and the only way to get the file back is to follow the instructions given in the notice. This includes payment arrangements and the dreaded countdown meter. If the user doesn’t meet the demands outlined in the notice, their data will be deleted forever, or their computer will be locked. This, of course is a terrible situation.

What the user doesn’t see, however, is that the hacker, who has control over this data or infrastructure is probably not letting this end-user off the hook. The ransomware is bad enough, to exacerbate things for this foolish user, the hacker can now do what they please with that machine. Sometimes they will include directions that will allow the hacker to steal the victim’s credentials. Even if the ransom is paid, and the files/system is returned to user as agreed upon, many of these attackers will load additional malware onto the system, allowing them to further persecute a person whose only mistake was clicking on a link they thought was a legitimate source.

       Firstly, it is important to have enough security on your machine/network to ensure that any potential threat is eliminated before it can be a problem. A Unified Threat Management tool is a great solution to mitigate network problems. Not only does it have a firewall and antivirus, it comes with a spam filter that can help users from being exposed to emails rife with malware in the first place.

Secondly, training your staff on how to determine the legitimacy of any message is important. Ransomware can be deployed through email, messaging services, and social media, so educating them on how to avoid these situations is an integral step in keeping these threats off your organization’s network.

Lastly, having a powerful and up-to-date backup of your organization’s data can be a life-saver in situations like the one outlined above. Net Activity’s backup solution can provide any organization the data protection they need through redundancy. Not only is your data backed up at regular intervals locally, it is also backed up in an offsite data center. Having up-to-date backups on hand could save your hide in several different situations.

For more information about ransomware, what you must do to keep from experiencing it, and how to protect yourself from all manners of online threats, download our Ransomware Business Guide here:

New Chrome Feature Allows Sending Web Pages To Devices

If you use Google’s Chrome browser for web connectivity, you’re about to get a new feature you’ll probably fall in love with.

Chrome 77 is now available for Windows, Mac, iOS, and Android.  For years, Google’s primary mission where the web is concerned has been to increase the quality of the user experience and the company keeps finding new ways to do just that.

Their latest offering, available in Chrome 77, will allow you to send web content to any other device you own that you use Chrome on.

Here’s how it works:

Let’s say you’re on your phone and you run across an article that deserves more time and attention, so it is probably something you’d like to revisit on your PC.  Easily done.  Just “send the web page” in question to any device on your device list drop down, and you’re all set.  You’ll be able to pick up reading the article in question where you left off on the device you select.

If you’re using Chrome on iOS, you will need to have the app open for the new functionality to work, and you’ll need to accept the sent tab because the functionality isn’t quite as tightly meshed on iOS as it is on the other platforms.

It’s a small change, but a significant one that enhances the overall user experience.  The days of browsing the web on a single device are long gone. Chrome plays a major role in the Windows, Android, and Apple product ecosystems. It also has the ability to fly seamlessly from one type of device to another (even devices on entirely different ecosystems) and browse your preferred content seamlessly is compelling.  Kudos to Google for the recent enhancement.  We can hardly wait to see what else the future holds.

A Primer on Watering Hole Attacks

Cyberattacks come in many different forms, with new methods being developed all the time. What’s bad is that personal information is now often stored online, be it through social media or through government and healthcare services — and these are juicy targets for criminals. Learn more about one way these criminals steal data — through watering hole attacks.

What are watering hole attacks?

Watering hole attacks are used to distribute malware onto victims’ computers in a similar way phishing activities are conducted. Cybercriminals infect popular websites with malware, and anyone who has had the misfortune to visit have their computers automatically loaded with malware.

The malware used in these attacks usually collects the target’s personal information and sends it back to the hacker’s server. In extreme cases, the hacker will actively take control of the infected computer.

But how does a hacker choose which websites to hack? With internet tracking tools, hackers find out which websites companies and individual users visit the most. They then attempt to find vulnerabilities in those websites and embed them with malicious software.

With such highly skilled hackers these days, virtually any website can fall victim to a watering hole attack. In fact, even high-profile websites like Twitter, Microsoft, Facebook, and Apple were compromised in 2013.

You can protect yourself by following these tips:

Update your software
Watering hole attacks often exploit holes and vulnerabilities to infiltrate your computer, so by updating your software and browsers regularly, you can significantly reduce the risk of an attack. Make it a habit to check the software developer’s website for any security patches. Or better yet, hire a managed IT services provider to keep your system up to date.

Watch your network closely
Regularly conduct security checks using your network security tools to try and detect watering hole attacks. For example, intrusion prevention systems allow you to detect suspicious and malicious network activities. Meanwhile, bandwidth management software will enable you to observe user behavior and detect abnormalities that could indicate an attack, such as large transfers of information or a high number of downloads.

Hide your online activities
Cybercriminals can create more effective watering hole attacks if they compromise websites only you and your employees frequent. As such, you should hide your online activities with a VPN and your browser’s private browsing feature. Also, block social media sites from your office network, as these are often used as share points of links to infected sites.

At the end of the day, the best protection is staying informed. As cyberthreats continue to evolve, you must always be vigilant and aware of the newest threats. Tune in to our blog to find out about the latest developments in security and to get more tips on how to keep your business safe.

Malware now Hiding Inside Fake Copies of Online Books

Kaspersky Lab has recently issued a warning that should alarm and dismay students around the world.  Based on the findings of some of the company’s researchers, they’ve discovered a new surge in malware masquerading as legitimate digital textbooks. Given the staggering price of physical textbooks, many students have changed to acquiring digital copies of the books they need.

While the price difference is considerable between the digital and physical copies, penny-pinching students often shop for the best deals possible on the digital copies of the books they’re buying.  Unfortunately, a disturbing percentage of bargain-priced texts are poisoned and used to infect the devices of the students downloading them with a variety of malicious payloads.

Based on Kaspersky’s research, there were in excess of 365,000 attacks last year that relied on malicious documents with educational-related filenames.  Of those, 233,000 of the cases involved poisoned documents downloaded by more than 74,000 people and blocked by the company’s software.

According to a Kaspersky spokesperson, about a third of those files were malware disguised as textbooks, and more than 30,000 users attempted to open them.

The company was able to block an impressive percentage of those types of attacks. However, based on their own numbers, that still means that more than 132,000 infection attempts were successful.  While the attacks were made using a staggering array of malware, the most commonly employed were identified as:

• MediaGet
• Agent.gen & Win32.Agent.ifdx
• The Stalk worm

Of the ‘Big Three,’ the MediaGet downloader is the least harmful, designed to simply download an unnecessary torrent client.  Unfortunately, the other two downloaders, WinLNK.Agent.gen and Win32.Agent.ifdx are capable of dropping all manner of nasty malware onto an infected device.

Stalk is different from these others, being classified as a worm.  Its main goal in life is to spread itself to as many machines as it can and will merrily mail and text itself to the entire contacts list on any infected machine.

The bottom line from Kaspersky is simply this:  Bargain priced digital texts very often have a high hidden cost.  It pays to be wary.

5 Modern Cyber Threats You Need To Know About in Your Business

Cybersecurity is a critical part of managing any business. This is especially true nowadays when there are countless individuals and organizations formed specifically to steal credentials and sensitive information from your organization. Today we will be dedicating some time to how your business can reinforce proper cybersecurity practices.

Shadow IT
Time is money, and people will go to great lengths to keep themselves productive throughout the workday, even if it’s not sanctioned by your business. While you might have certain preferences for solutions, your employees might have other ideas. This is called Shadow IT, where your employees will download and use a piece of software that hasn’t passed the test of your company’s IT department. Most of the time, the employee who downloads the off-brand software isn’t doing it out of spite for the organization–only for their own convenience. In fact, 80 percent of employees use software that hasn’t been selected, tested, and released by the IT administrator. These applications are more vulnerable than those that would be implemented by your business.

Cryptojacking
There are over 1,500 kinds of cryptocurrency out there, and cryptojacking was a popular method of cybercrime in 2018. Cryptojacking is when a malware will use a target’s computer resources to mine for cryptocurrency. Due to how resource-intensive cryptojacking is, it affects the computer’s effectiveness and longevity. Most studies that have been performed as of late show that cryptojacking will get much worse in 2019, as the value of cryptocurrency has fallen considerably over the past year. This means that more machines are needed to mine cryptocurrency, which means more attacks will be needed to create the same level of profit. You should take measures now to learn about these attacks and how to keep them from becoming a problem for your business.

Ransomware
Ransomware might be on the decrease since 2018, it’s still important to keep a lookout for it, primarily because it’s such a huge danger to network security. Ransomware is capable of encrypting all of the files located on a computing system. It then demands payment to unlock access to the files. Ransomware tends to target organizations that have a lot of sensitive files who are likely to pay up in the event of an infection. Others might have operational technology systems that are critical to maintain at all times, making restoration a priority–even if it means paying up.

Unsecured Internet of Things Devices
The IoT is only growing larger, and you know what that means: more devices that could potentially create a disaster scenario for your business. It becomes incredibly important to keep your network safe from any and all devices connected to it at any given time, whether it’s from employees or visitors. Even a simple unsecured IoT device with smartphone connectivity could become a major network vulnerability. To be fair, there have been improvements to IoT security, so you’ll have plenty of options over how to utilize IoT devices securely and effectively.

Phishing
All businesses see a phishing email at least once in a while. It’s estimated that an average of 156 million phishing emails are sent every day, making it a very common method of hacking. Basically, since most accounts are secure enough that they cannot be hacked through conventional means, the hacker will instead directly reach out to whoever owns the account to get the information they need to infiltrate it. One specific example of this is business email compromise, which targets specific members of an organization and can cause up to $12 billion in losses all over the world. Most phishing messages can be stopped with powerful spam filters, but it’s also important to educate your employees on what to watch out for in a phishing email. In fact, some scams will use text messaging, instant messaging, and even phone calls to get what they’re after.

2019 promises to be a great year for business technology, but are you prepared to keep it all secure? To find out, reach out to us at 216-503-5150.

Report Shows 118 Percent Increase In Ransomware Attacks In 2019

Ransomware roared onto the global stage in 2017. Companies and government agencies around the world felt the impact with widespread campaigns like NotPetya and WannaCry.

By 2018, the number of ransomware attacks had begun to fall off while hackers found new tools to attack with, shifting toward cryptojacking, credential theft, and trojan malware.

Granted, ransomware attacks didn’t fade completely from the picture in 2018, but they were overshadowed by the emergence of new attack vectors.  Unfortunately, according to data collected by McAfee Labs, and published in their August 2019 Threat Report, Ransomware is back with a vengeance.

Christopher Beek, a lead scientist at McAfee had this to say about the report:

“After a periodic decrease in new families and developments at the end of 2018, the first quarter of 2019 was game on again for ransomware, with code innovations and a new, much more targeted approach.”

The dramatic increase in ransomware attacks is being driven primarily by three families of ransomware:  Ryuk, GrandCrab, and Dharma.

Ryuk is a scary bit of code that has been used to lock down entire large corporations and government agencies.  It was originally credited to North Korea, but subsequent research points to the malware as being the work of a highly sophisticated cybercrime syndicate, rather than the product of a nation-state.

GrandCrab is a relatively new arrival on the ransomware scene, first emerging in 2018.  Often described as one of the most aggressive families of ransomware, the original authors of the code have leased it out to other hackers around the world in exchange for a cut of the profits.

Dharma is the oldest family of the big three, first emerging on the scene in 2016.  Originally, it was an offshoot of another, even older ransomware family known as Crysis. However, since branching off, it has become a potent threat in its own right, and the hackers who control the code regularly release new updates and continue to enhance its capabilities.

All that to say, it’s too soon to breathe a sigh of relief where ransomware is concerned.  It’s back in 2019, and it’s back with a vengeance.

Microsoft Says Office 365 Users Should Use Spam Filter

Microsoft recently updated their support page and offered additional guidance to network admins as it relates to Office 365’s built-in spam filters. The gist of the update is that they strongly advise against turning the auto-filters off.

They provided some additional guidelines if you decide to bypass them for one reason or another.

Here are the most relevant portions of the recent update:

“If you have to set bypassing, you should do this carefully because Microsoft will honor your configuration request and potentially let harmful messages pass through. Additionally, bypassing should be done only on a temporary basis. This is because spam filters can evolve and verdicts could improve over time….”

If you decide you want or need to bypass anyway, the company offered the following additional suggestions:

• Never put domains that you own onto the Allow and Block lists
• Never put common domains, such as Microsoft.com and office.com onto the Allow and Block lists
• Do not keep domains on the lists permanently, unless you disagree with the verdict of Microsoft

You and your IT staff are likely already aware of this. If not, Microsoft maintains a living document on their support website where they keep a comprehensive list of security best practices for Office 365. If you haven’t seen it before, or if it’s been a while since you reviewed it, it pays to take some time to look it over.

On a related note, the company recently sent out a bulletin advising all Office 365 customers and admins to report junk email messages for analysis using the Microsoft Junk Email Reporting add-on. This is in order to help reduce the number and effect of future junk email messages. If you and your team aren’t already in the habit of doing this, now is an excellent time to start.

Save time with Bookings by Office 365

We all undeniably have hectic schedules, and they’re made even worse with unorganized meetings, impromptu lunch dates, and unscheduled yoga classes. To move or cancel appointments, your clients would generally have to pick up the phone and call someone, which can be a drag. But with Microsoft Bookings, clients can schedule and effortlessly manage appointments. In case one isn’t enough, here are four more reasons to give it a go:

Visibility

Bid adieu to the days of scribbling on post-its and frantically going through your schedule to find out where you’re heading for lunch. Microsoft Bookings provides you with a unique webpage that is compatible on both desktops and mobile devices. Here, customers can select times and dates based on current availability — simply enter the contact information and then book it! The system fully automates the process of managing your appointments.

No more rain checks

Cancellations and missed appointments mean wasted time slots unless you’re able to fill them up with new bookings. Avoid lost income by controlling how much advance notice is required to make a cancellation. With Bookings, appointments appear immediately in staff calendars and can be added or revised by customers in their own personal calendars. Additionally, a confirmation email is automatically sent to the customer, which is then followed by another automatic email reminder before the appointment time. The web page also offers a rescheduling service: customers can simply click on the link on the confirmation email and pick a time that they’re more comfortable with.

Synchronization

Once completed, the booking is then synced to a centralized calendar where businesses are given the option to reschedule, cancel, or reassign the appointment to other staff members as they see fit.

If you do decide to reassign it to staff members, Bookings offers a nifty feature known as “split view.” This shows which staff members are booked at which times, and you can compare everyone’s schedules side-by-side. The appointments are synced not only to your calendar but to the staff members’ calendars as well. Moreover, this versatile system accommodates Office 365, Outlook, and even Google Calendar, so clients and staff can keep whatever calendaring service they prefer.

Double duty

Appointment setting might be the primary goal of Bookings, but the system can also be utilized to build your company’s customer list. Once customers input their information into the system, it automatically creates contact entries for those customers. The contact card contains personal information such as your customer’s name, address, phone number, and email address.

And, as your company grows, you can add more staff members as well as create additional booking pages for free. Furthermore, staff members aren’t required to have Office 365 subscriptions to be a part of the service.

Efficient tech resources aren’t enough to maintain a successful business anymore. To really stand out from competitors, you need comprehensive appointment management. Give us a call if you need any questions answered or issues addressed. We’re more than happy to help.