Posts

T-Mobile DDoS Attack Was Just a Network Issue

A tweet meant to spread misinformation sent much of the U.S. into a panic on Monday. A countrywide T-Mobile network outage was mistaken for a Distributed-Denial-of-Service attack when the Twitter account @YourAnonCentral claiming to be Anonymous affiliated tweeted Monday about a major DDoS attack on the U.S. Included in the tweet was a world map claiming to show proof of the large DDoS attack on the U.S.

Marcus Hutchins, a former black hat hacker turned white hat and cyber researcher responsible for stopping the WannaCry ransomware attacks in 2017, along with other cyber researchers, proved these tweets false that same day. About the map, Hutchins said it “show[s] a random sample of global DDoS traffic badly plotted on a world map. It does not indicate an attack against the US, it lacks context to make any inferences at all (other than DDoS attacks are happening all day every day).”

https://twitter.com/MalwareTechBlog/status/1272647109833940992

Other false reports of major outages with other services added to the confusion. The popular site for detecting outages Downdectector did detect outages for other major cellular carriers (Verizon, AT&T, Metro, Sprint, Consumer Cellular, US Cellular). However, Verizon assured DCD that its network was performing well: “We’re aware that another carrier is having network issues. Calls to and from that carrier may receive an error message. We understand Downdetector is falsely reporting Verizon network issues.”

AT&T also reported that its network was working properly.

https://twitter.com/ATTNEWS/status/1272642265056522242

Additional popular services were reported to be under attack, but researchers believe that this may be in consequence of T-Mobile users not being able to reach those services. Among those reported to be having problems were internet providers (Spectrum, Comcast, CenturyLink, Cox), social media platforms (Facebook, Instagram, Twitter, Snapchat, Twitter), gaming services (Fortnite, Roblox, Call of Duty, Steam, Xbox Live, Playstation Network), streaming services (Netflix, Hulu, HBO Now, Twitch), Banks (Chase Bank, Bank of America), and other major services (Doordash, Google, Zoom).

https://twitter.com/MalwareTechBlog/status/1272656800400044032

T-Mobile was able to fix what turned out to be a routing issue by 11 pm Monday evening. T-Mobile’s President of Technology Neville Ray tweeted an apology, with a promise that improvements were made to prevent future events like this.

Even though the panic of Twitter users turned out to be for nothing, this false alarm seems to beg the question, what would have happened if such a large scale DDoS attack had been real?

Many of the reported issues were with services that have become staples to businesses and individuals during this pandemic. Without telecommunication and technology services available, would people know how to survive? Events like this should be a wakeup call to organizations, to review and update their disaster recovery plans, or to create one if they don’t have an existing plan. On this blog, we have focused mainly on ransomware and how to recover from a ransomware attack, but a disaster recovery plan should cover all types of cyber threats, including DDoS attacks.

If your company does not have a disaster recovery plan for DDoS attacks (whether pointed at your organization or the services you use), try asking yourselves questions similar to these: Does your organization have a plan in place if you were to lose cell or internet service? What are your organization’s next steps in the event of a DDoS attack to get your services back up? Have you talked to your service providers about services or tools that can help? Do you have locally backed-up copies of mission-critical data? While creating a disaster recovery plan is time consuming, it will always be worth it.

OpEx Versus CapEx

“Being ever-evolving as an attack tool, even the simplest form of ransomware can cost significant time and money, but more severe attacks can deal a crippling blow and even destroy a company completely, sparing no one” (Ransomware Facts, Trends & Statistics for 2020).

The effects of a ransomware attack on a business or organization can be detrimental. This is especially dangerous considering the unique time of economic uncertainty we are currently experiencing, which has forced many businesses to manage and mitigate their risks while planning ahead. “If the end of 2019 is any indication, ransomware in 2020 will become more hazardous than ever” (2020 Prediction: Ransomware to become more dangerous than ever).

Picture this: You are the IT director for a school district and you are worried about the increase in ransomware attacks and other forms of malware. You want to make sure you have a reliable data backup and recovery plan in place. You have heard of the amazing features of Rubrik software and you would love to apply their technology, however, you do not have the budget to take the leap and purchase a Brik. 

Rubrik Technology

Rubrik technology converges backup, secondary, storage, and data management into a single software. As one of the fastest-growing IT companies in the world, they are solving all the problems that data backup was previously known for— slow recoveries, poor scalability, and lack of automation/cloud support. With immutability for ransomware, end-to-end encryption, data replication, and instant recovery, it is no wonder time and time again, people are choosing Rubrik. 

Every business or organization should have a data backup and recovery plan in place. Whether you are the owner of a growing business or the IT director for an organization, there are many reasons why one may not be ready for a Brik. Some simply do not have the budget, and others may be cautious in their purchasing decisions because of the current pandemic. Whatever the reason may be, Trinsio understands your concerns and has created a way to meet these specific needs.

Trinsio’s OpEx Model

Although large enterprises and organizations may have the capital to purchase a Brik upfront, growing businesses don’t always have the same opportunity. Trinsio has developed an OpEx Model by offering a monthly consumption-based service that allows organizations of any size to take advantage of all the features of Rubrik, without initial outstanding costs. Trinsio will help you build a plan that will grow and shrink according to the amount of data you have.

Along with the monthly lease of a Brik, Trinsio’s OpEx model provides local data and storage management (capacity varies based on Brik model), full-featured Rubrik data management tools, CloudOut — archive backup data to Fibernet, Amazon S3, Google, or Azure Blob Storage for quick access and retrieval. 

Trinsio provides data management solutions, including data backup and recovery, all powered by Rubrik. With more than 30+ years of experience in cloud, data center colocation, and communications, Trinsio can provide customers with custom-tailored solutions covering all aspects of data management. With Rubrik, we provide enterprise-level complete data management to customers of any size. 

Five Tips to Reduce Your Ransomware Attack Surface

When it comes to protecting ourselves against ransomware, there is no one magic thing that we can do to make us immune to attacks. Cybersecurity is about creating a layering defense and covering all bases. This takes time and resources but is crucial to the success of businesses of all sizes.

While some networks will require special deliberation, there are steps that all businesses can take to secure their business systems. Here are five tips to reduce your ransomware attack surface and build a strong defense against cyber threats:

1. Patch software

One of the most obvious things a company can do to secure their network is to patch its software. Leaving software unpatched is like inviting the hacker in through your front door and asking them to help themselves. By patching your system’s software, you are closing the door to attacks based on known vulnerabilities. The 2017 WannaCry ransomware attacks are an excellent example of this; a known vulnerability was patched and published by Microsoft. However, many people were not on top of updating their software and were attacked in the months following and were forced to pay the ransom or lose their data.

Patching your software timely requires hackers to look for more creative ways to get access to your sensitive data, like looking for undiscovered vulnerabilities, which can be much harder.

2. Least privilege policies

Least privilege connotes limiting access to data to those users who explicitly need access. This can mean assigning access to only certain parts of the network for some users. Because of this, implementing least privilege policies into your IT environment allows for better visibility into data movement. By knowing who is allowed access to certain parts of the network, you can see who is accessing data and when, and more easily identify unauthorized access to sensitive data.

3. Strong Password Policies

According to Google, compromised passwords are the number one reason that websites are hacked. A compromised password can be obtained by the hacker on the dark web, or through brute-force guessing techniques. An analysis by Skyhigh Networks found that the same 20 passwords made up 10.3% of 11 million stolen passwords for cloud services, or about 1.13 million passwords. These same passwords can be cracked in less than 1 second. All of these facts should convince you of the necessity of creating strong passwords. Besides using common, guessable passwords, don’t make these other common password mistakes:

  • Using the same 2 passwords. Did you know that over two-thirds of people only use 2 passwords? Using the same passwords for different accounts can lead to all your accounts being compromised when one is hacked.
  • Keeping your passwords in an unsecured place. Around 40% of organizations keep privileged passwords in a Word document or spreadsheet, one of the least secure places to keep privileged information. Instead, try using a password manager, or something similar that limits access to sensitive information.
  • Never changing passwords. Keeping the same password for your email account since your freshman year in college increases your chances of using a compromised password. Frequently updating passwords can prevent access to those who knew your password at one time.

4. Educate Organization Members

The members of your organization can be your weakest links if they are not trained appropriately to have good cyber hygiene, including how to identify phishing emails and other cyberthreats.

5. Secure remote access pathways

Be cautious of external vendors who have access to your network. Vendors may not have the same level of security protocols as your organization, and may not be as careful about keeping information secure. To double down on their potential lack of security, limit access to resources in your network through a single access pathway, giving you more visibility into traffic going in and out. Here you can also implement granular, role-based access to prevent the over-exposure of sensitive information to unwanted users.

BONUS TIP: Keep your backups separate from your main network and off-prem

As your last line of defense, your backups should not be on the same network as the rest of your data. Doing so puts your backups in the same situations as your active data, so in a situation where you need to restore from your backups, there is much less of a chance that your backups will be unaffected by the same ransomware that rendered your active data useless.

Keeping your backups on a different network and off-site allows for a barrier of protection between the backups and the active data. For some backup solutions, this can mean a slower recovery, which can be detrimental to any organization. With Rubrik cloud data management, you can restore from your backups almost instantly from immutable backup stores, even when backups are stored off-site. Rubrik was built to be ransomware proof and boasts features like data immutability and end-to-end encryption.

The Coronavirus + Your Business

As the number of infected by the Coronavirus grows in the US, more local governments and businesses are taking action to prevent contracting the virus. Eight states, including Utah, have declared a state of emergency. Governor Herbert said about declaring a state of emergency: “Making this declaration simply opens up resources for Utahns and allows us in government to focus as seriously as possible on being prepared.”

Meanwhile Individuals are taking to the internet, preparing by doing their own research and watching Contagion (it’s okay, we did it, too) and buying face masks (even though the CDC says only the sick need to wear them). But what are businesses doing to prepare for the virus and how will it affect them?

Quarantined Consumers Versus the Internet

For businesses, the effect of the virus goes beyond employees asking for sick leave or working from home. Some companies such as Twitter, LinkedIn, and Microsoft (all together 75,000 employees working from home in the US) have already asked employees to work from home. Meetings and conferences are already being cancelled or delayed until the summer, like Rubrik Forward, which just made the decision to cancel all physical events and instead to make the conference digital. 

However, a more drastic change for businesses will be customer preferences as their customers work from home. As more customers begin to use services from home, they will be more reliant on internet services, and connectivity will become more important to them. Security incidents will be harshly critiqued, and loss of service, even for short periods of time, will be enough to convince customers to look for more stable options. 

“Businesses who are inadequately prepared won’t be able to live through cyber breaches as consumers become more dependant on reliable internet services while working from home,” says Lane Livingston, CTO of Trinsio. “Businesses need to prepare now for the shift in consumer preferences forced by the Coronavirus.”

And to add an extra challenge, as customers become more intolerant of service interruptions, scammers and spammers are taking advantage of the ignorance, misinformation, and fear of citizens. The internet has seen an increase in scams related to the Coronavirus, asking people to donate, buy supplies, or click on links to see updated lists of infected cities, etc., some even impersonating the CDC to add legitimacy to their messages. So while your customers are on you for service interruptions, malware operators are working double time to wreak havoc on your business and provide your customers with more reasons to leave. 

Steps Your Business Should Take

While problems seem to be coming at you from both sides, what can you be doing to protect your business from the consequences? Here’s five things you can do now to keep your consumers happy and the hackers at bay. 

1. Use a good spam filter. A good spam filter will prevent a lot of the malicious mail from even getting to your mailbox, giving you a lower chance of clicking on something malicious. 

2. Train employees. A spam filter will not catch everything, so it is important that employees are aware of what to look for in malicious email. 

3. Set up antivirus software and a firewall. In information security, the more layers between your company’s information and the hacker, the better. 

4. Keep software and hardware up to date. Updated software and hardware will have the least amount of known bugs, giving hackers less opportunities to worm their way into your systems. 

5. Back up, Back up, Back up. Having a good backup system is a crucial part of any IT infrastructure, so that when the other parts of your system fail, your business has something to lean back on. And with customer tolerances of down time decreasing, it is also crucial to have a backup system that you can recover from quickly, preventing unnecessary down time. 

To learn how you can try a state-of-the-art backup solution for free, visit our website, or call (385) 283 – 1810.