Hacker Tracker | October in Review

Where are we in the world of cybersecurity? It’s easy to miss the cybersecurity threats and attacks happening right in our “backyard”. Our goal at PK Tech is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware–without being afraid–of the cybersecurity threats that are real threats for your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity.

Check out our monthly “Hacker Tracker” for the latest in cybersecurity hacks, breaches and updates…

#1 TrickBot botnet survives takedown attempt, but Microsoft sets new legal precedent | 10.13.20 

  • The TrickBot botnet has survived a takedown attempt orchestrated by a coalition of tech companies on Monday. TrickBot command and control (C&C) servers and domains were seized and have been replaced with new infrastructure.
  • Microsoft successfully argued in court against the use of Windows SDKs inside malware code. This is a precedent it will be able to use frequently in future botnet crackdowns.
  • While the take down was described by the other companies involved as “temporal” and “limited”, it still marks a successful effort on the part of Microsoft and partners.
  • View the Source

#2 Federal agencies warn hackers targeting U.S. hospitals with ransomware attacks | 10.28.20

  • Cybercriminals are stepping up ransomware attacks on health sector groups as the organizations grappled with a new wave of COVID-19 cases, according to the FBI, the Department of Health and Human Services (HHS) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA)
  • Officials warned that cybercriminals behind the attacks were deploying Ryuk malware, a ransomware virus that was recently linked to an attack on a German hospital that crashed servers and led to the death of a woman who was unable to receive life-saving care. 
  • Ransomware attacks have become an increasing concern to hospitals worldwide during the COVID-19 pandemic. 
  • View the Source

#3 Microsoft US election warning: Attackers hit Windows 10 Netlogon flaw | 10.30.20

  • Microsoft warned customers that it received reports about attacks on the Netlogon protocol bug in Windows 10. Though a small number of reports, it is the same issue they patched in August.
  • After spoofing Active Directory domain controller accounts, attackers could exploit the flaw to run malware on a device  network. 
  • The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) warned agencies to patch the flaw swiftly because Windows Server domain controllers are widely used in US government networks, and the bug had a rare severity rating of 10 out of 10.
  • View the Source 

Lessons Learned From This Month’s Hacks

Small businesses, especially in the healthcare industry, have never been more attacked by cybercriminals. At a minimum, you must be applying Windows Security Updates RELIABLY to every Windows device every month. Also, it would be best if you had an IT resource that keeps up with current trends via Reddit (/r/sysadmin), ZDNet, ASCII, and other sources regularly.

Ask yourself:

Does my internal IT resource have time or the wherewithal to keep up with this amount of information? 

Does my one-man IT Guy have the resources?

Does my IT Company?

Start with asking questions and reference the third article regarding the Netlogon exploit (more info here). How long did it take for your IT resource(s) to patch AND update the group policy on your Active Directory environment? 

Many small businesses are operating with this vulnerability even today — they lack sufficient IT resources and have no clue about the danger. If you have not heard a peep from your IT resource regarding the Netlogon exploit, email them ASAP and ask if the recent Netlogon flaw applies to you, and if so, what have they done to mitigate it. 

Reach out if you have questions here.