Hacker Tracker | May in Review

Where are we in the world of cybersecurity? It’s easy to miss the cybersecurity threats and attacks happening right in our “backyard”. Our goal at PK Tech is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware–without being afraid–of the cybersecurity threats that are real threats for your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity.

Check out our monthly “Hacker Tracker” for the latest in cybersecurity hacks, breaches and updates…

#1- Executive Order on Improving the Nation’s Cybersecurity | 5.12.21

  • The Executive Order states that IT service providers (including cloud service providers) have contract terms that may prevent the sharing of cyber threats or information on federal information systems.
  • Government contractors that provide software or services would be required to report cyber incidents to the relevant federal agencies based upon a sliding scale of risk assessment, with the highest risk requiring notice within 3 days of discovery.
  • Within 180 days of the Order (November 8), NIST is directed to publish preliminary guidelines for enhancing software supply chain security.
  • View the Source

#2 Colonial Pipeline paid close to $5 million in ransomware blackmail payment | 5.13.21

  • On May 7, Colonial Pipeline experienced a ransomware attack which forced the company to temporarily close down its operations and freeze IT systems to isolate the infection.
  • Colonial Pipeline reportedly paid the ransomware group responsible for a cyberattack last week close to $5 million to decrypt locked systems.
  • Though the payment was made soon after the attack began, it wasn’t enough to stop the disruption.
  • View the Source

#3 Apple isn’t happy about the amount of Mac malware out there | 5.20.21

  • A top Apple exec has said that Mac malware has now exceeded Apple’s level of tolerance, and framed security as the reason for keeping iPhones locked to the App Store.
  • Apple’s head of software engineering Craig Federighi told a court in California that Apple found current levels of malware “unacceptable”.
  • Since last May, there have been 130 types of Mac malware — and one variant infected 300,00 systems. 
  • View the Source 

Lessons Learned From This Month’s Hacks

  1. This one isn’t a hack, but it directly responds to the government getting hacked to pieces via insecure IT vendors. We’re watching this closely and expect further regulation applicable to the private sector as well. 
  2. TAKE RANSOMWARE SERIOUSLY. Also, DO NOT PAY THE RANSOM–IT FUNDS TERRORISM. Sorry for shouting. Also, Colonial paid the ransom, and it didn’t undo the damage. This is one of the most covered ransomware events in mainstream media so far, which we hope leads to more conversations with businesses asking–“could that happen to me?” The answer is YES, it happens to small businesses all the time and it’s typically preventable by working with a competent IT Company. 
  3. As we’ve said in the past, yes, Macs can get viruses. But, straight from the horse’s mouth, Apple said they get an unacceptable amount of viruses. So now that the myth is busted: hey Mac people — please be careful what you click on, run anti-virus software, and regulatory update your operating system. Better yet — if you’re a business that runs even one Mac, work with an IT Company that offers Managed Updates for Macs! We do. 

Reach out if you have questions here.