A Deep Dive into the Recent Casino Cyber Attacks

casino cyber attacks

A Deep Dive into the Recent Casino Cyber Attacks and How to Be Proactive in Your Cybersecurity Strategy  

The recent cyber attacks on industry giants Caesars Entertainment and MGM Resorts International have raised pressing questions on the vulnerabilities existing in the sector and the way forward.  As leading cyber experts, we took the time to unravel the intricate details of these attacks, the exploited systemic vulnerabilities, and the strong cybersecurity measures that stand as the industry’s best bet in defending its assets. 

What Happened with the Casino Cyber Attacks? 

The casino industry recently witnessed unsettling waves of cyber-attacks orchestrated by an aggressive and sophisticated criminal coalition identified as “Scattered Spider.” Collaborating with the Russia-based operation ALPHV, this group launched a mission to breach the casino giants, leaving a trail of distrust and significant financial ramifications. 

Caesars Entertainment - a name synonymous with luxury and entertainment, came under the radar of these cybercriminals. The casino reported a breach on September 7, potentially compromising the personal information of a massive customer base involved in its loyalty rewards program. Despite the company’s efforts to contain the damage, uncertainties loom regarding the long-term security and integrity of the compromised data. The evolving landscape of cybersecurity threats means that new vulnerabilities may emerge, requiring ongoing vigilance and adaptive security measures. Additionally, the potential for unauthorized access or the use of compromised information by cybercriminals remains a concern, highlighting the need for a comprehensive and sustained response to safeguard both the company and its valued customers. 

At the same time,  MGM Resorts faced disruptions that spanned across its resorts and casinos in the US, attributed to a calculated cyber offensive that started with a social engineering breach targeting the company’s IT help desk. The incident spiraled into a more complex intrusion involving impersonations and network compromises that shook the foundations of the firm’s cybersecurity infrastructure. 

casino cyber attacks
Source: Bridget Bennett/Bloomberg

How Did the Casino Cyber Attacks Happen? 

Social Engineering and IT Help Desks 

At the epicenter of these attacks lay sophisticated social engineering strategies meticulously deployed to infiltrate the IT infrastructures of the targeted companies. The attackers exhibited prowess in exploiting human vulnerabilities, coaxing individuals at the IT help desks to reset multifactor authentication (MFA) settings, thus paving the way for a deeper incursion into the networks. 

David Bradbury, Chief Security Officer at Okta, highlighted the method involving low-tech social engineering tactics to gain initial access, escalating into advanced impersonations within the network. “The human part was simple, but the subsequent part of the attack was complex,” he says. 

The warning bells had been sounded earlier, with advisories pointing to similar tactics deployed against high-privileged users, illustrating the evolving landscape of cyber threats where even seemingly simplistic strategies can yield profound results. 

Exploiting Weak Links 

A closer inspection of the attacks reveals an effort to exploit the perceived weak links within the organizations. The help desks emerged as significant points of vulnerability, with protocols allowing relatively easy access to password resets based on easily obtainable personal details.   

This glaring loophole points to the necessity of reinforcing even the basic layers of cybersecurity to counteract adept criminals who are constantly evolving their strategies. Regular security audits, robust encryption protocols, multifactor authentication, and ongoing employee training are critical in cultivating a culture of heightened cybersecurity awareness and resilience. 

 Furthermore, the offensive on Caesars highlighted another area of vulnerability – outsourced IT support vendors. The attackers managed to breach the network through a social engineering attack on an unnamed vendor, illustrating the pressing need for robust vendor risk management protocols.  

Many companies rely on a network of suppliers and vendors for essential functions and aren’t aware of the security risks it may entail. You should include vendor security training for any employees who work with or are in contact with vendors so they can learn how to identify risks such as vendor impersonation fraud. Download our free white paper here and share it with your team.  

When it comes to selecting your vendors, be sure to conduct thorough background checks, evaluate the vendor’s cybersecurity practices, and set clear expectations for compliance with industry-standard security protocols. Moreover, any contractual agreements should include specific clauses regarding data protection and incident response procedures to ensure that vendors are held accountable in the event of a breach. 

The Financial Repercussions: Ransoms and Data Security 

Post-intrusion, the criminal syndicate adopted an aggressive stance, threatening to release sensitive data and coercing the companies into a financial settlement to prevent data leaks. Reports suggest that tens of millions were paid to contain the situation, raising ethical and financial dilemmas on the efficacy of such measures. 

This financial aspect brings forth the concept of “pinky promises,” as described by Brett Callow, a threat analyst at Emsisoft. Organizations often find themselves in a predicament, negotiating with criminals for the security of their data, albeit with no guarantee of the data’s safety post-payment. The ramifications of such financial transactions echo far beyond the immediate financial loss, raising concerns over data security and ethical boundaries. 

Scattered Spider & ALPHV: The Collaborative Menace 

The collaborative effort between Scattered Spider and ALPHV represents a growing trend of cyber-criminal syndicates pooling resources and expertise to orchestrate large-scale cyber offensives. Scattered Spider, also known as UNC3944, showcases a blend of adept individuals based primarily in the US and UK, some as young as 19, bringing a dynamic and contemporary approach to cyber-criminal activities.  

Their collaboration with ALPHV, a group believed to be based in Russia, amplifies the threat potential, merging diverse skill sets and geographic locations to form a formidable force in the cyber underworld. This union raises alarm bells, calling for a concerted effort from cybersecurity firms globally to counteract such emerging threats. 

The Cyber Underworld: A Hub of Collaborations and Innovations 

In the dark recesses of the cyber underworld, groups such as Scattered Spider and ALPHV constantly evolve, innovating their tactics and expanding their networks. They operate in a space where knowledge sharing and collaborations are commonplace, fostering an environment that nurtures criminal ingenuity and agility. 

These groups exploit the anonymity offered by the dark web, leveraging it as a platform to coordinate attacks, share insights, and even claim responsibility for their actions, as witnessed in the recent attacks where ALPHV claimed credit and countered rumors regarding the involvement of teenagers from the US and UK. 

 As we navigate this complex landscape, it becomes crucial to understand the dynamics of these criminal networks and to develop strategies that can effectively counteract their evolving tactics.  

The Repercussions Beyond Financial Loss 

Impact on Brand Equity and Customer Trust 

Cyber-attacks often leave a lasting impact on the brand equity and trust that organizations have built over the years. Customers entrust companies with their personal data, expecting strict measures to safeguard their privacy. Incidents such as these shake the foundation of trust, potentially leading to customer attrition and tarnishing the brand image, as it did for T-Mobile.  

T-Mobile has been in the headlines numerous times in the last few years, and not for good reasons. Since 2018, T-Mobile has suffered nine breaches affecting millions of customers and resulting in an ongoing class action lawsuit and a loss of customer trust. Thankfully, the company has since reported substantial progress and backed its statement by pledging $150 million toward enhancing its cybersecurity. 

Regulatory Scrutiny and Legal Repercussions 

The casino industry operates within a legal framework that demands adherence to data protection regulations. Cyber incidents of such magnitude can attract regulatory scrutiny, with potential legal repercussions that can translate to hefty fines and sanctions. These incidents bring forth the pressing need for compliance with data protection regulations and the implementation of robust cybersecurity protocols to prevent such breaches. 

Here, the NIST Cybersecurity Framework (NIST-CSF) stands as a valuable resource. It provides a comprehensive set of guidelines and best practices for organizations to manage and mitigate cybersecurity risks effectively. By adopting the NIST-CSF, casinos and other entities within the industry can systematically assess their cybersecurity posture, identify vulnerabilities, and implement measures in alignment with industry-recognized standards.  

This framework not only bolsters their security defenses but also demonstrates a proactive commitment to regulatory compliance, potentially mitigating legal consequences in the aftermath of a breach. It serves as a strategic roadmap for developing and maintaining a resilient cybersecurity posture, safeguarding both sensitive customer data and the reputation of the organization.  

Industry-Wide Ramifications 

The repercussions of such attacks echo across the industry, setting a precedent that can influence operational strategies and investments in cybersecurity across players in the sector. Companies are now urged to rethink cybersecurity strategies, acknowledge the evolving nature of threats, and adopt proactive measures to safeguard assets. 

Economic Implications 

From an economic perspective, such cyber incidents can have broader repercussions on the industry and the economy. The financial losses incurred, coupled with potential dips in stock prices and investor confidence, can translate to substantial economic ramifications, underscoring the importance of strong cybersecurity measures in sustaining economic stability.  

How to Avoid Incidents like the Casino Cyber Attacks

Strengthen Authentication Processes 

A foundational step in building an impactful cybersecurity infrastructure involves strengthening authentication processes. Implementing multifactor authentication with stringent verification checks can act as the first line of defense against social engineering attempts. This measure demands a cultural shift within organizations, nurturing a spirit of vigilance and awareness regarding the evolving nature of cyber threats.  

Robust Training and Awareness Programs 

A proactive approach to cybersecurity involves the cultivation of robust training and awareness programs that equip staff with the necessary skills to identify and counteract potential phishing attempts. These programs should encompass various facets of cyber threats, including SMS text phishing, a tactic frequently deployed by groups such as Scattered Spider. 

In-depth training sessions should cover not only the technical aspects of recognizing suspicious emails or messages but also the psychological tactics used by cybercriminals to manipulate human behavior. Employees should be educated about the telltale signs of phishing, such as unfamiliar senders, requests for sensitive information, or urgent language designed to induce hasty actions. Simulated phishing exercises can be invaluable in providing practical, hands-on experience, allowing employees to practice their responses in a controlled environment. 

Vendor Risk Management 

The recent attacks brought to light the vulnerabilities associated with outsourced IT support vendors. This revelation underscores the need for rigorous vendor risk management protocols, scrutinizing the cybersecurity measures of third-party vendors, and ensuring compliance with stringent cybersecurity standards. 

Outsourcing services is common and allows organizations to tap into specialized expertise and resources. However, this practice also introduces an additional layer of risk. Companies must treat their vendors’ cybersecurity practices with the same level of scrutiny as they do their own. 

Conducting thorough due diligence when onboarding vendors is the first line of defense. This includes comprehensive assessments of their cybersecurity policies, procedures, and infrastructure. It’s imperative that vendors have robust security measures in place, including firewalls, encryption protocols, and intrusion detection systems. It’s crucial to evaluate their incident response plans and disaster recovery capabilities, as a vendor’s ability to respond to a breach quickly can directly impact the security of the organization they serve.  

 Advanced Analytical Tools 

In the arms race against cyber criminals, the deployment of advanced analytical tools stands as a critical component in building a resilient defense infrastructure. These tools, leveraging machine learning and real-time analytics, can detect and counteract threats dynamically, evolving concurrently to stay ahead of the adversaries. 

Real-time analytics can enhance an organization’s ability to respond effectively to cyber threats. By processing and analyzing data in real time, security teams gain immediate insights into potential breaches or suspicious activities. This allows for rapid decision-making and timely intervention, potentially mitigating the impact of an attack. 

Additionally, the integration of threat intelligence feeds into these analytical tools and enhances their effectiveness. By leveraging up-to-date information on known threats, attack vectors, and cybercriminal tactics, organizations can proactively adjust their defenses to counteract emerging threats. 

Incident Response Plan 

Developing a detailed incident response plan emerges as a vital element in the blueprint for strong cybersecurity. This plan, outlining the steps necessary for swift action during a breach, can potentially limit the damage and secure critical data, acting as a safety net in times of crises. 

The incident response plan serves as a structured guide, providing a clear roadmap for the organization to follow in the event of a security incident. It outlines the roles and responsibilities of key personnel, ensuring that everyone understands their specific tasks and how they contribute to the coordinated response. This level of clarity is invaluable in high-pressure situations, enabling a more efficient and effective response. 

Furthermore, the plan should incorporate a thorough risk assessment, considering potential vulnerabilities, likely attack vectors, and the potential impact of various types of breaches. This assessment allows for the prioritization of response efforts and the allocation of resources to the areas most in need. 

If you’re not sure where to begin, download our free incident response plan template

Prioritize Peace of Mind

Your peace of mind and your company’s future are worth every effort.  Contact us today if you’re searching for a holistic approach that ensures your cybersecurity strategy aligns with your organization’s unique needs and challenges.  

Passkeys: The Future of Password Security

Passkeys: The Future of Passwords

When it comes to digital security, passwords have long served as the primary line of defense for users to protect their personal information. From online banking to food delivery apps to social media, we rely heavily on passwords to secure our data. However, the limitations of traditional passwords have become evident over the years. Between human error and cybercriminals becoming increasingly sophisticated, sometimes the only thing standing between cyber criminals and our sensitive information is eight characters. 

In previous blog posts, we provided insight into passwords and password managers, but as the digital landscape and cybersecurity trends change, we should be keeping up. This article will cover the limitations and risks of traditional passwords and password managers and why passkeys are seen as the future of passwords. 

The Rise and Fall of Passwords 

From humble beginnings in the early days of computing to now, passwords have played a crucial role in ensuring the security and privacy of our online accounts. In the past, passwords were often simple and easy to guess, reflecting a time when cyber threats were less prevalent. However, the need for stronger passwords grew as technology advanced and hackers became more sophisticated, using methods like brute-force attacks, keylogging, phishing, malware, and more. 

These advancements led to stronger password recommendations, including using more characters and a mix of uppercase and lowercase letters, numbers, and symbols. Though recommendations can improve your password strength, when it comes to things like length and composition, your password doesn’t actually matter. Without an extra layer of security, like Multi-Factor Authentication (MFA) or advanced threat detection, your password is still vulnerable to countless password-based attacks every day. 

Password security has seen significant developments since the popularization of MFA, an electronic authentication method that requires 2+ pieces of evidence to access an account. MFA has proven to be one of the most effective ways to protect accounts against unauthorized access. In a report released by Microsoft in 2018, they found that MFA can block over 99.9 percent of account compromise attacks. 

Despite these improvements, password users are human, and humans are subject to forgetfulness and complacency. Creating and remembering unique and complex passwords for every account is difficult, leading to repeated passwords and weak protection.

 

password manager

Password Managers

Password Managers have been around for decades, with RoboForm being the first released in 2000. A password manager is a digital encrypted vault where users can store passwords securely, and it is one of the safest ways to juggle and store your accounts and passwords. Most password managers will suggest unique and complex passwords when making a new account, which streamlines the process of creating a strong password and reduces the frustration of creating and remembering a new one. Some more features that password managers have are password strength analysis, warnings when you’re reusing passwords, secure sharing, and auto-filling user credentials. Some password managers, like 1Password, have stated their plans in the near future to integrate passkey support into their platforms. 

Though password managers are a great way to secure sensitive information, some drawbacks come with it. Having one password to access your password manager means there is a single point of failure if your master password is compromised or there is a breach in the password manager’s security, meaning all your passwords and accounts could be at risk. 

It could also be a risk to depend on a password manager entirely. If you rely on it heavily and it suddenly becomes inaccessible due to server issues, software bugs, or other incidents, you could encounter difficulties trying to access your accounts. Additionally, you would have the challenge of remembering your master password, which should be strong and complex. 

What is a Passkey?

On May 3rd, 2023, Google announced its launch of the passkey, a passwordless login for their account users to offer advanced protection. A passkey is a digital credential tied to a user account and a website that allows users to access certain accounts with pins or biometric sensors (fingerprints or facial recognition) to free them from remembering and managing passwords. Google states this technology aims to “replace legacy authentication mechanisms such as passwords.” Many companies already use passkeys in their systems, including Google, DocuSign, Robinhood, Shopify, Paypal, Kayak, and more, and it’s not unlikely that many more will follow the trend. 

 

Passkey

Why should I use passkeys?

  1. Passkeys are easier. Being able to authenticate your identity using your device’s fingerprint sensor, facial recognition, or PIN removes the roadblocks that come with a password manager and individually memorizing passwords. It also leaves less room for human error and vulnerabilities for cybercriminals to uncover, allowing for a simplified sign-up and login process. 
  2. Passkeys are more secure. Because passkeys are tied to individual devices, they provide a higher security level than traditional passwords. They’re generated using cryptographic algorithms, making them more complex and resistant to brute-force attacks. Passkeys are also less susceptible to phishing attacks since passkeys are system-generated, not user-entered, and only work on their registered websites and apps, meaning users don’t need to worry about entering their passkeys on fraudulent websites or providing them to malicious actors.
  3. Passkeys integrate easily with MFA. Passkeys can be used as part of a multi-factor authentication (MFA) setup, where multiple authentication factors are combined for stronger security. Using a passkey can fulfill the criteria for multifactor authentication in a single step, combining the strengths of both a password and a one-time password (OTP), such as a 6-digit SMS code, which provides heightened security and offers enhanced protection. 

 

Passkeys: A Promising Future for Password Security 

With enhanced strength and resistance to common vulnerabilities, passkeys provide a powerful means of authentication and a promising future for password security. Passkeys enhance the overall security landscape by eliminating the reliance on user-generated passwords and integrating with multi-factor authentication. Their ability to meet multifactor authentication requirements in a single step and their effectiveness against phishing attacks make them an exciting advancement in password protection. 

As more companies move toward passkeys and embrace innovative authentication methods, we can look forward to a future where our online accounts and sensitive data are better protected, enabling us to navigate the digital world with greater peace of mind. If you are looking to improve your cybersecurity posture, contact us today. We would love to get in touch with you.

Ask an Expert: History Repeated with Another T-Mobile Data Breach

Ask an Expert: History Repeated with Another T-Mobile Data Breach

T-Mobile has been in the headlines often for all the wrong reasons – multiple data breaches that have affected millions of customers. The telecom giant has a history of struggling to keep its users’ information safe. Understandably, these events caused an uproar among customers, and they were quick to demand answers and improved security measures. Keep reading for a look into the history of T-Mobile data breaches, the most recent 2023 T-Mobile Data Breach and how it affected current and prospective customers, and statements from our Director of Cybersecurity.

 

The Summarized History of T-Mobile’s Data Breaches

Since 2018, nine hacks have been disclosed by T-Mobile, with half being in the last three years. These previous breaches ranged from the following:

2018-2020

  • August 2018: About 3% of customers (2.3 million) were affected by unauthorized access to personal customer data, including the name, billing zip code, phone number, email address, account number, and account type of users.
  • November 2019: Less than 1.5% of customers (over a million) were affected by unauthorized access to name, billing address, phone number, account number, rate, plan, and calling features (such as paying for international calls).
  • March 2020: Unknown amount of customers affected by unauthorized access to names and addresses, phone numbers, account numbers, rate plans, and billing information.

 

2021-2023

  • January 2021: Less than 0.2% of customers were affected by unauthorized access to name, phone number, account number, and billing address.
  • February 2021: Unknown amount of customers were affected with unauthorized access to names, addresses, email addresses, account numbers, social security numbers (SSNs), account personal identification numbers (PIN), account security questions and answers, date of birth, plan information, and the number of lines subscribed to their accounts.
  • August 2021: 40 million former or prospective customers affected with unauthorized access to names, date of birth, SSN, and driver’s license/ID information, were compromised. 7.8 million customers were affected by unauthorized access to name, date of birth, SSN, and driver’s license/ID information, as well as 5 million customers affected with unauthorized access to phone numbers, as well as IMEI and IMSI information.
  • December 2021: “A very small amount of customers” experienced SIM Swap Attacks – meaning a SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed.
  • April 2022: Stolen source code after T-Mobile employees’ credentials were stolen online. No government or customer data were compromised.
  • January 2023: In November 2022, 37 million customers were affected by unauthorized access to name, billing address, email, and phone number. This breach wasn’t discovered until months later, in January 2023.

 

Although this list may seem extensive, it doesn’t include other bugs and vulnerabilities discovered at T-Mobile over the years.

 

2023 T-Mobile Data Breach: T-Mobile’s Response

After the most recent breach earlier this year, T-Mobile wrote in its SEC disclosure that since 2021, they have made a “substantial multi-year investment working with leading external cybersecurity experts to enhance our cybersecurity capabilities and transform our approach to cybersecurity.” They state that they’ve made substantial progress since and backed their statement by pledging $150 million toward enhancing their cybersecurity.

All things considered, we can only hope to see the results and benefits of their cybersecurity improvements, as T-Mobile claims that protecting customer data is their top priority.

 

Potential Impacts On Current and Prospective T-Mobile Customers

​​The latest data breach by T-Mobile will likely negatively impact current and prospective customers. As news of the recent breach spreads and more awareness is made about T-Mobile’s long history of breaches, people may have become wary of trusting their personal information with T-Mobile and may take their business elsewhere. It may also cause some customers to question the overall security of T-Mobile’s systems, and as a result, they may choose not to use their services.

It can be challenging to trust a company that has had multiple data breaches in its history. Still, it’s important to remember that T-Mobile has taken immediate action following its numerous breaches. They invested heavily in improved security measures and are now working to enhance their cybersecurity.

 

Class Action Lawsuit for January 2023 T-Mobile Data Breach

T-Mobile isn’t the first organization to suffer multiple breaches over the years, and it certainly won’t be the last. Though T-Mobile has acted quickly over the years to shut down breaches, address customers’ concerns, and offer settlements. A recent Class-Action Lawsuit was filed against them for the most recent breach announced in January 2023 breach. The lawsuit states, “T-Mobile failed to exercise “reasonable care” in safeguarding the private information of millions of consumers from a data breach announced around January 20, 2023.” Learn more about the class action lawsuit here.

 

 

The Future of T-Mobile After Its Numerous Data Breaches

The 2023 T-Mobile data breach and the prior breaches have been unfortunate events that left many of its customers feeling violated over the years. Though events like these are unprecedented, it becomes a bit concerning when they repeatedly occur to a company of this size. Since its most significant breach in 2021, T-Mobile has announced its efforts to enhance cybersecurity by pledging $150 million toward the cause and working with leading cybersecurity experts to transform its approach to cybersecurity. We have seen quick responses after past breaches and hope to see improvement in the future.

 

Ask An Expert: FAQ with Edge Networks’ Director of Cybersecurity

What are the most common causes of data breaches?

This is a great question; I believe that the most common causes of data breaches are misconfigurations and human error. Specifically, ensuring that MFA is enabled, and if not, that is considered misconfiguration. An example of human error would be to accept a request asking for approval to allow login if it is not actually you requesting the access.

 

T-Mobile has disclosed nine hacks since 2018. Why does it keep happening?

Very tough to say. T-Mobile is a national carrier with a lot of information, which makes its organization a desirable target. Cybersecurity is not one-size-fits-all. The best an organization can do is ensure they’re following a well-established security framework and aligning themselves with it.

 

Should I switch providers if my current one has suffered a data breach?

Honestly, one would probably run out of options if you tried that. A lot of organizations have been breached. I personally do not believe you have to switch providers. However, I also do not believe an organization is more secure after a breach than before.

 

How can I determine if a company is trustworthy and will handle my data safely?

This is a most excellent question! Ask the company if they have a SOC2 type 2 report that they can share. If they don’t, and the data you plan on having them work with is critical, you might consider walking away. If more consumers asked businesses for this information, they would work towards achieving a higher cybersecurity posture.

 

How can organizations protect themselves from data breaches?

Treating cybersecurity investments as if they were the paper your organization needed to operate. Cybersecurity should never be an afterthought, and organizations need to prepare and budget.

  1. Establish a security framework, and work towards “checking” all the boxes.
  2. Ensure that you have security awareness training for all
  3. Setup Multi-Factor Authentication (MFA)
  4. Work with partners that can help secure and align your business

 

How should organizations respond after a data breach?

All organizations should be 100% TRANSPARENT. Many laws are coming down the pipeline for organizations. In fact, a few states that already have stronger notification laws in place, such as California. It’s not unrealistic to believe several others will be following their lead. Work on the plan that was hopefully implemented before the breach occurred.

 

Conclusion

For many people, the latest T-Mobile data breach has left them concerned and vulnerable. If you have any questions or concerns, feel free to contact us. We’d love to chat with you!

AUGUST 2022: Major Vulnerabilities Found on Apple Devices, Users Urged to Update Software

On Wednesday, August 17th, 2022, Apple released two security reports revealing significant vulnerabilities that give hackers complete access to certain devices, such as iPhones, iPads, and Macs.

We highly recommend you update your devices regularly to ensure the safety of your data and devices, and prioritize your organization’s cybersecurity.

“It’s important that companies have a patch management program to help them when zero days such as these come out,” shares Dan Pritzlaff, Director of Cybersecurity at Edge Networks.  “Apple did state that these vulnerabilities were being actively exploited, which makes them higher priority than your typical patch.”

 

What are the vulnerabilities?

The security reports highlight the two vulnerabilities found: WebKit, the browser engine that powers Safari, Mail, App Store, and other apps, and Kernel, which is the core of the device’s operating system. In short, these vulnerabilities give hackers the ability to execute any code and run any software as if they are you – the owner of the device.

 

Which devices are at risk?

Affected devices include:

  • iPhone 6S and later models
  • iPad including 5th generation and later
  • All iPad Pro models
  • iPad Air 2
  • Mac computers running macOS Monterey
  • Some iPod models (such as iPod Touch 7th Generation)

However, some models not listed may be at risk as well. 

 

Has anyone been affected by the vulnerabilities?

So far, there have been no confirmed reports where these vulnerabilities have been used against people or devices, and Apple has made no additional statements on the issue apart from the initial security reports.

 

How to Update Your Apple Devices after the August 2022 Security Reports

To update your iPhone, iPad, or iPod, go to “Settings”, “General”, “Software Update”, where it should show you the latest version (iOS 15.6.1) to download and install.

To update your Mac computer, go to “System Preferences” then “Software Update” to download and install the latest version (macOS Monterey 12.5.1).

If your Mac is running on an older operating system such as macOS Catalina or Big Sur, your device is not at risk. However, updating your devices regularly are still highly recommended.

 

Remember to Update Your Software Regularly

To ensure you always have the latest security updates, turn on Automatic Updates in your device’s General Settings. Learn more about how software updates can increase your cybersecurity below.

We highly recommend you update your devices regularly to ensure the safety of your data and devices.

Software updates are just one of the many facets of keeping your company safe from cyber-attacks. To learn more about the health of your business’s cybersecurity, take our free, self-guided IT security risk assessment today, or contact us for a free 30-minute consultation.

Edge Networks Ranked #1 in Cybersecurity & IT Firms in Washington

Clutch.co top IT service award for edge networks

Since 2006, Edge Networks has been providing all-things IT to our clients in order to help them be more productive and profitable. Our focus on making our clients happy has caught the attention of Clutch.co. Recently, they recognized Edge Networks as one of the top B2B companies in Washington and the #1 Cybersecurity and IT firm!

The Edge Networks team is happy to be receiving a Clutch Award. Edge Networks Founder and CEO, Mark Tishenko says: “I’m extremely proud of our team for delivering happiness to our customers, who in turn helped us earn this amazing award.”

Clutch is a B2B site that rates and reviews agencies across a variety of industries in the United States. The team helps connect businesses with the best suited service provider to solve their firm’s challenges. Based on their unique method, they rank hundreds of companies by evaluating their client feedback, market presence, and work portfolio. Our Clutch profile is #1 in their Leaders Matrix out of the top 15 Portland IT and business service providers.

Our success is not limited to Clutch. Rather, it extends to their sister sites: Visual Objects and The Manifest. Visual Objects publishes the creative and visual work of B2B companies so that prospective clients may view previous projects. Similarly, The Manifest aids potential buyers by sharing how-to guides and industry reports. Like Clutch, we are ranked on The Manifest with other leading B2B agencies.

Additionally, this year, Expertise.com listed Edge Networks among the Best Managed IT Service Providers in Vancouver. 

All the teammates at Edge Networks are happy to receive this recognition. We would like to thank our clients for taking the time to thoroughly review our services with the team at Clutch, and we look forward to the future as we continue to help our clients optimize their IT capabilities! 

Want to work happy? Let us know . When you work with Edge, you have a cavalry of award-winning IT professionals behind you that’s dedicated to solving issues fast and recommending the right solution. 

What You Need to Know About CMMC 2.0

Are you CMMC Compliant?

Now more than ever, it is becoming more and more important to start improving your cybersecurity posture. From a business standpoint, so much of what you do is web-based. This leaves you open to the threats that accompany the web. 

However, you can be proactive and prepared with a strong cybersecurity plan. CMMC 2.0 is just one of those solutions. Are you compliant with CMMC

It just might be time to get on board with cybersecurity for your business. It’s not just for the Department of Defense but for any commercial market that contracts with them. 

Keep reading to learn everything that you need to know about CMMC 2.0.

 

What is CMMC?

CMMC stands for Cybersecurity Maturity Model Certification. Version 2.0 is simply the latest revision of that program. 

CMMC is a compliance requirement based around NIST 800-171. It’s an assessment program geared explicitly toward cybersecurity with the Department of Defense and contractual providers in mind. 

The requirement to be compliant is fairly new, and while CMMC 2.0 has already been released, it will not be  a requirement for some time still. Ultimately, the design for compliance is to proactively keep data secure and mitigate multiple threats through review. 

Here are some of the features of the requirements. 

  • Employ professional and ethical standards that are geared to gain and maintain the trust of the public
  • Improve accountability for DoD requirements without excessive barriers. 
  • Enhance cyber security by mitigating threats and recognizing new threats as well. 
  • Protect sensitive data of DoD personnel
  • Collaborate to improve cybersecurity and proactively work against it while growing resilience

The real problem is that while CMMC was enacted in 2018, a massive number of contractors and businesses remain out of compliance. 

Businesses are required to obtain third-party assessments and audits at this point, and even with the CMMC program, many of those businesses will still have to obtain a third-party assessment. Even though one of the program’s high points is to help eliminate that need. 

There are five different levels of CMMC.

 

CMMC Levels

CMMC is offered in tiers that consist of 5 different levels. The levels depend on the amount of security that might be required or the data at stake and in so, the expectations do change for each level. 

Each level has a certain number of controls within the level, and they build on each other. For example, Level 1 has 17 controls. Level 4 has 156 controls, and it also includes the controls from levels 1, 2, and 3. 

Here is a basic overview of the levels, according to Fed Tech Magazine:

  1. Level 1 is designed to safeguard federal contractual information
  2. Level 2 is designed to be a stepping stone for cybersecurity from Level 1 in the progression towards controlled unclassified data
  3. Level 3 is designed to protect CUI specifically (controlled unclassified information)
  4. Level 4 is designed to build on Level 3, protecting CUI and reducing advanced threats
  5. Level 5 is the highest level and builds on each level to protect CUI and fight advanced persistent threats against security

Level 1 is basic practice, and level 5 is fully optimized behavior regarding cybersecurity and taking steps to protect CUI.

 

Who Needs CMMC?

The field of those who have to comply with CMMC 2.0 is vast. This program is geared towards the Department of Defense cybersecurity, which means it is far-reaching. Not only does this mean the direct Department of Defense and the military forces that are part of the DoD but it also refers to any company that does business with the DoD. 

This list is massive, and includes thousands of companies. However, it isn’t only large corporations that must be in compliance. Companies of all sizes will need CMMC 2.0 and need to navigate the rules that are put out and then act to bring themselves into compliance. 

This isn’t specific to an industry. It is any corporation or business that does business or contracts with the Department of Defense. If you consider all of the branches and the myriad of suppliers they must have, you probably are still estimating low on the number of businesses. In fact, the estimate is that when CMMC 2.0 is officially rolled out, more than 40,000 contractors will need third-party assessments. They estimate that at least 220,000 businesses total are involved with the DoD in some way.

 

Why Was CMMC 2.0 Created?

Many wonder why CMMC 2.0 would be necessary when CMMC already existed and wasn’t even in full force yet. 

CMMC was put into place in 2018, yet many businesses were still out of compliance. The program was set to be reviewed in 2021 as they started placing CMMC into contracts. However, they quickly found that implementing CMMC could be extremely costly and time-consuming as it currently stood. 

They specifically were concerned for the small businesses that would be affected by the requirements and how they would implement and maintain a high level as required. The original CMMC was not scaled and did not take different business practices into consideration. 

This need to recognize different levels and change the rules and practices led to creating CMMC 2.0. Once that was realized, they put everything on hold while they ironed out the details of CMMC 2.0, determined how to implement it, and then created the rules for it. 

Right now, businesses that contract with the Department of Defense have a head’s up and a basic understanding of the rules, but the final requirements are yet to come.

 

What are the Main Changes Between CMMC and CMMC 2.0?

There are quite a few changes from CMMC to CMMC 2.0, but the biggest change is how different levels are handled and their requirements. 

For example, some businesses will be able to self-attest to their cybersecurity practices, depending on the data they use or have access to. If their data is not specific to national security, they will be allowed to self-attest. This would be your Level 1 and maybe some Level 2 businesses. 

Some of these businesses do work with or for the DoD, but they don’t handle any sensitive data, so their requirements don’t need to be near as stringent. Ultimately, Level 1 businesses will be able to self-attest by having a senior executive sign off that they are in compliance with cybersecurity standards. 

The hope is that regulating the tiers and what is required of each tier will reduce the burden of requirements all around. The higher the tier, the more sensitive their data is, and the more stringent their requirements will be with the changes implemented by CMMC 2.0. 

As we mentioned earlier, this change will potentially reduce the number of contractors that have to be thoroughly reviewed by the DoD from the entire 220,000+ businesses to 40,000 that will require a third-party assessment.

 

As the levels move up, fewer businesses fall into the tiers. About 80,000 businesses fall into Level 2, but not all require external assessments. Level 3 businesses only include about 500. They will be audited by DoD themselves.

The changes from CMMC to include all businesses and CMMC 2.0 to create the different tiers reduces the burden for the Department of Defense and a significant number of businesses that they work with. 

Small and medium businesses that do not deal with critical data will not have to follow the same challenging standards as level 3-5 businesses, which have the most sensitive data at their fingertips. 

Some of the other specific changes are not fully known yet as they continue to determine the rules that will be enforced with CMMC 2.0. However, this review covers the most anticipated differences expected from the change. 

CMMC 2.0 also has a waiver opportunity in some cases. It is a limited waiver, but CMMC did not allow for any kind of waiver.

 

When Will CMMC 2.0 Be a Requirement??

CMMC 2.0 has quite a way to go still. The Department of Defense has already set the expectation that 2023 is the anticipated timeline for CMMC 2.0 being a requirement. Since they decided to change gears on their approach, they’ve halted the implementation and put requiring CMMC compliance on hold until they have finalized the new rules of 2.0. 

They have acknowledged that it will take time to come up with rules and specifics. You can view the basics of the ruling and the categorization of the levels that will be implemented. However, patience will be required to find out all of the details. 

When they do present the final rules, they will also provide a hard deadline for compliance. Right now, the statement is that they will allow 180 days for businesses to comply. 

The Deputy Assistant Secretary of Defense for Industrial Policy, Jesse Salazar, quotes: “My hope is that no company in the defense industrial base or in the broader commercial market is waiting for DoD contractual requirements to begin its cyber readiness process. We are encouraging all companies to start improving their cybersecurity.”

Rather than wait until those final rules are enforced, a business could go ahead and start planning to accommodate cybersecurity and figuring out their steps. If you wait until the last minute to begin preparing, you will more than likely run into issues getting things established and won’t be compliant when you need to be.

 

When Will Waivers Be Allowed?

While the exact specifics of the waivers might not yet be 100% known, the understanding is that the waivers will be allowed primarily on an as-needed basis. 

The waiver is a limited waiver for certification requirements. It will be a temporary waiver granted when a case is mission-critical. The understanding is that they will be granted on a case-by-case basis and won’t just be handed out freely. They will require approval from senior leadership personnel at DoD. 

The rules are still being planned, just like the other rules related to CMMC 2.0. Those guidelines and details will be established along with all of the other guidelines businesses are patiently waiting for more details on. 

 

In Closing

Cybersecurity is no joke. With increased cyber use for just about any business interaction, the Department of Defense recognizes the need to take action and acknowledges that not all of their associated contractors have the same design and should be subject to the same rules. 

This is what has led us to CMMC 2.0. As the time draws closer to the establishment, we will see more details released. Until that time, businesses can start planning for the future of CMMC 2.0.

Find out how Edge Networks can help your company become CMMC compliant by visiting our website. We take care of your compliance so you can focus on running your business.

Pegasus Spyware: The Zero-Click Spyware Infecting Smartphones

Pegasus Spyware: The Basics

Back in June, it was discovered that Pegasus Spyware, specifically developed to track criminals and terrorists, made its way to more than 50,000 phone numbers, some of which included heads of state governments, presidents, and prime ministers. Because this spyware was discovered on the devices of the world’s elite, everyday smartphone users are left wondering if this spyware is lurking within their devices and if it is, how they can detect it and remove it. Below, we’ll dive into Pegasus Spyware, helping you determine your risk and what you can do if you’ve been infected. 

Spyware is something that the world has known about since 1995, introduced as an interchangeable word to refer to adware and malware. It wasn’t until the turn of the century that spyware started to evolve, becoming one of the most dangerous threats on the web. In 2021, spyware has become a whole new beast, especially as the global use of electronics, specifically cell phones, is on the rise. 

 

What is Pegasus Spyware?

Pegasus is advanced spyware created by Israel’s renowned technology firm, NSO Group. Specifically designed to target smartphones, Pegasus doesn’t discriminate, creating a risk for all devices within the platform trifecta Android, iOS, and Blackberry.

Like other types of spyware, Pegasus is designed to gain access to devices. While other traditional spyware is mainly acquired via mobile vulnerabilities, Pegasus is installable on devices via apps like WhatsApp, leaving no traces behind. Other spyware usually requires the installation of a malicious app (primarily via jailbreaking and rooting) or the click of a malicious link that led to the installation of spyware on the device.

Pegasus is so powerful because it requires the user to do nothing, taking advantage of a known vulnerability in apps like iMessage. Once embedded into a device, Pegasus spyware can access all apps, including those with access to real-time details like cameras and microphones. It’s not easily detectable and can linger in devices long enough to collect sensitive information.

 

Who might be vulnerable to it?

According to statements from the NSO Group, the only entities with access to Pegasus software are “the military, law enforcement, and intelligence agencies from countries with good human rights records.” Though their intentions might be good, that didn’t keep some countries from restricting use, including the United States and France.

Those that may be more vulnerable are activists, journalists, businesspeople, known criminals, government leaders and anyone connected to them that is suspected of a crime. Currently, NSO Group is not releasing clients, so it’s unclear whether or not those that are vulnerable or targeted are regulated.

Because of these spyware discoveries, Pegasus spyware is starting to get a negative reputation across the globe, with many world leaders concerned with their privacy and national security. Apple is among the first platforms to sue NGO groups, though others are expected to follow suit. When notified about the lawsuit and the implications they were facing, NGO Group did not admit to any wrongdoing and claimed that their product nor procedure were not breaking any law. In fact, they pointed out their strong suit, claiming “authorities combat criminals and terrorists who take advantage of encryption technology to avoid detection.”

 

How does it infiltrate a phone?

Pegasus spyware is more sophisticated than other types of spyware, able to infect devices without user interaction. Pegasus works by targeting zero-day vulnerabilities, which are vulnerabilities that cybersecurity experts are not yet familiar with. The attack is considered zero-click and typically infects smartphones with vulnerable apps.

Recently, Apple discovered that the spyware was targeting iOS messenger because of a vulnerability not yet patched. Because there is no user involvement required and no noticeable changes to infected devices, it can be difficult to detect. At the moment, there doesn’t seem to be a tool to directly detect Pegasus spyware, though there are ways to understand risk.

Assessment of risk is perhaps the most aggressive measure against Pegasus spyware, though users can do other things to detect its presence on their device.

 

How can someone detect Pegasus Spyware?

There is some good news for those who have a smartphone and are worried about the presence of spyware. Though 50,000 numbers have been listed as infected, it is not just an ordinary list of people. Those 50,000 were linked to several government officials, political activists, journalists, and those involved in their country’s politics.

That means that most smartphone users are excluded, though that doesn’t make most feel at ease. Spyware of any kind can infect devices, which is why it’s helpful to know how to detect it. Due to Pegasus spyware’s sophistication, it’s not detectable with just any antivirus, leaving users to seek other detection methods.

One popular method of detection that works on all devices is Amnesty International Mobile Verification Toolkit.

This toolkit is compatible with Linux and macOS, searching the device for unknown items that could represent a malware infection. Because news of this spyware is novel, it’s not yet set up to work 100%. While it will not detect Pegasus spyware directly, it alerts smartphone users of “indicators of compromise,” showing an infection on the device. 

Though Amnesty International’s toolkit seems promising, cybercriminals are always trying to stay one step ahead in their methods of defeat. Word of a recent campaign to trick users looking for a way to protect their devices hit newsstands in early October, with a group of cybercriminals disguising themselves as Amnesty International. For those looking for a way to detect Pegasus spyware on their device, Amnesty International is a safe bet. However, they should only inquire about information from the actual website and avoid clicking any unknown third-party links.

An additional option for iOS users that shows promise for detecting Pegasus spyware is Apple’s very own iMazing. This optional scan was created to scan devices to provide evidence of spyware. Installing it on devices is simple and comes with a guided process that takes about 30 minutes. iMazing will scan each app on the device and check for malicious content, creating a detailed report that users can access to find out whether or not they have items on their device that require attention. 

 

How can it affect security?

Spyware is different from other types of attacks in that it turns the cell phone into a surveillance device. The longer that spyware is left on a device, the more information it can gather and the more harm it can potentially cause. A few of the most common security implications due to Pegasus software include copying and sending private messages, recording phone calls, and collecting photos both taken on the device and received from messages and apps.

Pegasus can even gain access to users’ microphones and cameras, spying on users without their knowledge. Because of this powerful ability, users with Pegasus spyware installed on their device could have someone monitoring their phone calls and starting the device’s camera without their knowledge, falling victim to severe implications if any wrongdoing is suspected.

For most smartphone users, access to such information will not be lead to criminal action, though it could cause issues with loved ones or professionally. However, because Pegasus targets criminals, world leaders, and other important figures across the globe, some captured information could lead to further investigations.

Apart from the ability to monitor those who might cause harm, Pegasus spyware could create danger if the information is passed into the wrong hands. National and international security could be in harm’s way, and other sensitive details could result in increased criminal activity. Companies too could face implications if collected information falls into the wrong hands, with others able to predict their next move.

Because of these serious security implications that companies are taking action, including global giants like Amazon. They, like others, are making moves to restrict and even shut down services linked to Pegasus spyware. Though companies are taking action on their own, cybersecurity experts are closely monitoring for increased malicious activity and attempting to stop further infections of Pegasus spyware until proper regulations can be put in place.

 

Can Pegasus Spyware be removed from a device?

Because this spyware is new, sophisticated, and not very well understood, there is not currently a removal solution. These zero-day vulnerabilities created with help from knowledgeable cybercriminals are very difficult to patch until developers find a solution to mitigate them. Even though it’s not removable at the moment, there are some ways that those who are at risk for Pegasus spyware (and any other spyware) can protect themselves.

One of the most effective defenses is active and frequent monitoring of devices, including regular scans to detect suspicious activity. The more active users are running scans and monitoring all activity, the better they will be at detecting spyware and stopping it before it can infect devices and escape without being noticed. In addition to a plan to scan and monitor, users can take other precautions, a few of which we’ll mention below.

 

Securing your Device

Since smartphones are targeted by Pegasus spyware, users should first secure their devices. There are several ways that users can do this, including keeping their devices updated with the latest version, updating all apps when necessary, and getting on a monitoring and scanning schedule.

Frequent monitoring is recommended, with regular users running scans at least once a week. This should ensure that there is no new suspicious activity or installations that could indicate a security breach.

 

Securing your Data

In addition to protecting devices, it is recommended that companies protect their data. Data is one of the most valuable targets online, with data breaches reaching all-time highs in 2020 and expected to continue to increase in 2021 and 2022. Smartphone users are encouraged to protect their data by managing their permissions in all apps (especially those with access to sensitive details) and ensuring that all passwords are up to date and secure.

Mobile phones often ask for permissions to access apps and other connected devices, which could lead to an additional vulnerability. If there is sensitive information on any device connected to a smartphone, users are encouraged to avoid permitting access to prevent further complications and risks.

 

Securing your Network

It’s not just about securing mobile devices but also the network to which they are connected. In 2021, most areas feature free wi-fi, though users don’t always consider risks. Public network attacks are on the rise as more and more smartphone users demand access to wi-fi on the go.

There are several ways users can protect themselves and their network, including utilizing advanced security suits that protect each layer. Frequent monitoring of networks and scanning for unknown connections and devices is one place to start, helping users identify understand if something needs their attention.

It’s not just necessary to protect from known attacks but also to have the capability to protect and prevent zero-day attacks too. These days, users are encouraged to use antivirus and other security tools that can help isolate and patch attacks with help from automation.

 

Pegasus spyware protection

Because Pegasus spyware is linked to two apps, it’s recommended that users take steps to disable each of them if possible. The two most common attacks have been with WhatsApp and iMessage, both of which can be disabled by users.

Pegasus is different than other spyware and can infect systems without user interaction, so at this time, there is not a specific fix. For now, it’s recommended to keep internet access secure, limit others’ access to devices, get on a scanning schedule to check for vulnerabilities, stay up to date on the latest iPhone and Android news, and update when necessary to prevent access.

Are you concerned about the cybersecurity of your company? Edge Networks can help! If you’d like to find out how your company is performing and isolate weaknesses in your cyber defenses, schedule a call with us .

Edge Networks Recognized as One of the Best Managed IT Service Providers in Vancouver

The Recognition

At Edge Networks, we work hard to provide our customers with an exceptional user experience. We provide Managed IT Solutions including server, network, and cloud management, cybersecurity, employee onboarding, and many other services. Because we are a people-centric company, our focus is on ensuring that IT issues are resolved quickly and that every client is happy with every interaction. We are thrilled to say that recently our incredible user experience and stellar reputation has led us to be recognized by Expertise.com as one of the Best Managed IT Service Providers in Vancouver

 

The Selection Process

Each month, Expertise.com reviews the top service professionals in over 200 industries across the U.S. They research more than 60,000 businesses in the hopes that they can help customers find the best-qualified customers for their needs. According to their website, “Our research process is always evolving to keep up with industry changes, so we’re confident that when we say a provider is one of the best, it is.” 

Expertise.com has recently graded the Managed IT providers in Vancouver on a list of variables, including availability, qualifications, reputation, experience, and professionalism. We are very proud that, after their extensive research and review, they recognized our incredible user experience. “We are humbled by this acknowledgment and grateful for our fantastic team who make this a reality,” says Edge Networks Founder and CEO, Mark Tishenko.

Our success is not limited to Expertise.com. Edge Networks has also been recognized by UpcityClutch, and TheManifest with other local B2B companies as one of the top Cybersecurity providers in this area. It is always an honor to be recognized for the work we do to keep our clients happy.

 

We look forward to continuing to impress all of our incredible clients and providing the best service the Portland/Vancouver area has to offer. 

Are you looking for Managed IT or Cybersecurity services for your company? Let’s get in contact to discuss your needs today!

Understanding PrintNightmare: a Print Spooler Vulnerability

PrintNightmare: Understand and Overcome

In June of 2021, Microsoft issued a warning entitled “Windows Print Spooler Remote Code Execution Vulnerability.” This vulnerability, known as PrintNightmare, leaves the print spooler open for a hacker to attack by allowing anyone to remotely install a printer ‘driver’ with the ability to execute malicious code and take complete control of a PC. The attacker could access data, create new accounts, and destroy users’ accessibility to their devices.

This is an ongoing issue. While there has been a security update from Microsoft addressing this vulnerability, it is not perfect, and many devices are still at risk. We will discuss ways to mitigate the problem and keep devices safe from this vulnerability. By following the steps in this post, you will be better equipped to handle these attacks and reduce the probability of becoming the next victim.

 

What is the Print Spooler?

The print spooler service is a software program that manages any print jobs that need to be sent to a printer server. In many cases, Microsoft relies on this program for the organization and control of its devices. It is an essential program for anyone needing to print, and it keeps the print jobs organized and in order. While the print spooler is a practical and often necessary tool, it can also be dangerous if it falls into the wrong hands.

Some of the most basic functions of a print spooler include:

  • Managing the files that are in the process of printing on the device
  • Monitoring the files that are in the process of printing on the device
  • Keeping everything in order and organized as the items print

Most Microsoft machines have the print spooler system automatically enabled, and many do not think twice about it when activating their device for the first time. After all, when hackers are not attempting to break into it, it can be a very beneficial (and often necessary) tool.

Since its original release, there have been few maintenance updates on the print spooler. It was this lack of improvement that could have left it vulnerable to hackers and attackers. However, in July 2021, Microsoft issued a security update addressing this vulnerability. They are recommending that users install these updates immediately. After all, you do not want to be the next company with a data security breach.

 

Understanding the PrintNightmare Vulnerability

The PrintNightmare vulnerability first appeared in a June 2021 release by two research teams. It was so named because of the versatile nature of this weakness across a variety of different products. Recently, the PrintNightmare shifted from ‘low’ severity to ‘critical’ severity. Users need to be aware of this as it grows worse.

To fully understand this vulnerability, it is important to be familiar with the print spooler and how attackers can use it to their advantage. This issue is a critical flaw that may need to be handled in-house while Microsoft works towards finding a permanent solution for all users. Otherwise, the system could be taken over by hackers. 

 

What Are the Vulnerabilities in the System?

Two central vulnerabilities lie inside of the print spooler system. Each serves as a different attack point for a hacker trying to find a way into vulnerable devices. It is critical to understand each of them so that you know the weak points that they target.

The core vulnerabilities include:

  • Local privilege escalation, ensuring that a hacker who gets into a computer with low privilege can elevate to an admin level on the device
  • Remote code execution, which can allow the systems to be weaponized either locally or by using a domain controller

These vulnerabilities can offer power to the attackers that allow them to take over many systems at once. 

 

How Can Hackers Use This to Their Advantage?

It can be a little bit difficult to understand what hackers can do with access to a print spooler. This device’s only job is to manage printing items and does not seem like it would be very threatening. It is a program that many people overlook, yet hackers can pose a massive threat if they gain access to this software.

This threat includes:

  • Hackers gaining access to sensitive information
  • Manipulating private and personal data to their advantage
  • Installing malicious programs onto the device

These are just a few of the things that can happen if an attacker gains control of a system through the print spooler. It can be a massive invasion of privacy.

 

How to Mitigate PrintNightmare

Since the security update addressing this issue was released in July 2021, the best practice for mitigating the problem of PrintNightmare is to install this update. However, this update may not completely eliminate the threat of PrintNightmare. Some systems are not able to install the update, and it can cause issues with some printing devices. Because this update is not perfect, there are other options that can reduce the threat, depending on the devices operating system.

Option 1: Disable the print spooler service on your device.

Taking this action will stop hackers from being able to access the print spooler, and therefore stop them from being able to access data. However, this action would also disable to ability to print completely.

 

Option 2: Disable the option for print spooler to accept client connections.

Taking this action will prevent remote printing operations, which will remove the attack vector. This means that remote printing will no longer be possible (though printing locally to a directly attached device would still be possible).

These workarounds are not ideal, because the print service will not be able to be used in the way it was intended, if at all. However, the alternative could be losing access to the device altogether due to an extensive attack. Again, the best practice would still be to install Microsoft’s security update addressing this issue. However, because this isn’t an option on all devices, we will go over how to implement these workarounds.

 

Disable the Print Spooler on Windows 10 Home Edition

If unable to install the security update, the print spooler on every single vulnerable item in the workspace can be disabled. Any device that has a print spooler can be hacked into and potentially pushed into other devices. Follow each of these steps carefully so that you don’t have to start over again.

Once all of the items are prepared, you should enact the following steps:

  • Open the Start Menu
  • Type ‘PowerShell’
  • Pick ‘Run as Administrator’
  • When asked if you want to allow the app to make changes to the device, answer yes
  • Type ‘Stop-Service-Name Spooler – Force’ and push enter
  • Type ‘Set-Service-Name Spooler -StartupType Disabled’ and push enter. This will keep the spooler from starting up again when the computer is rebooted.

This sequence should disable the print spooler on devices containing the Windows 10 Home Version and a few other varieties. If you have the Windows 10 Pro or the Enterprise edition, there are a different set of steps to follow to disable the print spooler. 

 

Disable the Print Spooler on Windows 10 Pro and Enterprise Edition

If you have Windows 10 Pro or the Enterprise edition, the print spooler will need to be disabled using the group policy editor. This method only works for those two systems.

To disable the print spooler, you will need to:

  • Open the run box by using ‘Win + R’
  • Type gpedit.msc
  • Press enter
  • Wait for the Local Policy Editor to open
  • Type ‘Computer Configuration > Administrative Templates > Printers
  • Click ‘Allow print spooler to accept client connections’
  • Click ‘Disabled’
  • Press ‘Apply’ and ‘OK’

These steps should effectively disable the print spooler on the printer and other devices that operate under these programs. If it doesn’t work, double-check that you have followed all the instructions completely. 

 

Can You Enable the Print Spooler If Needed?

Enabling the print spooler again might become necessary if a print job is required. This action might seem intimidating, as it could potentially reopen the systems to hackers. However, enabling it for a short period of time should be relatively low risk. 

 

Enabling for Windows 10 Home Edition

To enable the print spooler again after it has been disabled, there are a few steps that can be followed. On the device:

  • Open the Start Menu
  • Type in ‘PowerShell’
  • Pick the option ‘Run as Administrator’
  • When asked if you want to allow the app to make changes to the device, answer yes
  • Type ‘Set-Service-Name Spooler-Startup Type Automatic’ then hit enter
  • Then type ‘Start-Service-Name Spooler’ then hit enter

This sequence should enable the print spooler again. If the security update has already been installed, this can remain enabled. If it was disabled temporarily for the ability to print, it can be disabled as soon as the printing process is finished to ensure the device is protected. 

 

Enabling for Windows 10 Pro and Enterprise Edition

Just like with disabling the print spooler, a group policy editor is needed to enable the print spooler on Windows 10 Pro and Enterprise Edition. This specification is critical to note, as this will not work for other versions.

To re-enable the print spooler on these devices, these steps should be followed:

  • Open the run box using ‘Win + R’
  • Type gpedit.msc
  • Hit enter
  • Type ‘Computer Configuration > Administrative Templates > Printers
  • Click to allow the print spooler to accept client connections
  • Pick ‘Not Configured’
  • Press ‘Apply’ and then ‘OK’

This process should successfully enable the print spooler on these devices. As with the other method, this can remained enabled if the security update has already been installed. If not, it can be disabled until the next time it is necessary to print.

 

Will this security update completely eliminate the PrintNightmare problem?

As previously mentioned, the best practice for reducing the PrintNightmare issue is to install the security update. However, the update is not flawless. There is a long way to go until PrintNightmare is completely eliminated.

The July Emergency update:

  • Only worked on a few select devices, leaving the others just as vulnerable as before
  • Caused issues for users attempting to print to various printers
  • Affected receipt and label printers that connected with USB

This update has its flaws, which can affect any Microsoft device. Future patches in development will likely be able to fix the issues that the current update has. Hopefully, this comes in the next few months. Until then, users that are still vulnerable should disable the print spooler for the safest results.

This is just one of many ways that your company can be targeted and data can be lost. If you’re looking to be more proactive in your cybersecurity, we’ve created an outline of five critical components your incident response plan should have. Read more about it below.

 

Moving Past PrintNightmare

The PrintNightmare situation is a wake-up call for those unaware of how vulnerable the print spooler can be. Hackers can easily lock themselves into the system and change data belonging to the user. They can then make use of the device remotely or through a computer elsewhere.

This is dangerous for users who are not aware of this problem. With the knowledge you read here, you should understand how to mitigate the issue until the issue is completely resolved. If you’re unsure of whether or not your network is secure, take our free, self-guided IT Security Risk Assessment, or contact us today for a free, 30-minute consultation.

For all you Star Wars fan out there – this is a meme summary of the seriousness of the attack.

 

Centennial School District Compromised by Ransomware

On the News: Edge Networks Discusses the Centennial School District Cyber Attack

Recently, KATU News went on air to talk about a ransomware attack at Centennial School District in Multnomah County, Oregon, and asked Edge Networks’ Founder and CEO, Mark Tishenko, to share his thoughts. Mark warned that ransomware attacks are a growing threat, and anyone can be at risk. If you are the target of a ransomware attack, having a ransomware incident response plan is critical to recovery. When ransomware hits your business and you feel panicked, an incident response plan will give you a roadmap. 

Watch the news clip and read the article by KATU News here.
 

The Jump to Digital Learning

March 2020 was a time when many students across the United States learned they’d be getting an extra week or two of Spring Break. Excitement was the primary emotion as students prepared for their extended break, but no one foresaw what followed – COVID-19 sweeping the nation (and the world), forcing schools to shut down. The result? Digital learning. 

The jump to digital learning was quick and led to many problems rising to the surface, like a lack of accessibility to devices and internet connection from home and teachers having little time to restructure their curriculums and adapt to new technologies alongside their students. In fact, Statista Research Department found that there was a 1,087% increase in Education app downloads solely between March 2nd-16th, 2020, a figure that’s hard to envision. 

Additionally, Business of Apps found that over 90,000 schools across the United States used Zoom as their primary virtual learning platform at the height of the pandemic, which is a lot of unexpected usage for a single app. In April 2020 , news broke out that hackers had stolen over half a million passwords from Zoom. Sure, a password may not seem like a big deal, but a 2019 Google / Harris Poll study found that only 35% of people use a different password for every account, meaning 65% of people reuse the same password for multiple or all accounts. This means that it’s likely the majority of those stolen Zoom passwords were attached to other accounts, which puts more sensitive data at risk.

Click here to download a Password Best Practices E-Book!

The thought of an app as heavily used and popular as Zoom being the target of an attack should raise concern. With people all across the nation moving to online learning, and the rapid increase of unfamiliar technologies and time spent online, many were left confused, burnt out, and more vulnerable than ever. 

An empty classroom

 

The Centennial School District Cyberattack

In late April 2021 , the Centennial School District of Multnomah County, Oregon was the target of a ransomware attack and decided to shut schools down for a week. You might think shutting schools down for a week because of ransomware is an overreaction, but cybercrime shouldn’t be taken lightheartedly.

It was confirmed that the attackers stole, encrypted, and published data from the systems to the dark web, putting the sensitive information of the district’s faculty, staff, and over 6,000 students at risk. 

Since the attack, Centennial School District officials were able to bring some systems back online but were ultimately tasked with shifting their learning resources to paper packets to replace the digital technology temporarily. 

Let’s Back it Up – What’s the Deal with Ransomware?

Ransomware is an ever-evolving type of malware (malicious software) that encrypts important files and systems, holding them “hostage” until a ransom payment is made. Hackers will often threaten to destroy, leak, or sell the stolen data to receive their payment, which can range from a few hundred dollars to a few million.
 
In July 2020, a U.S. travel management firm, CWT, was attacked by hackers that demanded $10 million. The hackers argued that the price would be much lower than lawsuit expenses and reputation loss by leaking information, but the ransom was negotiated down to $4.3 million, still an extremely significant loss.
 
However, ransomware’s perils extend beyond financial loss. According to the Sophos State of Ransomware 2021 research, the percentage of businesses choosing to pay a ransom has climbed to 32% in 2021, up from 26% last year. Only 8% of those who paid the ransom received all of their data returned, while nearly a third, 29%, could not recover more than half of the encrypted data. In short, paying a ransom doesn’t guarantee a safe return of your data, which is why we recommend regular backups.
 
 
 
 
 
 
 
 

 

Where Do We Go From Here?

Though it may seem unlikely, the truth is: anyone with a device that holds important data and access to the internet is at risk of a ransomware attack, not just large organizations. The ransomware attack at CWT or the attack on Zoom may seem far in the distance, but local attacks happen too, like the one within the Centennial School District. These attacks, though unfortunate, offer crucial reminders for people to review their cybersecurity health. 

When asked how to best mitigate against ransomware, CEO and Founder of Edge Networks, Mark Tishenko, shared that network hygiene, vulnerability management, and backup and disaster recovery are essential and that trusting your SaaS or cloud provider just isn’t enough anymore. Additionally, employee awareness training is paramount to preventing ransomware.

 

Taking Steps in the Right Direction

Cyberattacks are constantly evolving, and it’s essential to implement preventative practices and build up a solid defense against them. If you are unsure where to go from here, we recommend taking our free, self-guided IT risk assessment to discover your vulnerabilities and receive tips on how to improve your cybersecurity, or  schedule a call with us for a free 30-minute consultation. 

Staying educated on ransomware trends can also help you stay one step ahead of cybercriminals.