Category Archives: Blog

Posted on Author Atlantic Computer Services Categories Blog

New Panchan Botnet Targets Linux Servers

If you’re involved with IT Security at any level and if your network includes Linux servers, keep a watchful eye out for the new Panchan botnet.

It first appeared in the wilds on March of this year (2022) and its main focus seems to be targeting Linux servers in the education sector and enslaving them to mine for cryptocurrency.

Panchan has several wormlike features that allow it to replicate quickly and spread laterally once it gets inside a network.  Additionally, the hackers behind the botnet have given it a raft of detection avoidance capabilities. That includes the fact that it uses memory-mapped miners and dynamic detection capabilities that allows it to stop all mining operations automatically if it detects that anomalous activities are being scanned for.

Panchan was written in Golang, which is both versatile and powerful.  Once it infects a target network, it creates a hidden folder inside itself under the name “xinetd.”

Once that’s done, it initiates an HTTPS POST operation to allow it to communicate with Discord, which is likely how the hackers monitor their new victim.

In terms of communicating back to its command-and-control server, Panchan utilizes port 1919 and note that these communications are not encrypted.

Researchers at Akamai first discovered this new threat and have mapped out its spread to this point.  They have discovered 209 compromised systems with more than 40 currently active infections.  The USA seems to be the botnet’s primary target with China as a distant second. Russia, Japan, India, and Brazil account for most of the rest.

Although the education sector seems to be the group’s primary focus for now, anyone running a Linux server should consider themselves at risk.  While this botnet isn’t as damaging as some, it is nonetheless a threat to be avoided.

0
Posted on Author Atlantic Computer Services Categories Blog

How To Protect Your Company With Cybersecurity Awareness

These days, companies spend significant sums of money to protect themselves from cyber criminals.  The threat matrix is vast, and attacks can come from almost any quarter. That is why many companies not only spend heavily on antivirus software, but also on a wide range of tools that IT security professionals can leverage to intercept attacks “at the gates” and prevent attackers from ever breaching their defenses.

Further, many companies will engage with third-party specialists to provide round the clock monitoring.  Managers invest even more money to ensure that regular backups are taken. This is so that if the worst happens, the process of recovery will be relatively quick and the company can get back to the business of its business with as little downtime as possible.

All of that is commendable, but the unfortunate reality is that even the most elaborate and expensive systems designed to defend your corporate network can be reduced to nothing by one moment of carelessness by one of your firm’s employees.

If you want to increase the return on your IT Security investment, the very best thing you can do is educate your workforce to the dangers that are lurking on the ‘net.  Teach them security best practices so that they become part of your network security solution rather than being yet another risk factor you have to guard against.

A few examples of the way your employees may be unwittingly putting your firm at risk include the following:

  • They use simple, easy to guess passwords that any hacker could guess with minimal effort
  • They seldom change their passwords unless forced to
  • When traveling, many will connect to your company’s network using free, unsecured WiFi hotspots
  • A disturbing percentage of people use the same easily guessed passwords across multiple web properties
  • They fail to use multi-factor authentication paradigms, even when and where you make them available
  • Far too many people will automatically assume that any attachment that lands in their work email inbox is safe, and will open it without thinking twice
  • And there is very little cross-checking done when someone reaches out to them via corporate channels to ensure that the person contacting them is who they claim to be

All of these pose a very real risk to the security of your company.  Make sure your employees get the training they need to keep both themselves and your corporate network safe.

0
Posted on Author Atlantic Computer Services Categories Blog

Data Breach Hits One Of America’s Largest Healthcare Providers

Do you receive healthcare of any kind from Kaiser Permanente?  If so, be aware that they recently published a data breach notification indicating that an unidentified attacker accessed an email account that contained personal health information on April 5th, 2022.

Based on the investigation to this point, it appears that sensitive health information belonging to more than 69,000 individuals was exposed.  For context, Kaiser Permanente provides a wide range of health care services to more than 12.5 million customers spanning eight states, plus the District of Columbia.  While it’s true that a breach of any size is a bad thing, this one only impacted a tiny slice of the company’s patient base.

Kaiser’s breach notification reads in part as follows:

“This notice describes a security incident that may have impacted the protected health information of some Kaiser Permanente patients who may have been affected by an unauthorized access incident on April 5, 2022.

The specifics of the unauthorized access were provided to individuals affected in a letter sent by Kaiser Permanente on June 3, 2022.

Sensitive info exposed in the attack includes:

  • The patients’ first and last names
  • Medical record numbers
  • Dates of service
  • Laboratory test result information”

If there’s a silver lining to be found here, it lies in the fact that Kaiser’s notification stressed that no Social Security or credit card numbers were exposed.

While this event will no doubt damage trust, the data that was stolen is not likely to be sufficient to allow the attackers to steal your identity. If you are one of the impacted customers, then you should have already received a notification from the company.

We wish we could say that this will be the last data breach of the year but sadly, that’s not going to be the case.  Stay tuned for the next, and guard your personal data closely!

0
Posted on Author Atlantic Computer Services Categories Blog

Cisco Email Gateway Appliance Users Should Apply Security Patch

Tech giant Cisco recently sent out a notification to its vast customer base urging them to apply a recently issued patch that addresses a critical security vulnerability. This vulnerability could allow an attacker to bypass the authentication process entirely and gain access to the web management interface of Cisco email gateway appliances with non-default configurations.

The flaw in question is being tracked as CVE-2022-20798 and is present in the external authentication routines of ESAs (Cisco’s Email Security Appliances) and Cisco Secure Email and Web Manager appliances, both virtual and hardware.

The company had this to say about the flaw:

“An attacker could exploit this vulnerability by entering a specific input on the login page of the affected device.  A successful exploit could allow the attacker to gain unauthorized access to the web-based management interface of the affected device.”

Oddly enough, this security flaw does not impact appliances with default configurations. That makes this one of the rare times where if an admin had not switched away from the default configs, he’d be safer. That is at least where this flaw is concerned.

In any case, if you have one of the Cisco appliances mentioned above on your network, be sure to apply the patch as soon as possible to minimize your risk.  If you’re unable to apply the patch for one reason or another, there is a workaround you can use in the short run, described below.

You’ll need to disable anonymous binds on the external authentication server, which should give you at least some protection and some additional time to deploy the patch.

Kudos to Cisco for their fast action here.  We can only hope that the next critical security flaw we report on is handled as adroitly by whatever company is at the helm.

0
Posted on Author Atlantic Computer Services Categories Blog

Blog 2 – WHAT SMBs need to understand about cybersecurity

You can lose more in a cyber attack than you can imagine

One of the errors many smaller firms make–and some larger ones–is that they really don’t understand the broad-reaching effects of a cyber attack. If someone breaks into your home and steals a laptop, you may think “ well, insurance will pay for the laptop and the broken lock, let’s move on.” In reality, that usually isn’t the end of the story. It may take you a really long time to feel safe in your home. That’s the same problem that develops when your customer’s data is compromised. They may no longer trust you with their data and find someone else to do business with. The results of a cyberattack are far-reaching. If you think getting your stolen data back or your system back up and running is the end of a cyberattack episode you are wrong! No matter what industry you operate in, there are certain compliance and regulatory requirements that need to be followed. Apart from the obvious damage to immediate business revenue and reputation caused by business interruption and downtime, a data breach has far-reaching consequences on the legal front as well. Many firms never recover. Along the same lines, did you know that there are situations wherein you don’t even have to be the actual target to be the victim of a cybercrime? Sounds crazy, doesn’t it? But it’s true. If you have vendors or subcontractors, with whom you share business data, a data leak at their end could implicate your business as well.

Perhaps the most important element here is ensuring that you, as an organization, understand that cybersecurity responsibility has to begin at the C-level executive office. Like all successful corporate priorities, the initiative and drive has to start at the top. But it cannot end there. It has to be a top-down approach, whereby C-level leaders consider cybersecurity to be a priority. But it is not up to the CEO or CTO alone to ensure its success. Like we’ve said before, all it takes is one click and your entire IT infrastructure can come down like a house of cards. And that one click can come from anywhere. It could be Brenda from accounting who thought the link Sam from finance was sharing had cute dog pictures. What’s worse, it doesn’t even have to happen at work or on one of your computers in the office. With remote work and BYOD becoming the norm, one of your employees using their phone to check or reply to a work email can become an infection source unintendedly. What does this mean? Education at the level of the individual employee is critical to the success of your data hygiene initiatives. Everyone on your team has to have an understanding of the dangers lurking in cyberspace and learning how to identify and avoid cyberthreats such as phishing, clone sites, ransomware, virus and other malware.

0
1 20 21 22 23 24 236