How do You Prevent Another Uber-Style Breach

Uber blames contractors for the hack and links breach to Lapsus$ organization.

In the News

According to Uber, the hacker responsible for the breach last week is a member of the Lapsus$ extortion group, which has previously attacked Microsoft, Cisco, NVIDIA, Samsung, and Okta, among other well-known IT firms.

According to the company, the attacker conducted an MFA fatigue attack by flooding the contractor with two-factor authentication (2FA) login requests until one of them was approved using the stolen credentials of an Uber EXT contractor.

The usage of this social engineering technique has increased dramatically in recent attacks on well-known businesses worldwide, including Twitter, Robinhood, MailChimp, and Okta. Continue to read how do you prevent another uber-style breach?

What happened

The attacker gained privileged access to several tools, including G-Suite and Slack, by breaking into numerous other employee accounts, according to Uber’s updated statement.

“The attacker then modified Uber’s OpenDNS to display a graphic image to employees on some internal sites,” which was posted to a company-wide Slack channel many of you saw.

The business stated that it had not discovered proof that the threat actor could access production systems that hold sensitive user data, including financial and personal information (e.g., credit card numbers, user bank account info, personal health data, or trip history).

The FBI and the US Department of Justice assist the company’s investigation into the event.

Uber claims to have taken the following steps to stop similar approaches from being used in future breaches:

• Any employee accounts that were affected or might have been compromised were found, and we either disabled their access to the Uber systems or ordered a password reset.
• Many internal tools that were impacted or might have been impacted were disabled.
• We changed the keys on many of our internal systems, effectively resetting access.
• We restricted access to our source to stop further code additions.
• We asked users to re-authenticate to regain access to internal tools. Additionally, we are enhancing our multi-factor authentication (MFA) guidelines.

We could keep all of our public-facing Uber, Uber Eats, and Uber Freight services operational and running smoothly. Because we took down some internal tools, customer support operations were minimally impacted and are now back to normal. — Uber

Is there a solution?

MFA is not an antidote on its own, but security experts believe that any level of MFA is better than none. Uber is not the only business whose network has been penetrated despite using multi-factor authentication.

By luring an employee into submitting their credentials to a phishing page, they had set up, which the hackers then used to generate a push notification delivered to the employee’s smartphones, hackers hacked into Twitter’s network in 2020.

According to an inquiry by the state of New York, the employee acknowledged a prompt, allowing the hackers to enter. More recently, a social engineering attempt that conned a worker into giving up their log in information led to another hack of Mailchimp.

Instead of focusing on the highly inspected systems for security issues, all of these attacks use the limitations of multi-factor authentication, frequently by directly attacking the individuals using it.

Cloudflare is the only company targeted in a recent wave of cyberattacks that successfully prevented a network compromise because it employs hardware security keys, which cannot be phished.

Even though some employees “did fall for the phishing messages,” Cloudflare acknowledged in a blog post that its use of hardware security keys—which require employees to physically plug a USB device into their computers after entering their credentials—had prevented the attackers from accessing its network.

According to Cloudflare, the attack “targeted personnel and systems in a manner that we believe would make it probable that most firms would be compromised.

Experts Advice MFA

The gold standard of MFA security, security keys, are not without their limitations, not the least of which are the expense and maintenance of the keys. We spend much time debating the necessity of physical security keys for everyone.

However, Tobac noted that some firms still push for mandated SMS two-factor authentication or MFA prompts for internal access.

As Uber’s breach shows, MFA by randomly generated code or push notification is far from ideal. Still, according to Richard Luna, CEO of Protected Harbor, ” Putting the good before the perfect is not a good idea.” Minor adjustments over time have a significant impact.

One notable advance is MFA number matching, which makes social engineering attempts much more challenging by presenting a code on the user’s screen and requiring them to enter it into an app on their verified device. The notion is that, similar to a security key, the attacker would need both the target’s credentials and their confirmed device.

Microsoft, Okta, and Duo offer MFA number matching. However, as security expert Kevin Beaumont pointed out, Okta’s number matching service is wrapped in an expensive licensing tier, while Microsoft’s solution is still in preview. Uber uses Duo for MFA, but it is said that at the time of the incident, number matching was not being used.

According to Tobac, network defenders can also set alerts and restrictions on the number of push messages a user can receive. They can also begin by distributing security keys to a test group of users before expanding it every three months.

In reaction to the hack, Uber stated on Monday that it is strengthening its MFA standards. Uber may still have many questions to answer regarding how the hacker gained access to high-privilege credentials for the remaining vital systems of the company using just a contractor’s stolen password.

Bottom Line

Stay up to date with patches, upgrade your software, and apply the latest security fixes. Install an antivirus program and keep it up to date. Use a VPN to protect your traffic from being monitored and encrypted communication to protect your data from prying eyes.

Stay vigilant and aware of any trends or changes in the threat landscape, and react accordingly. Stay informed by reading best practices and security blogs and keeping up with the news to stay on top of all the latest threats.

Protected Harbor security experts recommend enabling multi-factor authentication, using encryption, and activating Identity and Access Management. These tools will help to maintain data integrity, protect private and confidential information, and keep your customers safe from identity theft and data breaches.

Identity and Access Management solutions allow you to delegate the right level of access to the right people, thereby limiting the risk of data breaches. Encryption is essential to protect data in transit and at rest. It is recommended to use TLS protocol for secure data transfer and a FIPS-certified cryptographic module for data at rest.

Get a free security IT Audit and Penetration Testing today from Protected Harbor. Contact us now!

How Do You Handle Employee Data Theft?

When we hear the word “cyber threat,” we immediately think of hackers, trojans, phishing emails, and ransomware. While businesses should invest in efforts to prevent these external dangers from infiltrating their systems, there is another, far more prevalent hazard that is sometimes overlooked: employee data theft, especially when it comes to departing staff.

The insider threat posed by retiring employees is frequently disregarded. One out of every four departing employees steals data, which can be due to negligence or deliberate intent. In each situation, firms suffer negative consequences, ranging from a loss of competitive advantage to penalties for failing to meet cybersecurity regulations.

Insiders are a massive threat to your company’s security. The Verizon Data Breach Investigations Report found that 30% of all cyber-security incidents come from malicious insiders, which is rising! In 2020 alone, there’s an increase of 47%. It would be best if you could prevent these problems before they arise. Still, unfortunately, there’s not always room on the timeline for everything—especially when it comes down to protecting against human error or mistakes made by loved ones who have access rights within their department.

Why Do Employees Steal Data on Their Way Out?

Employee turnover is inevitable. No matter how much you invest in your team, people will move on to new opportunities at some point. And while most employees will leave without incident, there is always the risk that someone will try to steal company data on their way out the door. There are a few reasons why this might happen.

• A disgruntled employee may try to take revenge by taking sensitive information with them.
• An employee who is leaving for a competing company may try to take customers’ or proprietary data to give their new employer a leg up.
• An employee careless with data security may accidentally leave behind sensitive files.

No matter the reason, it’s essential to have strict policies to prevent data loss when employees leave your company. You can help protect your business from the risks of employee turnover by taking a few simple steps.

How to Prevent Data Theft from Employees?

Protecting sensitive data against insider threats and data theft is a broad topic that touches on almost every aspect of data security. It might be difficult to distinguish between what we consider an insider threat and a threat from outside the company.

1.    Implement Zero Trust Security

A zero-trust security strategy is one in which organizations do not automatically trust any user, device, or system -inside or outside the network perimeter. Instead, they verify every request and connection before granting access to data and resources. This verification process can include authenticating the identity of users, assessing the risk of devices and systems, and authorizing the requested access. Organizations can improve their security posture by adopting a zero-trust approach and better protecting their data against emerging threats. Implementing a zero-trust security strategy does require some initial investment, but the benefits far outweigh the costs.

2.    Give Limited Access

Only a few people should have access to employee data. This will limit the spread of information if there is a data breach. Handling employee data theft becomes much easier if there is limited access to the data. Also, if you have a process for handling data breaches, it is much less likely that your company will be the victim of a data breach.

• Educate your employees on the importance of keeping their passwords safe and secure.
• Have them change their passwords every few months.
• Install security software on all company computers.

These are just a few ways to help prevent employee data theft.

3.    Plan Exit Interviews

In an exit interview, you can ask questions about how the employee plans to use company data after leaving and remind them of any confidentiality agreements they may have signed. You can also explain the consequences of stealing company data, such as their new employer’s legal and disciplinary actions. By conducting exit interviews, you can help deter employees from stealing company data and prevent them from taking advantage of your company’s information.

4.    Creating an Anti-Theft Policy

In today’s age of technology, data theft is a growing concern for businesses of all sizes. Employees with access to sensitive data can easily copy or download it onto a portable storage device and take it with them when they leave. Once the data is out of your control, it can be used for identity theft, fraud, or other malicious purposes. To protect your business and your customer’s information, it’s essential to have a clear and concise anti-theft policy in place.

Your anti-theft policy should spell out what types of data are considered sensitive and off-limits for removal from the premises. It should also state the consequences for employees who violate the policy. In some cases, you may want to consider instituting a “clean desk” policy, which requires employees to completely clear their desks of all papers and personal belongings at the end of the day. These proactive measures can help deter data theft and safeguard your business against this growing threat.

5.    Revoke Privileges and Credentials After Termination

When an employee is terminated, it is essential to take steps to prevent them from accessing company data. One way to do this is to revoke their privileges and credentials. This will prevent them from logging into company systems or accessing sensitive data. Additionally, it is essential to change any passwords to which the employee has access. This will ensure they cannot access any account or system they should not have access to.

Finally, it is essential to monitor any activity on company systems for any suspicious activity. If there is any activity that appears to be unauthorized, it can be investigated and dealt with appropriately. By taking these steps, you can help prevent employee data theft and protect your company’s information.

Final Words

It’s critical to ensure that everyone understands their role in keeping an eye on how their coworkers act. Introducing a system that allows employees to report questionable conduct might be an excellent idea anonymously. Finally, remember that no data loss prevention technique is 100% effective, so having a tried-and-true incident response plan is essential. However, if an employee lost your data, Protected Harbor would be an excellent solution for retrieving it.

Protected Harbor secures your endpoints and network and is a step ahead with proactive monitoring. We continuously watch for data interchange and how they are shared and stored. Regular user access and credentials updates are also a part of our process. And to check all the boxes, isolated backup, recovery, and an incident response plan tailor-made to your organization’s needs. Employee awareness training is equally essential when it comes to data security. Handling employee data theft is not so easy. That’s why you should call in for help and get a free IT audit, pen-testing, and data theft check today. Call Protected Harbor today.

Everything You Need to Know About API Security in 2022

The demand for Application Programming Interface (API) solutions continues to increase as enterprises adopt to digital transformation initiatives. APIs are a critical component of any software architecture, making them an essential and accessible feature in modern software development. We’ve already seen how the adoption of APIs can simplify the integration and communication between applications and systems. But, with this growing prominence comes increased risks—especially when it comes to security.

There are various security threats associated with APIs, including data tampering, data leakage, and reverse API endpoint access. In this post, we’ll cover everything you need to know about API security in 2022.

What is API Security?

Any best practice security that is applied to online Application Programming Interface’s (APIs), which are widely used in modern applications, is known as API security. Web API security covers API privacy and access control, as well as the detection and rectification of API attacks using reverse engineering and the use of API vulnerabilities as outlined within the OWASP API Security Top 10.

The client-side of an application (such as a mobile app or web app) communicates with the server-side of an application through an API, regardless of whether it is aimed at customers, staff, partners, or anyone else. Simply put, APIs make it simple for developers to create client-side applications. Furthermore, APIs enable microservice architectures.

APIs are often well documented or simple to reverse-engineer because they are frequently made available over public networks (accessible from anywhere). APIs are very vulnerable to Denial of Service (DDOS), making them desirable targets for criminals.

An attack can involve avoiding the client-side application in an effort to interfere with another user’s use of the application or to access confidential data. The goal of API security is to protect this application layer and to deal with any consequences of a bad hacker interacting directly with the API.

Why API Security Must Be a Top Priority?

The past few years have seen a rapid rise in API development, driven by the digital transformation and the crucial role that APIs play in both mobile apps and the Internet of Things (IoT). Due to this expansion, API security has become a major worry.

Gartner estimates that, “by 2022, API misuse will be the most-frequent attack vector resulting in data breaches for enterprise online applications,” based on their research for how to build an effective API security strategy. Gartner advises using, “a continuous approach to API security across the API development and delivery cycle, incorporating security [directly] into APIs,” in order to defend oneself against API attacks.

APIs require a focused approach to security and compliance because of the crucial role they play in digital transformation and the access to sensitive data and systems they offer.

What Does API Security Entail?

Since you are responsible for your own APIs, the focus of API security is to protect the APIs that you expose, either directly or indirectly. API security is less concerned with the APIs you use that are offered by other parties, but it is still a good idea to analyze outgoing API traffic whenever you can as it might provide useful insights.

It’s also crucial to remember that the practice of API security involves several teams and systems. API security tends to include identity-based security, monitoring/analytics, data security, and network security concepts like rate limitation and throttling.

API Security for SOAP, REST and GraphQL

APIs are available in a multitude of form factors. An API’s design can occasionally have an impact on how security is applied to it. For instance, SOAP (Simple Object Access Protocol) Web Services (WS) was the prevalent form prior to the advent of web APIs . XML was widely used during the WS era of service-oriented architecture, which ran from 2000 to 2010, and a large range of formal security specifications were widely accepted under WS-Security/WS-*.

Digital signatures and sections of the XML message that are encrypted are used to implement the SOAP style of security at the message level. With its separation from the transport layer, it benefits from being portable across network protocols (e.g., switching from HTTP to JMS). However, this kind of message-level security is no longer widely used and is largely only found in legacy web services that have endured without changing.

Over the past ten years, Representational State Transfer (REST) has become the more common API security method. When the term, web API is used, REST is frequently taken for granted by default. Resources are identified by HTTP URIs in a way that is crucial to REST-style APIs. The predictable nature of REST APIs led to the development of access control approaches in which the URI (Resource Identification) being accessed, or at the very least its pattern, is linked to the rules that must be followed.

A combination of HTTP verb (GET/PUT/POST/DELETE) and HTTP URI patterns are frequently used to construct access control rules. Rules can be enforced without insight into and, more critically, without the capacity to comprehend the payload into these API transactions by determining which data is being accessed through the URI. This has proven useful, especially for middleware security solutions that implement access control rules independently of the web API implementations themselves by sitting in front of them (such as gateways) or serving as agents (e.g., service filters).

GraphQL is a developing open-source API standard project and yet another form of API style. Front-end developers enjoy GraphQL because it gives them the power to tailor their searches on what best suits their apps and context because they are no longer limited to a specific range of API methods and URI patterns. GraphQL is on its way to dominating web APIs because of this increased control and other advantages like non-breaking version updates and performance improvements.

Although both REST and GraphQL API formats will continue to coexist, GraphQL is becoming a more popular option. In fact, the infrastructure for web API access control is in danger of being disrupted due to its popularity. The key difference between GraphQL requests and the widely used REST pattern is that GraphQL requests do not specify the data being retrieved via the HTTP URI. Instead, GraphQL uses its own query language, which is often included in an HTTP POST body, to identify the data requested.

All resources in a GraphQL API can be accessed using a single URI, such as /graphql. Infrastructure and access control mechanisms for web APIs are frequently not built for this kind of API traffic. It is increasingly likely that the access control rules for GraphQL will need to access the structured data in the API payloads and be able to interpret this structured data for access control. It should go without saying that API providers must decide which strategy would work best for each new set of needs.

API Security for Cloud, On-premises, and Hybrid Deployments

API providers can now secure APIs in a variety of ways thanks to the technological advancements of cloud services, API gateways, and integration platforms. Your choice of technology stack will have an impact on how secure your APIs are. For instance, many divisions within big businesses might create their own applications using unique APIs. Large firms also wind up with several API stacks or API silos as a result of mergers and acquisitions.

When all of your APIs are housed in a single silo, the technology used in that silo may be directly matched to the API security needs. These security configurations ought to be portable enough to be retrieved and mapped to different technology in the future for portability’s sake.

However, for diverse settings, API security-specific infrastructure that works across these API silos is often advantageous when establishing API security policies. Sidecars, sideband agents, and of course, APIs that are integrated across cloud and on-premises installations can all be used for this interaction between API silos and API security infrastructure.

Layers of API Security

The scope of API security is broad, as was previously described. To provide a high level of protection, there must be many levels, each focusing on a different aspect of API security.

API Discovery

What you don’t know about, you can’t secure. There are numerous barriers that restrict security personnel from having complete access to all APIs made available by their company. You have API silos first, which were covered in the section before. API silos reduce API visibility by having separate governance and incomplete lists of APIs.

The rogue or shadow API represents another barrier to API visibility. Shadow APIs occur when an API is created as a component of an application, but the API is only understood by a small set of developers and is regarded as an implementation detail. Security personnel is usually unaware of shadow APIs because they cannot see the implementation specifics.

Finally, APIs have a lifecycle of their own. An API changes with time, new versions appear, or an API may even be deprecated but still function for a short time for backward compatibility. After that, the API is forgotten about or eventually fades from view since it receives so little traffic.

API providers and hackers are competing to find new APIs since they can quickly exploit them. You can mine the metadata of your API traffic to find your APIs before attackers do. This information is gathered via API gateways, load balancers, or directly from network traffic and fed into a customized engine that generates a list of useful APIs that can be compared to API catalogs that are accessible through an API management layer.

OAuth and API Access Control

The user—and maybe the application that represents the user—must be identified to limit API resources to only the users who should be permitted access to them. This is often done by mandating that client-side applications include a token in their API calls to the service so that the service may validate the token and retrieve the user information from it. The OAuth standard outlines how a client-side application first acquires an access token. To support diverse processes and user experiences, OAuth specifies a wide range of grant types. These numerous OAuth processes are thoroughly described in this developer guide for additional information on OAuth 2.

It is possible to apply access control rules based on an incoming token. For instance, a rule can be used to decide if the user or application should be permitted to make this specific API call.

A policy enforcement layer must be able to apply these rules at runtime. The rules are defined and managed using policy definition tools. These guidelines consider the following qualities:

• The user’s identity and any associated attributes or claims
• The OAuth scopes for the application and the token’s associated application
• The information being accessed, or the query being made
• The user’s preferences for privacy

Processes and integration are needed in a heterogeneous environment to regulate access consistently across API silos.

API Data Governance and Privacy Enforcement

Data travels through APIs, therefore leaks can occur. Because of this, API security also must look at the structured data entering and leaving your APIs and impose specific rules at the data layer.

The enforcement of data security by examining API traffic is particularly well suited for this purpose since data is arranged in your API traffic in a predictable fashion. API data governance enables you to instantly redact data that is structured into your API traffic in addition to [yes/no] type rules. The practice of redacting particular fields that might include data that a user’s privacy settings specify should be kept secret from the requesting application is a typical illustration of this pattern. Since GraphQL does not identify resource IDs via URIs, applying data-level access control enables you to support it.

There are several advantages to separating privacy preference management and enforcement from GraphQL service development. Software created in-house has a high total cost of ownership and might be slow to change. Rarely do the interests of the Node.js developer and the person in charge of enforcing privacy laws overlap. However, giving business analysts and security architects their own tool to create this level of access control speeds up the digital transition. Additionally, by making GraphQL services and REST APIs more adaptable to changes in fine-grain data governance, this decoupling future-proofs the investment in both.

API Security to Be Continued

As we’ve explored, APIs are a critical pathway for data and functionality. With this growing importance, we’ve also seen the growing risk of security threats. Security, therefore, needs to be a top priority. We’ve now explored the different areas of API security, but what are the threats that API security is designed to mitigate?

We’ll be discussing this within part two of this article.

Accessing the Dark Web

The dark web can be accessed using a specially designed browser called a Tor Browser. Tor Browsers allow users to surf the internet anonymously by routing all internet traffic through a series of different computers commonly known as nodes. These nodes are run by volunteers worldwide and serve as a sort of middleman for your internet activity.

When you visit a website through a Tor browser, your computer will first connect to a node. That node will then attempt to connect to the website that you requested. Once that node has connected to the website, it will send the website’s data back through a separate node. The final node will then send the data back to you with the IP address of the original node. This makes it extremely difficult to trace your computer’s IP address and discover your real identity.

How Does the Dark Web Work?

While Surface Web is more easily accessible and hosts many online activities, the Dark Web has a different purpose. Most of the content on the Dark Web is either both illegal or unethical in nature, such as drug trafficking, weapons trading, and child pornography. Because of the illicit activities found on the dark web, numerous cyber security experts have attempted to shut down and control the usage. However, it is tough to regulate the dark web due to its decentralized nature.

The dark web has become a global hub for users who want to remain anonymous. It was first utilized by the US Department of Defense to interact anonymously. Overtime, however, the usage of this dark-side of the web has employed a technique known as “onion routing,” which shields all users from monitoring and tracking by taking them along a random route of encrypted servers. Users who access Tor websites have their information routed through thousands of relay points, hiding their browsing activity and making it nearly impossible to monitor them.

Dark Web Uses

The majority of the content on the dark web is used for illegal purposes. However, there have been a few legitimate uses for the dark web.

Let’s compare the two:

Legal Uses: Although utilizing the Dark Web may initially seem or feel illegal, there are many legitimate reasons to use Tor and anonymous browsing. The dark web, for instance, is usually a site for communication that escapes official control and inspection in nations where government surveillance may be used to spy on and oppress political dissidents. Users should exercise caution when visiting the dark web and take appropriate security precautions, such as regularly updating their security software, utilizing a solid VPN, and avoiding the usage of a conventional email address.

Illegal Uses: Due to its anonymity, the dark web is utilized for dubious and even illegal reasons. These include dealing in illegally obtained drugs, firearms, identities, and passwords, as well as illiciting pornography and other potentially hazardous goods. Government authorities have recently shut down several websites that hosted illegal content, such as Silk Road, AlphaBay, and Hansa. Over the past two decades, the anonymity of the dark web has also added to a rise in cybersecurity risks and several data breaches.

Dark Net: Address Today’s Biggest Cybersecurity Challenges

Cybercriminals are constantly evolving their attack vectors to find new ways in accessing your data to steal from you. The rise of malicious ransomware attacks in recent years, has been on the rise, with one group earning $50 million in one year alone! Fortunately, the government, law enforcement, and hundreds of information technology specialists are constantly thwarting the cybersecurity and global risks posed by the anonymity of the Dark Web.

Consider working with a knowledgeable cybersecurity partner like Protected Harbor if you’re serious about being at the forefront of defense against cyberattacks and internet threats to national security. We specialize in information technology, cyber protection, and cybersecurity management, plus, we can educate your staff on online safety.

Contact us now to learn more about our cybersecurity strategy and receive a free Cyber IT Audit!

Cyberattacks Against Law Firms

What You Need to Know and How to Prevent Them

As the intensity of cyberattacks against businesses continues to rise, law firms have become one of the cyber criminals’ prime targets. Since law firms manage some of the most confidential data for their clients and have access to an extensive network of potential new clients, they have become far more vulnerable than other businesses.

In response to the increasing frequency and scope of cyberattacks against law firms, cybersecurity and managed services provider Protected Harbor has launched a new security awareness program titled, “Cyberattacks Against Law Firms and How to Prevent Them.”

The program consists of two resources: an e-book featuring the top law firm hacks throughout history as well as a whitepaper detailing the cyberattacks against law firms’ and what their trends and threats are. Both versions are free to download!

Now, we will discuss a little bit of background on cyberattacks against law firms and a few quick, various ways you can reduce your organization’s risk to getting attacked.

Background on Law Firms and Why They Are Such a Target

Poor cybersecurity is now one of the most significant hazards a legal business can encounter and is no longer only a concern for technology. Major law companies in the US have recently suffered catastrophic cybersecurity breaches that has cost them millions of dollars. Cybersecurity is not just the responsibility of the IT department, it’s instead something that must be covered within the company’s overall policies for utilizing technology within the business or in its services.

A lot goes into cybersecurity, and some businesses are too small to get the complete expertise of IT professionals. Due to the expenditures, medium and big businesses may put off planning for cyber-attacks or assume they won’t be affected which in turn is a huge mistake.

Until recently, law companies were seen as primarily analog in nature. The risk of a cyber breach was typically minimized by attorneys and staff manually tracking client and firm information. But, as businesses embrace innovation and clients want more technologically sophisticated communications and strategies, law firms have made the switch to a more technologically advanced environment and are now more vulnerable to cyberattacks than they were previously.

Law firms, in particular, are viewed as attractive targets for hackers, with numerous high-profile attacks being covered in the media. According to a recent study by the American Bar Association, more than 20% of law businesses reported being the target of a cyber-attack. This percentage was 35% among legal companies with roughly 10 to 49 attorneys. This means that more than a third of small law firms had experienced hacking in some shape or form.

These data breaches are concerning for reasons other than the victims’ embarrassment or the possibility of identity theft. A 2017 study found that the average cost of a data breach outside the US is around $3.6 million, or $141 per record. The amount is considerably larger in the United States at $7.3 million, not to be surpassed.

The consequences of a data breach go beyond the loss of individual details. Trust in the compromised institution can be destroyed by a single breach, a fate which many practices cannot recover. In reality, “almost 60% of [small businesses] forced to cease operations after a cyber assault never reopen for business,” according to a Forbes article.

6 Tips to Protect Your Law Firm Against Cyberattacks

1. Improve Your Security Culture
2. Implement Basic Cybersecurity Measures
3. Encrypting Sensitive Data
4. Proactive Security
5. Securing Network with Firewalls
6. Keeping Antivirus Updated is a Must

Download our e-book for free to read in detail the tips on how to protect your law firm and best practices.

Conclusion

You must have a plan before cyber criminals attack your law firm. After dealing with a data breach at your legal company, you want to be sure to take immediate action. Consider communications in particular when creating your plan. The best way to prevent your law firm from becoming the next cyberattack victim is to implement a cybersecurity program that includes preventative measures, detection, and response strategies. Instead of having a client accidentally learn the terrible news, the law firm must be the one to deliver it.

Download our e-book Cyberattacks Against Law Firms and How to Prevent Them, which we have created specifically for legal companies. Within this e-book, you will learn about the most common cyberattacks against law firms and how you can prevent them from happening to your company. We also give you access to our e-book library with our most requested titles.

Get started and download today!

Lawyers Getting Hacked:

Most Popular Cyberattacks on Law Firms

From the time of their first email to the last signed document, law firms are under constant surveillance from cyber criminals. From phishing scams to ransomware and malicious websites, hackers know exactly where to strike to cause the most chaos. Rather than a once-in-a-blue-moon event, lawyers getting hacked is a commonplace occurrence for many firms. It’s almost as if there’s some hidden, “Get Hacked” switch that nearly all law firms have within them.

If you’re reading this and thinking, “that won’t be me,” you’re wrong. It just hasn’t been you, yet.

We are excited to announce our e-book on Top Law Firm Hacks Throughout History, available to download for free. This e-book will cover some of the most popular law firm hacks throughout history including some you may not have heard of prior.  We will also be providing some advice for avoiding common law firm pitfalls.

Below is a short glimpse into topics you can expect from our e-book.

Why are Law Firms an Attractive Target?

Due to the nature of their industry, law firms are becoming a more attractive target. Law firms and in-house legal teams gather a ton of sensitive information, an example such as tax returns can arise during their corporate legal and M&A (mergers & acquisitions) work, litigation, and other legal services. Businesses may suffer reputational and financial damages if they were to ever suffer a breach, especially if their data is compromised. According to a recent analysis from the security company CrowdStrike, average ransomware payouts are above $1 million.

Unfortunately, legal companies are usually more vulnerable compared to other business types. In a report published in May 2020 by the security company BlueVoyant, it was discovered that all law companies were the prime target of focused threat activity, and 15% of a global sample that included thousands of law firms had networks that were already infiltrated.

According to research released in October by the American Bar Association, it was discovered that 36% of legal firms had previously experienced malware infections within their systems and that 29% of law firms had reported a security breach, with more than 1 in 5 admitting they weren’t sure if one had ever occurred.

Robust security measures not being used could be a part of the problem.

Only 43% of respondents utilize file encryption, less than 40% use email encryption, two-factor authentication, and intrusion prevention, and less than 30% use full disk encryption and intrusion detection, according to the 2020 ABA Legal Technology Survey Report.

Law Firms as Critical Infrastructure

According to BlueVoyant’s report, the legal sector needs to be included on the list of 16 critical infrastructure sectors maintained by the U.S. government since it relies on networks and data that, if compromised, would jeopardize economic security or public safety. An analysis of cyber threats and vulnerabilities and information sharing with the Department of Homeland Security and other agencies would benefit law firms that handle and store government secrets.

Legal IT services firms may hesitate to disclose information about cyber attacks due to concerns about losing control of sensitive data. Consequently, government agencies may start viewing law firms as potential targets for cyber attacks, necessitating enhanced protection measures.

Regarding ransomware attacks, several factors should be considered by firms. These include employee training in security practices, implementing cybersecurity measures like two-factor authentication and regular software updates, and maintaining backups. In the event of a ransomware attack, firms need a well-defined plan outlining response procedures, negotiation strategies, and decisions regarding ransom payment. It’s also advisable for firms to utilize managed IT services for secure data storage and conduct thorough assessments of service providers.

The Most Notable Law Firm Cyber Attacks

We’ve produced a list of the most significant cyber-attacks and cyber-threats targeting law firms to highlight the escalating danger and consequences.

• Mossack Fonsesca & The Panama Papers
• JP Morgan Chase
• Oleras Phishing Campaign Against Law Firms
• UPMC Patients
• Moses Afonso Ryan Ltd.

Download our free e-book to read in detail about the top cyber-attacks on law firms.

Conclusion

Cybercriminals want access to a company’s data and intellectual property. Many of the most severe attacks directly involve the theft of private information to assist insider trading schemes or to commit theft and extortion of client information from legal firms.

Law firms are tempting targets for hackers. More often than not, law firms don’t take the necessary precautions to protect their data making them an easy target for malicious attacks. Law firms must do everything they can to protect their data starting with reviewing and updating their cybersecurity strategy. This includes everything from the hardware to the software they use within their network. Once they’ve identified the areas that are in need of improvement, they can implement new cybersecurity solutions to keep their data secure.

Download our free e-book today and learn about the risks as well as the most notable hacks in history! This e-book was created by a dedicated team of security experts with extensive experience working within the legal sector to provide some insight and tips to keep your company safe from cyber criminals.

Don’t forget to keep in touch with our blogs for more information and tips on law firms and cybersecurity.

The Biggest Data Risks and Cybersecurity Trends for Law Firms

In the digital age, law firms are operating within a high-risk environment. The number of cyber-attacks continues to rise, as do the associated costs. Recent studies suggest that, on average, small and medium-sized businesses spend more than $200 million annually on cyber security breaches.

These statistics show just how important it is for companies of all sizes to take cybersecurity seriously as well as highlight the risks involved in working with sensitive data. After all, no company wants their clients’ personal information to fall into the wrong hands.

We are excited to launch our 2022 Law Firm Data Breach Trend Report white paper. This report will be a compilation of data analysis from hundreds of law firms across the globe, as well as interviews with more than 100 partners and senior-level executives from the largest law firms in the US. We have learned a lot from these conversations and are excited to share our findings with you.

Download the white paper for free today!

Protecting Client Data:

The Biggest Challenge for Law Firms

Protecting client data is a top concern for law firms of all sizes. While most firms are diligent in protecting sensitive data and complying with local, state, and federal regulations, some are not.

After being asked to identify their most significant challenges when it comes to safeguarding client data, 58% of law firms cited, “managing the sheer volume of data,” and, “ensuring data is secure,” as their primary concern. These findings make sense if we consider that, on average, law firms store more than 5,000 gigabytes of data. The large volumes of data makes it difficult for law firms to constantly comply with the most up-to-date security protocols.

Top Threats

Your client’s data is constantly in danger from simple breaches, such as those resulting from a stolen laptop to even more extensive hacking schemes.

Here are a few actions you’re probably doing now that can endanger your clients most sensitive information.

• 

  Skipping Assessments – To help prevent a data breach, an annual inventory should be taken to understand what devices and data you have, where they are located, and who has access to them. It’s also essential to conduct a security and risk assessment. How vulnerable is your information? What would the ramifications be if it was stolen?

• Understaffed and Underfunded IT Departments – A majority of IT departments are usually very understaffed and overburdened with day-to-day work. This leaves little time for them to improve their security infrastructure, as they always react rather than improve.
• Lack of Employee Security Training – Analysts claim that non-malicious attacks are the most common security breach that law organizations face. Unfortunately, many legal companies have failed to adequately train their employees on IT security basics.
• Cloud Migration & Apps – Your business needs to make sure it has a good strategy when it comes time to migrate, including fundamentals like access control and governance, API integrations, and continuous monitoring.

Recent Law Firm Breaches

New York City’s Law Department (July 2021)

Grubman Shire Meiselas & Sacks (May 2020)

Vierra Magen Marcus (May 2020)

Mossack Fonseca (April 2016)

Top Cybersecurity Trends for 2022

Use Password Authenticator – Password authentication is a method in which a user enters a unique ID and key compared to previously stored credentials. It is one of the quickest forms of security; you can set up your device to require some identification before letting someone access it. This can be done using a passcode, PIN, password, fingerprint, or a 2-factor authentication (2FA).

Use Effective EDR – Using effective EDR (Endpoint Detection and Response) tools can help you improve the security of your network by aggregating data on endpoints, including process execution, endpoint communication, and user logins.

Move to a Virtual Server – Moving to a virtual server is essential as it has many benefits that address the security concerns law firms face. These benefits include getting the ability to prioritize critical traffic and improving network agility while reducing the burden from the IT department.

Isolated Backups – A remote or isolated backup is stored separately from other backups and is inaccessible from the end-user layer. Creating a remote backup helps to reduce security breaches, especially ransomware attacks.

Know Your Network Map – Understanding the network map is critical to complying with data privacy regulations as it provides an overview of devices and data on your network. This overview is crucial in identifying and minimizing the attack surface of a system. It will also uncover devices that IT staff may not know are there—for instance, an old, decommissioned server.

Timely Software Updates – It sounds simple, but vulnerabilities caused by outdated software are a significant problem. Keeping all the software up to date is essential for better performance. It also helps discourage potential cybercriminals who like to take advantage of previously-found weaknesses in software.

Data Encryption – In 2022, law firms must use encryption methods for systems, data in the cloud, data at rest, and data in transit to protect their files. Hard drives, USB devices, and phones should also use encryption if they are holding sensitive data

To read the cybersecurity trends for 2022 in detail, download our free white paper today.

Conclusion

By 2023, 80% of law firms will have experienced a data breach, according to research from LexisNexis. Given the rising number of cyber-attacks law firms face, it is necessary to take cybersecurity seriously. Law firms can better protect their sensitive data against these cyber threats by investing in the latest security technologies.

Protecting sensitive client data is essential for all law firms.

Stay on top of the latest trends and best practices for data security by downloading our white paper today! We highlight what law firms should be doing to protect their data and prevent a breach from ever happening. Protected Harbor also has other resources to prevent a law firm data breach, which you can access free from our digital library.

Keep in touch for more tips on how to keep your company safe from cybercriminals.

These Cloud Vulnerabilities Will Cause Your Next Data Breach

Cyber security is a constant race between businesses and hackers in the digital world. Every new technology has potential risks that must be understood and addressed before implementation. New threats are emerging all the time and cloud computing is no different. Many types of cloud services are being used by businesses more than ever before.

In fact, according to Gartner, private cloud services will continue to grow faster than public cloud services in the next few years. However, some types of clouds are riskier than others regarding cyber security. Several vulnerabilities can expose your company’s data when using any cloud service or Software as a Service (SaaS) application.

This article lists common vulnerabilities you should know about before using any cloud-based system or software.

Understanding Cloud Vulnerabilities: Protecting Sensitive Customer Information

As businesses increasingly turn to the cloud for their computing needs, it’s important to consider the potential vulnerabilities of storing sensitive customer information in a shared infrastructure. Cyber attacks are a constant threat, and unauthorized access to personal data such as social security numbers, financial information, and other sensitive information can lead to identity theft and other serious consequences.

Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) are two popular cloud computing services businesses use to store and access their data. While the cloud offers many benefits, knowing the potential risks is important. Cloud providers are responsible for securing the underlying infrastructure and providing secure cloud access. Still, businesses are responsible for securing their own data and applications that run on top of the cloud infrastructure.

One way to protect sensitive customer information is by using a hybrid cloud model, which allows businesses to keep some of their data in a private data center while still taking advantage of cloud computing resources. This approach can provide additional security and control over customer data.

Another important consideration is the use of virtual machines in the cloud. Virtual machines can help isolate applications and data, limiting the impact of a potential cyber attack. It’s also important to implement access controls and encryption to prevent unauthorized access to sensitive information.

Public Exposure

The oldest blunder in the book is setting up a new cloud resource but leaving it entirely insecure and publicly visible. Your unprotected public assets will almost certainly be found because hackers today frequently use automated tools to scan target networks for any exposed assets.

By 2022, nearly 50% of businesses would unknowingly or accidentally have some IaaS storage devices, networks, apps, or APIs directly exposed to the public internet. This number is up from 25% in 2018.

Excessive Permissions

Fast company operations are one of the main advantages of switching to the cloud. However, access credentials are routinely distributed hurriedly and needlessly in the interest of expediency, resulting in many individuals having excessive permissions for which they have no business need for. If any of those credentials end up in the wrong hands, attackers would have unrestricted access to private information.

By 2023 (up from 50% in 2020) 25% of security breaches will be due to improper handling of login credentials, identities, and privileges, predicts Gartner.

Lack of Multi-factor Authentication for Privileged Users

One of the most typical cloud vulnerabilities is the absence of Multi-Factor Authentication (MFA) for users assigned to privileged administrative positions in control. Access for privileged users must be as secure and feasible in any cloud environment. A company may suffer severe repercussions if a fundamental security measure like MFA is not enabled.

It is straightforward for malicious actors to exploit privileged accounts without MFA being enabled. These accounts are vulnerable to brute force assaults due to lacking MFA. Hackers can use these accounts to entirely disrupt an organization’s operations and steal its data because they often have high administrator permissions.

Insecure APIs

APIs, or Application Programming Interfaces, are frequently used to simplify cloud computing. APIs make it very simple to share data between other apps, improving convenience and efficiency. However, if they are not secured, this can lead to multiple cloud vulnerabilities and become an easy entry point for malicious attackers.

Threat actors can launch DDoS assaults and obtain access to sensitive company data by taking advantage of unsecured APIs while remaining unnoticed. In fact, by 2022, API abuses are anticipated to overtake other attack methods as the most popular, according to Gartner data.

Final Thoughts

If companies using the cloud do not consider limiting the dangers that accompany it, they are taking a preventable yet significant risk. The IT processes teams use to develop and deploy applications in the cloud infrastructure must be well integrated into a company’s strict cloud security rules.

The use of cloud computing has changed how businesses and hackers operate. Both new opportunities and threats related to cloud security have been introduced. Enterprises must continuously address the dangers and difficulties associated with cloud security while implementing the appropriate security technologies to facilitate operational work.

It’s essential to understand the potential vulnerabilities so that you can mitigate them. Suppose you have any concerns about your current cloud environment. In that case, you can consult with a cloud consulting company like Protected Harbor to help you assess the risks and implement practices to avoid data breaches.

Protected Harbor‘s cloud security solution integrates the latest security technologies with your cloud infrastructure. Businesses can take advantage of cloud computing’s capabilities with the right technology and the help of cloud security specialists.

We have researched and created an e-book for companies looking to migrate to the cloud. This e-book helps them to understand better the benefits as well as the risks that come with cloud migration so that they can plan. Get your free copy of the e-book today!

Malware Hits Millions of Android Users:

The Top 5 Apps You Need to Uninstall Right Now

There’s nothing scarier than malware. When it comes to Android apps, users always have to look for possible threats. However, things are not as simple as they may seem. Researchers at Check Point discovered a new strain of malware called a, “false positive,” that targets users through Google Play by uploading malicious apps under user-friendly names.

This is how it works:

The malware tricks you into installing a seemingly harmless app onto your phone. But once you install it, the app will download other malicious apps and start reading your sensitive data without your permission or knowledge. You might be wondering about which apps are putting you at risk, but don’t worry, we have you covered.

Here’s a brief list of the top 5 offenders, which you need to uninstall immediately if you haven’t done so yet.

So, What Happened?

Another group of seemingly innocent Android apps that are meant to spread malware to endpoints and charge unsuspecting users for services has been discovered by researchers.

The Dr. Web antivirus team found the most recent batch, including wallpaper programs, keyboards, picture editors, video editors, and an occasional cache cleaner or system maintenance app. They have altogether received more than 10 million downloads overall.

After escaping Google’s stringent security measures, twenty-eight apps in total were discovered in the Google Play Store. You can see the complete list of infected android apps here.

Android Apps Hacked

Regarding the damages, the method is mainly unchanged.

Once the malware or “app,” is downloaded, most applications will try to hide, appearing as regular system apps in the app drawer. They do this with the hope that people won’t uninstall them. Then, to generate more revenue, the applications constantly push advertisements and try to sign the victim up for various premium services.

If users hadn’t granted the necessary permissions to the apps, none of this would have been possible. Even though the apps have a straightforward design and do what they claim to, they frequently request advanced permissions from users, such as the right to be exempt from battery-saving features, to run in the background even after the user closes the app, which is a big warning sign in and of itself.

Three of the apps are still available on the Play Store, though most have already been removed. Even if all of the apps were removed, they have still been downloaded millions of times. Thus, they will continue to pose a threat until they are completely deleted from the smartphones of all victims.

Below is a short list of the 5 malicious apps researchers have found that you should remove immediately:

FastCleaner: Cache Cleaner

Before Google discovered the true intentions of the app, Fast Cleaner had amassed over 50,000 installs. Using a time-tested technique, a brand-new banking trojan was introduced into the Android handsets of unsuspecting users across the country designed to steal login information as well as to intercept text messages and notifications without anybody noticing anything strange.

ES File Explorer

The most well-known file explorer app was probably ES File Explorer. That’s because five years ago, it was actually a really good app.

So, why is bad?  Bloatware and adware were prevalent within the free edition, and users were constantly nagged to download more apps via pop-up notifications that you couldn’t turn off. However, things worsened when the once-popular app was removed from the Play Store for engaging in click fraud through its advertisements.

For those unaware, click fraud is the practice of secretly clicking background advertisements on consumers’ devices.

You can still download dozens more imitators from the Play Store in addition to the ES File Explorer APK nowadays. However, the program should not be used in any of its iterations.

Virus Cleaner

Virus Cleaner – Antivirus Free and Phone Cleaner by Super Cleaner Studio, an app with over 14 million downloads, illustrates everything wrong with the Android ecosystem. It includes many advertisements, many of which are for products and services with a dubious reputation. Additionally, it “claims” to be an efficient security master, phone trash cleaner, WIFI security, super speed booster, battery saver, CPU cooler, and notification cleaner. None of which can at all be accomplished to any real degree by any software install.

Really, you should be ignoring any application that claims to be a “CPU cooler.”

SuperVPN Free

SuperVPN is one of the most popular VPN apps for Android, with over 100 million downloads. But earlier this year, cybersecurity experts alleged that the app has some serious flaws that might let hackers launch Man-in-the-Middle (MitM) attacks and steal user data like credit card numbers, photographs, and private chats.

According to reports, hackers can also take advantage of the flaws to redirect a user’s connection to harmful websites, thus jeopardizing the security and privacy of the user.

Notes – Reminders & Lists

It is recommended not to download this app from its official website as there are concerns regarding its security and safety. It was detected by many anti-virus software systems as malicious. This app may be a scam as it doesn’t seem to work properly and asks for inappropriate permissions. So far, Notes – Reminders & Lists are not available in Google’s Play Store. It can only be downloaded from its official website. Either way, we recommend you staying far away from this app, as it might be a scam and may have malware hidden inside.

Conclusion

It can be challenging to differentiate between trustworthy and malicious apps. The number of pointless permissions an app requests is the one clear sign that should always cause alarm. Does a flashlight app really need access to your location? Does a cleaning app really need access to the camera or microphone?

Richard Luna, CEO of Protected Harbor, stated: “This attack is not a surprise; it should be expected.  As more work is performed on mobile devices, those devices, like desktops, will be the main point of attack.  Application development platforms must be better hardened to defend against this malware.

What can an end user do? Enable security and Two-Factor Authentication on as many platforms and applications as available on any platform.  If you are concerned, use a desktop over a mobile device, desktops have been dealing with this type of attack for decades.”

Nick Solimando, Director of Technology at Protected Harbor, has 3 tips for businesses that operate through a lot of mobile apps:

1. Only install mobile apps from providers you trust. Since harmful programs are getting better at hiding in plain sight, downloading from reputable sites is no longer the only recommendation.
2. Always check the app store ratings and reviews before downloading. Users should check the reviews because they offer a reliable indication of the apps’ reliability. Additionally, be sure to verify, as threat actors have been known to spoof some of them. It’s better to avoid an app if there are few reviews for it.
3. Periodically go through your mobile device and uninstall extra apps you no longer use. This will not only make you safe, but you’ll also ease memory space.

Despite Google’s constant efforts, thousands of risky apps, including malware, adware, spyware, and bloatware, may be found on the Play Store. The ones above have made it onto our list since they are some of the most frequently utilized risky Android apps.

These apps are very common and can be found on every device. However, they have been infected by malware, so they will likely try and more than likely, successfully steal your data. It’s best to uninstall them and proceed with extreme caution if you can. Always keep your device as well as apps up-to-date and avoid using third-party app stores. Android users can stay safe from potential threats by installing and keeping the latest version of their mobile operating system and using security software for mobile devices.

Protected Harbor uses the latest threat detection and prevention technology to keep your network safe and secure. Our devices are also updated regularly, keeping them secure and up to date with the latest security patches. Our software is installed in your systems to monitor suspicious activity – it can be installed on desktops, laptops, or in the cloud.

We secure your endpoints so that you can be assured your network is protected from malware and cyber threats. We protect your network by monitoring critical network assets, preventing unauthorized access to sensitive information, blacklisting malicious software, and providing real-time threat detection and response.

We are giving a free IT Audit and penetration testing for a limited time, contact us today and get one.