The RobbinHood Attack Could Cost of Baltimore $18 Million

the robbinhood attack could cost of baltimore 18 million

In May 2019, the city of Baltimore found itself in major IT trouble.

A crippling ransomware attack took down systems in almost every department of the government. Files were encrypted and couldn’t be recovered. The perpetrators demanded 13 Bitcoin — about $76,000 — to restore the files.

To its credit, the city refused to pay the criminals. To its discredit, the city’s IT management was in such bad shape that fixing the damage cost the city millions. It was completely unprepared for any large-scale data disaster. Other IT operations should learn from Baltimore’s example and avoid its mistakes.

The Attack

The ransomware that hit Baltimore goes by the name of RobbinHood. It’s an aggressive piece of malware that attacks Windows computers. It starts by stopping services that could interfere with encryption, including security software. It disables Windows automatic repair. Only then does it encrypt the documents on the computer and display a message demanding payment.

Currently there’s no known way to recover the files without paying.

The attack on Baltimore’s systems disabled email and other services. Large numbers of important records were lost. The city’s emergency services, including the police and fire departments, withstood the attack apart from losing email access. Few other systems did as well.

Email and payment processing systems remained down for weeks. People were unable to pay taxes and fines. Lack of access to data held up real estate transactions.

According to current estimates, recovery has cost the city $18.2 million, including lost revenue. It could be even more. Money was diverted from services to pay the costs, and taxpayers will certainly feel the pain. The good news is that it will pay for major improvements in IT security.

Baltimore’s Mistakes

No network on the Internet is 100% immune to ransomware. It’s necessary to be prepared for the worst. Baltimore’s IT setup wasn’t prepared at all. Some of the problems were so plain that city councilors called them “mind-boggling.” Critical data was stored on desktop machines, with no systematic backup.

The city had no IT disaster recovery plan. It had no insurance against data disasters. Ransomware insurance is a growing business, but the city of Baltimore hadn’t taken advantage of it.

Computers weren’t regularly patched to remove Windows vulnerabilities. The systems were full of weaknesses just waiting to be exploited.

The blame fell on the city’s CIO, who has been suspended from his job. He faced criticism for poor communication after the attack. He had taken measures to improve security after a 2018 ransomware incident, but they proved to be insufficient.

How to Avoid a Ransomware Disaster

Every IT department should assume a ransomware attack can happen. Being prepared requires two things. The first is to make the systems as resistant to harm as possible. The second is to be able to recover quickly and without permanent data loss.

All important data needs to be kept on well-protected servers and backed up. Desktop machines are highly exposed to the Internet and run all kinds of software. Their users mostly aren’t skilled in data management. Entrusting important data to those machines is an invitation to disaster.

Cloud storage is the best choice in many cases. It’s stored off the premises, and it’s professionally managed for the best protection against failure of all kinds.

A network should have a disaster recovery plan in place. It protects not only against ransomware but against natural disasters and physical theft. Disaster recovery requires offsite backup and a way to get systems running again quickly. The plan should be periodically tested to make sure it works.

Is Your Security Up to Par?

Security plans need to be multi-layered and regularly updated. You can’t just throw something together and hope it’s good enough. Bluwater understands ransomware, hardware failure, human error, and other threats to data. We can provide assistance ranging from consultation to full security management.

Contact us to learn how we can help you to avoid scenarios like the one Baltimore faced.

Top Cloud Security Threats Include Misconfiguration

top cloud security threats include misconfiguration

The shared, on-demand nature of cloud computing can only lead to more concerns about data security on one hand and often forgotten areas like misconfiguration on the other.

Best Practices Begin with a Solid Cloud Adoption Strategy

The Cloud Security Alliance (CSA) actually pegs misconfiguration as a very real component to security threats. The Alliance is the leading global organization that not only sets “standards, certifications as well as best practices,” but annually lists top threats to cloud security. The biggest risks to today’s cloud strategy are related to an overall, poor cloud-adoption strategy. 

Invariably, overlooking these areas can torpedo a company’s risk-management game plan. Generally, these sectors include data breaches, of course, but also:

  • Misconfiguration and improper change control
  • Overlooking the importance of cloud security architecture/strategy
  • Faulty permissions strategy, and credentials
  • Threats from inside the company
  • Accounts ‘stolen’ by a hacker
  • Vulnerable APIs and interfaces
  • Vulnerable routing protocols (control plane)

Secure Your Single and Multiple Cloud Networks

According to CSA, these ‘call-to-actions’ should be a high priority for SMB decision makers in order to secure their single, or multi, cloud strategies. 

“The complexity of the cloud can be the perfect place for attackers to hide, offering concealment as a launchpad for further harm. Unawareness of the threats, risks and vulnerabilities makes it more challenging to protect organizations from data loss. The security issues outlined….are a call to action for developing and enhancing cloud security awareness, configuration and identity management,” said John Yeoh, Global Vice President/Research for CSA.

Contact us to discover how you can partner with a proven, managed service provider (MSP) to achieve your security goals. Our expertise can not only help you deploy your programs and apps to the cloud, but provide all the necessary security backups in a timely manner—and with minimal disruption to your network.

What You Need to Know About Container Security

what you need to know about container security

Containerization has revolutionized software deployment. It allows faster deployment cycles, easier scalability, and consistency across environments. It’s a standard part of the DevOps process. Containers provide clear benefits in security, but they offers their own challenges.

Making a containerized environment run smoothly and securely requires specialized expertise and experience. Bluwater provides the management and support to keep the software running and minimize the risks.

Understanding Containers

Software applications have many dependencies. They use runtime environments, subroutine libraries, and system services. They need to adapt to the operating system on which they run. A container puts all the dependencies into a single package that’s deployed as a unit. The software on which the application depends will always be the same.

For instance, suppose an application runs on a Java Virtual Machine (JVM). Containerization ensures that each instance runs on the same version of the JVM, no matter where it’s deployed. The developers and admins don’t have to worry about having to run under an outdated or unpatched JVM.

However, a container isn’t a monolith that does everything the application needs. More commonly, it’s split up into services, each of which has its own container. Services communicate through APIs.

Many container instances can be deployed on one machine. The number can be scaled up or down to meet current needs. Each one runs independently of the others. However, a container isn’t the same as a virtual machine. All the containers on a host run under the same instance of the operating system. Containers aren’t as fully isolated from each other as VMs are.

Security Benefits and Concerns

Containerization isn’t a total solution to all security problems. It makes some issues easier to deal with but introduces its own concerns. The NIST Application Container Security Guide gives a detailed summary of the issues and best practices.

Benefits

The big advantage of containers, from a security standpoint, is control. A software release contains tested and trusted versions of all supporting libraries and runtimes. As long as they are kept up to date, they will be up to date wherever the release is installed. It’s only necessary once to make sure that the latest patches are included.

When software has to run in a diversity of environments, it’s harder to test all the cases. Bugs can slip through, opening the way to attacks. Containers provide a consistent environment, one which can be tested more exhaustively. There’s less need to worry about special cases.

Concerns

The negative side is that containers offer a consistent, predictable target. If a container has a vulnerability, every deployed instance has it. This simplifies the job of anyone trying to attack it.

Containers aren’t as isolated from each other as VMs are. Depositing malware into one container could mean easy proliferation to all the others on the same host. They could mutually re-infect unless all the compromised instances are taken down at the same time.

How to Heep Containers Secure

With proper management, a containerized environment can maintain a high security level. The old techniques don’t always work, though. The NIST guide recommends a set of practices for keeping risks low. Here are a few tips based on it.

  • Use an OS tailored for containerization. Since containers include everything they need, a lot of standard operating system components and services aren’t necessary. Using a distribution that trims them down to a minimum reduces the attack surface.
  • Use security tools which are designed for a container environment. Standard anti-malware tools often aren’t designed to cope with large numbers of identical processes that appear and disappear. Make sure your security software is rated for containerized deployments.
  • Group only related containers under the same host. Having just one application (including all its services) running on a host reduces the opportunities for cross-application attacks.
  • Use hardware-based security to isolate containers. The less visible containers are to each other, the harder it is for infections to spread.

Bluwater provides the most up-to-date security solutions, letting you focus confidently on your business needs. Consulting, threat detection and removal, vulnerability testing, and user security are just some of the ways we can help keep your systems safe. Each kind of environment poses its own challenges, and we have the experience and expertise to protect them all.

Contact us to learn how we can help with your security needs.

Forbes: Does Your MSP Have Your Back?

forbes does your msp have your back

While small businesses, like their larger counterparts, need end-to-end services to keep them running smoothly—file sharing, software, and security as a service to cloud backups—less-experienced MSPs may simply be riding the cloud surge to keep their doors open.

As the Forbes Technology Council notes:

“…so many MSPs are newbies and/or are opportunistically hanging out where the action appears to be. It appears that the accent today is more on “provider” and less on “service.” A fair number of MSPs have taken to selling the cloud — a “best of times” development at first blush.” 

Sizing up your MSP…

Aside from basic services, does your MSP stand ready to do the really heavy lifting in times of Disaster Recovery, or handling hybrid installs with your latest SaaS applications?

SMB owners often place their networks ‘at risk’ on many fronts when timely security updates are shuffled to the bottom of their to-do-lists. What’s more, just attempting to keep ahead of the latest IT developments can translate quickly to poor productivity in light of ever-changing market conditions.

Vetting your MSP…

Make sure you’ve made a list of questions to ask your potential candidate. including:

  • Do they offer more than off-the-shelf, basic services—can they tailor services to your specific needs?
  • How many years in the business?
  • Staffing: Level of engineering experience?
  • Is the service level agreement fit your needs? Penalties for not meeting requirements

Ask the tough questions….

A ‘biggie’ is making sure the MSP is SSAE (Standards for Attestation Engagements) compliant, offering 14-day retention, for example, with its managed backups, as well as “application-level protection, advanced monitoring, and multilevel intrusion prevention, SSL capability, hardware firewall, and IP-restricted FTP.”

BluWater Technology can offer your company levels of expertise tailored to your growing needs. Contact us to learn how our services can help your business run more efficiently: we improve bottom lines by bringing ‘fixed costs’ to your operation’s IT expenditures.

Mobile Security Threatens Company Data

mobile security threatens company data

According to CIO magazine, a Gartner analyst two years ago pointed to the “growing shortage of cybersecurity resources” and how those impending threats to company networks continue to grow:

“Companies are worse off by 100% (with cybersecurity) compared to 10 years ago because the world is more complicated now…Companies have definitely raised the cybersecurity bar, but criminals can keep going higher than the bar.”

BYOD brings security risks to company data

Unfortunately, employees unwittingly connect to Wi-Fi hotspots that are traditionally not safe, from coffee shops and restaurants to airports and hotels. Instead, device users should connect through a virtual private network (VPN), one of the many services an experienced MSP can offer. 

Gartner’s prediction provides that clarion call for businesses with remote, cloud operations to address these ‘new’ security risks, particularly with the incorporation of mobile devices (BYOD) in the workplace.

“When employees connect to public WiFi without using a VPN app, they put their company’s data at risk,” notes the head of Avast Software’s mobile division.

Global survey: More than half of SMBs use in-office/remote employees

 A global survey of IT pros found that “fifty-eight percent of SMBs now have a mix of in-office and remote employees.” What’s more, those employees are working 2 to 3 days a week from home.

Even more reason for SMBs to consider using a management service provider ( MSP) for mobile-device management. MSPs utilize a set of protocols and platforms to mitigate risk associated with the proliferation of BYODs.

In addition, a seasoned-pro, like BluWater, can manage a company’s firewall, antivirus and application upgrades/updates—and even conduct a vulnerability assessment of a company’s, on-premise networks.  

Contact us today. We can help you implement a  BYOD strategy that fits your needs. Companies rely on us to provide them with the security and scalability to make them successful now and into the future.