Every day all over the world, companies fall victim to cybersecurity attacks.  It’s nearly a constant these days.  Many of these attacks are preventable with the right amount of attention to detail in system setup and hardening.  The three common themes in postmortem examination of all of these attacks boil down to 1) human error; 2) configuration error; 3) failing to proactively defend.  In this series of six posts, we will dive into each attack’s anatomy, the attack vector, and the ways companies can attempt to avoid being victim to them.  In the last post, guest bloggers from G2 Insurance will walk through how insurance companies react to claims, what to watch out for in your policies, and appropriate coverage levels for cyber insurance based on their experience handling claims.

#1  Email Spoofing and Wire Fraud

This attack is essentially a wire instruction interception/redirection or wholly fake request for a transfer.  This is an event that comes up daily or at least weekly in any cybersecurity professional’s world.  This attack typically plays out with a threat actor masquerading as a legitimate authority within a company, typically someone in the C-suite or Director level.  To make it successful, the recipient of the wire transfer request has to believe it’s legitimately originating from one of those authoritative people.

One way attackers do this is using actual stolen credentials.  Despite the flood of data security breaches and database hacks, people unfortunately still use weak passwords and also re-use passwords.  We have seen dozens of instances of successful credential attacks where the attacker used publicly available database leak information to gain unauthorized access to corporate accounts.  The approach goes like this: an attacker harvests information regarding corporate leadership from various data sources about companies (LinkedIn, Dunn & Bradstreet, Bloomberg, Google Finance) and chooses a few people to target.  They then cross-reference those names to leaked credential databases, often times hosted on Darkweb sites, IRC chat rooms, or other forums dedicated to hacking.  If the attacker is able to find other accounts belonging to their targets that have been compromised and have a password, they can try that password, and tens of thousands of variations of it, to attack the corporate account of their victim.Continue Reading Top Five Most Common Cybersecurity Attacks and How to Prevent Them – Part 1: Email Spoofing and Wire Fraud

Seyfarth eDiscovery Partner Richard Lutkus, along with William Lederer from Relativity and Patrick Zeller of Gilead Sciences, Inc., will host a panel discussion titled “Brave New Words: Cloud Data Collection, Processing, and Hosting” at this year’s RelativityFest on October 24, 2017.

This session will provide attendees with information about new data collection methods with tools

When you bring to mind someone “hacking” a computer one of the images that likely comes up is a screen of complex code designed to crack through your security technology.  Whereas there is a technological element to every security incident, the issue usually starts with a simple mistake made by one person.   Hackers understand that it is far easier to trick a person into providing a password, executing malicious software, or entering information into a fake website, than cracking an encrypted network — and hackers prey on the fact that you think “nobody is targeting me.”

Below are some guidelines to help keep you and your technology safe on the network.

General Best Practices

Let’s start with some general guidelines on things you should never do with regards to your computer or your online accounts.

First, never share your personal information with any individual or website unless you are certain you know with whom you are dealing.  Hackers often will call their target (you) pretending to be a service desk technician or someone you would trust.  The hacker than asks you to provide personal information such as passwords, login ids, computer names, etc.; which all can be used to compromise your accounts.  The best thing to do in this case, unless you are expecting someone from your IT department to call you, is to politely end the conversation and call the service desk back on a number provided to you by your company.  Note, this type of attack also applies to websites. Technology exists for hackers to quickly set up “spoofed” websites, or websites designed to look and act the same as legitimate sites with which you are familiar.  In effect this is the same approach as pretending to be a legitimate IT employee; however, here the hacker entices you to enter information (username and password) into a bogus site in an attempt to steal the information.  Be wary of links to sites that are sent to you through untrusted sources or email.  If you encounter a site that doesn’t quite look right or isn’t responding the way you expect it to, don’t use the site.  Try to access the site through a familiar link.

Second, whether or not you have a Bring-Your-Own-Device (“BYOD”) program at work chances are you will at some point be using a mobile device to conduct to conduct business.  Don’t feel that your mobile phone is invulnerable to being compromised. (Every networked device — Apple, Microsoft, Android, Linux, etc. — can be compromised)  Mobile hacking is one of the fastest growing areas for exploiting individuals and companies.  This is largely because people do not typically have security programs — such as anti-virus software — on their mobile device.  Additionally, people often connect their mobile devices to public networks, like those available at coffee shops, hotels, etc. — these networks are not secure.  Your best defense against having your mobile device hacked is to install a decent security app and be sure to turn off the Wi-Fi, Bluetooth, and Hotspot settings when they are not in use.   Also, try to only install apps from companies you recognize.  Further, mobile banking and purchasing apps make life easy, but if you don’t have security software — or if you are conducting a larger transaction — you may want to do it on your computer.

Next, If your computer’s security software pops up a security warning, pay attention to it.   Often times we are in a hurry and tend to click through these types of warnings, but that is a mistake.  The warning is there for a purpose whether it is a flag indicating that a website is potentially dangerous or a notice that your computer has detected malware.  When you see a warning it is best to stop what you are doing, close down any open websites, and call your help desk.  You may also want to scan the computer with your security software.  However, be careful of “security warnings” that pop-up from websites.  If the warning does not look like the warnings you are used to, and does not indicate the name of your security software, it may be a malicious attempt to compromise your computer.

Finally, don’t plug USB drives into your computer unless you know where it comes from and where it has been.  Rouge USB drives are a method by which hackers get malicious programs onto your computer.  The drive may contain an enticing file that when clicked, loads a virus onto your computer, or in some cases the drive may load the malware simply by being plugged into your USB port.  So, if you find a USB lying around it is best to turn it into IT, or throw it away.
Continue Reading Cyber Security Best Practices

The use of open file sharing platforms in business continues to increase in 2017; Dropbox alone has over 200,000 active business accounts. Unfortunately, the convenience of these platforms and the increase in use by businesses attracts the attention of hackers a well.  File sharing platforms and accounts have a high “hack value” — the overall

Yesterday, organizations around the world were hit by yet another ransomware attack.  Similar to the recent WannaCry attacks, the Petya attack works to encrypt documents and files and subsequently demands a ransom to unlock them.  Unlike WannaCry, it is believed that the Petya attack spreads internally through an organization (rather than across the Internet) using

On June 13, 2017, the Department of Homeland Security published an alert regarding malicious cyber activity by the North Korean government, known as Hidden Cobra.  Per the DHS and FBI, Hidden Cobra uses cyber operations to the government and military’s advantage by exfiltrating data and causing disruptive cyber intrusions.  Potential impacts of a Hidden Cobra

The 2017 edition of The Legal 500 United States recommends Seyfarth Shaw’s Global Privacy & Security Team as one of the best in the country for Cyber Law (including data protection and privacy). In addition, based on feedback from corporate counsel, the co-chairs of Seyfarth’s group, Scott A. Carlson and John P. Tomaszewski, and

Recently, a widespread global ransomware attack has struck hospitals, communication, and other types of companies and government offices around the world, seizing control of affected computers until the victims pay a ransom.  This widespread ransomware campaign has affected various organizations with reports of tens of thousands of infections in as many as 99 countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan.  The software can run in as many as 27 different languages.  The latest version of this ransomware variant, known as WannaCryWCry, or Wanna Decryptor, was discovered the morning of May 12, 2017, by an independent security researcher and has spread rapidly.
Continue Reading WannaCry Ransomware Attack: What Happened and How to Address

In Realpage Inc. v. Enter. Risk Control, LLC, 2017 BL 102339 (E.D. Tex. 2017), the court ordered Enterprise Risk Control, LLC (“Enterprise”) to produce forensic images of devices used by a former Realpage employee to a forensic neutral in order to determine whether any source code was recoverable pertaining to Realpage’s allegations of misappropriation.

Background

After leaving employment with Realpage in 2012, Tom Bean (“Bean”) started his own software development company named IDC. Bean and IDC were hired by former Realpage employee, and active Enterprise employee, Lonnie Derden (“Derden”) to design a vendor compliance application that was “completely different” than the one in place at Realpage. In July 2013, Enterprise hired Bean as a full-time employee and it was at that time that Bean transferred all of his source code for the vendor compliance application from IDC’s computers to Enterprise’s computers. According to Bean’s affidavit, he deleted all versions of his source code from IDC’s computers after the transfer.

Pursuant to this lawsuit, Enterprise made the vendor compliance application source code from July 2013 to the present available to Realpage for their analysis. During their review, Realpage found comments in the source code referencing dates from 2012 and early 2013, which Realpage argued indicated that versions of the source code from that point in time must exist. While the court rejected this argument, they recognized that Realpage’s complaints surround code that existed on or before the date that Bean transferred the source code to Enterprise. The court concluded that “a tailored [forensic] examination is appropriate at this time to determine whether the missing code is recoverable or to enable effective cross-examination as to its destruction.” Id. at *2.
Continue Reading Court Orders Enterprise to Engage in Forensic Imaging and Analysis