USB Drives and Software Exploits Affect Businesses and Schools
Hackers continue to try and find new ways to trick computer users, compromise business systems, and steal critical data. And they’re doing it with tactics both old-fashioned and newfangled.
The FBI recently issued a security advisory alerting businesses to watch out for fake letters containing USB drives loaded with malicious software. These letters were delivered to thousands of addresses across the United States via standard mail and purported to come from the Department of Health and Human Services, Amazon, and UPS. If the USB stick was inserted into a computer, the hackers who sent it could access private networks, install dangerous code, and even roll out ransomware attempts.
The Eastern European cybercriminal group that security experts believe sent the letters is well known to international law enforcement. So well known, in fact, that they think it could also be responsible for a recent service interruption affecting schools in New York City. Although the tactic used in that attack remains unclear, experts suspect it could be attributed to a more complex exploit of software used by teachers to record grades, track attendance, and communicate with students and parents.
Although the security incident is so far limited to public schools in New York, the company that manages that software also supplies it to 5,200 other districts and schools across the United States—with 17 million students in total. As of press time, the US Education Department reported that no student information had yet been stolen.
But these cyberattacks remind us of the broad reach and ingenious maneuvers—of just this one criminal group. In recent years, it has also stolen millions of credit card numbers from restaurant chains in 47 states, set up call centers to try and sell fake cybersecurity support, and even mailed out fake Best Buy gift cards to try and entice unsuspecting users into clicking dangerous links.
So what can you do to protect your business from these evolving tactics?
CMIT Solutions recommends the following five strategies:
1. Know how to spot a scam. As tactics change, so must our response. Everyday users who receive a suspicious letter or email should know what scams and phishing schemes look like. Be particularly wary of misspelled sender names, unfamiliar email domains, awkward phrasings, requests to call a number or visit a web link, and/or long strings of random characters in any part of a message (like addresses or URLs). And if a spam mail or fake letter is received, preserve the evidence and report it—to a trusted IT provider if you’re already working with one, or to a law enforcement agency. In its advisory, the FBI asked businesses to handle fake USB drives and letters “with care to preserve DNA and fingerprints that may be obtainable from the package.”
2. Deploy proactive monitoring and maintenance to stop infections before they occur. Comprehensive cybersecurity protection is only possible with multiple layers of network security: intrusion detection, incident reporting, event management, and real-time response to attacks. A trusted IT provider should rely on this kind of approach as the foundation of any cybersecurity protection. With new ransomware strains and hack tactics showing up all the time, it’s imperative to partner with a reliable provider who keeps a dynamic eye on your systems—and the changing cybersecurity landscape.
3. Make sure data backups are updated regularly—and stored off-site. When it comes to malware and ransomware, the best way to respond to an attack is to rely on a recent, remote data backup. Unfortunately, many companies only store their backups on devices that are connected to the main network—or only back up their data remotely once a week or month. If a cyberattack compromises one computer, it will often spread to any network to which that computer is connected instantaneously. The only way to completely recover from a ransomware infection like that is to have a current, conveniently accessible version of your data stored separately from any infected network (preferably on the cloud or in a remote location). That gives an affected business the ability to bounce back without having to pay a ransom.
4. Roll out multi-factor authentication for all login credentials on all devices. Multi-factor authentication (MFA) requires users to log in with something they know (their password) and something they have (a unique code usually delivered by text, or a second login completed with a thumbprint or other personalized confirmation via a mobile app). This extra step takes a few more seconds, but MFA can neutralize the negative impact of a stolen password and give your company and your employees an extra layer of protection.
5. Ensure all software updates and security patches are deployed automatically. Beyond the tactics outlined above, hackers often try to take advantage of outdated operating systems or security vulnerabilities in well-known software applications. These can often lead to widespread outages or targeted attacks, particularly when a legacy OS like Windows 7 reaches its “end of life.” That makes automatic software updates and security patches a must for basic business safety. A reliable IT provider can roll these updates out in the background and during off-hours to avoid downtime and disruptions. If your company is running legacy applications or still using old PCs, take action now before you become a target for hackers.
If you suspect that your business has been targeted by scams, spam, or ransomware attempts, contact CMIT Solutions today. We construct multiple layers of cybersecurity around the data and devices of our clients, working 24/7 to protect sensitive information and spot illicit attempts before they negatively affect day-to-day operations. If you want a North America-wide network of more than 800 franchise owners and IT technicians on your side, we can help with comprehensive protection and cutting-edge insight into the changing cybersecurity landscape.