Recent Cyber-Attacks Highlight The Urgency Of Strong Cybersecurity For All Businesses

If the software your organization used to close deals and pay employees unexpectedly went down and you had no idea when it would be fixed, what would you do? Could you continue doing business? How much money would you lose? Unfortunately, in June, this happened to over 15,000 US- and Canada-based car dealerships when two cyber-attacks occurred on the popular industry software provider, CDK Global.

This software attack shut down the sales, financing and payroll systems for thousands of dealers, forcing them to either stop business or revert to the old-fashioned pen-and-paper method. This incident should be a wake-up call for all small business owners, highlighting the importance of robust cybersecurity measures.

What Happened?

The initial attack occurred on the evening of Tuesday, June 18. Once it was detected, CDK Global immediately took the correct action, bringing the entire system offline to investigate the issue. The system was up and running again the following day until a second incident occurred, which resulted in the company bringing the system back offline. It’s thought the system was brought back online prematurely, before all compromised areas were discovered, resulting in a second attack. Cybersecurity experts are saying it could be weeks before the system is back to being fully operational.

While some businesses were able to revert to manual processes, this incident highlights the vulnerabilities that come with relying on digital systems. In our ever-advancing digital world, where most transactions are a couple of clicks away, significant issues arise when systems go offline. Critical parts of the business process, such as completing transactions, managing payroll and interacting with financial institutions, can come to a standstill. This means that until the systems are back online, many business operations cannot be fully completed, leading to delays and potential financial losses. Business owners know that there is no sale until the check clears the bank!

So, What’s Next?

CDK Global didn’t disclose the exact cause of the attack. Whether that was intentional or they are still unsure remains to be seen. Their security team will need to meticulously comb over every area of the business to determine exactly what was compromised. It’s often difficult for large companies to get the details about cyber-attacks 100% correct after the first review because they may not be able to determine the extent of an attack’s network penetration if there are multiple points of vulnerability.

In the meantime, businesses need to take a hard look at their systems for selling and operational continuity. Will they be prepared to continue doing business if and when this happens again?

This incident should serve as a wake-up call for all business leaders. If you don’t have a business recovery and continuity plan in place, you’re putting yourself at risk. And if you do, you need to ask yourself if it is high-quality, tested often and able to handle a large-scale attack where multiple operational systems are disabled. If the answer is no, it’s time to do something about it.

We’ll do a FREE Security Risk Assessment that will achieve two important things:

1. We’ll analyze your network for vulnerabilities. This will show you if and where an attack can occur, and we’ll offer solutions to patch it so you’re not actively setting yourself up to be the next cyber-attack victim.
2. We’ll help you determine what continuity or recovery plan makes sense for your organization. Cybersecurity is an essential and necessary element of doing business, but even the most robust security solutions are not 100% foolproof. This means you must have a plan to bounce back and continue doing business if something should happen to your network or to a third-party piece of software you rely on, like CDK.

To get started, call our office at 833-279-5869 or click here to book your FREE Security Risk Assessment now.

 

Vacation Travel Scams Are Up 900%

Summer is a popular time for vacation travel. If you’re looking to squeeze in any last-minute travel, there is a scam circulating that you need to be aware of. As costs for everything from food to travel continue to increase, the logical step is to search for the best deals online to book a memorable trip without breaking your budget. According to Booking.com, cybercriminals have decided to capitalize on this need and are now using one scarily convincing, AI-generated phishing e-mail that can cost victims way more than their vacation fund. Booking.com’s CISO, Marnie Wilking, shared that the organization has seen a 500% to 900% increase in travel-related scams in the past 18 months using this malicious tactic.

How are these scammers doing it? Phishing e-mails have existed since the dawn of the Internet, but AI tools like ChatGPT are making it increasingly easy to create realistic and professional scam e-mails that are more likely to trick readers. In the past, phishing e-mails were riddled with red flags such as spelling and grammatical errors. With the rise of AI, it’s easier for cybercriminals to pump out dozens of seemingly legitimate e-mails that often go undetected by software and readers.

Here’s how they work:

Scammers will use sites like Booking.com or Airbnb.com that allow people to list their places as short-term rentals. The scammers send out e-mails offering incredible rates or time-sensitive deals on nonexistent properties. After someone pays, the cybercriminals will either disappear with the money, leaving the renter without a place to stay, or use follow-up e-mails to collect additional “fees” or “charges” before vanishing.

To be clear, these vacation-focused phishing scams are NOT new. The problem now is that, with AI, more people are falling for them because these e-mails are becoming more convincing.

What can you do?

Vacationers can take several key steps to ensure they’re not being duped.

1. Use two-factor or multifactor authentication, where applicable. Having a confirmation code sent to your phone every time you log in will help prevent phishing attacks and credential theft.
2. Avoid clicking on e-mail links. If you receive an e-mail promoting a too-good-to-be-true deal, remember, it is likely too good to be true! Go to the website and search for the special. If you can’t find it, there is a chance you will avoid a scam.
3. Before booking ANY property online, make sure contact information and reviews are readily available. Have other verified users stayed at the property? If so, it’s less likely to be a scam.
4. Use credit cards for online purchases. Using debit cards that are linked directly to your bank account is dangerous. When theft occurs from your debit card, it is difficult to get your money back – if you get it back at all. Using a credit card provides an additional layer of protection.

The most important thing is to stay vigilant. Analyze every e-mail offer you receive and follow cyber security best practices. Standard security software can help detect some of these scam e-mails, but often not all of them, so it’s important to be cautious and look for red flags.

Personal scams may ruin a vacation, but business breaches can cost you and your family their livelihood. To keep your network secure, call us at 833-279-5869 or click here to book a FREE 10-minute discovery call with our cyber security experts, who can help you create a plan that protects you. We are here to help! Enjoy a well-deserved break this summer, and remember to be cybersmart.

How AI Is Fueling This New Scam

Just when you think cybercriminals will run out of new ideas for how to scam people, they find a way to get creative and surprise you. Now they’re faking data breaches, hoping to steal money from unsuspecting business owners and dark web data buyers alike.

Earlier this year, Europcar, an international car rental company from France, discovered a cybercriminal selling private information about its 50 million+ customers on the dark web. The car rental company immediately launched a formal investigation, only to find that the data being sold was fake. The information was falsified, most likely done with the help of generative AI.

 

 

How Did They Do It?

With AI-powered tools like ChatGPT, it’s easy for cybercriminals to generate realistic-looking data sets quickly. Smart cybercriminals do their research and design data sets that look complete, with correctly formatted names, addresses and e-mails, and can even include local phone numbers to match. They will also leverage online data generators that can quickly create large, fake data sets designed for software-testing purposes to develop authentic-looking data sets. Once they have these, hackers choose the target they claim to have stolen the data from and post the information on the dark web.

 

Why Are They Doing It?

Why would a hacker fake a data breach? There are a couple of reasons, besides reaping the same benefits without the work of hacking a network’s security system.

1. Creating Distractions. One of the best ways to get a company to let down its defenses is to focus on something else, like finding a breach in its system. The company will be so intent on finding where a hacker was already able to get into its network that it will likely miss an attack from a different angle.
2. Bolstering Their Reputation. Reputation is highly valued within the hacker community. Targeting a well-known brand publicly is a way for them to earn notoriety and get noticed by other hacker groups.
3. Manipulating Stock Prices. For publicly traded companies, a data breach can cause a rapid 3% to 5% (or more) drop in the stock. This can cause widespread panic, allowing cybercriminals to manipulate stocks for financial gain.
4. Learning Security Systems. Faking a data breach can allow cybercriminals to gain insight into the company’s security processes to prevent, detect and resolve attacks. Knowing threat response time and security capabilities can help them fine-tune their attack strategy.

Why Is This Bad For Businesses If The Data Is Fake?

By the time the public is made aware that the information is fake, the damage is already done. For example, in September 2023, Sony was targeted by a ransomware group that announced it had breached the company’s network and acquired its data. The breach was all over the news, where reporters repeatedly dragged Sony’s brand through the dirt, and by the time the investigation concluded that the hacker’s claim was false, irreparable damage had been done to their name.

What Can You Do To Prevent Fake Data Breaches?

If you want to avoid being the victim of a fake data breach, these are good steps to follow:

1. Actively Monitor The Dark Web. You or your cybersecurity team should routinely monitor the dark web. If you encounter an attacker selling your data, investigate the claim immediately to prevent extensive damage.
2. Have A Disaster Recovery Plan In Place. Don’t let your team wonder what they should say if a data breach occurs. This communication plan needs to be developed in advance and fine-tuned if or when a breach occurs.
3. Work With A Qualified Professional. You are in business to do what you love to do, not deal with IT-related issues. Working with a cybersecurity expert who knows what to look for, how to resolve issues and how to prevent breaches takes tasks off your plate and gives you peace of mind, and will make sure #1 and #2 are taken care of.

Data breaches can create enormous problems for your organization. Get ahead of the issue and have someone proactively monitor your network and the dark web to keep you secure. If you want a no-obligation, third-party opinion on whether or not your network is vulnerable to an attack or properly secured, we’re happy to provide one for FREE. Call us at 833-279-5869 or click here to book your FREE Security Risk Assessment with one of our cybersecurity experts.

 

Outdated Technology Is Costing Your Organization Money

Is your organization currently bleeding money due to its reliance on outdated technology? The answer is likely yes. A recent survey by Deloitte revealed that a staggering 82% of companies failed to meet their cost-reduction targets last year, with an inefficient technology infrastructure being the primary culprit.

The 2024 poll of nearly 300 business leaders on business margin improvement and technology transformation efforts revealed that challenges with their technology infrastructure are the biggest barrier to organizations seeking to improve margins by cutting costs. This same study found that over 50% of the respondents reported that leveraging data and generative AI strategies for improving margins would be their focus for 2024.

What does this tell us? Organizations are looking to adopt new, automated, AI-powered ways of doing business to save money and improve efficiency but are held back by antiquated technology.

 

 

Why Should Businesses Upgrade Their Technology?

Legacy systems, typically categorized as technology that’s at least a decade old, can quickly become expensive to maintain. They are slower, need constant updates and patches, and don’t leverage new features as they’re developed. As a result, businesses struggle to keep up with their tech-savvy competitors in every area of the organization, from scaling and cloud usage to human resources and customer service operations.

But that’s not the only issue. Outdated technology increases your risk of cyber-attacks. Old technology typically cannot keep up with the rapidly changing world of cyber security. As new, more malicious threats emerge, older technology eventually becomes incapable of keeping up with the latest updates required to keep your network secure.

So, why do business owners put off updating technology when the data clearly shows that it will positively impact productivity and the bottom line? There are a couple of reasons, the main one being sticker shock. Seeing the price of updating technology infrastructure can feel overwhelming. Smart business leaders run through risk-related questions like “What if something breaks?” or “What if it doesn’t work like they say it will?” However, the data shows that maintaining old technology could be more costly. A separate Deloitte study of CIOs in 2023 found that respondents spent an average of 55% of their technology budget on maintaining their existing systems.

There’s also the cost of switching. What will bringing systems down and transitioning to a new system cost? What will the cost be to train employees to use the software? These are all questions your IT team can help you answer BEFORE you start upgrading your technology. An experienced technician will help you analyze your system to see what needs to be updated and when, and map out a plan to upgrade your system in the most efficient way possible. It’s easier than most business leaders think and pays off in increased productivity and profitability.

If you’re looking to upgrade your technology or are just tired of slow, outdated tech and want to see what the next step could look like, we’ll do a FREE Network Assessment. Our techs will dig into your system and determine what you need to get technology that helps you run your business better. To book your assessment, call us at 833-279-5869 or click here to schedule now.

 

 

Dangers Of LinkedIn: 4 Security Features To Use TODAY

A recent report from Check Point Research revealed a shocking statistic – the Microsoft-owned business platform LinkedIn is impersonated in nearly half of all phishing attacks globally.

One of the ways scammers leverage LinkedIn to deploy their phishing attack is when they zero in on anyone seeking a new job or career change. While e-mails like “You have 1 new invitation” or “Your profile has been viewed by 63 people” can be authentic, it’s critical to verify the e-mail address it’s sent from to ensure that it’s genuinely from LinkedIn. These impersonators will send e-mails that look identical to the real ones, with links to fake LinkedIn pages that will rip off your information as soon as you enter it.

Another way cybercriminals leverage LinkedIn is by creating fake profiles and messaging people about job opportunities. Once you’re on the hook, they’ll either ask for a small payment upfront to process your application (that you’ll never see again) or send you a link to a form you must fill out that’s actually a phishing link in disguise.

LinkedIn is aware of the problem and is working on developing advanced security features to protect its users. Here are three of the current security features it has already deployed:

 

 

 

 

 

 

We can help you find out. We’ll do a FREE Security Risk Assessment to help you determine if your network is vulnerable to any type of attack. To book yours, call us at 833 – 279 – 5869 or click here to book now.

The Silent Danger: A Powerful Lesson For Every Business From This $1.6 Billion Ransomware Attack

In recent months, the alarming cybersecurity breach at Change Healthcare, the health care payment-processing company under the health care giant UnitedHealth Group, has thrown a spotlight on a chilling reality: cyberthreats can lurk undetected within our networks, ready to unleash chaos at a moment’s notice. The breach, executed by the notorious ALPHV/BlackCat hacker group, involved the group lying dormant within the company’s environment for nine days before activating a crippling ransomware attack.

This incident, which severely impacted the US health care system, a network with a large budget for cybersecurity, underscores an urgent message for all business leaders: a robust cybersecurity system and recovery plan are not optional but a fundamental necessity for every business out there.

The attack began with hackers using leaked credentials to access a key application that was shockingly left without the safeguard of multifactor authentication.

Once inside, the hackers stole data, locked it down, and then demanded a hefty ransom.

This action stalled nationwide health care payment-processing systems, for thousands of pharmacies and hospitals causing them to grind to a halt!

Then things got even worse!

The personal health information and personal information of potentially millions of Americans was also stolen. The hackers set up an exit scam, demanding a second ransom to not release this information.

This breach required a temporary shutdown, disconnecting entire systems from the Internet, a massive overhaul of the IT infrastructure and significant financial losses estimated to potentially reach $1.6 billion by year’s end. Replacing laptops, rotating credentials and rebuilding the data center network were only a few of the actions the UnitedHealth Group had to take. More than financial, the cost was deeply human – impacting health care services and risking personal data.

While devastating, it’s a powerful reminder that threats can dwell in silence within our networks, waiting for an opportune moment to strike.

It is not enough to react; proactive measures are essential.

Ensuring systems are secured, implementing multifactor authentication, regularly updating and patching software and having a recovery plan in place in the event of an attack are steps that can no longer be overlooked and are basic requirements for doing business in today’s world.

Also, the idea that “We’re too small to be a target” is false. Just because you’re not big enough to make national news, doesn’t mean you’re too small to be attacked!

Cybersecurity isn’t just an IT issue; it’s a cornerstone of modern business strategy. It requires investment, training and a culture of security awareness throughout the organization.

The fallout from a breach reaches far beyond the immediately affected systems. It can erode customer trust, disrupt services and lead to severe financial and reputational damage, and your business, will be the one blamed.

As we consider the lessons from the Change Healthcare incident, it’s your duty to make cybersecurity a top priority. Investing in comprehensive cybersecurity measures isn’t just a precaution – it’s a fundamental responsibility to our customers, our stakeholders and our future.

Remember, in the realm of cyberthreats, what you can’t see can hurt you – and preparation is your most powerful defense.

 

 

 

AT&T Attack Reveals 73 Million Customer Records Exposed On The Dark Web

In a statement released by the largest telecommunications company in the United States, AT&T, they shared that they recently discovered a dataset for sale on the “dark web” that contained information for about 7.6 million current AT&T account holders and 65.4 million former users, totaling approximately 73 million affected accounts.

AT&T shared that the data released contained passcodes (PIN numbers) and Social Security numbers from 2019 or earlier and did not contain any other personal financial information or call history but could possibly include e-mail and mailing addresses, phone numbers and birthdates.

AT&T has reached out to all customers via e-mail or mail to let them know of the breach and to reset their passcodes. If you’re an AT&T customer, it’s important to be highly critical of any e-mail asking you to change your password. Please make sure it is from AT&T, as it’s suspected other cybercriminals will attempt to capitalize on this issue and send out fake e-mails with malicious links, hoping someone will click on them. If you’re concerned it’s a fake e-mail, call AT&T support and ask them to send another reset link while you’re on the phone.

As for the cause of the breach, it’s still unknown whether the data breach originated from AT&T or one of its vendors, but AT&T has launched an investigation and will likely hire computer forensics specialists to find the cause of the incident.

The organization will also have to scrub any installed malware out of the software that runs its customer account system without disrupting unaffected customers’ service. Between the investigation, cleaning up the issues, lawsuits, legal fees and more, this will be an expensive issue to solve.

That’s why at Asylum X Cybersecurity Division Inc. , we talk about being proactive with cybersecurity so often. While no solution is 100% impenetrable, most are strong enough to keep the majority of hackers out. It is way more costly to deal with the effects of a cyber-attack than it is to prevent one in the first place.

If you’re concerned about the safety of your organization, request a FREE Security Assessment from our team of cybersecurity experts. We’ll analyze your network so you can see if there are exposed entry points in your network that hackers could use to break in. We’ll also advise on how to work with third-party vendors to ensure your and your customers’ data is as secure as possible.

Hackers will do whatever it takes to break into your network. Your job as the CEO is to do whatever it takes to keep them out. We are here to help!

 

The Safest Way To Shop For Mother’s Day Online

Are you planning on buying gifts for the special women in your life for Mother’s Day? If you shop online, there are a few ways to do it SAFELY. During the holidays, cybercriminals ramp up various scams to capitalize on innocent people looking for gifts online. These scams range from fake offers to sham giveaways, all with the goal of stealing your money and information. Times and technology have changed drastically in just the last year, meaning what kept you safe before is no longer enough. In today’s article, we’ll share the best way to pay for your online purchases, the common scams to look out for and the top online shopping best practices to keep you safe.

How To Make Online Purchases Safely

Should you use your debit card to buy online? No! Debit cards are linked directly to your bank account. If you make a bad purchase online, it can be very difficult to get your money back once you’ve alerted your bank. To avoid headaches, hours on the phone arguing with customer support, losing money and, if things escalate enough, legal fees, use your credit card or a third-party payment system instead.

Credit cards have extensive fraud monitoring systems, which can often catch discrepancies as they occur. These companies use statistical analysis and machine learning to track and analyze your transactions to quickly identify suspicious activity, allowing you to dispute the purchases and avoid being charged.

Some credit card companies, like Capital One, go a step further to keep you secure by offering virtual credit cards. These cards provide you with a random 16-digit number, a three-digit CVV and an expiration date that you can use for online or even in-store purchases. While these DO connect to your real accounts, retailers are unable to see your actual card details, keeping your information secure. Bonus: These can be “turned off” at any time, eliminating the hassle of canceling unneeded subscriptions without going through the merchant.

Third-party tools like PayPal are also a great option because no personal information is exchanged with the seller. The company you’re purchasing from does not receive your financial or banking information, keeping your data secure.

 

 

 

 

 

 

 

 

Cyber-Attack Takes Omni Hotels & Resorts Offline; Here’s How To Travel Safely

Another day, another cyber-attack! In early April, Omni Hotels & Resorts was the victim of a cyber-attack that brought down the entire IT system and led to a company-wide outage. The organization took immediate action and brought the entire network offline to isolate the issue, protect its data and prevent further damage from occurring. Unfortunately, this process heavily impacted the hotel’s operations and day-to-day functions, such as managing reservations, unlocking hotel room doors manually and using point-of-sale (POS) systems in restaurants and shops within the hotel. Some estimates expect this attack to cost the Omni over a million dollars. While unconfirmed by the hotel, several sources speculate that the type of cyber-attack was a ransomware attack similar to what happened to MGM in Las Vegas several months ago.

While most customers were aware of the inconveniences of the Omni outage, many weren’t aware of the dangers associated with cyber-attacks. When a network is compromised, unless you have high-grade tools to protect you, every device you connect to is put at risk. When you’re traveling, it’s important to treat everything like a risk to ensure your safety. In today’s article, we’re sharing a couple of tips to keep you safe when you’re on the road for work or even on vacation this summer.

 

 

 

 

These tips will help protect you, but if you travel for work or have employees who travel for work, it’s important that all work devices have professional-grade cybersecurity tools installed on them. You don’t want to send your sales team to a hotel-hosted trade show, and instead of bringing back a list of leads, they bring back malware that could shut down your company altogether.

There is one final lesson in this terrible incident that all SERVICE AREA business owners need to understand: No matter the size of the company, you can still be the victim of a cyber-attack. The Omni chain, which boasts over 50 properties nationwide, would likely have a large budget to defend itself from cyber-attacks and yet still fall victim to hackers. No system is 100% impenetrable, but small business owners who don’t have any security measures in place are putting a big red target on their backs.

If you don’t have a cybersecurity system in place, or if you do and someone else is managing it but you’d like a second opinion, we offer a FREE Security Risk Assessment. This assessment will go over every area of your network to identify if and where you are vulnerable to an attack and propose solutions to fix it.

Why Risk Assessment Is Needed for Compliance

While assessing whether you did everything in your capacity to ensure full compliance with the regulations, you also need to keep in mind that a regulator seeks evidence of compliance – documented reports. Besides helping you chart a successful path to compliance, a thorough risk assessment adds great weightage to demonstrating evidence of compliance. When you present the risk assessment reports along with other documentation, you demonstrate how your business carried out due diligence in upholding principles of data privacy and protection. 

 

Please remember that no regulator expects you to have a fail-safe strategy. What matters is uncompromising intent, informed action and undeterred consistency. If you can demonstrate all this, you will most likely avoid any punitive action as well as a long list of problems could that surface afterwards. 

 

 

Help Is Just a Conversation Away 

Contrary to what is often claimed, there are no shortcuts to compliance or to any of the steps that lead to it. At the outset, achieving compliance might seem grueling. However, it isn’t as bad as it seems when due process and expert guidance is followed. 

A conversation with us is all you need so we can help you walk through the complexities of risk assessment with diligent and customized guidance. 

Article curated and used by permission.