800-214-0957 info@blackbottleit.com

Where do Cyberattacks Start

Where do Cyber Attacks Start? 

Cyberattacks can happen on any device at any given time, so how do you know which devices to protect your clients on? Well, to understand this, it will help to understand where these attacks come from.

In the past, all attacks came from outside sources, or, in other words, the internet. Cybersecurity companies combatted these attacks by setting up firewalls, IDS, and IPS systems to block any incoming attacks. Anti-virus software also became a reliable program to trust; however, these methods are outdated. Now, attacks can take place just about anywhere.

The malware that hackers now use is encrypted to the point that they are essentially invisible to firewalls and IDS systems. Historically, these edge devices acted as the first line of defense, protecting the network from outside threats, but this is no longer the case. The line of devices that attackers needed to penetrate before they could make a serious breach is no longer a concern to hackers.

 

4 Most Common Cyberthreats!

Black Bottle IT - 4 Most Common Cyberthreats

Just as military tactics and weapons continue to advance, so do the methods of cyber threats. With these advancements, cyber attackers have devised multiple ways to bypass edge protection and gain direct access from inside the network. This is made possible through email phishing, accidentally entering an incorrect site, allowing your kids to play games on unsecured websites, and more. 

Your Network is Vulnerable 

While networks are still organized from edge devices to wireless access points, and then to servers and personal devices, these advanced malware attacks ignore the line of defense that once proved competent. Companies do not realize that attacks can take place from within their network. In fact, many companies still rely on firewalls and anti-virus software. This is not enough. Rather than simple edge protection, companies need cybersecurity solutions that give them full coverage. 
 
With solutions from a reliable cybersecurity company, when an attack is made — no matter where it is coming from — the company is notified immediately, and the attack can be isolated before it spreads. This combination gives companies a centralized security system with all the necessary assistance. 
 

Let’s Get Started

If your clients have any problems with their cybersecurity products, contact us to learn more about how we can help you.  

What Does Cybercrime Look Like

What Does Cybercrime Look Like

Have you gone phishing lately? It’s beginning to look a lot like cybercrime is just around the corner.  But what does cybercrime look like? And, how will you know if cybercrime will impact your business?


The number one question our team at Black Bottle IT receives is, “Will my business be impacted by cybercrime?”  The short answer is, “It is a question of when not if.” The short answer should encourage us all to learn a bit more about the most recent cybercrimes and their impact on small businesses. 


Email and Internet Fraud Scenarios

  • You receive an event email titled “Your Market Growth Strategy Webinar Is About To Start!” but don’t see this event on your calendar or recall registering.
  • You receive a voicemail message attachment via email through a notable telecom company, but your company doesn’t utilize its services.
  • You receive an email marked “high priority” from what appears to be your boss. He claims to be busy in a meeting and requires urgent action on your part to call a specific number.


These are examples of phishing that seem legitimate and often create a false sense of urgency, leading you as the user to click on a malicious link within the message or give away confidential organizational or personal information that can be used to infiltrate your company’s networks.


#1 Email and Internet Fraud: Phishing

Globally, 323,972 internet users fell victim to phishing attacks in 2021. This means half of the users who were a victim of cyber crime fell for a phishing.  

 

What’s Next?

Those who have personally lost money to a phishing scam typically file a police report with their local department and a fraud report with the FBI.  But what happens when one of your employees clicks on a phishing email and transfers a large payment for services away from your business’s bank account to a fraudulent one?  And then what if that incident turns into a breach that exposes your entire network? 


Cyber Insurance

Peace of mind for your business’s cybersecurity doesn’t come from quick fixes or turning a blind eye to digital threats strong enough to put you out of business. It all comes down to a total risk management solution that provides peace of mind.  What does this include:

  • Endpoint detection and response and segregated backups
  • Next-generation anti-virus
  • Multi-factor authentication everywhere
  • Cybersecurity training for employees 
  • A cyber insurance policy specifically for your industry, size, and risk

Get started with Cybersecurity Employee Awareness Training today!

The Breach: Part 2

The Breach: Part 2

In “The Breach – Part I,”  Black Bottle IT shares a true story of cybercrime that took place with a manufacturing client and how it unfolded. 

“The Breach” continues…


What Do We Do Know?

 

Immediately following, we start to take action to contain the incident.  We immediately block the traffic in/out from the bad actor IP addresses.  We look at some simple log data and verify that the Company has been transmitting data to these IP addresses —  for as long as we have logged data over 30 days. 


In the meantime, I’m getting SOS calls from the CEO, wanting an update from the FBI meeting and wanting to know, “How bad is this?”  Since I don’t know the extent of the incident, I don’t have much, other than we think we’ve contained it.  He asked good questions: “Don’t we have a firewall, AV, and a 3rd party that is supposed to help us with these things?” All of which the answer is yes.  This then follows by the inevitable, “How could this happen?”  Someone once told me that when you have bad news, the sooner it’s delivered, the better.  So my message to the CEO was, we think we’ve contained it; now we need to figure out what the damage is, which is something that I need to figure out now.


The Response

 

So, let’s recap:

 

  1. the FBI informs us that we have been “cyber-attacked” but offers no more information. 
  2. We think we’ve stopped it. 
  3. Our CEO is asking us questions about whether the company can survive this.  And we have no good answers.

It was a pretty bad 24 hours.  So, the real challenge for us was, what do we do next?  First, we mobilized our third-party MSP to help.  They scheduled time over that weekend to visit our location, install some advanced security tools, and “clean” every machine in the building.  We didn’t know what had caused the breach, but this seemed like a good place to start.   


Next, I got on the phone and started calling companies for advice/help.  Most of these calls went something like this: “Yes, we’d love to help you; you need to determine what data was lost.  So, you can buy blocks of time for 50K each. When do you want us to start?”  Our Company was small, so spending money in chunks of 50K would also very quickly lead to the company’s financial demise.  So, after calling and listening to multiple solutions, I had some options.  In the background, Company stakeholders are asking me, “How bad is it?” “Are we out of business?”


Ah-Ha. We Have Insurance for That

 

At some point during the first 48 hours, the CFO had inquired to our insurance agent about having cyber coverage.  It turns out we had coverage.  She launched a call to our service representative, who then told us, we would receive a call within 72 hours with instructions.  I was in the mindset that the company might not survive 72 hours.  I didn’t wait around and continued searching to find some resource to help; that made sense.  Then, I received a call from the insurance customer service rep.  She told me that if I checked the policy, I would find instructions for utilizing the “Data Breach” services that our company was entitled to as part of our coverage.  I thanked her, started reading, and found that we indeed had access to a “Data Breach Coach” or a list of them.  I picked the first name and called them.

 


Continue to Part 3

 

 

About the Author:

This blog was written by John Hensberger, Managing Partner of Black Bottle IT.  Earlier in his career, John was also part of a company that experienced a cybersecurity breach. That experience fueled his passion for assisting other companies with their cybersecurity needs to mitigate their risk. As Technology Executive and Cybersecurity Advisor, John was recognized as the Pittsburgh CIO of the Year, 2014.  Connect with John here.