What is Malvertisement? Nashville Cybersecurity Service ImageQuest Answers

ImageQuestIn today’s Q&A session, we talked with cybersecurity service provider ImageQuest about one of the newest security threats to face businesses and individuals alike: Malvertisement. So, what is it? And how do we keep our computers safe?

Q: What is Malvertisement?

ImageQuest: Malvertisement is a form of internet threat similar to a phishing scheme. These are designed to look like an ad from a reputable company. However, when an internet user clicks the banner or other ad, malicious code is sent to their computer. These are especially dangerous since they are specifically designed to leak into legitimate web pages and trusted advertising avenues.

Q: Who is targeted by this type of attack?

ImageQuest: The quick answer: everyone. However, while some attacks can be broad-based to cast a wide net, others may target an individual or one specific company. These targeted attacks are often aimed at people with high-value access credentials.

Q: How can I keep my company safe?

ImageQuest: The US Cybersecurity & Infrastructure Security Agency (CISA) recommends several cybersecurity service options for both public and private organizations. These are to utilize a single web browser (such as Google Chrome or Internet Explorer) throughout an entire organization, utilize ad-blocking software, and implement other safeguards, such as Protective Domain Name System technology. However, one of the most valuable pieces of advice from CISA is to isolate all computer operating systems from browsers utilizing a SaaS designed to filter and remove malicious code.

Q: Should I invest in cybersecurity services for my business?

ImageQuest: The vast majority of businesses will benefit greatly from cybersecurity services. As it relates to malware and other threats, having a managed IT partnership or a dedicated technology team is a great way to keep your systems and information safe. Your IT professionals can even help you implement cloud domain technology to prevent infected advertisements from ever showing up on your company’s computer screens.

Hackers continue to get smarter, and so must businesses who wish to keep themselves safe. Malvertisement is just one of the newer threats. ImageQuest recommends that business owners take a close look at their digital security as it is easier to prevent an attack than recover from one.

ImageQuest is a Nashville-based technology services company that offers clients in the insurance, legal, healthcare, banking, and other industries a host of IT products, including cybersecurity service, IT compliance, and virtual CISO.

Here’s Why You Should Not Consider Paying To Recover From Ransomware

ImageQuestPaying to recover stolen data from ransomware groups will only get your organization caught up in a vicious cycle. Paying ransom and resuming operations is not a guarantee that these groups will stop attacking your system. They can do so at any time and will continue to threaten to leak your data should you refuse to pay up.

Here’s the newest plot twist: Ransomware hackers will encrypt a victim’s data twice at the same time. They will notify some ransomware victims about the double encryption threat at once. In contrast, others will only see one ransom note and only find out about the second layer of encryption after they’ve paid to eliminate the first.

Ransomware groups usually operate on a revenue-sharing model. One group builds and maintains a strain of ransomware and then leases out its attack infrastructure to “affiliates” who carry out specific attacks. These cybercriminals have one goal: to get the most profit with the least amount of effort. 

Should your company be a victim of a ransomware attack, know that there’s a possibility that ransomware groups won’t supply a decryption key at all. The rise of the double encryption strategy raises the additional risk that if you do pay, you can decrypt the files once but then discover that you need to pay again for the second key. Moreover, decryption keys are likely to corrupt data. These keys are known to crash, requiring data recovery to start over or manual inputs to continue the process. Either way, it adds to both recovery cost and downtime.

Don’t pay up; just back up. Here are five ways to strengthen your data backup strategy:

  1. Review and update backup policies

Complete a thorough audit of all your data locations. Keep in mind the 3-2-1 rule: make three copies of your data, store these across two different forms of media and keep one copy off-site. Isolate off-site data from the business network to prevent ransomware from encrypting it.

  1. Air gap data

Keep a copy of your critical data offline, disconnected, and inaccessible from the internet.

  1. Back up data regularly

How often does your IT team back up data? Review backup frequency policies, especially in off-site locations (including the cloud). IT teams should also assess how long they keep the backups, especially air-gapped data. 

Keep separate backups for critical business systems to make data recovery easier.

  1. Ensure backups are clean and robust

Businesses should do what they can to make sure their backups are not infected with malware. Up-to-date malware detection tools are essential, as is system patching.

Limiting user access to critical data enhances security and can stop the spread of ransomware from the beginning.

  1. Test all plans and recalibrate if necessary

Testing all backup and recovery plans is critical to calculating recovery times and establishing whether data recovery is possible.

ImageQuest works with Bowling Green, KY businesses to fight ransomware attacks by developing state-of-the-art protection against these malicious threats. ImageQuest’s solutions protect rapid-growth, high-target organizations, and their assets with risk and vulnerability assessment capabilities. Get in touch today to learn more.

ImageQuest is the top cybersecurity service provider in Bowling Green, KY, and supports more than 5,000 technology users in 29 states. Visit their website or call 502-400-3300 to learn more.

Cybersecurity: Organizations Must Remain Vigilant

ImageQuestBusinesses should not let down their guard when it comes to cybersecurity. Cybercriminals persist in sending malicious attachments, links to fraudulent websites, and scams related to Covid-19, with the intent of deceiving people into sending confidential information or into donating money to supposedly charitable causes.

Recently observed cyber attacks include phishing, wherein an email is sent by a supposedly reputable source, but it actually leads to a bogus site; the goal is to obtain valuable information such as user credentials and profit from it.

Fortunately, businesses can mitigate cybersecurity risks by implementing the following steps.

Create a cybersecurity resilience plan

Organizations need a cybersecurity plan that allows them to:

  • Disconnect systems from the internet that do not need internet connectivity to ensure secure operations.  Controls must be in place in the event that connectivity cannot be removed.
  • Plan for manual process operations should systems become unavailable.
  • Identify system and operational dependencies.
  • Immediately restore devices and services.
  • Backup critical resources, such as firmware, software, ladder logic, service contracts, product licenses, product keys, and configuration information. These resources must be stored off-network, with a duplicate copy secured in a safe location.
  • Test and validate data backups and processes should data be lost because of cybersecurity attacks. 

Simulate your plan

Businesses should have an incident response plan in place to mitigate security risks.

  • All personnel, including the management team, must have a walkthrough of this incident response plan.
  • Key decision points must be discussed. The team has to identify who has the authority to make important decisions and under what circumstances.
  • Partner with a reliable Managed IT Services provider for support. Review service contracts for emergency incident response and recovery support.

Strengthen network security

  • Remove access from networks, such as overseas IP addresses, if applicable, that do not have legitimate business reasons to communicate with the system.
  • Mitigate internet-accessible connections immediately. Best practices include:
    • Patching all internet-accessible systems.
    • Deploying modular networks to protect workstations from direct internet exposure.
    • Ensuring all communications to remote devices use a strongly encrypted VPN, which is protected by multifactor authentication. 
    • Filtering network traffic to only allow known IP addresses. Consider geo-blocking where appropriate.
    • Connecting remote workstations to network intrusion detection systems where feasible.
    • Capturing and reviewing access logs from these systems.
  • Investigate which devices are internet-accessible and connect to business, telecommunications, or wireless networks.
  • Secure all required and approved remote access points and user accounts.
    • Discourage the use of default passwords on all devices.
    • Remove, disable, or rename any default system accounts wherever possible.
    • Implement a stringent password security policy (e.g., length, complexity).
    • Require users to change passwords periodically.
    • Plan to implement two-factor authentication for all remote connections wherever possible.
  • Disable unnecessary features and services (e.g., discovery services, remote management services, remote desktop services, etc.).

Advocate for consistent systems monitoring

A vigilant monitoring program detects anomalies in the system, including many malicious cyber tactics.

  • Log and review all authorized external access connections for misuse or unusual activity.
  • Monitor for unauthorized controller change attempts.
    • Implement integrity checks of controller process logic against a known good baseline.
    • Where possible, ensure process controllers are prevented from remaining in remote program mode while in operation.
    • Lock or limit set points in control processes to reduce the consequences of unauthorized controller access.

Founded in 2007, ImageQuest LLC offers managed IT services for companies in Nashville, TN; Louisville, KY; and Bowling Green, KY. Technology solutions include consulting, infrastructure, data compliance, cybersecurity services, and regulatory IT audit assistance. For more information, contact ImageQuest at 888.979.2679.