“In a new stunning example of the scale and sophistication of online cybercrime, just before the holidays, DOJ charged two hackers with stealing hundreds of gigabytes of data—including sensitive intellectual property, confidential business data, and personal information from companies and government agencies around the world—as part of a multi-year cyber-espionage campaign that targeted managed service providers (MSPs) directly, bypassing the protections of client systems. This indictment is the latest example of the U.S. government’s use of the criminal justice system to crack down on state-sponsored economic espionage.
As alleged in the indictment, the hackers belong to what is believed to be an elite, Chinese government-sponsored group known within the cyber-security community as Advanced Persistent Threat 10 (APT10). The targets of the hacking campaign included companies in the aerospace, health care, biotechnology, finance, manufacturing, and oil and gas industries, as well as U.S. government agencies, such as NASA and the U.S. Department of Energy.”
The indictment alleges that APT10’s MSP Theft Campaign began in 2014 and involved three stages.
The hackers gained unauthorized access into the MSPs’ computers and installed malware allowing APT10 to remotely monitor the computers and steal login credentials.
The group then used these stolen credentials to move laterally into each MSP’s network and the networks of their clients, further spreading the malware infection.
APT10 identified data of interest on these compromised computers and created packages for exfiltration using encrypted archives, allowing the hackers to move the data from one system to another before ultimately transferring it to APT10’s computers.
This sort of breach calls into question the operating procedures of MSPs everywhere, their security practices, and moral compass. If IT support staff are not trained in best practice and cannot keep from being infected via websites or emails, then what business do they have managing larger network systems with sensitive data.
If you are unsure of your MSPs practices and would prefer a company with transparency, then contact us for assistance.
As small businesses change and grow, the ability to quickly scale up — or down — becomes a necessity. Adding new employees, for example, requires the company to adapt its phone system to accommodate the need for more lines.
That is harder to accomplish using traditional on-premise telephony systems due to higher setup and maintenance costs, the need for hardware on-site and reliance on IT support. A cloud-based phone system, on the other hand, would enable small businesses to manage communication services in a less costly, more streamlined and agile manner.
Benefits of a Cloud-Based Phone System
1. Fully-Integrated Communications System
Business tools that operate in the cloud are easy to deploy, enabling employees to stay connected whether they are in the office or on the go. In this way, the cloud provides a consistent business presence and helps to increase productivity with seamless access to CRM tools, email, instant messaging, voice and videoconferencing.
2. Control Over Modes of Communication
A cloud-operated system puts businesses in the driver’s seat, allowing them to pick and choose what features they need, with access to turn them on or off easily. Also, cloud solutions give employees anytime, anywhere access via a smartphone, desk phone or softphone to all their calling features.
3. Top Line Business Features
A cloud-based phone system would give small businesses access to the types of network applications that one would typically find at larger corporations. These include features such as a Virtual Assistant, Auto Attendant, Never Miss a Call or Call Center solutions.
4. Mobility and Ease of Use
Today’s workplace is increasingly mobile, and small businesses especially need to be able to operate from multiple locations. With a cloud-based system, small business employees have access to features that allow them to log in from anywhere so that they can be reached while on the go, giving customer-facing and revenue-producing employees greater control over their productivity.
5. Time Management and Efficiency
Web-based customer portals enable IT staff to manage their system more efficiently. With insight into the installation, service configuration, trouble tickets, training, billing and call analytics, this full access to a customer’s system and account allows them to spend fewer resources on project management and focus more on work that adds to the bottom line.
6. Flexibility to Scale Up (and Down)
As a business grows, so does the need to hire new employees, open new offices and onboard new customers. This requires a communications system that can scale up — or down — as the need arises. With a cloud-based phone system, businesses can add as many extensions as they need to accommodate heightened call volume, or, if necessary, simply call in to deactivate these extra extensions. Unlike traditional systems, businesses only pay for the extensions they need for as long as they need them.
7. Business Continuity
Working with a phone system “in the cloud” allows businesses to remain connected to their customers no matter the environment. A cloud-based communications system is likely to be unaffected by outside factors such as severe weather or other issues that may keep employees from getting to the office.
8. Improved Customer Service
With the Virtual Receptionist (VR) or Auto Attendant feature, businesses can easily direct calls to various departments and even create greetings unique to a given department. For example, a business could set up a holiday greeting in advance (via the administrative portal) and pre-set it to revert to the non-holiday greeting on a specified date. It could also add an on-hold message about special promotions or commonly asked questions.
9. New Service Features Added Easily
During busy seasons, some businesses will add premium calling features to increase call-taking efficiency and maximize staffing. Call Groups, for example, allow incoming calls to ring on multiple extensions. Call Queues provide a “dynamic waiting room” for callers that let businesses customize the on-hold experience and better manage call volume. Both help to decrease voicemails, missed calls and busy signals, enabling service to as many callers as possible.
10. Cost Savings
Cost savings are another benefit of cloud-based phone system. Moving telecommunications off of PBX platforms and to the cloud can be less expensive relative to monthly service rates versus that of a traditional system, helping to reduce costs and, ultimately, increase profitability.
If your company is looking to reap the benefits of moving to the cloud, then contact us for assistance.
Phase 1: Break-In: Hackers are still using phishing emails, bad passwords, social media links, and poorly patched systems to make their way in with the initial infection. Employee training is the first step towards preventing breaches for 9 out of 10 companies now (and it is included in the price for all our monthly clients).
Phase 2: The Inside Man: Once inside the hacker will scan the network for further vulnerable systems, employees with more access rights than they need, and systems that allow access into other parts of the network. Having systems in place that detect strange or malicious activity are key to stopping an infection in its tracks.
Phase 3: Spread Out: This is where the hacker has all the access they need and start to find the data that is worth selling. Hackers will usually start moving data to places it doesn’t belong on the network then downloading it to their computers for resell. This is where strong access policies that are clearly defined and enforced make the greatest impact to protect sensitive data.
Phase 4: The Long Con: Once a hacker has taken all they need for the short term payout, they will setup remote access back doors to allow for future access whenever they want to. It almost pays to assume that a breach has already occurred and continually scan the network for these kinds of activity to catch the hackers in the act.
Take the time to read this article, it is a wake-up call on security.
If you would like to learn more about creating an effective cyber defense strategy and mitigating risk, then contact us for assistance.