In this issue:
- Microsoft Cyber Attack
- Russian Hackers and Florida Elections
- Welcome to the World of Cryptojacking
- Stopping Hackers from Stealing
- ARCW – The experts in Cyber Insurance
- Update From Florida United Business Association(FUBA)
- Meet the Team – Amanda McGee
It’s been busy in the cybersecurity world! Cybercriminals are popping out of the woodwork. It’s now more important than ever to protect your sensitive files at work and at home. Many of us bring work home or travel for work. That means your work files are on your private computer making them even more vulnerable, and often easier for hackers. Following are some recent bits of information in the news.
Microsoft Windows Remote Assistance was Hacker Friendly
The HackerNews.com has a startling article about remote assistance. They say “You have always been warned not to share remote access to your computer with untrusted people for any reason—it’s basic cybersecurity advice, and common sense, right?” We all have heard this and have made a point to only deal with people we trust.
Now, even that isn’t safe. A vulnerability in Microsoft’s built-in tool, Windows Remote Assistance (Quick Assist) is allowing hackers entry to your computer. The programs sole purpose is to allow someone remote access to your computer to help you fix a problem. This removes geographic boundaries and allows you to seek help anywhere in the world via a remote desktop protocol.
Thankfully the vulnerability in this Microsoft’s tool has been fixed and is available. Go to
https://thehackernews.com/2018/03/window-remote-assistance.html to read the full article and to see what versions of Microsoft Windows were affected.
Russian Hackers and Florida Elections
Florida’s Governor Scott is concerned that Russian hackers apparently penetrated voting systems in at least five counties in Florida. This prompted the Governor to ask for five cybersecurity experts to be added to his proposed budget. Unfortunately it didn’t happen. According to an article in the Miami Herald, Florida will sign one-year contracts with all 67 county supervisors of elections “to improve network monitoring of county voting systems.”
Marion County Supervisor of Elections Wesley Wilcox, stated, “This is our new normal. You need people whose entire function is cybersecurity. We’re past the point where somebody can do cybersecurity for an hour a day. You need somebody who can do this 24-7.”
Read the full article at http://www.miamiherald.com/news/politics-government/state-politics/article206271179.html
Welcome to the World of Cryptojacking
Cryptojacking? What’s that? You might not be familiar with the term yet as it’s still just an infant – a six month old infant. But in the cyber world, infants mature quickly. And cryptojacking is no exception and is already considered a threat.
So what exactly is it? Investopedia.com defines cryptojacking as a form of cyber attack in which a hacker hijacks a target’s processing power in order to mine cryptocurrency on the hacker’s behalf. For example, last May the WannaCry worm affected systems across several continents. It encrypted files and then demanded ransom (cryptocurrency – bitcoins) in order to decrypt the files.
Cryptojackers harness victim machines and then “mine”. Mining is act of having the computer perform computations, create new tokens and generate fees. Where this becomes troublesome is that the hacker receives the new tokens and fees while the costs involved (ie: electricity) are absorbed by the victim.
And that’s exactly what recently happened to industry giant Tesla. Lily Hay Newman in a Wired.com article reported that it was discovered that “some of Tesla’s Amazon Web Services cloud infrastructures was running mining malware in a far-reaching and well-hidden cryptojacking campaign.” Tesla jumped quickly to decontaminate and lock down their cloud platform within a day of the discovery. Thankfully the amount of data exposed was minimal. But Newman writes “…the incident underscores the ways in which cryptojacking can pose a broad security threat – in addition to racking up a huge electric bill.”
The article goes on to illustrate just how serious these cryptojacking incidents are. It talks about how just last week, security firm Check Point found that attackers had made more than $3 million by mining Monero on Jenkins servers. (Monero is a digital currency offering a high level of anonymity – i.e. private digital cash.)
Stopping Hackers from Stealing
McAfee Labs Operations Chief Information Security Officer, Grant Bourzikas, recently published an informative article in Entrepreneur.com with tips to stop hackers from not only stealing your data, but stealing your business too! Sadly, the odds are that most businesses will be hacked, often in the first year of operations. Bourzikas notes that company size doesn’t matter. All size businesses are vulnerable with smaller ones being the most vulnerable. His six tips follow in a condensed form.
- Avoid blinders – Avoid IT department blind spots by having outside consultants evaluate your security
- Privacy by design – Take privacy into account from the beginning to the end of any process.
- Build a strong information governance program – Understand where your valuable data is, who has access to it, and what information you can delete to reduce your attack surface.
- Field the right team
- Empower through education
- Take a pledge – Employees take personal ownership of the security mission.
Bourzikas sums up the tips saying “…what you want, and need, is to realize that only you and your people can ensure your organization’s future security.”
ARCW – The experts in Cyber Insurance
In August, Chuck Wasson will be a featured speaker at a medical conference about the perils surrounding cyber security. He will be joined by the team from Bizco who are also experts at the forefront of this dangerous issue.
Florida United Business Association(FUBA)
Here is a summary of the 2018 Florida Legislature and the bills that passed.
PASSED – House Joint Resolution 7001 proposes an amendment to the State Constitution that would require any new law imposing a new tax or tax increase be approved by a super majority of the Legislature.
PASSED – HB 7087 Contains 3 tax-related provisions. First, it creates a sales tax holiday for clothing and school supplies from August 3, 2018 through August 5, 2018. Next, the bill creates a sales tax holiday for disaster preparedness supplies from June 1, 2018 through June 7, 2018. Lastly, the bill reduces the sales tax on commercial leases from 5.8% to 5.7%.
APPROVED – HB 661 allows employers to correct false filings made with the Florida Division of Corporations if the record contains false, misleading or fraudulent information. The Division cannot charge a fee to correct these false statements if a correction statement if filed within 15 days of the initial filing.
This information is not intended to be exhaustive nor should any discussion or opinions be construed as professional advice. Should you have any questions or would like to discuss your risk exposure with your company’s cyber insurance, please contact the insurance pros at ARCW Insurance. We are here to help.