By Katy Spence
In 2018, the city of Allentown, Pennsylvania suffered an attack from a banking trojan called Emotet that affected the city’s financial processing, police database access, and 185 security cameras. The attack reportedly cost over $1 million to mitigate.
Shockingly, the incident was on the cheaper side. According to the Ponemon Institute, the average cost of a data breach in 2019 is almost $3.9 million.
Luckily, experts like Sherri Davidoff, Founder and CEO of LMG Security, and Dave Martin, CTO of Blackfoot, know best practices for preventing and mitigating cybersecurity breaches. On May 23, they met with Montana business executives in the Blackfoot Cafe at Missoula College to discuss the latest cybersecurity threats.
Based in Missoula, LMG Security is a cybersecurity consulting company that helps clients prepare for, defend against, and navigate the damages of cyber hacking. LMG celebrated its tenth anniversary in May. Founder Davidoff is a GIAC-certified forensic examiner (GCFA) and penetration tester (GPEN), and holds her degree in Computer Science Electrical Engineering from MIT. She conducts cybersecurity training for organizations around the country, including the Department of Defense, the American Bar Association, and FFIEC/FDIC.
Contracting a virus
An email sent from a seemingly trusted source has an attachment that seems important: Karen in HR sent a form that needs to be filled out, or the office manager shared a new emergency exit map. The image is downloaded, but a pop-up message says that something went wrong, and the user must click “Enable Content” to view the file. Clicking that button runs malicious scripts that infect the system and begin stealing or encrypting files immediately. In minutes, massive amounts of data may be gone.
“This is why data breach cases are so huge,” Davidoff said. “By the time someone responds in two hours, the damage is done.”
If a business is infected with malicious software (malware), there’s a good chance pieces of the virus can remain hidden and stagnant in their systems. Without a full network cleaning, a malware infection can become a recurring business nightmare.
Common malware infections
During the presentation, Davidoff shared information about two common infections: banking trojans and ransomware.
Banking trojans were originally designed to steal banking account passwords and credit card numbers, but they have since evolved into a full-blown black market commercial business.
“What can banking trojans do?” Davidoff asked. “Really the question is, ‘What can’t they do?’”
Banking trojan software can allow hackers to essentially control a victim’s computer. Hackers can watch the user work on their computer and control it in sleep mode. They can type things in, track activity, and install more malware. Modern banking trojans not only store password information, but also allow hackers to steal any files, such as all the PDFs on a device or files with specific keywords in the name, like “invoice” or “W2.”
Davidoff said hackers want this all-access pass to your computer because primary computers are often “trusted” by certain software and won’t require two-factor authentication, making the process of stealing sensitive passwords that much easier.
Banking trojans spread quickly and look for other vulnerabilities in a network. When a trojan virus enters one device, it can affect all devices connected to it: computers, cameras, and even building access control systems.
Just last month, a TrickBot infection in Ohio shut down a school district for an entire week. The FBI stepped in to help the school with recovery efforts.
Emotet is a banking trojan that can install ransomware, a type of software that encrypts sensitive or critical data and makes victims pay a ransom to recover the stolen information. Davidoff said ransoms often run between $10,000 and $150,000, though she’s seen even higher demands.
While the cost seems steep, Davidoff said paying the ransom can ultimately be cheaper than facing weeks of lost work and the cost of data recovery. On top of that, many hackers will increase the ransom if it is not paid within a certain amount of time.
As the software gets more sophisticated, hackers are starting to target backup data and shared cloud-based data to prevent a victim from stopping the spread. Davidoff added that the malicious nature of ransomware means no infection should be treated as an isolated incident.
Today, ransomware can be sold on the dark web as a service. Ransomware users don’t need to be technology experts to navigate user-friendly interfaces that make it easy for them to set a ransom and choose which files to target. Popular ransomware strains include Dharma, which allows hackers to lock individual file shares or devices with different keys and charge a ransom for each individual file or device, and GandCrab, which lets users run hacking franchises using a dashboard system.
Ransomware targets are often mid-sized and large organizations, but Davidoff said that small businesses and nonprofits can get caught in the crossfire. She added that ransomware issues are growing increasingly problematic, even in the Big Sky State.
“It is definitely an epidemic here in Missoula and across Montana,” Davidoff said.
Luckily, LMG specializes in ransomware negotiation. LMG experts will ask hackers for “proof of life,” such as a sample file, to ensure the ransom is not a bluff. Sometimes hackers can be talked down in price, or the ransomware can be bypassed with common decryptors.
The easiest solution, however, is a never getting an infection in the first place.
“An ounce of prevention…”
“…is worth a pound of cure,” Davidoff advised attendees, pointing them to LMG’s 9 Building Blocks of an Effective Cybersecurity Program.
Taking steps to ensure that employees have strong and diverse passwords, backing up data to an offsite source, and keeping computers updated with the latest antivirus updates are basic steps to make it harder for malware to infiltrate and spread around a network. If employees have a hard time remembering passwords, services like LastPass, a password manager that stores encrypted passwords online, can prevent employees from writing passwords down. Davidoff’s other company, BrightWise, makes animated training videos to help educate employees on avoiding cyber threats.
Davidoff also suggested that businesses get cyber insurance, which will cover ransomware payments. Because the field is so new, however, cyber insurance policies vary widely, but consulting firms like LMG Security can help companies find the right policy.
While every company may need a unique cybersecurity approach, the basics go a long way to helping prevent catastrophe, said Blackfoot CTO Dave Martin.
Blackfoot offers security services such as remote data backup and managed firewall, as well as a dedicated team that can monitor their clients’ networks.
Not only does Blackfoot offer security services, their internal cyber security program is Martin and Joe Fanguy, VP, Strategic Development, are the executive sponsors of the Cybersecurity Council at Blackfoot, where they follow the National Institute of Standards in Technology (NIST) framework for their cybersecurity program. In case of a serious breach, Blackfoot has a strategic plan and an incident response team to respond to the event and remotely-stored backups.
Above all, Martin said building a culture of cybersecurity is vital.
“The threats are so diverse and so fast-moving,” Martin said. “That culture has to permeate every single employee in your company, no matter what their role.”
An internal set of guidelines helps Blackfoot employees remember best cybersecurity practices, and a mandatory three-minute video each month helps them stay aware of cyber threats.
Martin also emphasized the importance of third-party audits to catch blind spots in what might be an otherwise strong security program.
One executive shared a story about an audit that proved the mettle of the company’s network security, but found an unexpected chink in the armor. With an open-access warehouse, a member of the security consulting firm was able to physically infiltrate the office and walk out with a computer monitor, and no one batted an eye. Following the report, the company tightened security protocols for building access and empowered employees to speak up about suspicious incidents.
LMG Security offers security audits and consulting on more advanced cybersecurity solutions for companies all around the country. The firm also offers regular workshops and webinars that can help companies identify and address cybersecurity weak points, as well as prepare them to respond effectively if they do suffer a breach.
About the Author: Katy Spence is the Communications Director for the Montana High Tech Business Alliance. She worked previously with the Missoula Current and Treesource, and has an Environmental Journalism Master’s Degree from the University of Montana.
About the Publisher: Launched in 2014, the Montana High Tech Business Alliance is an nonpartisan nonprofit association of more than 370 high tech and manufacturing companies and affiliates creating high-paying jobs in Montana. For more information, visit MTHighTech.org or subscribe to our biweekly newsletter.