Cyber-Attacked on Supply Chain Again!

In lieu of the recent ransomware cyber attacks on critical supply chain assets, Enigma Forensics analyzes two recent cyber attacks and what lessons we have learned.

Cyber attacks on our supply chain. Will it stop? Enigma Forensics is a cyber forensic company and our love for data security keeps us focused on the 4W’s and 1H of a Cyber Attack. Here’s the latest of two very important cyber attacks on our crucial supply chain.

Who was involved? What happened? When? Where? How did it happen?

On May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, experienced a ransomware cyberattack. Colonial Pipeline carries gasoline and jet fuel mainly to the Southeastern United States. The cyber attackers impacted computerized equipment managing the pipeline. They took the company offline and wanted a sizable ransom to reverse the cyber attack.

This pipeline disruption caused an immediate reaction. Americans felt a rise in gasoline prices, people were panic buying and there were crazy long lines at the pump. Some areas reported no gasoline at all. What was the company’s response? Colonial Pipeline’s CEO Joseph Blount reported, they learned the criminal cyber attackers infiltrated Colonial’s computers through a legacy or old virtual private network, commonly known as a V.P.N.

Joseph Blount, CEO of Colonial Pipeline paid approximately $5 million in Bitcoin ransom to the attackers. Blount told the Senate Homeland Security Committee at a hearing, paying the ransomware was the hardest decision of his career. Blount said he knew how critical Colonial’s pipeline is to the country and he put the interests of the country first. When asked about the security on the particular VPN that was hacked, Blount said it was not a two-factor security password that texts to a phone but single factor authentication using only a plain text password. He said it was more complicated than the typical Colonial123 password. Lesson learned?

Following the attack on Colonial Pipeline, another ransomware cyber-attack occurred on our supply chain.

JBS Meat Packing Hack (it rhymes!)

JBS is considered to be one of the largest meatpacking companies in the world. At the end of May, they reported cyber criminals used ransomware to take over the company’s network systems and stopped meat production. JBS revealed they made a payment of $11 million to a Russian-speaking ransomware gang called “REvil” to protect JBS meat plants from any further impact on farmers, grocery stores, and restaurants.

Why are we seeing a surge in targeting a crucial supply chain?

There are many contributing factors in the recent wave of hacking attacks. It’s a fact more folks are working from home and lack the cybersecurity necessary to guard against intrusions. Another large contributing factor is that software used to allow bad actors to break into a network system is more sophisticated and readily available. The largest factor is that the United States companies are more globally connected than ever before therefore increasing their exposure to cybercriminals.

Who’s in Charge?

You might be asking who is in charge. It’s the United States Department of Homeland Security (DHS). Its stated missions involve anti-terrorism, border security, immigration and customs, cybersecurity, and disaster prevention and management.

Cyber Security Prevention

June 10, 2021 – The Department of Homeland Security Cybersecurity and Infrastructure Security Agency unveiled guidance for defending against ransomware attacks targeting operational technology assets and control systems, in light of the rise in critical infrastructure attacks.

The guidance joins a host of federal agency and White House efforts to crack down on ransomware and improve threat sharing between entities, as the frequency and disruption of attacks continue to ripple across the country. Combining knowledge and sharing prevention ideas will be the key to thwarting future attacks.

Fingers Crossed that the guidance works. We have all learned the lesson that it’s vital that we secure our supply chain in the United States and abroad. We don’t want to say what’s next!

Check out this series of our video blogs pertaining to cyber breaches!

Top Five Cyber Attacks

Phishing, Ransomware, Endpoint Security, IoT Devices and Cloud Jacking. What do they have in common? Top Five Cyber Attacks we are concerned about and you should be too!

The frequency of cyberattacks is growing. The following is Enigma Forensics’ top five cyber attacks that you should be made aware of.

Phishing Attacks are specific forms of email or text messages that are targeting victims to gain access to their personal information. Phishing messages often try to induce the receiver to click a link to a package shipment delivery message or other seemingly legitimate hyperlinks. It acts like a harmless or subtle email designed to get victims to supply login credentials that often become harvested by the attacker for later use in efforts to compromise their target. Sometimes phishing emails spoof the sender to be someone who has already been compromised. Once compromised, often times the compromised user’s mailbox is used to relay other outbound messages to known individuals in their saved contacts. This form of attack earned its name because it masquerades as an email of someone you may know and because you know the sender, you are more likely to nonchalantly open the email and click on the attachment to learn more about the content. With a click of a mouse, BOOM you can be compromised. This is a very easy and effective scam for cybercriminals. Warning: Do not open attachments or forward chain emails!

Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge. The cybercriminal then holds the stolen information for ransom, thus the name! They may ask for a ransom payment in the form of digital currency such as bitcoin. Whether or not the victim pays the ransom depends on what information they have stolen or what criminals have threatened to do with the stolen information. Warning: Do not visit unsecured sites!

Remote Worker Endpoint Cyber attacks are currently the most popular because of the number of employees working from home caused by the Coronavirus. In the month of March, many workers were sent scurrying to their homes without companies placing proper cyber protection protocols. Employees are using their personal devices to conduct work and often are not fully patched, updated, and using encryption to protect their home devices against cybercriminals. Many company executives have been targeted at their homes, where they are much less likely to have commercial-grade firewalls designed to protect endpoints and company trade secrets.

IoT Devices attacks are a popular vehicle used by cybercriminals to establish a beachhead for launching lateral attacks across a home or work network. IoT devices involve extending internet connectivity beyond standard devices, such as desktops, laptops, smartphones, and tablets, to any range of traditionally dumb or non-internet-enabled physical devices and everyday objects. Embedded with technology, these devices can communicate and interact over the internet. They can also be remotely monitored and controlled. IoT Devices should be segmented and on a different network than corporate work from home devices. IoT devices pose a great threat because many of these devices lack automatic update processes and can become a beachhead for cybercriminal attacks in your home.

Cloud Jacking will increase with an estimated growth of cloud computing to be a $266.4 billion dollar industry in 2020. The idea of cloud storage makes one believe it is an improved option rather than the traditional on-premise computing storage. This will and has become a major security concern and has created a strong urgency to increase the creation of cloud security measures. Cybercriminals will up their game and cloud jack data information whenever possible. The race in on to see who does it cloud security better; the good guys or the bad guys. To protect against Cloud Jacking cyber attacks, organizations should enable two-factor authentication options, such as Google authenticator.

Two-factor authentication requires two of the three following means of authentication:

  • Something you know (A password)
  • Something you have (A key fob or cell phone authenticator)
  • Something you are (Retina Scan, Facial recognition, fingerprint)

Small Business and Cybersecurity Attacks

Small businesses are getting hit hard. Starting with government directed closures due to the COVID-19 pandemic and now the most recent looting and protestor damage. Small businesses are more vulnerable than ever. If you own a small business be on the lookout for cybersecurity threats and learn more on how to protect your business.

Small Businesses must on the lookout for cybersecurity threats!

Small businesses have been besieged on all fronts. First, out of left field they were struck by COVID-19 and the loss of business. Then knocked down by the most recent violent protests. All these hits create multiple vulnerabilities to yet another threat; cybersecurity attacks. Now more than ever, small businesses need to be aware of an impending cybersecurity breach. Enigma Forensics focuses on cybersecurity and would like to share what are the most common cybersecurity threats and how small businesses can protect themselves.

What are the most common security threats?

There are three common cybersecurity threats each small business owner must be aware of; Malware, viruses, and phising. Malware is an umbrella name for a software designed to attack and destroy computers, servers, and to obtain client information. Malware can be engineered in many different malicious ways. Viruses are designed as a computer program that replicates itself and inserts code into your system to modify existing programs. It basically creates havoc in your system and is extremely difficult to delete. Phising is inserted by a clicking on or opening an email that presents itself as a legitimate email. It sparks curiosity and plays on the simplest of emotions.

What are some easy tips for small businesses to protect themselves?

Enigma Forensics encourages everyone to purchase cybersecurity insurance. This can help defer costs if you are attacked. We definitely suggest to hire a professional to assess your system and identify risks. Another less costly tip is to change your passwords. Make them as difficult and unique as possible and don’t store them on your systems. Be sure to include mobile device security if you or your employees check emails on mobile devices. Train your employees to recognize cybersecurity threats and how to avoid and report them.

Enigma Forensics related articles

See the link below for The Department of Homeland Security guide

https://www.dhs.gov/sites/default/files/publications/CSD%202018%20Tech_Guide_Web%20Version_508.pdf

Crypto Currency Lending

Crypto currency lending and cyber security issues

Cyber Security Forensics Expert, Lee Neubecker and Draw Bridge Lending CEO Jason Urban describe crypto currency and the security issues as it relates to Bitcoin and

The transcript of the interview follows:

Lee Neubecker: Hi, I have Jason Urban on the show today. He’s the President and CEO of DrawBridge Lending. Thanks for being on the show Jason.

Jason Urban: Thanks for having me, Lee. This is great, glad to be here today.

Lee Neubecker: Jason, I’ve known you for awhile. You’ve been doing some innovative things in the lending industry as it relates to bitcoin and block chain. Tell us a little bit about that. Jason Urban : Sure, so what we do is we’re a lender against secured digital asset holdings and what we are providing is the draw bridge, or the bridge, from these traditional lending sources, or pools of liquidity, into this new ecosystem where everybody is trying to figure out how that landscape works.

Lee Neubecker: What type of people would have a need for your service? Jason Urban: I think they’re are a wide variety of people. People who have these digital assets and because of the way they’re categorized here in the States from the IRS perspective, when you spend them, when you use them, you encounter a taxable situation, but to the extent that you might need to pay your power bill or to go on a vacation or buy that boat you always wanted, you need fiat, you need US dollars, and what we provide is a mechanism or platform for people to borrow against the digital asset holders.

Lee Neubecker: So, if someone’s sitting on say 100 bitcoin, which is quite a bit of money, you’d allow them to take out a loan against that bit coin and use that for short term cash expense or whatever?

Jason Urban: Yes

Lee Neubecker: What is the duration of your loans typically?

Jason Urban: We typically focus one to six months. It’s a very volatile asset, and our backgrounds are managing that volatility, but there’s only so much you can do when something moves as rapidly as that does, which is an advantage to the asset, but it’s also difficult from a lending capacity. So our loans are one to six months in duration, and we offer renewal options, so you can re-up and renew. Just the strike price of that loan to value, think about your home moving 50% in a six month period, you might want to refi or you might need to put more money up. We try to mitigate a lot of those risks by offering the durations we do.

Lee Neubecker: So, your clients actually give you their cryptocurrency and you escrow it for them?

Jason Urban: Yes, so what we do is we don’t like to take possession of their currency. What we like to do is use a qualified third party custodian so that their digital assets are resting there, so they know they’re there, and I can’t take them unless they default on a loan or something unfortunate happens. All we want to do is provide a mechanism or a platform for someone to monetize their holdings. We don’t want to take possession of them. We don’t want their private keys. We’ll only take those in the event that they default or want us to satisfy their loan.

Lee Neubecker: So in this business, what measures do you take to help ensure that these digital assets are safe from a cyber attack perspective?

Jason Urban: Well, part of it, the key for us, is cold storage. And cold storage is basically storing these things on a server or computer where it’s not connected to the internet. It can’t be taken, so we require that all our custodians deploy a cold storage method as opposed to a warm storage or a hot storage. That way we know that the gold is in the vault so to speak but that it’s not going to be readily accessible to anybody out there.

Lee Neubecker: Have you had a situation where a customer gets angry because a price fluctuates and they feel that they were cheated out of there value?

Jason Urban: Interestingly we don’t have that problem because of the mechanisms that we deploy on the back end. So all our loans are no margin call and non-recourse unlike a lot of people in the business that will have you retop. Think about it this way, if I issue you a loan on an asset that’s worth $10,000, and I give you 50% of that asset in cash, if the value of that asset goes from 10,000 to 5,000, I now need to create that cushion again, so you need to pay me more money or reup or figure out. What we’ve developed, and our methodology, is a way to never have to worry about that, and we use the financial markets. We’re markets experts, and we’re risk managers, so we have mechanisms by which we can ensure that you don’t have to worry about topping off your loan.

Lee Neubecker: Are there any restrictions on the type of customers you can have based on what the SEC imposes on you?

Jason Urban: We are very compliant, so we are registered by the CFDC, and we follow all the rules and regs imposed on us by them. We have to do AMLKYC, anti-money laundering know your customer. We’re registered as a non-bank lender in all 50, or in 31 states. We operate in all 50 states so that we’re following not only consumer lending laws but also securities laws and commodities laws.

Lee Neubecker: Are there any requirements you have on customers before you can take them as a client? Well one, we have to do the AMLKYC on them. Right now, our products are geared towards accredited investors. Because of the way we do the hedging on the back end we need to make sure that those customers are sophisticated enough to understand what we’re doing. And so in order to do that, we need to put that accredited investor cap on things. It’s a little different under the CFDC umbrella. They call them qualified exchange participants, or ECPs, so there’s a couple of different buckets you wear, but it’s a little different than the SEC’s accredited investor, but effectively it’s the same thing.

Lee Neubecker: Is there a minimum net worth that your customer’s have to have?

Jason Urban: And that’s part of it, a minimum net worth of a million dollars, or an entity that’s a million dollars that’s what we require.

Lee Neubecker: What sectors do you see that this type of lending is getting the most interest in terms of where your clients are coming from?

Jason Urban: A wide variety, if you really think about it, bitcoin, or digital assets as a whole, can be held by anyone. It isn’t a single group that says, “Hey, I’m really into this.” So we see funds, minors, people who were early adopters of the technology, they’ve all kind of stepped forward. Additionally, we’ve got a product that’s geared towards people who would like to buy bitcoin and want to employ some of the same methodologies that we’re employing right now.

Lee Neubecker: Do you have any closing thoughts you’d like to share?

Jason Urban: I think that people often confuse block chain and decentralized ledgers with bit coin. I think the block chain technology is interesting on so many levels. I think that as the world becomes more tokenized, and I think you’re going to see more and more of that, everything from the artwork that you see on the walls to buildings to physical assets like gold, silver, oil. The world is moving towards that technology and that methodology, and I think that being an early adopter and understanding it is so important. If you want to make the same parallels, this is the internet in 1990 or 1995. The difference is the world moves much faster today than it did back then.

Lee Neubecker: So are you taking investors?

Jason Urban: We’re always willing to have strategic investors come into the space, and we’re not opposed to that. We’re very well capitalized, but we do recognize the value in being partners with people. And part of being partners is financial as well.

Lee Neubecker: Well thanks again for being on the show.

Jason Urban: Thank you very much.

Neubecker Presents at Chicago Science Writers

How secure are consumer IoT devices?

Lee Neubecker, Enigma Forensics President & CEO, will present on the potential impact of vulnerable consumer IoT devices as it relates to the security of the U.S. Power Grid.

The event will take place at the Medill School of Journalism Chicago Newsroom, 303 East Upper Wacker Drive Suite 1600, Chicago, IL 60601.
Date: Thursday, January 10th, 2019, from 5:30PM – 7:00PM.

The Chicago Science Writers organization is composed of writers that report on more technical topics. The Chicago Science Writers group provides a forum for people in the Chicago area who communicate science to the public. It organizes professional development programs and social gatherings. CSW provides a point of contact to national science organizations and local science groups interested in connecting with science writers in the Chicago area.

The public may register for this event at the following link:
https://www.eventbrite.com/e/chicago-science-writers-presents-hacking-the-power-grid-tickets-54182573536?aff=mcivte

Top Ways to Protect Your Home from Cyber Attacks

Top 10 Ways to Secure your Home from Cyber Attack

  1. Make sure you have a firewall that blocks outsiders from getting into your home network
  2. Patch your computers and devices at least monthly
  3. Buy IoT devices from vendors that build in security by default
  4. Purchase IoT devices that auto-update or can easily be patched
  5. Don’t purchase computing devices that use default username = admin, password = static default password
  6. Consider carefully if you really need a WiFi enabled toilet (or other appliance)
  7. Segregate your IoT devices by putting them on the guest network that many routers offer
  8. Purchase devices from manufacturers that publish the firmware updates online with verifying hash value
  9. Don’t buy devices from manufacturers that lack https secure encryption on their own website
  10. Discard out dated IoT devices that do not have patch updates available

Top Online Resources for Securing your Home Against Cyber Attacks

USA Department of Homeland Security CISA on Securing your home network security

USA Department of the Navy on Securing your Home Against Cyber Attacks