Home - Article

Featured Article

May 08, 2019

How to Prevent Corporate E-Mail Being Hacked Like China Did to Hillary Clinton


The FBI recently released a report which shows Chinese hackers broke into Democratic Presidential candidate, Hillary Clinton’s private email server and inserted code which forwarded virtually every email sent or received. The code reportedly was discovered in 2015 by the Intelligence Community Inspector General (ICIG), which then warned FBI officials of the intrusion. A source told Fox News the hack was from a Chinese company, describing it as a front for Chinese intelligence.

With apologies to Slack and Cisco and Microsoft Teams, email is the way work gets done in the majority of businesses. Infiltrating the email of one key individual in a company gives access to the culture of the entire organization. From there, a hacker can use the address to send targeted spear phishing emails to others in the company to get a better picture of how things operate.

Once inside, they can craft financial attacks where they request wire transfers. They can send messages to customers just as they are expecting a company account number to wire money to. They can poach trade secrets. Finally, they can pick up user names and passwords of various accounts.

As a reminder – hackers often hack to make easy money. Just this week, Binance had $40 million stolen by what the CEO described as “very patient” hackers and RobbinHood ransomware took down Baltimore City government networks. This city has had a lot of issues as their 911 system was hit with ransomware last year and we broke the news they eliminated an insider threat just this past January.

Getting into an email system in many ways is the ultimate way to make money or steal information.

This news is not lost on nation-states as they are getting better at hacking and found a way to get into email systems without being detected. In fact, Russia found a way to attack Microsoft Exchange.

The backdoor, named LightNeuron, was specifically designed for Microsoft Exchange email servers and works as an mail transfer agent (MTA) --an approach that no other backdoor has ever taken.

"To our knowledge, this is the first malware specifically targeting Microsoft Exchange," ESET Malware Researcher Matthieu Faou told ZDNet via email.

This hack is one of the most sophisticated ever found for a number of reasons but the most fascinating thing about it is how it can be controlled.

Hackers don’t need to make a direct HTTP connection to the server or network once infected. All they have to do is send PDF and JPG email attachments with hidden steganography commands in them. These attached files are easily dismissed as spam.

Even more scary, LightNeuron has been used (PDF) since at least 2014, it’s the first to use a malicious Microsoft Exchange Transport Agent, it can spy on all email that the infected server processes, it can modify or block email.

The attack came from Turla, also known as Snake, an infamous Russian espionage group active for at least a decade and well known for its advanced custom tools and its ability to run highly targeted operations.

Turla typically does a pen test (the malicious kind) to find vulnerabilities on the target and then uses spear phishing emails, watering hole or Man-in-the-Middle attacks to get in.

Cyberattacks by nation-states and parties affiliated with them represented 23% of data breaches, up from 12% in 2018 and 19% in 2017, according to Verizon's Data Breach Investigations Report.

Businesses are increasingly becoming targets of governments and most have no idea this is happening.

More importantly, senior executives are 12 times more likely to be the target of social incidents, and nine times more likely to be the target of social breaches than in previous years, with financial motivation remaining the key driver. Financially-motivated social engineering attacks represent 12% of all attacks the report examined.

Every survey we have seen shows people are far more confident about their cybersecurity than they should be, considering the percentages of companies and individuals being hacked. This week in fact, A new study from Webroot that examines the cyber hygiene habits of 10,000 Americans, 200 in each state, reveals that 88 percent feel they take the right steps to protect themselves from cyberattacks. However, just 10 percent scored 90 percent or higher on a cyber hygiene test, with the average respondent getting only 60 percent.

The same challenge exists for business but it is much, much worse.

In fact, research shows the vast majority of successful attacks today are using known vulnerabilities in well-known software that have been patched already by software vendors. So, most of the successful attacks can be stopped just by knowing what you have out there and making sure it’s patched.

The challenge? One-third of IT departments don’t actually know what hardware is out there or what software is running on it, making it impossible to patch effectively.

Looping back to China – we have recently learned, they too have access to the NSA hacking tools which were in-part responsible for a massive multibillion dollar malicious NotPetya attack thought to be launched by Russia.

All is not lost – there is good news here if business just wakes up and pays attention. Managing equipment properly, cataloguing hardware and software and deploying a proper patch-management strategy can go a long way towards keeping a company secure.

In addition, 90 percent of data breaches are caused by human error!

It is exceedingly easy to lower this percentage.

The best way is to regularly use a phishing simulation solution like Phish360. The idea is to send fake phishing emails and train the users who click.

This will cut down on a very common way hackers get into an organization.

In addition, cybersecurity training must be done regularly. Auditing and documentation must be performed regularly to ensure systems are secure. Anomaly detection should be running constantly to detect threats as they emerge. Penetration testing shows if systems can easily be reached from the outside. Finally, solid network forensics for when a breach occurs.

To ensure your organization is safe – even if you have internal IT, hire an experienced MSP or MSSP like Apex Technology Services. Their core competency is keeping companies running smoothly and they are constantly exposed to best-practices across industries and compliance organizations.

It’s a dangerous world and it is getting worse. Every company must be proactive to stay secure.


 

Apex Technology Services
Choose from comprehensive, affordable solutions for IT consulting, network services and computer help desk support in Fairfield county including Norwalk, Darien, Stamford, Greenwich, Ridgefield and Bridgeport. Also Westchester county including Rye, New Rochelle, White Plains, Yonkers and New York including Manhattan and the five boroughs.
IT SERVICES

IT SERVICES

Apex Technology Services is a cutting edge MSP offering quality IT support to financial, medical, legal, Fortune 500 and government agencies while adhering to the highest of quality...

LEARN MORE
CYBERSECURITY Services

CYBERSECURITY

Apex Technology Services has the cybersecurity expertise to help your business in a world filled with attackers looking to shut down your business hold it ransom or steal your valuable...

LEARN MORE
CLOUD SERVICES

CLOUD SERVICES

Apex Technology Services delivers a combination of traditional IT functions such as infrastructure as a service (IaaS), applications, software, security, monitoring, storage...

LEARN MORE

Ranked Top 10 Network security Solution Provider

One Stop Shop For All Your Technology Needs


Contact us Now!