Last week we told you how to prepare for a potential Iranian cyberattack and within days, many state agencies and companies have started to see increased hacking attempts.
Texas Gov. Greg Abbott said Tuesday the Texas Department of Information Resources has seen a spike in attempted cyberattacks from Iran on state agency networks at the rate of about 10,000 per minute.
The increase in activity from that area has come in the last 48 hours, and to the department’s knowledge, none of the probes has been successful, said Amanda Crawford, the executive director of the Department of Information Resources.
“We have no way of knowing whether anything is government-based or not, or government-sanctioned. What we’re doing is scanning on our state networks, and we can see where attacks are coming from,” Crawford said.
Most hacks come from phishing and many services like PHISH360 can help train your employees and are free to use.
Sadly, even industrial control hacks are often begun with targeted phishing otherwise known as spear phishing.
The other major concern is unpatched systems.
This past October we warned users to patch systems from among others, Pulse Secure VPNs.
Travelex didn’t read our post, or just didn’t get a chance to patch.
They were subsequently hit with Ransomware and need to pay $5 million to get their data back.
In the statement they sent us a few days back, CEO Tony D’Souza said, “We regret having to suspend some of our services in order to contain the virus and protect data. We apologise to all our customers for any inconvenience caused as a result. We are doing all we can to restore our full services as soon as possible.”
Everything is bigger in Texas – perhaps their hacks as well. But remember, companies have been wiped out by a single hack because they lose customer trust or never get their data back. Don’t be a victim.
Please do the following to stay as secure as possible:
1) Read cybersecurity essentials – a simple list which will help most organizations become far more secure.
2) As mentioned above, go to a phishing simulation vendor now and sign up for one of their offerings. Phish360 is great and costs nothing to get started. This is needed to train workers by testing them without their knowledge by sending real-looking emails to their inboxes. If they click, they are immediately trained on what not to do.
3) We also recommend you get a free evaluation of your cybersecurity risk from an MSP/MSSP immediately – they can also help you build in the needed compliance to reduce the risk of being fined.