CTC’s Cybersecurity Threat Report – January 2018

Ransomware and security vulnerabilities continue to affect SMBs and large corporations at an alarming rate. Some experts believe that moving forward, these attacks will be more devastating and widespread.

From an IT professional’s or security consultant’s standpoint, this is very concerning. As soon as a patch or solution is found to prevent one attack, it seems as if a handful more pop up.

In these cases, knowledge is power, and at least staying up-to-date with the latest threats will give you a head start on preparing accordingly.

Here is our latest threat report, updated as of January 31st, 2018:

Ransomware: SamSam

A new variant of SamSam recently infected the practice management and electronic health record giant AllScripts, causing multiple applications and data centers to go offline across multiple cities. According to sources, Microsoft and Cisco had to be brought in to help remediate the attack.

SamSam is a server-side ransomware that seems to be targeting hospitals and the health industry. Not too long ago, Hancock Regional Hospital ended up dishing out about $55,000 worth in Bitcoin to get their systems online amidst one of the worst snowstorms and flu seasons in the hospital’s history.

What makes SamSam different from other known ransomware like CryptoLocker and TeslaCrypt is its method of exploitation. Instead of entering a network through an email attachment or website, SamSam is infecting entire IT infrastructures through vulnerabilities in a company’s unpatched servers.

Furthermore, SamSam enables communication between the victim and the hacker. This gives the hackers leverage to negotiate various levels of unencryption. This new method of extortion is a new evolution of ransomware, and will only get worse threats like this evolve outside of the health sector.

Vulnerability: Meltdown & Spectre

Meltdown and Spectre are a family of cybersecurity vulnerabilities that are currently affecting modern computer processors, caused by flawed chip design.

Meltdown lends its name to the nature of its vulnerability as it “melts” the security policies that are normally enforced by the processor. Spectre’s vulnerability allows attackers to exploit a program’s security to release its data. The commonality of each vulnerability’s relation to widely-used processors has caused havoc across the IT industry.

It appears that the industries that are most affected by Meltdown and Spectre are those who have Microsoft based operating systems. To make things worse, the currently available patches for these vulnerabilities are said to slow down system performance.

This is especially concerning for data center operators, who after deploying the available patches, may need to invest in additional hardware to handle the same level or operations.

Is Your Network Safe?

Prevention is the best medicine. Follow us on Twitter or Facebook for our monthly security updates.

CTC Technologies helps businesses and enterprise organizations with their cybersecurity needs, ranging from network security assessments to implementation of endpoint protection solutions, firewalls, and data loss protection. Reach out to us today at 734-408-0200 to speak to one of our cybersecurity specialists today.