Central Penn Business Journal has selected Scott R. Davis as a Forty Under 40 recipient.

Forty Under 40 recognizes professionals 40 years of age and younger who have been successful in the Central Pennsylvania area. Honorees, chosen by the Central Penn Business Journal editors, were selected based on professional accomplishments, community service and commitment to inspiring change.

Updated 7/2/2021 - 17:51 ET

Shortly after 2PM on Friday July 2, 2021 administrators of the Kaseya VSA (Remote Monitoring and Management) Software as a Service began to experience issues where users were locked out and customer agents were receiving scripts to deploy ransomware.  By 3PM Kaseya had shut down and placed all cloud servers in maintenance mode and has put out communication for all self-hosted VSA partners to shut down their servers.

At least 8 Technology Service Providers have confirmed that thousands of their customers has now been encrypted by a REvil ransomware as a service affiliate.  Over the next 24-48 hours both the number of service providers and the end customers affected by this is expected to grow.

(Read on IoTSSA | Read on CHANNELe2e | Read on Liongard.com)

Securing data has become a critical requirement for organizations around the globe.  Governments and industries are modernizing existing consumer protection and breach notification laws while establishing new standards of security. 

The last twelve months has seen records shatter in not only the volume of successful data breaches but the average cost of a breach as well.  Ransomware with extortion has drove this increase as seventeen different cyber-crime groups were using the business model at the end of 2020.

Technology has evolved tremendously since the 1980’s, yet most of the innovation has occurred since the creation of the cable modem and high-speed internet in the late 90’s.  Billions of dollars were invested to build faster and more robust networks both wired and wirelessly, the risk of data breaches was growing.

Intelligence from the SolarWinds Cyberattack, which is being called Sunburst, continues to come to light as security professionals around the globe are trying to understand what happened and what the risk is to them and their clients.  With many of the answers likely to take months or longer to fully understand the scope of the attack here.

Reuters talked to the security researcher Vinoth Kumar whom reportedly alerted SolarWinds back in 2019 that anyone could access the company’s update server using the password ‘solarwinds123’, adding that this could have been done by any attacker.

Yesterday, Solarwinds released the hot fix 2020.2.1 HF2, and is encouraging all users to update as soon as possible, this was after multiple sources indicated that the initial hot fix still had code embedded for the attack.  This hot fix is for the Orion Platform, which is embedded in 18 products offered by Solarwinds.

As part of reverse engineering, researchers identified that the domain AVSVMCLOUD.com was being utilized as a control server for the attack.  Here the malware sits dormant for 12 to 14 days before calling the domain, so it may take some time to discover who is affected. FireEye found that the malware would terminate itself and prevent further execution when the IP addresses for AVSVMCLOUD.com returned some conditions, including Microsoft’s IP addresses, which is believed to be designed to prevent Microsoft from examining the malware.

Microsoft and other industry partners have seized the domain name and have begun the technique known as sinkholing to build a list and notify the victims. 

Since Sunday, the number of confirmed victims has grown and now includes:

• Cybersecurity firm FireEye
• US Treasury Department
• US Department of Commerce’s National Telecommunications and Information Administration
• Department of Health’s National Institutes of Health
• Cybersecurity and Infrastructure Agency
• Department of Homeland Security
• US Department of State

It should also be noted that in a lot of cases the cyber criminals behind this attack acted quickly and likely established persistent mechanisms to access a victim’s network beyond the Sunburst backdoor.  Microsoft has started to block the known malicious binaries already.

I would expect more information coming to light over the upcoming days and weeks, as with any cyber-attack of this magnitude there are multiple people investigating and digging into the malware.

As far as your environment goes, you should have a service that logs website traffic and you can likely use that to search for the domain AVSVMCLOUD.com, and if you get any hits then you can assume you are a victim of the Sunburst malware.

From there you want to begin your investigation and identify your risk.

Pennsylvania residents are unprotected against modern data breaches.  Over the last fourteen years much has changed with technology.  The first Apple iPhone was released in 2007, Ransomware became a common word in 2011, and Microsoft Windows 10 was released in 2015.  The one thing that hasn’t changed since 2006, is you guessed it, Pennsylvania’s Breach of Personal Information Notification Act.

If we were to rewind to 2007, data breaches were occurring but were typically targeted attacks or due to the physical loss of hard drives or paper copies, in addition the average Internet Connection speed was only 3.67 Mbps, whereas today my iPhone downloads at faster than 60Mbps over a cellular connection.

How many times a day do you preach best practices procedures to your employees?  What is a best practice and what does it actually mean? How are effective best practice developed, how often should they be reviewed, and how should you store them? Most importantly, how do you share and train your staff on your organization’s best practices. Service providers and resellers need to have answers for all these questions.  Here are some of the answers we’ve come up with.

A best practice is often referred to as a Standard Operating Procedure or (SOP).  But in reality, they are two different things.  Merriam-Webster defines a best practice as “a procedure that has been shown by research and experience to produce optimal results and that is established or proposed as a standard suitable for widespread adoption.” Your SOPs are actually nothing more than a best practice in the development stage.  A best practice is your tested and established method to complete a standard task correctly every time that issue comes up. Whether the issue concerns an internal process, or the resolution of a customer problem, best practices are the way your company has decided to address the issue.