Kansas City Cyber

Welcome to ! We've been away helping protect the cyber world for a bit but if you've paid attention at all to the cyberattack landscape lately, you are assured to have read about the latest massive attack on United Health Group (UHG). UHG, the world's largest healthcare company by revenue, learned of a breach on 2/21/24 within its Optum division, specifically the Change Healthcare system. Optum’s Change Healthcare has a great presence within US healthcare, as it is used by hospitals, clinics and pharmacies nationwide. Change Healthcare is so intertwined that the AHA warned at the time that healthcare organizations that use Optum should disconnect their systems immediately to protect their private data.

The BlackCat/APLHV ransomware gang has claimed responsibility for the attack; alleging that they stole 6TB of data from the network. Though they have not yet been officially credited for the attack, BlackCat is known to focus on the healthcare sector. The FBI says the gang had over 1000 victims and was able to collect over $300 million in ransomware payments in 2023 alone.

On March 15, UHG announced that they were able to restore the Change Healthcare's electronic payments platform and have also restored 99% of the pharmacy network services. UHG also advanced over $2 billion to assist care providers that were disrupted by the cyberattack. In an AHA survey, 94% of hospitals experienced financial disruptions from the attack.

UHG has not disclosed what data was compromised by the attack or whether or not a ransom was paid to restore systems, however, the Biden administration announced that it has launched an investigation into the company due to the "unprecedented magnitude of the cyberattack".

Happy Today we talk crypto-agility. In basic terms, this is the ability to be able to switch your encryption methods quickly.

Why would you want to do that? All combination locks can be defeated if someone has enough time to do it. There is a finite number of combinations that are in place. They rely on the fact that an attacker doesn't have enough time to solve the puzzle before they are discovered, the combo is changed or their mortal life ends before they can solve it.

56-bit DES encryption was the standard when it was released in 1977. At the time, it would take many lifetimes to defeat the algorithm using a brute force attack. However, with increased computing power, it can now be defeated within hours. Therefore, making it unusable for security.

This issue will continue to raise problems with any encryption method developed as Quantum computing continues to solve complex problems at a lightning rate. That is why it is important for developers to be prepared to incorporate cyber-agility into their applications so they can quickly change their security to new innovations as past algorithms are defeated.

In what is being termed security experts are saying that a supermassive leak containing mostly of data from past breaches has been compiled to build 26 billion records of exposed data.

This image, courtesy of our friends at cybernews.com, shows the companies that have been most exposed by MOAB. However, this only shows the companies that have 100M+ records in the compilation but there are thousands of more companies that are unlucky enough to find themselves on the list.

To find out if you may be affected, copy this URL in your browser and search your email address/phone. https://cybernews.com/personal-data-leak-check/.

Welcome to !

It is . The goal is to spread awareness about online privacy. Data privacy should be a priority both for individuals and organizations. People should understand that they have the power to manage their data and organizations should understand why it is important that they respect their users’ data. Since data privacy and data security go hand in hand, here are a few tips on how to keep your data safe:

Create long (at least 10 characters), unique passwords for each of your accounts and devices. The easiest way to do this is by using a password manager to store each password. We recommend using LastPass.

Turn on multifactor authentication (MFA) wherever it is permitted. This is how you can keep your data safe, even if your password is compromised.

Turn on automatic device, software and browser updates or make sure you are installing these updates as soon as they are available.

Invest in antivirus software. Installing a reliable antivirus tool on your computer can further strengthen your protection. Many simple but efficient programs are available for purchase at affordable prices, and they often last between one and two years. We recommend Sophos Home Premium: https://buy.home.sophos.com/1461/purl-homepremium

Feel free to reach out to us if you have any security needs or questions!

Happy ! Here at Kansas City Cyber, we wanted to wish everyone a Merry Christmas and Happy Holidays this beautiful time of the year.

Remember to stay alert as you enjoy your Egg Nog; cyber attackers have annual quotas they are trying to achieve too!

Welcome to ! I bet you think the older generation is the more likely age group to fall victim to a cyber scam. However, 44% of millennials have fallen victim to cyber security attacks by sharing passwords of something harmless such as Netflix and then using the same password to access sensitive material such as their bank account.

Be sure not to share or recycle passwords. Also, always turn on MFA whenever possible. As your friend today may be your enemy tomorrow.

Happy We hope everyone had a fantastic Thanksgiving holiday!

Often people ask how can I extend the life of my laptop battery? There are many tricks to do so....turn on your battery saver, keep your laptop cool, reduce the brightness of your screen, and don't just keep your laptop plugged in all the time to name a few.

Basically the more power you drain from your battery, the quicker it is to die.

Happy ! In lieu of a cyber tip this Tuesday, we want to wish everyone a Happy Halloween! We hope you have a fantastic day and your bag is filled with amazing treats!!

Welcome to ! Have you heard of IoT? IoT is known as the Internet of Things and is any physical device that connects to the internet.

There are some crazy things out there that connect to your wireless and push collected data back to its home base. Some of the weirdest we've heard of is the Smart Salt Shaker, Smart Toaster and even the Kohler Numi 2.0 Smart Toilet that runs about $8500!!

Anytime you allow a smart device on your network, you are rolling the dice that you are good with it collecting data about you and sending it off to marketers. More importantly you are hoping that the maker of your Smart Flip-Flops also have the ability to write complex code to ensure you are not being hacked by intruders.

A wireless network is only as strong as its weakest device and as soon as you connect your Smart Mug you could be opening the door for intruders to monitor, scan and steal information from your network.

Be sure to only connect devices to your network that you can trust and to ensure random employees don't connect vulnerable devices at your business, only give the wireless password to your trained executive team, as well as conduct periodic port scans to monitor traffic.

Welcome to ! When it comes to cybersecurity, many small business take the approach of "I'm too small, no one would target me" or "Cybersecurity is too expensive, I can't afford it".

The reality is 46% of cyber breaches impact businesses with < 1000 employees. 37% are on businesses with < 100 employees.

For a small business, a budget of a few hundred dollars a month can greatly reduce the risk of a cyberattack and make your neighbor with no plan a much easier target for hackers to focus on.

Contact us today so we can get started on protecting your business!

Welcome to ! Not only are we moving into the scary season of ghosts and goblins but its also that time of year for our healthcare friends to finish their Security and Risk Assessment (SRA) by the end of the year.

are required to be completed on an annual basis for HIPAA compliance. Did you know its actually worse to answer your SRA incorrectly than not even doing one at all. And its even worse than that to discover a vulnerability during an SRA and not take action to eliminate the risk.

When conducting an SRA, we recommend using a 3rd party company that specializes in compliance and cybersecurity over your IT service company or internal IT department. It is beneficial to have a new set of eyes look for flaws over the individuals that set it up. There is a reason that students don't grade their own tests.

We have limited capacity for how many assessments we can complete before the end of the year. Slots are filling fast, please reach out to [email protected] to schedule a time to review your SRA needs.

Welcome to ! If you're like The Hangover's Stu and joined the Caesar's or MGM's reward program, you need to be on alert for your personal private information potentially being exposed.

Caesar's confirmed that driver's license and social security numbers of rewards members were copied during their recent cyberattack. Though they paid an undisclosed amount (rumors say $15M) to not have the data leaked, it is more of a 'pinky promise' that the threat actors won't expose the data.

At this point, MGM hasn't confirmed what was breached and stolen but cyber attackers are claiming they have the same data and are threatening to leak it if they aren't soon paid.

To help against identity threat, we recommend subscribing to a service like Symantec LifeLock to monitor your private information. Caesar's is currently offering a free identity service to those members that may have been exposed (call 888-652-1580 to signup) and it is assumed that MGM isn't far behind.

MGM was hit by a cyberattack Monday that pushed the company to shut down network systems. This lead to digital rooms keys not to work, slot machines to be out of order, and ATMs inoperable.

Websites for the MGM resorts were also taken offline and continue to be disrupted this morning.

As the attack is being investigated, ALPHV ransomware group is taking credit claiming they simply used a social engineering attack to gain access.

ALPHV ransomware group claims they went to LinkedIn, found an employee, called the help desk and "defeated a $33,900,000,00 company by a 10-minute conversation"

The best defense against social engineering attacks is education. Having an effective training program in place to train your team how to recognize social hacking can minimize the risk of a threat actor gaining access.

Please contact Kansas City Cyber to learn how we can train your team on security awareness.

Welcome to ! If you are looking to enter the exciting world of cybersecurity or advance your career with additional training, ISC2 (isc2.org) is a great place to work towards your certifications, including the industry standard CISSP.

Royal: the ransomware group behind the City of Dallas attack

Flashback to late April, the main concern for the City of Dallas was whether or not #1 draft pick Mazi Smith would be enough to stop Jalen Hurts from running all over the Cowboys this Fall.

Flashforward a week later and the only thing the City of Dallas was worried about stopping was the ransomware that had impacted city services including the police department and 9-1-1.

In light of Dallas finally admitting (3 months later) that over 27,000 people had their sensitive data exposed along with over $8.5 million dollars being spent, lets look at the ransomware group that raised such havoc in the Big D- this group would be known as Royal.

Royal splashed onto the scene back in 2022. They are suspected to be made up of members of the now defunct Russian ransomware gang- Conti. Their most notable way of attack is through a strategy known as callback phishing. A method where a threat actor sends a person an email detailing a fake problem (i.e. your package can’t be delivered or do you want to cancel your subscription before you get billed). The recipient is like “no way do I want to pay for a subscription to Colossal Cake of the Month”, they click the link in the email (or call the number provided), follow the instructions given and BOOM they now have remote access malware loaded on their PC.

The threat actor later capitalizes on the remote access looking at the PC for valuable or sensitive data. They then use the PC to complete a lateral discovery throughout the connected network looking for vulnerabilities they can capitalize on. Think of it as having a crazy awesome security system that keeps people out of your house but before you go to bed your nephew shuts it down quick to let a solicitor in to hang out as you sleep.

Royal tends to enjoy a two-way ransom attack on victims. First encrypting the data so it is useless, inaccessible and therefore shutting down operations. Second, they threaten to expose the sensitive data if you don’t give them their bag of cash.

Royal is heavily funded with loads of experience. They are considered a high-level threat to enterprises across all verticals. To protect against such threats, organizations need to allocate resources and build a multi-facet security system that monitors 24x7. Contact Kansas City Cyber today and we can establish a strong effective defense strategy for your environment.

Welcome to ! If you ever are unfortunate enough to be negotiating with a hacker, know that that it is far from guaranteed that you will ever see your data again even if you pay the ransom.

Committing the time and the resources to prevent a breach is the #1 way to minimize your risk.

Welcome back to ! We've been on hiatus enjoying the Summer! A great way to jump back in is to remind everyone Windows Server 2012R2 end of support is coming up faster than a knife fight in a phone booth! Don't be left out of compliance, contact KCC today and let us get you up to speed!

Welcome to Continuing our conversation on speeding up your PC, if you're still running on a standard rotational hard drive (HDD), !probably want to take a sledgehammer to your PC every time it boots up.

To be effective, you should have a solid state drive (SSD). An HDD has moving parts and must spin to the spot on the drive to find the data you request. SSDs don't have moving parts. Data is read/written through 'cells' which perform at a much faster rate.

To determine if you have an SSD or HDD follow these steps:

PC-
Click Windows Key + S to open search menu
Type PowerShell and press
PowerShell will enter
Type (or copy/paste) the following: Get-PhysicalDisk | Format-Table -AutoSize
Under MediaType, you will see what type of drive you have

Mac
Click the Apple logo in the top-right corner
Click "About this Mac"
Click Storage
Under the hard drive icon there will be a description of the hard drive (Flash Storage = SSD)

If you are still running on a rotational drive (HDD), we would recommend replacing that ASAP!

Welcome to ! As organizations have continued to move towards a decentralization of their team, BYOD (Bring Your Own Device) has become more prevalent. This has created challenges with management and security. As the name states, BYOD allows users to use their personal device for business purposes.

Since the devices aren't company assets, users can be reluctant to allow security software to be loaded on their device. However, an unprotected personal device accessing company data can lead to a hacker's dream. To prevent this, ensure you have a strict BYOD security policy that includes items such as a password policy, endpoint protection, the principle of least privilege, storage location protection or backup, and the ability to wipe the machine if the device is lost or stolen.

Welcome to ! A Man in the Middle attack is when a hacker places their device or app between two parties that are communicating.

The device then scans the traffic for plain text communication which can allow it to steal confidential and sensitive information.

Be careful when using unknown public wireless as you never know what the connecting device is able to track.