How EMOTET is stepping up the game.

You may not know about the EMOTET malware but you should. This malware started as a banking trojan that would steal passwords and accounts from users. However this report from Kryptos Logic shows that this malware has now started including exfiltration to the list of things it can do.

Why is that bad?

Exfiltration is the act of stealing your data. It is one thing to steal account numbers and passwords but yet another to steal all your data. Imagine, you can change passwords and close accounts but stealing your most sensitive data may not be as easy to recover from! Imagine your data on patient records or the credit card information of all your customers. That could certainly be a lot harder to recover from!

The 5 quick wins for IT Security

A strong Cyber Security involves many overlapping systems. Each system relies on the other systems for added strength but can also stand alone.  Often the deployment of a full set of Critical Security Controls (CSC) is an expensive and time consuming undertaking. 

What can an IT manager with a limited budget and manpower do?

For a moment, I’ll neglect the obvious firewall and user training components. Below is my priority list for first steps in securing your company infrastructure:

1.      Application whitelisting

2.      Use of standard, secure system configurations

3.      Patch application software

4.      Patch system software

5.      Reduced number of users with administrative privileges


Need help? Tracc Development, Inc.  will work with you to develop a strategy to achieve a stronger cyber-security posture.

Most business owners claim they are unlikely affected by cyber-attacks

According to a recent article in The Hill by By Morgan Chalfant. “…roughly three-quarters of business owners said that they believe their businesses are unlikely to be affected by a cyber-attack.“

This begs the question: Why do you think that way?

We fly under the radar

It takes about an hour to scan all Internet addresses. All 3.7 billion of them! So, assuming there are only 3600 hackers out there (trust me, there are more) that means you will be found in a matter of seconds! Obscurity is not really a great defensive strategy.

We don’t have any useful information

I hear this one a lot and usually it’s not true. Did you know that California has stricter notification requirements than the federal government? Some organizations have legal reporting requirements if name, address, and phone number are compromised. Do you have a client or customer list anywhere?  Do you keep credit card information for customers?

We use SaaS providers so security is their problem.

First of all, there are security holes in some of the largest cloud based solutions out there and an analysis of risk for each tool is a subject for future articles. The fact is that user behavior is probably your biggest weak-point. How well is your staff trained; how often? An analysis of a common cloud based file share showed that over 15% of files in the cloud contained sensitive information like credit cards, company salary information, password files, etc.

Cyber-security is a serious problem that requires serious attention from business leaders. If you think you have good security, find a cyber-security expert to come in and test things. You will likely be surprised (and probably embarrassed) by what they find.