The security flaw that led to the town of Moreau and dozens of others being hacked on Christmas was well-known in the industry. In fact, it was used in many of the cyberattacks of 2019, according the annual report from the Emsisoft Malware Lab.
In one case, more than 400 businesses and other entities were attacked at once through the same flaw last year, according to the report.
The Emsisoft Malware Lab is calling for all security firms to use dual authentication to prevent the attacks.
Locally, StoredTech of Queensbury switched to multi-factor authentication 18 months ago, and was not hit when so many others were hit on Christmas. StoredTech employees ended up helping fight off the ransomware attack for other companies’ clients because so many were hit at once.
“Fortunately, we went to multi-factor authentication 18 months ago,” said StoredTech Executive Vice President Alan Van Tassel. “We did it early on, as this really started becoming an issue. Because we have a responsibility to protect our clients.”
StoredTech has more than 500 clients, mostly in the North Country, Albany and Raleigh, North Carolina.
Dual authentication is a common protection method, used regularly by average people to protect their email or Facebook accounts. Gmail actively encourages its users to sign up for it.
The way dual authentication works is that when users connect through an unknown device — such as a different computer from their normal laptop — they can’t just use their password. Users also receive a long number, often texted to their cellphone or received through an app on their phone. (They have to set this up in advance so that the system knows where to send the number.)
If they can quickly type in the number — Facebook allows 15 seconds — they are allowed into their account. The numbers are generated randomly, so it’s a different number each time.
That means that every time a cybersecurity firm wants to access a client through remote monitoring, the firm might have to get a randomized number and type it in. Many firms don’t bother.
“This is not acceptable. The industry needs to be proactive rather than reactive and service providers must not prioritize convenience over security,” the Emsisoft Malware Lab report said. “In the majority of cases, the attacks succeeded because two- or multi-factor authentication had not been enabled on the RMM (remote monitoring and management system).”
The lab is a group of cyber-researchers who put out a report each year on cyberattacks and the most common vulnerabilities, and help small companies resolve ransomware attacks.
They called the cybersecurity firm attacks “entirely foreseeable and mostly preventable.”
The lab also stressed that companies can’t rely on just having good backups. Restoring from backups could take weeks or even months, the report noted, which could cripple businesses that need access immediately.
A hospital and a doctor’s office closed for good last year due to the cost of recovering from a cyberattack. Wood Ranch Medical in California closed after an Aug. 10 attack that led to the backups being encrypted as well as the entire computer system. The medical records of 5,835 patients were encrypted as well.
Also in 2019, Brookside ENT and Hearing Center of Michigan closed for good after its systems were wiped during a ransomware attack.
Campbell County Health, a hospital in Gillette, Wyoming, had to cancel surgeries and close its Emergency Department when it was hit by a ransomware attack in September. ER patients had to be transferred to other hospitals.
While ransomware has become a common attack, Van Tassel warned that there are many other vulnerabilities. StoredTech runs its own tests of employee security for clients by sending “phishing” emails to see how many people fall for them. They also run training for clients’ employees.
Some of StoredTech’s clients now test applicants during the hiring interview to see if they know how to keep the employer from being hacked.
Van Tassel searches the internet to see if a company’s employees’ passwords are available for sale. He can send reports to his clients to help them realize if they are in danger.
“Eighty percent of hacking breaches are caused by stolen or weak passwords,” he said.
If an employee uses their password in multiple locations, just one of those needs to be hacked for the password to be discovered.
“We have lots of hard conversations,” Van Tassel said. “There is no silver bullet.”
But he recommends changing passwords regularly, training employees to avoid hacking and create strong passwords, having at least dual authentication and keeping backups separate so they can’t be compromised in an attack.
“The best thing you can do is put lots of layers of protection in place,” he said. “The average employer thinks it won’t happen to them. But the bigger companies, they’ve got security. You’re the low-hanging fruit.”
Get local news delivered to your inbox!
Subscribe to our Daily Headlines newsletter.