JumpCloud, an enterprise software firm based in the United States, has revealed that its systems were breached by a state-backed hacking group nearly a month ago. The attack initially appeared to be specifically targeted towards a limited number of customers, but they aren't certain. The company became aware of the incident on June 27, a week after the attackers gained access through a spear-phishing attack.

Although there was no immediate evidence of customer impact, JumpCloud took proactive measures by rotating credentials and rebuilding compromised infrastructure. However, on July 5, during their investigation into the attack and analysis of logs in collaboration with incident response partners and law enforcement, JumpCloud discovered unusual activity in the commands framework affecting a small group of customers.

As a precautionary step, JumpCloud immediately force-rotated all admin API keys to protect customer organizations and promptly informed them to generate new keys. The company's Chief Information Security Officer (CISO), Bob Phan, acknowledged that the attack was highly targeted and confirmed suspicions that the adversaries possessed sophisticated capabilities.

Phan emphasized the importance of information sharing and collaboration as the primary defense against such threats. Alongside the incident details, JumpCloud released indicators of compromise (IOCs) to assist partners in securing their networks against future attacks from the same threat group.

JumpCloud has not disclosed the exact number of customers impacted by the breach and has refrained from attributing the APT group responsible to a specific state.

Phan stated that JumpCloud would continue enhancing its security measures to safeguard customers from future threats and would closely cooperate with government and industry partners to exchange information regarding this incident.

Earlier in January, JumpCloud also conducted an investigation into the potential impact of a security incident involving CircleCI on its customers.

Founded in 2013 and headquartered in Louisville, Colorado, JumpCloud offers a directory-as-a-service platform, providing single sign-on and multi-factor authentication services to more than 180,000 organizations across 160 countries.

We can implement aforementioned blocks on your network that protect against potential fallout from this JumpCloud hack. Click to Call or Email us and we’ll schedule a time to help you change your electronic locks.

I wanted to bring your attention to a matter regarding the usage and security of your home printer. Considering the infrequent use of home printers, it is likely that you have not utilized yours recently, except perhaps during tax season or to print out a coupon last month. Nevertheless, it is important to note that even though your home wireless printer may not be in regular use, it remains powered on and connected to your network, making it a potential target for hackers who may be looking for a solid way into your life. 

You might wonder, "Why would anyone be interested in hacking my printer?" Cybercriminals are known to exploit any device that is connected to your Wi-Fi, as it serves as a gateway for them to infiltrate other devices, such as your computer or smartphone. Considering the prevalence of unsecured printers, it is highly likely that your own personal printer lacks any necessary security measures. 

To emphasize this point, one company recently hijacked approximately 28,000 printers worldwide as a demonstration, printing out a guide on printer security. Though the irony may elicit a chuckle, it is crucial to ponder the security of your own wireless printer. Regrettably, it is likely to be a vulnerable target. 

Now consider the fact that some of you, being business owners, might use your computer at home to work on QuickBooks Online, sensitive company data, your email account, your cloud apps, even your Facebook messages. Basically, if someone gets into your home network, they can springboard off that into your company and personal life. 

Fortunately, there are several simple steps you can take to address this issue and enhance the security of your printer. These include: 

·         Changing the default login credentials.

·         Keeping the printer's firmware up to date.

·         Utilizing a network firewall.

·         Placing your printer on a guest network.

·         Disabling any unused ports or services.

·         Disconnecting the printer when it is not in use.

·         Educating your family members on best practices for cybersecurity.

If you are interested in conducting a comprehensive home cybersecurity checkup, our team would be delighted to assist you. Click to Call or Email us today to schedule a meeting to discuss your current and future security needs.

Your network is made up of multiple entry points. These entry points are known as endpoints. They can be your trusty computers, smartphones, servers, or any other devices connected to your wifi or ethernet ports. It's important to be aware of the security status of these endpoints because they can be vulnerable to attacks when you least expect it, even if you primarily rely on cloud apps.

When a hacker breaches one of these endpoints, they don't just stop there. It becomes a gateway for them to access your valuable data and potentially infiltrate other endpoints or cloud services within your network. Shockingly, statistics show that about 64% of organizations have experienced the costly consequences of endpoint attacks. Perhaps you have already faced such a situation, or it might be waiting for you unless you take appropriate measures to protect your devices.

To safeguard your network, here are some foundational recommendations that you should consider implementing without delay…

Tackle password issues: Address any password-related problems promptly. Make sure to use strong, unique passwords and avoid reusing them across multiple accounts.

Deploy pre-boot malware protection: Utilize solutions that proactively detect and prevent malware before your operating system boots up, providing an added layer of security.

Keep your antivirus and anti-malware up to date: Regularly update your antivirus and anti-malware software to ensure that you have the latest protection against emerging threats.

Monitor device access: Be vigilant in monitoring the access to your devices, including those owned by employees. Implement proper access controls and permissions to minimize the risk of unauthorized entry.

Prepare for device loss or theft: Have a plan in place to address the potential loss or theft of devices. This could involve remote wiping capabilities, data encryption, or backup solutions to mitigate the impact of such incidents.

By taking these basic steps, you can significantly enhance the security of your network and reduce the likelihood of falling victim to endpoint attacks. Stay proactive and safeguard your valuable assets, data, and reputation!

Click to Call or Email us today to schedule a meeting to discuss your current and future security needs.

Congratulations! Your company has recently subscribed to a fantastic new cloud tool. Now that you have the ability to store and access data in the cloud, everyone is eager to get started. However, have you considered the crucial aspect of cybersecurity? You might assume that it's already built into the tool, but the reality is a bit more nuanced. While there are security settings available, are you certain they are appropriately enabled?

Suffering a hack on your cloud account can be a nightmare. Just ask the unfortunate 40% of companies that have experienced this very scenario. Surprisingly, one of the primary causes of such breaches is their own failure to configure the cloud security settings correctly. This misconfiguration comes with a significant price tag, leading to a range of issues, from ransomware attacks to account takeovers. Once a cloud system is breached, all bets are off.

So, how can you protect yourself? The answer lies in taking a closer look at your cloud account security settings and ensuring they are properly configured. If you require assistance with this crucial task, don't hesitate to reach out. Click to Call or Email us today and we'll be more than happy to lend a hand.

As cyber-attacks grow increasingly complex, attackers take advantage of connected networks and devices to move laterally, often undetected. The cloud and SaaS have further expanded supply chains, and a breach in one level of the chain can lead to devastating consequences for operations, regardless of cyber control maturity. VMware’s 2022 Global Incident Response Threat Report shows that a quarter of all attacks involved lateral movement. Moreover, one out of every 10 respondents said lateral movement was present in at least half of their engagements, while another report from VMware found that nearly half of all intrusions involved lateral movement. Lateral movement refers to the attacker's ability to move through connected systems and devices to gain access to more assets. According to IBM's report, in 2022, it took organizations an average of 277 days to identify and contain a breach, which is about nine months. Hence, it is crucial to strengthen defenses to stop lateral movement. Here are five ways to work against attackers:

Manage user administration: Each person accessing the systems and network should have a user account with login credentials. Use a least privilege approach to user management to grant access to only what is necessary for their jobs.

Deploy anti-malware: Attackers often leave ransomware and other malicious software to wreak havoc while moving through systems. Use anti-malware to monitor incoming and outgoing data to prevent ransomware infections.

Use multifactor authentication (MFA): Threat actors are skilled at phishing and social engineering to steal credentials. Use MFA to make it more challenging for them to steal credentials. Educate staff on MFA and related best practices.

Mandate strong passwords: Train employees on password best practices and use a password management system that requires strong passwords and routine changes.

Segment networks and back up data: Interconnectivity enables lateral movement. Implement network segmentation and conduct routine data backups stored in different locations to enable quick recovery in case of an attack.

Cyclone 365 proactively monitors your network to spot vulnerabilities and keep it safe. It’s virtually impossible to protect a business 100% without making everything far too restrictive for your team, so we specialize in designing and maintaining IT security systems that offer the highest levels of protection and limiting the damage ransomware and other types of malware can do without introducing unmanageable levels of inconvenience to your daily operations.

Click to Call or Email us today to schedule a meeting to discuss your cyber security needs.