19 Sep UPDATED: JOIN US AT THE SOS SMALL BUSINESS SUMMIT ON SEPTEMBER 27TH
MARK YOUR CALENDARS: September 27 10AM-2PM – SOS Small Business Summit
- Mayor Trent Staggs: Our Keynote Speaker!
- Amanda Millerberg: Service Coordinator to the First Lady of Utah, Abby Cox
- Kevin Lopez: Director over State of Utah Information Technology, Networking
- Dr. Michael Brown: Health/Wellness
- Jeremy Hancock: Importance of businesses providing financial education/advice to employees
- Toby Eborn: tips and strategies for businesses
- Barbara Riddle: (Pres. Chamber West) – TBA
- Jake Larsen: Video Power Marketing
- Karin Palle: Business Wellness Audit Financial/Organizational/Operational/Revenue
Speaker Highlight: To round out our speakers, Karin Palle (above) has agreed to speak about doing a Business Wellness audit. Karin is very close to my heart from the 2015 Goldman Sachs 10KSB program I am an alumni of. I am a big proponent of the program, and give that education credit for giving me the belief I could ever grow SOS|Support to what it is today.
Karin is a business advisor and instructor in the program and gave some of the best discussions. She is nationally renowned as a business consultant I can’t do her justice with her accolades, let alone all these other incredible speakers! Her sessions will be in a smaller more studio-based breakout style.
- Lunch Provided!
- Raffle Drawings!
For More Info:
Attached is the original and the latest flyer for the event.
Great News – Our speaker schedule is UP! Follow the link above.
Come and Support our Small Business
Expectations: We have exceeded our expectations and are excited to host you. Thank you to our great team members Tawna and Scott for making this happen and Tawna and Kari’s organization skills!
MGM Ransomware Attack – How did it happen
Ceaser’s Palace was attacked and held for ransom a few months ago. On the heels of this, MGM was attacked just over a week ago. I am not going to dwell on what or why but I want to teach the HOW DID IT HAPPEN.
The crazy thing is – this is social engineering at its finest. We have an insider contact who has a reliable informant at MGM who has provided some information and the gist of it is “It is worse than your reading in the news – far worse!”
The $30 million asked in the ransom is pennies on the dollar compared to what they are losing in daily revenues to this point.
What is Social Engineering? Email Phishing is a FORM of social engineering.
If you have been around the block, the name Kevin Mitnick may ring a bell. Kevin was the famous hacker in the 1980s who would get around security by using the phone or by impersonating staff (janitors, etc). He would impersonate other people or even use charm. He would get access to one system and that’s all he needed. He was caught after several years, served his sentence, and is now a white hat hacker for government organizations.
What happened with MGM? Rumor has it that one of the bad actors simply called the I.T. department at MGM and in less than 10 minutes had worked his magic and talked them into giving him access to one computer. They immediately used secret commands to uninstall the Anti-intrusion software. At this point, they were already behind the firewall. I imagine as well, that he/she then found the backups, and eliminated them. After all, what’s the point in holding a mega-company hostage if they can just say no and restore their backups?
Two points to take from this:
- Trust No One. A little X-File’ish, but you need to understand and trust whom you are talking to and have PROOF that you know they are who they say they are.
- Backups can be useless. Why is SOS Support going through a grueling internal 12-month engagement on NIST CIS Controls? Well, for starters, it is helping us with cyber insurance (to qualify and to get rates as low as possible). But beyond that, it’s to implement the BEST practices in the industry. We are already ahead of the MGM curve on what we are recommending to our clients and that is this: Your backups need to be invisible to the network! In other words, your backup device (BCDR, Datto, NAS, etc.) if seen from a network scan can immediately be attacked. However, if we are able to segment out the backup device and put it on a “separate vlan” (this basically means a separate internal network) then it will not appear on a network scan, because it’s part of a different network. We then use Firewall Routing rules to route the necessary traffic so the BCDR Backup device can access the servers to back them up. The only way the attacker can know these rules and find the destination of the backup is if they have the Firewall Login/Password as well! And the way we must house passwords, this would be nearly impossible to breach unless there is a Firewall that is not patched and therefore not secure and has vulnerabilities. Does this mean the MGM I.T. department was not doing their job? Maybe, or maybe it means they don’t know better? I.T. departments in general get lackadaisical. This has only recently become best practice, and big corporations are often the last to join best practices when there are shareholders involved.
To sum it up, here is a FANTASTIC write-up from Robin Hood (Credit: RobinHood):
Hackers of MGM and Caesars up the ante as cybercrime crashes the corporate party
When the house doesn’t win… Last week, casino colossus MGM Resorts suffered a massive hack that critically disrupted its business. Gaming machines and ATMs were offline (customers got handwritten notes for slots), hotel sites struggled, corporate email went kaput, and digital room keys stopped working. Guests said staff were relying on pen and paper. As of Friday, hotel operations were struggling for the fifth day. Another casino chain got dealt a bad hand too:
· Caesars Entertainment said hackers stole customers’ SS and driver’s-license #s, and it reportedly paid the cybercriminals about $15M not to leak the data.
· Big blind: The same group who broke into MGM’s systems is believed to have hacked Caesars. Its US- and UK-based members are said to be as young as 19.
A good bet… for bad actors. Hotel-casinos are attractive targets — and not just for the casts of “Ocean’s Eleven” and “21.” They collect valuable customer info, and every second of hack-induced downtime = lost $$. MGM’s share price fell 7% last week, and credit-rating agency Moody’s said the hack highlighted “key risks” that might damage its rating. The industry is working with security experts after an uptick in attacks this summer. It ain’t cheap: last year US companies spent $73B on cybersecurity, and paid at least $456M to ransomware attackers.
· Ransomware = software that encrypts a victim’s data, making it unusable. Hackers promise a decryption key if the victim pays up.
Data is a treasure (and a liability)… The gaming industry isn’t alone in its high-stakes battle against hackers. The FBI said that last year ransomware hit 14 “critical infrastructure sectors” (like: healthcare, water services). This year ransomware attacks have approached record levels, and cybercrime worldwide is forecast to hit $8T in lost funds. But there’s a bright spot, at least for the in-demand cybersecurity industry: an analyst said it could be a $2T market.
Here are our two flyers for the big event. If for some reason they don’t come through, email Richard @ email@example.com and he will send them to you directly.
Mailing Address Change:
Please send all mail correspondence to the following address and no longer to the Draper PO Box.
1098 W South Jordan Pkwy #106
South Jordan, UT 84095
For the latest cyber-attacks reports, follow these links: