The adage “lightning never strikes the same place twice” doesn’t apply to cyberattacks. The experience of our client John Balfanz Homes, a premier homebuilder based in Bakersfield, illustrates why.
Saved by the backup
The first attack took place right after we completed offsite backups as part of our BackupCentric solution and as we were setting up SecureCentric, our next-generation security stack. Before SecureCentric was completely installed, a cryptocurrency attack encrypted the builder’s on-premise servers. Because we had offsite backups, we were able to restore files without paying ransomware.
The incident grabbed the owner’s attention, and he asked what else he could be doing. We assured him with SecureCentric and BackupCentric fully installed, he had the right tools in place. Our promise was tested a few months later.
Dangers lurk on the Dark Web and in standard software
In July, our monitoring tools told us one of John Balfanz Homes’ employees had credentials for sale on the Dark Web. We alerted John Balfnaz Homes and told them the user needed to update their password. Later the next day, a Friday, our breach detection software discovered suspicious activity on the server – a tor browser had been installed.
Tor browsers anonymize a user’s activity and are used by cybercriminals because their illegal actions become untraceable, insulating them from authorities. Additionally, the Windows magnify tool, which allows users to enlarge text to see better, was replaced with an administrative backdoor program that gave anyone full access to everything on that server.
Antivirus is not a complete security solution
Antivirus software is not enough to stop this kind of attack. It won’t detect tor browsers or issues with standard software. Without comprehensive security in place, the builder would have spent Monday dealing with the aftermath of a massive cyber security attack.
Our breach detection software confirmed the presence of malicious exploits on the server before they could be leveraged or exploited. The firewall we installed prevented the malware from spreading to the rest of the system. Then our team of IT and security experts acted quickly to notify our client and stop the attack.
A report of the incident was sent including what happened, potential ways the attack occurred, and how we prevented malware successfully infiltrating the network. No data or revenue was lost, and information wasn’t compromised.
Core components of layered security
- Basic security software
- Advanced threat detection
- Employee training on security threats, like phishing
- Expert monitoring of your network
- Action-ready IT support
I have learned that it is vitally important to be proactive rather than reactive about cyber security. The first issue we had that resulted in a little over a week of lost data once we were fortunate enough to get back up and running took literally 2 to 3 months of rework to fully recover from. The last attempted hack was stopped and our network returned to normal before most of our company knew we had any problem at all. – Justin Schweitzer, Controller, John Balfanz Homes
You’re going to be attacked, but with the right tools in place and a competent IT team paying attention to your network, a cyberattack won’t be a big deal. Contact us to learn more.