Last week, we had an attack on our phone system that took us offline for a bit of time and I had several patients complain that they couldn’t get through.
I’ve also noticed a substantial increase in spam coming into my email over the last few weeks.
I asked our IT Manager, Ted Nicolau, what was going on and if COVID had anything to do with it.  I also asked him to share the reasons why it’s happening and what people can do to protect themselves. This is his very comprehensive and helpful response that I’ve also tried to summarize in this week’s video:
Here’s a summary of what happened over the past few weeks. Keep in mind that we weren’t targeted, which is very important. Often, hacking isn’t a directly targeted attack. They’re usually looking for weaknesses in a system and if they make their way in, they’ll decide if your data is worth it. It’s also foolish to think “I won’t be attacked. I don’t have anything people want.” You have information that YOU want. Hackers will still take your data and then try to sell it back to you. That’s ransomware.
COVID has played a big role in the rise of attacks. More people are working from home and many businesses weren’t prepared for a mobile workforce. Businesses had to rush to put together a system that would allow people to connect to corporate systems from home. They cut corners and users were no longer protected by the corporate infrastructure. They made their network easier to access by decreasing security, in turn, making it easier for outside entities to gain access.
Email Malware:
- we noticed a 500% increase in emails containing malicious attachments or links to malicious websites
- emails were referencing COVID and mostly targeted to employees working from home due to COVID
- subject lines contained text like “COVID-19 Open Immediately” or “Paycheck Protection Program Financial Documents” or “Remote VPN Connection”
Phone Attacks:
- we sporadically receive alerts about attempts to access our phone system. When this happens, we just block the IP and move on.Â
- late last week, we began receiving 100s of these alerts. We then noticed our server was having a hard time staying online. Somebody was flooding the phone server with attempts to access the server.
- why would someone bother with accessing a phone system?Â
- Toll fraud – hackers can route international calls and rack up thousands of dollars in phone charges
- Eavesdropping – listen in on calls for any private information that may be exchanged
- Caller ID spoofing – use our servers to make thousands of spam callsÂ
- The real miracle is, we were able to keep phones going through all of this with very minimal downtime (just a few minutes)
How we are made aware of these attacks:
- honestly, it’s not glorious. We have systems in place that keep logs of everything happening on every device (servers, networking equipment, email, etc). The IT team pores over these logs daily looking for inconsistencies or suspicious patterns
- for our business-critical systems we receive email alerts 24/7. If a system goes down we get an email. If somebody attempts to access our network, we get an email.
- having procedures in place to track these attempts, being diligent, and, of course, having a dedicated IT team that enjoys what they do
Also important:
- If you don’t have the proper tools in place to track these attempts, you may never know if somebody has accessed your systems
- Attacks like this are happening all the time and have only increased since COVID with many employees working from home
- Regarding our phone server – our firewall failed. We had a secondary layer of defense in place called intrusion detection that prevented exposure
- Moral of the story, it’s important to have redundancy and layered security in place, that way if one system fails, you still have enough protection to bring the other system online. In our case, the first line of defense failed and the secondary layer took over. Also, primary phone server failed, but because of our redundant infrastructure, we were able to quickly bring the backup server online to take over
To ensure you are protecting your business, make sure you use these thoughts to either bring on IT people and create the systems or double check to see that those in place are adequate.
Take it from me, when these people with bad intent get a hold of your IT systems, the results are terrible.
Have a great week.
Lowell