{% set baseFontFamily = "Open Sans" %} /* Add the font family you wish to use. You may need to import it above. */

{% set headerFontFamily = "Open Sans" %} /* This affects only headers on the site. Add the font family you wish to use. You may need to import it above. */

{% set textColor = "#565656" %} /* This sets the universal color of dark text on the site */

{% set pageCenter = "1100px" %} /* This sets the width of the website */

{% set headerType = "fixed" %} /* To make this a fixed header, change the value to "fixed" - otherwise, set it to "static" */

{% set lightGreyColor = "#f7f7f7" %} /* This affects all grey background sections */

{% set baseFontWeight = "normal" %} /* More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set headerFontWeight = "normal" %} /* For Headers; More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set buttonRadius = '0' %} /* "0" for square edges, "10px" for rounded edges, "40px" for pill shape; This will change all buttons */

After you have updated your stylesheet, make sure you turn this module off

Hackers target admins when they can't beat Sophos Security

by Jace Holyoak on November 13, 2018

TWO- FACTORAUTHENTICATIONA cyber-security solution is only as secure as its management is at keeping their login credentials secure. Here is a real world example of how hackers targeted a vulnerable admin into deactivating their Sophos software and then exploited their network to access important assets within a company. The following is an actual instant messaging conversation between a Sophos IT Representative and a Sophos customer:

9:30 AM - IT Representative

Saw I missed a call from you this morning.... I should be around most of the day now if you need anything.

9:33 AM - Sophos Customer

Hey, I was in a moment of panic and you were the first person I thought of... we just got hit BIG TIME ($55K in Bitcoin) by ransomware and I'm calling as I believe our systems were not functioning as advertised...

9:34 AM - IT Representative

Woah! You are running Intercept X, right?

9:34 AM - Sophos Customer

Well.... WE WERE!

After poking around in Sophos Central Admin Console, I realized EVERYTHING was disabled....

EVERYTHING...

Servers "Unlocked”

BASE POLICIES DISABLED

9:36 AM - IT Representative

ahhhh..... Were you 2FA'd ("2FA'd" stands for two-factor authentication, I will describe below)? Cause that's been happening...if the Sophos Central credentials are weak...hacker goes into Central, disables all CIX policies....and then runs their ransomware.

9:37 AM - Sophos Customer

You are right! Local admin login credentials were compromised and it was my account that was used to turn everything off!

The hackers also logged onto our Firewall and deleted all the logs for the time frame of the attack.

9:38 AM - IT Representative

Wow!! Pretty targeted attack.

9:39 AM - Sophos Customer

Yeah! Someone is about to receive $55k in Bitcoin.

Lessons Learned from this Experience

1. Set up Two-Factor Authentication!

Sophos provides two-factor authentication (2FA) via SMS which helps to secure your account even if your login credentials were taken. 2FA via SMS offers several advantages over other multi-factor authentication methods: No need to install and additional app on the user’s smartphone for one-time password generation, or to use a costly hardware token. Contrary to authentication e-mails, an SMS reaches users immediately and exclusively on that user’s personal mobile phone. Furthermore, a successful delivery is signaled immediately, thereby reducing the requisite media disruption to a minimum.

2. Regularly Update your Passwords!

While password policies shouldn't be the driving force in your cyber-security protection, they do play an important role in preventing this type of situation from happening. If the admin would have had a more complex password and regularly updated it, this may not have happened.

You can implement all the next-gen synchronized security solutions in the world but still have holes if you don't secure your login credentials. 2FA and password policies are a must!

View Blogs

Topics: Cyber-Security

Recent Posts

Popular Posts