3KeyLogic Blog

What’s lurking the digital shadows?

What’s lurking the digital shadows?


Organizations are often aware of their digital or internet footprint. That is, the footprint they leave behind online via their websites, social media accounts, external emails sent out, and more. It is very common for companies to employ a digital director to help manage all these new grounds and keep them in check. But how many companies aware that there is other information left behind on the internet outside of these normal channels? Information that cyber-criminals could leverage to start an attack on an organization.

Watch Who Emails You: Stay Safe From Business Email Compromise

Watch out for Business Email Compromise

In 2013 the FBI noticed a new attack that they called business email compromise (BEC) sometimes called CEO fraud (although it doesn’t always involve the CEO).  This is a simple attack that criminals use to steal money and financial information from all sorts of companies.  Targets have included large and small corporations, non-profits, churches, and schools.  As of 2018 BEC has cost over $12.5 Billion dollars and is on the rise.

Bitlocker and Solid State Drives (SSD)

Bitlocker and Solid State Drives

To keep devices secure, many companies rely on a product from Microsoft called Bitlocker.   Bitlocker is an encryption platform that helps keep your computer safe from offline attacks.   In the event a laptop or desktop is lost or stolen, the hard drive on the device is encrypted and is unreadable unless you have the password required to decrypt the device.

Recently a serious security risk has been discovered when Bitlocker is used with solid state drives (SSD).   This security flaw allows drives that are not properly encrypted to be hacked and user data retrieved.  This problem was discovered by Carlo Meijer and Bernard van Gastel of Radbound University.

Security Risks – Business to Business VPNs

What are B2B VPN

Many companies need direct connectivity with other trusted organizations to do business.  A cost-effective way to setup these connections is to create a business to business virtual private network also known as a B2B VPN. VPN is a technology that allows for two geographically separate networks to connect and share data across insecure networks like the Internet.  B2B VPN tunnels often use the IPsec suite of protocols to establish, secure and maintain these connections.  

Staying Secure When Facing Advanced Persistent Threats

The United States Computer Emergency Readiness Team (US-CERT) and the National Cybersecurity and Communications Integration Center (NCCIC) recently posted a technical alert for Managed Service Providers (MSPs) warning of a campaign conducted by Advanced Persistent Threats that targets MSPs and attempts to break into their computer networks.   Both cloud and on premise technologies are targeted in this attack.  You can read the full alert here, https://www.us-cert.gov/ncas/alerts/TA18-276B.

In this blog post we will look at who and what Advanced Persistent Threats are, what they are doing, how they are doing it, and why they are targeting MSPs.   We will also briefly going into how 3KeyLogic is staying protected and what you can do to make sure to not fall victim to an APT.

[Webinar] Cyber Security Strategy: Driving Value From Security Assessments

In case you missed our webinar last week, Brian and I talked about security assessments and how they fit into your cyber security strategy.  We include some tips about driving the most value from security assessments regardless of how mature your organizational security is.

Ransomware Trends

Ransomware is a type of malware that infects a computer and locks their files by encrypting them so they cannot be used until the owner of the device pays a ransom (usually in bitcoin or other online crypto-currency) to get their device unlocked. Attackers often use ransomware because it has several advantages over traditional malware and viruses.

Next-Generation Firewalls: What are they and why do I need one?

When discussing network security, firewalls are the number one item that comes up.  That is because they often are a company’s first line of defense and the most visible.   Firewalls are devices that sit at the border of the network, preventing unwanted traffic from entering a company as well as stopping malicious traffic from leaving.   As companies grow and their security needs increase, firewalls need to do more than just block traffic.

Your monthly “security assessment” may not be as secure as you think

When asked about security practices many organizations are quick to respond; “We do a security assessment every month [or quarter].”  But what do you mean by security assessment?  Often, this security assessment is a network or vulnerability scan performed by an automated appliance or service.  This is not a security assessment.