Tag: hackers

2.5 Billion Gmail users at risk after database leak exposes pertinent account information
It was recently revealed that Google’s Salesforce database was breached, exposing data for over 2.5 billion users at the time of reporting.

Initially it was being reported that the leak would primarily effect only their business users as the data found in Salesforce mostly pertains to those accounts. However that was quickly dispelled as Gmail users reported increased attacks against their accounts, with some users reporting they even received a call from alleged Google employees notifying them of the breach of their account.

We want to make it clear that no password data was leaked in this data breach (at least at the time of writing) instead the data is being used to increase the effectiveness of phishing attacks leveled at Gmail users. One example of the attacks that are occurring includes users being told to initiate an account reset wherein the bad actor intercepts the password and locks the original user out.

Another attack being initiated is what Google calls “dangling bucket takeover” where the attacker essentially has access to a link connected to the users Google storage and uses it to hijack their account. Google outlines the four ways you can protect against this kind of attack in the page linked.

While company based accounts might be the most prime targets – and this goes for phishing in general – that doesn’t mean individual users are safe. Spear phishing, a popular variant of phishing that involves researching and gaining access to user accounts outside of their prime target such as an employees close to the company lead, could be a motivator for the current rise in attacks related to this breach. They would then use those accounts to increase the legitimacy of phishing attempts leveled at the primary target (by sending messages as the compromised user).

It is paramount in 2025 that users practice good safety hygiene when it comes to their online data, especially in an age where the onslaught of data breach news can feel overwhelming and increase a sense of helplessness. Even though data breaches are not rare, users can still protect themselves in the following ways:
1. Enable Two-Factor Authentication (2FA)
- Turn on Google 2-Step Verification.
- Use an authenticator app (Google Authenticator, Authy, or similar) instead of SMS, since text messages can be intercepted.
- For even stronger protection, consider a hardware security key (e.g., YubiKey).
1. Use a Strong, Unique Password
- Avoid reusing passwords across multiple sites.
- Use a password manager (Bitwarden, 1Password, LastPass, etc.) to generate and store long, random passwords.
- Change your password immediately if you suspect any compromise.
1. Regularly Review Account Activity
- Check Gmail’s “Last account activity” (bottom right of inbox) for unusual logins.
- Review the Google Account Security page to see devices that have accessed your account.
- Remove old or unused devices and apps with account access.
1. Be Proactive Against Phishing
- Always verify the sender’s address before clicking links.
- Hover over links to confirm they point to legitimate Google domains.
- Turn on Gmail’s Enhanced Safe Browsing in account security settings for extra phishing protection.
Email remains the number one entry point for cyberattacks, from phishing scams to ransomware. At Valley Techlogic, we take a proactive approach to keeping your inbox safe. Our team helps businesses implement advanced spam filtering, real-time threat detection, and encryption to safeguard sensitive communications.

Beyond just tools, we provide continuous monitoring, security awareness training, and rapid response in the event of a breach. With Valley Techlogic as your partner, you can rest easy knowing your organization’s most critical communication channel is protected. Learn more today with a consultation.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, leading provider of trouble free IT services for businesses in California including Merced, Fresno, Stockton & More. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on X at https://x.com/valleytechlogic and LinkedIn at https://www.linkedin.com/company/valley-techlogic-inc/.
August 22, 2025
Staying secure on the 4th, why phishing attacks increase during holiday weekends
We’ve touched on this topic before, but we thought a reminder as we approach the Fourth of July weekend couldn’t hurt, hackers don’t take the holidays off.

This includes summer holidays such as Memorial Day and the 4th of July in addition to the typical winter festivities. Bad actors know that the holidays can be a boon for their nefarious activities, employees may be less on guard as they look forward to the extra time off and routines are thrown off with a disruption to the normal M-F patterned workweek.

Here are 7 ways the holidays lead to a higher risk of phishing attacks:
- Reduced Staff Monitoring
  Fewer IT and security personnel are actively monitoring systems during holidays, making it easier for attacks to go undetected.
- Delayed Response Times
  Even if an attack is noticed, response times are slower due to limited holiday support coverage, allowing phishing attempts more time to succeed.
- Disrupted Routines
  Employees are more likely to check emails from mobile devices or at unusual times, making them less vigilant and more susceptible to suspicious messages.
- Increased Volume of Personal Communications
  Holiday-related emails, such as order confirmations, travel details, and e-cards, create a flood of legitimate messages—making phishing emails easier to blend in.
- Tempting Lures
  Phishing emails often mimic holiday promotions, charity donation requests, or time-sensitive holiday deals—tactics that seem more believable during the season.
- Social Engineering Opportunities
  Hackers exploit the fact that people are distracted, in a festive mindset, or rushing to wrap up work—making them less likely to scrutinize an email carefully.
- Gaps in System Updates
  Routine maintenance and updates might be paused during holidays, leaving systems more vulnerable to phishing-based exploits that rely on unpatched software.
(Download these tips as an Infographic below.)

Phishing attacks are one of the most common—and costly—cyber threats facing small businesses today. At Valley Techlogic, we help protect your business by implementing robust email security solutions, conducting employee phishing awareness training, and monitoring for suspicious activity around the clock. Our proactive approach ensures you’re not just reacting to threats but preventing them before they reach your inbox. Reach out today for more information.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, leading provider of trouble free IT services for businesses in California including Merced, Fresno, Stockton & More. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on X at https://x.com/valleytechlogic and LinkedIn at https://www.linkedin.com/company/valley-techlogic-inc/.
July 3, 2025
Are cyber attacks still being conducted the same way in 2025? Top 8 cyber attack methods explained
New year, new threats? Hackers have not slowed down their efforts year over year, in 2024 the average cost of a data breach rose to 9.36 million US dollars. Of course this is taking into account the massive breaches that occurred last year with one attack costing the company that was targeted $500 million dollars.

Still, even for smaller businesses the average cost is usually somewhere between $120,000 to $150,000 – no small sum. Year over year though, the types of attacks haven’t changed even if they’ve become more effective in scale. These top 8 attack methods remain the same (with the first one leading in effectiveness by a landside):
1. Phishing: Phishing remains the top attack vector in 2024, with 90% of attacks still starting with a phishing email. Our advice on how to spot a phishing email has also stayed the same.
2. Ransomware comes in second and is preceded by a phishing email 40% of the time. In 2024 the largest single ransomware payment of all time was made to the “Dark Angels” ransomware group to the sum of $75 million.
3. Denial-of-Service (DoS) attacks are not a new player to the game, but they are part of an overall strategy we’ve seen by attackers to weaponize operational technologies to cripple businesses – either for a payout or just to send a message.
4. Man-in-the-middle attacks involving intercepting private conversations or data between one or two parties, a good example of this is an attacker setting up a fake Wi-Fi connection or intercepting unencrypted HTTP connections to gain user login information to a website.
5. SQL Injection attacks are a difficult one for consumers to guard against as they’re conducted on the backend of a businesses website or database and involve “injecting” malicious code. If you’re a business owner, it’s crucial to work with competent developers when creating consumer facing websites (especially if you’re collecting sensitive data through them).
6. Cross-Site Scripting Attacks are again difficult to guard against, these attacks are also extremely inconspicuous as the attacker in effect sets up a honey pot on the victim’s server or website and waits for it to collect data from the site’s users. Again, it’s crucial to work with a competent developer and IT provider when to protecting your data both internally and from being externally exploited.
7. DNS Spoofing involves redirecting users from the site they were intending to visit to an unknown site where their data can be collected (usually login information for the site they intended to navigate to). One trick for telling if the page you’re on is secure is to look for the little lock symbol in your navigation bar, this is a sign the page you’re on is using a secure connection.
8. Zero Day Exploits are the most difficult to protect against as they are attacks that are literally exploited the same day they’re discovered. Hackers are constantly looking for new ways to access your systems, and even if you’re a small business you’re never too small to be of use to them (even if it means leapfrogging past you to exploit your customers).
There is never a better time than the start of the year to evaluate your technology systems for improvements, at Valley Techlogic we can provide you with a comprehensive report on our recommendations for your business as well as a tailored plan to bring your business up to date in 2025. Schedule a consultation today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, leading provider of trouble free IT services for businesses in California including Merced, Fresno, Stockton & More. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on X at https://x.com/valleytechlogic and LinkedIn at https://www.linkedin.com/company/valley-techlogic-inc/.
January 10, 2025
Discord.io data breach sees 760,000 users information stolen and an end to the service
If you’re not familiar with Discord, it’s a chat service that first opened to the public in 2015 and quickly grew in popularity having a base of 3 million users just one year later in 2016. Now in 2023 there are over 150 million users, and the platform has been valued at $7 billion.

Discord filled a niche that had been previously left vacant since chat services like AOL and MSN were discontinued. In the early 2000’s to 2010’s forum-based communication rose in popularity and left many chat rooms empty.

Now as trends have changed, chat has seen a resurgence in popularity with Discord acting as a vector for many special interest groups to gather and discuss their hobbies, or for consumers to follow live updates about a product they’re interested in and even speak directly with its creators and get an inside look into the development process. No matter what your interest is, gaming, home improvement, DIY, art, music – there’s probably a Discord channel dedicated to it.

Discord.io was a third-party website that allowed users to find and share chat channels, we’re unfortunately saying was because after the breach they announced their services would be closed for the “foreseeable future”.

On the website it says “”We are still investigating the breach, but we believe that the breach was caused by a vulnerability in our website’s code, which allowed an attacker to gain access to our database. The attacker then proceeded to download the entire database, and put it up for sale on a [third] party site,”. They’ve also listed the information that was released in the breach which included users encrypted passwords, their email and username, and even billing and payment information if they partook in a premium membership through the site.

While they’re not directly associated with Discord, this breach will still have an effect on Discord itself not just because this service has been discontinued but because of the overlapping data Discord and a Discord-centric third party application will have.

The unfortunate rub of it is when you utilize third party vendors for the products and services you use you’re sharing the same information with them as you are with everyone else, and a breach through an outside vendor can effect you as much as a breach to your business directly.

That’s why it’s important to vet your vendors and have protections in place to limit the effects a data breach can have. Protections can include:
1. If the breach involves financial data that could be used for identity theft, consider freezing your credit. This will limit the damage someone can do with your identifying information. If you’re not ready or aren’t able to freeze your credit, then we suggest credit monitoring at the very least (often provided for free by banking and credit card companies).
2. Don’t use the same password from one account to another. As we mentioned, password data was leaked in the Discord.io breach. While it’s encrypted data which is a good protection, many of these passwords will be cracked, and the people who purchased this information will try the password on users other accounts such as their email. If you use a different password for all of your accounts in unison with a password manager then a password leaked in a breach will only effect one account, greatly limiting the damage that can be done.
3. Similarly to above, to protect your accounts from intrusion you SHOULD be using MFA (Multi-Factor Authentication). We recently posted another article outlining the benefits of MFA, but in a nutshell if a hacker has gotten enough information about you from data breaches they may be able to utilize it to gain access to your accounts – even WITHOUT a password. MFA will stop most hackers in their tracks.
Even with protecting yourself, it’s still a good idea to try to limit the funnel of information about you or your business that can unknowingly end up on the web through third party breaches. Here are 5 additional ways to protect your data:

Want to learn more about how to recover from a data breach, boost your cyber security readiness, or gain additional insight in the kinds of questions you should be asking your vendors about your data? Valley Techlogic can cover all these topics and more. Schedule a consultation with us today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
August 18, 2023
BEC Scams are becoming increasingly more common, and the payouts more lucrative
BEC or Business Email Compromise is a type of phishing scam where the target of the scam receives an email purporting to be someone they know, like a vendor they work with or a colleague. These scams are so common place that the Federal Bureau of Investigation even has a guide to protecting yourself from them.

We’ve even written before on how to spot a typical BEC email and a few ways to combat it, but we would like to circle back to this topic now as we creep into what is typically a very busy time for most business owners – the fourth quarter.

You may or may not be surprised to learn that BEC attacks rose in the fourth quarter last year and we’re not anticipating 2023 to be any different. 2022 even saw a rise in the ever popular “as-a-service” variant of attacks which means would be bad actors could enact their attacks with little actual effort on their part.

The technical know-how required for these attacks is also low, with some of them being as simple as just a variant on your normal phishing scheme but with the end goal being a direct payout rather than the user’s credentials or private information.

CISA (Cybersecurity and Infrastructure Security Agency) even reported on Russian state sponsored bad actors specifically targeting defense contractors using Microsoft 365 with their BEC schemes. Imitating Microsoft support is not a new scam, and like always you should be wary about any support person reaching out to you directly asking for your credentials, but the single-minded focus of this particular scam put government agencies like CISA and the FBI on red alert.

When we say these scams are becoming more lucrative, we definitely mean it, with it being estimated BEC victims lost 2.74 billion dollars in 2022 which was $300 million more than 2021. Like with most cyber attacks we anticipate they’ll continue to rise.

So how do you protect yourself from a Business Email Compromise scam in 2023?
1. Don’t overshare online. BEC is a social engineering scam, so the less information that’s readily available about you on the internet the less able a scammer is to pretend to be someone you know.
2. Forward emails instead of replying to them. As with normal phishing these scams are perpetrated over email. Forwarding emails forces you to type out the email address (thereby guaranteeing it goes to the right person). BEC attacks usually involve spoofing an email address or simply choosing a domain that’s similar to one you may be use to corresponding but having a slight misspelling or rewording.
3. In the same vein, check the sender’s email address before responding at all. You may be able to simply block the scammer when you discover they’re trying to imitate someone else by verifying the email address is incorrect.
4. Secure your own domain against domain spoofing. Many times, the attack is coming from “inside the house”. A very common BEC scam involves one of your employees receiving an email that looks like it’s from you or someone high up in your organization, except it’s not. Registering the domains you use for email will help protect against this very common variety of this scam.
5. Again, in the same vein as our last tip, use a domain that you’ve registered instead of a free email service. It might be tempting to keep using the Gmail address you’ve always used to avoid paying for a domain and email services, but it greatly increases your risk of a BEC attack being successful. Using a free email service allows attackers to create a new email with your name to then tell those you know you just “got a new email”. It would be very difficult to prove this is false without talking to you directly.
Many of the defense strategies against a BEC attack involve employee training. Attackers may not target you directly as the business owner when it’s easier to get to you (and your business) through a weaker link – often employees who don’t have the strategies available to avoid these kinds of scams.

Luckily, Valley Techlogic provides security training as part of our service packages. Below is a list of some of the training topics we cover for our clients:

Cyber security training is quick and is one of the easiest and most effective ways to have an overall safer environment for your business. Learn more about Cyber Security Training through Valley Techlogic as well as other the other cyber security services we offer today through a quick consultation.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
August 11, 2023
The US has declared a $10 million dollar bounty for more information on this ransomware
The US State Department’s “Rewards for Justice” program announced a 10 million dollar bounty for any information leading to clues on how the Clop ransomware attacks are linked to attacks on foreign governments.

Announced via Twitter, the Rewards for Justice account tweeted “Do you have info linking CL0P Ransomware Gang or any other malicious cyber actors targeting U.S. critical infrastructure to a foreign government? Send us a tip. You could be eligible for a reward.” This program was initially launched to gather information on terrorist groups targeting US interests.

The program has now grown to include attacks perpetrated by cyber criminals (even outside the US). It has collected information on the REvil ransomware, Russian Sandworm hackers, Evil Corp hacking group and more.

This Isn’t the first time the US has announced a substantial bounty for information on cyber crime, in May of this year the Department of Justice also announced a $10 million dollar bounty for information leading to the arrest of the alleged Russian ransomware mastermind Mikhail Pavlovich Matveev, also known online as “Wazawaka”.

Mikhail Pavlovich Matveev or “Wazawaka” was accused of demanding $400 million from his victims (most of which purportedly paid). His exploits make him one of the most prolific single cyber criminals in history, but due to his illusive nature he still remains uncaught despite the substantial bounty on his head.

Switching back to our story on the “Clop” ransomware, we covered one of the victims of this ransomware just last week in our article on the CalPers/CalSTRs data breach. Clop was used in the zero-day vulnerability found in the MOVEit file transfer software.

Now, the group behind the Cl0p ransomware is extorting companies whose data was stolen during the attack and threatening to leak it online if the ransom is not paid.

Victims of the Cl0p ransomware attack received this message June 17^th, outlining the demands the group has for them and even offering an online chat to discuss the terms of payment. Victims are being given just 3 days to come to an agreement or an online page will be created by the group and their information will be leaked online.

Outside of paying the ransom or dealing with the fallout of their data being leaked, there is little recourse for victims of this type of crime. The bounty is not due to the businesses and individuals whose data has been stolen in this attack, but the fear that the Cl0p ransomware group also received information on data sensitive to US security during their attack.

The Cl0p ransomware group has said they will be deleting any data that pertains to the US or foreign governments, but of course there is no way to confirm this is true. All in all it will be interesting to see how the effects of offering a bounty for information leading to the arrest of individuals involved in these attacks acts as a deterrent for future attacks.

If your data was leaked in this recent breach or you’re worried about identity theft, we do have some tips on what to do if your information has been leaked online or or to lower your risk factors below:

Of course, the best method of keeping your data safe is to prevent it from being leaked in the first place, and Valley Techlogic can help. Cyber security is our main focus, and we know the cost of prevention can often dwarf the cost of remediation when it comes to cybercrime many times over. Learn more about how we can improve the security in your business today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
July 7, 2023
When a data breach leads to jail time for an ex-CEO, and why you should take data security seriously in 2023
We’ve seen plenty of examples of extreme monetary penalties occurring from data breaches, but this is the first we’ve seen of anyone actually being jailed for one.

Vastaamo was a Finnish psychotherapy provider that was founded in 2008. While it was a sub-contractor under the government, Vastaamo like many healthcare related businesses was the subject of data breach attempts, with two additional successful attempts occurring in 2018 and 2019. These attempts failed to be reported by the company.

The ex-CEO Ville Tapio did report the 2020 breach to authorities, after all of their patient data was stolen by the cyber criminals. These criminals asked for €450,000 (about $.0.5 million in US dollars at the time of writing) and when that was unsuccessful, they then demanded €200 from each patient of the clinic for which they had records on. They warned this fee would increase to €500 each if the clinic did not pay within 24 hours.

They warned the patients that after 48 hours with no payment they would be doxxed. Doxxing is when your private details are leaked online (this can include your payment information but also things like your address). In this case they were even willing to leak client session records and notes. They leaked the details of 300 patients which included politicians and police office. A 10 GB file containing the patient notes for over 2000 patients was also found on the dark web following the hack.

While the clinic, Vastaamo, was a victim in this case authorities still looked at the overall picture when making the decision to charge ex-CEO Ville Tapio, including the previous breaches and the fact that he had insider knowledge of the company’s cybersecurity coverage (or lack thereof). He was charged with a 3-month suspended sentence and the company itself had to file bankruptcy and eventually went under.

The severity of the breach and the companies lack of accountability when it came to cybersecurity protections made them run afoul of the GDPR (General Data Protection Regulation) which are Europe’s regulations on data protection and privacy for its citizens.

If you’re a US based company owner it’s not a good idea to think “Well nothing like this could happen here”. California recently passed the CCPA (California Consumer Privacy Act) which allows customers more say so over the data your business collects on them. If your business has contracts with the DoD (Department of Defense) you’re probably already seeing stricter restrictions and regulations for how your business must be cybersecurity compliant to keep doing business with the government via CMMC (Cybersecurity Maturity Model Certification). HIPAA is old news for medical practitioners, but we still find many that are not compliant with the regulations.

Suffice to say there can be blowback that extends beyond financial penalties and injuries to your business’s reputation. Small steps in protecting the data within your business can make a huge difference in the outcome you have (whether it be avoiding an attack altogether or making for an easier recovery).

If you need creating or developing a more robust cybersecurity gameplan, Valley Techlogic is the one you’re looking for. Cybersecurity is our number one concern, and we take implementing cyber prevention measures for our clients very seriously. If you would like a consultation to learn more just visit here to get started.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
April 21, 2023
Our top 10 safety tips for mobile devices
There’s a popular misconception that mobile devices are somehow more resistant to hacking and cyberthreats than PCs (personal computers) or other standalone devices, this Isn’t exactly true.

In today’s age, anything connected to the internet can be tampered with or hacked. The age of the “Internet of Things” (IoT) is here and there have even been cases of web connected devices like appliances being hacked and used to gain access to data within your household or office.

Your cell phone or tablet are really just smaller computers. Whether you have an Android phone or tablet or stick to Apple products, you still need to take precautions when visiting websites or opening emails and attachments as you do with your laptop or desktop. Plus, because these devices are much more portable you even should take extra precautions when taking it out in public.

Here are our top 10 safety tips for mobile devices:
1. Always lock your phone when you’re not using it. Setting up a pin, facial recognition or fingerprint recognition will also add another layer of security.
2. Keep your software up to date. Just like with computer updates, phone OS updates often include important security patches to keep your device safe.
3. Only download applications from secure sources. Questionable applications can lead to your phone being compromised, and even with applications from a known good source (like the Google Play Store or the Apple Store) only give them as many permissions as they need to function and no more.
4. Install an Antivirus on your phone. Many may not know antivirus software Isn’t limited to computers, but there are antivirus solutions for computers that will include a phone version bundled together.
5. Be careful with public Wi-Fi. Open public networks are open to everyone – including hackers who are able to see everyone who’s connected. Only use them if absolutely necessary.
6. Same goes for public phone charging. Hackers can tamper with or even setup fake cellphone charging stations in a scheme known at “juice jacking”, when you plug your phone in it installs malware on your device. If you need extra battery power, consider carrying a power bank with you.
7. Just like with your PC, vary your passwords. It can be more difficult to create good passwords on your phone, luckily the same applications like LastPass (our recommended password manager) you use on your PC for password management also have mobile versions.
8. On the upside 2FA is even easier on a phone than a PC. Many 2FA applications like Google Authenticator are cellphone based, making 2FA even easier to use on your phone.
9. Be careful what data you save to your phone. Many of us save our payment information to our phones for easier checkout but if your phone is compromised (or stolen) than all that information is now in the hands of a bad actor. It’s might be worth reconsidering saving that information, especially details for something like your bank account or anything that can’t be easily changed.
10. If you are going to take some risks (like using public Wi-Fi) consider a VPN. Virtual Private Networks (VPN) can encrypt your data, making it a little safer to use public Wi-FI.
We also have some safety tips for your IoTs devices in this chart:

Click to view the full size version.

If you have mobile devices connected to your business’s office network, it’s worth evaluating whether there is any risk involved for your business. There are network security solutions that will apply the same rules for mobile devices as it does for PCs, meaning even if a compromised cellphone connects you will still have protection from the rest of your network being infected. If you’d like to learn more schedule a consultation with us today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
September 29, 2022
Google blocked the largest DDoS attack ever, peaking at 46 million requests per second
While it’s just now being reported on, the DDoS attack on Google Cloud occurred on June 1^st and lasted for 69 minutes – reaching a peak of 46 million requests per second.

Source: Google Cloud

We’ve covered Distributed Denial of Service (DDoS) attacks before in this blog, but the scale of this one is mind boggling. It’s nearly twice the size of Cloudflare DDoS attack from last year around this same time, which peaked at 26 million requests per second (sent from just over 5000 devices).

If you’re wondering where the devices used in these attacks originate from, the answer in this case is unsecured devices. Specifically compromised Mikrotik routers.

There’s been a number of articles regarding possible compromises to the Mikrotik brand of router including one instance that involved over 200,000 devices. Many in the security space wondered if there would be a fallout from that and now, we have our answer.

However, what’s more impressive is not the scale of this attack, but the fact that it was successfully blocked by Google.

Botnet attacks of this nature are not rare, it’s difficult to say exactly how many attacks occur per day but it has been noted they’re on the rise since the Russian invasion of Ukraine. A botnet is essentially an assembly of compromised devices that are used to attack a target. DDoS attacks are one of the most common uses, but they’re also used for phishing, cryptomining, or to bruteforce passwords just to name a few. The largest botnet ever recorded belonged to Russian BredoLab and consisted of 30,000,000 devices.

Would be bad actors can even purchase DDoS as a service for as little as $5 per hour which should give you an indication how prevalent and common they are as an attack vector.

Google blocked this attack by leveraging their Cloud Armor product, a network security service directly aimed at preventing DDoS attacks. If they were looking for a powerful case study for the effectiveness of this product, we can think of no better example then effectively blocking the largest DDoS attack in history (so far).

Part of blocking a DDoS attack is early detection. DDoS attacks ramp up, if you can detect an incoming flux of peculiar traffic to your network you can block the attack before it’s able to scale up and cripple your network.

Besides blocking potential attacks, the other side of the coin is not becoming an unwilling participant in a botnet through a compromised device in your home or business.

The sinister part of it is you may not even be aware your device is compromised and it’s not just mobile devices and personal computers that can be affected, even IoT (Internet of Things) devices can be hacked. There are a few things you can do to prevent your devices from being taken over by hackers as we outline in the chart below:

If your business needs assistance with protecting from any potential attacks or making sure your devices stay uncompromised, Valley Techlogic can help. All of our plans include robust cybersecurity protections at no additional charge, including assisting in your cyber security training goals (after all, human error is the #1 cause of data breaches). Schedule a consultation today to learn more.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
August 25, 2022
College shuttered after 157 years due to ransomware attack
While ransomware wasn’t the only thing behind the decision to close Lincoln College, located in rural Illinois and established in 1865, it was the final blow after taking substantial financial losses due to the COVID-19 pandemic.

The school, which had survived through the Spanish Flu, the Great Depression, two world wars and even a fire in 1912 will close its doors for good on May 13^th, 2022.

The ransomware attack which occurred in December 2021 crippled their recruiting and fundraising efforts for two months, not being resolved until March 2022 as a statement on the school’s website reads.

“Furthermore, Lincoln College was a victim of a cyberattack in December 2021 that thwarted admissions activities and hindered access to all institutional data, creating an unclear picture of Fall 2022 enrollment projections. All systems required for recruitment, retention, and fundraising efforts were inoperable.

Fortunately, no personal identifying information was exposed. Once fully restored in March 2022, the projections displayed significant enrollment shortfalls, requiring a transformational donation or partnership to sustain Lincoln College beyond the current semester.”

The school made attempts to avoid the closure, but the efforts came too late, and we’re sorry to say they’re far from unique in being a school that was targeted by a cyberattack. According to this report over 1043 schools suffered ransomware attacks in 2021.

Cyber criminals don’t think twice when targeting schools, hospitals, and infrastructure that’s needed by the community. We reported on the on Colonial Pipeline hack that created a major disruption at gas stations across eastern US last May.

Schools and hospitals are appealing targets because investing in cyber security measures is not generally a priority and they often store large amounts of PII (Personal Identifying Information) in their systems.

Many senators have taken note of this and have called on the Department of Homeland Security to instate measures that would bolster the security of our schools, especially K-12.

A ransomware payment isn’t the only thing attackers stand to gain when they successfully infiltrate a network, here’s a chart with the way hackers “double dip” from during their attacks:

In the end Lincoln College did choose to pay the ransom to gain control of their systems again, but it sadly made no difference in saving the college.

60% of businesses close within 6 months following a ransomware attack, and only half businesses have a cyber response plan available to quickly respond to an attack. The slow response time will only add insult to injury as you try to get back on your feet and as we’ve seen in this case, it can be fatal to your business.

Valley Techlogic can help you not only have a contingency plan in place, but also help you enact cyber security measures in your business that will prevent an attack from occurring in the first place. Learn more today through a quick consultation.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
May 12, 2022