There is something special about flipping the calendar over to the peak of a new year. For many personally this means new years resolutions, for businesses it means fresh opportunity – a change to complete the things you missed in 2018! Like many, we’ve found businesses have a hard time considering what information technology goals they should have for the new year. Take this kick-starter for 3 New Year’s resolutions for your business to consider in the coming year. Read more
In the wake of destruction from an ever-growing threat of cybercriminals, many major municipal branches in Baltimore and Atlanta fell victim to encrypted systems and were extorted for millions. Soon after, the major targets became local school districts and colleges, but it would appear the targets have changed once again. This time to an industry that will surprise many, who think this could NEVER happen to them.
Museums…. That’s right, last Tuesday it was reported that the Asian Art Museum in San Francisco was hit with a ransomware attack back in May. Initially, when I heard this, I was as surprised as you were, why would a Museum be hit with Ransomware? Why would someone search out cultural institutions to attack? The answer lays closer then we think, dealing in lower monetary value, museum donors’ personal information, can be easily stolen, alongside the typical digital footprint of email, phone number, first name, last name, etc.
It sounds like something out of an action movie, the hacking of a museum in San Francisco, came to the surface when the Asian Art Museum refused to pay the demanded ransom, sticking with the city’s official “no-negotiation policy.” Although everyone at the Asian Art Museum has been tight-lipped about the tactic’s used against them, we do know the data was recovered, by utilizing a trusted backup system. Always making sure technology partners are checking-in, and running tests periodically, making sure systems built for fail-over are fully operational, and providing the museum the confidence needed to NOT PAY the ransom, knowing they can easily restore data, giving everyone at the Asian Art Museum, peace of mind.
Don’t be taken by surprise, protect your business with these five tips to better your data protection:
- End-Point Protection – To protect employees and business’ from cyberattacks and encryption, it’s critical to your success to employ up-to-date End-Point Protection (EPP) and Malware Alerting on high-value targets like servers or domain controllers.
- Gone Phishing – The human element is what gets most people, and it’s because these phishing examples have been developed to simulate a popular brand or coworker email. Without successfully phishing someone to gain access, the doors on your network can remain closed. Be warry, as social networks have been hit hard with email spoofing.
- See Something, Say Something – One of the most important things to teach employees within your network, is if they see a ransomware pop up, you should immediately disconnect this machine from the network. This will prevent the infected system from communicating with other nods on your network, damaging more of your data, and encrypting more technology.
- Group Policy Controls – Generate access controls or Group Policy, in case someone does get into one of the computers, they won’t be able to remote into someone else’s PC or system. Making it critical to prevent the spread and damage of further entities.
- Prioritize your Vulnerability – How much of a threat can your business take on, with information everywhere on the network, it grows impossible to secure everything, making it imperative to create a layered approach – to further secure financials and company email that could contain personal information.
In today’s cybersecurity landscape, ransomware poses a serious risk to every business. Taking a proactive approach is the key to reducing your risk. You can learn more about disaster recovery planning and reliable backup solutions by consulting a technology partner who understands your organization’s unique needs. Contact a Clare Computer Solutions Consultant today to determine your risk.
Our business ecosystems have begun rapidly changing, with cybercriminals evolving rapidly, a new vocabulary is developing. A new addition to the lexicon of many is the concept of “Security Posture.” Another techy-word, referring to the strength and security of your IT infrastructure. Putting an increased presence on internet-born vulnerabilities for business technology. How you manage current hardware and software purchases, policy & procedure generation and controls.
What Makes-Up Your Security Posture
Any of these singular aspects are defined under cybersecurity, your security posture develops the likelihood of a breach, and what it would take for hackers to gain access to these critical pieces of network technology, but also the state of your employees, and if they can spot similar threats, making these difficult for many to observe.
In the context of managing cybersecurity, larger organizations, including Directors of IT, Chief Technology Officers, and any compliance officer, must make decisions based on the deliberation and analysis of their security posture. Generating a better understanding surrounding certain aspects of your cybersecurity approach, but this is simply not enough anymore. In today’s connected age a more holistic approach is needed to meet regulations and compliance. Read more
Several security teams have recently discovered the scariest new strain of highly-sophisticated ransomware called MegaCortex. Although this new strain sounds like something out of this world, MegaCortex is a purpose-built threat used to seek and destroy corporate networks, as a whole. Yes, you read that correctly, ENTIRE NETWORKS. What makes this strain on ransomware so unique, is once penetrated, attackers will begin releasing various payloads, infecting your network by rolling out malware to servers, and workstations using your very own domain controller or “DC,” as many know it today.
These attacks have already been detected in the United States, Italy, Canada, France, and a few other European Union (EU) nations. This comes to many in the cybersecurity community as a recently discovered strain, meaning not much is known about how it’s encryption works, or how they are getting in. Worst of all, we don’t know if the ransom payments are being honored as of yet. This is everything we know about MegaCortex ransomware.
How MegaCortex Strikes
Many security and analytics companies have begun diving deeper into this strain of malware. Findings include similar actions to the RYUK Strain, where attackers use Trojan operators to access infected systems. What this means specifically is, if Emotet or Qakbot Trojans have been present on network devices, there is a growing concern, this could be potential network backdoors.
How MegaCortex Uses Your Own Domain Controllers
Although this case isn’t clear how the bad guys are getting into your network, many victims have reported numerous attacks originating from a compromised domain controller. On the domain controller, Cobalt Strike is being dropped and executed to create a reverse shell back to an attacker host.
Using this shell, attackers take control of your domain controller configuring and distributing a copy of the malware executable and batch-files across your network. This file then executes 44 different processes, including disabling Windows Services.
During the encryption of your system, ransomware will append extension file names, including “.aes128ctr.” We do not know if these extensions are static or created dynamically by each infection, including a secondary payload.
Secondary Payload? What Gives?!
In an effort to deliver the most accurate information, security researchers have also identified what would appear to many as a Secondary Hit, or Secondary Main Component. In plain-English, this means its delivery system is multi-staged and uses multiple payloads on a single device. We are still unclear at this time if the malware is dropping MegaCortex or if it’s maliciously installed.
How to Block MegaCortex Infections All Together
It’s recommended for many and Clare Computer Solutions’ best practice to have a weapons-grade backup solution, either off-site or in the cloud. As many strands of ransomware target these backups first, and foremost.
In this article “Locking it Down: Remote Desktop Protocol,” we highlighted the need for many businesses’ to secure RDP Services that are publicly accessed via the internet. If your machine MUST run RDP, make sure it’s placed behind a firewall, and only made accessible via a VPN tunnel.
Although this ransomware isn’t being spread by email spam, it’s possible the Trojans listed above, can and will. That is why it’s crucial to always identify and inform you of this phishing, and social engineering attacks, to build greater awareness.
Does It Feel like I’m Speaking Another Language?
If you’re unsure where to begin, our security specialists can help! With over 30 years of experience in information technology, our staff knows what it takes to meet security standards. Get ahead of the bad guys, with a Security Posture Evaluation.
If you’re anything like me, your tired of picking up the phone just to hear someone’s terrible recording of a tax collector, IRS agent or CPA demanding some outrageous sum of money. According to the IRS, in their latest security bulletin, they have formulated 2019’s “Dirty Dozen.” Keeping employees and end-users in mind, many will have sensitive data leftover on their devices, making your business a prime target.
With highly targeted attacks plaguing many of us today, it’s not uncommon to see Business Email Compromised or more-commonly, CEO Fraud. Reaching $12.5 Billion in total known losses, these attacks have bad guys trying to convince end-users, typically in Accounting, Receiving, HR, and sometimes IT to release information or funds based on their faked email address or title. Typically, this results in many unknowing employees making some form of payment or releasing the information as they view their job could be at stake.
We’ve even seen these “Fake CEOs” attempt to send out emails regarding W-2 issues. Once opened, the payload can be delivered from these attacks at any point in time. In most cases, we’ve witnessed malware laying low in systems for 90 days. With tax season closing, we wanted to shed some light on the technology aspects of the “IRS’ Dirty Dozen.”
Here’s a recap of this year’s ‘Dirty Dozen’ scams:
1. Phishing: Business’ filing on their own behalf this year, should be alert to the potential for faked emails or websites looking to steal personal information. The IRS notes, “The IRS will never initiate contact with taxpayers via email about a bill or tax refund.” Don’t click any links or attachments from someone claiming to be from or on behalf of the IRS. For more information from the IRS website see here: (IR-2019-26)
2. Phone Scams: Phone calls from criminals or on behalf of them impersonating IRS agents remain an ever-growing threat to end-users during tax season. It’s these same calls your employees receive that contain outlandish threats including police arrest, deportation, or my personal favorite license revocation. For more information from the IRS website see here: (IR-2019-28)
3. Identity Theft: During tax season, businesses will have taxpayer information on-hand for one of the few times all year. This means for the period between March to May, the IRS warns that identity theft will rise, although the security industry has made several large strides in protecting employees currently. The IRS warns business’ as they continue perusing these criminal actions. For more information from the IRS website see here: (IR-2019-30)
6. Tax Return Preparer Fraud: Unfortunately for some business’ the amount of fraudulent Tax Preparer has also grown in stride. As we all know, the vast majority of tax professionals are there to provide honest, high-quality services but others will operate during the filing season and it’s these scams that continue to push refund fraud and identity theft further. For more information from the IRS website see here: (IR-2019-32)
8. Inflated Refund Claims: Alert the IRS or the police of anyone whose promising inflated refunds or credits. Be alert to anyone promising large returns or asking for credits. This falls on local law enforcement to assist as these frauds will use flyers, fake storefronts, and community groups to infiltrate your trust. For more information from the IRS website see here: (IR-2019-33)
Continue staying diligent, as the typical end-user and employee has sensitive information nearby. Maybe it’s an email of your tax return or that W-2 from human resources. Regardless, having it near anything business related can be an area for concern, for cybercriminals and frauds they will have hit the jackpot.
Learn how to secure your end-users and employees, educating them on how to handle sensitive information, how to interact with strange emails.
Utilizing Microsoft’s latest partner release of the 2019 Security Intelligence Report, a report put together to inform Microsoft and Office365 Partners of the latest threat-analytics to hit the landscape. Of the 470 billion emails analyzed, the year-to-date trend was well over 250% since it’s last publication in 2018. As phishing attacks continue to trend upwards, attackers are beginning to leverage more sneaky tactics to accomplish their end goal, including blackmail, extortion and worst of all, data corruption.
For many businesses, encryption has become the norm as cyber-criminals begin looking to disrupt operations to turn a quick profit. One of the largest goals behind any cyber-attack is stealth, the longer a malicious activity goes on unnoticed in your systems, the greater the chances of their attack succeeding. One popular avenue has begun involving SSL encryption to disguise the transmissions of the attack from your local anti-virus or malware agents.
As previously warned, these attackers are persisting to utilize website encryption to provide users with a false sense of confidence while surfing or researching something on the web. As we have mentioned here, Security Awareness Training can assist in informing your employees of the perils found in today’s connected businesses. Begin scrutinizing the sender’s domain name, and the content they want from you.
- Phishing – 2.7 Million phishing attacks occur monthly, a 400% increase since we’ve been tracking these states in 2017.
- Content is King – 196 Million instances of “malicious content” including websites, malicious scripts, and malvertising we all found on some of the most well-known websites this year.
- Botnets – 32 Million botnet callbacks were performed and blocked on average each month since 2018
- Domains – 32% of all spoofed domains or websites were using SSL to deliver content.
Most Phished Brands through HTTPS:
- Microsoft Office365 or OneDrive – 58%
- Facebook – 12%
- Amazon – 10%
- Apple or iTunes – 10%
- Adobe – 4%
- Dropbox – 4%
- DocuSign – 2%
By preparing your employees with a security mindset, we broaden business’ stance on security, to better prevent things like SSL attacks from reaching your end-users. Each of these acts leverages more ways for cybercriminals to establish credibility, and the context needed to fool business.
Recently, I received an email from one of our clients in the North Bay, and they copied me on an email that was dressed up to represent a Microsoft Office 365 notice. Now, this notice contained links to an “invoice” that were crafted and carefully coded, to send the staff to a fake Russian URL, where Office365 logos were plastered everywhere. Even more conveniently, was the willingness for this HTTPS encrypted website to take down ANY information relating to my own personal Office 365 account. Thankfully, this partner reached out to our staff to double-check the status of their Office 365 account and wouldn’t you know it, no issues were reported.
(Email Pictured Below)
Recently, the U.S. Department of Homeland Security(DHS) and Cybersecurity & Infrastructure Security Agency(CISA) have begun the tracking of a Domain Name System (DNS) hijacking campaign. With using the following techniques, cybercriminals can redirect user traffic to attacker-controlled infrastructure, access valid encryption certificates for agencies’ domain names and launch attacks keeping your organization as the man-in-the-middle, including:
- Compromised credentials or obtained via account w/ with to make changes to Domain Name System records.
- Modifying any of the original addresses, mail exchange, name servers, and other Domain Name System records.
- EstablishDomain Name System records value and falsy-obtain encryption certificates for the executive branch.
How Staff Can Address these Domain Name System Attacks?
- Audit Your DNS records – By reviewing business records associated with services offered to users and the public to verify their location.
- Update DNS account passwords – Begin to modify your passwords on every account that has the power to make changes to agency Domain Name System records. Utilizing a password manager can assist in providing better passwords to secure this even further.
- Leverage multi-factor authentication (MFA) – Implement MFA for all accounts on systems that can make changes.
- Track certificate transparency logs – Monitor certificate transparency log-data for certificates issued by CISA OR DHS.
So, What Exactly is at Risk Here?
Software or SaaS applications have become more prevalent than ever, with threats associating with data theft beginning to soar, with a record of 28% increase on attacks related to Office 365 and Googles GSuite. By utilizing these three key strategies, you can begin securing your business and turn Domain Name System from Do Not Secure, into another fortified line of network defense. By shielding your network with a filtered Domain Name System and utilizing browsing policies, you can successfully keep users safe from malicious sites, and their downloads. This keeps networks secured, with minor tweaks to an Office 365 environment, also preventing harmful attachments out of email inboxes.
- Domain Name System (DNS) – Begin switching towards a Domain Name System (DNS) service that can actively monitor and block known malware sites to begin reducing the risk of exposure to malware. Unless you’ve custom-configured some settings, it’s likely that a site’s DNS provider is your current Internet Service Provider. DNS providers can block this type of access in two methods. Blocking a request made from a user, or by preventing malware from “phoning back home” with your data.
- Internal Policies – These style of filters work to block harmful sites and downloads at the browser level. Similar to the DNS provider at the network level, these systems calculate the risk and based on the amount of potential harm done, will flag these malicious downloads for greater review. Most that need the power to download from harmful websites do receive notifications, although they can go ignored in some cases.
- Email Filtering – In the latest statistics from WebRoot, Microsoft, and Sophos, report ransomware’s #1 attack-vector is still email delivered payloads. Far too often, recipients open files without realizing it wasn’t a file, but instead a malicious application. Microsoft does give Office 365 administrators the ability to block any of the 100 different file types. Although in most cases, businesses need attachments to be sent via email, that’s when the use of Microsoft Ondrive to view files can assist your organization.
If your business feels this is out of the scope of your current provider, or would like another expert opinion, give us a call to schedule a time to chat with one of our technology specialists, or have us visit your site. Reach out to us, and let us know if you need DNS help.
Every week, I’m sure your inbox becomes bombarded by the daily news alerts regarding the dangers of hacking attack, phishing attempts, and data breaches. The rapidly-evolving landscape poses major challenges for companies today, by establishing or updating your security framework.
Information and technology managers are especially concerned about gaps created in security system controls, and processes. These will begin your ongoing shortages of resources and expertise needed to protect information or stick to compliance. Your industry and business will begin to dictate your approach to advancing your security posture. Given the scope of this problem, your security team is uncertain where to begin and how to proceed.
Begin taking a phased approach to your cybersecurity systems. Plug the most important security gaps first, following the later when timing and process are flushed-out. Typically, security gaps are created when assumptions are made surrounding your IT network, as these new threat vectors emerge as soon as updates are rolled out.
Security Is More of a Journey
Typically, companies push security initiatives through, with no real destination in sight, so it wouldn’t be likely, every gap can’t be solved at once. For this reason, it’s best to begin revisiting your security framework, and any pressing risks or vulnerabilities. This better aligns our comprehensive security platforms better, over time. Begin focusing efforts around securing the most important aspect of your business, for some companies that are patient safety, for others, it’s privacy or monetary funds. By creating what is important, IT companies like ourselves can assist better in the threats haunting your business. It Starts with a reference point, and if you don’t have any security framework, or are unsure, it can usually be found by asking your IT manager, or the resident computer guy.
Getting cybersecurity right requires extensive experience, with a multitude of business models. Hackers are always looking for ways to generate some form of social engineering, to take advantage of our emotions. I get robot-dialers calling my cell phone all the time, with fake stories about a prince, needing my help. By following this framework, business leaders can evaluate the current and future state of business cybersecurity.
There will always be social engineering, hackers and sneaky back-door entries to software. As a result, no matter the stance on cybersecurity, it’s essential to your business to begin training the members in your organization and contribute to stopping the spread of these threats. As people will always be the weakest link when scrutinizing your cybersecurity.
Sharing the knowledge, we’ve gleaned from over 30 years in IT support and consulting services the best way to defend against the constant threat of cyber attacks for our managed service clients, is with a phased approach, built from alignment and cohesion of your strategic plan, and our knowledge.
To further understand what your security framework could be, or to have any questions answered, contact us today to get started.
For businesses, the traditional approach towards cyber security is focused on defending against threats, and prevention. As criminals become bolder, and tactics grow in sophistication, defense and prevention aren’t enough. Over 80% of businesses are looking for third-party help with cybers ecurity. By following these practices, you can securely position your company from a secure-data standpoint.
Focus on Risk – Instead of achieving a 100% fully-secured business, shift the conversation towards how much risk to a business, and it’s data, each employee’s faces. Come to terms with the idea “100% Secured” is unattainable. Cybercriminals can and will always find new ways to attack. By implementing cybersecurity metrics that track logs and security patching. By uncovering how many applications lack the latest security patching, your team can uncover any security vulnerabilities that have not been addressed.
Prioritize the Data – Each business has that information, that remains at risk. For many of your businesses, it would be employee health records, customer information, bank routing numbers. This sensitive data should get the highest level of security. This ensures a harder time for hackers to access info, and work to educate employees on protecting these valuable assets.
Cyber Clean-up – It’s always good practice to stay vigilant about security maintenance, to prevent commonly overlooked threats, such as ransomware, and phishing attacks. These “housekeeping” tasks are typically strengthening endpoint security, administrative rights for hardware access, and folder structure, schedule and automate patching roll-ups, data backups, and overall response planning in preparation of an event.
Security Stand Out – While it’s obvious for most business to leverage security as a differentiator, it might be less clear for employees, who interact with multiple businesses each day. From financial firms to outsourced HR, or even healthcare, all of them require strong security, to protect employee data or their clients.
Regulatory Churn – New regulations, such as Europe’s recently released, General Data Protection Regulation (GDPR) often cause concerns for businesses based in the United States, but selling in Europe. Businesses are told to comply but lack the tools and know-how to bring systems, and processes to standards. Compliance managers were force-fed regulations, in hopes to determine how best to position the tools and services needed. As a trusted IT service partner, we assist companies in the discovery, and remediation of non-compliant networks to meet business needs, and compliance standard, making for great security.
Boosting Security Expertise – With a threat landscape, similar to that of the wild west, cyber security must change with it. Shrouded in secrecy, the threat landscape has never been more open to knowledge sharing. If your company doesn’t have the time to research the specific threats linked to your business, maybe it’s time to meet with us.
Build a Culture – Due to the constant threat of cyber attacks, security awareness training should employ best-of industry security habits, such as password changes, encrypting mobile devices, and avoiding public Wi-Fi, when accessing sensitive data. It’s ok to work while on-the-go but use a VPN, or a remote desktop receiver with 2-factor authentication.
Something most businesses lack and your competition forgot about. Win more business and increase your bottom line, by keeping network uptime maxed, and efficiency within your processes intact.
Realize the Power of Technology with the help of a trusted IT service provider. Contact us to begin an uncovering the gaps in your cyber security today.
Security awareness training is seen by many as something “nice to have,” while several SF Bay Area business owners have begun implementing our on-site training in a necessity to any business looking to protect their network and backups from encryption.
Your decision to adopt user-based education has been passed over year-after-year due to budget constraints or a lack of in-house experts to demystifying technology. Small to medium-sized businesses have suffered from these types of constraints for years when compared to larger, resource-heavy organizations.
Though it’s clear end-user education doesn’t have to be a need for many business owners, as recently as August 2017, a Better Business Bureau study uncovered almost half of SMBs with 50 employees and under, regard security awareness training among their top 3 most proactive IT expenditures, alongside, firewalls and endpoint protection.
This increase comes as no surprise, as the cybersecurity landscape has become more dynamic than ever. The average small to medium-sized business faces annual losses of over $80,000 when everything is said and done. Your staff is the front line to your business, and even the most advanced security stacks, have limitations. If you’re not educating end-users by now, you’re putting your organization into harm’s way.
Here are a few tips and trips for SMBs looking to get started with end-user training, or security awareness training:
Gather Company Buy-In
As with any new programs, starting at the ground level will ensure success. Start with building a culture of security. Yes, it might require multi-factor authentication, or additional hoops to jump through. Begin generating the “buy-in” from the surrounding management teams, sending out an email explaining the value of security awareness, phishing details, and the latest in security trends, and reports for your information technology(IT) team.
Starts with Phishing
In the current technology landscape, security awareness should begin with the MOST COMMON attack vector, email phishing campaigns. With thousands of interactive tools and designs built to mislead and steal your credentials, there is no shortage of examples, and videos showing the intricate workings. Begin with the basics, and go through the varying amounts of phishing threats. Your staff should be able to identify and mitigate any phishing attempts after your training concludes.
Share results with End Users
Use this feedback to inspire smarter habits among staff, identifying key objectives for security awareness training to engage in at a later point. Who knows, maybe you will uncover security gaps left behind by a past managed IT, provider. Raise the level of cyber awareness throughout your organization, sharing the latest encounters internally with your staff. Chances are these criminals are working more than one of you at work and this can help employees understand the impact of poor online habits and motivate them to practice better behaviors.
Continuous Training: Set up your phishing and training program
Once your users are engaged and understand the value, the next step is setting up a training program for new employees. There is no one-size-fits-all program, but we recommend running at least one training courses per year. Depending on the needs of each organization, presentations can be tailored to highlight industry-specific security.
As the business scales, you will want to scale the frequency and adjust intervals throughout the year. Our Security Awareness Training includes real-world phishing scenarios that have been defanged from the wild.
When you start seeing the impact that proven security awareness training has on your employees, you’ll wonder how your business ever managed without it. Contact us to schedule your no-cost, no-obligation security awareness training for your organization.