Back to Top

Tech, Web, Cloud & Cabling Services

Category: Security

Security Category

Don’t Get Hooked – Avoid Phishing

dont-get-hooked

Did you know more than 90% of data breaches start with a phishing email?

A successful ransomware attack can devastate any size organization. As examples from a recent survey, 50% of law firms, 42% of insurance brokers, 37% of non-profit organizations and 27% of retail companies lack a written incident response plan. And 34% said they don’t give employees phishing tests to determine their exposure to risk.

We have been actively recommending and implementing layers of security from the hosted level, firewall level, server level, computer level, policy level and now by the user level.

Organizations who have incident response plan (IRP) are able to respond more quickly and more effective than those without one. And for organizations in healthcare or financial services, having a plan may be required by law. If you don’t yet have an IRP, we can provide template plans for a variety of types of organizations and even can assist in writing one if need be.

We want to reduce your organization’s chance of experiencing a cybersecurity disaster by 70% security awareness training and provide an IRP if an attempt is made.

What is “phishing”?

Phishing emails look like they came from a person or organization you trust, but in reality they’re sent by hackers to get you to click on or open something that will give the hackers access to your computer.

Why are you at risk?

Hackers are actively targeting organizations because you have information that is valuable to them. Specifically, they may be interested in any type of valuable data, such as customer, patient, student, or employee data, intellectual property, financial account information, or payment card data.  If one employee falls for a phishing attack, the systems the employee uses can potentially be accessed. (We can run a report on your account to assess phishing attempts per account, contact us if you are interested in obtaining this report)

How to spot a phishing email

Hackers have gotten clever in how they design the emails they send out to make them look legitimate.  But phishing emails often have the following characteristics:

  • Ask you for your username and password, either by replying to the email or clicking on a link that takes you to a site where you’re asked to input the information.
  • Look like they come from the HR or IT Team
  • Have grammatical errors
  • Contain email addresses that don’t match between the header and the body, are misspelled (like @gmaill.com), or have unusual formats @company-othersite.com)
  • Have links or email addresses that show a different destination if you hover over them
  • Try to create a sense of urgency about responding

How can you prevent phishing emails?

Employees responding to phishing emails is still one of the biggest risks we see. Training your employees is an essential first step in making sure your data is never encrypted or held for ransom.

  1. To help educate your employees about what to watch for, we’ve attached an employee tip sheet. You can download it HERE
  2. The Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) within DHS also have useful collections that include tip sheets. Click here.
  3. In addition to tips we do have a solution that is a cloud-based training software that allows your business to train employees to aid with security awareness and phishing resistance. The platform allows us to setup and deliver simulated security threats and phishing incidents to educate and test employees. The training can be required and simulated emails will be sent, and if an employee falls for the threat testing, you would know and the employee can go through further testing. The cost is based per organization and is very reasonable. If there is an interest let us know.
  4. Last year we started “hardening” in Microsoft 365 to prevent phishing email attempts as a preventative measure for protecting your accounts.
  5. Similar to the “365 hardening” in #4 we have a new solution that is similar to the hardening but with more bells and whistles. The system works in an A.I. setup learning the types of emails you get and where they are coming from. Example. If you got an email from us regularly, but one email originated from a country in Europe not our usual IP address it would flag it. This system ties into 365 very nicely and even give the employees the ability to mark things phishing or safe, if needed. But once a message is marked safe the “outside email” banner will be removed for that email for the entire organization. The solution is a very reasonable cost per account, if there is an interest let us know.

CALL US TODAY @ (856) 745-9990

Microsoft announced Attack Simulator for Office 365 Threat Intelligence

 

Admins can send simulated phishing and attack emails to find security and training weaknesses.

A few weeks ago, Microsoft released a public preview for Attack Simulator for Office 365 Threat Intelligence. On April 17th Microsoft announced that Attack Simulator is now generally available. Attack Simulator for Office 365 Threat Intelligence is available to all Office 365 E5 or Office 365 Threat Intelligence customers.

With Attack Simulator, customers can launch simulated attacks on their end users, determine how end users behave in the event of an attack, and update policies and ensure that appropriate security tools are in place to protect the organization from threats.  The GA of Attack Simulator adds a new HTML editor so realistic looking HTML emails can be sent in simulations of spear-phishing.  Also, two spear-phishing templates are available for immediate use in the spear phishing simulation.

Attack Simulator includes the three attack scenarios from our public preview.

Display Name Spear Phishing Attack: Phishing is the generic term for socially engineered attacks designed to harvest credentials or personally identifiable information (PII). Spear phishing is a subset of this phishing and is more targeted, often aimed at a specific group, individual, or organization.  These attacks are customized and tend to leverage a sender name that generates trust with the recipient.

Password Spray Attack: To prevent bad actors from constantly guessing the passwords of user accounts, often there are account lockout policies.  For example, an account will lockout after a certain number of bad passwords are guessed for a user.  However, if you were to take a single password and try it against every single account in an organization, it would not trigger any lockouts.  The password spray attack leverages commonly used passwords and targets many accounts in an organization with the hope that one of the account holder uses a common password that allows a hacker to enter the account and take control of it.  From this compromised account, a hacker can launch more attacks by assuming the identity of account holder.

Brute Force Password Attack: This type of attack consists of a hacker trying many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found.

 

 

This video demonstrates how Attack Simulator can help organizations educate users to become more secure from cyber threats.  With Attack Simulator, admins can train all their end users, and especially those who are attacked most often.  This proactive training is a powerful way to ensure that your organization can prevent the impact from advanced threats.  Over the coming months, more threat simulations will be added to Attack Simulator so organizations can simulate the most prevalent threat types from the modern threat landscape.

Experience the benefits of Attack Simulator for Office 365 Threat Intelligence by beginning an Office 365 E5 trial today.  Also, learn more about how Microsoft leverages threat intelligence and the value of threat intelligence.

Wi-Fi-enabled ‘Hello Barbie’ records conversations with kids and uses AI to talk back

Today, Mattel released Hello Barbie, a WiFi-enabled doll that detects language and ‘talks back.’ But how will this high-tech toy impact real-life relationships?

Hello-barbie

She wears black flats, a motorcycle jacket, and skinny jeans. Her curly, bleach-blonde hair falls just past her shoulders. She has a permanent smile and large blue eyes. And, when you talk to her, she listens.

But this young woman isn’t an ordinary friend. “Hello Barbie” is less than a foot tall, weighs just under two pounds, and is made of plastic. And she is on sale for $74.99.

Mattel’s latest Barbie, marketed for children six and up, has just hit the shelves. She is unlike any doll before her—not only does she listen, but she can talk back.

To get started, kids simply download the Hello Barbie companion app. And to turn her on, you push a button on her silver belt buckle. Hello Barbie’s necklace is both a recorder and a microphone. Using WiFi, the jewelry will pick up a child’s questions and conversations—and transmit them back to a control center for processing. Speech-recognition software, operated through ToyTalk, will detect the input. Then, Hello Barbie will reply, using one of 8,000 pre-programmed lines. Examples include:

  • You know, I really appreciate my friends who have a completely unique sense of style…like you!
  • Here’s what’s up: I’m worried my sister Stacie is having a hard time finishing her homework. Does that ever happen to you?
  • I think Santa is real. There’s something very magical about the holiday season and I think he helps bring that magic to all of us!
  • So if you were planning the biggest, raddest, most unforgettable party of the year, what would it be like?
  • Of course we’re friends! Actually, you’re one of my best friends. I feel like we could talk about anything!

Hello Barbie’s dialogue, while perky and fashion-focused, reflects an attempt by Mattel to create a more well-rounded character than in the past. In 1992, Mattel pulled its string-operated Teen Talk Barbie from shelves after being criticized by The American Association of University Women for the inclusion of an unfortunate line: “math class is tough.” It is no mistake that Hello Barbie’s lines includes: “Oh nice! Fun with numbers! Teaching math sounds like a lot of fun. What kinds of things would you teach—Counting? Addition? Subtraction?”

Still, the implication that Barbie is being sold as a ‘friend’ is unsettling. “Hello Barbie can interact uniquely with each child by holding conversations, playing games, sharing stories, and even telling jokes!” boasts Mattel’s website. Hello Barbie, claims Mattel, is “Just like a real friend. [She] listens and remembers the user’s likes and dislikes, giving everyone their own unique experience.”

But is she really listening?

While Barbie may appear to listen and respond, “pretend empathy is not empathy,” said Sherry Turkle, professor at MIT and author of Reclaiming Conversation. Turkle worries about how children will understand their new ‘friend.’

“They are drawn into thinking that pretend empathy is the real thing,” said Turkle. “But objects that have not known the arc of a human life have no empathy to give. We put our children in a compromised position.”

Beyond the social implications of the doll, the capabilities of the recording technology raise privacy issues.

Using Hello Barbie involves recording voice data (see the privacy policy here) and requires parental consent. However, Mattel states that “parents and guardians are in control of their child’s data and can manage this data through the ToyTalk account.” The company also states that the recordings are protected under the “Children’s Online Privacy Protection Act,” and recordings containing personal information will be deleted once they “become aware of it.”

Still, the potential for misuse of this private data is a legitimate concern. “Obviously it is a security and privacy nightmare,” said Roman Yampolskiy, director of the Cybersecurity Lab at the University of Louisville. “[The] company [is] collecting data from kids—hackers [could be] getting access to private info.”

However, like Turkle, Yampolskiy is “more concerned about social development of the children interacting with it.”

“We are basically running an experiment on our kids and have no idea if it will make them socially awkward, incapable of understanding body language, tone of voice and properly empathize with others,” he said.

It all raises the question of what is meant, exactly by ‘real’ conversation? Turkle said, “Why would we take such risks with something so delicate, so crucial: Our children’s ability to relate to each other as human beings?”

Despite concerns, Hello Barbie is here, being shipped to homes across the globe beginning today. She is being turned on, spoken to, and listened to. And when children are finished with her, she is shut down, stood on a charger (Hello Barbie cannot stand on her own) and charged back up.

When she is turned on again, Barbie might ask: “Did you miss me at all?”

“Not even an itsy bitsy, eensy weensy bit?”

How children will respond remains to be seen.

Mattel did not respond to repeated requests for comment for this story.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

The 18 scariest computer viruses of all time

virus

 

Anna Kournikova (2001)

The Anna Kournikova virus is so named because it tricked its recipients into thinking they were downloading a sexy picture of the tennis star. Financial damages associated with Kournikova were limited, but the virus had a big pop culture impact: It became a plot point in a 2002 episode of the sitcom Friends.

Sasser (2004)

In April 2004, Microsoft issued a patch for a vulnerability in Windows’ Local Security Authority Subsystem Service (LSASS). Shortly after, a teenager in Germany released the Sasser worm to exploit the vulnerability in unpatched machines. Multiple variants of Sasser took out airline, public transportation, and hospital networks, causing $18 billion in damage.

Skulls.A (2004)

The Skulls.A is a legitimately spooky mobile trojan that affected the Nokia 7610 smartphone and other SymbOS devices. The malware was designed to change all icons on infected phones to Jolly Rogers and disable all phone functions, save for making and receiving calls.

F-Secure says Skulls.A caused little damage, but the trojan is undeniably creepy.

Zeus (2009)

While many malware programs on this list are little more than nuisances, Zeus (AKA Zbot) was a tool used by a complex criminal enterprise.

The trojan uses phishing and keylogging to steal online banking credentials, draining a cumulative $70 million from the accounts of its victims.

Melissa (1999)

Named after a Florida stripper, the Melissa virus was designed to propagate by sending itself to the first 50 contacts in its victims’ e-mail Outlook address book. The attack was so successful that the virus infected 20 percent of the world’s computers, causing an estimated $80 million in damage.

Virus creator David L. Smith (shown) was caught by the FBI, served 20 months in jail, and paid a $5,000 fine.

Sircam (2001)

Like many early malware scripts, Sircam used social engineering to trick people into opening an email attachment.

The worm chooses a random Microsoft Office file on victims’ computers, infects it, and sends it to all the people in the victims’ email contact list. A University of Florida study pegged Sircam cleanup costs at $3 billion.

Stuxnet (2009)

Stuxnet is one of the first known viruses created for cyberwarfare. Created in a joint effort between Israel and the U.S., Stuxnet targeted nuclear enrichment systems in Iran.

Infected computers instructed nuclear centrifuges to physically spin until they broke, all while providing fake feedback that operations were normal.

SQL Slammer/Sapphire (2003)

Taking up just 376 bytes, the SQL Slammer worm packed a lot of destruction into a tiny package. The worm slowed down the Internet, disabled 911 call centers, took down 12,000 Bank of America ATMs, and caused much of South Korea to go offline. It also crashed the network at Ohio’s Davis-Besse nuclear power plant.

Storm Trojan (2007)

Storm Trojan is a particularly sinister piece of email-distributed malware that accounted for 8 percent of all global infections just three days after its January 2007 launch.

The trojan created a massive botnet of between 1 and 10 million computers, and because it was designed to change its packing code every 10 minutes, Storm Trojan proved incredibly resilient.

Code Red (2001)

The Code Red worm, named after the Mountain Dew flavor preferred by its creators, infected up to one-third of all Microsoft ISS web servers upon release.

It even took down whitehouse.gov, replacing its homepage with a “Hacked by Chinese!” message. Estimated damages due to Code Red were in the billions of dollars worldwide.

Nimda (2001)

Released just after the 9/11 attack, many thought the devastating Nimda worm had an Al Qaeda connection (never proven).

It spread via multiple vectors, bringing down banking networks, federal courts and other key computer systems. Cleanup costs for Nimda exceeded $500 million in the first few days alone.

ILOVEYOU (2000)

The ILOVEYOU worm, AKA Love Letter, disguised itself in email inboxes as a text file from an admirer.

But this Love Letter was anything but sweet: In May 2000, it quickly spread to 10 percent of all Internet-connected computers, leading the CIA to shut down its own email servers to prevent its further spread. Estimated damages were $15 billion.

Cryptolocker (2014)

Computers infected with Cryptolocker have important files on their hard drives encrypted and held at ransom. Those who pay approximately $300 in bitcoin to the hackers are given access to the encryption key; those who fail to pay have their data deleted forever.

Netsky (2004)

The Netsky worm, created by the same teen who made Sasser, made its way around the world by way of email attachments. The P variant of Netsky was the most widespread worm in the world even more than two years after its February 2004 launch.

Conficker (2008)

The Conficker worm (AKA Downup, Downadup, Kido), first detected in December 2008, was designed to disable infected computers’ anti-virus programs and block autoupdates that may otherwise remove it from computers.

Conficker quickly spread to numerous important computer networks, including those of the English, French, and German armed forces, causing $9 billion in damage.

Michaelangelo (1992)

The Michelangelo virus itself spread to relatively few computers and caused little real damage. But the concept of a computer virus set to “detonate” on March 6, 1992 caused a media-fueled mass hysteria, with many afraid to operate their PCs even on anniversaries of the date.

Sobig.F (2003)

The Sobig.F trojan infected an estimated 2 million PCs in 2003, grounding Air Canada flights and causing slowdowns across computer networks worldwide. This tricky bug-in-disguise cost $37.1 billion to clean up, making it one of the most expensive malware recovery efforts in history.

MyDoom (2004)

In September 2004, TechRepublic called MyDoom “the worst virus outbreak ever,” and it’s no surprise why. The worm increased the average page load time on the Internet by 50 percent, blocked infected computers’ access to anti-virus sites, and launched a denial-of-service attack on computing giant Microsoft.

The worldwide costs associated with cleanup of MyDoom is estimated to be just shy of $40 billion.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Trump administration to move all federal IT into the cloud: Is it realistic?

US president Donald Trump recently signed an executive order on cyber-security that mandated federal systems move to the cloud. But, questions remain on the feasibility of that goal.

On Thursday, US President Donald Trump signed his long-awaited executive order on cyber-security, laying out his plans for addressing security in federal IT and across US infrastructure. The most ambitious mandate was that all federal IT systems move to the cloud.

President Trump’s homeland security adviser, Tom Bossert, said in a announcement that the government had spent too much time and money “protecting antiquated and outdated systems.” Bossert cited the Office of Personnel Management (OPM) hack as evidence of failing legacy systems.

Bossert said, “From this point forward, the President has issued a preference in federal procurement in federal IT for shared systems. We’ve got to move to the cloud and try to protect ourselves instead of fracturing our security posture.”

The executive order officially states: “Agency heads shall show preference in their procurement for shared IT services, to the extent permitted by law, including email, cloud, and cyber-security services.” It also calls for a report to be completed within 90 days describing the legal, budgetary, technical considerations for “shared IT services, including email, cloud, and cyber-security services,” along with a timeline for the initiatives and their potential cost-effectiveness.

Peter Tran, the senior director of worldwide advanced cyber defense practice at RSA and former US Department of Defense employee, said the anchor for the executive order will initially be the NIST Cybersecurity Framework (CSF), to both assess current risk gaps and determine a strategy moving forward. This will be the pacesetter by which all building blocks will either rise or fall specifically on the call to action to go cloud in an expedited manner…..security being a forethought,” Tran said.

However, the effectiveness of a move to the cloud to improve security among these federal systems remains up to debate. John Pironti, cyber-security expert and president of IP Architects, said that it could create a double-edged sword.

“The idea of standardization of security controls and capabilities through a cloud-only mandate in theory may make sense to establish an enhanced baseline for security, but at the same time creates a central target and common set of controls and capabilities that adversaries can then focus their attention on in order to be successful in their attacks,” Pironti said.

Following a central set of control standards and common technology platforms, combined with the centralized nature of the cloud, could actually make the federal IT systems weaker than their current iteration, Pironti said, which utilizes “distributed and varied computing assets and security controls.” And if hackers can find and exploit a weakness in this kind of system, it could lead to a bigger impact.

Pironti said that he believes the mandate will start out with the proper intentions, but if the affected government agencies simply follow the prescribed behaviors with no deviation, they may not be able to keep up with the changing threat landscape. While Pironti said that he’s in favor of accountability, he believes that the approach should be risk-based instead of mandated.

“I do not believe all agencies should be forced into a cloud model or required to follow the same set of prescriptive security controls,” Pironti said. “If an agency can prove that they are effectively operating in a reliable, available, and secure fashion then they should be allowed to continue to do so.”

Another question raised by the mandate is the feasibility of moving these systems to the cloud. Tran said that the executive order builds on an existing foundation, but the “proof is in the pudding.” The order, like other security plans, must be executed in a timely manner and show clear improvements in boosting security visibility and early threat detection, but it also must clearly show what “good” and “bad” security looks like in cloud infrastructure, Tran said.

“That’s really hard to do under an average planning and deployment timeline. Your compass needs to be ‘dead on,'” Tran said.

The impact of the executive order could also be seen in the private sector, Tran said, driving the growth of stronger policy, compliance, and governance around cybersecurity.

“The unique aspect of this current environment is security can’t effectively operate in a ‘de-regulated’ fashion by the mere nature that it’s security… Imagine if the TSA and FAA had no security protocols and structure?” Tran said. “Cybersecurity is no different whether it’s brick-and-mortar or click-and-mortar.”

The 3 big takeaways for readers

  1. Trump recently signed an executive order on cybersecurity mandating all federal IT systems move to the cloud, but questions remain about the feasibility and effectiveness of such a mandate.
  2. The move to the cloud could help modernize the systems’ approach to security, but it could also create a central point of attack for hackers, an expert said.
  3. The executive order could also impact the private sector, leading to more regulation and compliance around cyber-security initiatives, an expert said.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Massive Delta outage highlights need for quality data center power, backup plans

Business leaders must prepare for disasters made by man or Mother Nature with extensive, practiced recovery plans to avoid system shutdowns.

A Delta ground stop was lifted Monday morning following a 2:30 a.m. ET power outage in Atlanta that delayed and cancelled flights worldwide. Businesses should view this as a cautionary tale, highlighting the importance of quality data center power and disaster control systems.

Delta cancelled approximately 300 flights due to the outage. As of 10:30 a.m. ET, it operated 800 of its nearly 6,000 scheduled flights. However, Delta customers heading to the airport on Monday should still expect delays and cancellations, according to a press release. As inquiries are high and wait times are long, there may also be some lag time in the display of accurate flight status from the airline, it warned.

Last month, Southwest Airlines cancelled 1,150 flights after a system outage. Though the system came back online within the day, hundreds of flights were backlogged.

Based on recent research, it’s fair to say that what happened to Delta and Southwest could happen to a number of businesses. Some 57% of small and mid-sized businesses have no recovery plan in the event of a network outage, data loss, or other IT disaster, according to a Symantec study.

“Planning and executing disaster recovery exercises is something that should be done on a regular basis to find out these issues before they may be impactful,” said Mark Jaggers, a Gartner data center recovery and continuity analyst. “The issue, which was also the case with Southwest Airlines, is not planning for partial failure scenarios that are harder to get to the root cause of and work around.”

To avoid shutdowns like Delta’s, company data centers should have redundant power and networking, preferably from a grid and provider, respectively, that are completely independent from the primary ones, Jaggers said.

“Data centers are a huge piece of a disaster recovery plan,” said mission-critical facility management professional Christopher Wade. “To have a reliable infrastructure, you have to minimize single points of failure.” Business leaders should also ask about the experience levels of data center staff, as many of these companies are currently understaffed, Wade added.

Usually, large companies have a primary data center in one location and an alternate in another that is far enough away so the two do not experience the same disaster at the same time, said Roberta Witty, risk and security management analyst at Gartner.

“In today’s world, the business expectation is that you’re up and running quickly after a disaster,” Witty said. “The ‘always on’ driver is changing the way organizations deliver IT in general, and so they are building out their data centers to be more resilient.”

Faster recovery times

About 60% of organizations are moving to a recovery time objective of four hours or less, Witty said. Doing so successfully involves extensive planning. First, determine what business operations are mission critical. Then, consider factors that impact recovery time requirements, such as revenue loss, safety, and brand reputation, and build your recovery infrastructure accordingly. As more companies outsource data operations, a key consideration should be the third party’s ability to meet your recovery requirements, she added.

Crisis management practices, such as the procedures Delta used to notify management and deal with customer fallout, usually get exercised every quarter. “The more you practice your crisis management procedure and communicating with your workforce, customers, suppliers, and partners, the better off you are,” Witty said. “A plan that hasn’t been exercised is not a workable plan.”

Disaster recovery can’t be something a company reviews once a year, Witty said, but rather an ongoing part of every new project.

“Your recovery environment has to stay in sync with production, which is where a lot of organizations fail,” Witty said. “Build disaster recovery into a project lifestyle—whether it’s a new product or a change in management, you have to go back and revisit your recovery plans.”

The 3 big takeaways for readers

  1. Delta experienced a massive networked service stoppage Monday morning after a power outage in Atlanta, which offers a lesson in disaster preparedness and recovery for other businesses and data centers.
  2. About 57% of small and mid-sized businesses have no recovery plan in the event of a network outage, data loss, or other IT disaster, but these plans are key for mitigating natural and manmade disasters and keeping business operations running smoothly.
  3. Companies should build crisis management and proper communication into all new projects and management changes to ensure consistency.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

How to avoid ransomware attacks: 10 tips

As ransomware increasingly targets healthcare organizations, schools and government agencies, security experts offer advice to help IT leaders prepare and protect.

Nigerian princes are no longer the only menaces lurking in an employee’s inbox. For healthcare organizations, schools, government agencies and many businesses, ransomware attacks—an especially sinister type of malware delivered through spear phishing emails that locks up valuable data assets and demands a ransom to release them—are a rapidly-growing security threat.

“We’re currently seeing a massive explosion in innovation in the types of ransomware and the ways it’s getting into organizations,” says Rick McElroy, security strategist for cyber security company Carbon Black Enterprise Response. “It’s a big business, and the return on investment to attackers is there—it’s going to get worse.”

While ransomware has existed for years, 2015 saw a spike in activity. The FBI received 2,453 complaints, with losses of over $1.6 million, up from 1,402 complaints the year before, according to annual reports from the bureau’s Internet Crime Complaint Center. And the numbers are only growing in 2016, the FBIreports.

“The Dark Web and Bitcoin allow almost anyone to sell stolen data without identification—cyber criminals understand they can make easy cash without the risk of being jailed,” says Ilia Kolochenko, CEO of web security company High-Tech Bridge. And hackers—most of which are located in developing countries—are growing more sophisticated, even developing downloadable ransomware toolkits for less-experienced hackers to deploy, according to the 2016 Institute for Critical Infrastructure Technology Ransomware Report.

“The days of grammatically incorrect, mass spam phishing attacks are pretty much over,” says James Scott, senior fellow and co-founder of the Institute for Critical Infrastructure Technology, and co-author of the report. Hackers can now check a victim’s social media accounts, and create a fake email address pretending to be a friend or contact in order to get them to click on an infected link or attachment. “It’s much more targeted, and will exploit a particular vulnerability in a device, application, server or software,” Scott adds.

A typical ransom demand is $300, according to a report from security firm Symantec.

Health threats

The healthcare sector is highly targeted by hacker attacks, due to antiquated or misconfigured computer security systems and the amount of sensitive data they hold, says David DeSanto, director of projects and threat researcher at Spirent Communications.

The large number of employees at most hospitals also makes cyber security safety training difficult, DeSanto says. Experts commonly see attacks occur through spear phishing—targeted emails with attachments with names such as “updated patient list,” “billing codes” or other typical hospital communications that employees may click on if not warned.

In 2015, over 230 healthcare breaches impacted the records of 500-plus individuals, according to data from the U.S. Department of Health and Human Services Office for Civil Rights.

A February ransomware attack launched against Hollywood Presbyterian Medical Center in southern California locked access to certain computer systems and left staff unable to communicate electronically for 10 days. The hospital paid a $17,000 ransom in bitcoin to the cybercriminals, says CEO Alan Stefanek.

Following security best practices can help healthcare organizations protect themselves. “The best way is to make regular backups of all systems and critical data so that you can restore back to a known good state prior to the ransomware being on the system,” DeSanto says.

Without security best practices, healthcare organizations may be left with few options to retrieve information. In these cases, healthcare organizations may choose to pay the ransomware fee. Some make enough money that paying the ransom for a few infected computers is low compared to the cost of maintaining the infrastructure to protect these attacks, DeSanto adds.

Schools and businesses

Hackers are gaining traction and using new methods across other industry verticals as well. In 2014, a large European financial services company (whose name was not disclosed) discovered with the help of High-Tech Bridge that a hacker placed a back door between a web application and a data set.

For six months, the hacker encrypted all information before it was stored in a database, undetected by company staffers. Then, they removed the encryption key, crashing the application, and demanded $50,000 to restore access to the database.

However, the company did not end up paying, thanks to mistakes made by the hackers, Kolochenko says.

Other victims are not as lucky, says Engin Kirda, professor of computer science at Northeastern University. “If the ransomware hacker does the encryption well, once the data is encrypted it’s nearly impossible to decrypt,” he adds.

Such was the case for South Carolina’s Horry County School District this February, when hackers froze networks for 42,000 students and thousands of staff. District technology director Charles Hucks tried to shut down the system, but within minutes, the attackers immobilized 60 percent of Horry County’s computers. The district paid $8,500 in Bitcoin to unlock their systems.

Tips for IT leaders

To prevent a ransomware attack, experts say IT and information security leaders should do the following:

  1. Keep clear inventories of all of your digital assets and their locations, so cyber criminals do not attack a system you are unaware of.
  2. Keep all software up to date, including operating systems and applications.
  3. Back up all information every day, including information on employee devices, so you can restore encrypted data if attacked.
  4. Back up all information to a secure, offsite location.
  5. Segment your network: Don’t place all data on one file share accessed by everyone in the company.
  6. Train staff on cyber security practices, emphasizing not opening attachments or links from unknown sources.
  7. Develop a communication strategy to inform employees if a virus reaches the company network.
  8. Before an attack happens, work with your board to determine if your company will plan to pay a ransom or launch an investigation.
  9. Perform a threat analysis in communication with vendors to go over the cyber security throughout the lifecycle of a particular device or application.
  10. Instruct information security teams to perform penetration testing to find any vulnerabilities.

Mitigating an attack

If your company is hacked with ransomware, you can explore the free ransomware response kit for a suite of tools that can help. Experts also recommend the following to moderate an attack:

  • Research if similar malware has been investigated by other IT teams, and if it is possible to decrypt it on your own. About 30 percent of encrypted data can be decrypted without paying a ransom, Kolochenko of High-Tech Bridge says.
  • Remove the infected machines from the network, so the ransomware does not use the machine to spread throughout your network.
  • Decide whether or not to make an official investigation, or pay the ransom and take it as a lesson learned.

“There is always going to be a new, more hyper-evolved variant of ransomware delivered along a new vector that exploits a newly-found vulnerability within a common-use application,” Scott of ICIT says. “But there are so many technologies out there that offer security—you just have to use them.”

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

Ransomware 2.0 is around the corner and it’s a massive threat to the enterprise

The profits from ransomware are making it one of the fastest growing types of malware and new versions could negatively impact entire industries, according to a Cisco report.

ransomware2.0

Despite the efforts made to improve cybersecurity at many organizations, there are too many systems with aging infrastructure and vulnerabilities that leave companies at risk, with ransomware one of the most sinister threats, according to a new Cisco report.

Ransomware is a top concern because it’s become an area of intense focus for cybercriminals due to its effectiveness at generating revenue. Once a cybercriminal hacks into a company’s files and encrypts them, victims have little option but to pay the asking price for the code to decrypt their files. Ransomware is becoming more ominous as new versions are continually being developed.

“The landscape is simple. Attackers can move at will. They’re shifting their tactics all the time. Defenders have a number of processes they have to go through,” said Jason Brvenik, principal engineer with Cisco’s security business group, discussing the Cisco 2016 Midyear Cybersecurity Report.

Cisco used data from its customers to create the report, since there are more than 16 billion web requests that go through the Cisco system daily, with nearly 20 billion threats blocked daily, and with more than 1.5 million unique malware samples daily, which works out to 17 new pieces of malware every second, Brvenik said.

Brvenik has the following recommendations for companies wanting to improve security:

  • Improve network hygiene – Improve aging infrastructure to limit vulnerabilities.
  • Integrate defenses – Use machine learning techniques combined with novel data views.
  • Measure time to detection – Find out how long an attacker can live in your network before they are found.
  • Protect your users everywhere they are – Protect users whether they’re on a laptop, a smartphone, or another device. Don’t just protect networks but protect users. They are the target.

The next step in the evolution of malware will be ransomware 2.0, which Brvenik said “will start replicating on its own and demand higher ransoms. You’ll come in Monday morning and 30% of your machines and 50% of your servers will be encrypted. That’s really a nightmare scenario.”

Ransomware campaigns started out primarily through email and malicious advertising, but now some attackers are using network and server-side vulnerabilities as well. Self-propagating ransomware will be the next step to create ransomware 2.0, and companies need to take steps to prepare and protect their company’s network, Brvenik said.

New modular strains of ransomware will be able to quickly switch tactics to maximize efficiency. For example, future ransomware attacks will evade detection by being able to limit CPU usage and refrain from command-and-control actions. These new ransomware strains will spread faster and self-replicate within organizations before coordinating ransom activities, according to the report.

JexBoxx, an open source tool for testing and exploiting JBoss application services, had been used to allow the attackers to gain access to networks in the targeted companies. Once the attackers had access to the network, they encrypted multiple Windows systems using SamSam.

Overall, in all aspects of cybersecurity, there are too many companies with vulnerabilities that haven’t been addressed. Out of 103,121 Cisco devices connected to the internet that were studied for the report, each device on average was running 28 known vulnerabilities. The devices were actively running known vulnerabilities for an average of 5.64 years, and more than 9 percent had known vulnerabilities older than 10 years, according to the report.

“In April, Cisco estimated that 10% of all JBoss servers worldwide were compromised. And they were compromised using readily available tools and old vulnerabilities. Adobe Flash is still a favorite. It gives a viable attack surface for them. And we see Microsoft Silverlight vulnerabilities. This means to us that people are opportunizing those that work for them,” Brvenik said.

Brevik noted that the nature of the attack is also likely to change, focusing on service-oriented technologies and systems, with teams ready to attack and try to compromise systems. Advertising is a viable model for attack.

“We saw a 300% increase in the use of HTTPS with malware over the past four months. Ad injection is the biggest contributor. Adversaries are using HTTPS traffic to expand time to operate. That’s the attacker opportunity as it exists today,” he said.

It’s no longer reasonable to expect to block 100% of threats, but being able to detect the threat fast, and limit the time the attacker is in your system is key to minimizing the damage. In December 2014, the median time before an attack was detected was 50 hours. In April 2016, it dipped to a median of 13 hours for the previous six months, Brvenik said.

“It is a living number as defenses improve and attackers change. This is good. It says that for the customers that have these systems, when they are compromised, they’re now down to 13 hours as a median time to detect it. I wouldn’t leave the door to my house open for 13 hours; and that’s what you’re doing when you leave your door open to attackers for 13 hours.”

Industries that previously thought they were immune because their business was of little interest to attackers are wrong.

“No industry is safe,” Brvenik said. “Assuming that what you do is of no interest to attackers is not a good way to think of it.”

Three takeaways for the readers

  1. Of more than 100,000 Cisco connected devices studied for the report, an average of 28 vulnerabilities were running on each one.
  2. Self-propagating ransomware is around the corner and companies need to protect themselves from the threat.
  3. Ransomware is giving massive profits to attackers, encouraging them to create even more sinister ways to attack. The average time of attack lasts 13 hours, down from 50 hours in 2014.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

Windows 10 Anniversary Update: Watch out for these nasty surprises

A major update to Windows 10 is being rolled out. These are the gotchas that are catching out early users.

windows-10-anniversary-update

Windows 10 users are getting the first major update to the operating system in just under a year, with the release of the Anniversary Update.

But alongside the new features and fixes are some more unwelcome changes, ranging from less control for users to frozen machines.

Here are the main gotchas to look out for, as well as some fixes.

Less time to change your mind

With the arrival of the Anniversary Update, those upgrading to Windows 10 from Windows 7 or 8 have less time to switch back to the earlier OS.

Prior to the Anniversary Update, Windows 10 users had 30 days during which they could choose to reset their machine and restore their original OS. However, following the update Microsoft has reduced this period to 10 days.

Microsoft claims it reduced the period after noticing that most users who chose to switch back did so within a few days of upgrading, adding the change will free storage space on users’ machines.

The reduction also coincides with the end of period during which Windows 7 and 8 users could upgrade to Windows 10 for free – meaning those now paying $120 or more to upgrade will likely be less keen to switch back.

Frozen computers and broken systems

When you update software there is always risk that something will break, and that’s exactly what seems to be happening for some who have received the Windows 10 Anniversary Update.

The most common complaint seems to be that the update causes the computer to lock-up soon after loading the desktop.

In response to the problem, Microsoft has been advising users to run Windows 10’s Maintenance Troubleshooter and if that doesn’t work, to perform a clean boot of the system.

Meanwhile, users are reporting the most reliable fix has been to roll back to an earlier build of Windows 10.

Another repeated complaint is that Microsoft’s virtual assistant Cortana is missing from the Task Bar, replaced instead with a search box. In affected systems, Cortana also seems to be disabled inside the Edge web browser.

Some users of Avast and McAfee anti-virus – both widely used products – are also reporting problems after the upgrade, as are gamers trying to use Xbox One controllers.

Cortana is more difficult to get rid of

If you’re not a fan of Microsoft’s virtual assistant Cortana then prepare to dislike the Anniversary Update.

Following the update, it is no longer possible to turn off Cortana from the virtual assistant’s in-built Settings menu.

Instead, if users want to ditch Cortana they will need access to specific admin tools or to edit the registry.

Users can also minimise the information that Cortana collects, although thisdoes require altering various settings.

Harder for admins to block ads

Another less welcome change is that Windows 10 Pro users lose the ability to use admin tools to block ads.

Prior to the update, admins could edit Group Policy settings to stop ads for apps showing in the Start menu and on the lock screen.

However, Windows 10 Pro users will lose that ability, and, following the update, disabling these ads via Group Policy settings will only be available to those running Windows 10 Enterprise, Windows 10 Pro Education, or Windows 10 Education editions.

Individual users should be able to turn off many of these ads by disabling Windows 10 tips, tricks, and suggestions and Windows Store suggestions in the Settings app, however.

Following the Windows 10 Anniversary Update, new installs of Windows 10 will show double the number of ads for Windows Store apps in the Start Menu. Some users have also reported a possible increase in the number of ads shown on the lock screen following the update.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

Ransomware-as-a-service is exploding: Be ready to pay

RaaS has outgrown smaller targets and now threatens governments, NGOs, and SMBs.

ransomware

It starts with a fast click on a link in a harmless-looking email. Then your PC slows to a crawl. A message suddenly pops up and takes over your screen. “Your files and hard drive have been locked by strong encryption. Pay us a fee in 12 hours, or we will delete everything.” Then a bright red clock begins counting down. No antivirus will save your machine. Pay the fee or lose everything.

You’re the latest victim of a ransomware attack. The scary thing is, you’re not alone. The ransomware market ballooned quickly, from a $400,000 US annual haul in 2012, to nearly $18 million in 2015. The average ransom—the sweet spot of affordability for individuals and SMBs—is about $300 dollars, often paid in cash vouchers or Bitcoin.

The ransomware market scaled up so quickly, claims a recent report by Imperva, due to the rise of ransomware-as-a-service, or RaaS. Here’s how it works:

  • Ransomware authors are marketing on-demand versions of code, using traditional malware distributors in a classic affiliate model.
  • The ransomware author collects the ransom and shares it with the distributor.
  • Malware is distributed through spam email messages, malicious advertisements, and BlackHat SEO sites.
  • According to the Imperva report, “in classical affiliate marketing, the larger cut goes to the possessor of the product. In RaaS … the ransomware author gets a small cut of the funds (5%-25%) while the rest goes to the distributor (affiliate).”
  • Using the deep web, TOR, and Bitcoin, the report says, “this model, based on TOR and Bitcoins, is designed to keep the identity of the author and the distributor hidden from law enforcement agencies.”

Phishing in particular, is a highly effective tactic for malware distribution.

The well-worded email appears to come from a legitimate email address and domain name, and raises very few irregularities. The email comes with a demand for money for an arbitrary service, along with a link that purports to be an “overdue invoice.”

Click that link and open the file (which looks like a Word document), and you’ll become the latest victim of ransomware — that is, malware that encrypts your files and locks you out of your computer until you pay a ransom.

Phishing attacks have also helped ransomware move into the enterprise. In 2015 the medical records system at Hollywood Presbyterian Medical Center was attacked. The hospital paid $17,000 in Bitcoin to unlock the sensitive records. In early 2016 the Lincolnshire County Council was snagged by a phishing scheme and held up for 500 dollars.

To prevent your business from attack, make sure the IT department and communication team are in sync, keep your company’s security systems updated, and remind employees to use caution when clicking on email links from unknown addresses.

If you’ve been hacked, the ransomware rescue kit provides a suite of tools designed to help clean particularly pugnacious malware.

Businesses that suffer ransomware attacks face a tough choice. Paying the fee could restore access to mission-critical data, but there’s no guarantee the extortionists will honor the deal. And of course, paying a ransom provides incentive to hackers and validates the attack.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

CALL US NOW!