Back to Top

Tech, Web, Cloud & Cabling Services

Category: Security

Security Category

Office 365 to get enhanced Anti-spoofing capabilities

Enhanced anti-spoofing safeguards are rolling out for Office 365.

Microsoft services like OneDrive for Business, SharePoint Online, and Microsoft Teams are closely guarded by ATP (Advanced Threat Protection). Besides, there are numerous feature updates available in Office 365 threat protection service to address the evolution and advances in the threat landscape. The addition of enhanced Anti-Spoofing capability in Office ATP for protecting against spoofed emails from external domains further strengthens this security framework.

Anti-spoofing in Office 365 Advanced Threat Protection

The newest anti-spoof features help protect organizations from external domain spoof.  Office 365 recognizes emails from external domains having proper SPF, DMARC, and DKIM authentication settings as legitimate/authentic and therefore allow them to pass authentication, uninterrupted.

This normal process is however challenged when external domains do not have these settings properly configured. Without enforcement of these settings, domains show a high likelihood of being manipulated and maliciously spoofed, leaving customers vulnerable to phishing or spam attacks. The new external domain anti-spoofing capabilities help detect and block emails from external domains that do not have the following features,

  1. Correct authentication configuration
  2. An email infrastructure source with an unknown history

How does it work?

A newly enhanced filter in ATP first checks if the email from external domains, passes SPF, DKIM, and DMARC test.  If not, the filter thoroughly checks for historical sending patterns of that domain and associated infrastructure. If any suspicious behavior is noted, ATP assumes the sender does not bear a good reputation and as such, proceeds to junk the message.

Also, a feature worth noticing about Anti-spoofing – The filter constantly evolves and enhances itself based on mail flow patterns it observes.  ATP subscribers can access the spoof intelligence report in their Antispam Policy and take necessary actions if required.

What you need to know about the WannaCry Ransomware

What has happened?

On May 12, 2017 a new variant of the Ransom.CryptXXX ransomware family (detected as Ransom.Wannacry) began spreading widely, impacting a large number of organizations, particularly in Europe.

What is the WannaCry ransomware?

WannaCry encrypts data files and asks users to pay a US$300 ransom in bitcoins. The ransom note indicates that the payment amount will be doubled after three days. If payment is not made after seven days, the encrypted files will be deleted.

Figure 1. Ransom demand screen displayed by the WannaCry Trojan

It also drops a file named !Please Read Me!.txt which contains the ransom note.

Figure 2. Ransom demand note from WannaCry Trojan

It propagates to other computers by exploiting a known SMB remote code execution vulnerability (MS17-010) in Microsoft Windows computers.

Are you protected against this threat?

South Jersey Techies, LLC recommends and offers Symantec Endpoint Protection to its clients. Symantec Endpoint Protection customers are protected against WannaCry using a combination of technologies: Antivirus, SONAR protection, Network-based protection.

All South Jersey Techies Managed IT Services client computers have the latest Windows security updates installed, in particular MS17-010, to prevent spreading. If your business / organization is not on our Managed IT Services plan please check or contact us to ensure that you have the latest updates installed.

Who is impacted?

A number of organizations globally have been affected, the majority of which are in Europe.

Is this a targeted attack?

No, this is not believed to be a targeted attack at this time. Ransomware campaigns are typically indiscriminate.

Can I recover the encrypted files?

Decryption is not available at this time but companies are investigating. South Jersey Techies, LLC does not recommend paying the ransom. Encrypted files should be restored from back-ups where possible. South Jersey Techies offers a number of backup solutions including Carbonite Online Backup and cloud storage solutions. If you are unsure about your computer / server backups, please check or contact us to discuss the best solution for your business.

What are best practices for protecting against ransomware?

  • New ransomware variants appear on a regular basis. Always keep your security software up to date to protect yourself against them.
  • Keep your operating system and other software updated. Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by ransomware attackers.
  • Email is one of the main infection methods. Be wary of unexpected emails especially if they contain links and/or attachments.
  • Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.
  • Backing up important data is the single most effective way of combating ransomware infection. Attackers have leverage over their victims by encrypting valuable files and leaving them inaccessible. If the victim has backup copies, they can restore their files once the infection has been cleaned up. However organizations should ensure that back-ups are appropriately protected or stored off-line so that attackers can’t delete them.
  • Using cloud services could help mitigate ransomware infection, since many retain previous versions of files, allowing you to “roll back” to the unencrypted form.

Have additional questions?

Feel free to call us at contact us or (856) 745-9990 with any questions you may have.

South Jersey Techies – Managed Services for Businesses

If you’re  tired of the break and fix relationship you have with technology, and would  like a proactive approach for keeping your business running smoothly…

Managed Services

South Jersey Techies, LLC offers complete Flat Rate IT management solutions that take the hassle out  of managing and maintaining your critical IT systems. We’ll customize a managed services support  plan that is tailored to your environment and meets and exceeds the specific  needs for your technology management and support.

What is Managed IT Services?

Managed IT Services is a new solution to an old problem. Instead of the traditional pay to fix a problem as it happens, you pay one  consistent monthly price and your computers, servers and network are  continuously and proactively kept running efficiently.

Automate IT Actions

Automate | Cut Costs | Boost Profits

Being more productive and proactive brings more success in your business. Automation is the key to increase productivity. Maximize  your IT budget and staff by offloading routine IT functions to South Jersey Techies, LLC.

South Jersey Techies, LLC is  always working to provide you with the tools you need to control cost, maintain  continuity, and manage change in your evolving business environment.

Cut Operational Cost

Our  Managed Services enable you to focus more on your business while South Jersey Techies, LLC  proactively manages and monitors your data, security and voice networks.

South Jersey Techies automates your repeated activities such as updating antivirus definitions, upgrading Internet Explorer, installing software, executing scripts, etc. and helps you to concentrate on things that offer more value to your business.

Automation drives to cut down operational costs and achieve higher profits. Our Operations Center will proactively monitor the desktops, servers and applications for availability and performance and reduce down times of business critical applications.

 

Mobile Application Management (MAM)

Mobile Device Management does not stop with configuring policies, getting asset information, and securing a mobile device. The MDM solution should also provide the administrators the ability to manage the Apps that are installed on the devices.

SJT Support also provides the Mobile Application Management (MAM) capability that helps administrators perform the following management functions:

  • App Management
  • App Distribution
  • VPP Integration
  • Reports 

App management:

  • Manage the Apps over the Air (OTA) to groups/devices.
  • Automatically get App information from App Store
  • Maintain a repository of all Apps used in the network
  • View the list of Apps and their installation count on mobile devices.

App distribution:

  • Seamless distribution of both in-house and App Store Apps to devices and group of devices
  • Advertise Apps on App Catalog and make user choose to install themselves
  • Get the status of the deployed Apps on the users’ devices
  • Remove Apps when not required anymore

Integrate with Volume Purchase Program (VPP):

  • Integrates with Apple Volume Purchase Program to install commercial apps.
  • Automatically assign redemption codes to users upon installation or revoke when not installed
  • Get notified on insufficient redemption codes

Reports:

  • Comprehensive reports helps to monitor apps installed in device.
  • Specific reports can be extracted like:
    • Apps by Devices – Generates the report based on apps available in the device.
    • Devices with/without specific app – Generates report based on specific app.

Kill Your Java Plugin Now!

Java Plugin Security Information

Kill your java plugin as soon as possible.

A new Java zero-day security vulnerability is already being actively exploited to compromise PCs. The best way to defend against the attacks is to disable any Java browser plugins on your systems.

The offending bug is present in fully patched and up-to-date installations of the Java platform, now overseen by database giant Oracle, according to Jaime Blasco, head of labs at security tools firm AlienVault.

“The exploit is the same as the zero-day vulnerabilities we have been seeing in the past year in IE, Java and Flash,” Blasco stated.

“The hacker can virtually own your computer if you visit a malicious link thanks to this new vulnerability. At the moment, there is no patch for this vulnerability, so the only way to protect yourself is by disabling Java.”

The exploit targets Java 7 update 10 and prior versions. No fix is available and early indications suggest that exploitation is widespread. Brian Krebs reckons the exploit has found its way into crimeware toolkits, such as the Blackhole Exploit Kit, which will uses the hole to infect victims with software nasties.

Java vulnerabilities were abused by the infamous Flashback Trojan, creating the first botnet on Mac OS X machines in the process last year. In the years before that attacks on Java and Adobe applications have eclipsed browser bugs as hackers’ favourite way into a system.

In all but a limited number of cases Java support in web browsers is not mandatory for home users, unless required by a banking website or similar, so disabling plugins even as a temporary measure is a good idea. Businesses, on the other hand, that rely on Java for particular applications are not so fortunate.

While waiting for a patch from Oracle to plug the gaping hole, you can contact South Jersey Techies by emailing support@sjtechies.com to make sure your systems are protected.

Java Update Coming Tuesday

Oracle says Java Update Coming Tuesday!

Oracle is working on an update to address a flaw in its Java software.

The company says it will release a patch that will fix 86 vulnerabilities in Java 7 on Tuesday.

The Department of Homeland Security last week said computer users should disable the program in web browsers because hackers were using a zero-day vulnerability to attack computer systems. Criminals were using the flaw to stealthily install malware on the computers of users who visit compromised websites.

The problem, which affects Oracle Java 7 update 10 and earlier, can allow an untrusted Java applet to escalate its privileges, without requiring code signing.

 

 

Java, which is running on 850 million computers, is a computer language that lets programmers write software using just one set of codes for computers running Windows, Apple OS X and Linux. Internet browsers use it to access web content and computers and other devices use it to run a plethora of programs.

 

 

In fact, Java is so ubiquitous that the software has become a major bull’s-eye for hackers. Last year, Java overtook Adobe Reader as the most frequently attacked software, according to computer security firm Kaspersky Lab.

Mac users probably don’t have to worry because Apple already removed Java plug-ins from OS X browsers. Apple apparently learned a lesson last year when it took its time making a Java patch available and as a result more than 600,000 Macs were infected with malware.

Last February, Oracle released a fix for a targeted vulnerability identified as CVE-2012-0507 and included it in an update for the Windows version of Java. However, since Apple distributes a self-compiled version of Java for Macs, it ports Oracle’s patches to it according to its own schedule, which can be months behind the one for Java on Windows.

Mozilla also has blacklisted all current releases of Java.

LivingSocial’s Cyber Attack

living-social-logo

Recent victim of a cyber-attack is the local daily deal site, LivingSocial.  Protected during the attack was merchant and customer banking and credit card information.  Regrettably, 50 million subscriber names, date of birth, e-mail addresses and hashed passwords were compromised.

Steps to further protect your personal information:

  1. An e-mail from LivingSocial will provide you with the necessary steps to create a new password.
  2. If you are using the same password for multiple accounts it is strongly recommended to change all passwords.
  3. After an attack, hackers try to use phishing to extract additional information.  Before changing your password make sure that you are directed to www.livingsocial.com.
  4. Always protect yourself by never sending personal information via e-mail to any person or organization.

Protection for WiFi

Takeaway:  Five simple ways to protect your information when using WiFi and Hotspots.LOCK2

WiFi is exchanging data through a wireless local area network (WLAN) from electronic devices including smartphones, laptops and tablets.

Also, WiFi is available in public places such as Airports and Restaurants.  Identity Thieves, Hackers and Criminals take advantage of WiFi because it is convenient for users to access personal information.

1.  Avoid accessing your bank accounts & online stores:

When using public WiFi, it is best to avoid using your credit card or banking information.

2.  Double check the WiFi name:

Prior to connecting to a public network double check with an employee for their network name.  Identity thieves can create a false Hot-Spot, have users connect and then steal personal information.

3.  Turn-Off “Auto Connect”:

Stay in control of what networks you connect to, smartphones have a setting that automatically connects you to the closest open network.  Simply, turn this setting off to decide what networks to connect to.

4.  Never use the same Password:

An additional step you can take to keep online accounts safe is to use different passwords for each account.   Using the same password makes stealing your information easier for criminals.

5.  Check the Lock:

The extra layer of security is the locked padlock in the address bar of your browser or “https” which means that your information has been encrypted.

Implementing BYOD

BYOD

Bring-Your-Own-Device (BYOD) is permitting employees to bring personal devices (laptops, tablets, and smart phones) to their workplace, and use those devices to access company information and applications.

Create a Private App Store

Designing a private App Store provides the ability to manage custom and purchased apps.  Businesses can manage apps by pushing mandatory apps, approving recommended apps and blocking rouge or unrelated apps.

Policy Compliance

Policies ensure security, productivity, protection of resources and reduce risks.  Implementing a location-based service (LBS) such as Geo-Fencing and GPS will set limitations on access to data based on location.

Strong Security

There are many layers of security for a BYOD environment.  Device enrollment can be a one-time passcode and/or Active Directory credentials.  Applying user profiles will distribute policies, restrictions and Apps based on logical groups (department/location/device type).  Other types of security are tracking device locations, Remote Lock, Complete Wipe and Corporate Wipe.

Track Usage

Usage thresholds can be monitored based on talk, text, data and roaming for each user.  Setting up alerts and reports for misuse, excessive bandwidth, additional charges and security exposures will help track usage appropriately. 

Banning Rouge Devices

Compromised devices such as “jail broken” iPhone or a rooted Android should be restricted from accessing enterprise data and resources.  Compromised devices are susceptible to virus attacks.

For more information on Mobile Device Management

Contact us at 856-745-9990 or click here.

 

New Security Threat: CryptoWall

 

crypt

In October of last year news broke about a new form of malware called Cryptolocker. This malware posed a particularly large threat to many business users and led to many quick and important security updates. Now, almost a year later, it appears that the second version of this – CryptoWall – has been released and is beginning to infect users.

What is Crypto malware?

Crypto malware is a type of trojan horse that when installed onto computers or devices, holds the data and system hostage. This is done by locking valuable or important files with a strong encryption. You then see a pop-up open informing you that you have a set amount of time to pay for a key which will unlock the encryption. If you don’t pay before the deadline, your files are deleted.

When this malware surfaced last year, many users were understandably more than a little worried and took strong precautions to ensure they did not get infected. Despite these efforts, it really didn’t go away until earlier this year, when security experts introduced a number of online portals that can un-encrypt files affected by Cryptolocker, essentially neutralizing the threat, until now that is. A recently updated version is threatening users once again.

Cryptolocker 2.0, aka. CryptoWall

Possibly because of efforts by security firms to neutralize the Cryptolocker threat, the various developers of the malware have come back with an improved version, CryptoWall and it is a threat that all businesses should be aware of.

With CryptoWall, the transmission and infection methods remain the same as they did with the first version: It is most commonly found in zipped folders and PDF files sent over email. Most emails with the malware are disguised as invoices, bills, complaints, and other business messages that we are likely to open.

The developers did however make some “improvements” to the malware that make it more difficult to deal with for most users. These changes include:

  • Unique IDs are used for payment: These are addresses used to verify that the payment is unique and from one person only. If the address is used by another user, payment will now be rejected. This is different from the first version where one person who paid could share the unlock code with other infected users.
  • CryptoWall can securely delete files: In the older version of this threat, files were deleted if the ransom wasn’t paid, but they could be recovered easily. In the new version the encryption has increased security which ensures the file is deleted. This leaves you with either the option of paying the ransom or retrieving the file from a backup.
  • Payment servers can’t be blocked: With CryptoLocker, when authorities and security experts found the addresses of the servers that accepted payments they were able to add these to blacklists, thus ensuring no traffic would come from, or go to, these servers again. Essentially, this made it impossible for the malware to actually work. Now, it has been found that the developers are using their own servers and gateways which essentially makes them much, much more difficult to find and ban.

How do I prevent my systems and devices from being infected?

Unlike other viruses and malware, CryptoWall doesn’t go after passwords or account names, so the usual changing of your passwords won’t really help. The best ways to prevent this from getting onto your systems is:

  • Don’t open any suspicious attachments – Look at each and every email attachment that comes into your inbox. If you spot anything that looks odd, such as say a spelling mistake in the name, or a long string of characters together, then it is best to avoid opening it.
  • Don’t open emails from unknown sources – Be extra careful about emails from unknown sources, especially ones that say they provide business oriented information e.g., bank statements from banks you don’t have an account with or bills from a utilities company you don’t use. Chances are high that they contain some form of malware.

CALL US NOW!