Windows 7 Rides Off Into the Sunset

On January 14th of next year, popular computer operating system Windows 7 will reach it’s End of Life stage, and Microsoft will no longer support it in an official capacity. Windows 7 was released in July 2009, and will be discontinued after 11 years. In addition, Windows Server 2008 R2 will also reach End of Life on the same date. 

What does this mean for my organization?

Will my computers still work? Yes, technically your computes running Windows 7 will continue to operate. However, on that date Microsoft will stop issuing patches and security updates for the OS. This means that all computers in your organization still running Windows 7 become vulnerable, which can also expose your entire network.

The biggest issue with continuing to use Windows 7 is that it won’t be patched for any new viruses or security flaws once it enters End of Life, and this leaves you open to any emerging threat. Moreover, hackers and malicious code writers will take advantage of this event to develop new ways to attack the Window 7 OS, knowing that no fixes or patches will come.

It is critical that you begin to plan now to replace or upgrade these machines. Please contact Mosesys about a replacement strategy today.

Advertisements

Why you NEED a password manager

internet screen security protection
Photo by Pixabay on Pexels.com

In this day and age, password managers have become integral. It’s not a matter of if you need a password manager, you simply DO.

If you are storing your passwords in an Excel spreadsheet, or Outlook contact notes, you are taking unnecessary risks with your sensitive data.

Excel encryption is easy to defeat, and Outlook contact notes get synced to every device that accesses the account. What happens to those notes when that device is lost or stolen? It’s easy to access contact notes once a device is compromised. What if the email account gets hacked? The attacker now has all your contact notes as well. In addition, users are everyday granting contact permissions on their devices to apps that may or may not be ‘above the board’.

An even worse practice is using the same password, or variations of the same password across multiple sites. This is possibly the most dangerous security practice you can have. A study¹ by Virginia Tech University found that:

52% of the users studied have the same passwords (or very similar and easily hackable ones) for different services.

Credential Stuffing is a term used to describe an attack in which hackers compromise one site, or obtain usernames and passwords from the black-market (known as the dark web) and then try those passwords on other sites like your email or bank, to see if you are using the same password. They employ computer algorithms to test slight variations on those passwords as well. Many people do, and credential stuffing is the cause of a lot of data breaches today.

 
A password manager is a must. Why? Because they allow you to use strong, complex, unique passwords for every site without struggling to remember multiple passwords. In fact, you only have to remember the master password for the password manager. They also allow for tiered access and multiple user accounts, so that your employees can get access to passwords that you allow, and not others. Their database is encrypted on every device with strong encryption, so that even if the device is lost or stolen, attackers wouldn’t be able to get the information.

At MoseSys we recommend RoboForm

Another popular alternative is LastPass

Both of these companies offer desktop apps, web browser extensions, and mobile apps. They also store your password database in the cloud. For those of you who may be concerned about a third party storing and possibly having access to your sensitive information, a good litmus test is whether or not they can recover your password if you forget it. Both RoboForm and Lastpass cannot. Your password database is encrypted using your master password as a key. This means you are in real trouble if you forget your master password. However, it also means that the companies themselves cannot access your sensitive data.

Ask a MoseSys associate today for more information and assistance in setting up a password manager.

 

¹https://people.cs.vt.edu/gangwang/pass

Apple Releases Multiple Security Updates

Apple has released multiple security updates to various products which address vulnerabilities found.  All those using iPhones, iPads and Macs are going to want to make sure to apply these new updates.

National Cyber Awareness System:

 

Apple Releases Multiple Security Updates

02/07/2019 02:12 PM EST

 

Original release date: February 07, 2019

Apple has released security updates to address vulnerabilities in multiple products, including the recently discovered FaceTime vulnerability. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

A copy of this publication is available at www.us-cert.gov. If you need help or have questions, please send an email to info@us-cert.gov. Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT@ncas.us-cert.gov to your address book.

 

Social Engineering Attacks on the Rise

Currently the most prevalent attacks are based on Phishing.

A Phishing attack is generally an email that appears to be from a known or trusted sender, but is instead an attempt to steal your credentials.  It typically leads you to a login prompt that looks identical to your email or other website login page, and is an attempt to trick you into giving the attackers your account credentials.

A couple of examples:

  • Your email provider asking you to login to a system or website,
  • A trusted associate asking you to “open the attached document,”
  • Your boss asking you to initiate a wire transfer to one of your vendors.

A lot of times, these emails are fraudulent.  The intent is to gain access to an account such as your email or bank account.  From there they are able to gain control of your data or money, and typically use your accounts to further spread their fraudulent emails.

As a MoseSys customer, you are protected in several ways, including exchange mail server anti-spam filters, as well as Webroot anti-virus software.  However, no security measures are infallible.  The next section, employee training is just as vital as any of the other security components.

TRAINING

Probably the most effective tool to mitigate these attacks is proper training of your employees. These are some highlights:

-Never open links or attachments in an email that looks suspicious.

-Never provide your login credentials (email, banking etc.) to a website unless you navigated to that site yourself, directly, without clicking any links in emails or other web pages.

-Do not click a link or open an attachment unless you are expecting it from that specific sender at the time.

-The person sending you the email, although someone you know and trust, may have had their account compromised so that the email actually not coming from them but a hacker who is in control of their account.

-Always double-check the links and sender address to see where they are actually coming from

blog1

From <https://blog.rackspace.com/email-phishing-rise-mailbox-safe>

In the example above, although the underlined blue link appears to directing your browser to paypal.com, by hovering over the link you can see in the bottom grey bar that it’s actually directing you somewhere different.  It’s quite easy to spoof a web-link, or a ‘from’ email address in this manner.

-If you are ever in doubt as to whether a link or attachment is legitimate, pick up the phone and call the person sending it.  Get verbal confirmation from them that it’s safe.

-Look at emails for misspellings, improper grammar, or even strange greetings (Hello Madam!). Often times these attacks are perpetrated by folks who don’t speak English as their first language.

-Be very suspicious of emails that invoke a sense of urgency, trying to get you to act quickly for some stated reason.

-As a rule of thumb, don’t click on links in emails if possible.  If you get an email from FPL asking you to log into your account, instead of clicking the link, open your web browser and type ‘www.fpl.com‘ to access your account.

-Finally, check to see if the SSL certificate is valid.  At the left side of the address bar in most browsers (Internet Explorer, Chrome, Firefox etc) You will see the green padlock symbol to confirm that this web page has a valid certificate from a trusted authority.

blog3blog2

Virtually all websites that ask you to login will have this.  If for any reason you don’t’ see this, or see a red ‘open’ padlock, do not trust the site!

REMEDIATION STEPS

At MoseSys, we have multiple extra security measures that can be implemented to further protect your employees and accounts. Some examples:

-Multi Factor Authentication : any time someone attempts to login to an email account from a new computer or browser, a second form of authentication is required, such as a text message confirmation sent to the employee’s phone

-SafeLinks and SafeAttachments are add-on services available for Office 365 email customers that scan every email your employees receive, analyzing it for dangerous links and/or attachments

-Firewall: Modern security appliances include subscription based services that inspect incoming network traffic, looking for viruses and malware attempting to attack your network.

-Training Seminar: We have prepared a brief 1-1.5 hour seminar for your employees to alert them to the dangers and equip them with the tools necessary to remain safe, and to keep your valuable systems and data safe. Please ask us about this service.

Please contact your MoseSys team today to discuss the possibility of implementing some of these additional security features and services.

If you think you may have clicked on a link in a phishing email, or fallen for an online scam, contact the MoseSys team immediately.  (941) 234-0687

 

 

What is the KRACK Wi-Fi vulnerability, and should you be concerned?

KRACK stands for Key Reinstallation AttaCK, and is a security flaw discovered in the Wi-Fi encryption protocols WPA and WPA2, used in almost all modern-day devices . This includes your laptop, cell phone and tablet. (Most desktop computers do not have wireless capability).

The KRACK vulnerability exists when your device first makes it’s connection to a secured Wi-Fi access point.  Step one is for your device and the access point to exchange authentication information, also known as a ‘handshake’.  By exploiting this vulnerability in WPA and WPA2, this process can be manipulated to allow a third party to obtain the encryption key.  With that, they can execute a ‘Man-in-the-middle’ based attack, and therefore view your data traffic.

Device manufacturers are racing to release patches to fix this security vulnerability.  Among those which are still vulnerable: Apple, Android and Linux devices.  A couple of points below:

  • An attacker needs to be in-range of your device and wireless access point to exploit this vulnerability. For a typical wireless router, this is a little more than 100 ft.
  • If you are using a Windows PC running Windows 7 or newer, and your PC is up-to-date on patches, you are already protected.  Microsoft released a security fix on October 10th. If you are a MoseSys managed customer, with our Patch Doctor system you can be assured that your computers have the latest patches and updates.
  • If you are using an Apple or Android device, stay tuned for patches that will be issued soon.  You may consider not connecting to public Wi-Fi hotspots, or possibly using only cellphone network data in the meantime.
  • If your network utilizes a Sonicwall firewall appliance, no changes are necessary.  Sonicwall units are not vulnerable to the KRACK exploit.
  • If you are using a third party wireless router, consider contacting the router manufacturer to see if they’ve released a new firmware update that fixes the KRACK exploit.  Consider doing the same if you are using your cable provider’s router.
  • Make sure your anti-virus, anti-malware, and software firewalls are patched and up-to-date.  For MoseSys customers, this is another area in which you can rest easy, knowing it’s taken care of.
  • ALWAYS practice discretion when using a public Wi-Fi hotspot. Do not transmit sensitive information , and try to use websites that use the HTTPS protocol (Or show the little padlock symbol in the address bar).

For more information, see PCWorld’s FAQ:

https://www.pcworld.com/article/3233308/security/krack-wi-fi-security-flaw-faq-tips.html#toc-5

Why you NEED a hardware firewall.

In your car, the firewall is a sheet of metal between the cabin and the engine which prevents engine fires from reaching you.

In computer networking, the firewall is just as important, a barrier to keep destructive forces away from your office network.

 

The network firewall performs the following functions:

Intrusion prevention

Your office network is under constant attack.  Malware and bot nets across the globe are slowly, but surely probing every machine connected online to find vulnerable points to attack.  A hardware firewall acts like a gate-keeper, blocking known patterns of malicious intent and hacking.

Packet filtering/inspection

Much like security at the airport, the firewall is constantly inspecting data moving across your network, watching for certain patterns and characteristics of malicious code, suspicious behavior, identifying the good traffic, and blocking the bad.  This includes traffic from the outside trying to gain entry, but also internal traffic trying to get out.

Gateway Anti-Virus and anti-spyware protection

Hardware firewalls compare known virus and spyware signatures against what they observe traveling through your network, with the ability to stop a large number of threats before they can even get to company equipment.

Several methods are employed by unscrupulous individuals to gain access to, or control of your computer equipment.  Many of these can be mitigated in full or partially by a hardware firewall.  Among them are:

-Unauthorized Remote login

-Application backdoors

-Operating system bugs/security flaws

-Denial of Service attacks

-E-mail bombs

-Macros

-Ransomware

In today’s environment, if your business employs a computer network, a hardware firewall is a must.  Please ask a MoseSys team member today how you can add this essential piece of protection to your network.

941-234-0687

support@mosesys.com

 

Ransomware, what is it, and what can you do about it?

 

Some of you may have recently read about WannaCry, the largest ransomware attack ever recorded, currently spreading to computer systems around the globe.  What is ransomware? In a nutshell, it is a variant of malware (malicious software) which encrypts data without your permission.  Once encrypted, it will attempt to extort money from the victim for the safe restoration of said files, basically holding your files hostage.

Many companies today are using old, out of date hardware and software, and lack a solid security or backup program that would help to mitigate this threat.  The majority of these malicious attacks are the result of a user clicking on a link or attachment in an email, or browsing unsafe websites.  WannaCry also utilizes a worm, which is malware that can actually seek out and spread to other vulnerable PCs on your network.

WannaCry is just the beginning.  Due to the unfortunate success of these types of cyberattacks, we will almost certainly see an increase going forward, both in the number of attacks, and their sophistication.

Below is a list of some of the steps your organization can take to prevent a ransomware attack, and how being a MoseSys customer helps to mitigate this threat.

  1.  System security – An effective, up to date security software is essential in preventing cyberattacks of all kinds.  Our service includes industry-leading antivirus and malware prevention software on each computer, constantly monitoring for virus and malware signatures and activities.    Our security tools are cloud based, providing instant updates and signatures for known attacks.
  2. User Security – We also recommend restricting access to administrative privileges for your users.  The Principle of Least Privilege is a rule in IT security that dictates the limiting of employee user rights to the minimal level that will allow them to perform their job, no more.  This principle goes a long way in minimizing the potential damage of any security breach, both accidental and malicious.
  3. Consistent patching – The fix for the WannaCry exploit has already been released by Microsoft, listed below:

KB4019216 — Windows 8 and Windows Server 2012

KB4019264 — Windows 7 and Windows 2008 R2

KB4019215 — Windows 8.1 and Windows 2012 R2

KB4012598 — Windows XP, Windows Server 2003, Windows 8, Windows XP Embedded

Vulnerable systems are the ones that don’t update regularly, or are running an out-of-date version of Windows.  As a MoseSys customer, your systems are always up-to-date with the latest critical security updates from Microsoft and other vendors.  Our Patch Doctor software monitors the patch status of your machines, and attempts to redeploy any failed attempt, alerting us along the way.

4. Email – As mentioned earlier, the majority of these attacks infect the system   through email attachments and links.  As a MoseSys exchange email customer, your emails and attachments are filtered through multi-stage, server-level virus detection tools, before they even get to your inbox.   This includes 60 types of filtering techniques that rid incoming email of worms, viruses, phishing attempts and other protocol-based vulnerabilities.

5. Backup –  A solid backup strategy is critical.  Ransomware is so effective because most victims do not have another copy of the encrypted data, or in some cases the backup data also becomes encrypted.   MoseSys backup solutions include cloud and local backup solutions for redundancy.

6. User Training – It is essential that your employees practice good digital hygiene, especially when using company computers and accounts. This includes being cautious about suspicious emails, links and attachments.  If you are not sure if an email is legitimate, try to contact the sender or company directly to confirm. Avoid unknown and suspect websites and weblinks while using company equipment.  Remember that sometimes legitimate sites contain ads or links that can take you to third parties who are not as well known or proven.

Please contact your MoseSys support team with any questions.

For additional information please review the US Federal Computer Emergency Readiness Team (US-CERT) recommendations for users:

https://www.us-cert.gov/security-publications/Ransomware