Social Engineering Attacks on the Rise

Currently the most prevalent attacks are based on Phishing.

A Phishing attack is generally an email that appears to be from a known or trusted sender, but is instead an attempt to steal your credentials.  It typically leads you to a login prompt that looks identical to your email or other website login page, and is an attempt to trick you into giving the attackers your account credentials.

A couple of examples:

  • Your email provider asking you to login to a system or website,
  • A trusted associate asking you to “open the attached document,”
  • Your boss asking you to initiate a wire transfer to one of your vendors.

A lot of times, these emails are fraudulent.  The intent is to gain access to an account such as your email or bank account.  From there they are able to gain control of your data or money, and typically use your accounts to further spread their fraudulent emails.

As a MoseSys customer, you are protected in several ways, including exchange mail server anti-spam filters, as well as Webroot anti-virus software.  However, no security measures are infallible.  The next section, employee training is just as vital as any of the other security components.

TRAINING

Probably the most effective tool to mitigate these attacks is proper training of your employees. These are some highlights:

-Never open links or attachments in an email that looks suspicious.

-Never provide your login credentials (email, banking etc.) to a website unless you navigated to that site yourself, directly, without clicking any links in emails or other web pages.

-Do not click a link or open an attachment unless you are expecting it from that specific sender at the time.

-The person sending you the email, although someone you know and trust, may have had their account compromised so that the email actually not coming from them but a hacker who is in control of their account.

-Always double-check the links and sender address to see where they are actually coming from

blog1

From <https://blog.rackspace.com/email-phishing-rise-mailbox-safe>

In the example above, although the underlined blue link appears to directing your browser to paypal.com, by hovering over the link you can see in the bottom grey bar that it’s actually directing you somewhere different.  It’s quite easy to spoof a web-link, or a ‘from’ email address in this manner.

-If you are ever in doubt as to whether a link or attachment is legitimate, pick up the phone and call the person sending it.  Get verbal confirmation from them that it’s safe.

-Look at emails for misspellings, improper grammar, or even strange greetings (Hello Madam!). Often times these attacks are perpetrated by folks who don’t speak English as their first language.

-Be very suspicious of emails that invoke a sense of urgency, trying to get you to act quickly for some stated reason.

-As a rule of thumb, don’t click on links in emails if possible.  If you get an email from FPL asking you to log into your account, instead of clicking the link, open your web browser and type ‘www.fpl.com‘ to access your account.

-Finally, check to see if the SSL certificate is valid.  At the left side of the address bar in most browsers (Internet Explorer, Chrome, Firefox etc) You will see the green padlock symbol to confirm that this web page has a valid certificate from a trusted authority.

blog3blog2

Virtually all websites that ask you to login will have this.  If for any reason you don’t’ see this, or see a red ‘open’ padlock, do not trust the site!

REMEDIATION STEPS

At MoseSys, we have multiple extra security measures that can be implemented to further protect your employees and accounts. Some examples:

-Multi Factor Authentication : any time someone attempts to login to an email account from a new computer or browser, a second form of authentication is required, such as a text message confirmation sent to the employee’s phone

-SafeLinks and SafeAttachments are add-on services available for Office 365 email customers that scan every email your employees receive, analyzing it for dangerous links and/or attachments

-Firewall: Modern security appliances include subscription based services that inspect incoming network traffic, looking for viruses and malware attempting to attack your network.

-Training Seminar: We have prepared a brief 1-1.5 hour seminar for your employees to alert them to the dangers and equip them with the tools necessary to remain safe, and to keep your valuable systems and data safe. Please ask us about this service.

Please contact your MoseSys team today to discuss the possibility of implementing some of these additional security features and services.

If you think you may have clicked on a link in a phishing email, or fallen for an online scam, contact the MoseSys team immediately.  (941) 234-0687

 

 

Advertisements

What is the KRACK Wi-Fi vulnerability, and should you be concerned?

KRACK stands for Key Reinstallation AttaCK, and is a security flaw discovered in the Wi-Fi encryption protocols WPA and WPA2, used in almost all modern-day devices . This includes your laptop, cell phone and tablet. (Most desktop computers do not have wireless capability).

The KRACK vulnerability exists when your device first makes it’s connection to a secured Wi-Fi access point.  Step one is for your device and the access point to exchange authentication information, also known as a ‘handshake’.  By exploiting this vulnerability in WPA and WPA2, this process can be manipulated to allow a third party to obtain the encryption key.  With that, they can execute a ‘Man-in-the-middle’ based attack, and therefore view your data traffic.

Device manufacturers are racing to release patches to fix this security vulnerability.  Among those which are still vulnerable: Apple, Android and Linux devices.  A couple of points below:

  • An attacker needs to be in-range of your device and wireless access point to exploit this vulnerability. For a typical wireless router, this is a little more than 100 ft.
  • If you are using a Windows PC running Windows 7 or newer, and your PC is up-to-date on patches, you are already protected.  Microsoft released a security fix on October 10th. If you are a MoseSys managed customer, with our Patch Doctor system you can be assured that your computers have the latest patches and updates.
  • If you are using an Apple or Android device, stay tuned for patches that will be issued soon.  You may consider not connecting to public Wi-Fi hotspots, or possibly using only cellphone network data in the meantime.
  • If your network utilizes a Sonicwall firewall appliance, no changes are necessary.  Sonicwall units are not vulnerable to the KRACK exploit.
  • If you are using a third party wireless router, consider contacting the router manufacturer to see if they’ve released a new firmware update that fixes the KRACK exploit.  Consider doing the same if you are using your cable provider’s router.
  • Make sure your anti-virus, anti-malware, and software firewalls are patched and up-to-date.  For MoseSys customers, this is another area in which you can rest easy, knowing it’s taken care of.
  • ALWAYS practice discretion when using a public Wi-Fi hotspot. Do not transmit sensitive information , and try to use websites that use the HTTPS protocol (Or show the little padlock symbol in the address bar).

For more information, see PCWorld’s FAQ:

https://www.pcworld.com/article/3233308/security/krack-wi-fi-security-flaw-faq-tips.html#toc-5

Why you NEED a hardware firewall.

In your car, the firewall is a sheet of metal between the cabin and the engine which prevents engine fires from reaching you.

In computer networking, the firewall is just as important, a barrier to keep destructive forces away from your office network.

 

The network firewall performs the following functions:

Intrusion prevention

Your office network is under constant attack.  Malware and bot nets across the globe are slowly, but surely probing every machine connected online to find vulnerable points to attack.  A hardware firewall acts like a gate-keeper, blocking known patterns of malicious intent and hacking.

Packet filtering/inspection

Much like security at the airport, the firewall is constantly inspecting data moving across your network, watching for certain patterns and characteristics of malicious code, suspicious behavior, identifying the good traffic, and blocking the bad.  This includes traffic from the outside trying to gain entry, but also internal traffic trying to get out.

Gateway Anti-Virus and anti-spyware protection

Hardware firewalls compare known virus and spyware signatures against what they observe traveling through your network, with the ability to stop a large number of threats before they can even get to company equipment.

Several methods are employed by unscrupulous individuals to gain access to, or control of your computer equipment.  Many of these can be mitigated in full or partially by a hardware firewall.  Among them are:

-Unauthorized Remote login

-Application backdoors

-Operating system bugs/security flaws

-Denial of Service attacks

-E-mail bombs

-Macros

-Ransomware

In today’s environment, if your business employs a computer network, a hardware firewall is a must.  Please ask a MoseSys team member today how you can add this essential piece of protection to your network.

941-234-0687

support@mosesys.com

 

Ransomware, what is it, and what can you do about it?

 

Some of you may have recently read about WannaCry, the largest ransomware attack ever recorded, currently spreading to computer systems around the globe.  What is ransomware? In a nutshell, it is a variant of malware (malicious software) which encrypts data without your permission.  Once encrypted, it will attempt to extort money from the victim for the safe restoration of said files, basically holding your files hostage.

Many companies today are using old, out of date hardware and software, and lack a solid security or backup program that would help to mitigate this threat.  The majority of these malicious attacks are the result of a user clicking on a link or attachment in an email, or browsing unsafe websites.  WannaCry also utilizes a worm, which is malware that can actually seek out and spread to other vulnerable PCs on your network.

WannaCry is just the beginning.  Due to the unfortunate success of these types of cyberattacks, we will almost certainly see an increase going forward, both in the number of attacks, and their sophistication.

Below is a list of some of the steps your organization can take to prevent a ransomware attack, and how being a MoseSys customer helps to mitigate this threat.

  1.  System security – An effective, up to date security software is essential in preventing cyberattacks of all kinds.  Our service includes industry-leading antivirus and malware prevention software on each computer, constantly monitoring for virus and malware signatures and activities.    Our security tools are cloud based, providing instant updates and signatures for known attacks.
  2. User Security – We also recommend restricting access to administrative privileges for your users.  The Principle of Least Privilege is a rule in IT security that dictates the limiting of employee user rights to the minimal level that will allow them to perform their job, no more.  This principle goes a long way in minimizing the potential damage of any security breach, both accidental and malicious.
  3. Consistent patching – The fix for the WannaCry exploit has already been released by Microsoft, listed below:

KB4019216 — Windows 8 and Windows Server 2012

KB4019264 — Windows 7 and Windows 2008 R2

KB4019215 — Windows 8.1 and Windows 2012 R2

KB4012598 — Windows XP, Windows Server 2003, Windows 8, Windows XP Embedded

Vulnerable systems are the ones that don’t update regularly, or are running an out-of-date version of Windows.  As a MoseSys customer, your systems are always up-to-date with the latest critical security updates from Microsoft and other vendors.  Our Patch Doctor software monitors the patch status of your machines, and attempts to redeploy any failed attempt, alerting us along the way.

4. Email – As mentioned earlier, the majority of these attacks infect the system   through email attachments and links.  As a MoseSys exchange email customer, your emails and attachments are filtered through multi-stage, server-level virus detection tools, before they even get to your inbox.   This includes 60 types of filtering techniques that rid incoming email of worms, viruses, phishing attempts and other protocol-based vulnerabilities.

5. Backup –  A solid backup strategy is critical.  Ransomware is so effective because most victims do not have another copy of the encrypted data, or in some cases the backup data also becomes encrypted.   MoseSys backup solutions include cloud and local backup solutions for redundancy.

6. User Training – It is essential that your employees practice good digital hygiene, especially when using company computers and accounts. This includes being cautious about suspicious emails, links and attachments.  If you are not sure if an email is legitimate, try to contact the sender or company directly to confirm. Avoid unknown and suspect websites and weblinks while using company equipment.  Remember that sometimes legitimate sites contain ads or links that can take you to third parties who are not as well known or proven.

Please contact your MoseSys support team with any questions.

For additional information please review the US Federal Computer Emergency Readiness Team (US-CERT) recommendations for users:

https://www.us-cert.gov/security-publications/Ransomware

 

3 New Features for Windows 10

1. The Start Menu

For you Windows 7 users, rest easy, because this is here to stay. For the Windows 8 users, the start menu is back with its full functionality – and then some. The aesthetics of the new start menu combine the basics of the start menu from Windows 7 with the sleek\ tiles that were a part of Windows 8. The customization of this helps you to access what you need much faster and boosts productivity. Open the Start Menu, click on Settings, Personalization, and then Start. Make the Start Menu work for you. Microsoft created a helpful onboarding resource
for this feature as well.

2. Microsoft Edge

Although this is the new web browser, do not worry – Internet Explorer 11 will be available by default in your upgrade. It is worth noting that many business applications remain untested with Microsoft Edge. If you find that Microsoft Edge is popping up as your default browser, this article will help you with that. Remember that super awesome Start Menu we spoke about above? Click in the search bar right next to it, and type “Default Programs.” Open that up, find Internet Explorer on the left, and click on it. There will now be an option to click that states “Set this program as default.”

3. Search Enhancements

Find anything on your PC. No, really. On the bottom left, to the right of the Start Menu, type a term in that search box. If it doesn’t automatically populate, click on the “My Stuff” icon on the bottom of that pop-up window. Your machine will be scanned for files, applications, pictures – just about anything – containing any or all of that search term within that file name. Don’t catch yourself drilling down through menus trying to find something. Don’t waste your time digging and trying to find that one file you thought you’d never need again. Use this search function
to help save time.

Internet of Things (IoT)

What is the Internet of Things?

Since the invention of smart phones and tablet PCs, technology has been growing at lightning speed. We now have the ability for internet connectivity on so many devices throughout our homes and businesses. Simply put, IoT is the concept of connecting any device with an on/off switch to the internet and to one another. Smart devices are now being used in a multitude of industries from Energy and roadway safety to your home and healthcare.

According to an article by TechTarget.com;


A thing, in the Internet of Things, can be a person with a heart monitor implant, a farm animal with a biochip transponder, an automobile that has built-in sensors to alert the driver when tire pressure is low — or any other natural or man-made object that can be assigned an IP address and provided with the ability to transfer data over a network.

Since the invention of technology we’ve seen this coming. An age where everyone and everything is connected.

“In the next century, planet earth will don an electronic skin. I will use the internet as a scaffold to support and transmit its sensations.” – Neil Gross 1999

Here we are only seventeen years later and we now have the ability to do almost everything from the palm of our hand. The reality is that IoT allows for endless opportunities and connections to take place, many of which we cannot even begin to comprehend today. More than 90% of homes in the United States of America have three or more devices which are connected to the internet. The average American household consist of two adults, two children, and a pet. The following table shows an example of the devices which may be within that home.

Device Number Within Home
Smart TVs 1-3
Tablet 2-4
Game Consoles 1-2
Ipod/Mp3 Players 2-4
FitBits 1-2
Pet Microchip 1

These items add up to between eight and fifteen items which are connected to the internet on a regular basis. This doesn’t include any other smart devices you may have hooked up such as; lights, door locks, electrical outlets, thermostats, smart sprinkler controllers, IP cameras, or the hands free speakers you control with your voice.

Issues with the Internet of Things

Security and Privacy are the biggest issues we face with IoT. For example, your new lamp simple as plug it in and it asks to connect to your home Wi-Fi network. Developers of these devices and applications, in many instances, have no experience in security. Their expertise is in creating devices or appliances for the home. Or maybe they are a startup company trying to develop their product as fast and efficient as possible, to keep costs low. Most of these devices have little or no built-in security and therefore place you and your data at risk. Without the proper software updates and security precautions, these devices can be hacked and have malware installed which can then propagate throughout your network. This not only leaves your devices at risk but it also gives would-be criminals access to your personal information.

Some of these devices actually ask for permission to access information which they really do not need. For instance, there was a flashlight application for smart phones here a few months ago which was requesting access to multiple services on the phone including;

  • Phone Calls
  • Network Communication
  • GPS Location

The question becomes, why does an application that is supposed to only be turning a light on and off require access to things such as GPS location or have network connectivity?

Top 5 ways to secure your devices:

With all these devices, what are the best ways to protect your family and data from theft and corruption? We’ll look at the top five ways to secure your devices and protect your data.

  1. Connect Only What Has to be Connected:

    This is the simplest way to protect yourself and data when it comes to IoT devices. If a device does not need to be online to work then don’t connect it to your Wi-Fi network.

  2. Have A Separate Wi-Fi Network:

    If require an internet connection to work, consider creating a separate Wi-Fi network just for your IoT devices. Most wireless access points (AP) come with the capability of turning on additional networks, such as a guest network. Even the wireless AP you get from internet service provider will generally come with this capability ad is sometimes already configured. Another option would be to purchase a separate AP This ensures any device connected to this network will have no access to your main network therefore your other devices are safe from infection and your data as well.

  3. Strong Passwords:

    Strong passwords are one of the best ways to protect your network. If your IoT device has the ability, change the password to a unique passphrase only you know. An example of a strong password would be something like the following:

    Tuck#1926

    This meets the follow requirements:

  • Contains a capital letter
  • Contains a lowercase letter
  • Is apha-numeric
  • Contains a special character ie. (!@#$%^&*-_=+)

If you can’t remember all the different passwords, then don’t worry, neither can we. You may consider using a password manager which will securely store them all for you.

4. Update When Possible:

Just as your PC, all these devices need to be kept up to date on their latest security and firmware updates. Most devices have the option to do this automatically. If so, enable it. There is no reason to leave a whole in your security because of an update.

5. Privacy Options:

Your IoT device may have privacy settings which can be enabled to limit the amount of information it shares. If possible, disable any information sharing capabilities. This will ensure your information is not shared outside of your personal network.

In summary:

There is no one size fits all rule when it comes to IoT devices. You have to implement the measures which are right for you, your home or organization, and the devices which you are using. It is worth the time to do a little research on your devices and find out the best way to secure them. In the end, it is about privacy. If you wouldn’t share it with the world why give them access?