What Security Measures are Most Effective at Fighting Ransomware

 

In response to the announcements today from both the US and UK governments about significant persistent cyber threats from state actors, I though it would be important to bring in an expert.

Here is a guest post from Stu Sjouwerman from KnowBe4– out preferred vendor for cyber awareness training. We just had our staff go through some of the training modules- and we were amazed. Amazed may be the wrong word- scared s#*&less may be more accurate. The threats out there are so deadly for businesses and organizations of all sizes and industries.

The Spiceworks staff wrote: “Years after CryptoLocker raised its ugly head — setting off an unfortunate security trend — ransomware continues to be a rather painful thorn in the side of IT professionals and organizations around the world. phishing

In 2017, we saw entire companies and government agencies shut down for days thanks to WannaCry and NotPetya, sometimes costing a single organization hundreds of millions of dollars. And things haven’t gotten that much better recently.

For example, in March 2018, the city of Atlanta fell victim to ransomware that brought city services down (airport Wi-Fi, online bill pay systems, police warrant systems, job application forms, and more) and forced many employees to shut down their systems for five days. Similar attacks have been launched against cities in the U.S. and around the world.

A ransomware security poll

There isn’t one magic bullet that can solve all IT security problems. Instead, companies must employ a layered strategy to reduce the risk of a ransomware infection. But are all security measures created equal?

Ideally, organizations would be able to follow all security best practices; in reality, however, organizations have to prioritize. Here’s our question: If you landed in a brand new environment and had to choose, where would you start or focus your security efforts? That is, which security measures do you think are most important / are most effective when it comes to fighting ransomware?

Pick your favorites in our anonymous poll below (you can choose up to three options) and join the conversation in the comments!”

The poll asked: “What security measures are most effective in fighting ransomware?” and 2209 IT pros answered, including me which are the bolded options:

Spiceworks_Poll_results

 


I strongly suggest you get a quote for new-school security awareness training for your organization and find out how affordable this is. You simply have got to start training and phishing your users ASAP. If you don’t, the bad guys will, because your filters never catch all of it. Get a quote now and you will be pleasantly surprised.

Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/kmsat_quote-request_partner?partnerid=0010c00001wis6gAAA

If you would like to test out some free cyber awareness training tools, please visit our landing page: http://downloads.primetelecommunications.com/CyberAwareness-Free-Tools

If you want to be really proactive, we can run a free Dark Web search for your company domain and tell you how many of your domain emails are on over 600,000 sites on the Dark Web- and tell you the email address, the password and the date it was discovered. http://downloads.primetelecommunications.com/Dark-WeB

 

Advertisements

The Latest Round Up of Data Breaches for March 2018 and up to April 4 2018

Here is the latest round up of data breaches that can compromise your network’s credentials. As you know, after the data is stolen, it appears on the Dark Web for sale. Whereas individuals should use products like LifeLock or Experian; IT managers/CISOs/CFO’s for small and midsize businesses can use our Dark Web search for free to see if they are compromised. http://downloads.primetelecommunications.com/Dark-WeB. 

If you find that you have credentials exposed, we can help you by monitoring and educating your end users.

Warning:

We do not recommend that you access the Dark Web on your own. Exploring this hidden network of sites without the necessary expertise is extremely dangerous and can expose you, your network, company and data to a large number of threats. Let experienced professionals specializing in cyber security help you access the necessary intelligence to safely bolster your defenses.


 

  1. MyFitnessPal

Date Occurred: February 2018

Date Disclosed: March 2018

Data Compromised: May include usernames, emails addresses, and hashed passwords. Payment information NOT affected.

How it was Compromised :  Unauthorized party access

Customers Impacted: 150 million users

Attribution: None at this time

Business Risk: Moderate (Data Exploit, Compromised Credentials, Weak Encryption)

Since motivation is unknown at this time its hard to determine how the data may be used and its direct impact on individuals compromised. The data set holds 3 key data elements: Email, Username and Password.  “Most” Password were encrypted using becrypt, however, it appears a large percentage were simple SHA-1. Financial data was collected and housed separately, a solid best-practice.

https://www.cnbc.com/2018/03/29/under-armour-stock-falls-after-company-admits-data-breach.html

  1. Ohio Applebee’s

Date Occurred: December 6, 2017 – January 2, 2018

Date Disclosed: March 2, 2018

Data Compromised: Certain guests’ names, credit or debit card numbers, expiration dates and card verification codes processed during limited time periods could have been affected.

How it was Compromised: Unauthorized software placed on the point-of-sale system at certain RMH-owned and -operated Applebee’s restaurants was designed to capture payment card information and may have affected a limited number of purchases made at those locations.

Customers Impacted:  Only impacted stores within the RMH network of restaurants and not the broader Applebee’s network.

Attribution:  None at this time

Business Risk: Low (POS exploit, Regional)

This POS compromise was regional in scope and would have more of a direct impact to individuals rather than businesses. We will continue to monitor for chatter/ uptick in online financial fraud levering this data set.

https://www.rmhfranchise.com/dataincident/

  1. Boeing

Date Occurred: Early 2018

Date Disclosed:  March 2018

Data Compromised: Not disclosed at this time

How it was Compromised : “Limited intrusion of Malware” WannaCry, Supply Chain

Customers Impacted: “A small number of systems”; older systems

Attribution: Nation State leanings. WannaCry, Crypto-malware

Business Risk: High (External / Persistent Targeting, Crypto, Vulnerability Exploit)

Although Boeing is publicly downplaying its impact, the company called for a sent company-wide alert calling for “All hands-on deck.” Its apparent that the infections caused major disruptions to airplane production and significant internal resources were spent on determining downstream impacts.

There has been significant chatter regarding alternate payload distribution and kill switch circumvention.  Boeing most certainly would have beefed up its resiliency to WannaCry after its initial outbreak in 2017.  This suggests that supply chain access to Boeing core systems was exploited to deliver the payload.

https://www.seattletimes.com/business/boeing-aerospace/boeing-hit-by-wannacry-virus-fears-it-could-cripple-some-jet-production/

  1. Active.com

Date Occurred: December 2016 – September 2017

Date Disclosed: March 2018

Data Compromised: PII used in registration/checkout process for races

How it was Compromised: Unauthorized access by 3rd parties

Customers Impacted: Potentially hundreds of runners in Great Britain affected; full affects not known.

Attribution: None at this time

Business Risk: Low (POS exploit, Regional)

Small scale POS exposure impacted several hundred individuals in the UK.  3rd party intel firms suggest data has been sold on dark web markets in TOR. However, we have not validated the sale or exploit of this data as of 4/2/18.

https://www.runnersworld.co.uk/events/credit-card-details-from-runners-potentially-at-risk-in-a-security-breach

  1. Loganville, Gwinnett County, GA

Date Occurred: March 15, 2018

Date Disclosed: March 2018

Data Compromised: May include PII such as social security numbers and/or banking information

How it was Compromised: City server breached by outside person or entity

Customers Impacted: Specifics unknown

Attribution: None at this time

Business Risk: Moderate (External / Persistent Targeting, Vulnerability Exploit)

The city’s announcement on Facebook suggest that its systems were left open to public access. It has yet to be determined/ disclosed if access was the result of an individual leveraging default password access or if systems were left unpatched and open to automated exploit. It does not appear to be related to the City of Atlanta’s Samsam ransomware compromise from March 22.

https://www.wsbtv.com/news/local/gwinnett-county/metro-atlanta-city-reports-its-own-data-breach-warns-customers/722204765

  1. Baltimore 911 Dispatch System

Date Occurred: March 24-25, 2018

Date Disclosed: March 2018

Data Compromised: Hack affected messaging functions within the Computer Aided Dispatch (CAD) system which supports 911 and 311 functions in the city.

How it was Compromised : Crypto-malware hack prompted temporary shutdown of automated 911 dispatching services and forcing reversion to manual operations

Customers Impacted: Specifics unknown

Attribution: Unknown actors – assumed Eastern European, Crypto-malware

Business Risk: Severe (External / Persistent Targeting, Human Error, Vulnerability Exploit)

Attack shows constant scanning and targeting of public sector systems.  Attackers performed an automated scan of the city’s firewall/ ports within a few hours of a technician manually changing firewall settings on the its computer-aided dispatch system.

https://technical.ly/baltimore/2018/03/28/cyber-breach-baltimores-911-dispatch-system-investigation/

  1. Orbitz

Date Occurred: October 1, 2017 – December 22, 2017

Date Disclosed: March 1, 2018

Data Compromised: Potentially wide range of PII including full names of customers, credit card numbers, birth dates, phone numbers, mailing addresses, billing addresses and email addresses.

How it was Compromised: Hackers able to breach one of the company’s legacy booking platforms to access records that cover dates between January 2016 – December 2017.

Customers Impacted: Orbitz customers and potentially customers who used Amextravel.com to book.

Attribution: Unknown actors

Business Risk: High (Vulnerability Exploit, potential for widespread online fraud)

It took Orbitz almost 3 months to discover that attackers exploited a legacy version of their travel booking platform between October 1, 2017 and December 22, 2017.

Data impacts more than 880,000 individuals.  The string of PII compromised combined with business itinerary information provides the ability to effectively social engineer impacted individuals.  Individuals should proactive monitor their personal data for misuse.

https://thehackernews.com/2018/03/expedia-data-breach.html

  1. Hudson’s Bay Co. (Saks /Lord & Taylor)

Date Occurred: “Preliminary analysis” found credit card data was obtained for sales dating back to May 2017

Date Disclosed: April 1, 2018

Data Compromised: Hackers stole information for more than 5 million credit and debit cards used at Saks Fifth Avenue, Saks Off 5th and Lord & Taylor stores. Cards used for in-store purchases. “No indication” online purchases were affected.

How it was Compromised : Not known at this time.

Customers Impacted: The breach likely impacted more than 130 Saks and Lord & Taylor locations across the country, but the “majority of stolen credit cards were obtained from New York and New Jersey locations.”

Attribution: Hacking syndicate JokerStash or Fin7 began boasting on dark websites last week that it was putting up for sale up to 5 million stolen credit and debit cards. The hackers named their stash BIGBADABOOM-2.

Business Risk: High (POS compromise, potential for widespread online fraud)

Chatter about data sets began to surface 2 weeks back but were largely discounted.  The Joker’s Stash site has been touted several comprehensive sets of validated credit card data going back to 2016 including Hilton and BeBe Stores.

The data set contains more than 5 million credit and debit cards (all card types with complete data strings). This data set will produce significant online credit and debit card fraud.  Any organization running ecommerce platforms are urged to add additional card validation requirements until card issuers are able to invalidate all cards identified in the harvest.

https://www.nytimes.com/2018/04/01/technology/saks-lord-taylor-credit-cards.html 

  1. ATI Physical Therapy

Date Occurred: Unknown – discovered in January 2018.

Date Disclosed: Early March 2018

Data Compromised:  ATI Holdings discovered in January that some employees’ direct deposit information had been changed in its payroll system. At least one of the hacked email accounts included patient names, birth dates, driver’s license numbers, Social Security numbers, credit card numbers, diagnoses, and medication and billing information, among other data.

How it was Compromised: May have been compromised after hackers got ahold of email accounts belonging to the Bolingbrook, Illinois-based chain’s employees.

Customers Impacted: As many as 35,000 patients of ATI Physical Therapy and its subsidiaries. ATI Physical Therapy has more than 100 clinics in Illinois and hundreds of others across 24 other states.

Attribution:  Not known at this time.

Business Risk: High (Compromised Email Accounts, Lateral movement, Downstream Exploit)

With the hallmarks of organized crime, this compromise was able to extract and manipulate both employee and customer data.  The downstream impacts are widespread and will have adverse impacts on impacted individuals.  Privilege access was leveraged to re-route banking information and extract comprehensive medical records/ data sets on thousands of patients.

This is a devastating compromised that allowed attackers to move laterally within their victim’s network for an undetermined length of time.

https://www.hipaajournal.com/ati-physical-therapy-data-breach-impacts-35000-patients/

  1. CareFirst

Date Occurred:  Unknown
Date Disclosed: Discovered March 12, 2018; disclosed late March 2018

Data Compromised:  The breached email account allowed the attackers access to the employee’s emails, the attack could have compromised personal information on about 6,800 CareFirst members — including names, member identification numbers and dates of birth. The company said the information did not include medical or financial data. CareFirst also disclosed, in the case of eight members, social security numbers may have been compromised.

How it was Compromised : CareFirst employee was the victim of a phishing attack, which compromised their email account. In this case, the compromised CareFirst email account was used to send spam messages to an email list of individuals, which the insurer said were not associated with CareFirst.

Customers Impacted: Potentially 6,800 CareFirst members

Attribution: Not known at this time.

Business Risk: High (Phishing, Compromised Credentials)

Well-crafted Phishing attack harvesting compromised credentials. Expect more information on this compromise to surface in the coming week. The public response to this compromise falls inline with how most large organizations are messaging their exposures. It’s becoming common place for organization generalize the numbers impacted to minimize negative public reaction.

https://www.databreachtoday.com/carefirst-bluecross-blueshield-hacked-a-8248

11. DELTA Airlines

Date Occurred:  Unknown
Date Disclosed: Discovered March 12, 2018; disclosed late March 2018

How it was compromised: [24]7.ai–a company that provides online chat services for a variety of companies including Delta–was involved in a “cyber incident.” This cyber incident allowed Delta customer payment information to be accessed during the period from September 26, 2017 to October 12, 2017

https://www.inc.com/peter-economy/delta-air-lines-just-revealed-stunning-data-breach-and-your-payment-information-may-have-been-exposed.html

Prime Telecommunications Partners with ID Agent to Heighten Cybersecurity

 

Prime Telecommunications, a leader in managed technology services, announced today that the company has partnered with ID Agent, to enhance the security of SMBs (small to mid-sized businesses) across the nation. ID Agent and this partnership will enable business owners, to prevent identity theft and thwart cybercriminals from gaining access to sensitive data.

“We’re thrilled to announce this partnership. It’s going to have a huge effect on the business owners we serve,” stated Vic Levinson, President of Prime Telecommunications. “This partnership allows business owners to get a very clear and immediate picture of how their cybersecurity is currently performing. When owners are made aware of the threats and risks that are facing their business, they’re capable of bringing in the right infrastructure to protect themselves from cyber-attacks. This partnership is so important because it gives a very clear picture of the company’s risks.”

The partnership between Prime Telecommunications and ID Agent will combine human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor an organization’s compromised or stolen employee and customer data. Business owners will receive real-time alerts, so they can focus on running their organizations. This partnership will not only allow businesses to monitor the dark side of the web, but it also provides the option to monitor an organization’s supply chain, third party partners and vendors that may have access to sensitive data, as well.

“At the end of the day it’s all about protecting employees who don’t realize the threats they face when executing their day-to-day responsibilities,” added Levinson. “Employees who spend time browsing the Internet, who share their email passwords freely, or use unsecured, cloud-based tools to do their work may not necessarily realize all of the potential vulnerabilities facing their network. We consider it to be our duty to educate the marketplace on these types of solutions to prevent as many cyberattacks from happening as possible.”

 

About ID Agent

ID Agent provides Dark Web monitoring and identity theft protection solutions, available exclusively through the reseller channel, to private and public organizations and millions of individuals at risk of cyber incidents. Its flagship product, Dark Web ID, delivers Dark Web intelligence to identify, analyze and monitor for compromised or stolen employee and customer data, mitigating exposure to enterprise clients’ most valuable asset – their digital identity. The company’s SpotLight ID provides personal identity protection and restoration for employees and customers while enhancing their overall cybersecurity awareness as well as further safeguarding corporate systems.

Onsite Business Telephone Systems R.I.P. 1930-2016

Do I want to manage an email server? How about a CRM server? Or any server…

No thank you.

The same principles apply to onsite telephone systems:

Top 5 reasons business are tossing out the onsite telephone system and
moving over to Cloud Solutions.

1- They age fast – I have been in telecom for 25 years and have seen 3
generations of onsite phone systems (Nortel Norstar, Nortel BCM1000,
Nortel BCM450) that required fix, upgrade and inevitable replacement.
The reason for this  is that technology changes so fast that  the
servers  powering the “phone system” cannot handle the advancing
features and functionality.

2- Breakage – “But our system is 15 years and we have never had a
problem” … If this is your business you are on borrowed time. All
electronics have a lifespan it is just a matter of time before you’re
frantically calling around looking for a replacement while your
customers call in and get a busy signal.

3- Scalability  – Onsite phone systems are sized at time of sale,
showing you 10 year return on upfront investment  for example. How
great that was, until your business changed and decided to grow.
Expansion  can stem  from organic growth, or perhaps you buy a new
business , add more locations etc. Nobody told you about this up front
but … onsite phone systems have limited scalability.

4- Complexity – If the words , VPN, Private tunnel, vmware, hyperV,
Session Border Controller, SIP trunks, one-way audio, resources,
servers, intimidate you, then  it’s a good thing you’re reading into
this. If it takes someone an hour on a whiteboard to explain the setup
in everyday language you’ll have found yourself in a  dark place of
onsite phone system complexity!

5. User & Admin friendliness -Ease of use was forgotten with Onsite
Phone systems. Over the years, feature upon feature was added but
nobody ever stepped back to say “hey this is looking a little crazy to
manage”… “is all this going to fit?” .

R.I.P. Onsite Business Telephone systems!!

1930-2016

Let’s stop phishing and go fishing!

Phishing fishing

Summer is a time for having fun. I happen to love fishing. However, in the world we live in today, fishing gets no news – and phishing gets all the news. In order to provide some useful information of the various types of phishing attacks, I want to share an excellent posting from the Malwarebytes Blog here. Wendy Zamora did an excellent job of going through the various types of phishing attacks that you must learn to recognize. The recent events nationally and internationally show the importance of being able to recognize a phishing email. Events with the DNC, corporate data breaches and the like are gaining widespread notoriety on a daily basis – news stories are abundant. This post is required reading – so please share it with your employees, coworkers and family members. Another targeted group is senior citizens using computers- so please make sure that you share this with older family members and friends. All of our clients who are on our managed services plan for remote monitoring and maintenance, get the premium version of Malwarebytes  included with their monthly remote monitoring package. If you are interested in learning more about how we help with PCs and networks for your business- either click here or give us a call at 847 329 8600.

Posted: June 26, 2017 by 
Last updated: June 23, 2017

Dear you,

 It appears you need to update your information. Click here to tell us all your secrets.

 No really, it’s totally safe. We’re not going to steal your identity, we swear.

If only phishing attempts were that obvious.

Instead, these days it’s hard to tell a phish apart from a foul, if you catch my drift. Modern-day phishing campaigns use stealthy techniques to target folks online and trick them into believing their messages are legit. Yet for all its sophistication, phishing relies on one of the basest of human foibles: trust. Detecting a phish, in its various forms, then requires you to hone a healthy level of skepticism when receiving any kind of digital communication, be it email, text, or even social media message. In order to understand how we got here, let’s go back to the first instance of phishing.

The Nigerian prince and early phishing

Back in the early days of the Internet, you could marvel at your “You’ve Got Mail” message and freely open any email that came your way. You’d get one email a day, tops, from your new best friend you met in the “grunge 4EVA” chat room. There was no such thing as junk email. The only promotions you received were CD copies of AOL in the snail mail. It didn’t cross your mind that going online could bring about danger.

Then came the Nigerian prince.

Unfortunately, where innovation and progress lead, corruption and crime will inevitably follow. One of the nation’s longest-running scams, the Nigerian prince phish came from a person claiming to be a government official or member of a royal family who needed help transferring millions of dollars out of Nigeria. The email was marked as “urgent” or “private,” and its sender asked the recipient to provide a bank account number for safekeeping the funds. Gone were the innocent days of trusting your inbox.

Over the years, the Nigerian prince scam has fooled millions, raking in hundreds of billions of dollars. Why has this scam been so successful? Simple. It uses a time-honored criminal technique—the ole bait and switch—to fool folks into believing that they are being contacted by a legitimate organization with a legitimate concern. Threat actors use this social engineering method to trick unwilling participants into clicking on malicious links and handing over personal information. The end goal, as with most cybercrime, is financial gain.

Phishing attacks aim to collect personal data—including login credentials, credit card numbers, social security numbers, and bank account numbers—for fraudulent purposes. The attack is most commonly delivered as an email communication that spoofs a known enterprise, such as a bank or online shopping site, but it can also appear to come from an individual of authority or of personal acquaintance. These emails always contain a link that sends users to a decent facsimile of a valid website where credentials will be collected and sent to the attacker, instead of the supposedly trusted source. From there, the attacker can exploit credentials to commit crimes such as identity theft, draining bank accounts, or selling personal information on the black market.

“Truth be told, phishing is the simplest kind of cyberattack and, at the same time, the most dangerous and effective,” says Adam Kujawa, Director of Malware Intelligence. “That is because it attacks the most vulnerable and powerful computer on the planet: the human mind.”

The evolution of phishing

While the Nigerian prince attack vector remains in use today, most savvy Internet users can now spot this scam a mile away (hence the multitude of memes that have popped up over the years). The campaign has lost its edge and fooled way fewer users. Plus, email technology has progressed so that spam filters readily pick up on this phish and block it. And this is why cybercriminals have had to advance their tactics.

fry phishing

“Phishers had no other choice but to evolve and improve on where they fell short,” says Jovi Umawing, Malware Intelligence Analyst at Malwarebytes. “Nowadays, most sophisticated modern-day phishing emails are so polished and well-designed that one cannot easily differentiate them from legitimate ones.”

Case in point: Recent phishing campaigns have had great success impersonating big-name companies and fooling big-name recipients. In May 2017, a phishing email targeted one million Gmail users by purporting to be from a contact sharing Google Docs. In Minnesota alone, state employees were scammed out of $90,000 due to the Google Docs fiasco. Hillary Clinton’s campaign manager for the 2016 presidential election, John Podesta, famously had his Gmail hacked and subsequently leaked after falling for the oldest trick in the book—a phishing attack claiming that his email password had been compromised (so click here to change it).

So how can we learn from these lessons? Let’s start by identifying the different types of phishing in use today.

Types of phishing

The most basic and commonly seen type of attack, of course, is the phishing email. Phishing emails are sent to a group of users who are unique enough to be used as bait but broad enough to ensnare a large number of people. The point is to cast as large a net as possible. In contrast, other forms of attack are much more targeted.

Spear phishing, as might be gathered from its title, usually targets a specific person or organization. Since these types of attacks are so pointed, phishers scour the Internet for available information about their target in order to craft a believable email to extort information (if not money) from victims.

Whaling is a form of spear phishing directed at executives or other high-profile targets within a business, government, or other organization, such as a CEO, senator, or someone who has access to financial assets. CFO fraud is an example of whaling.

Smishing, short for SMS phishing, is carried out via SMS text messaging on mobile devices. A similar technique, vishing, is voice phishing conducted over the phone.

Pharming, also known as DNS-based phishing, is a type of phishing that involves the modification or tampering of a system’s host files or domain name system to redirect requests for URLs to a fake site. As a result, users have no idea that the website they are entering their personal details into is fake.

Content-injection phishing is when phishers insert malicious code or misleading content into legitimate websites that instructs users to enter their credentials or personal information. This type of phishing is a form of content spoofing.

Man-in-the-middle phishing happens when phishers position themselves between people and the websites they use, such as a social networking sites or online banks, to extract information as it’s being entered. This type of phishing is more difficult to detect because attackers continue to pass on users’ information (after collecting it) so as not to disrupt any transactions.

And finally, search engine phishing starts off when phishers create malicious websites with attractive offers, and search engines index them. People then stumble upon such sites doing their own online searches and, thinking the sites are legit, unknowingly give up their personal information.

There truly are a lot of phish in the sea.

So, if your head isn’t completely swimming in fish puns, it’s time to talk about how to train your eye and your gut to sniff out the various forms of phishing attacks. I asked Labs researchers to tell me their top indications that an email, text, or other form of communication is a phish and compiled a list of their, and my, recommendations.

Something’s phishy if:

  • The email, text, or voicemail is requesting that you update/fill in personal information. This is especially dubious if it’s coming from a bank or the IRS. Treat any communication asking for your credentials with extra caution.
  • The URL shown on the email and the URL that displays when you hover over the link are different from one another.
  • The “From” address is an imitation of a legitimate address, especially from a business.
  • The formatting and design are different from what you usually receive from an organization. Maybe the logo looks pixelated or the buttons are different colors. Or possibly there are weird paragraph breaks or extra spaces between words. If the email appears sloppy, start making the squinty “this looks suspect” face.
  • The content is badly written. Sure, there are plenty of wannabe writers working for legitimate organizations, but this email might seem particularly amateur. Are there obvious grammar errors? Is there awkward sentence structure, like perhaps it was written by a computer program or someone whose second language is English? Take a closer look.
  • Speaking of content, a phishing email almost always sounds desperate. “Whether they’re claiming that your account with be closed, an urgent request is needed, or your account has been compromised, think twice before double-clicking that link or downloading that attachment,” says Umawing.
  • The email contains attachments from unknown sources that you were not expecting. Don’t open them, plain and simple. They might contain malware that could infect your system.
  • The website is not secure. If you do go ahead and click on the link of an email to fill out personal information, be sure you see the “https” abbreviation as well as the lock symbol at the beginning of the URL. If not, that means any data you submit is vulnerable to cybercriminals. (If the link is malicious, Malwarebytes will block the site.)

If you suspect or can verify that you’ve been phished, it’s best to report the attempt directly to the person or organization being spoofed. You can also contact the Federal Trade Commission (FTC) to lodge a complaint. Once completed, delete the email, then empty your trash. (Same goes for texts.)

Now the next time someone attempts to scam you with fraudulent emails, you won’t have to wonder if the message is for real. You’ll scope out a phish hook, line, and sinker.

Cloud-Based File Storage Programs Enhance Business Collaboration, Safety and Simplicity

 

It’s become quite clear to us how valuable collaboration is to the health of a business in today’s marketplace. Today’s businesses cannot afford to have staff waiting around, in order to get access to the tools they need, so they can do the job.

As businesses grow from small teams to larger organizations, there is a growing need to communicate and collaborate effectively. The problem that central data storage solves is that it gives everyone on the team the ability to immediately retrieve, backup and share mission-critical files in real-time. Salespeople no longer need to wait around for support staff to send them follow-up files for customer contact. Managers can instantly access subordinate data in order to make sure that work is getting accomplished. In sum, everyone can get what they need, when they need it, wherever they are, without having to wait on other people.

 

When evaluating cloud-based data storage services, two primary concerns for businesses are security and ease-of-use. One of the pioneers of cloud-based data storage, Dropbox.com, is clearly a simple-to-use solution, yet they lack in security. According to Business Insider, “Nearly 7 million Dropbox usernames and passwords have been hacked, apparently via third-party services that hackers were able to strip the login information from.”  This security breach has huge implications for other off-the-shelf data solutions in that they lack the foundational feature of data storage technology; it must keep your company data safe

 

The second key factor is to examine a solution’s simplicity and ease-of-use. With many providers data storage can be set up at a secure physical location and a central file repository can work well within the confines of an office. Unfortunately, this falls short for the “71 percent of businesses who require technology that enables their staff to work anywhere, at any time.” Solutions that are cloud-based and work independently of employee location are clearly superior.

 

At Prime, we have a number of excellent data storage solutions available for business users. Feel free to reach out to us and let’s get the conversation started.

Your Step by Step Guide to Mitigating and Preventing a Ransomware Virus in your Small/Medium Business

With the recent epidemic of ransomware viruses (up over 600% in 2016 and with the newest batch of exploits wreaking havoc internationally), I thought it would be a good idea to go through the basic guidelines for mitigating and containing ransomware for your small to mid sized business. There are plenty of additional pieces to putting this together completely so please reach out to me if you would like some assistance. Some of these are simple recommendations and this is by no means a complete list. But, then again, eat healthy, exercise regularly and don’t smoke are simple recommendations – and if you don’t follow them, you know what to expect.

  1. Use a reputable multi vector end point security – Use anti virus programs like Webroot/Kaspersky/McAfee/Avast. Don’t be penny wise and pound foolish. Buy a proper license for each machine. Keep it updated for all new definitions. Keep it current and get one that is constantly being updated. No one program is going to be 100% effective. Also, make sure that you have a program that detects malware. Malwarebytes Premium is my favorite. Again – go for the full paid version and don’t try to cut corners on freemium or freeware versions. An ounce of prevention is worth a pound of cure.  You need protection that is going to detect phishing from spam, detect unsafe websites and web browser protection.
  2. Put strong back up procedures in place– you should have back ups in place with a return point objective that you can live with. That means that you should have back ups both onsite on a device and in the cloud. Both of the back ups should be constantly tested for verification and the process should be monitored. When this is successfully in place, in case of an outbreak, you can restore to the last back up that was unaffected. Please note: tape drives, USB sticks, and removable hard drives are not adequate for business applications. You need a proper belt and suspenders- a properly sized on premise device that is backed up to the cloud.
  3. Make sure that you are updating your operating system and plug ins regularly – the current round of ransomware is exploiting unpatched and un-updated Windows vulnerabilities. We update our clients with whitelisted patches and updates from Microsoft. Make sure that you are constantly updating your operating system. Make sure that you are scheduling your updates properly- for all of your computers and all of your devices. Make sure you update all of your computers- even those that you may use less frequently. For example, we use micro pc’s in our conference room- for use with our large screen monitors. All of those units must be updated regularly.
  4. Make sure that your firewall is regularly updated and maintained– your firewall should be under contract and updated with the very latest definitions. Your firewall is all that stands between you and the virus filled Internet. We recommend Watchguard because it is constantly being updated and maintained – and it includes best of breed components that would be too expensive to buy separately bundled in.
  5. Disable autorun- make sure that you disable autorun for everyone!!Yes, autorun is useful. Yes, it is also used by viruses and malware to propagate itself throughout a network. In these dangerous times, disable it.
  6. Stop making everyone an Admin!! – administrators should be admins. However, if you give everyone admin rights, you open yourself up to more damage. User should be users and admins should be admins. Period.
  7. Enforce secure passwords– believe it or not, people use stupid passwords. Enough with stupid. If you want to get infected, use a simple password. If you don’t use a secure password (strong with characters, alphanumeric and symbols). Better yet, have your users get a password manager app.
  8. When relevant, encourage the use of two factor authorization– if you have compliance requirements (HIPAA or PCI) definitely use two factor authorization.
  9. Disable RDP– remote desktop protocol is used by all sorts of viruses and malware to gain access. If you don’t need it or don’t know what it is, disable it.
  10. Educate EVERYBODY– even if your office is a handful of people- but especially if you have less sophisticated users- education of the threat is important. Your staff should know what phishing, spear phishing and how to recognize and avoid suspicious emails. Incorporate this into your onboarding of new employees or have a meeting about this. If you would like a recommendation for videos, send me an email and I will send you a recommended list. Along with that, add pertinent sections to your employee manual about bringing your own device onto the network, using “free”USB drives, and clicking on links in emails.

Like I said, this is by no means a comprehensive list. I have learned Mark Twain may have had the last word. “It’s not what you know that gets you in trouble, it’s what you know for sure that just ain’t so”. The world of viruses and malware is changing. Yesterday’s method may be overcome in an instant and you have to keep on top of it. If you need help- just let me know!

 

The Feds just wiped out your online privacy…

Your ISP, browsing history, and what to do about it

Your ISP, browsing history, and what to do about it

Posted: April 4, 2017 by

In late March, Congress approved a bill lifting restrictions imposed on ISPs last year concerning what they could do with information such as customer browsing habits, app usage history, location data, and Social Security numbers. They additionally absolved ISPs of the need to strengthen their existing customer data holdings against hackers and thieves. For more on the particulars of the bill, you can see reports on the Washington Post and Ars Technica. Given that the repealed restrictions hadn’t yet come into effect, the immediate impact of the new bill is somewhat unclear. But given what typically happens with massive stores of aggregated, location-specific customer data, the prognosis is not good.

So what’s the worst that can happen? Let’s run through a few probable outcomes:

Ad retargeting

We all might be familiar with this; when we buy a product online and then see ads for it relentlessly for a couple weeks thereafter. But with increased granularity of metadata, ad retargeting can be significantly more ‘effective.’ As an example, certain tech support scam companies prefer to draw their staff directly from complicit drug detoxes and rehabs, largely in order to ensure a compliant, desperate employee base. So the next time someone searches for help with an intractable heroin addiction, they might get targeted ads for unlicensed rehabs that come with a new job opportunity of scamming the elderly. Perhaps if my browser history correlates to those of low income or unemployed people, my ads would fill with work from home scams. Or low literacy search phrasing, in conjunction with low income, could get me directed to multi-level marketing scams. There are a cornucopia of ways to target the weak and vulnerable via metadata and it’s both legal and profitable.

 

Stalking

As we can see with many domestic violence cases, abusers have no compunction against using technology to stalk and harass their victims. A 2014 article by NPR surveyed a series of domestic violence shelters and found 75% of their clients had dealt with abusers monitoring them remotely using hidden mobile apps. Some ill-conceived apps have linked multiple sets of user data together, to create inadvertent ‘stalking apps’. Once search metadata is openly sold, a person suffering domestic abuse would have a hard time searching for a local shelter without their partner knowing about it. Even with new homes and new identities, a victim would have to live with the fear of their search patterns combined with IP address identifying them, permanently. Stalking via metadata has been seen as an issue before and it will most likely happen again.

 

Browser History Ransom

We’ve seen doxware in the wild before. But when the barrier to entry is lowered to simply having enough money to purchase the incriminating data in question, why wouldn’t more criminals get in on the game? As seen with ransomware and tech support scams, when technical limitations to a crime are removed, people willing to try it multiply exponentially. Ransoming a victim’s browser history would seem to be easy money.

 

Time to Breach

Essentially, once this data begins to be collected, stored, and prepared for sale, there is a stopwatch set for time to breach and dissemination of your data to the highest bidder on the dark web. Think that’s hyperbolic? In 2015 Comcast published the personal data of almost 75,000 California customers due to operator error. In a separate incident in the same year, 200,000 Comcast customers had their data sold on the dark web. In 2014, Comcast hadn’t patched their mail servers adequately and hackers made off with extensive credentials. Not to be outdone, Time Warner had their customers breached in incidents here and here. Cox Communications paid the FCC a $595,000 fine for breach of its customer data. Given the track record of handling customer data thus far, how long until the next breach?

But this is bad and I don’t want this?

Although options are limited and sometimes frustrating, there are some things you can do. To combat ad retargeting, an ad blocker works quite well. It’s awfully tough to be taken in by deceptive or fraudulent, or just too intrusive advertising if you can’t see it. However, many of the most reputable news sites rely on advertising for revenue, so they ask users to disable ad blockers in order to access content. This doesn’t really address the issue of shadowy third parties doing untoward things with your data, which brings us to…

Virtual Private Networks (VPNs)

Here be dragons, though, because many VPN providers are no more trustworthy than the ISPs that we all love so dearly. If you go to a VPN review site you can see the latest VPNs and how they stack up on quality criteria, which generally include, but are not limited to:

  • Do they keep logs of your activity?
  • How much identifiable data do they keep on you?
  • Do they have physical control over their own VPN servers?
  • What countries are their servers located in?

Check out some reviews of popular VPNs based on answers to these questions here. Another question that you should be asking is how much a VPN costs. Free ones generally find some unsavory ways to monetize your traffic, which is what you’re trying to avoid to begin with.

HTTPS Everywhere

This is a browser extension published by the Electronic Freedom Foundation. It forces websites to use a more secure HTTPS connection when the website supports it. Encrypting traffic in this way does not protect the specific websites you visit from your ISP, but it does obfuscate specific content that you’re accessing on that page. And as a browser extension, it’s fairly easy to install, and probably falls under the category of things you should be doing anyway. If you want to find out more about HTTPS Everywhere, check out their FAQ here.

Calling your congressman

Privacy is a developing issue. As technology advances, its ability to infringe on our privacy in irritating and sometimes dangerous ways can increase. Letting your representatives know that this is a concern can help prevent worse legislation in the future. If you’d like to make your opinion on online privacy known, you can find your representatives here and here.

In conclusion, strong online privacy can sometimes be an inconvenience for those of us trying to catch cybercriminals. But its loss hurts all of us. Whether you have ‘something to hide’ or not, your data and your identity belong to you. Why shouldn’t you control how it’s used?

Prime Telecommunications Leverages State-of-the-Art Cybersecurity Techniques and Tools to Protect Customers

Prime Telecommunications, Inc., a leading provider of unified communications, announced today that the company is leveraging state-of-the-art cyber security techniques and tools to protect customers from cyber attacks that have become a daily occurrence in the small to mid-sized business marketplace. The company has been at the forefront of cybersecurity for many years and has taken their expertise to an entirely new level, well beyond their competition. Prime Telecommunications protects businesses from several key cybersecurity threats.

The first threat facing organizations is phishing. Phishing is essentially, using fake links to lure users into offering up sensitive information, by posing as an authority. Hackers can embed malicious links into emails, attachments or images, which usually lead to another page that requests the sensitive information, which will later be used against the user. One of the most creative ways hackers have found to attack SMBs is to call in and impersonate IT staff or Network Administrators, asking for specific information off the employee’s computer to resolve a potential “virus.” The employee will usually comply and supply the information, giving the hacker the exact keys they need to infiltrate the system.

The next area of concern is mobile security. As web traffic continues to migrate from PC to mobile, hackers have followed suit by redirecting their efforts to mobile attacks, as well. At an organization, whereby users are encouraged to BYOD (bring-your-own-device) to the network, this increases the exposure for network attack exponentially. SMBs need to be on the lookout for attacks from third party apps, mobile malware and unsecured public Wi-Fi locations. For example, employees will use their phone at an unsecured Wi-Fi hotspot to work but they won’t realize that the network is rigged to enable hackers with easy access to sensitive apps, data and information on any phones connected to that particular unsecured Wi-Fi hotspot. In many cases, users will be attacked without even realizing that the attack has happened.

The last area for an SMB to monitor is malvertising. This threat is where hackers embed malware within advertisements, landing pages or even directly on reputable websites. Sites that offer advertising on a massive scale, such as Facebook, have a tough time regulating online security throughout the buying process. Facebook can do its best to ensure that the links on Facebook aren’t malicious; however, they have no access to monitoring the pages that those advertisements lead to, once the user has left Facebook. Malvertisers can embed a code on an advertisement which leads to a dummy checkout page or a fake application page, which phishes all of the sensitive information that the hacker needs to launch an attack.

“These threats all point to the importance of SMBs consulting with an expert in the cybersecurity field,” stated Vic Levinson, President at Prime Telecommunications. “We are well-equipped to deal with threats like these, in addition to the new threats that will undoubtedly arise over the coming years. For any business that leverages technology as one of its key productivity drivers, it pays to have a team like Prime Telecommunications to face the hackers of the world.”

Caveat Emptor- Buyer Beware- Get your Eyes Checked before you commit!

At a trade group meeting I met with one of my colleagues from the West Coast. He said that he had seen a lot of business coming in from getting his business listed in Yelp!. Upon returning to my office, I decided that I needed to do the same. I thought to myself “You have been doing this for 23 years. Your clients love you! This should be a no brainer!”. Well, unfortunately for me, the last five words proved to be prophetic.

As I was going through the process of getting my business listed on YELP!, I saw that they offered to boost views of your business profile if you bought advertising from them. I assumed – and we all know what happens when you assume (ass- u -me) – that it would be just like pay per click on Google or Bing. WRONG. It turned out that it was a budget that you put out and that they would bill you for regardless of whether anybody clicked on your ad or not. I use Google Analytics to monitor our site. I know where and who is referring, where people come in and where people leave. Who stays on the page and who bounces out. I monitor the Google Analytic religiously – almost with an OCD like focus. The first month, nothing. The second month, two referrals and the third month 3 referrals from Yelp. However, I didn’t think to track the results with the charges coming in on the company credit cards. OOPS! Almost $1500 in charges over three months.

It turns out that Yelp will bill your card – regardless of the result. I paid over $1500 over three months for what amounted to six leads. OUCH!

I am not one to complain when I make a bad decision. I look to collaborate and make things right. I never would dream of taking a client’s hard earned money and not doing the very best for them. As a matter of fact, when you go on Yelp- you see businesses trying to make it right with their own dissatisfied clients all over the place. I called up Yelp. Spoke to a very nice person- but guess what? They don’t have any intention of making it right. They only try to sell you more services. As a matter of fact, you can’t even review Yelp or your experiences with Yelp on their site. So much for transparency. It reminds me of the bully on the playground being bullied by others “You can dish it out but you can’t take it”. Nananana….

On the Internet, I found forums where the experience I had just had was repeated by many other businesses across the country. It was almost uncanny- everyone was pretty technical, pretty Internet SEO savvy, not new to online business, not a Luddite. Apparently, there is also no legal remedy. Yelp has been very successful in controlling the litigation against them.

So, what have I learned?

  1. Read the fine print. Don’t assume that just because something works one way on Google that it will work that way across platforms.
  2. Let the baker bake the bread. If you’re not an expert, hire an expert. They are less expensive and they are accountable for the results.
  3. Don’t let your expectations cloud your judgement. Verify and know your numbers.
  4. Don’t assume because something works one way for someone else, it will work that way for you.
  5. Make sure you have an exit strategy if something happens know who you are going to call and what they can do for you.

Now, I really feel that everything happens for a reason. I understand that what we provide for our clients answers those five criteria. We explain to our customers in plain English what are all of the terms and conditions. We are the experts when it comes to migrating our clients to cloud unified communications. We manage the expectations and know when to set them high on reliability and performance. We always verify before we cut over- we test the circuits, we measure the quality and we verify the numbers. And…if the organic matter hits the ventilation system, we always have our client’s interests in mind and will fight for them to make them happy.

So, the take away for you is: read the fine print. Make sure you understand the terms and conditions. Make sure you understand the billing model. Make sure you can hold your provider accountable.

We still continue to business in the cloud – but we work with our clients the old fashioned way. Face to face. Technology or not, it is business. A hard hitting contact sport.