Cloud-Based File Storage Programs Enhance Business Collaboration, Safety and Simplicity

 

It’s become quite clear to us how valuable collaboration is to the health of a business in today’s marketplace. Today’s businesses cannot afford to have staff waiting around, in order to get access to the tools they need, so they can do the job.

As businesses grow from small teams to larger organizations, there is a growing need to communicate and collaborate effectively. The problem that central data storage solves is that it gives everyone on the team the ability to immediately retrieve, backup and share mission-critical files in real-time. Salespeople no longer need to wait around for support staff to send them follow-up files for customer contact. Managers can instantly access subordinate data in order to make sure that work is getting accomplished. In sum, everyone can get what they need, when they need it, wherever they are, without having to wait on other people.

 

When evaluating cloud-based data storage services, two primary concerns for businesses are security and ease-of-use. One of the pioneers of cloud-based data storage, Dropbox.com, is clearly a simple-to-use solution, yet they lack in security. According to Business Insider, “Nearly 7 million Dropbox usernames and passwords have been hacked, apparently via third-party services that hackers were able to strip the login information from.”  This security breach has huge implications for other off-the-shelf data solutions in that they lack the foundational feature of data storage technology; it must keep your company data safe

 

The second key factor is to examine a solution’s simplicity and ease-of-use. With many providers data storage can be set up at a secure physical location and a central file repository can work well within the confines of an office. Unfortunately, this falls short for the “71 percent of businesses who require technology that enables their staff to work anywhere, at any time.” Solutions that are cloud-based and work independently of employee location are clearly superior.

 

At Prime, we have a number of excellent data storage solutions available for business users. Feel free to reach out to us and let’s get the conversation started.

Prime Telecommunications Leverages State-of-the-Art Cybersecurity Techniques and Tools to Protect Customers

Prime Telecommunications, Inc., a leading provider of unified communications, announced today that the company is leveraging state-of-the-art cyber security techniques and tools to protect customers from cyber attacks that have become a daily occurrence in the small to mid-sized business marketplace. The company has been at the forefront of cybersecurity for many years and has taken their expertise to an entirely new level, well beyond their competition. Prime Telecommunications protects businesses from several key cybersecurity threats.

The first threat facing organizations is phishing. Phishing is essentially, using fake links to lure users into offering up sensitive information, by posing as an authority. Hackers can embed malicious links into emails, attachments or images, which usually lead to another page that requests the sensitive information, which will later be used against the user. One of the most creative ways hackers have found to attack SMBs is to call in and impersonate IT staff or Network Administrators, asking for specific information off the employee’s computer to resolve a potential “virus.” The employee will usually comply and supply the information, giving the hacker the exact keys they need to infiltrate the system.

The next area of concern is mobile security. As web traffic continues to migrate from PC to mobile, hackers have followed suit by redirecting their efforts to mobile attacks, as well. At an organization, whereby users are encouraged to BYOD (bring-your-own-device) to the network, this increases the exposure for network attack exponentially. SMBs need to be on the lookout for attacks from third party apps, mobile malware and unsecured public Wi-Fi locations. For example, employees will use their phone at an unsecured Wi-Fi hotspot to work but they won’t realize that the network is rigged to enable hackers with easy access to sensitive apps, data and information on any phones connected to that particular unsecured Wi-Fi hotspot. In many cases, users will be attacked without even realizing that the attack has happened.

The last area for an SMB to monitor is malvertising. This threat is where hackers embed malware within advertisements, landing pages or even directly on reputable websites. Sites that offer advertising on a massive scale, such as Facebook, have a tough time regulating online security throughout the buying process. Facebook can do its best to ensure that the links on Facebook aren’t malicious; however, they have no access to monitoring the pages that those advertisements lead to, once the user has left Facebook. Malvertisers can embed a code on an advertisement which leads to a dummy checkout page or a fake application page, which phishes all of the sensitive information that the hacker needs to launch an attack.

“These threats all point to the importance of SMBs consulting with an expert in the cybersecurity field,” stated Vic Levinson, President at Prime Telecommunications. “We are well-equipped to deal with threats like these, in addition to the new threats that will undoubtedly arise over the coming years. For any business that leverages technology as one of its key productivity drivers, it pays to have a team like Prime Telecommunications to face the hackers of the world.”

Prime Telecommunications Offers Innovative Cloud Disaster Recovery Solutions

Prime Telecommunications, Inc., a leader in unified communications, announced today that it has launched a program that focuses on cloud-based data safety. This program is aimed to help small to mid-sized businesses (SMBs) to effectively store, manage, and transfer their critical business files seamlessly while simultaneously increasing the overall security of all of their business files. Whether employees are utilizing files on their servers, laptops, workstations or smartphones, this Cloud Disaster Recovery Program will change the way that business owners handle their sensitive corporate and financial information.

For those who aren’t yet familiar, disaster recovery, is a set of policies and procedures which enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster. The majority of enterprise-level organizations have recognized the blatant need for disaster recovery programs because they focus on strengthening the underlying IT or technology systems supporting critical business functions, especially in moments of need. For example, when an organization starts growing and adds on more staff, there are more possibilities for human-induced disasters or data theft. An accidental deleted or misplaced file can can cost companies dozens of hours in lost producitity. Futhermore, with more staff come more devices, which in an increasing BYOD (Bring Your Own Device) environment, means that there are more vulnerability points for hackers to enter the network. When businesses begin to scale, these productivity interruptions are no longer tolerable.

“When a business begins its growth trajectory, it’s easy to sit back and enjoy the success,” stated Vic Levinson, President at Prime Telecommunications. “We know that feeling. It’s so rewarding to see your business growth outpacing your operating expenses and all of the years of sacrifice make it completely worth it. It’s so easy to kick your feet up, relax and enjoy the fruits of your labor in that moment, however, this is precisely when businesses need to take the steps to protect themselves so they can continue to grow at that same rate. This is when they are most susceptible to virtual disasters and without a comprehensive disaster recovery plan and cloud technology that is engineered specifically to shrug off these types of disturbances, they are putting that stable growth at risk.”

In years prior, many businesses were hesitant to purchase cloud-based disaster recovery solutions because they required large, up-front capital expenditures. Prime Telecommunications’ cloud disaster recovery program breaks this pattern because its on a pay-as-you go model, so businesses only pay for what they use, enabling them to scale up and down their disaster recovery program in perfect sync with the pace of their businesses. It’s file syncing, syncing with business growth, syncing with a cost structure that makes this technology easy to implement into any growth-oriented SMB.

Eight Reasons Why Small and Mid-Sized Businesses Need Managed IT Services

Managed Networks Chicago

Managed IT services is rapidly becoming one of the hottest solutions in business today because it dramatically improves an organization’s profitability, frees up internal resources, and offers a unique competitive advantage.   Simply put, managed IT services are designed to assist companies in maintaining and supporting their network and IT infrastructure with the assistance of an outsourced managed services provider (MSP).  Types of services may include remote network monitoring, programming and reporting (24/7), firewall monitoring, intrusion detection, preventative tasks, disaster recovery, data backup and help desk support.  There are eight critical reasons why small to midsized businesses (SMBs) need managed IT services now and throughout the life cycle of their business.

Dependence On IT

Almost all businesses have become more dependent on computer technologies in the past few years.  And, it’s a rapidly changing environment.  Every business has become dependent on its IT infrastructure to perform at a high level, while effectively delivering its products or services.  As a result, it has become more difficult to maintain the expertise to properly deploy, manage, and monitor this new technology, especially as a business evolves.

Complexity

The fact that this new technology is new makes it more difficult for the average employee to understand and use effectively.  The level of demand and sophistication from today’s businesses are driving up complexity.  Distinct disciplines or specialties are emerging in a variety of technology related areas such as telephony, desktop, network, application and database support.  The breadth and depth of technology an organization requires immediately places the resources at a small to mid-sized businesses (SMBs) at a distinct disadvantage.

Insufficient Solutions

Traditional support options such as a one man IT consultant, or a one or two person in-house IT department cannot effectively handle the occasional network breakdowns that are bound to occur. This is especially true when compared to a team of external resources that  proactively monitor the SMB’s installed technology at all times.

Lack of Process

An IDC study reinforces the notion of lack of process, showing that 78% of all IT downtime is caused by change.  If you could simply eliminate change from the computing environment, you would substantially decrease the risk. Unfortunately, most SMBs lack the procedures, documentation standards, and scope of work, which often results in major disruption and downtime.

Increased Use of Technology

Increasing use of computers, new software and procedures, often leads to increased complaints and loss of productivity. Typically, when network or desktop problems arise and escalate inside a company, the response time of the one man shop or internal staff is quite slow. This dramatically increases employee complaints and lowers productivity.  In many situations employees have to wait in line to receive help.  As a result the downtime and morale will impact the organization’s bottom line as well as their ability to meet their customers’ needs.  By implementing a managed IT services program, the demand on internal IT resources are lessened, and they can now be utilized for other purposes such as directly supporting strategic business objectives rather than becoming bogged down in frequent break/fix issues.

Controlling Costs

During these challenging times, the IT budget is frequently reduced.  In a recent survey of nearly 950 IT managers at companies in North America and Europe; nearly half of the U.S. respondents said they have already cut their IT spending budgets.  Unfortunately, a cut in IT spending doesn’t mean there is a cut in demand for services.  This adds tremendous stress and pressure on internal departments to support the same amount of work with fewer resources.

Technology Erosion

Computer systems must be maintained just like any other systems used within the business. Vehicle fleets, manufacturing equipment, and the physical plant, have all moved to a preventative approach. If a company does not implement this preventative maintenance strategy for its technology components, disaster might be the unpleasant and unprofitable result.

Compliance

Finally, the technology utilized within an organization in most cases must meet specific compliance standards.  For example, a company’s business processes supported by technology may need to comply with Sarbanes-Oxely, Health Insurance Portability and Accountability Act (HIPPA), Gramm-Leach-Bliley Act (GLBA) and other requirements. Most companies don’t have the resources to fully understand and comply with all the detailed requirements of these regulations.

All of the above issues are driving the popularity of partnering with a managed IT services firm.  Companies that have made the transition already answered this question.  If deploying, managing and monitoring my IT infrastructure has absolutely nothing to do with the core competency of my business, why wouldn’t I outsource it to an expert?  This is a fairly easy question to answer and these organizations have reaped the rewards of increased profitability and a competitive advantage.

Want a honest assessment of your network? Give us a call at 847 329 8600!

4 Top IT Decisions that Business Owners/CEOs Will Have to Make in 2015

In today’s business environment, owners need to assess the advancement in all technological areas, but paying special attention to these four areas will yield exponential benefits in the next calendar year. Here are the four decisions that need to be made:

Is It Time for Me to Downsize My In-House IT Department? IT departments have long served as a vital support structure for ensuring that all business operations run smoothly. However, as more software and hardware applications migrate to “the cloud” and the number of managed services providers grows, businesses need to start taking a hard look at whether or not it is fiscally responsible for them to pay for full-time IT staff. Advancements have made it possible for remote technicians to fix computer problems off-site and run constant monitoring, management and data optimization software to improve the efficiencies of a company’s network. In many cases, entire teams are used to ensure optimum network performance, something that a single employee cannot hope to deliver consistently. As the playing field has leveled, more sophisticated tools have been developed, making this job even more competitive. In fact, many large organizations are beginning to outsource key areas of their IT operations entirely, and it is not long before outsourced IT departments are commonplace.

Downnsize IT Department

How Can I Secure My Network From Threats? With cybercrimes on the rise, more and more businesses are beginning to take proper precautions to prevent company downtime or data loss. Spyware, malware, data backup and anti-virus protection are all vital to the economic well-being of any stable business. In emergency or negligence situations, critical data loss can set teams back for weeks and put a giant damper on productivity. Many businesses are reexamining their Acceptable Internet Usage Policies (AUPs), to make sure that employees are only visiting work-related sites when at the office. These types of threats are usually found on dangerous websites, which can be eliminated entirely with simple site filtering tools that restrict access to unnecessarily volatile sites. Many companies see this need, especially in the case where businesses derive funding from institutional and private investors. These organizations are often required to spend a significant portion of their yearly budget on security enhancing technologies to make sure that all sensitive information remains perpetually protected.

Network Security

Big Capital Expenditures or Small Cloud Transition Costs? With servers and telephony shifting from the standard on-premise solution of old, to more software-centric and remote operation, many businesses are choosing to invest heavily in the transition to the cloud. The biggest driving factor behind this decision is that from a financial standpoint, most businesses want to upgrade their technology, but don’t want to create a large amount of capital expenditures, which constrain financial resources. Technologies with rental programs, or lowered total cost structures are increasingly popular because of their minimal impact on a budget. With plenty of equipment nearly obsolete, many businesses are investigating technologies which leverage a fixed-cost of ownership in their cost structure. This helps businesses avoid big capital expenditures, keeping them lean and mean for the next year.

Cloud Hosting Icon

What’s Our Policy Regarding Bring-Your-Own-Device (BYOD)? Networks are the backbone of any business. However, when employees bring their own devices onto the network, they can often disrupt the infrastructure and slow the overall speed of the network drastically. Furthermore, these devices can pose as security threats when they are not properly configured to run in concert with all of the other technology endpoints on the existing network. It’s a complex web and network design is an intricate process, which is absolutely essential to get right. Some businesses refuse to let people bring their own devices onto the network, yet the vast majority of businesses allow employees to bring their own mobile devices onto the network, as long as they are properly configured by a leading technology specialist. That way, employees can utilize the tools they feel most comfortable with, without derailing anyone else’s performance on the network.

Bring your Own Device

 

Want to know more? Need help in talking out your decisions? Give us a call at 847 329 8600 and let’s begin the discussion.

10 IT Security Questions Every Business Should Ask

In this face-paced, ever-changing, technological world, small and growing businesses must be prepared, now more than ever, to not only address the danger of cyber-security threats, but also to have the in-house expertise to implement information security programs that handle these types of issues. This means going far beyond simply having anti-virus software and creating strong passwords.

While this can sound overwhelming, every organization that intends to stay on top of and serious about security should take this into consideration. To help you get started, we outline 10 simple questions to ask yourself when establishing a strong foundation for information security programs:

1. Has responsibility and accountability been assigned for IT security and data privacy? As a business, there should always be someone in place who is designated (and qualified) as the IT Security Officer (ISO).

2. Have you identified, and do you understand, all regulations and standards that apply to you? A sampling of standards includes, but is not limited to:

  • Sarbanes Oxley (SOX)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Gramm-Leach-Bliley Act (GLBA),
  • Payment Card Industry Data Security Standard (PCI-DSS)

3. Do you have documented information security policies and procedures? Doing so will help you define goals for the organization in regards to information security, as well as provide an outline for how your organization will meet these goals.

4. When looking to prevent security breaches and fraud, how do you monitor the systems you have in place? If you haven’t already done so, start implementing network intrusion detection systems that regularly review system logs and activities. This will allow you to investigate any suspicious activity before it becomes a big problem.

5. If a security or data breach were to take place, do you have a response plan in place? Data and security breaches often blindside people and organizations, and make it difficult to respond in an efficient matter. Having a detailed, emergency plan in place will not only allow you to act quickly and with confidence, but will also provide a blueprint for how to manage:

  • Containment
  • Investigation
  • Legal actions
  • Public relations

6. Do you have a patch management strategy, and if so, what does it look like? A thorough and comprehensive patch management process allows businesses to protect themselves from newly discovered threats – both internally and externally. It is important to note that in order for this to be effective, all software and systems should be covered.

7.  Do you perform initial and periodic security checks on new vendors?
In order to stay ensured that your data is being adequately protected by your vendors, it’s always a good idea to review the security controls they have in place. If gaps are found, you can then take action to correct them before damage is done.

8. Have you identified and protected all sensitive data? 
As a business, always identify any and all sensitive or confidential data, make note of where it is stored, and look into the adequacy of the processes protecting the data.

9. Have all high-risk technology systems been identified? Utilize a basic IT risk assessment and focus your resources on high-risk areas to help you evaluate your security control efforts.

10. Do your employees receive adequate security training? Unfortunately, some of the most common security breaches are a result of employees accidentally divulging sensitive information. Continual security awareness training and testing will not only protect your systems, but also help your employees identify and avoid attackers utilizing social engineering techniques.

Warning- One Cloud does not Fit All!

Let’s just be clear from the get-go: one cloud does NOT fit all. It’s true that cloud computing technology can lead to some major benefits, including reduced spending, business mobility, greater efficiency and more – but today we see hundreds of cloud providers boasting the exact same benefits. When businesses see this, they assume they can play eenie-meenie-miney-mo and get a magical solution to fix their business operations.

Our suggestion? Don’t choose your provider or solution at random! Do deeper research to identify the strengths of each provider. Why? Because the cloud comes in all different shapes and sizes, including public, private and hybrid models, and some providers might not be able to give you exactly what you need. In that case, you’d be wasting time and money while seeing no business progress.

When deciding whether or not to move to the cloud, you first have to consider what you want. Everything depends on your business’ needs and goals.

So, plan ahead! Because the cloud is worth the planning time. You should step back and truthfully identify your business’ problems, expectations and goals. If you begin the process by trying to decide which cloud service to use, you’ve already missed a step. First, decide what parts of your business make sense in the cloud. Identify your strengths and weaknesses before moving forward. Let’s take a look at how different sized businesses require different cloud solutions.

Small businesses still require up-to-date IT resources to run smoothly, even with their limited budgets. The cloud can help. A small business solution has to be flexible and scalable, with a pay-as-you-go option. This allows the business to only pay for what it uses, which is much more affordable than typical CapEx spending. This type of cloud solution allows a small business to play on a level playing field with larger organizations without breaking the budget.

For a medium business, the issues are slightly different. These organizations focus on growth, and need a solution that can grow as they grow. These organizations also have higher expectations when it comes to software and technology tools, and the cloud can give them access to these resources. In this case, the cloud solution needs to be one that is scalable and offers leading technology applications.

And when it comes to large businesses, the focus switches again. These organizations need to manage all the IT resources while remaining innovative – and that can be a lot of responsibility for an in-house IT team alone. With the right cloud provider, these larger organizations get around-the-clock support and management for their system, allowing them to focus on moving the business to the next level. This cloud solution requires excellent uptime and security with great customer support.

These three examples display only a few ways in which one business’ cloud solution may differ from another’s. That’s why it’s important to establish a plan before making the move.

And when you do decide to make the move, you don’t have to do it all at once. You probably want to start with systems that are easiest to move, saving mission-critical items for the end. This will reduce interruptions during your transition. This also allows you to take time to understand how your business works in the cloud, and decide exactly how you want to move forward. Once you get going, it’s easy to scale your service up or down and move new systems into the cloud.

We’ve said it once and we’ll say it again: the cloud is not a one-size-fits-all solution, and it won’t solve every single one of your business problems. But that doesn’t mean it can’t benefit the majority of organizations.

Only 10% of Hospitals & Clinics Keep Their Patients’ Data Safe

According to privacy researchers at the Ponemon Institute, “Recent numbers show 90% of health care organizations have exposed their patients’ data — or had it stolen — in 2012 and 2013.” The implications of this research are far-reaching and unsettling for most consumers.

Most attacks are caused by hackers who want to acquire medical records due to their extreme value. The information in medical records (name, birthdate, addresses, phone numbers, medical history and social security numbers), can be easily used for identity theft, fraudulent medical billing or acquiring prescriptions to resell on the street. Hackers can use the medical information to accomplish just about anything once acquired. This flaw in IT security is not a series of isolated incidents but an incredibly widespread problem now affecting millions of people across the nation.

In August, Community Health Systems reported that Chinese hackers had allegedly stolen a staggering 4.5 million patient records in what could be the largest breach of patient data to date. The company is treating the breach as a violation of HIPPA, even though the hackers didn’t gain access to medical records (only names, addresses, birth dates, phone numbers, and Social Security numbers were stolen). The breach happened between April and June this year, and was discovered in July. According to cyber-security firm Mandiant, which helped investigate the breach, the group responsible for the attack is known as “APT 18,” and may have links to the Chinese government.

The majority of hospitals and health organizations are using outdated technology on a single network making the job of hacking into networks even easier for criminals. IT security is often a large oversight for healthcare organizations because their objective is to save lives. Unfortunately, lack of internal IT expertise and outdated technology plagues the healthcare industry making it an easy target.

The challenge here is that doctors are inherently more interested in saving lives, instead of upgrading their IT security. This a great thing for society and we believe that’s exactly what doctors should be focused on! The only thing is that IT security must be addressed too. Over the years, we’ve learned exactly what it takes to protect health organizations and we love being a part of the solution to this problem. It’s unfortunate when something like this happens but it brings much needed education to the issues at hand. We consider it our duty to educate our market and provide doctors with the technology tools they need to do their jobs, protect their  patients and spend their time focused on saving lives, instead of firewalls. That’s our job.

In Cloud We Trust – Cloud Security

Network Security 4

We’ve all heard it before: “If you move to the cloud, all of your data will be at risk!”

Countless studies have shown that cloud security is the major factor standing in the way of cloud adoption. While in some cases companies are right to be wary, like most things, not all cloud providers are created equal. In fact, the security a company experiences with the cloud solely depends on the provider chosen. It’s wrong to lump all cloud providers together and assume a general opinion on cloud security, whether that opinion is good or bad. Just as some companies currently have better in-house security than others, some cloud providers view security as a larger priority than others. And the word security is all-encompassing, referring to physical and network security, as well as compliance.

Physical Security

A great cloud provider will have multiple physical security measures in place. Look for providers that can offer the following: full credential-limited access to data centers, key card protocols, biometric scanning systems, exterior security systems, on-premises security guards, digital surveillance and recording, secured cages, around-the-clock interior and exterior surveillance monitor access, and employees that have undergone multiple, thorough background security checks. This isn’t asking too much. These are the things that will protect your information. The best facilities will also include environmental controls such as redundant HVAC systems, circulated and filtered air, and fire suppression systems.

Network Security

A reliable cloud provider should be able to guarantee geographical diversity of data center locations as well as full redundancy. With these steps in place, companies can ensure that in the event of a disaster, their business-critical data and applications will be safe and accessible, even if one of the data centers is affected. Look for in-flight and at-rest encryption, strong firewalls, password protection and around-the-clock monitoring. Make your provider prove itself, and ensure that it can demonstrate strict and accurate Service Level Agreements.

Compliance

Today, more and more industries have regulations and standards to meet. “Compliance” is an extremely important word for businesses in all industries, as it refers to the laws that are in place for security and privacy purposes. Your cloud provider should meet, if not exceed, large compliance laws such as HIPAA, PCI DSS, and Sarbanes-Oxley. Whether or not your company needs to meet these regulations, you want a cloud provider that understands and follows the top compliance laws because this demonstrates that they are knowledgeable and trustworthy.

The reality of today is this: cloud computing is a growing, important technology that is being adopted by the majority of businesses. In order to remain relevant and modern, cloud is the way to go. By no means should you risk your company’s security to do so, but you should work to find a provider that is trustworthy and can offer excellent physical and network security for your data. You have to remember that cloud providers are businesses too – they put loads of money into ensuring that their customers information is secure. For the most part, they aren’t willing to risk their reputation and customers for lesser security. As long as you take the appropriate steps to ensure you’re working with a legitimate, secure provider, the cloud is ‘absolutely a viable and intelligent option for your organization. And when you make the move, you’ll experience better security than you ever had in-house.

Phishing Campaign Linked with “Dyre” Banking Malware

NCCIC / US-CERT

Overview

Since mid-October 2014, a phishing campaign has targeted a wide variety of recipients while employing the Dyre/Dyreza banking malware. Elements of this phishing campaign vary from target to target including senders, attachments, exploits, themes, and payload(s).[1][2] Although this campaign uses various tactics, the actor’s intent is to entice recipients into opening attachments and downloading malware.

Description

The Dyre banking malware specifically targets sensitive user account credentials. The malware has the ability to capture user login information and send the captured data to malicious actors.[3](link is external) Phishing emails used in this campaign often contain a weaponized PDF attachment which attempts to exploit vulnerabilities found in unpatched versions of Adobe Reader.[4](link is external)[5](link is external) After successful exploitation, a user’s system will download Dyre banking malware. All of the major anti-virus vendors have successfully detected this malware prior to the release of this alert.[6](link is external)

Please note, the below listing of indicators does not represent all characteristics and indicators for this campaign.

Phishing Email Characteristics:

  • Subject: “Unpaid invoic” (Spelling errors in the subject line are a characteristic of this campaign)
  • Attachment: Invoice621785.pdf

System Level Indicators (upon successful exploitation):

  • Copies itself under C:\Windows\[RandomName].exe
  • Created a Service named “Google Update Service” by setting the following registry keys:
    • HKLM\SYSTEM\CurrentControlSet\Services\googleupdate\ImagePath: “C:\WINDOWS\pfdOSwYjERDHrdV.exe”
    • HKLM\SYSTEM\CurrentControlSet\Services\googleupdate\DisplayName: “Google Update Service”

Impact

A system infected with Dyre banking malware will attempt to harvest credentials for online services, including banking services.

Solution

Users and administrators are recommended to take the following preventive measures to protect their computer networks from phishing campaigns:

US-CERT collects phishing email messages and website locations so that we can help people avoid becoming victims of phishing scams.

You can report phishing to us by sending email to phishing-report@us-cert.gov(link sends e-mail).

References

Revisions

  • October 27, 2014: Initial Release