Category: Security

Windows 7 Support ends one year from today

Time is running out for organizations and users still running Windows 7 to upgrade to Windows 10, with official support from Microsoft ending on January 14, 2020. Once Windows 7 support ends officially, the once widely used operating system will receive no updates, small or critical.
Mainstream support for Windows 7 — that is new features and usability improvements, actually ended in 2015 with the release of Windows 10, however, it still received the crucial monthly updates and critical patches that protect systems from hackers.

Malware is able to spread much more quickly on systems that have not received updates since hackers are able to take advantage of known compromises and spread that information to one another on the dark web and other places. The result is a messy situation in which the vulnerable systems can talk to one another to spread things like ransomware. Antivirus alone can only go so far in protecting machines that are not up to date as the backbone of the antivirus software becomes outdated as well.

“Malware is able to spread much more quickly on systems that have not received updates since hackers are able to take advantage of known compromises…”

There are still a lot of companies out there that have not completed their migration to Windows 10. In a report on TechRepublic, Sumir Karayi, founder & CEO of the security firm 1E said “There are very few companies out there that have entirely completed their Windows 10 migrations. A number have done the easy 80%—the in-place upgrades, the machine replacements—but that last 20% is proving the hardest part of the entire process.”

It is because of this that organizations have two options for retaining support past the cut-off date in 2020. An Extended Security update plan can be purchased from Microsoft directly for an undisclosed price to protect the operating system until 2023. The second option is to purchase Microsoft Virtual Desktop, a recurring subscription service from Microsoft that allows you to purchase remote access to a desktop on a server hosted in their own Azure platform for a monthly fee. These options place the support paths off the table for consumers and most small businesses, with an upgrade remaining the only feasible option.

Windows 7 has received monthly patches from Microsoft on the first Tuesday of each month since its inception.

If your organization has not begun to migrate to Windows 10, there is no time to spare– you should work to have a plan in place to ensure safe operation of your network and its contained operating systems. Contact VMX Technologies today to review your network and put a plan in place if you don’t already have one. It is never too late to begin planning for tomorrow’s challenges.

Does your company have a plan for Windows 7 end-of-life? Do you intend on purchasing extended Windows 7 support from Microsoft, or migrate to another operating system entirely? Let us know below in the comments.

Bip Dharma Ransomware Discovered

2018 has been an active year for vulnerabilities, malware, and other scams. Yesterday, a new variant Bip Dharma, was discovered by Michael Gillespie, a well known ransomware watchdog. This particular variant appends all encrypted files with a .Bip extension. The malware itself scans for any data files, such as standard Word, Excel, photos, or other files, and encrypts them.

This variant is considered particularly serious because of it’s ability to encrypt shared network drives that are not even mapped to the affected computer. It will also encrypt a virtual machine’s host drives, making it extremely dangerous if a virtual server is infected. This means this ransomware acts similarly to the GrandCrab variant that appeared earlier this year. Even worse, this ransomware will actually delete any volume shadow copies (previous versions of files) on the machine as to prevent any restoring from an earlier local machine backup.

What to Look Out For?

**Files that have been encrypted will appear as they are shown above, with a .Bip extension appended.**

When a machine is infected, you’ll notice the file structure will appear as they do in the image above, with the e-mail address to decrypt the files right in the file name (Beamsell@qq.com), the .Bip extension, and the original file name. There are also two separate ransom notes left on the machine. The first is Info.hta, which launches automatically when any user logs into an affected machine, and the second, a text file named FILES ENCRYPTED.txt. The ransomware will run at every log on, encrypting any new files it has access to over the network or locally on the machine, so it’s imperative that all infected machines be removed from the network immediately!

Decrypting Files

As with most ransomware, there currently exists no way to freely decrypt any of the encrypted files. Currently, you must rely on proper backups. Without a proper backup of files, it is impossible to retrieve without paying the ransom. As this is a new variant, it is currently unknown whether or not a real decryption hash key is provided upon paying the ransom.

Staying Safe from Ransomware

VMX Technologies clients: We have you covered. With functioning, regularly checked backups, endpoint and network security measures in place, and a team of technicians working behind the scenes to ensure Windows Updates are installed and antivirus is running, there is little that can bring you to a halt. However, nobody is exempt from ransomware, and there are still measures you can take to ensure you’re protected.

Backups are key — backup regularly and often. Make sure you’re saving your files to a backed up location such as a server or cloud storage.
Check for Windows Updates regularly — These are security updates and are absolutely essential.
Allow your antivirus to do it’s job– leave it enabled so it scans your downloaded files and documents
Do not open an attachment from somebody you don’t know. Let someone know if it looks suspicious.
Don’t re-use passwords. Nobody wants to regularly change their password but a weak password can seriously impact your personal and professional life.

If you have more questions, you are always welcomed and encouraged to reach out to VMX Technologies at 856-719-1955, or by e-mailing support@vmxtechnologies.com. Technicians are always available and standing by to assist you with your issues.

PC Vulnerabilities – Meltdown and Specrte

This week two brand new vulnerabilities were discovered that affect PC processors of every Intel PC released in the past 20 years, bringing network security into the limelight bright and early in 2018. The vulnerabilities are being dubbed Meltdown and Spectre and they affect your PC in new and devastating ways.

Meltdown is a vulnerability that breaks the isolation between user applications and the operating system. This simply means that the walls between different applications you may be using and your operating system, like Windows 7 or 10 are down and information can be collected by your operating system and transmitted back to another party. If your PC processor is vulnerable and your operating system has not been patched, it’s simply not safe in any fashion to work with sensitive information due to the potential leaking of information. This affects both personal computers, cloud infrastructure, and business workstations that are unpatched.

The exploit was discovered and reported by three teams: Google Project Zero, Cyberus Technology, and Graz University of Technology.

[button open_new_tab=”true” color=”accent-color” hover_text_color_override=”#fff” size=”medium” url=”https://vmxtechnologies.com/wp-content/uploads/2018/01/meltdown.pdf” text=”Meltdown Whitepaper” color_override=””]

Spectre is a separate vulnerability that can break down the walls between applications running on a machine at any given time, and can trick them into leaking their secrets to each other and an outside source. Some software that might be used to help prevent these kinds of attacks can actually make the attack more likely to succeed!

Spectre was discovered by two people, Jann Horn of Google Project Zero and Paul Kocher

[button open_new_tab=”true” color=”accent-color” hover_text_color_override=”#fff” size=”medium” url=”https://vmxtechnologies.com/wp-content/uploads/2018/01/spectre.pdf” text=”Spectre Whitepaper” color_override=””]

Measures can be taken immediately to prevent these kinds of attacks and should be taken seriously. If you work with sensitive data, make sure the proper steps have been taken to fortify your machine and your network. VMX Technologies managed service clients have had the proper steps taken to ensure safety in the matter.

If you are interested in reading more about these attacks, the researchers who have discovered them have published extensive information online at meltdownattack.com.

Essential tips for email security

Email is one of the best things the internet has made possible. We use email to signup for websites, apply for jobs, make payments, and much more. But when we put more sensitive information into our emails, we also are exposing ourselves to the risk of data theft. What’s more, you stand to lose more than just an email account if hackers get their hands on your vital information. So, here are some tips to strengthen your email security.

Use separate email accounts

Most people use a single email account for all their personal needs. As a result, information from websites, newsletters, shopping deals, and messages from work get sent to this one inbox. But what happens when someone breaks into it? There’s a good chance they would be able to gain access to everything else.

Having multiple email accounts will not only boost your security, but also increases your productivity. You can have a personal account to communicate with your friends and family, another solely for receiving emails from work, and one recreational account for various website registrations and getting newsletters. Wise email users never put all their eggs in one basket!

Set strong passwords

Too many email accounts have predictable passwords. You might be surprised to learn that email passwords like ‘123456’, ‘qwerty’, and ‘password’ itself are still the most common around. For the sake of security, be a little more selective with your passwords. Spending a few moments on coming up with a good password will be beneficial in the long run. Mix upper and lower case letters, numbers, and special characters to form a unique password that makes sense and is memorable to you, but no-one else. Also, never use the same password for all your email accounts. This way, if someone hacks one of your accounts, all of the others are still safe.

Beware of links and attachments

When you see a link in an email, don’t click on it unless you’re expecting the link from a known source, such as from your friend or a confirmation link for your game account registration. The truth is that you never know where those links might lead you. Sometimes they can be safe, but other times they can infest your computer with viruses and malware.

Similarly, if you’re expecting a file from your friend or family, then go ahead and open the attachment. It’s always good to know the person sending the file. But be wary of attachments in emails from strangers. Even if the file name looks like a JPEG image, you should never open it. File names can be spoofed, and innocent files may be a clever virus in disguise, ready to latch itself onto your computer the moment you click on it.

Beware of email phishing

Phishing is a type of online scam when malicious users send you an email, saying that they’re representatives from high-profile websites like eBay, Facebook or Amazon. They claim that there’s a problem with your account, and that you should send them your username and password for verification. The fact is that, even if there was a genuine issue with your account, these companies would never ask for your password. You should ignore these phishing emails and sweep them into your spam box.

It all comes down to common sense when you’re dealing with email security issues. If you’re looking to secure your business emails, give us a call today and see how we can help.

Published with permission from TechAdvisory.org. Source.

Enhanced sign-in security for Venmo

With the threat of sophisticated intrusion on the rise, there has never been a more important time to be vigilant about IT security. Whether it’s selecting a difficult-to-guess password and then changing it frequently, or remembering to properly log out of social networking sites when using a shared computer, there are plenty of simple steps we can all take to better protect ourselves online. Nowhere is this more vital than when using online banking systems or mobile payment portals. If you’re a user of peer-to-peer payment provider Venmo, you’ll be pleased to hear the service just gave you the benefit of extra security protection.

The Venmo platform is known for its convenience and ease of use, and is commonly used to split the cost of drinks, dinner, taxis and the like. The app is now adding a raft of new security-focused features, in response to criticism of its record for ensuring the security of its customers and their financial transactions.

Back in February, a Venmo user discovered his account had been hacked and used to withdraw almost $3,000 from his credit card. The intruder had also thought to change the email address associated with the Venmo account and to disable notifications of payments, but Venmo did not tell the genuine user about the changes that had been made. Venmo was decried for letting basic lapses in security exist in its trendsetting platform.

Now the service is doing what it can to pick up the pieces and up the ante on the security front. The most obvious change is to incorporate automatic email notifications when changes are made to the basic personal details associated with a Venmo account – a feature which many believe should have been built in from the word go. But the app will also add multi-factor authentication, another name for the two-step verification that can be enabled within Google Apps and other services. This feature makes it more difficult for would-be intruders to gain access to your account, even if they manage to get hold of your password.

Multi-factor authentication works by requiring not only your password for login, but also a second piece of information such as a one-time code – often generated on-the-spot and sent by SMS to the user’s cell phone – or the answer to a pre-set security question. Insisting on two phases to the sign-in process allows another opportunity to stop potential fraudsters in their tracks. The changes being implemented by Venmo also reflect the growing awareness on the part of technology companies for the need to get serious about security and protect the integrity of their systems and their users’ data.

You can put multi-factor authentication to use in your IT systems to keep your business protected. Get in touch with us and we’ll show you how.

Published with permission from TechAdvisory.org. Source.

2015mar18_security_b authentication fraud mobile payments multi-factor QS_3 security two-step venmo verification

Easy tips for better internet security

With over 3 billion internet users around the globe totaling roughly 40 percent of the population, the internet is rife with opportunities for hackers to steal your information. And with technology constantly evolving and the internet growing, it’s not likely to get safer anytime soon. It therefore pays to take extra precautions when surfing the web. That’s why we’ve compiled these three easy tips that can amp up your online security.

Embrace two-factor authentication

Also known as two-step verification, most of us have likely dealt with this at one time or another. When you’re logging onto your bank’s website or your email account from a different computer than you normally use, you’re sometimes prompted for a one-time password – sent to you via text message, email or via some other method.

Nowadays, many sites such as Facebook, Dropbox and Twitter also give you the option to use two-factor authentication each time you log in. So if you’re looking for an easy way to up your security, it can give you that extra protection without slowing you down too much.

Update browsers and devices

Did you know that dated versions of browsers, operating systems and even other software packages can create an easy entry point for hackers? Often, new updates are created specifically to fix security holes. And hackers are ever aware that people can be lazy – saving that update for another day that never seems to come. They’ll often try to take advantage of this, searching for outdated devices to infiltrate while their victims watch Youtube on last year’s version of Firefox.

Yes, installing an update might take 15 minutes of your time. But it can pay dividends in preventing a security breach that could cost you or your business thousands.

Use HTTPs

When was the last time you typed those letters into a browser? Probably not this decade. It’s no wonder most people are unaware of this tip. So for those who are oblivious, https is the secure version of http – hypertext transfer protocol. Believe it or not, that last “s” actually adds an extra layer of protection. It encrypts information sent, both ways, between a website’s server and you.

You’re probably thinking, adding that last “s” to http (or even typing in http in general) is a complete pain in the rear. So to make this easier you can actually install a program like “HTTPS Everywhere” that’ll automatically switch an http into an https for you. Currently “HTTPS Everywhere” is available for Firefox, Chrome and Opera.

Looking for more tips to boost your internet security? Get in touch to find out how we can help.

Published with permission from TechAdvisory.org. Source.

2015mar04_security_b encrypts hacker HTTPS Internet security QS_3 Two factor Authentication Update

How Apple made FaceTime and iMessage safer

We have become acclimatized to ever-present threats to the security of the information and files we share and store online. But we all still want our data to be as secure as possible and, following high-profile breaches such as the celebrity photo leaks of 2014, if anything the issue of online security is even more prominent in our minds. Since those leaks took place, the security of Apple platforms has in particular been the subject of public scrutiny – it is therefore good news that Apple has now extended its two-step authentication feature to popular applications FaceTime and iMessage.

After the fall-out from the celebrity photo leaks, Apple extended the two-step authentication process (also known as two-step verification) to iCloud, the online storage platform at the center of the scandal. The feature was initially introduced only to the user IDs for access to Apple accounts; the motivation for the launch of that extra security measure was the hacking of a journalist’s data back in 2013. But what is two-step authentication and how does it work to protect your data?

The premise behind two-step authentication, which experts recommend all businesses implement as part of their security strategy, is actually pretty simple. Usernames and passwords are all too easily stolen by malicious parties, whether by phishing emails or a more sophisticated hacking attack. So, rather than typing just your username and password to access your account, the password is teamed up with a four-digit verification code which is newly and uniquely generated each time you attempt to access your account.

The verification code is delivered by text message (meaning that to use the two-step verification feature, you’ll need to have a cellphone to receive the SMS on). As a result, even if a hacker manages to get hold of your password, unless they also have your phone by their side then they won’t be getting into your account. This authentication method is already used by organizations around the world including banks, mobile service providers and other companies who recognize the added layer of security that it brings. And now you can give yourself the same level of protection to ensure that only you can FaceTime your family and send iMessages to your friends.

Fear not, there’s a backup plan to ensure that you can still access your accounts if you happen to forget your password or if something happens to your phone so you can longer receive authentication codes. Apple also provides you with a 14-character recovery key that will get you back in if all else fails. To enable two-step authentication for your FaceTime and iMessage applications, login to your Apple ID account, select Password and Security and then click Get Started under Two-Step Verification.

To find out more about using two-step verification and other security measures to protect your business, contact us today.

Published with permission from TechAdvisory.org. Source.

2015feb18_security_b authentication Passwords QS_3 security two-factor two-step verification

Why you need to know about the Poweliks threat

Most of us have suffered the horrors of a computer virus at some point, and we know the damage that can be caused by these security infections. Our work gets disrupted as IT systems go down and, if we’re really unlucky, sensitive and valuable data might be lost or even leaked. But there’s a silver lining to most viruses, worms and other such malware, in that they can at least be tracked down and removed. Well, not always – enter the invisible Poweliks, which even your most sophisticated anti-virus software might not be able to protect you against. So, what do you need to know and how can you protect yourself?

What is Poweliks?

Security firm Symantec describes Poweliks as a trojan horse that performs malicious activities on the compromised computer. But it’s no ordinary trojan – unlike the majority, which infect your computer with malicious files, Poweliks is a silent and invisible threat that hides away in the memory registry of your system. It’s not entirely new for a virus to seek to cover its tracks by making itself “file-less” but, in contrast with Poweliks, most are wiped when you restart your computer and its memory is cleared. Worse still, Poweliks hijacks the legitimate processes and applications running on your network, inserting its code into them where it can largely evade detection.

First discovered back in August 2014, Poweliks has therefore created something of a headache for firms behind conventional security solutions like anti-virus software. Symantec and others have admittedly managed a number of updates to their protection in response to the threat posed by Poweliks. But although very minor records of the presence of the trojan are left behind by way, for instance, of registry logs, the signs of its destructive presence are much lower key than the computer world is used to, meaning Poweliks is unlikely to show up on most system scans.

Poweliks has links to Kazakhstan, the home of two servers the malware connects to once it is up and running from within your computer. The servers in Kazakhstan then send commands to the bug to tell it what to do next. In theory, this then makes way for the tool to be used to download other undesirable programs that could infect your system without your knowledge. It could equally be used to steal and disseminate data from your network.

How can I best protect myself?

As well as the anti-virus updates that have gradually been released – but which are still likely to have only a limited impact on threats of this type compared with those of the past – a number of Poweliks removal guides are now available online. Nevertheless, prevention as ever, remains better than cure. One method reported to have been employed in the distribution of the Poweliks infection is embedding it in a Microsoft Word document, which is then sent as an attachment to spam emails, and which the attackers hope your curiosity will lead you to open. Among the senders that these spam messages have masqueraded as being from are the United States Postal Service and Canada Post. Of course the best advice remains to be suspicious of any and every email attachment you open, particularly if you weren’t expecting mail or it’s from someone you don’t know.

Should I be concerned?

In fact, revisiting your everyday security precautions is probably pretty good advice all round, since experts predict that this type of threat is likely to become ever more common as attackers seek to exploit the techniques of Poweliks in order for their infiltration to remain unnoticed for as long as possible. Sure enough, a number of copycat threats have already been detected by security specialists as of the start of 2015.

General awareness around web sites you choose to visit is also recommendable in particular, since others have also reported the bug making its way onto their systems thanks to so-called ‘drive-by download attacks’ – whereby simply visiting a malicious web site is enough to trigger the infection, and actively downloading a file isn’t even necessary. As a result, organizations may wish to consider more comprehensive filtering of internet access, or at the very least reactive blocking of known malicious sites, in order to prevent employees from inadvertently infecting a company network.

To find out more about IT security solutions and protecting your technology from attack, contact us today.

Published with permission from TechAdvisory.org. Source.

2015jan28_security_b anti-virus attachments bugs malware poweliks QS_3 security spam trojan virus

3 IT security take-aways from the Sony hack

Any business can become the victim of security breaches on a mass scale, as shown by the debacle which recently eclipsed Sony and forced it to temporarily cancel the release of blockbuster movie The Interview. Beneath the dramatic headlines are lessons for small business owners everywhere in how simple errors in IT security management can have grave consequences. These tips will help prevent your firm being the next to suffer Sony’s fate.

Don’t let basic security habits slip

Our modern-day instinct tells us that the answer to potential security breaches is to install new layers of antivirus software, firewalls and further encryption systems. While these are all worthy additions to your company’s armor of security shields, they will do little to help if good old-fashioned protective habits are allowed to slide.

Instill a disciplined, security-conscious mentality in your organization, and keep the messages simple so that staff remember and follow them. Focus on regularly changing passwords and keeping them secret, being vigilant about avoiding unexpected links in email messages, and limiting network access for the likes of external contractors to that which is absolutely necessary.

One of the ways hackers made their way into the Sony network was by tricking administrators into thinking they had a legitimate need for access: teach your staff to be careful, and praise cautiousness even if it turns out access is warranted. Encourage staff to flag up potential security lapses, and make sure they know that reports will be followed up and loopholes closed.

Take a flexible and agile approach to IT

IT changes, and so do the ways best suited to keeping it safe. This means it is vitally important to keep your IT systems up to date, and where necessary to do away with outdated practices that could leave your business technology exposed. This involves more than just ensuring that your network is running updated antivirus software to catch the latest bugs and worms – it means staying abreast of emerging methods to mitigate potential threats from hackers worldwide.

All of this uses staff and resources that your small business might not have – which is where outsourced managed services come in. Using a managed service provider as an add-on to your own IT team can give you extra flexibility and the ability to keep abreast of industry security developments, even when you lack the time to do so yourself.

Equally, know when it is time to ditch data – think of emerging social networks like Snapchat, which set messages to self-destruct after a set time, as your cue to make your data retention policy less permanent, particularly in relation to email. If you no longer have a business need or a regulatory requirement to retain information, then delete it – in the process you can limit the possible damage even if the worst should occur and you fall victim to an external attack.

Backup, backup, backup

The last thing you want in the event of a security breach is for it to hit your day-to-day operations – the potential damage caused by the hack itself is likely to give you enough to worry about. But that is exactly the situation Sony found itself in after its latest hack, with its email system down and staff forced to return to the days of pen, paper and even the fax machine.

As well as ensuring alternative means of communication remain open to your business in the aftermath of a possible attack, it is also vital to make sure that you retain access to the information most critical to your work. Regular, secured backups help ensure that, whatever happens, the show is able to go on and your firm’s productivity and revenue are not unduly hit. Engaging professionals to undertake your backups on a managed service basis also means this can happen routinely and without fail, while you stay focused on running your business.

Want to learn more about how to reduce your IT network’s vulnerability to attack? Get in touch with us today.

Published with permission from TechAdvisory.org. Source.

2015jan12_security_b avoiding security breaches firewall hack it security preventing attacks QS_3 sony viruses

Looking at a new spear phishing attack

Take some time and research how companies are hacked and you will quickly come to realize that there are a wide variety of methods at a hackers disposal. One of the increasingly common, and effective strategies being employed is spear phishing. In early December 2014, a new spear phishing attack was uncovered, one that has proven to be quite effective against large businesses, and could possibly target small companies as well.

What is spear phishing?

Spear phishing is an advanced form of phishing where attackers troll the Internet for relevant information about you and then create a personalized email that is sent to you. This email is usually developed so that it appears to be coming from a friend or trusted partner and contains links to a site or program that can initiate an attack or steal information.

More often than not, these links are to websites where you enter account information, passwords, and even bank account details, or any other personal information which can be used to break into computers and even steal your identity.

What is this latest spear phishing attack?

This new form of spear phishing, being carried out by an organization who calls themselves FIN4, has actually been around since as early as mid 2013. When they attack Wall Street listed companies they are doing so to steal valuable plans and insider information.

What we know is that they send highly savvy and targeted emails to people at a company, trying to harvest Microsoft Outlook account information. Once they have this crucial data they then target others inside, or connected to, the organization, with the same email, while also injecting the code into ongoing messages. This method can spread the attack quickly, leading to a potentially massive security breach.

In the email examples of this phishing threat, the attackers write mainly about mergers and other highly valuable information. They also include a link to a forum to discuss the issues raised further. These emails come from people the recipient already knows, and the link is to a site that asks them to enter their Outlook account and password before gaining access. When this information is entered, it is captured by the attacker and used to launch more attacks.

What can we do to protect our systems?

From what we know, this attack is being carried out largely against law firms, finance companies, and other large organizations. While this discounts many small businesses, there is a good chance that the attackers will turn to small businesses operating with larger companies at some point.

Because this is an email-based attack, you need to be extra vigilant when opening all emails. Be sure to look at the sender’s address, and read the body of the email carefully. While hackers generally have good English skills, they aren’t fully fluent, which means you will notice small mistakes. Also, keep in mind previous emails sent by the recipient. If the tone and style is off, then the email may be fake.

It is important to always look carefully at all links in email messages. If a link looks suspicious, then ask the recipient for more information or to tell you where the link goes. If you come across any site asking you to enter account information, be extra careful. Look at the URL address in your browser, if it doesn’t sat HTTPS:// before the address, then it may be a good idea to avoid this.

If you have any questions on spear phishing and how you can prevent it, contact us today to see how we can protect your business.

Published with permission from TechAdvisory.org. Source.

2014dec24_security_b new spear phishing attack new spear phishing threat QS_3 spear phishing 101 spear phishing attack spear phishing uncovered