Gone Phishing

phishingToday I witnessed first hand a new threat that has successfully infiltrated a friend of mine: a DocuSign phishing email.

Hackers have stolen the customer email database of DocuSign, the company that allows companies to electronically sign documents. These criminals are now sending phishing emails that look exactly like the real DocuSign ones, but they try to trick you in one of two ways:

  1. With an attachment to an encrypted (to bypass antivirus software) Word document and an accompanying password to “unlock” it. This will potentially launch any sort of nasty surprises upon its victims, including Ransomware, which I wrote about last week;
  2. With a link to a phishing site that asks for email credentials to gain access to the DocuSign document. This provides the hacker complete access to your email account, including potential access to your OneDrive or Google Drive documents and also a base from which to launch a further attack to all of your contacts.

Either of the above two scenarios is not pretty and malware may be installed on your workstation. So if you get emails that look like they come from DocuSign (or any other web service, for that matter) and have an attachment or a link requesting login credentials, be very careful. If there is any doubt, pick up the phone and verify before you act on any suspicious email. When I replied to the email I received today, it was actively responded to by the hacker, who “assured” me that it was legitimate. This is a classic example of why you must use a separate medium to confirm the authenticity of any suspected email you receive!

How can you protect yourself from this type of threat? There are two things you can do:

  1. Pay attention to any email you receive and always be suspicious, particularly when an email is unexpected.  If you or any of your staff needs security awareness training, contact us!
  2. Implement two-factor authentication (this is a very old link – I’ll update it shortly) on your email system to prevent third parties from stealing your credentials. Again, contact us if you need assistance with implementing this for yourself and your users.

Remember: Think Before You Click.

Stay safe out there!

Dan

 

Ransomware Alert – What you should know

EXECUTIVE SUMMARY:

Yet unknown cyber criminals have taken an NSA zero-day threat and weaponized a ransomware strain so that it replicates across networks without user intervention. There is a 2-month old Microsoft patch that urgently needs to be applied if you have not done that already. For older obsolete systems, such as Windows XP, the patch was just realized this weekend.

I have written about ransomware in the past. For more information, see this link: Ransomware 101

Please contact us if you’d like more information or have any concerns.

WHAT YOU CAN DO ABOUT IT:
I have said this before: be very careful when you get an email with an attachment you did not ask for. If there is a .zip file in the attachment, do not click on it but delete the whole email. Remember: “When in doubt, throw it out!” If it was truly important, the sender will contact you by other means and can always resend the email.

Claritech has checked our list of supported devices and are actively patching the handful that were not up to date as they come online. If you are not under a current Claritech support plan, we urge you to either patch your systems yourself or contact us as soon as possible.

Whether or not you are a current Claritech customer, please contact us if you have any concerns or would like more information and a free vulnerability assessment.

BACKGROUND:
You may have seen the news this weekend. Criminal hackers have released a new strain of ransomware that spreads itself automatically across all workstations in a network, causing a global epidemic. If you or a co-worker are not paying attention and accidentally open one of these phishing email attachments, you might infect not only your own workstation, but it could automatically spread to those around you.

Hundreds of Thousands Machines Infected Worldwide
FedEx Corp, Renault, Nissan, Russian banks, gas stations in China, and Spanish telecommunications firm Telefonica which reported 85% of their systems being down as a result of a cyberattack earlier today, and ironically the Russian Interior ministry had 1,000 machines encrypted. Even the German Railways were infected.

Dozens of hospitals in the UK were shut down. Cybersecurity experts have long used the phrase “where bits and bytes meet flesh and blood,” which signifies a cyberattack in which someone is physically harmed. This monster has infected hundreds of thousands of systems in more than 150 countries. Monday morning when people get back to work, these numbers will only go up.

Ransomware 101

Poster06Ransomware is a major Internet security challenge. This article explains how hackers use it to extort money from their victims and how we can protect ourselves.

What is ransomware?

In a nutshell, ransomware is malicious software that is installed on your PC through the typical virus installation methods:

  • Through hacked or malicious web-sites via browser flaws or social engineering;
  • Through emails with malicious attachments or links to malicious sites;
  • Through compromised downloads, such as “free” software or videos/images hosted on suspicious web sites;
  • Via the local network from other infected computers through operating system flaws;
  • From compromised USB keys or CDs.

The difference between ransomware and other viruses is that, once established, your files become encrypted and inaccessible and held for ransom by an anonymous hacker. This applies to network as well as local files. Essentially any files that your local PC has access to can be compromised.

What can I do if I become a victim?

There are really only four choices available once you become infected with ransomware, in order of preference:

  1. Recover from backup – this is the preferred recovery method;
  2. Attempt to decrypt your files using tools and services available online;
  3. Start over and live without the encrypted files;
  4. Pay the ransom.

If you think of ransomware as a nasty virus or a hard drive crash that destroys all of your files, you’re on the right track. The positive thing (if you look at it positively) about ransomware is that the anonymous hacker offers the fourth option to recover your files: pay the ransom. Normally when your files are destroyed, this isn’t an option.

How can I protect myself?

As scary as ransomware can appear, protection is not that difficult. Here are some ideas to get you started:

  1. Backups – backups have always been the best way to protect electronic data. If you’re not doing online and local backups of all your data, what are you waiting for? Talk to us.
  2. Updates – your applications, antivirus and operating system software should always be kept up to date. Many viruses succeed by exploiting flaws that have been discovered and patched long ago.
  3. Practice safe web-browsing – stay away from the sketchy sites and do not download “free” software.
  4. Training – we offer security awareness training and a free phishing test to determine your organization’s vulnerability to ransomware. The essence of the training is this:

Never trust unexpected attachments or links in email, even if you know the sender. This is worth repeating and in all caps: NEVER TRUST UNEXPECTED ATTACHMENTS OR LINKS IN EMAIL, EVEN IF YOU KNOW THE SENDER

 

Claritech Trust Bundle

The core of our offering is individual support incorporated within the Claritech Trust Bundle. By concentrating on the needs of the individuals in your organization, you can rest assured that they will be supported, no matter what their information technology needs. Our full service offering includes unlimited remote and phone support for each individual, regardless of the devices they use.  With the understanding that individuals don’t always leave their work at the office, we even include a home device for each of our supported individuals.

Trust

The Claritech Trust Bundle includes remote monitoring, inventory and antivirus for each of your devices as well as one home device for each user, all packaged together in one low per-user price.

Making IT simple

  1. Our personnel are customer focused and easy to talk to, both technically and interpersonally.
  2. We support all of your organization’s people through unlimited remote and phone support as well as user training.
  3. We leverage cloud-based applications and utilities to create a safer and more productive working environment.

Enhancing Value

  • Reducing data loss risk by focusing on security, backups and user training,
  • Managing vendor relationships and negotiating contracts,
  • Selecting and integrating systems and applications that will provide the most long-term value,
  • Providing cloud services such as Google Apps for Work and Office 365 to lower your infrastructure costs and increase productivity,
  • Using inexpensive, powerful web-based tools to monitor and pro-actively manage your technology infrastructure remotely.

How We Do It

  1. Review: capture the current state by performing an IT systems review;
  2. Envision: create a clear future state utilizing the business plan, philosophy and goals;
  3. Plan: facilitate the path to the future state through the development of a strategic IT plan;
  4. Achieve:  execute the plan through cost-effective, efficient project management combined with suitably skilled resources.

Reduce your IT budget

This article discusses three ways that we help our clients reduce their technology budget. Contact us now if you’d like us to do the same for you.

Embrace the Cloud

Embrace the cloud

You’ve probably heard a lot about the cloud for the past few years. The reality is that using online or hosted services can drastically reduce what it costs to install and maintain your corporate applications. The biggest example of this is your email server. If your email is still hosted in-house, a large part of your IT budget could be reduced or even eliminated by moving your email to Office 365 or Google Apps. In the last year alone we have helped a number of our clients reduce their email costs by migrating them to one of these two major email hosts.

Email is only the beginning of where the cloud can benefit your business. Virtually any service that you are currently using in-house servers for is available as a hosted service. Examples include customer relationship management, oil and gas applications, accounting, facility/rental schedulingemployee scheduling/timesheets and even your phone system.

User training and proper security policies are important to help minimize any risks associated with cloud computing. We’ll be discussing cloud application security in our next post.

Remote Monitoring and Support

Remote monitoring

If your IT support provider is not monitoring your equipment and providing support remotely, you are probably paying too much for your IT services. The tools that Claritech employs today can reduce your support costs and make your users much happier and more productive.

Your users are continuing to do more work from home and on their mobile devices. Traditionally, home computers and personal cell phones have gone unsupported or the users are left on their own for personal device support. Our new service offering focuses on your users and makes sure they are productive with all of their devices, not just the corporate ones.

Outsourcing to Reduce your Payroll

Outsourcing

One of the highest costs of managing information technology is employee salaries. Along with the use of new online technologies, we can help to reduce your payroll costs in the following ways:

  1. By providing the right level of resource for your particular need. As your needs change, we can change the level of resource we provide;
  2. We can provide fractional resources, from very part time to multiple full-time equivalents;
  3. We manage transitions for a continuation of service to keep your business operating, even during times of change.

Contact us today to find out more about our services, including our new Claritech Trust Bundle.

Antivirus that works – VIPRE Enterprise Premium

One of the latest challenges we’ve had with our clients is finding and implementing the right antivirus solution.  Over the years we’ve tried AVG, Trend Micro and most recently BitDefender.  While we continue to update and support these packages for our clients where the products are working effectively, for new installations we have been promoting VIPRE Enterprise Premium or VIPRE Antivirus Premium from Sunbelt Software as our Claritech standard.

NEWS FLASH: Microsoft has just announced that, starting in October, they are expanding their  previously home-only offer of a free version of Microsoft Security Essentials to businesses with less than 10 PCs.  The waters are muddy indeed…

The main reason that we’ve switched antivirus vendors so often in the last several years is that no one could seem to get it right.  Some of them are very light (AVG), some of them are quite comprehensive (Trend Micro) and some of them do a better job of catching viruses (BitDefender). None of them, until now, has done a great job at all three.

We’ve been following Sunbelt Software for several years through their informative newsletters and have always been interested in their products.  Counterspy was their first product that really got our attention, because it was one of the best at finding and eliminating spyware.   When VIPRE Antivirus emerged that combined the functionality of their antivirus, antispyware and a personal firewall (with the Premium version), it was decided that it was worth a try and we’ve been very impressed ever since.

One of the things we like about VIPRE is that it is relatively unknown, and is therefore not targeted by malware.  This also makes it somewhat difficult to find unbiased third-party reviews of the product.  One such review on PC Magazine rates VIPRE highly:

VIPRE is a very good standalone antivirus tool that outscores all but the very best of its competition in my tests. Those with more than three computers will love its $49.95 unlimited home license.

They do not include the Enterprise version in their review, but the Enterprise integration is definitely a key feature when installing in a corporate environment.

Another review can be found on the How To Geek website:

Vipre Anti-virus + Anti-Spyware is the best utility of its kind that I have used in a long time.  It is surprisingly light on system resources even while scanning, you won’t even know it’s running.  The liberal Home Site Licensing is very welcome for the user on a tight budget.  The cost of a one year unlimited license is $49.95 which covers all of the PC’s you have in the residence.  A cheaper license of $29.95 can be purchased for one machine.   If you are looking for a powerful security program that does not slow down your PC then Vipre is highly recommended.

Another great must-have antivirus product from Sunbelt Software is VIPRE PC Rescue.  This free version of VIPRE is updated daily as is intended to assist with the cleanup of infected PCs.  If it can’t be downloaded and run directly from the infected PC, it can be downloaded to a USB or CD drive and run from there.  (A trick to successfully running from a USB drive is to write-protect the drive before installing on the infected PC.)

In conclusion, for businesses with less than 10 PCs and no server you might want to take a look at Microsoft Security Essentials.  For those with a server or more than 10 PCs, a centralized AV solution such as VIPRE Enterprise is recommended.  Unless there is a compelling reason (such as performance, functionality or price) we do not recommend switching from your current AV product.

The Trouble with Untrusted Sites

 

It seems that rogue web sites will always be a part of our daily lives.  You run into them most often when searching for a particular topic and click on one of the listed sites from your search:  suddenly your browser takes on a life of its own, spawning additional browsers and taking you places you’d rather not go.  More often than not, these sites will start a fake antivirus scan and “alert” you that you’ve got multiple infections and then provide you with an easy “fix” that will not only ask you for a credit card number, but will also install all sorts of nasty spyware on your computer.

There are a number of ways to protect yourself from these rogue sites, but unfortunately none of them are foolproof.  A good antivirus product should always be your first and best line of defense.

In this article, I’m describing one of my favourite low-cost measures to protect your Internet Explorer browsing experience:  the use of Trusted sites.  Here’s how it works in a nutshell:

  1. Under Internet Options/Security, crank up the security of the Internet zone to the maximum (High).  This will disable (almost) all functionality on any untrusted site you stumble across.
  2. Whenever you find a site that has functional problems because it uses Flash or Javascript, and you trust that site, you can manually add that site to your Trusted Sites list under Security Options to enable (most) functionality.

The concept is simple, yet in practice it can be a bit of a pain to setup and use successfully.  Here is a good how-to article I found when searching on Internet Explorer and Trusted Sites:   http://surfthenetsafely.com/ieseczone7.htm.  It explains exactly how to set this up and includes a link at the bottom for a Power Tweaks utility from Microsoft for IE that can be used to add a “Add to Trusted Sites” menu option to IE.

Once you’ve configured your IE browser to work with Trusted Sites, there are still times that things just don’t work.  Some sites will give you a hint as to what the problem is (“this site requires you to have the latest version of Flash, or have ActiveX enabled, etc), but many other sites just do nothing, even after they’ve been added to your Trusted Sites zone.  The most common reason for this is that many sites use background services on affiliated or even third-party sites that also need to be part of your Trusted Sites zone for full functionality.  An example of this is any site that uses CAPTCHA (a challenge-response mechanism to ensure a live person is subscribing), such as Ticketmaster.

If a particular site doesn’t work even after you’ve added the site to your Trusted Sites zone, here are some of the things you can try, in increasing order of complexity and/or decreasing order of security:

  1. I often add a wildcard to the trusted site, such as *.ticketmaster.com, to get all of the sub-domains of the main www site.  Sometimes you also need to add *.ticketmaster.ca, if the site has a Canadian presence.
  2. If item 1 fails, try going to menu Page/ (in IE 7) or Safety/ (in IE8) and Select Webpage Privacy Policy…  In the window list that comes up, you’ll see all of the web sites that make up the page that you are viewing.  Be very careful NOT to add all of the sites that you see in that list to your Trusted Sites zone.  Many of these are just advertisement links and other tracking processes that you really don’t want to trust.   You need to look for the one or two sites in the list that can likely be causing you problems.  In the case of Ticketmaster, the sites are *.ticketmaster.ca, *.ticketmaster.com and https://api-secure.recaptcha.net, the site that provides the CAPTCHA challenge/response code on behalf of Ticketmaster.
  3. If all else fails,or if item 2 above is too complicated, it’s always a good idea to have a second browser (such as Firefox) available to try on the uncooperative site.

Whichever method you choose to protect your Internet browsing experience, keep in mind that a good antivirus product is your first line of defense, that no browser and no solution is 100% secure, and that you’ve got to be constantly vigilant when it comes to online activities.