Microsoft have delivered emergency out-of-band patches for the PrintNightmare zero day print spooler vulnerability with more on the horizon.
The bug, CVE-2021-34527, is existent in all versions of Windows and exploits a remote code execution vulnerability where the Windows Print Spooler service improperly performs privileged file operations.
This vulnerability means that a cyber attacker could run arbitrary code leading to instilling programs; view, change or delete data and even go so far as to create new accounts with full user system rights for exploitative purposes on the system.
A cautionary Microsoft statement released outlined the situation with “the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as ‘PrintNightmare’, documented in CVE-2021-34527.”
Patches released are available for Windows Server 2019, Windows Server 2012 R2, Windows Server 2008, Windows 8.1, Windows RT 8.1, a variety of supported versions of Windows 10 and the no longer supported Windows 7.
However, Microsoft announced that security updates are not currently available for Windows 10 version 1607, Windows Server 2012 or 2016 and urges prompt installation of its patches to deter any attacks via the domain controller when made available in due course. Microsoft also offer workarounds to those unable to download the July patches including the shutting down of the Print Spooler Service and the disabling of inbound remote printing through group policy.
The proof of concept (PoC) was accidentally released by Chinese technology group Sangfor on GitHub, but was cloned and cached before the researchers realised their mistake and took down the PoC. The group were under the impression that the exploit had already been patched as part of Microsoft’s CVE-2021-1675 patch – a patch that Microsoft confirmed was distinct about a different attack vector and vulnerability issue associated with RpcAddPrinterEx.
The situation is continually updating and the latest news on Windows patch releases can be found here.
Adobe is warning customers of a critical zero-day bug that is active in the wild affecting its Adobe Acrobat PDF reader software.
The bug, tracked as CVE-2021-28550, affects eight versions of Adobe software (full list below) and exploits vulnerabilities in the software including arbitrary code execution, memory leaks and exposure of private information.
10 critical and four important vulnerabilities were addressed in Adobe Reader and Acrobat in addition to five critical flaws in Adobe Illustrator that were resolved by Tuesday’s security patch release. The technical specific details of the bug were not available to Adobe software users until after the 43 patch fixes were downloaded which meant that before manual user installation, the zero-day bug allowed for hackers to execute virtually any command on targeted systems.
Users can download these new security fixes by initiating the auto update feature of Acrobat and Reader by going to Help –> Check for Updates and installing via the Adobe Download Centre. This will remove the user intervention necessity to manually install security updates and allows Adobe products to update automatically upon detection of patch releases.
List of affected Adobe software versions:
– Acrobat DC, 2021.001.20150 and earlier versions - Windows
– Acrobat Reader DC, 2021.001.20150 and earlier versions – Windows
– Acrobat DC, 2021.001.20149 and earlier versions - macOS
– Acrobat Reader DC, 2021.001.20149 and earlier versions – macOS
– Acrobat 2020, 2020.001.30020 and earlier versions – Windows & macOS
– Acrobat Reader 2020, 2020.001.30020 and earlier versions – Windows & macOS
– Acrobat 2017, 2017.011.30194 and earlier versions – Windows & macOS
– Acrobat Reader 2017, 2017.011.30194 and earlier versions – Windows & macOS
Consumer watchdog Which? have investigated 13 legacy router models supplied by leading UK internet service providers (ISPs) including EE, Sky, TalkTalk, Virgin Media and Vodafone – a report discovered that around 7.5 million internet users are at risk from out-of-date hardware.
Out of the 13 router models investigated, 9 presented pressing security flaws that are unlikely to be in compliance with upcoming UK government legislation around tackling the security of connected devices.
The new legislation is in response to government figures showing that 49% of UK residents have purchased at least one smart device since the start of the COVID-19 Pandemic. Due to this huge increased national scope of vulnerability to potential cyber-attacks, the proposed legislation will ban easy to guess default passwords across all, enforces policies to make it easier to report software bugs that can be exploited by hackers on legacy or modern hardware.
Kate Bevan, Which?’s Computing Editor, commented that “proposed new government laws to tackle devices with poor security can’t come soon enough – and must be backed by strong enforcement.” Which? are simultaneously pushing for increased transparency from ISPs about how customers automatically or manually update their routers and how they should actively upgrade existing customers who are identified as being in the ‘at risk’ category.
Of those 7.5 million affected, 6 million users currently possess ISP hardware that has not been updated since 2018 and a few instances even as far back as 2016 – meaning that these vulnerable devices have not received security updates for defence against the latest threats posed by cybercrime.
A cluster of three main problems with ISP legacy hardware were identified by Which? ranging from weak default passwords that allow cybercriminals unlimited access to a router from anywhere, a lack of firmware updates and a local network vulnerability issue with EE Brightbox 2 giving potential hackers full control of the router to install malware or malicious spyware.
In response, Virgin Media have openly rejected Which?’s report conclusions; saying that 9 out of 10 customers are using their latest router models and are benefiting from regular router security updates. This sentiment was mirrored by BT Group (owners of EE), TalkTalk and Vodafone who announced that the HHG2500 device included in the Which? report has not been supplied since August 2019.
Devices with weak default passwords: TalkTalk HG635, TalkTalk HG523a, TalkTalk HG533, Virgin Media Super Hub 2, Vodafone HHG2500, Sky SR101 and Sky SR102.
Routers affected by lack of updates: Virgin Media Super Hub, Virgin Media Super Hub 2, Sky SR101, Sky SR102, TalkTalk HG523a, TalkTalk HG533 and TalkTalk HG635.
Routers that passed the Which? security tests: BT Home Hub 3B, BT Home Hub 4A, BT Home Hub 5B and Plusnet Hub Zero 2704N
AI lent a helping hand to one of our technical support teams last week to help Lineal save a local business from an email hack.
At 07:40 GMT on a seemingly normal week day, Barracuda Sentinel issued an alert to Lineal to say an account had been accessed from a suspicious location. It seemed a malicious actor, appearing to be from Nigeria, compromised one of a client’s finance department email accounts, and created a forwarding/delete rule in the inbox.
Barracuda Sentinel’s AI email protection caught the account takeover attempt, and as a result, we were able to mitigate and resolve a significant threat to one of our customers. Barracuda Sentinel detects both account takeover attempts and attacks launched from compromised accounts.
Corporate account takeover presents a significant new threat to business. Hackers gain access to email accounts and use them as tools to launch subsequent targeted attacks, internally and against external targets – who themselves fall victim.
Account takeover or attacks that originate from these accounts are almost impossible to detect as they don’t use the usual impersonation techniques—they come from a legitimate account and appear to be from a trusted source, allowing the attacker to initiate sophisticated financial scams.
Lineal automatically picked up the alert & create an incident in Barracuda Sentinel. Sentinel remediated the issue with an immediate password reset, disconnecting all active logon sessions for the user and deletion of any rules created during the incident time. Within 40 minutes this potentially disastrous event was avoided.
Barracuda’s worldwide threat protection network automatically gathers intelligence from inboxes around the world to deliver award-winning security, checking both inbound and outbound email to stop the spread of cyber-threats and malicious communications. To find out more visit our Barracuda Email Security page on our website.
This risk could have easily been mitigated by using any of Lineal’s services, such as:
Using Multi-Factor Authentication (MFA) on the account,
Barracuda Sentinel-type tools to alert/remediate on compromise,
Having Azure P1/P2 licensing to allow the use of conditional access to prevent sign-ins from risky locations, untrusted countries, etc.
If you would like to find out more about Cybersecurity and how Lineal can help protect your business please contact us.
UK mobile networks have been instructed not to buy Huawei 5G equipment for their infrastructure by the Government, and must remove all existing Huawei equipment by 2027.
The landmark ruling came following an overturning of last year’s half-way decision to ban Huawei from the ‘Core’ UK network only – decided as a result of the UK National Cyber Security Centre’s 2019 findings that due to US sanctions affecting Google Android products, any Huawei chip manufacture removed from (Japanese-owned and UK-based) ARM could ‘increase the risk’ to the UK.
Huawei itself argues the criticism is a politically-motivated attack by Washington to hit the Chinese economy. The tech company is the World’s biggest provider of this kind of technology, as well as one of China’s most successful exporters.
China itself has undoubtedly faced more scrutiny from the international community in recent months, following news stories about the Chinese Government’s handling of Coronavirus, Hong Kong protests, the detention of Uighur Muslims in ‘reeducation’ camps, and the close connections between Huawei and the Chinese Communist Party.
All four of the UK’s big mobile providers (BT EE, Vodafone, Three and O2) all use Huawei equipment in their core networks, albeit to different extents. The decision also affects major broadband infrastructure providers, such as BT Openreach, and related ISPs.
In practice, this means 5G providers will be forced to look at alternatives from either Finnish-provider Nokia or Swedish provider Ericsson.
For IT expertise and support, please contact our team today.
Cloud storage giant Dropbox is beta-testing a new password manager app – ‘Dropbox Passwords’ – by invitation only.
Password managers allow the user to generate and store encrypted, complex passwords for many user accounts inside a single piece of locked software and autofill them into websites and applications – making it easier to use diverse, complex passwords across all of your IT.
Password managers are measure increasingly recommended by respected cybersecurity authorities – including the UK National Cyber Security Centre. Options like 1Password, Lastpass and others are already well established, although Dropbox is likely to have significant reach to business customers considering using a password manager for the first time.
Unlike bigger rivals such as Microsoft’s Office 365 and Google’s G-suite, Dropbox do not offer workplace document editing apps – leading the company to explore new avenues for branching out beyond file-sharing and cloud-storage.
These plans have included Dropbox Paper (a collaboration and project management tool), integrations to other growing challenger-platforms such as Slack and Zoom, and now password management.
Principally a cloud-storage company that helped establish file-sharing in the minds of those who had never used it before, only time will tell if Dropbox can establish a broader brand for securing a cloud-first IT business world.
The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency have advised all Mozilla Firefox users to urgently update their browser versions, following discovery of a vulnerability that grants potential access to the operating system.
The unusual warning comes after Mozilla itself admitted being aware of ‘targeted attacks in the wild abusing this flaw.’
How secure is your password?… One of the biggest reasons for security breaches is weak passwords. People often choose passwords that are too short. Regardless of how tedious it seems, make it a point to update your passwords regularly; use upper and lower case letters along with symbols and numbers.
The key measurement of password security is entropy. This, in computer science terms, is a measurement of how unpredictable a password is, based on how long it would take an attacker to work it out by making a guess at each character. As a standard, longer passwords are by definition more secure and harder to crack. In the table below you can see how shorter/easier passwords, are quicker to crack.
What should a password look like
Strong, secure passwords have a lot in common; they are usually long, unique, random and involve a mixture of lowercase and uppercase letters as well as special characters and numbers. Trying to create passwords that comprised of all of these aspects, can sometimes be challenging.
Most insecure passwords are the result of our human behaviour. People do a lot of very predictable things and in general find it difficult to be random, especially when they are actively trying to be. For instance putting special characters only at the beginning or end rather than mixing them up in the middle, or using common phrases and keyboard patterns. So that we can remember we often try to use memorable pieces of information but we should always, where possible, avoid clues and references to our personal lives.
Where can I go for advice
There are many articles online to help assist with what a strong password looks like. At a recent event Lineal ran with the South West Police Regional Cyber Crime Unit, which focused on cyber security, password strength was highlighted as a high risk for many businesses and individuals.
To find out more, or if you require any help with ways to help protect your business, please contact the IT support team at Lineal.
Email remains a, if not the, key threat vector for protecting organisations from cyber crime – with around 90% of cyber attacks beginning by compromising an unsuspecting user via email.
Today we take a closer look at some of the clever tricks of Barracuda’s email filtering & security service, and why the small investment to protect your inbox is worth it:
In addition to profiling every email which passes through its live email filtering service in seconds, Barracuda scans each email attachment for signs that the contents might be malicious.
As cyber criminals begin to use more sophisticated means, it’s worth implementing this to prevent macro-enabled office documents, infected PDFs and similar file download tricks from catching out users who might be curious to open a dangerous attachment.
Barracuda email filtering scans not just incoming, but outgoing emails from your hosted mail service or mail server, ensuring not only that your clients are protected from suspect emails, but that staff cannot circulate threats further within your organisation.
Anybody familiar with being caught in a reply-all ’email storm’ knows how quickly bad email can spread internally – be part of the solution yourself, not the problem.
In the event that your email service falters, clients quickly begin receiving bounce-backs, which leave a poor impression of customer service.
This is avoidable – routing via Barracuda’s email servers, emails will temporarily ‘spool’ like planes stacking over an airport, ensuring onward delivery later when the service comes back online. This ensures any unfortunate interruption to communications is not immediately visible to your clients.
Long Term Recovery
Hosting your email in the cloud with Microsoft Office 365? Everything is backed up in the cloud, correct? Not quite – even Office 365 has a 30-day recovery period on deleted email, and emails can ultimately only be restored individually.
This retention period can be longer, or even unlimited, with Barracuda email backups, making sure that emails can be recovered long after staff have deleted them, accidentally or otherwise.
This extra silo of automated email backup protects not just against employee negligence or malpractice, but also common digital breaches such as compromised accounts.
For cyber-security and IT expertise – please contact our team today.
Apple have issued a silent update for video conferencing software Zoom, following discovery of a major webcam security vulnerability affecting Mac users.
Zoom issued an emergency patch for the problem two days ago – in a rapid response Apple was still concerned might not reach enough users.
The controversial web server installation – originally designed to save Mac-based Safari web browser users from additional clicks and make video conferencing easier to use, was shown to create a potentially serious vulnerability whereby Zoom calls could be launched from any website with the camera turned on.
Believed to put at risk more than 4 million webcams globally, the zero-day exploit was discovered by security researcher Jonathan Leitschuh – who originally gave Zoom 90-days to resolve the issue prior to publication.
Leitschuh has since praised Zoom’s willingness to do a public ‘about face’ with the emergency patch, and Zoom’s CEO taking direct video calls to discuss the problem.
Nevertheless, Apple’s decision to step in to protect Mac users remains an embarrassment for the previously very successful video conferencing solution.
Additional problems include Mac versions of video conferencing software which use Zoom’s underlying services for white-labeled video calling – such as Ringcentral.
Instead of patching the problem, Zoom’s permission to turn on the webcam can also be disabled manually, via Settings > Video > ‘Turn Off My Video When Joining a Meeting.’
For software expertise and support, please contact Lineal today.
WhatsApp users have been asked to update their app version urgently following a major Whatsapp security breach.
The exploit is believed to be possible via a missed WhatsApp voice call, made possible by a software loophole recently introduced to limit message forwarding. Affected users would be unaware that their device might be compromised.
The Financial Times’ exclusive report links the breach to NSO Group, an Israeli private cybersecurity company whose private customer list is likely to include military, security and law enforcement clients.
Analysts believe the technique has probably so far only been used to ‘eavesdrop’ on high-profile targets with especially security-sensitive information, although today’s announcement raises the possibility that criminal third-parties may attempt to exploit the same vulnerability against ‘ordinary’ WhatsApp users such as civilians.
WhatsApp has utilised end-to-end encryption since 2016 across both Apple and Android smartphone devices, making it a common communication medium for personal use, but also for organised crime. There are more than 1.5 billion users worldwide, making WhatsApp security a truly global concern.
Smartphone users are being advised to update their copy of the App to the latest version – 2.19.134 on Android and 2.19.51 on iOS or newer.
For Mobile technology assistance and expertise – contact Lineal today.
Adobe have released an urgent update for Adobe Reader DC, patching newly discovered security vulnerabilities.
Adobe have responded quickly – publishing the fix to Adobe Security Bulletin alongside patching for 42 other vulnerabilities as of Wednesday 12th February, including one which allowed PDF documents to access hashed passwords.
Adobe Reader is officially 25 years old this year, and although official figures are hard to source, is popularly believed to dominate more than 75% of the PDF software market.
Users can either auto-update their installation or prompt this manually by clicking ‘Help’ > ‘Check for Updates’ within the software itself.
For software and security expertise, contact Lineal today.
Phishing emails that attempt to steal sensitive information or defraud funds are a growing threat to small businesses – and the root cause of roughly 90% of business cyber attacks.
Educating your staff to be wary of clicking on a suspicious email is arguably one of the simplest and most effective cyber-security practices for small businesses. But how should you approach this?
Nobody is Immune
There’s no telling when or where a phishing email will arrive at your business, and any single compromised computer might be a cyber-criminals ‘way-in’ to the company – so a good place to start is the idea that it is everyone’s responsibility to watch out for suspicious emails.
Phishing email traffic is estimated to have increased by around 65% last year, and approximately 30% of those phishing emails get opened by IT users.
You’re the CEO of a global multi-national conglomerate? Then you’re MORE, not less likely to be targeted. Such ’Spear Phishing’ attacks are often highly specific to key individuals, aiming squarely at users with privileged information, responsibility over finances or higher levels of access.
Email awareness applies to anyone and everyone with access to email, so training efforts to make your company secure need to apply up and down the hierarchy.
Getting hands-on with real examples of phishing emails is the single best way to immunise your team against being caught out. Cybersecurity companies increasingly recognise the ‘human’ factor as the most critical ’threat vector’ – put simply, there’s (ultimately) no substitute for human intuition about what might be suspicious.
Show your team key warning signs to look out for – suspicious email addresses in the email header, bad grammar, or links to dodgy URLs that display when you hover your mouse pointer over them.Fortunately ‘Fake bank’ or ’Nigerian Oil Minister’ type scams have become quite notorious over the last decade, so even the least tech-savvy user will soon catch on to the idea that if an email seems odd, it’s worth checking before clicking or typing-in any sensitive details.
Studies suggest many IT users increasingly feel that cyber-security breaches are inevitable, and that there’s ‘nothing they can do.’ This security ‘fatigue’ is partly the fault of cybersecurity providers, who have bombarded companies with this idea.
Avoid this mindset. Yes, 76% of companies reported being the victim of a phishing attack in 2017, but 24% did not. Those exemplary organisations will (at least partly) be making their own luck with good working practices, cybersecurity training for users, and strong IT security.
Defeatism also ignores that not all cybersecurity breaches are created equal – a breach could result in a negligible cost to recover a single PC, or cripple a major organisation worldwide, as NotPetya ransomware did to Maersk Shipping in 2017. Under GDPR, the scale of the fines issued by the Information Commissioner’s Office are directly related to the severity of the breach.
The lesson is clear: limiting your organisation’s exposure to attack also limits the potential ‘scale’ of the damage. Never surrender!
Do Your Part
It’s helpful to be able to show you’re also investing in your users’ safety at work – that you’re leading by example. Fortunately, there are many ways to reinforce end-user security when using email:
Online Security breach website HaveIBeenPwned.com has detected the largest online breach of email addresses to date – nearly 773 million unique emails.
The 87GB of breached personal data, publicised by Microsoft Regional Director and cybersecurity expert Troy Hunt, was spotted last week via online file-hosting website MEGA under the ominous name “Collection #1”, and has now been removed.
The data itself, believed to be a terrifying aggregation of a large number of previous smaller data breaches, also contained more than 21 million identifiable plain-text passwords.
More than 140 million of the email addresses identified have never been seen before by HaveIBeenPwned.com, suggesting some of the personal data may originate from as yet undiscovered breaches.
Those affected by the breach are advised to change their passwords immediately, to prevent criminals potentially exploiting the data to access other online services where the user has registered with identical login credentials.
You can check if your email(s) (and potentially passwords) have been breached among the 773 million by clicking here.
For IT support and cybersecurity expertise, contact Lineal about your requirements today.
Lineal’s Ian Meredith has been awarded DrayTek Certified Network Admin Certificate, adding an additional qualification to Lineal’s networking experience.
DrayTek’s ‘Dray School’ requires network engineers to pass a series of advanced network and security configuration tests using DrayTek devices, routers and access points, including best practice for firewall settings, fault-finding and other detailed network tasks.
DrayTek’s business-grade Router range have won praise from across the IT Support sector recent years, with the provider winning a PC PRO Technology Excellence Award for five successive years (2014-18). DrayTek router models have proved highly popular with businesses, with intelligent features such as 4G fail-over increasingly in demand for business continuity requirements.
As a part of the 2-day examination procedure, each engineer’s router is attached to a testing network which judges whether the engineer has managed the device correctly, and automatically passes or fails based on a series of security checks.
Well done Ian!
For Networking and Security Expertise, contact Lineal today.
Google Plus is to be shut down, following a data leak which put almost half a million user accounts at risk.
The tech giant announced on Monday that the consumer social media platform would be retired by the end of August 2019.
Launched in 2011, Google Plus has had a rocky history – spawning a comedic sub-genre focused around it’s slow adoption, weirdly vocal support from Google employees, and failure to compete with larger social media rivals such as Facebook.
Google’s own statement acknowledges this in harsh terms:
More controversial however have been recent security problems. This month the Wall Street Journal published details of a bug in the Google+ API which had allowed app developers to access user data without permission via their friends, (an almost identical vulnerability to that underlying 2018’s Facebook/Cambridge Analytica scandal which resulted in Facebook executives testifying before Congress – in Google’s case potentially exposing 496,951 Google+ user accounts.) Google estimate around 400 application developers would have had access to private profile data as a result of the bug.
First discovered in March shortly prior to GDPR coming into effect in the EU, Google was not legally bound to report the breach to all European users, but would now be required to do so within 72 hours from discovery under ICO rules, if a similar breach were to re-occur.
News outlets have linked Google’s failure to disclose the leak with the final decision to close the platform, despite Google’s insistence that widely known low user-engagement is behind the move. Existing Google+ users may choose to restrict security permissions or remove content, although the platform’s lack of success suggests many will allow ‘phantom’ accounts to be disregarded.
In overlapping new coverage, Google is expected to launch the newest version of its flagship android Pixel smartphone in just a few hours time.
For IT and security expertise, contact Lineal today.
The Wi-Fi Alliance has formally announced the introduction of the WPA3 security protocol, the next generation of wireless security to protect routers and networks.
The new security standard follows hot on the heels of last year’s breach of the existing WPA2 standard, which has been in use since 2004.
WPA3, released in both ‘personal’ and ‘enterprise’ with extra protections, is expected to fix a number of deficiencies in the older WiFi protocol, including:
Captured encrypted data cannot be decrypted by a later breach of the password – in order to access data, a hacker must have both the password and data at point of transmission.
Encryption of data will be individualised, such that snooping on other devices across less secure Wi-Fi networks will be made more difficult.
Extra protections against password brute-forcing and ‘dictionary’ style attacks, dramatically increasingly the time cost of bulk guessing a password successfully.
Smart devices with no screen, including many Internet-of-things (IoT) technologies, will be administered via a smartphone screen during Wi-Fi setup.
To most end-users, the experience of entering a Wi-Fi key will feel virtually identical. WPA3 isn’t expected to actually be implemented until 2019, and is predicted to gradually replace the existing WPA2 standard on all Wi-Fi certified devices. WPA2 will continue to function, but will be steadily phased out.
Nevertheless, expect to see major manufacturers rushing to ensure their own products are stamped with the very latest security ‘WPA3 Ready’ branding.
For networking and cybersecurity expertise, please contact Lineal today.
At time of writing, Lineal technical support staff are currently updating DrayTek Vigor firmware for all clients with known DrayTek equipment.
Enterprise Router provider DrayTek has called for urgent firmware updates, following discovery of a security vulnerability.
20 different business router models from DrayTek’s Vigor range are known to be affected by the security flaw, known as DNS hijacking, which may allow a third-party to alter DNS settings by issuing commands to a dormant session of the web-based DrayTek router control interface.
The unwelcome news marks the first major security flaw to befall the acclaimed networking equipment brand for some time – and comes less than a year since DrayTek won PC PRO’s ‘Best Router Brand Award’ for 2017.
A Vigor router showing IP number 188.8.131.52 is reported to be a likely indicator of compromise, and affected routers may exhibit unusual network behaviours.
DrayTek’s official guidance warns that this is likely to be only a preparatory ‘phase 1’ of any like cyber-attack by criminals, preparing re-direction of web traffic to compromised web pages which might capture unsuspecting users’ passwords or other sensitive information.
As a general security precaution, it’s always worth logging out of web-portals and other accounts not being used (including your email, social media, bank account and device itself… or indeed your router’s configuration panel.)
If you have a DrayTek Vigor router not covered by a Lineal Support Agreement with us, please get in touch for guidance.
***Latest Update to the Hall of Shame – 8th February 2019***
At Lineal our IT team review a lot of dodgy emails. The criminal scam known as phishing (sending fraudulent emails to trick end users into divulging sensitive information or downloading dangerous files) is a widespread threat, and we’re constantly on the lookout for dangerous new scams appearing on the internet.
It’s estimated that around 90% of organisational security threats are caused by a mistaken click in an email, making it by far the most common way businesses are breached by ransomware, viruses or individuals with malicious intent.
However, some human intuition and alertness is always required. With this in mind, we take a look at some examples of the most devious phishing scams we’ve ever seen:
The ‘Delivery Note’
Phishing emails are from fake ‘banks’ or enterprising Nigerian oil ministers, right? Wrong. This fairly innocuous email is the digital form of one of those ‘sorry we missed you’ cards you might receive through the letterbox for undelivered packages.
If you didn’t notice the suspicious sending address, accurate branding could lead you to believe this was really from a major logistics company, and divulge various personal details before realising there isn’t really a package to collect.
The Card-Payment Conundrum
Oh dear! My recurring card-payment for my TV license has expired – time to key my new card details into a dodgy website.
The growth of recurring payment systems for everyday things (like TV licensing) has meant users are familiar with being prompted to update card details, but stay alert: just because the request is mundane doesn’t mean it’s innocent. This is a nasty phishing email which scammed viewers out of thousands of pounds – even hitting national headlines.
The ‘File Share’
A proliferation of easy file-sharing platforms mean that we’re all more familiar with receiving large files via sharing links.
Curiosity about what this file is, and why your contact is emailing it to you (via a pretend ‘Dropbox’ email) might cause you actually to hand over your email address details. This trick is very simple, and persuasive – only the vaguely mail-merged ‘Hi info’ should suggest this is not really something you want in your inbox.
The (Convincing) ‘Fake Bank’
Forget semi-literate Russian hackers and the like, the quality of this fake Natwest email is in a different class. Spelling corrections, clumsy phrasing or dodgy branding can often give away an email scam, but criminals are becoming increasingly sophisticated at imitation. Anyone who falls for this email would be handing over their online banking login details.
Imitation is the sincerest form of flattery, and for the unwary email user, likely to be the most expensive.
The Government Request
Uh Oh. An official demand from Companies House. Better respond quickly. Bad luck – you’ve been scammed.
Don’t let the impeccable branding or the dull subject matter catch you out: look at the email address and the link. .ink is not a normal public-sector domain, so that should ring alarm bells.
The Domain Scam
Much like the delivery note scam above, this clever phishing scam we recently witnessed is based on the user not realising there’s anything sensitive about their domain details.
Hovering your mouse over the buttons reveal URLs that are not from this organisation, and should not be trusted.
The ‘Email Recovery’
This crafty scam invites you to ‘Recover (email) Messages’ that your email service held back due to a sync error – which should be your first clue that this is suspicious. Genuine email filtering tools (such as the excellent Barracuda) are very transparent about exactly what has been quarantined, or (as with Microsoft Office 365) expects an admin user to review the email separately.
Suffice to say you should NOT click ‘Recover Messages’.
The Fake Order
A sales enquiry from a University for a high value item – how promising! Except no, ‘Daniel’ isn’t a Procurement Manager, and if dispatched on credit terms, you’ll never see this item again. Worst of all, when you invoice the real University of Nottingham, they’ll think you’re an email scammer trying their luck. How ironic.
As before, the email address should give this away: real universities use valid .ac.uk (academic) domains, not free gmail accounts with a ‘.ac’ dumped somewhere in the address by a criminal.
For IT Security expertise and support – contact Lineal today.
USB drives are a security nightmare. From losing files, to sharing them inadvertently, or accidentally installing something malicious, these tiny handheld digital storage grenades are a data-protection disaster waiting to happen.
Many people can’t help themselves. Sometimes it’s just so useful to be able to move a file to a separate computer, or carry a copy of that file on a handy keyring.
It’s true that too many operating systems auto-run memory sticks. As users we could perhaps be more careful though – find a USB and it’s tempting to plug it in… a 2016 University study suggested roughly half of those who find a memory stick on the ground will plug it in without thinking.
In particularly data-sensitive environments options are available to either disable PC USB ports, or remove them from a PC entirely. At the very least, businesses preparing for this summer’s new GDPR regulations need to take some sensible USB security precautions:
1. Be strict.
Ask yourself whether it’s entirely necessary to put this file on a memory stick, and be harsh about what files you copy. Memory sticks now hold terabytes of data, and are too easy to drop, or leave on the train.
GDPR is naturally concerned with sensitive personal data, and not your supermarket shopping list. Nobody ever intends to lose a file full of personal data, so you should think twice before putting the former on a USB drive, while the latter is probably OK.
The best antivirus softwares (for example Lineal’s recommended ESET antivirus) automatically offer to scan a newly connected memory stick for malicious software, before the user accesses the files. This only takes a few seconds, but it’s strongly advised to let your antivirus act as gatekeeper for a USB stick, as you would your emails or web browsing.
3. Sharing is not caring
Sharing files via memory sticks is not sensible, not least because you’re forced to share the whole contents, including the ability to duplicate files.
You can’t be certain what any given person will do with the USB drive or its data, or what the person giving you a memory stick might have done with it previously, so it’s safer to confine USB drives to a specific individual.
4. Get something better
The world of IT is full of better solutions, including Apple’s useful ‘Airdrop’ function which allows direct, localised file sharing over WiFi. For company-wide systems, numerous excellent cloud-based file storage and sharing platforms are available. Microsoft’s excellent OneDrive platform is easy to use from any device, and allows businesses to share files online via the cloud, with customisable permissions to control who has access to the data at any time.
A USB drive should not be necessary to complete routine IT tasks. Thank goodness.
Apple have issued a fix for yesterday’s severe security alert, after it emerged the tech giant’s High Sierra operating system would allow access to many users’ MacOS Root User without entering a password.
The story caused alarm around the world, as Mac users discovered full administrator control of their device was available to anyone within reach of the keyboard.
Discovered by a Turkish developer who tweeted it to Apple Support, Lemi Ergin, the widely publicised fault is believed to affect all Apple MacOS devices (such as the iMac and MacBook ranges) running version 10.13.1 or newer.
Mr Ergin has since published an article on Medium defending his decision to flag the vulnerability publicly, arguing that despite the security flaw being public knowledge on the Apple Developer Forum since 13th November, Apple had failed for resolve the issue.
Yesterday Lineal published guidance to all our Mac clients, advising caution over the physical security of Apple hardware, and explaining the need for users to set a new root password to temporarily secure their Mac while Apple worked on a security fix.
The failure to set a random default MacOS root password (a fundamental technical security feature) once again calls into question the recent competence of Apple’s historically excellent quality control and product testing, and may slow the adoption of the firm’s latest flagship operating system. The widespread media publicity surrounding the story is also likely to undermine Apple’s long-held reputation for security on Mac devices.
Apple issued an apology, stating ‘We greatly regret this error and apologise to all Mac users.”
Technology firms are urgently issuing fixes for the WPA2 KRACK (Key Reinstallation Attack) thought to compromise the WPA2 encryption used in most WiFi routers and other wirelessly enabled devices.
The exploit, discovered and published by Mathy Vanhoef, a Belgian security expert for Imec-Distrinet, Ku Leuven, has caused serious alarm amongst cybersecurity professionals due to the widespread use of WPA2 across millions of items of networked hardware around the World.
Security guidance remains to continue using WPA2 (rather than reverting to an older encryption standard) and to install the latest WPA2 KRACK security updates from manufacturers as soon as they are available.
A number of key technology vendors were notified in August, giving them some time to prepare. Microsoft are reported to have adjusted “how Windows verifies windows group key handshakes” to fix the issue. Apple and Android are yet to specify exactly when patches will be available, although both are understood to be working on a secure fix to be made available in coming weeks. The more responsive hardware developers, including Cisco and Ubiquiti, yesterday began issuing guidance and new firmware for their wireless equipment.
The Wi-Fi Alliance, the international organisation dedicated to developing Wi-Fi technology, have essentially argued that there is no need to panic. There is no evidence of the extremely serious hack being deployed outside test conditions (yet) – although it’s probably only a matter of time before someone attempts to do so. Because Wi-Fi relies on physical range, it’s likely this could target public Wi-Fi and other easily accessible networks. For this reason, users are (as always) reminded not to use public networks for sensitive tasks, such as online banking.
It’s clear from the increased publicity surrounding the discovery that major vendors of network equipment will be under pressure to issue the required WPA2 KRACK security patches.
However, the underlying vulnerability also threatens a wide range of wirelessly connected internet-of-things (IOT) devices – including everything from CCTV to smart-fridges – such that it’s unclear just how widespread this latest security flaw will actually prove.
For IT support and cybersecurity expertise: get in touch with Lineal today.
Yahoo has disclosed that all 3 billion Yahoo accounts were compromised in 2013, rather than the 1 billion previously reported.
The once powerful search engine, which was breached in 2013, only reported the impact on its security failure in 2016. Now under the ultimate ownership of Verizon Communications, the company believes that anyone with a yahoo email address, Flikr credentials or other account details for a Yahoo service pre-dating 2013 was put at risk.
Fresh evidence of the scale of the breach was unearthed by Oath, Verizon’s subsidiary which recently merged Yahoo and AOL into a media battalion it hopes can help combat the ever consolidated global power of Google, and bigger second-tier competitors Bing and Baidu.
Compromised user data includes names, email addresses, telephone numbers, dates of birth, and in some cases passwords or private security questions/answers. Financial data, such as card or bank information, held on separate systems, were not affected.
Users are strongly advised to change passwords, including those of accounts on other platforms which may use similar credentials.
Although Yahoo took decisive action to secure the breached accounts – forcing all users to changes their passwords, Yahoo’s very late disclosure of the data breach itself was widely condemned by the technology community, and was ultimately responsible for it’s $350m discounted valuation upon acquisition by Verizon. The Guardian reports that Yahoo itself is also currently facing 43 class action lawsuits over the security failing.
Under new UK General Data Protection Regulation (GDPR) rules, set to come into force next year, all UK companies (or those dealing with personal data from the EEA) must notify users within 72 hours of being made aware of a data breach – with strict penalties expected to be levied against breached companies which fail their statutory data protection duties.
For cybersecurity assistance and IT Support, please contact Lineal today.
Police believe the risks of organised criminal gangs being caught transporting imitation IT hardware are lower than for drugs or firearms, and that only technically-trained specialists would be able to distinguish counterfeit technology from the real thing.
Although no evidence of cyber-security intrusions have so far been found, engineers from Cisco stressed that small items like these could easily find their way into a business or public-sector supply chain, become mixed up with genuine network hardware, or fail due to low-quality manufacture.
Customers who suspect they may have encountered counterfeit items should isolate the hardware in question from other devices and report their suspicions to IT staff.
Lineal are a Cisco Select Partner – for hardware advice and support, please contact our team today: 01271 375999
Around 6% of PCs are estimated to still be running out of date, unsupported operating systems like Microsoft Windows XP. Here at Lineal we’ve long advocated keeping operating systems up-to-date and secure against the latest threats.
But in certain circumstances that’s not always so easy: legacy XP machines are often connected to third party equipment (e.g.: manufacturing hardware) using cable connections or drivers that are now difficult to obtain. The external hardware can’t be replaced as readily as the connected PC for both cost and practical reasons, so the ageing PC (with a lack of XP antivirus) creates an in-built security vulnerability for a businesses’ whole network.
Users caught by this conundrum can find a solution in Bitdefender’s Security for XP and Vista – a version of Bitdefender’s award-winning security built to be backwards compatible to older PCs, and providing ongoing security against the latest threats for legacy hardware.
Security for XP and Vista is available for Windows XP Service Pack 3 and Vista Service Pack 2 operating systems, and also integrates with older software likely to be found on such machines, such as Outlook 2007, Yahoo Messenger 9, Internet Explorer 8 and other common web browsers of the same generation.
For those concerned that a trusty old machine and lack of XP antivirus could be the very weakest point in their security, Bitdefender could be a shrewd choice indeed.
The average cost of a cyber security breach is reported to be £1,570, although larger businesses (of which 68% reported falling victim) show figures of £20,000 or higher.
The polling, conducted by research institute Ipsos Mori, suggests businesses are increasingly seeking external IT or security advice as insurance against potential losses – particularly basic training for non-specialist staff and information on specific threats to their industry.
Certain positives jump out: basic technical standards laid out in the Government’s ‘Cyber Essentials’ scheme have been rolled out by half of all firms (although this was always a low bar, and the report admits that fewer than one in twenty firms have referred to public sector sources for security advice)
More encouragingly, the most common cyber breaches all involve an element of preventable human error: those reporting a breach in cyber security cited the most common cause as staff clicking links in fraudulent emails (72%) with other typical risks including viruses, spyware & ransomware (33%) and impersonation (27%.)
Specific dangers identified included:
Less than 40% of businesses have segregated WiFi networks, or any rules for encrypting personal data.
More than 70% do not have any input from someone responsible for IT security at a senior level.
Only 20% have run any kind of cyber security training in the last 12 months.
With the planned changes next year brought about by the introduction of the General Data Protection Regulations (GDPR), the potential costs associated with a data breach could be set to rise. Having measures in place to mitigate this risk well in advance is sound advice.
For IT Security support and advice, contact Lineal today: 01271 375999
Lineal Software have been certified as a Bitdefender Partner for Bitdefender security software.
Bitdefender’s range of security products are used on millions of devices worldwide and the provider ranks highly in independent Virus Bulleton’s VB100 tests, as well as winning numerous quality awards for software innovation.
A wide variety of both Bitdefender Home and Business security products are available, across platforms including Windows, Mac and Android and more.
Lineal’s Head of Technical Services Matt Norris explained: ‘We’re very pleased to qualify as Bronze Bitdefender partners – this qualification only expands the range of IT security options which Lineal can offer to our customers and we look forward to delivering a high quality service for those interested in using Bitdefender.’
‘There are only a handful of Bitdefender partners in the South West, and Lineal are delighted to be one of them.’
Last week our security trainee from Petroc, Lewis, received a fairly typical ‘Phishing’ email – designed to look like an official request for information in order to trick recipients into handing over personal details. Keyboard at the ready, he decided to go on an investigation – hunting down email scammers.
‘Your Apple ID has been suspended’ read the headline, but never fear, you can reset your account by typing in your private details via ‘Appl.e.com’. It may sound like an obvious scam, but the written quality of the email was high, and Verizon estimates that more than 25% of Phishing emails are not only opened, but clicked on by unsuspecting victims.
The email link itself looked suspicious so Lewis stripped the exact page link back to it’s original domain as our first clue. A quick HTTP lookup found the IP address of a Linux based Server with several open ports.
The scammers themselves were careful – expanding the email header shows an encrypted code in place of an email reference.
Online tools like GeoTool suggested the server sending the email had been French (although mapping this an imprecise science – suggesting the Parisian machine was sat at the bottom of the river Seine.) Nevertheless this gave us a country of origin and also a more accurate address.
Here we hit a problem: the address listed related to a French cloud hosting provider’s company office building in Roubaix, near the city of Lille on the border between France and Belgium. The company itself appears entirely legitimate, so it’s likely a server there has been hijacked or otherwise used inappropriately by a customer of the provider.
A reverse DNS lookup via an online US Security tool suggested the hosted domain name’s registered contact person was based in an apartment building in district 56121, Thessaloniki, Greece, and even listed a gmail address and phone number for the named contact (redacted.)
Had we wanted to, there’s an opportunity here for mischief, but here we decided to end our search – with sufficiently detailed information to report to customer services of the French hosting provider whose server had been misused to distribute the email.
Although it’s likely the original source had been found, it’s possible the Greek client registering the domain name was themselves a victim of the Phishing email or a similar scam.
As a case study, Lewis’ virtual chase across Europe hunting down email scammers highlights how every business is at risk from a globalised world of threats – anyone can be struck by a dangerous email from anywhere, and even the most local businesses need to take precautions.
Who’s watching you? The nagging feeling that your webcam might be spying on you is not paranoia: someone may be.
For plugin webcams and microphones, it’s best to unplug when not in use, as once hacked these can become a dangerous weapon in the hands of cyber criminals.
‘Built in’ integrated webcams, like those found on laptops and other portable devices are more difficult to secure, as many do not even include a safety light displaying when the camera is recording, and there’s no guarantee this will indeed light if your webcam is hacked anyway.
The obvious solution (if you don’t intend to use your webcam or microphone) is to place a small piece of electrical tape over it (Mark Zuckerberg Style) and block the view of any potential snoopers. For a slightly neater solution, Ebay will sell you a correctly sized Webcam Sticker for around £3.
However if you actually need to use your webcam, this will quickly become inconvenient and messy.
If you instead wish to Monitor your webcam against intrusion, ESET security sofware for Windows is a smart purchase. Newer versions, such as the excellent ESET Internet Security, include webcam security, allow you to set rules for when your webcam can be accessed and notifying you if a program attempts to access it.
For Mac Users, a free webcam and microphone monitoring tool named Oversight can be a useful free addition. This handy software is one of Objective-See’s set of Mac security products aimed at giving users visibility over what processes their Mac is running.
As we’ve noted before, smartphones bring a huge number of security risks, including both a personal microphone which is constantly listening on Android and iOS, GPS tracking of your location, frequent connection to public WiFi networks and often both front and rear-facing cameras.
The safest bets here are the obvious ones: invest in a smartphone antivirus software, keep your phone’s contents locked behind a PIN code, don’t install unknown apps and don’t connect to any unknown WiFi networks which might give hackers an access route for your microphone or camera(s.)
On Android you can also review your phone’s audio recordings and GPS tracking of your location for Google via Google My Activity and Google Location History.
With data security making national news headlines, 2017 is only likely to put increasing pressure on businesses of all sizes to take sensible precautions.
But with IT moving so fast, what innovations are likely to lead the way through 2017? Exactly what sensible precautions will most tech-savvy companies be taking?
Cloud is good…
The worldwide push for ever more cloud-based systems appears to be unstoppable. A recent report from Synergy Research Group has suggested the global market for cloud computing grew by 25% to September 2016, reaching a staggering $148 billion in value.
It’s hard to see this not continuing, with companies relying on the convenience and automation of stashing growing quantities off-site backups in the cloud – using services like Office 365 as their private vault. As we’ve covered before: holding assets like email in the cloud actually gives you better protection than most people’s private server.
…..But Hybrid Cloud is better still.
But 2017’s smartest will be looking further ahead to Hybrid Cloud systems. As IT Pro recently noted, many companies report using more than 5 backup systems, but have no planning for speed of recovery should that data actually be needed urgently during 2017.
Getting all that data back may present a problem if your organisation is large, meaning hybrid on-site/cloud services like Lineal’s Disaster Recovery Service are likely to become the most flexible middle option. Keeping both a synchronised backup on-site, and a copy with a relatively local cloud service, leaves even the most vulnerable business with the maximum number of options.
Change your passwords
If you don’t already change passwords regularly, the security benefits cannot be overstated. Stolen data can often be circulated on the internet many times, so changing passwords regularly keeps not only your business secure, but helps prevent repeat data theft from being profitable.
Whilst everyone still has a ‘New Year’ mindset and are prepared to accept a little change, it’s worth updating those passwords company wide. Remember to use a variety of different characters and choose something only you would ever guess.
Have a 2017 Plan A…. and a Plan B
Ransomware increasingly appears to be the organised criminal world’s cyber-weapon of choice and shows no sign of abating; expect to see more big UK high-street names get compromised this year by malicious emails.
Antivirus companies may include ever more sophisticated heuristics to intercept malicious downloads before they begin encrypting your files, but ultimately only safe backups will ensure you can always restore to a clean set of data. Every firm should have a ‘Plan B’ for how to carry this out.
It’s all about Recovery Time
Expect to see Disaster Recovery (not just back-up and contingency) become a by-word for preparedness, with companies and organisations in every sector being judged not just by their number of backups, but by their costly hours of down-time.
So if nothing else, start 2017 with an old piece of technology: a pen and paper. Work out what your business’ data recovery plan actually is, and how long it will take – should the very worst happen.
At Lineal we’ve found the most commented upon feature of Microsoft’s Office 365 email has been the reduction of spam – but why does running your email from the cloud make Outlook 2016 so much better at blocking these annoying spam emails?
On your old in-house email server, Outlook stops spam emails being delivered based on whatever policies and protection you’ve put there and maintained (or not…,) whilst Office 365 is managed all year round as a remote service, with up-to-the-hour security updates in Microsoft data centres. Moving your business email to the cloud ensures your inboxes are not just company compliant, but physically and virtually safer.
Firstly, Office 365 checks your email for known suspicious attachments or malicious links. If neither are found, your email is screened through three independent Anti-virus engines, before being delivered safely to your inbox.
But what if something suspicious is found? Malicious links are re-written where possible, and suspicious attachments are removed to a sandboxed (isolated in software) ‘detonation chamber’, where they are opened safely to check for harmful code. Any attachments still deemed to be dangerous are removed from the email before being processed further.
Due to sheer volume of email processed through Office 365, Microsoft are also able to use information about all threats seen worldwide, and protect your inbox from even brand new ‘zero-day’ dangers seen elsewhere online.
Microsoft’s Office 365 Team have announced the availability of multiple UK data centres for customer data.
The move follows increasingly strict rules on data compliance in the financial, security, health and public sectors – with more cloud IT users looking to ensure their data remains safely located in the UK.
Prospective customers considering the implications of Office 365 are able to view the locations of Microsoft’s uk data centres with this online ‘Where Is My Data?’ map, which now displays both the additional data centres and the Microsoft cloud services they support, in both London and Durham, with a third site anticipated for Cardiff.
Office365 and Azure Users will also have the ability to ‘re-locate’ their data from regional data centres (in most cases based within mainland Europe) to the new UK service.
In addition to the security and legal advantages for protecting sensitive data, cloud users of Office 365 are likely to benefit from lower costs, online backups and collaborative, remote access to files.
For now, the ability to re-locate Office365 or Azure data to the UK is likely to be restricted, with priority expected to be given to high-profile UK public sector customers including NHS Trusts and the Ministry of Defence – the latter mirroring many customers belated move to the cloud, upgrading legacy on-site systems in use since 2005.
The new infrastructure has been widely praised, with Microsoft clearly investing heavily in addressing the doubts many have about moving their IT to the cloud; reducing Office365 downtime to just 4 hours per year, and now re-locating data within country of origin for compliance with a high standard of data protection.
Contact Lineal for advice on moving to the cloud, or for a free trial of Microsoft Office 365 Business Premium, click here.
We increasingly live in a mobile dominated world in which Smartphone sales have skyrocketed whilst traditional PC sales have stalled. With portable devices likely to be the future of many people’s IT use – we’ve put together a few of the main smartphone security threats you need to be aware of.
Mobile Phishing & Fake Apps
Phishing websites which pretend to be your bank in order to get your personal or financial details have been around for many years, but for few people imagine that this is also a big risk on their smartphone.
Don’t attempt to download an anticipated app before it’s official release date, as it’s likely you’ll be downloading a fake. Avoid downloading apps from unknown third-party websites, check the comments for warnings from other users, and invest in mobile antivirus to intercept downloaded threats to your smartphone security.
In addition to fitting in your pocket, your phone contains a staggering amount of personal information about you which makes theft a real danger – everything including your personal details and those of friends/family, your emails, GPS coordinates of places you regularly visit and more: all stored on the device.
In addition to setting numeric pin codes on every device to prevent the danger of theft, tracking and lifesaving wiping tools like are strongly advised.
Public Wi-Fi Networks
With the proliferation of portable devices, many businesses, particularly in retail, offer public Wi-Fi hotspots to customers.
The problem with this is that you’re sharing a network with… whom? Terrifying free tools like [Redacted – obviously] and [Redacted] allow anyone on a shared public network to view insecure websites you visit, and snoop on any keystroke you type.
Not every public Wi-Fi network is a security nightmare, but it’s sensible to avoid using public Wi-Fi to do anything sensitive, such as online banking. A 4G data connection or simple telephone banking is the easiest alternative if you’re on a mobile phone, and likely to be more secure than a public Wi-Fi Network.
It should probably go without saying that you shouldn’t connect to entirely unrecognised, unsecured or unknown Wi-Fi networks either. For obvious reasons.
Being Personally Targeted
The problem with the wider shift to portable devices is that we carry our workplace into the outside world. Many of us expect complete access to our business data on our smartphone (as we would on our PC) wherever we are.
But carrying your work phone outside work means you’re also outside the protection of in-house IT security software and firewalls.
A simple phishing email can easily be targeted to you outside working hours when you’re ‘off-guard’, and the potential loss of confidential company data could be devastating.
This week’s IT security alert from Lineal – fake invoices which ask users to run a dangerous piece of code.
The example above comes from a fake Word document emailed with a typical text line, such as ‘Please check this invoice’ or ‘Double check my numbers for me’, to an unsuspecting user.
Upon opening, the document appears to load a popup from Office 2016 prompting the user to ‘Enable Content’ for compatibility purposes, before they can view the detail of the ‘invoice.’
In fact, the display is just an image within the word file, and the ‘Enable Content’ content button instead runs a piece of Visual Basic code downloading unknown malware from the internet.
The scam relies on users’ curiosity at the unusual $1999.00 charge, and upon reaching a user still running an outdated version of Microsoft Office.
Several measures can be taken to prevent this kind of attack:
Don’t click any popup that doesn’t visibly pop ‘open’ in Microsoft and don’t ‘Enable Content’ you can’t see in a document.
Consider an email filtering service like Barracuda – in the above example, Barracuda had recognised this email as malicious and stripped the code from the document before placing it in the correct email inbox for the intended recipient.
Yesterday Lineal’s team successfully rescued a client from a new ‘zero-day’ Cryptolocker Virus which nearly destroyed many of their files.
The dangerous variation of the ‘Zepto’ cryptolocker, only identified online during the last 24 hours, is believed to be a brand new threat originally derived from ‘Locky’ ransomware.
An employee at one of Lineal’s IT support clients recently opened an email containing an infected file – a malicious piece of obfuscated code written in Visual Basic scripting language. The installed Zepto cryptolocker began encrypting the company’s files, readying to demand a heavy ransom.
In a coordinated attack, an outside user also forced access to our client’s server, instructing it to begin sending fake Barclays ‘phishing’ emails, attempting to criminally capture banking details.
Our team caught both threats early, forcefully locking out the intruder in mid-session, identifying the employee who introduced the threat, and quarantining the infection with ESET’s business endpoint security.
Lineal then notified ESET about Zepto to help with future identification, having avoided the need to restore all the clients files from backup at great disruption.
The landscape of online security threats is rapidly changing, and Cryptolocker variants have spread quickly in recent months.
In this case Lineal’s rapidly responding team and professional security software helped our client dodge the huge potential losses from the security breach – and highlighted how vital it is that organisations of all sizes take proactive steps to protect their IT from hostile intrusion.
New research by security company Duo has suggested that as many as 25% of Windows PC users are running out of date versions of Microsoft Internet Explorer.
Among Windows XP legacy users the problem is particularly acute, with more than half still running Internet Explorer 7 or 8, rather than upgrading to version 11.
Duo suggest this is putting thousands of PC users at risk of exposure to over 700 security risks caused by known viruses, malware or other online threats via their now outdated and unsupported web browser. In particular, un-patched exploits via popular third-party plugins such as video player codecs pose a likely danger.
Microsoft are currently offering Internet Explorer’s latest replacement, the superior Microsoft Edge, free to every user with a Windows 7 license who chooses to upgrade to their PC to Windows 10 before the 30th of July deadline.
Alternatively, users should consider the pushier update-reminding Mozilla Firefox, or Google’s automatically updating Google Chrome offering, along side a tried and trusted security software (such as the excellent ESET NOD32 Antivirus,) to ensure that the technology they use for private data transfers such as email and online banking, remain private.
Contact Lineal today for IT advice and support: 01271 375999 or email [email protected]
Popular messaging app WhatsApp have launched end-to-end WhatsApp encryption for over one billion users.
The new security capabilities introduced by the Facebook owned company ensures that every message remains encrypted during transmission, preventing even WhatsApp from reading user data.
With encryption and technological privacy issues regularly appearing in recent news headlines, the WhatsApp encryption upgrade comes at just the right moment for the security concerned, after more than two years of delays in development across multiple platforms.
Much like during Apple’s recent legal dispute with the FBI, the move would also prevent the release of confidential user data following a court order. According to reports from the New York Times, the technology provider have been reported to already be in a longstanding dispute with the US Department of Justice over user data.
Cryptolocker Warning: in the past fortnight we’ve seen an increasing number of companies hit by sophisticated cryptolocker viruses.
These dangerous programs, often installed by accident, lock your files over time, encrypting data and eventually demanding victims pay a ransom to retrieve their irreplaceable data.
In all of these cases, security products were installed but they did not protect against the threat. In our experience the only product that is reliably detecting these new threats and offering sufficient protection at this time is ESET. Older, less effective or out of date security products are offering little or no protection against these new cryptolocker variants.
Once affected by a cryptolocker, there is no way to de-encrypt scrambled files without paying the ransom, and users must remove the trojan before recovering recent versions of a file from their backups – highlighting the importance of a regular backup plan for data.
A dangerous new banking app malware has successfully bypassed smartphone security used by some of the world’s biggest banks.
Customers of Australia’s four biggest banks, and numerous New Zealand Banks, have all been declared at risk from the malware which activates when using a banking app, copying details from login screens.
Most worryingly, the malware can also divert two-factor authentication codes sent to a given smartphone by SMS – and pass the code to criminals, breaking a tried and trusted system used by many online financial apps around the world.
ESET security systems (commonly deployed by commercial clients for server and endpoint security) recently detected the extremely sophisticated malware, which downloads via fake Adobe Flash windows on video streaming websites.
On Android, personal users can uninstall the malware manually via Settings > Apps > Flayer > Uninstall, and are advised to only accept approved downloads from trusted public sources such as Google Play.
Commercial clients should take similar precautions against banking app malware and similar, protecting company devices behind specialist security systems.
Google and Apple’s respective CEOs have joined forces over the issue of customer privacy, with Apple CEO Tim Cook publicly refusing the Federal Bureau of Investigation (FBI) ‘backdoor’ access to iPhone software.
Google CEO Sundar Pichai backed Apple’s decision on Twitter, arguing that assisting the FBI to gain such access to a private individual’s smartphone would be a ’troubling precedent.’
The mobile phone privacy dispute with the FBI over encryption comes 2 months after Farook and Tashfeen Malik killed 14 people in a mass shooting in San Bernadino, California, with investigators demanding that Apple now assist the authorities in accessing Farook Malik’s iPhone 5C.
Both Apple and Google argue that ‘backdoor’ decryption would put the privacy of millions of ordinary smartphone users at risk from Government intrusion, with Tim Cook famously arguing that ‘You can’t have a back door that’s only for the good guys’. In theory, each iPhone’s encryption method is unique, and Apple argue that there should be no possible method for accessing a given user’s data.
On Tuesday however a Federal Judge ordered Apple to disable Farook Malik’s suspected phone setting which enforces usage delays or wipes the iPhone in the event of multiple incorrect password attempts, giving the FBI the opportunity to automatically test millions of possible passwords without penalty.
Both companies’ actions are being driven by the issue of reputation: giving law enforcement authorities the ability to access an individual’s data would utterly undermine smartphone manufacturers’ advertisement of user security.
With neither side willing to back down, expect the dispute to go to the courts, with the key issue being whether Apple can control permitted access to this iPhone, and this iPhone only.
For specialist IT Support, contact Lineal today: 01271 375999 or email: [email protected]
Web filtering provider Bloxx have announced that they will be ceasing support for their products and services, following a shock email from the company’s Chief Executive.
The move comes as part of a cash deal takeover bid by cloud services firm Akamai Technologies, announced on 2nd November 2015, and will see an end to the sale of all Bloxx products.
Bloxx has a good reputation in the UK and beyond for delivering a strong feature set in their appliances that are used to filter online content delivered in sensitive environments. Their products are commonly implemented by educators, healthcare providers, local authorities and businesses.
Although existing contracts will be honoured, those who have invested in physical Bloxx hardware may well find the lifespans are now limited, with little indication of whether Akamai will offer suitable replacements.
With online security stories dominating the news in recent weeks, wider awareness of the need for web, social media and email monitoring is likely to only increase demand for such products. It remains to be seen whether interested parties will consider a cloud-based offering from Akamai to be sufficient, especially when it comes to security and bandwidth management.
Need help with online content filtering and network security for your organisation? Speak to Lineal today: call 01271 375999 or email [email protected]
Cyber crime is finally set to become the UK’s most common crime type, following inclusion in the latest crime figures from the Office for National Statistics (ONS).
This re-classification comes only days after news headlines emerged that an Eastern European crime group successfully used ‘Dridex’ malware to steal over £20m from UK bank accounts via thousands of infected PCs in the UK.
The 2015 National Strategic Assessment from the National Crime Agency estimates that losses due to cyber crime in the UK now amount to a staggering £16 billion annually. The NCA also asserted that the theft of large amounts of private companies’ data still faces ‘considerable under reporting.’
Nowhere is this more threatening than for those in the financial services industry, where both reputations for reliability and access to funds make IT security of paramount importance, requiring compliance with the strictest procedures for identity validation, network safety and fraud detection.
All businesses need to be prepared for the future, where cyber crime is likely to become more sophisticated and UK companies may be expected to demonstrate greater data protection measures. This week Microsoft promoted it’s Financial Services Compliance program in connection with Office 365 – making assurances (aimed squarely at businesses in the financial sector) of direct access to staff and resources to ensure that Microsoft Office cloud services comply with financial security regulations.
Greater awareness of cyber crime amongst Government figures, the media and the public can only be a good thing, but ultimately it still remains very much up to the individual to ensure their IT systems are secure – before the worst happens.
More than 70% of businesses fail after significant data loss. Lineal can install a range of security measures to safeguard your business IT systems and data – enquire today via: http://www.lineal.co.uk/contact/
Data breaches can lead to a massive loss of trust among customers, so how do you ensure your IT remains secure?
Despite what many online sign-up forms would suggest, the ‘strongest’ password is not necessarily long and complicated. Whilst complexity makes a password harder to guess or crack with a ‘brute force’ testing of combinations, most security breaches occur from stolen passwords, either physically or by malware attacks.
Very complex passwords do not help in this respect: users still need other IT security, such as antivirus software, errors are more common when typing (particularly on handheld devices) and employees may find complex passwords harder to remember – undermining data security by writing down their login details. The ubiquitous sticky note attached to the monitor is still a trusted solution to working with complex password policies in some organisations!
Routine password changes are a sensible precaution for most businesses, but can make it harder for employees to remember their passwords, leading to the same problem in which users are locked out of work accounts, copy passwords across accounts, or write passwords down at risk of theft.
Phrases can help avoid this problem by making passwords easier to recall: ‘Lineal15theB3st’ is preferable to a 15-digit numeral because a touch of personality adds memorability. Beware profanity though – just imagine trying to explain it to technical support later on!
If you want to see where the future of online security is going, follow the money: most online banking incorporates a two-stage authentication process, requiring both a password and a unique alert code texted to the customer’s mobile phone for identification. This is already a free optional setting for Google, Facebook, Twitter and other popular websites.
Lineal’s advice is to stick to the following basics:
Avoid physical theft:
Don’t write your passwords down on a post-it note on your desk! Microsoft has a practical tip: if you absolutely must write a password down, do so in a safe place, without labeling it as a password or to which account it refers. Substitute words should also be used to hide the true password, for example writing ‘Fruit8£’ could refer to a password of ‘Apple8£’.
Don’t use an easily guessed word, such as your name, your company’s name, 1234, the name of something on your desk, the word ‘password’, or anything similarly obvious.
Never tell anyone your password, and change your password if you suspect it has been compromised.
Ease of Access:
If you struggle to remember your passwords, use a password storage program to store some of them. Remember to use a secure password for the program.
Mitigate against your own forgetfulness by setting up alternate password recovery options, allowing you to choose more varied, difficult passwords.
Consider where users will need to log in from – take full advantage of using numbers and special characters ( ! , £, %, * etc.) for keyboard users.
Preventing digital theft:
Use different passwords for your most important accounts, such as online banking.
Use two-stage authentication.
Maintain up to date anti-virus security software and firewalls on your work desktops, and don’t download untrusted software or open suspicious emails which could be phishing or contain password stealing malware.
Consult IT specialists to ensure office networks are protected from outside attacks.