Bad Rabbit Ransomware Outbreak. Here’s What You Need to Know

A new strain of Ransomware called Bad Rabbit is spreading around the world. Bad Rabbit spreads via Social Engineering so here’s what to warn your users to look for.

Users receive a pop up in their browsers telling them that an update to Adobe’s Flash Player is available. There are two buttons to click; Install and Remind Later. Both do the same thing – install the malware payload on the system. Bad Rabbit then uses a list of known weak passwords and tries to access all found servers and workstations using common accounts such as Administrator, Guest, root, etc. If it gets a match, the ransomware proceeds to encrypt the files on the computer and then replaces the Master Boot Record – effectively bricking the computer. So recovery forces you to purchase two decryption keys. Price is .05 Bitcoin or about $275.

There are two takeaways. First, train and remind your users to use complex passwords and change them often. Second, have your users undergo Social Engineering security training.

Contact us if you’d like more information or assistance in keeping your network and data secure.

Everyone stay safe out there!


 

 

Social Media Gotcha

You need to exercise a new degree of care with social media posts – both personal and corporate. Specifically, you have to watch that you and your users don’t make posts that can enable criminal activity. Let me explain.

You have probably already heard the good advice about not letting newspapers pile up on your front steps when you’re away, but in this era of instant electronic communications, criminals aren’t interested in driving around neighborhoods any longer. They now routinely cruise social media looking for opportunities. Today, an estimated 75% of burglars use social media to find potential targets. So posting those pictures while you’re on vacation or out for the evening isn’t a good idea. Either is providing details online about that expensive new piece of equipment the company just purchased. Aside from potentially having property stolen, there’s now a new gotcha; insurance companies are now actively using online activity to decide coverage and claims. What’s the basis for doing this? It’s a clause in the insurance contracts known as ‘reasonable care.’ Reasonable care means not doing anything reckless that would make you or your company a target.

So here are some simple guidelines for both personal and corporate social media usage:

  • Turn off your location. Disable electronic’s GPS unless you’re actively using it and also turn off location tagging.
  • Don’t post real-time. Put up pictures after a vacation or the details of the CEO’s Asian trip after they get back.
  • Don’t display high value items. Why make it easier for the bad guys?
  • Never post identifiable info online. This includes addresses, your auto’s license plate, etc.
  • Check privacy settings. Take some time to investigate what the settings are on your social media accounts. Facebook in particular updates its privacy settings on occasion and many of the defaults are quite open.

Everyone stay safe out there!


 

Business Process Compromise

All businesses have unique operational processes they rely upon to handle distinct needs. Even common tasks like shipping are handled differently from company to company. But in general, the larger a business is, the more complex its processes.

Business Process Compromise is a new type of cyber attack that recently has come into focus. It specifically targets unique systems and processes and manipulates them for the attacker’s benefit. And rather than a brash warning such as is received with ransomware, BPC attacks are typically silent and have a goal of stealthily appropriating goods and/or funds over extended periods of time.

Many BPC attacks go unnoticed because employees largely ignore the workings of these processes treating them as almost automatic.

Defending against BPC requires a multi-pronged approach.

  • File Integrity Monitoring should be considered for critical systems
  • Regularly check system operations and compare normal activity from abnormal and possibly malicious actions.
  • Regularly audit long-established processes looking for vulnerabilities as well as proper results from test data
  • Ensure that your organization has implemented cybersecurity measures to protect against identified malware exploits

Everyone stay safe out there!


 

60% of SMBs Go Out of Business After This Happens

A survey just published by The Business Journals has some sobering statistics. Only 28 percent of owners of small and mid sized businesses responded that they are very concerned about ‘the safety and security of their firm’s technology, email and documents.’

What makes that particularly concerning is that it runs directly counter to the potential impact for small companies should they suffer a data breach. The Insights report said 60 percent of U.S. businesses with between 1 and 499 employees that suffer a data breach shut down within six months.

As a business owner or manager, if IT security isn’t one of your highest priorities, change your thinking and get some help. Proper IT security usually isn’t hugely expensive but it does require an understanding of the issues, threats and environment, and then implementing a comprehensive plan.

If you’re not sure where to start MicroData is offering a free, no-obligation IT assessment of your business. You’ll get detailed, specific information about the security of your IT environment along with recommendations for corrective actions. And of course we can handle all aspect of implementing and managing IT security for your business. Click here to learn more.


 

400,000 Cyber Attacks a Day?

Sun Tzu, the famous 5th century BC Chinese general and philosopher has been credited with the statement ‘know yourself, know your enemy and you shall win a hundred battles without loss.’ This applies to cyber-criminals, too. A critical part of your organization’s defense is understanding the extent and nature of the threat. Here’s an example of what I mean.

We recently installed a server for a client which communicates directly to and from the Internet. While it’s a given that adequate security needs to be in place, many business people don’t realize the extent to which the bad guys will go to gain access to a system like this. Cybercriminals deploy automated systems to silently scan for computers, routers, and other IT-related devices which are connected to the Internet and once found, automatically and continuously attempt to exploit configuration mistakes, default or ‘easy’ passwords, and unpatched vulnerabilities.

After only 1 day, here’s a summary of the individual attempts to hack this single system:

USA (106)
Russian Federation (18)
India (17)
China (14)
France (13)

Note that because of the software we installed, after an attack was attempted 3 times that address was blocked from further access. So the above total of 168 individual attempts in 24 hours – if not stopped by the software we had installed – would have likely been continuous attempts every few seconds by each attacker. This would likely have put the daily total at close to 300,000 – 400,000 attempts.

The takeaway? Don’t underestimate the enemy. They have resources to find your systems, exploit vulnerabilities, and make your life miserable.

Invest in good quality security, keep systems and hardware up to date, and monitor everything.

Everyone stay safe out there!


 

“Your Office 365 statement is ready” Scam – Heads up!

The popular Microsoft Office 365 online service is now being used in a phishing scam to try and steal your personal data and information. Here’s what to look for.

You receive an email that appears to come from the ‘Microsoft Online Services Team’ with a subject of ‘Office 365 billing statement’. The body of the message looks good – there’s an Office 365 logo, no typos or obvious mistakes, and even the Microsoft logo at the bottom of the message. There’s a hyperlink inviting you to ‘Click here to view your statement’. If you do you actually download malware onto your computer.

Advise your users just to delete the message without clicking anything. And remember, with any message about an account you might have somewhere, never access it from a link in a message. Always go to the actual website by entering the address yourself, login, and then review any messages or account details. And if you’re still in doubt, pick up the phone and call the company’s customer service.

Everyone stay safe out there!


 

Still Using IE 7, 8, 9 or 10? Time to Upgrade

Microsoft released its monthly set of patches and updates this Tuesday and of particular note is the fact that over half of the ‘critical’ fixes (those related to security) are not being released for Internet Explorer 7, 8, 9 or 10.

So what this means is that if you’re an Internet Explorer user this is a really good time to upgrade your browser if you’re still using one of those older versions. How do you check? Open up a browser window and pull down the ‘Help’ menu and choose ‘About Internet Explorer’.

If you find you need to upgrade Internet Explorer visit Microsoft’s Download Center for the free update.


 

Why Ransomware Pays

I’ve had many frustrated people as me why cybercriminals create and distribute ransomware. The answer is money, of course. But some new data from a report by Check Point software’s researchers is helpful because it shows just how much money we’re talking about.

Check Point focused on just one product: Cerber. The Cerber platform is software created specifically to be resold to create ransomware. Aspiring cybercriminal affiliates create their own ransomware campaign using Cerber and the deal is that Cerber gets to keep 40% of whatever their customers make with their ransomware attack.

Check Point was able to determine that Cerber had more than 160 participants at current count and that the combined direct sales plus affiliate revenue was almost $200,000 just in July – and this despite a victim payment rate of only 0.3%.

Doing the math means that Cerber is on track to net 2.4 million dollars this year.

So what’s the takeaway for businesses? Ransomware is a highly profitable criminal activity and you should expect to see increases in attacks on your business.

And that means that if you haven’t yet, you should get your organization up to speed both in terms of hardware/software preparedness, but also user training.

If you’d like to learn more, download our Executive Report: Ransomware Prevention Checklist for Your Organization or give us a call at 978.921.0990

Everyone stay safe out there!


 

 

Use GoToMyPC? Read this

If you are a user of GoToMyPC it’s time to change your password. In their blog this Sunday Citrix said that the service was hit by a “very sophisticated password attack.” Citrix is requiring all users to reset their passwords using the ‘Forgot Password‘ link.

Citrix didn’t go into detail but the implication is that a substantial number of accounts were compromised.

And of course if you used the same account/password at other sites you should change it at those sites as well.

Attacks against websites continue to grow as cybercriminals exploit security flaws. If you haven’t already, start taking a look at enabling two-step verification which many sites are now offering. With two-step verification, you receive a unique code to your cell phone or email each time you want to sign on.


 

MicroData on CBS Small Business Pulse

Heard about Hybrid-Cloud and wonder what all the hype is about? Check out the Part 1 of the interview I did on May 20 with Michelle Guilbeau of CBS Small Business Pulse.


 

Why Using that Old Version of Office Puts You at Risk

I was born in Maine and had parents that clearly remembered the effects of the Great Depression. They weren’t yet born during the actual Depression but growing up, their parents who had lived through it, taught them valuable life lessons from those difficult years. And I got many of the same lessons although as the next generation, less poignantly. One central concept was Yankee-thrift, a big part of which means you don’t waste things and you don’t throw stuff away that could be re-purposed or re-used. Good advice – in most cases.

The problem is that this belief can get you into trouble with information technology. For example, we have many organizations we’ve worked with that use older versions of Microsoft Office. I’ve repeatedly heard over the years, “it works just fine and does what I need it to.” The problem is that it does some things you really don’t want it to do.

One of the biggest problems is the file format. Have you noticed how newer versions of Word save files with a .docx extension rather than the older .doc? There are many improvements that Microsoft built into the new file format, but one huge area of improvement was file security. In the new .docx format, Microsoft removed the ability for users to embed macros into the document. A macro is basically a set of self-executing instructions. Today, many variants of ransomware are being spread by macros in infected .doc and .xls files. With the older version of Word, you can just click and boom, you’ll find all your files encrypted and be looking at a ransom message and the prospect of paying hundreds or thousands of dollars to get your data decrypted.

So Yankee-thrift is a great concept, but not in business where you share files all the time. Keep your software versions current and if you’re not sure how old is ‘too old’, ask your IT professional who can guide you.

Everyone keep safe out there!


 

Have QuickTime on Widows? Uninstall it Now

QuickTime on Windows is an Apple product that has been widely used for years to play movie trailers and many Internet media clips.

Last week, Apple announced that it was no longer going to support the product and would not even patch two recently identified major vulnerabilities in the software that can allow hacker access to people’s computers.

The vulnerabilities are so serious that the U.S. Department of Homeland Security has sent out an urgent alert telling Windows customers to remove the program from their computers. So we’re advising everyone to check and see if you have this app on your computer and if so, uninstall it now.

Everyone stay safe out there!


 

Does Your Endpoint Protection Include this Important Ramsonware Tool?

Unless you’ve been away on a small island for the last couple of years, you know about the problems presented by Ransomware and probably know of an organization that’s been hit. But as a refresher, Ransomware is software that encrypts your computer, network, and Cloud data and your only recourse to get your data back is to pay a ransom, usually in Bitcoin and typically +$1,000.

What’s really tricky about Ransomware is that it isn’t delivered like a typical virus that sneaks onto your computer and runs itself. Ransomware is usually self-inflicted. A user gets an email that looks legit such as an efax or Word document – these are called phishing attacks. The attachment is actually the code and by the user clicking on it, the ransomware application gets started.

While there are many steps your organization can take to protect yourself, at a minimum you want a good quality antivirus/antimalware application on each user’s computer, and you want to make sure this antivirus solution does email content filtering. This is a basic but effective line of defense to stop a large percentage of these phishing messages from getting in to your organization.

Symantec, McAfee, Kaspersky, Sophos, F-Secure, and Vipre do not perform content filtering. Trend Micro’s Worry Free Business Security Advanced does provide content filtering which is why we recommend this solution.

If you haven’t looked at the capabilities of your organization’s Endpoint Protection software lately, with ransomware infections growing each month, now might be a good time.


 

Data Mishandling Could Cost CA Hospital $25,000 per Patient Record

Think that professional IT services are expensive? How about the cost of your current provider making a mistake? Last month a California state court judge finalized the highest ever per-plaintiff cash settlement in a data breach case. St. Joseph Health System, based in Irvine, is set to pay upwards of $28 million to settle a 31,074-member class action. The dispute arose out of a 2012 incident that exposed over 31,000 patient records to the Internet. The cause was not malware in this case but rather simple mis-configuration of the hospital’s intranet.

The takeaway? Security for your network and data needs to be one of your highest priorities. Even a small business can have thousands of customer records with sensitive information that must be secured.

If you’re not sure about your organization’s IT security, I urge you to take advantage of a special, limited-time promotion we’re offering where we’ll review your IT systems and provide you with a detailed 57-Point IT Systems Security and Performance Assessment – all for FREE. Click here to learn more.


 

Stealing Data with a Wheelbarrow

I was just reading a fascinating story on the U.S. Dept. of Justice website about a bank robbery and there’s a lesson in there for all of us about IT security. What made this story so interesting wasn’t the use of Mission Impossible-like technology or swarms of armed criminals, but exactly the opposite. Low tech, physical theft by one guy with a wheelbarrow. I’m not kidding.

Over a 2-month period, the defendant stole over $200,000 in quarters from a Federal Reserve coin storage facility at an Alabama Brink’s facility where he worked. He had noticed that the quarters were stored in ballistic bags – think large duffle bags – so he grabbed 4 empty bags, filled them with beads and just enough quarters to show through a small plastic inspection window, then he put them on a skid swapping them for legitimate bags full of quarters.

The lesson for IT? Don’t neglect physical security of your IT assets. Ask yourself how hard it would be for someone who gains access to your facilities to simply pick up a computer or server and carry it off. This is exactly why part of every yearly required HIPAA audit is to verify the physical security of key data processing equipment.

If you have any questions about your IT security – physical or electronic – we’d be glad to help you out. Get in touch here.


 

“Your PayPal Invoice is Ready” Ransomeware Scam

This scam is sneaky because the cybercriminals are using the exact same phrase that PayPal uses when monthly invoices are sent out.  Users receive an email with the subject line of ‘Your PayPal Invoice is Ready’ and the body of the message asks you to ‘Please open the attached file to view invoice’. The attachment is a .zip archive which, if opened, executes code that will encrypt your hard drive files (and files on any mapped hard drive) requiring you to pay a ransom in Bitcoin to get your files back. Short of a complete restore of the affected system(s), there’s no other way to avoid paying the ransom.

Aside from training your users not to fall for these types of messages, what else can you do to try and protect your company? Here are a few suggestions.

  • Block all .zip type of attachments in your email system
  • Pre-clean your email by running it through a filtering services such as MicroData’s hosted Barracuda service
  • Install better quality antivirus software that specifically looks for these types of threats. We recommend Trend’s Worry Free Business Security Advanced

As always, we’re glad to help organizations with issues like this. You can learn more or contact us anytime.

 


 

Tips for Using WiFi Hotspots Safely

Having an available wifi hotspot can be incredibly helpful if you need to do some business on the road. But you should take some precautions to ensure that the person on the other side of that coffee shop isn’t stealing your identity, draining your bank account, or having a shopping spree with your credit card. Here are some of the safety tips we give our own customers.

  1. Make sure your laptop or tablet security is up to date. This would include having a fully supported OS with all patches applied, an updated web browser, a personal firewall turned on, and current anti-spyware/anti-malware.
  2. Be aware of the hotspot you’re using. The hotspot at Starbucks is preferable to one you just happen to come across while you’re sitting around the mall. And a hotspot that requires patrons to use a password is better still.A new trend to watch out for is ‘hotspot fishing’. The bad guys target an area where there are many people looking for wifi access. An airport is a great example. They setup with their own laptop with hacking software and then broadcast an unsecured wifi hotspot – sometimes with the name of a nearby store or the airport’s name to try and fool users into thinking its safe. Then they wait for unsuspecting users to connect. Once they do, everything they transmit can be intercepted.
  3. Protect your passwords. When a website or your browser asks if you’d like it to remember your password, we suggest saying ‘no’. For someone that’s frequently on the road, it’s better not to have your password data stored anywhere on your computer. The exception would be if you are using an encrypted password manager like KeePass.
  4. Change settings. The default behavior on Windows systems when connecting to a new network will be to ask you if the network should be trusted or not – choose ‘Public’ or ‘Public Network’. But if your computer doesn’t ask you for some reason, make sure you turn off file sharing.
  5. Use a VPN. A VPN can encrypt your connection to a home or work network so consider connecting this way if possible.
  6. Avoid financial transactions. If at all possible, just have these wait until you get home or to a secure network. If you do have to do some e-commerce shopping, make sure the sites are encrypted and secured. Secure sites begin with an ‘https’ in the address.
  7. Be aware of your physical surroundings. When you’re engrossed in some online work it’s easy not to pay attention of people coming and going around you especially if you’re in a busy location like an airport or coffee shop. Bad guys are in many of these public areas and are ready to grab a briefcase or purse left on the floor when the owner isn’t looking.

Everyone stay safe out there!

 


 

Head up! ‘Fuel E-Bill’ Scam

Tell your users to be alert for an email message with a subject of ‘Fuel E-bill’ and a Microsoft Word attachment. Opening the attachment causes execution of some code which, on an unpatched computer, infects your system with malware. Just delete the message.

Make sure your systems are updated and that your firewall and workstations all have current antivirus and malware protection.

Be careful out there and have a good weekend!


 

‘Tiket Alert’ Email Scam – Heads Up!

Tell your users to be on the alert for an email message with a subject line containing ‘Tiket alert’. It has a .zip attachment with a filename of tiket_number.zip that, if opened, infects the system with malware. Users should just delete the entire email.

Remember to stop and think.

Everyone stay safe out there!


 

CryptoWall v2 Virus; Get Infected without Clicking on Anything

In a nasty new twist, CryptoWall v2 now uses infected ads on dozens of popular sites like Yahoo, AOL, and Match.com to infect computers. The worst part is you don’t even need to click on the ads to become infected. Simply visiting the page with outdated software on your computer can infect your system.

For those of you not familiar with CryptoWall and similar ‘ransomware’ viruses, they work by infecting your computer and then encrypting all your data so you can no longer access it. Then it demands a ransom – $500 in Bitcoin in this case – in order to decrypt it. There is no practical way to decrypt it yourself. You either restore everything from a backup or pay the money.

In this particular case, the ads are infecting computers that have an outdated version of Adobe Flash installed that has a known vulnerability. Flash is used to allow many websites to broadcast video content through Web browsers. This vulnerability is exploited by code in the ads which causes your computer to download and install the virus. This is what we in the industry call a ‘drive-by-download’.

What should you do?

If you have Adobe Flash installed and you’re running Google Chrome or Internet Explorer on Windows 8 or newer, you’re probably OK as Flash automatically updates itself so it has already been patched against this exploit. You should still check to make sure you have the latest version as some website restrict software from being automatically installed.

To check if you have the latest version visit Adobe here: https://helpx.adobe.com/flash-player.html

If you don’t have Flash installed you don’t immediately have to worry about this. But you have ever watched a video in your browser, the odds are good you have Flash installed. So check to be sure.

Everyone stay safe out there!


 

5 Million Gmail Passwords Exposed

CNN yesterday afternoon reported that approximately 5 million Gmail addresses and passwords showed up on a Russian Bitcoin forum this Wednesday. Google says that it’s servers weren’t breached, but it’s unclear how the data in such large amounts was obtained – and how much of it is actually good.

It’s not uncommon for collections of such info to be summarized from multiple phishing and keylogging malware exploits and then offered for sale.

So if you have Gmail accounts, it’s probably a good idea to update your passwords.


 

Robin Williams Scam

As if the events surrounding Robin William’s death aren’t sad enough, the bad guys out there are already trying to use it to steal your data. Users get an email or see a social media post with a subject line with something like ‘See Robin William’s Last Words’. Clicking on the link gets the user’s system infected with malware/spyware.

So alert your users to stop and think before clicking!

 


 

New Ransomware Targets iPhones & iPads

A new type of ransomware is appearing – mostly in Australia and the UK for now – that targets iPhones and iPads. The attack exploits the ‘Find My Phone’ feature to launch the attack and the bad guys have somehow got access to iCloud account info that’s used to lock the devices.

What happens is that suddenly your iPhone or iPad will lock itself and then you receive a message that you’ve been hacked by Oleg Pliss and you have to pay $100 US/EUR via PayPal to get the device unlocked.

Your best defense? Change your Apple ID credentials now.


 

KnowBe4 Offers to Pay your Crypto-Ransom if You Get Hit

In an impressively confident offer, the Internet Security training firm KnowBe4 has offered to pay the Crypto-Ransom if an organization that completes its user training subsequently gets hit by ransomware such as CrytoLocker, CryptoDefense, or CryptoBit.

Said Stu Sjouwerman, founder and CEO of KnowBe4, “We are so confident our training works, we’ll pay your ransom in Bitcoin if you get hit with ransomware while you are a customer.”

It’s refreshing to see a training company that’s so confident in its product and methodology that they’re willing to offer such a guarantee.

You can get more information at the KnowBe4 website  

 


 

 

“Incoming Fax Report” Scam

Here’s another scam to alert your users to watch for.

You receive an email with a subject line similar to ‘INCOMING FAX REPORT: Remote ID: xxx-xxx-xxxx’.

The message body includes some fax-like info including data/time, speed, connection time, pages, etc. It then includes the statement “Please use the following link to download your file:“.

The link provided will take you to a page that will infect your computer with spyware/malware.

Spam filters can’t block these types of messages – you have to rely on educating your users to the threat and reminding them to stop and think.

Everyone stay safe out there!


 

Use Craigslist to Hire? Read this Alert

You probably already know about CryptoLocker – the malware that encrypts everything on your local hard disk and then demands you pay from $500 – $1,000 or you’ll never see it again. Well now there’s a new threat and it comes into your organization in  way that greatly increases the chance of it successfully attacking your business.

The bad guys now search through Craigslist looking for companies advertising for help. They then send in an email response with an attached ‘resume’. The person in HR opens the attachment and boom, they’ve just infected the network with CryptoLocker.

What makes this doubly concerning is that typically the person in HR – or maybe even the business owner if its a small company – is the one looking at these resumes and they have a high level of access to files and data. This means that the potential damage can be much worse than for a lower level employee.

What can you do to protect your network? Employ some security ‘best practices’ such as removing certain attachments from email messages, restricting users ability to install software, maintaining robust web and email filtering, implementing and testing comprehensive backups and restores, and encrypting your sensitive data. But most important is to educate and train your users. As our friends at Cyberheist News are fond of saying, “Your weakest point in any security model is the person who touches the keyboard.”


 

Heads up! The Windows XP Scams Have Started

I wrote about a month ago that you should expect to start seeing the bad guys exploiting the end-of-support of Windows XP. They haven’t wasted any time and the latest tactic is particularly aggressive, so alert your users. Thanks to our friends at CyberheistNews for this latest tipoff. Here’s how this scam works.

The criminals either send an email or make unsolicited telephone calls and claim to be from Microsoft or your Help Desk. They then tell you a bit of truth about Windows XP being unsupported (which you already know if you’re running Windows XP and seeing the pop-ups telling you this) and then that there are exploits in Windows XP that can’t be fixed automatically anymore. But they then claim to have a patch they will manually apply if you give them access to your computer.

Once they’ve got onto the computer they ‘own’ it and can subsequently hack into the rest of the network with relative ease.

Remind your users that Microsoft and it’s partners never make unsolicited calls. If you get a call or email that purports to come from ‘Support’ or ‘Microsoft’ telling you that you need to do something, hang up and call your real IT support team.

Everyone be careful out there!


 

Heartbleed Bug. Is Your Organization Affected?

This week’s news has contained a lot of info about the so-called Heartbleed Bug. Here’s a quick snapshot of what you need to know as an organization and what your users should know.

First, Heartbleed is tied to what’s called ‘OpenSSL’ security implementation on computer systems – primarily Linux systems. Windows systems appear largely unaffected. SSL provides communications security and privacy over the Internet for applications such as web, email, instant messaging, and some virtual private networks.

The implications are pretty serious. In testing by Codenomicon, access was achieved to systems from the outside without leaving a trace and testers were able to gain access to user names and passwords, messages, emails, and business critical documents.

Netcraft has reported that many sites are already deploying new certificates in response to this issue including,  Yahoo, Adobe, CloudFlare, DuckDuckGo, GitHub, Reddit , Launchpad, PayPal, Netflix and Amazon’s CloudFront content delivery network.

If your organization has Linux systems you should immediately test them using publicly available tools and if you have a problem, deploy a new, fixed OpenSSL solution ASAP.

What do you do as a user? If you can connect to a site or appliance using HTTPS, and it’s not running on Microsoft Windows, consider it vulnerable until proven otherwise. Look for confirmation from the site that it has tested for the vulnerability and it has either corrected it or verified it isn’t affected. And of course, this would be a good time to change your passwords for any SSL secured sites – just as a precaution.

 


 

The Bad Guys are Waiting for April 8

Most of you are probably aware that Microsoft is ending support for Windows XP on April 8. That means no more patches, bug fixes, or updates. But what many of you may not know is that cyber-criminals have been hoarding discovered vulnerabilities, patiently waiting for April 9, so that they can then use or sell them. There are some estimates that there are hundreds of potential vulnerabilities out there waiting to be exploited.

What can you do if you still have XP machines in production? There are basically 3 options.

  1. Microsoft has created an incentive program called Get2Modern that offers discounted pricing on Windows 8 software upgrades. Expect around $140. But keep in mind that many older machines running Windows XP and many older applications may not be able to run on Windows 7 or 8, or may require hardware upgrades. And upgrading the operating system on a XP machine to Windows 7 or 8 isn’t trivial as there is no direct upgrade path. Expect to spend many hours for each machine.
  2. You can purchase/lease/rent new desktops or notebooks that come with the latest version of Windows – and a new machine warranty, as well. And prices are pretty attractive right now. For example, we just had a customer pick up some HP All-in-One desktops with Windows 8.1 Professional for less than $500. And monthly rentals with Windows 7 or 8 and the latest version of Microsoft Office are only $49
  3. If you must keep old XP machines around for a while, you can take certain steps to mitigate the exposure you have. See the article from our friends at KnowBe4 for details.

 


 

Will ATM’s Running XP be a Security Risk?

According to the ATM Industry Association most ATM’s will continue running Windows XP after Microsoft ends support for the OS. I can’t say that I’m surprised even though banks and financial institutions have had years of advanced notice of the retirement of XP.

In the US about half of ATMs are run by banks and the other half by independent operators. Upgrading is a significant effort (and cost) which probably explains why so many ATMs are still running XP.

Microsoft has specifically pointed out that the end of XP support means it will become vulnerable to future exploits, but that also doesn’t automatically mean that ATMs will become vulnerable. They are ‘closed’ systems that only perform a single task and there are safeguards that can be taken that will allow them to continue to achieve PCI SSC compliance – for a while.

But PCI compliance as well as several state laws – such as Massachusetts 201 CMR 17 – require that systems have software that’s supported by the manufacturer.

So will there be a security risk? Yes, but it’s not doubling overnight. But minimally the owners of the ATMs you use should have a plan in place for fairly immediate migration of the ATM to newer software standards.

And by the way, this problem extends far beyond ATMs. Most restaurant and retail store point-of-sale terminals also still run on Windows XP.

 


 

 

Malaysian Airlines Facebook Scam

Facebook users beware of a scam posting about the missing Malaysian Airlines Flight MH370. A posting by cyber crooks is claiming the missing aircraft has been found in the Bermuda triangle and invites users to see video footage by clicking a link on a malicious website.

 


 

Windows XP Support Ends in 36 days and PCmover Express

Unless you’ve been seriously out of contact for a while, you probably already know that Microsoft’s support for Windows XP is ending this spring. But like the April 15 tax deadline, these dates have a way of sneaking up on you and suddenly you realize it’s SOON.

Starting March 8 look for a popup message on your Windows XP computer from Microsoft reminding you that support for XP is ending on April 8.

And to help you out with transferring your old data and settings to a new computer, check out PCmover Express just released by Microsoft in conjunction with Laplink. PCmover Express will copy your files and settings to a new device running Windows 7, 8, or 8.1. Available later this week from windowsxp.com

 


 

“Scheduled Home Delivery Problem” E-mail Scam – Here’s what to watch for

Just in time for the holidays is yet another email scam. Here’s what to be on the lookout for:

You get an email purportedly from Walmart, Costco, or some other large retailer. The subject line is something intended to fool you into thinking there is a delivery problem with something you may have ordered or a gift that’s coming to you. The subject line is something like “Scheduled Home Delivery Problem” or “Express Delivery Failure”.

The message may have the company logo and an ‘order’ number and has links to check out the order and also to fill out a form to give updated shipping info. Clicking either link infects your computer with malware designed to steal your accounts, passwords, and other sensitive data.

The giveaways that it’s bogus? The message isn’t personally addressed to you (it’s a ‘Sir/Madam’ or ‘Dear Customer’ format’), the language is poor English, there’s a threat (‘you will get your money back but 17% will be deducted’ for some reason), and if you hover over the links without clicking, you’ll see that they resolve to addresses that have nothing to do with the merchant.

So warn your users and remember to stop and think before clicking!


 

2 Million Accounts Compromised – ADP, Facebook, Google, others

SpiderLabs, a security team that’s part of the security company Trustwave, reports that they have found over 2 million stolen credentials available for sale on the Internet.

Included in the massive collection are credentials from the payroll provider ADP, Facebook, Google, Yahoo, Twitter, and LinkedIn. Most appear to have been stolen with a piece of malware that searches systems for likely looking stored accounts and passwords as well as watching browser activity and recording logins as they occur. The captured info is then sent off to the bad guys for cleanup and ultimate sale.

The most common password? 123456

The malware causing all this havoc would be stopped by keeping computers and browsers patched and up to date, and of course keeping anti-virus software updated.

If you’re concerned about any of the above accounts you use, this might be a good time to change those passwords.

Keep your organization’s and personal computers updated and please ask you users to come up with passwords that at least make it a bit harder for the thieves. A good guideline is to use at least 8 characters, a mixture of uppercase and lowercase, and some symbols mixed in.


 

How to Detect Online Holiday Deal Scams

It’s the season for holly and mistletoe, but unfortunately that means that the scammers are working overtime. They know that a record amount of online shopping is being done online this year (and especially this Cyber Week) – and a lot of it is being done at work – so they are trying hard to infect computer systems and steal info.

How is it being done? Mostly by offering incredible sounding deals in an email message that when clicked, take you to a completely fraudulent website whose purpose is to get you to type in that credit card info or to infect your computer with malware.

So tell your users to stop and think. If they see a deal for a 60″ LED flatscreen TV for $299 from a vendor you’ve never heard of, stay away!

And these ‘deals’ are coming via social media and on mobile devices too.

So warn your users. And as the old saying goes, if it sounds too good to be true, it probably is.

 

 


 

Adobe Security Breach Much Worse than First Reported

As most of our readers know from a post we did about a month ago, Adobe’s systems were hacked and the bad guys essentially got away with whatever info they wanted. Early reports estimated that up to 38 million accounts and passwords were stolen. Well, that’s been revised upward – a lot.

The stolen data has now appeared for sale online and from that info it’s now pretty certain that upward of 150 million accounts were compromised.

To make matters even worse, it appears that Adobe did little to safeguard the info as they implemented only a basic form of encryption. You can read an interesting synopsis from the folks at Sophos: http://nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-disaster-adobes-giant-sized-cryptographic-blunder/

The moral of the story? Don’t believe it can’t happen to your company or organization and make every effort to keep your information as safe as possible.