Our Most Popular Managed Services

If you need help deciding what services are best for your business let us know.

VT Logo header logo wrap shape

VT Logo header logo wrap shape

Award-Winning Dallas-Fort Worth IT Services.

Questions? Call (817) 595-0111

inner banner overlay

VersaTrust Blog

VersaTrust has been serving the Texas area since 1997 , providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

Capital One Data Breach Affects More Than 100 Million Customers

Capital One Data Breach Affects More Than 100 Million Customers and Small Businesses in The U.S. & 6 Million in Canada

On July 29, 2019, Capital One reported that their customers’ confidential information was compromised. This includes the Social Security and bank account numbers of more than 100 million people and small businesses in the U.S., along with 6 million in Canada.

Capital One Data Breach

The McLean, Virginia-based bank discovered the vulnerability in its system July 19 and immediately sought help from law enforcement to catch the perpetrator. They waited until July 29 to inform customers.

How Did The Hacker Get Into Capital One’s System?

According to court documents in the Capital One case, the hacker obtained this information by finding a misconfigured firewall on Capital One’s Amazon Web Services (AWS) cloud server.

Amazon said that AWS wasn’t compromised in any way. They say that the hacker gained access through a misconfiguration on the cloud server’s application, not through a vulnerability in its infrastructure.

Capital One says that they immediately fixed the configuration vulnerability that the individual exploited and promptly began working with federal law enforcement.

Who Breached Capital One’s Data?

Paige A. Thompson, a former software engineer in Seattle, is accused of stealing data from Capital One credit card applications.

Thompson was a systems engineer and an employee at Amazon Web Services from 2015 to 2016. In a statement, Amazon said that she left the company three years before the hack took place.

The FBI arrested Thompson on Monday, July 29 for the theft, which occurred between March 12 and July 17. Thompson made her initial appearance in U.S. District Court in Seattle and has been detained pending an August 1 hearing. Computer fraud and abuse are punishable by up to five years in prison and a $250,000 fine.

What Information Was Compromised?

Thompson stole information including credit scores and balances plus the Social Security numbers of about 140,000 customers and 80,000 linked bank account numbers of their secured credit card customers. For Capital One’s Canadian credit card customers, approximately 1 million Social Insurance Numbers were compromised.

The largest category of information obtained was that of consumers and small businesses when they applied for one of Capital One’s credit card products from 2005 through early 2019.

Capital One said, some of this information included names, addresses, phone numbers, email addresses, dates of birth and self-reported income.

Other data obtained included credit scores, limits, balances and transaction data from a total of 23 days during 2016, 2017 and 2018.

This is one of the top 10 largest data breaches ever, according to USA TODAY research.

What Is Capital One Saying About The Breach?

They will offer free credit monitoring services to those affected. Capital One said it was “unlikely that the information was used for fraud or disseminated by this individual” but committed to investigating the hack fully.

They’ve set up a consumer website about the breach at www.capitalone.com/facts2019 that you should refer to if you’re worried that your information was compromised.

Capital One expects that this hack will cost them approximately $100 million to $150 million in 2019.

What Should Capital One Customers Do?

If you’re a Capital One customer, you should check your account online. You should also freeze your credit through each of the three main credit bureaus: Experian, Equifax and TransUnion.

It’s important to remain vigilant. Businesses should sign up for Dark Web Scanning to detect whether your confidential business information is there for cybercriminals to use.

Prevention is always the best remedy. Ask your IT provider to ensure your that your firewall is properly configured and to continuously remotely monitor your network for intrusions.

Continue reading

Important Warning From The FBI

https fbi warning

Hackers Now Using HTTPS To Trick Victims Via Phishing Scams

Everything you’ve heard about the safety of https sites is now in question. According to a recent FBI public service announcement, hackers are incorporating website certificates (third-party verification that a site is secure) when sending potential victims phishing emails that imitate trustworthy companies or email contacts.

These phishing schemes are used to acquire sensitive logins or other information by luring people to a malicious website that looks secure.

Can You Still Count On HTTPS?

The “s” in the https along with a lock icon is supposed to give us an indication that a website is secure. And your employees may have heard this in their Security Awareness Training. All training will now need to be updated to include this latest criminal tactic.

What Should You Do?

Be Suspicious of Email Names and Content

The FBI recommends that users not only be wary of the name on an email but be suspicious of https links in emails. They could be fake and lead you to a virus-laden website. Users should always question email content to ensure authenticity.

  • Look for misspellings or the wrong domain, such as an address that ends in “com” when it should be “org.” And, unfortunately, you can no longer simply trust that a website with “https” and a lock icon is secure.
  • If you receive a suspicious email that contains a link from a known contact, call the sender or reply to the email to ensure that the content is legitimate.
  • If you don’t know the sender of the email, the FBI warns that you shouldn’t respond to it.
  • Don’t click links in any emails from unknown senders.

If You Run A Business Ask Your IT Service Company About New-School Security Awareness Training For Your Employees

This will give your staff the latest information about cyber threats and exploits. They’ll learn what they need to know to avoid being victimized by phishing and other scams.

Why Use New-School Security Awareness Training?

Your employees are the weakest link when it comes to cybersecurity. You need current and frequent cybersecurity training, along with random Phishing Security Tests that provide a number of remedial options if an employee falls for a simulated phishing attack.

New-School Security Awareness Training provides both pre-and post-training phishing security tests that show who is or isn’t completing prescribed training. And you’ll know the percentage of employees who are phish-prone.

New-School Security Awareness Training…

  • Sends Phishing Security Tests to your employees to take on a regular basis.
  • Trains your users with the world’s largest library of security awareness training content, including interactive modules, videos, games, posters and newsletters, and automated training campaigns with scheduled reminder emails.
  • Phishes your users with best-in-class, fully automated simulated phishing attacks, and thousands of templates with unlimited usage, and community phishing templates.
  • Offers Training Access Levels: I, II, and III with an “always-fresh” content library. You’ll get web-based, on-demand, engaging training that addresses the needs of your organization whether you have 50, 500 or 5,000 users.
  • Provides automated follow-up emails to get them to complete their training. If they fail, they’re automatically enrolled in follow-up training.
  • Uses Advanced Reporting to monitor your users’ training progress, and provide your phish-prone percentage so you can see it reduce as your employees learn what they need to know.  It shows stats and graphs for both training and phishing, ready for your management to review.

Your employees will get new learning experiences that are engaging, fun and effective. It includes “gamification” training, so they can compete against their peers while learning how to keep your organization safe from cyber attacks.

Add New-School Security Awareness Training To Your Current Employee Training

The use of https is just the latest trick that hackers are using to fool victims into falling for malicious emails. Hackers have many more “up their sleeves.” This is why regular, up-to-date New School Security Awareness Training is so important for any organization.

Continue reading

Was Your Photo and License Plate Number Breached?

 CBD Reports 100,000 Photo and License Plate Breach

The U.S. Customs and Border Protection (CBP) reported today that nearly 100,000 travelers’ photos and license plate data were breached. If you’ve driven in or out of the country within the six-week period where the data was exposed, you could have been victimized.

CBP License Plate Breach

The department said on June 10th that the breach stemmed from an attack on a federal subcontractor. CBP learned of the breach on May 31st.

CBP report:

“Initial reports indicate that the traveler images involved fewer than 100,000 people; photographs were taken of travelers in vehicles entering and exiting the United States through a few specific lanes at a single land border Port of Entry over a 1.5 month period.”

CBP hasn’t reported when this 6-week period was.

Who Was The Subcontractor That Was Affected By The Breach?

CBP hasn’t said who the subcontractor was either. But the Register reports that the vehicle license plate reader company Perceptics based in Tennessee was hacked. And, these files have been posted online.

Additionally, the Washington Post reports that an emailed statement was delivered to reporters with the title: “CBP Perceptics Public Statement.”

Perceptics’ technology is used for border security, electronic toll collection, and commercial vehicle security. They collect data from images on license plates, including the number, plate type, state, time stamps and driver images.

Where Were The License Plate Readers Installed?

Perceptics license plate readers were installed at 43 U.S. Border Patrol checkpoint lanes in Texas, New Mexico, Arizona, and California.

CBP reports that “No passport or other travel document photographs were compromised and no images of airline passengers from the air entry/exit process were involved.”

CBP uses cameras and video recordings at land border crossings and airports. The images they capture are used as part of a growing agency facial-recognition program designed to track the identity of people entering and exiting the U.S.

Do We Know Whose Data Was Exposed?

No, we don’t. And to date, CBP hasn’t said if this data will be released. If we hear differently, we’ll be sure to report any updates, so keep watching this space.

Is Facial-Recognition A Security Threat?

Facial-recognition is a hot topic right now. The American Civil Liberties Union states:

“This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency’s data practices. The best way to avoid breaches of sensitive personal data is not to collect and retain such data in the first place.”

Congressional lawmakers have questioned whether the government’s expanded surveillance with facial recognition could threaten constitutional rights and open millions to identity theft.

Today’s technology can recognize and track us without our knowledge or an option to prevent it. It’s inevitable that a new battle between surveillance and privacy will be taking place as more breaches occur.

Continue reading

LabCorp Data Breach: What We Know

Labcorp Data Breach

Are You One Of Many Affected By The LabCorp Data Breach?

Financial & Personal Information of 7.7 Million Exposed

Just yesterday we wrote about the Quest Diagnostics’ breach affecting nearly 12 million. Today we’re writing to tell you about a LabCorp breach affecting 7.7 million people. Both of these breaches were caused by a third-party; the American Medical Collection Agency (AMCA). AMCA provides billing collection services to both LabCorp and Quest Diagnostics.

AMCA has informed LabCorp that it is in the process of sending notices to approximately 200,000 LabCorp consumers whose credit card or bank account information may have been accessed. AMCA has not yet provided LabCorp with a list of the affected LabCorp consumers or more specific information about them.

In a filing with the U.S. Securities and Exchange Commission, LabCorp said the breach happened between August 1, 2018, and March 30, 2019.

A section of the filing reads:

“AMCA’s affected system also included credit card or bank account information that was provided by the consumer to AMCA for those who sought to pay their balance. LabCorp provided no ordered test, laboratory results, or diagnostic information to AMCA. AMCA has advised LabCorp that Social Security Numbers and insurance identification information are not stored or maintained for LabCorp consumers.”

The information included in the breached system includes:

  • Bank account information,
  • Credit card information,
  • First and last name,
  • Date of birth,
  • Address and phone,
  • Date of service and provider, and
  • Balance information.

Forensic experts are investigating the breach. It’s possible that the AMCA breach could impact other companies and millions of more consumers.

What Should You Do?

Anyone who was affected by the data breach should freeze their credit report to prevent criminals from opening credit card accounts in their name. They should also be concerned that their Social Security numbers were exposed.

If you believe that your information has been leaked, you can contact LabCorp customer service on their contact page.

Continue reading

Quest Diagnostics Breach: Latest News

Are You One Of Many Affected By The Quest Diagnostics Breach?

Financial & Medical Information of 12 Million Exposed

Quest Data Breach

Quest Diagnostics reports that almost 12 million people could have been affected by a data breach.

On Monday, June 3, 2019, Quest Diagnostics said that American Medical Collection Agency (AMCA), a billing collections provider they work with, informed them that an unauthorized user had managed to obtain access to AMCA systems.

Quest Diagnostics is one of the largest blood-testing providers in the U.S.

Anyone who has ever been a patient at a Quest Diagnostics medical lab could be affected by the breach.

AMCA provides billing collection services to Optum360, which is a Quest contractor. AMCA first notified Quest about the breach on May 14th. Quest reports said that they are no longer using AMCA and that they are notifying affected patients about the data exposure.

The information included in the breached system includes:

  • Bank account information
  • Medical information
  • Credit card information
  • Social Security Numbers
  • Other personal information

In its filing, Quest reported:

“Quest Diagnostics takes this matter very seriously and is committed to the privacy and security of patients’ personal, medical and financial information.”

What Should You Do?

Anyone who was affected by the data leak should freeze their credit report to prevent criminals from opening credit card accounts in their name. They should also be concerned that their Social Security numbers were exposed.

If you believe that your information has been leaked, you can contact Quest Diagnostics’ customer service at 1 (866) 697-8378 or on their contact page.

Continue reading

Malware attack hits US accounting firms

Malware Threat

A major accounting software and cloud services company has been hit by malware, affecting their many clients across the US.

Wolters Kluwer, a major provider of tax accounting software and cloud services, has been hit by malware. The many financial software services they offer to clients across the country have been down since Monday, May 6.

The software provided by Wolters Kluwer is extremely popular in the US accounting industry. Users include every one of the top 100 American accounting firms, as well as 90% of the top banks worldwide, and 90% of Fortune 500 companies.

This malware attack comes at an especially vulnerable time when many accounting firms (and their clients) are intending to file their taxes. With their primary accounting systems offline, they won’t be able to do so, or at least not with Wolters Kluwer software.

However, it’s not as simple as just using different accounting software. Wolters Kluwer also provides cloud services to their clients, which means that necessary client financial data is stored in their servers, and inaccessible by the accounting firms during this outage.

Since the attack began Monday morning, Wolters Kluwer took many of its systems offline to slow the spread of the malware. According to representatives, they have since been working non-stop to try to eliminate the malware and bring their systems back online. They have contacted authorities and third-party forensic teams to investigate the attack.

“We’re working around the clock to restore service, and we want to provide [clients] the assurance that we can restore service safely,” said Elizabeth Queen, vice president of risk management for Wolters Kluwer, to CNBC. “We’ve made very good progress so far.”

However, end-users have still not been able to access their tax documents that are stored in Wolters Kluwers cloud servers. The many systems that Wolters Kluwer took offline on Monday include the customer services lines that end users have relied on to get info from the software provider.

When a backup customer service number was finally provided, users were told that there is no estimated window in which the services will be fully restored. For the time being, thousands of accountants at numerous firms across the US are being expected to wait and see.

Continue reading

Microsoft Accounts Targeted For Months, Hackers Serve A Security Reminder

Microsoft Outlook Security Breach

Microsoft began notifying Outlook.com users of a 2019 security breach that occurred between January 1st and March 28th. Hackers were unintentionally given unauthorized access to some accounts, where they were then able to view subject lines, email addresses, and folder names. While no login details—including passwords—were directly accessed as part of this breach, Microsoft did warn users to reset their passwords.

Although the hackers could not view the actual content in the bodies of emails nor download attachments, this incident still represents a major—and disturbing—security incident. This breach serves as a reminder to every business to tighten up its security measures and protect its assets.

Use multi-factor authentication.

Do not leave this as an optional measure for your employees; require it. Multi-factor authentication uses more than one form of identity confirmation—this is the “multi-factor”—to prove the identity of the person attempting to access a particular platform—this is the “authentication.”

Depending on where in the product the Microsoft breach happened, multi-factor authentication could even have possibly prevented or limited the breach. In general, this authentication process adds a strong layer of security. Hackers don’t usually have both the password and the PIN, secret questions, or other ability to verify their identity.

When vetting which type of authentication to implement—if you have this option—consider using the one that is easiest for employees to have on hand, but hardest for others to get a hold of. Trying to make this relatively convenient for your employees will make it easier for them to comply, which will keep your business more secure. Multi-factor authentication is a measure that should go hand-in-hand with training your employees to use strong passwords.

Account for all devices—including mobile—in your security processes.

Very few companies still limit employee access to business assets strictly to desktops at work. There is a growing trend of employees being able to work remotely, even if it is not full-time. A recent study showed that as many as 70% of employees work remotely at least once a week. Whether working from home, a rented office space, or on-the-road, they are using their devices to log in from a distance, well beyond the secured confines of your office. This figure was accounting for full-time employees; contractors only increase the number of remote workers further.

The security processes implemented at your company needs to account for how all of your employees are accessing company resources. Email access on mobile devices is one of the most common ways in which employees take their work on-the-go, and so it’s a strong starting point for building out these protocols. Because confidential company information is being accessed on these devices via networks over which companies have no control, it is critical that both the email servers as well as the devices being used have robust security systems in place.

While new improvements continue to roll out to tackle these issues, solutions that work across all devices are the norm. Security software, as well as encryption tools, can help protect data regardless of the device, particularly when combined with encouraging employees to log-in via secure VPN networks. Cloud options for data storage are offered by providers with a menu of security options; it’s worth walking through your needs and investing in top-quality solutions.

Document your security processes.

With all of the work that goes into developing security processes, even more needs to be carried out to maintain their implementation and ensure that they remain up-to-date with new tech trends and emerging risks.

This is a vast and complex undertaking. All existing assets must be brought onto any updated infrastructure. Employees must be set-up for and onboarded to the security procedures, and checkpoints must be established so that their compliance may be monitored. Systems must be monitored for any breaches, as well as smoothly updated across all users and data to accommodate any new vulnerabilities that arose since the previous update. Different components, whether hardware (including different devices, such as mobile) or software, may experience issues with any updates. New members of the internal information technology must be introduced to the systems while existing members must stay abreast of any new developments; even team members working simultaneously on the same project must address potential communications issues.

Thorough documentation of processes helps achieve this by providing an objective record of the systems in place. This can be used for onboarding; for internal audits; for evaluating alternatives or potential improvements; and even for reviewing the source of vulnerabilities and providing accountability should an issue arise. This sort of record-keeping is an essential component of transparency in company policy and helps enforce quality control on internal processes. Of course, it must also be protected with the highest measure of security since it arguably contains “the keys to the castle.” Decentralizing its storage and scattering protected, encrypted components of it across multiple storage solutions can help protect company assets from the sort of large-scale breach that could otherwise bring your data assets to their knees.

And so, the large-scale Microsoft breach serves as a reminder that active vigilance must always be maintained over internet security, without relying entirely on one single individual, provider, or service. No single entity can be trusted to be entirely safe when major players like Microsoft are clearly vulnerable, despite the teams of brilliant engineers hired to implement safeguards and the millions of dollars invested in diverse preventive measures. Every business needs to be proactive in protecting itself through rigorous internal standards, ranging from staff training through the implementation of mandatory security precautions, to minimize the risk of vulnerabilities being exposed and exploited. Factoring in every employees’ data paths and employing multiple layers of overlapping security efforts at every step of the way—and documenting these processes for easy internal accountability and refinement—are critical for business informational security in this highly connected digital age.

Continue reading

Windows 7 Support Is Ending

Windows 7 Updates 

Did you know? Microsoft is ending support for Windows 7 in January 2020. Beginning this April, Microsoft will start displaying pop-ups on all Windows 7 computers alerting the users that their support for Windows 7 will be ending.

Don’t be alarmed.  Microsoft also did the same thing with Windows XP before shutting down their support for the Windows XP Operating System.

Read More

{company} is in the process of discussing upgrade options with every one of our clients and local companies. We’d like to schedule time with you to discuss your options. Feel free to connect with us by calling {phone} or sending an email to {email}.

Continue reading

Severe Ransomware Attack Hits Global Firm

Ransomware Breach

Norsk Hydro just got hit with a major ransomware attack that took down their entire worldwide network. It happened this morning, Tuesday, March 19, 2019, and we wanted to share this with you.

They experienced widespread system outages. This has been such a disaster that their aluminum production plants are now operating manually. All of their 35,000 employees worldwide have been affected.

For details view this 18-minute briefing from Norsk Hydro.

Feel free to contact us if you have any questions.

Continue reading

New Threat Advisory: TrickBot (Warnings/Recommendations)

TrickBot is up to its tricks again. Once cyber experts get a handle on it, TrickBot releases new modules that advance its capabilities. Here’s what you need to know to protect your organization from TrickBot.


Don’t Get Tricked By TrickBot

TrickBot is up to its tricks again. Once cyber experts get a handle on it, TrickBot releases new modules that advance its capabilities. Here’s what you need to know to protect your organization from TrickBot.

What Is TrickBot?

The Multi-State Information Sharing and Analysis Center (MS-ISAC) recently released a security primer on TrickBot. Originally developed in 2016 as a Windows-based banking Trojan, TrickBot has recently advanced its capabilities.

TrickBot is a modular banking trojan that targets user financial information and acts as a vehicle for other malware. It uses Man-in-the-Browser attacks to steal financial information such as login credentials for online banking sessions. (The majority of financial institutions consider Man In The Browser attacks as the greatest threat to online banking.)

Malware developers are continuously releasing new modules and versions of TrickBot— And they’ve done this once again.

How Is TrickBot Distributed?

TrickBot is disseminated via malspam campaigns. Malspam is a combination of malware and spam. It’s usually delivered through phishing or spear-phishing emails. Its goal is to exploit computers for financial gain.

These malspam campaigns send unsolicited emails that direct users to download malware from malicious websites or trick the user into opening malware through an attachment.

TrickBot is also dropped as a secondary payload by other malware such as Emotet. Some of TrickBot’s modules abuse the Server Message Block (SMB) Protocol to spread the malware laterally across a network. (SMB is an application-layer network protocol that facilitates network communication while providing shared access to client files, printers and serial ports.)

The developers behind TrickBot have continue to add more features via modules to this potent trojan virus. It can download new modules that allow it to evolve if left unchecked.

How Does The TrickBot Malspam Campaign Work?

The malspam campaigns that deliver TrickBot use third-party branding looks familiar to you and your staff such as invoices from accounting and financial firms. The emails typically include an attachment, such as a Microsoft Word or Excel document. If you open the attachment, it will execute and run a script to download the TrickBot malware.

And, TrickBot is really tricky. It runs checks to ensure that it isn’t put in a sandboxed (quarantined) environment. Then it attempts to disable your antivirus programs like Microsoft’s Windows Defender.

And even worse, TrickBot redeploys itself in the “%AppData%” folder and creates a scheduled task that provides persistence. Persistence is the continuance of the effect after its cause is removed. So, even after you remove TrickBot, it can still create problems.

What Happens If Your Network Gets Infected With TrickBot?

TrickBot’s modules steal banking information, perform system/network reconnaissance, harvest credentials and can propagate throughout your network.


  • Will harvest your system information so that the attacker knows what’s running on your network.
  • Compares all files on your disk against a list of file extensions.
  • Collects more system information and maps out your network.
  • Harvests browser data such as cookies and browser configurations.
  • Steals credentials and configuration data from domain controllers.
  • Auto fills data, history, and other information from browsers as well as software applications.
  • Accesses saved Microsoft Outlook credentials by querying several registry keys.
  • Force-enables authentication and scrapes credentials.
  • Uses these credentials to spread TrickBot laterally across your networks.

What’s New With TrickBot?

In November 2018, a module was developed and added that gave TrickBot the ability to steal credentials from popular applications such as Filezilla, Microsoft Outlook, and WinSCP.

In January 2019, three new applications were targeted for credential grabbing: VNC, Putty, and RDP.

In addition, it can also steal credentials and artifacts from multiple web browsers (Google Chrome/Mozilla Firefox/Internet Explorer/Microsoft Edge) including your browsing history, cookies, autofills, and HTTP Posts.

How Can You Protect Your Organization From TrickBot?

We recommend that you contact us and arrange for the following to protect against the TrickBot malware:

  • Implement filters at the email gateway to filter out emails with known malspam indicators such as known malicious subject lines, and block suspicious IP addresses at the firewall.
  • Use managed antivirus programs on clients and servers, with automatic updates of signatures and software. Off-the-shelf antivirus isn’t enough.
  • Arrange for vulnerability scans to detect TrickBot or other malware threats that are hiding in your IT systems.
  • Apply appropriate patches and updates immediately after they are released.
  • Provide Security Awareness Training for your users. Regular training will ensure that they can recognize social engineering/phishing attempts, and refrain from opening attachments from unverified senders.
  • Help you employ a Password Management solution so your usernames and passwords aren’t disclosed to unsolicited requests.
  • Deploy a managed Anti-Spam/Malware Solution with the latest signature and detection rules.
  • Review security logs for indicators of TrickBot. If any are found, we can isolate the host and begin investigation and remediation procedures.
  • Make sure you adhere to the principle of least privilege, ensuring that users have the minimum level of access required to accomplish their duties. We’ll also limit administrative credentials to designated administrators.
  • Implement Domain-Based Message Authentication, Reporting & Conformance (DMARC). This is a validation system that minimizes spam emails by detecting email spoofing using Domain Name System (DNS) records and digital signatures.
  • If you don’t have a policy regarding suspicious emails, we can help you create one and specify that all suspicious emails should be reported to security and/or IT departments.
  • And more…

Don’t let TrickBot use its tricks to steal your confidential data. Contact us for comprehensive IT Security Analysis and Remediation to keep TrickBot out of your network.

Continue reading

Warning: Foreign Hackers Compromised Citrix Systems

Citrix Data Breach

Citrix said the FBI warned them on Wednesday, March 6th that hackers compromised its IT systems and stole “business documents.” Citrix doesn’t know precisely which documents the hackers obtained nor how they got in.

It’s suspected that this is a sophisticated cyber espionage campaign supported by a nation-state. The consequences of the Citrix security incident could affect a broader range of targets, as the company holds sensitive data for many companies, including critical infrastructures for governments and enterprises.

For more information click here. Feel free to contact us for assistance if you’re concerned about your IT security.

Continue reading

Windows 7: Under One Year Until Support Ends

Windows 7 End of Support

Use Windows 7? Do you love your Windows 7? Will your need or desire to continue to use Windows 7 surpass this year? If so, you should be aware that in just under one year — January 14, 2020, specifically — Windows 7 Extended Support ends for most users. As such, there are things you need to know and decisions you may have to make. This is your guide to understanding what the expiration of Windows 7 Support may mean for you in one year.

What is the Current Status of Windows 7?

Windows 7 is a reliable desktop OS for Microsoft users. When Windows 8 came out, the differences were so stark that most users preferred to stick to Windows 7.

Why would they stay with an outdated system?

Here’s what Windows 10 offers:

  • A straightforward interface that is well-designed and laid out;
  • A start menu that combines the old with the new;
  • A clutter-free and clean look that is familiar to you;
  • Thumbnail previews that allow you to automatically open an item;
  • Jump lists that allow you to quickly access files or documents you frequently use;
  • Performance that allows the system to boot up comparatively quickly;
  • A new calculator to convert units, figure out fuel economy, etc.;
  • A new WordPad that offers more formatting features; and — among many other features —
  • Upgraded and improved media player and center.

These are just a few of the reasons that so many PC users love their Windows 7 and do not want to particularly give it up, especially when they found Windows 8 a disappointment.

In fact, StatCounter suggests that 41.86% of PC users — who according to Statista makes up nearly 84% of the market share for desktop PCs — use Windows 7 still while another 42.78% use Windows 10 and a sad 8.72% use Windows 8. Those statistics say a lot about Windows 7 and suggest that a lot of people are going to need to figure out what they are going to do before January 2020, if they want their systems to be secure and updated.

Why is Microsoft ending support for Windows 7?

There is no specific reason why Microsoft is ending support for Windows 7 come January 14, 2020, except that this date is the date provided in Window 7’s lifecycle.

Windows 7 Lifecycle
October 22, 2009Date of general availability for:

  • Windows 7 Professional
  • Home Basic
  • Home Premium
  • Ultimate
October 31, 2013Retail software end of sales for:

  • Windows 7 Professional
  • Home Basic
  • Home Premium
  • Ultimate
October 31, 2014End of sales for PCs with Windows preinstalled with:

  • Home Basic
  • Home Premium
  • Ultimate
October 31, 2016End of sales for PCs with Windows 7 Professional preinstalled
January 13, 2015End of mainstream support for Windows 7
January 14, 2020End of extended support for Windows 7

As indicated in the above table, if you did not extend support for Windows 7, then the problem of extended support expiring on January 14, 2020, does not apply to you. If you had purchased that extended support, then you need to pay attention and determine what you want to do because a year will be over before you know it.

What will happen after extended support for Windows 7 expires on January 14, 2020?

Come January 14, 2020, if you are still using Windows 7, rest assured your desktop will still work; Windows 7 will continue to work beyond 2020. The issue here is your extended support.

Come January 14, 2020, extended support expires and with that expiration ends any updates to your PC. That means your system is vulnerable because the latest, most advanced security updates will not be available to you.

Who will be affected by Microsoft’s decision to end support for Windows 7?

It is important to be clear that not all Windows 7 users will be affected by the January 14, 2020 extended support expiration date. In fact, in September 2018, Microsoft announced that some business users can pay for an additional three years of security updates. Unfortunately, this does not extend to home versions.

In other words, if your windows license type is an original equipment manufacturer or a full package product, there will be no extended security updates for you, and this includes all home versions. However, if you purchased a volume license (i.e., Enterprise or Open Value) for Windows 7 Pro or Enterprise, then you can purchase the additional three years of security updates — so primarily only business users can receive the updates at a cost.

What are your options after Microsoft Windows 7 support expires?

If you absolutely must keep Microsoft Windows 7, then you have options, though they may not be optimal options. These options include:

  • Playing with the idea of purchasing an upgrade to Windows 10 and then downgrading your rights to Window 7;
  • Continuing to run Windows 7 without security updates, but this is not a good option because as computer desktops and software advance, so do the hackers capabilities (home users if careful, can consider it, but it is probably not an option for business users due to legal and liability risks);
  • Disconnecting any Windows 7 PC from the internet, but this means disconnecting you to the very thing that keeps you connected to the world, so it may not be your best option either.
  • Migrating from Windows 7 to another operating system, e.g. Windows 8 or preferably Windows 10.

What does Windows 10 offer you?

Some PC users are hesitant to switch to Windows 10 because it does have its drawbacks. Some specific Windows 10 drawbacks include:

  • The increased sense that Microsoft is invading our privacy with its default settings. Most of these setting can be changed but you must go in and manually make these changes.
  • The ability to control your updates is limited when compared to Windows 7. Plus, these updates are made without user knowledge — which only entrenches the sense that PC users are being spied on when something happens to their system without their knowledge, even if it is for their own security.
  • The interface is less customizable (e.g., can’t change colors) — and this is unfortunate in an age where we celebrate our differences, including how we set up our interface system.
  • Older programs do not run well on Windows 10, so if you have older programs, you may be in need of identifying additional and newer products or software.

That said, it is good to be reminded that even though you love your Windows 7 whether it’s because you simply love it or love it because it’s what you are familiar with, Windows 7 has its own drawbacks, too. Windows 7 drawbacks include:

  • Windows 7 was released in 2009. This was a time when iPad was a rumor and mobile phones were not as advanced. Today you want software that works across all your platforms. Windows 7 can’t do this most likely, but Windows 10 can.
  • If you ever needed to use a virtual desktop then you know this feature is not available in Windows 7 unless you use Desktops v2.0 software. Virtual desktops allow you to organize your space better and have become an essential tool for modern-day users. Windows 7 does not offer this capability easily but Windows 10 does.
  • We all know Apple’s Siri and Google Now. These are convenient built-in assistants to help us do anything from scheduling tasks or appointments, dictating notes, playing music, adding reminders, and much more. Windows 7 does not have a built-in assistant but Windows 10 does: Cortana.
  • Ever been in your Windows 7 and want to search the web from your desktop and then realize you can’t. To search the web, you have to navigate to the right tab and then look something up. Windows 7 does not offer a convenient search feature for the internet, but Windows 10 does: the search bar allows you to search anything from your folders, apps, files, Windows store, and the Internet.
  • Gaming is another thing so many of us like to do today aside from work. Windows 7 has always been a trusted gaming platform — so this is not a drawback except for the fact that Windows 10 has built on Windows 7 gaming capabilities to make it even better. So, if you like gaming, whether it’s DirectX 12, PC Game DVR, or Xbox one game streaming, among others that you like to use for gaming purposes, then Windows 10 offers the best performance for you.

How to determine what you should do about your Windows 7 come January 14, 2020?

If you are one of those PC users to be affected by the end of extended support for Windows 7 in January 2020, then you have to determine what you will do. The last section implicitly directs you in which way you may consider, but if you are not yet confident in Windows 10, ask yourself the below two sets of questions:

  1. Do you use your computer to access the internet? If so, do you keep private information online or conduct private matters online, i.e., financial information, tax information, banking, consumer purchasing via Amazon or other outlets, etc.?
  2. Do you like Microsoft’s operating system Windows? Do you want to stay with Windows (but not Windows 8)? If so, would you like something similar to Windows 7 but operates better?

If you answer yes to these questions, then it is safe to say you should consider Windows 10. A free upgrade to Windows 10 expired in 2016, but the price you pay today can save you in the long run.

So, now you have it. There’s a lot to consider if you use Windows 7 and like using it. If you are an owner of a volume license for business users, then you do have a viable and reasonable solution to the deadline: you can purchase another three years of security updates. This option provides you ample time to consider other options and train personnel on new desktop operating systems.

But if you are not a volume license holder, then you really need to consider what you intend to do. Security is highly important today in our virtual worlds and without it, you risk impacting your so-called “real” world. A hacker can destroy what you have built up over the years, from finances to projects to just about anything that is maintained or kept on your computer, in the cloud, or online. The issue of the January 14, 2020 expiration for Windows 7 extended support is indeed a serious one.

Continue reading

FBI Warns Businesses Of Cyber Attack From China

Chinese Hackers

Who Has Been Impacted by Chinese Cyber Attacks?

At the beginning of the year, the FBI warned businesses to protect themselves from cyber attacks by foreign entities, saying activity has spiked in the past 18 months.

Hewlett Packard and IBM are among the businesses most recently targeted. There’s a National Counter-Intelligence and Security Center that manages intelligence efforts for the U.S. government. It recently launched a campaign to address continuing threats. The center warns that many companies need to be more to protect against cyber theft.

Foreign governments accused of cyber attacks against the U.S. include Russia, China, Iran and North Korea, with China receiving the most scrutiny in recent reports.

How Do Hackers Breach Company and Government Security?

According to Entrepreneur magazine, hackers create fake social media accounts to get people to reveal work and personal information. One of the ways to guard against bad actors is to carefully scrutinize social media requests from people that aren’t personal connections and to research apps before using or downloading them, as well as keeping antivirus software up-to-date.

The FBI warning including a brochure entitled, “Know the Risk, Raise Your Shield” that targets federal employees. The recent warnings follow a string of cases against individuals and organizations accused of stealing proprietary information from U.S. government and businesses.

Nine cases filed since July 2018 include two hackers investigators say are linked to the main Chinese spy agency. Knicknamed APT 10, they allegedly stole corporate and government information via cyber attacks on employees.

Has There Been an Uptick in Recent Activity?

The breach of private businesses by Chinese hackers first hit news headlines in 2014, when Sony Pictures was hacked. This prompted an agreement in 2015 between Chinese President Xi Jinping and then President Barrack Obama that curbed cyber attack for a while.

At FireEye, a cybersecurity firm, analysts track hackers working on behalf of the Chinese government. The firm’s representative says attacks are on the uptick recently. These hacking groups are referred to as Red Leaves, cloudhopper, and APT10.

Managed Service providers are among the groups targeted. MSPs supply technology, telecommunications and other services to business clients. If they can break the security systems of such companies, Chinese hackers gain access to the sensitive data of the MSP’s clients.

APT10 has routed malware via an MSP network to its business targets. However, there are many steps businesses can take to protect their employees and data from prying eyes in cyberspace.

What Should Business Do to Raise Their Shields?

U.S. businesses should take proactive measures to safeguard against cyber attacks from Chinese hackers via email, social media and other points of entry.

This includes ensuring that advanced detection tools are utilized on network and email servers to safeguard access to company data. Regular threat assessments and employee training can help. This provides a diagnosis of the state of a firm’s cyber defenses regarding advanced persistent threats that attempt to find breaches in the company’s firewall. Precautions taken against the intrusion of foreign governments include:

  • Fortify access controls. Evaluate the plans, policies, and procedures that govern corporate technology to keep proprietary data safe. This could include that installation of multi-factor authentication (MFA), data encryption and solidifying a layered defense system on all possible points of cyber attacks.
  • Training. Make cybersecurity education and training a top priority. Everyone from the Board of Directors and C-Suite to individual employees needs to understand how to avoid cyber attacks by avoiding fake emails, malware and weak password strategies, among other efforts.
  • Incident response plan. Organization leadership and key technical personnel must develop a protocol for dealing with threats. This should include representatives from business administration, information technology and operations.
  • Crisis communications plan. Align the protection policy to risk management methodologies and the business needs of employees.
  • Adopt a monitoring, detection and response plan. Quickly detect intrusions and breaches via rapid-respond plans to effectively eradicate the malware or other methods of entry.
Continue reading

Should Your Business Upgrade It’s Website To WordPress 5.0.2

Should You Upgrade Your WordPress Site To 5.0.2

Only a few short weeks ago, we wrote about the introduction of WordPress 5.0 in early December and discussed whether or not your company should upgrade now, never or at a later date. Our recommendation was to wait until some of the bugs had been worked out of the system and until your business has a slow time of year to ramp up to the new way of posting with this new update. It seems that we were on the right track since WordPress has just made WordPress 5.0.2 available to the public, a maintenance release that addresses 73 known bugs associated with WordPress 5.0.

What is WordPress 5.0.2?

WordPress 5.0.2 seeks to address some of the problems that users have been having with the new WordPress 5.0 release. Most of these issues are associated with the block editor feature. Unlike previous WordPress releases, 5.0 is a WYSIWYG editor and requires no HTML or coding knowledge. According to WordPress, the new maintenance release increases the posting speed by 330 percent (for a post with 200 blocks). It also includes 45 block editor improvements, fixes 17 known block editor bugs and addresses some internationalization issues. You can view a complete list of the problems discussed with 5.0.2 on the WordPress website.

Should we upgrade to WordPress 5.0.2?

Our original opinion on whether to upgrade to WordPress 5.0 now or wait still stands. We still feel it’s prudent to expect since many businesses are otherwise occupied with end-of-the-year tasks in December and January and a radical revamping like 5.0 is likely to have a few growing pains. Also, 5.0 uses Gutenburg, which is not compatible with many WordPress plug-ins. As with any upgrade, we also recommend backing up all of your WordPress files before you download WordPress 5.0.

However, if you have already upgraded to WordPress 5.0, it is a good idea to go ahead and download the 5.0.2 maintenance release. This is likely to make your WordPress experience less troublesome and less time-consuming. To upgrade to WordPress 5.0.2, download WordPress 5.0.2 or go to your WordPress dashboard, go to Updates and click Update Now. In fact, you may already have the new maintenance release. Websites that support automatic background updates have already started to update automatically.

To learn more about using WordPress, deciding whether WordPress 5.0.2 is the right choice for you and your company, and to learn ways to make your website more efficient for both you and your readers, contact Ulistic.com or call us at (enter contact info). We can also help you with backing up your data before your upgrade.

Continue reading

Have You Made Up Your Mind Regarding Your 2019 Technology Plan?

December 31st is Make Up Your Mind Day

As New Year’s Eve approaches, it’s time to remember its other name: Make Up Your Mind Day. As the last day of the business year for most companies, it’s also a vital point for putting your plans for the next year into action. Unfortunately, creating a business technology strategy can be a complicated process for many IT professionals. Which way will your company go in the new year?

Make Up Your Mind Day

December 31 is Make Up Your Mind Day.  So have you made up your mind regarding your 2019 technology plan?

Here are a few ideas to keep in mind as you work on developing your business technology plan for 2019:

Have You Made Up Your Mind Regarding Your 2019 Technology Plan?

  • Look at digitizing: The process of turning your organization from a traditional one to a digital enterprise is a complex process and requires a great deal of thought and investment to pull off well. Companies that lack a solid understanding of the challenges and opportunities are among the reason why 84% of attempts at digitization end in failure. Make sure you prioritize this vital part of your company’s growth for the upcoming year.
  • Consider legacy assets: Will that old server holds out a few more years or is it time to upgrade the aging sales software instead? Though legacy assets can be challenging to incorporate into your existing scheme, it’s much easier than it was just a few years ago given the prevalence of solution-based software. However, there’s a particular point where it’s just more straightforward to say goodbye to these old classics. Fortunately, there are a few easy signs to help you recognize whether that time has come.
  • Contemplate what tech employees use: Should you dictate to employees the technology they should use when at work? Considering the prevalence of mobile devices and the focus on specific brands, the iOS versus Android battle may appear front and center at your workplace very soon. With 38% of employees resenting management dictating what tech they can use on the job, it’s important to consider more comprehensive solutions that allow employees to work more productively.
  • Take a look at the long-term goals: Trying to bring your business into the fourth industrial revolution without long-term goals to guide you would be like Columbus taking off across the Atlantic without an astrolabe. You know you’re following something, but you waste a lot of time and effort trying to get there. Our friends at Hacker Noon have a great article on how to break down large, seemingly impossible goals into shorter goals, allowing you to navigate from one point to another without being lost in an ocean of planning.
  • Consider upgrades: What condition are those old workstations in? What about that series of laptops that you’re continually making repairs to or sending out for warranty work? When you have the budget available, upgrade or replace poor-performing assets in your system to improve your overall uptime and reduce the amount of work that needs to happen to keep things rolling. This gives you more free time for strategizing to get your business ahead.
  • Make it mobile: If you’re not mobile by this point, you’re missing out. There are so many tools available to help you improve productivity, whether it’s connecting social media accounts, communicating with teams, taking remote payments or having music while you’re wrapping up quarterly reports. Adding mobile capability means your entire team can be more productive on the go, whether waiting for the VP for the meeting or dealing with an emergency from around the globe.
  • Contemplate automation: What does your workflow look like? If you still have manual processes that can be automated, you’re wasting money. Whether it’s marketing tasks that can be more easily handled by a bot on Facebook, a tracking system for your warehouse to make your pickers more efficient or any number of other tasks, automation keeps your business rolling smoothly and efficiently while making your operation more flexible.

With digitization breathing hot down the necks of most IT professionals, having a solid technology strategy in place can make the difference between success and failure of the business as a whole. As IT shifts from an ancillary department to the central core of a company, it’s important to make sure that the leadership is in place to strategize this shift and ensure that it can be made successfully without costing the business more than necessary to provide an excellent outcome.

Continue reading

Happy Wright Brothers Day – December 17

On December 17, 1903, Orville and Wilbur Wright made the first successful flight in a mechanically propelled airplane. To celebrate the accomplishment and commemorate the achievements of the brave brothers, December 17 became Wright Brothers Day by a 1959 Presidential Proclamation. Wright Brothers Day is now honored every year in the United States with festivities and activities.

Wright Brothers Day

A Land of Innovation and Invention

In the nation’s beginnings, the founding fathers had to cross an unfriendly ocean to live in uncharted land. Early settlers made their way across the vast landscape, using their strength and ingenuity to adapt to often harsh conditions.

Over the history of the US, Americans laid track to build railroads to span the nation, while other Americans built the cars that would change the way people live. The Wright Brothers succeeded in their revolutionary flight soon after.

What Was Once Thought Impossible

Before the Wright Brothers launched their flight, most people could not imagine that flight by humans was possible. Earlier efforts to leave the ground were limited, because there was no way to sustain flight or control a contraption in the air. The Wright Brothers knew that they would need to be able to control the wings and nose so that a pilot could navigate while in the air.

While it seems obvious now, their ideas changed the way humans view the world. People felt attached to the earth, trapped in two dimensions. Once people were able to fly, they could see the world from an entirely new perspective. Distances become relative, and the world seems both grander and more interconnected. The boundaries that used to limit people’s activities no longer hold that control over our lives.

Humble but Loving Beginnings

Milton and Susan Wright were the parents of Orville and Wilbur, and they encouraged their sons to learn about whatever they could and to travel to other parts of the world. Mr. Wright was a bishop in the United Brethren Church, and his position caused him to travel a lot for church business. While he was away, he sent many letters and gifts home to his family, exposing them the many fascinating wonders the world has to offer.

Wilbur and Orville started in the printing business and even had their own newspaper for a while. They started their own bicycle business in 1894, making and selling bikes to turn a profit. But their dreams were always bigger.

When Wilbur and Orville started seeing other inventors’ attempts at building flying machines, the brothers figured out where they were going wrong. Their first gliders did not succeed, but the Wright Brothers kept trying until they achieved their dream. The Wright Brothers decided what they wanted to do, and then they realized what other people couldn’t with their own abilities.

Continue reading

Sextortion Scam Pretending To Come From Your Hacked Email Account

A recent sextortion scheme highlights the vulnerability users face when their data is stolen and used against them.

The widespread threat made it seem as though a hacker had compromising video of a victim taken while visiting adult pornographic websites. The scammers threatened to release the video unless they were paid in bitcoins.

Sextortion Scam

Here’s a closer look at the threat and how to prevent such ruses in the future.

What Happened in the Sextortion Case?

The latest fraud was different from earlier sextortion cases in one significant aspect. Victims were targeted with an email that appeared to come from their very own email account.

In the past, similar hacks used passwords to an adult website that had been stolen in a data breach. The scammer would threaten to release information about the victim’s activity in exchange for cryptocurrency.

Are These Schemes Successful?

The risk of public embarrassment is a powerful motivator for many victims who would rather pay than be exposed for visiting questionable websites. The recent scheme was first noted in the Netherlands, where it reportedly netted €40,000 in short order. That kind of quick cash is highly motivating to hackers looking to make a large amount of money fast.

What Did the Sextortion Email Say?

The English version of the scam had a subject line that included the victim’s email address and “48 hours to pay,” e.g. “ 48 hours to pay,”

In broken English, the scammer claimed to be part of an international hacker group that now had access to all accounts and gave an example of a stolen password.

Throughout several months, the email alleged, the victim’s devices were infected with a virus from visiting adult websites. Now, the hackers had access to a victim’s social media and messages.

“We are aware of your little and big secrets … yeah, you do have them,” the email continued. “We saw and recorded your doings on porn websites. Your tastes are so weird, you know.”

The email further claimed to have recordings of the victim viewing these websites and threatened to release them to friends and relatives. It demanded payment of $800 in bitcoin within 48 hours of reading the message. If the funds were received, the data would be erased. If not, videos would be sent to every contact found on the victim’s device.

For unsuspecting victims, receiving such an email could be terrifying. That’s why so many people succumb to such demands and pay up.

What Can Users Do?

While it’s easy to be scared into sending payment, the reality is that these emails can be ignored and deleted. It’s a good idea after doing so to run an anti-virus scan on all your devices to be sure that there is no malware installed.

Many of these scams occur because a domain has been hacked. However, these vulnerabilities can be eliminated by using some basic protections. Using domain name system (DNS) records designed for email validation and authentication are an essential first step. Here are three of the most common:

  • SPF. A sender policy framework (SPF) verifies that an email that claims to come from a domain is associated with an authorized IP address. An SPF can detect faked sender email addresses in spam filters. Hackers are less likely to target such domains for phishing attacks.
  • DKIM. DomainKeys Identified Email (DKIM) lets an email receiver verify that an email coming from a domain was authorized by that domain. Senders need to attach a digital signature to each outgoing message that’s linked to a domain name. The recipient’s system can compare that signature to a published key.
  • DMARC. Layered on top of SPF and DKIM is domain-based message authentication, reporting and conformance protocol (DMARC). Established in 2011, DMARC allows email senders to publish policies about unauthorized email. Also, email receivers can provide reporting to those senders. Both are designed to build a domain reputation and credibility about Domain-issued emails.

Your users and domains are vulnerable to hackers looking to exploit technology to shame people into paying. With the right technology assessments, security protocols and safeguards in place, your systems will be protected and dissuade hackers from attacking your sites in the future.

Continue reading

Happy National App Day: December 11th

Even though the word App is relatively new, it has become popular in everyday terminology as its uses have changed lives in the modern world. Almost all mobile phones are now smartphones, so even those individuals who were apprehensive about using new technology now use apps on a daily basis. That is why we now celebrate National App Day every year on December 11.

National App Day

What is an App?

The word “App” was listed as the word of the year by the American Dialect Society in just 2010, showing just how quickly apps have become a regular part of society. But people already use the word so much they don’t really think of where it comes from. While the term “app” is short for “application,” common usage has changed the meaning.

An app is actually a kind of computer software or a program, and now usually refers to a very small one used on mobile devices like smartphones and tablets. Initially, the term could have meant any mobile or desktop application, but the term has quickly evolved to conform to the way people use it. Now there are thousands of apps, and some individuals and businesses design and run their own apps to make specific tasks easier.

Kinds of Apps and Main Uses

There are three basic kinds of apps, but Web Application Apps are used through a browser and Hybrid Apps have characteristics of both Web Application Apps and Native Apps. Native Apps are the ones used on mobile devices, and they only work on certain devices and have a special source code.

Of course, once someone understands how apps work they can create a new one to perform specific functions. Apps are available on Google Play for Android users, Apple’s App Store, the Windows Phone Store and BlackBerry App World. There are currently millions of apps, and prices range as widely as uses. Some apps are entirely free, while others have a recurring rate.

  • Apps can be used for communication, including encrypted phone calls or video phone.
  • Apps can be used for entertainment, providing movies, books and music.
  • Travel apps provide needed information and tools, helping with everything from transportation to finding the closest restaurant.
  • Many people use apps for games, playing simple games like solitaire or complicated games with players around the world.
  • Many apps provide important tools, helping people organize their homes or perform essential functions at work.

There is no reason to think the proliferation of apps will slow down any time soon, if ever. It only remains to be seen how many people will adopt these handy tools to perform more and more specific jobs. Hopefully, people will be thinking of the endless possibilities as they celebrate National App Day on December 11.

Continue reading

Important FBI/DHS Warning: Update On FBI and DHS Warning: SamSam Ransomware

The Department of Homeland Security and the Federal Bureau of Investigation issued a critical alert Dec. 3, warning users about SamSam ransomware and providing details on what system vulnerabilities permit the pernicious product to be deployed.

SamSam Ransomware

According to the alert, which came from the DHS’s National Cybersecurity and Communications Integration Center (NCCIC) along with the FBI, the SamSam actors targeted multiple industries—some within critical infrastructure—with the ransomware, which also is known as MSIL/Samas. The attacks mostly affected victims within the United States, but there was also an international impact.

As pointed out in the alert, organizations are more at risk to be attacked by network-wide infections than individuals because they are typically in a position where they have no option but making ransom payments.

“Organizations that provide essential functions have a critical need to resume operations quickly and are more likely to pay larger ransoms,” the alert states.

That does not mean individual systems cannot or are not attacked, but they are targeted significantly less by this particular type of malware.

How do SamSam actors operate?

Through FBI analysis of victims’ access logs and victim-reporting over the past couple of years, the agencies have discovered that the SamSam actors exploit Windows servers and vulnerable JBoss applications. Hackers use Remote Desktop Protocol (RDP) to gain access to their victims’ networks through an approved access point and infect reachable hosts. From there, the cyber actors “escalate privileges for administrator rights, drop malware onto the server, and run an executable file, all without victims’ action or authorization,” the report states.

RDP ransomware campaigns are typically accomplished through stolen login credentials—sometimes purchased from darknet marketplaces—or brute force attacks. Since they do not rely on victims completing a specific action, detecting RDP intrusions is challenging, according to the alert.

Ransom notes instructing victims to establish contact through a Tor hidden service are left on encrypted computers by the SamSam attackers. Victims are assured that once they pay the ransom in Bitcoin, they will receive links to download cryptographic keys and tools for decrypting their network.

Where did SamSam originate?

The Department of Justice recently indicted two Iranian men who allegedly were behind the creation of SamSam and deployed the ransomware, causing approximately $30 million of damage and collecting about $6 million in ransom payments from victims. The crippling ransomware affected about 200 municipalities, hospital, universities and other targets during the past three years, according to an article from Wired.

Keith Jarvis, a senior security researcher at SecureWorks, reiterated the sophistication of the SamSam ransomware and how it gains access to systems through weak authentication or vulnerabilities in web applications, methods that don’t require the victim to engage in a particular action. Hackers also go out of their way to target specific victims whose critical operations rely on getting systems up and running as quickly as possible, making them more likely to simply pay up.

What technical details about SamSam are important?

In the joint DHS and FBI report, the federal agencies provided a list, though not exhaustive, of SamSam Malware Analysis Reports that outline four variants of the ransomware. Organizations or their IT services administrators can review the following reports:

MAR-10219351.r1.v2 – SamSam1

MAR-10166283.r1.v1 – SamSam2

MAR-10158513.r1.v1 – SamSam3

MAR-10164494.r1.v1 – SamSam4

What mitigation and prevents practices are best?

In general, organizations are encouraged to not pay ransoms, since there is no guarantee they will receive decryption keys from the criminals. However, relying on a contingency plan or waiting out an attack, as advised by the FBI, is difficult when an entire operation has been compromised.

The best course of action is for organizations to strengthen their security posture in a way that prevents or at least mitigates the worst impacts of ransomware attacks. The FBI and DHS provided several best practices for system owners, users and administrators to consider to protect their systems.

For instance, network administrators are encouraged to review their systems to detect those that use RDP remote communication and place any system with an open RDP port behind a firewall. Users can be required to use a virtual private network (VPN) to access the system. Other best practices, according to the report, include:

  • Applying two-factor authentication
  • Disabling file and printer sharing services when possible, or using Active Directory authentication or strong passwords for required services
  • Regularly applying software and system updates
  • Reviewing logs regularly to detect intrusion attempts.
  • Ensuring third parties follow internal policies on remote access
  • Disabling RDP on critical devices where possible
  • Regulating and limiting external-to-internal RDP connections
  • Restricting the ability of users to install and run the unwanted software application

This just scratches the surface of actions that administrators and users can take to protect their networks against SamSam or other cyber-attacks. The National Institute of Standards and Technology (NIST) provides more thorough recommendations in its Guide to Malware Incident Prevention and Handling for Desktops and Laptops, or Special Publication 800-83.

Information technology specialists can also provide insight and advice for how organizations can detect gaps or vulnerabilities in their cyber-security that leave them susceptible to SamSam or other malware infections.

Continue reading

Threat Advisory: SamSam Ransomware

SamSam Ransomware is becoming a massive problem for multiple industries across the United States. In fact, the problem is so big that The Department of Homeland Security, (DHS), National Cybersecurity and Communications Integration Center, (NCCIC), and the Federal Bureau of Investigation, (FBI), have all recently issued a US-CERT alert due to the SamSam ransomware. Like other types of ransomware, files and networks are infected. In exchange for uninfected the system, hackers want a ransom, that typically costs thousands upon thousands of dollars. Every company that runs a network needs to be aware of SamSam ransomware. Here is what you need to know about this topic.

SamSam Ransomware

What is SamSam Ransomware?

SamSam ransomware is a type of ransomware that is designed to exploit Windows servers to gain access to your network. Once it is in the network, it uses the JexBoss Exploit Kit to access your JBoss applications. This type of ransomware is also able to use Remote Desktop Protocol to access your network. The virus is difficult to detect, due to the path it takes to access your system. Once the virus has made its way inside, hackers are able to get administrators rights, putting their malware on your server and basically hijacking your network. They do not release their hold on their network until you pay them the ransom they are asking.

What Can You Do to Decrease Your Chances of Getting SamSam Ransomware?

It is extremely important that you take the correct precautions to decrease your chances of getting infected with SamSam ransomware.

One of the steps you can take is to enable strong passwords and an account lockout policy. If you have strong passwords and a good lockout policy in place, it makes it much harder for the software to hack into your system and infect it. Enabling multi-factor authentication can also help. Before any new software can be installed, before software can be wiped or before changes can be made to your network, authentication is needed. The more authentication levels you have, the harder it will be for any ransomware to infect your system.

Unfortunately, while you can decrease your chances of getting infected with SamSam ransomware, there is no way to prevent infection altogether. As such, it is essential that you regularly install system and software updates and maintain a great backup system for all of your data and systems. This way, if you do get infected, you have a recent back-up for all of your system and data. You can wipe your current, infected system and start fresh from your backup point, without losing much at all.

How Can You Learn More About SamSam Ransomware?

If you are looking to learn more about SamSam ransomware, including the technical details surrounding it. It is highly recommended that you read through the SamSam Malware Analysis Reports that have been released by the US-CERT. A list of the reports, including links, are included here:

SamSam Ransomware is infecting computer systems and networks in multiple industries all across America. It is important that you learn what this ransomware is and how to protect yourself against it. Taking the right action can help to minimize the chances of your network being held ransom by SamSam ransomware.

Continue reading

Mobile? Grab this Article!

QR-Code dieser Seite