WANTED:

3 New Clients

We are looking for a couple of new clients. The ideal candidates:

  • have 10 or more PCs
  • who want lightning fast response to their IT problems
  • who want IT support with a “Today, Not Tomorrow” attitude
  • are tired of 2nd rate IT support
  • who don’t like IT surprises
  • are willing to pay a set monthly fee for IT service
  • who want honesty, reliability and predictability out of their IT Vendor
  • who are most likely (but, not required) in the Professional Services industry such as Medical, Law, Engineering, or Accounting fields

If you are ready to talk about making a switch of IT vendors, give us a call.

Computer Networks of Roanoke, Inc.
Hank Wagner
hank.wagner@computernetworksinc.com
757-333-3299 x232

Lessons from WannaCry

Recently, you most likely watched widespread news coverage of a new cyber attack called WannaCry. It infected over 200,000 computers worldwide and locked numerous organizations out of their data, including hospitals in the United Kingdom.

There are several reasons this attack gained so much attention. First, it spread rapidly from computer to computer by attacking a known weakness in Windows computers. Second, the attack was a type of malware called Ransomware, which meant that once it infected your computer it encrypted all your files, locking you out of your data. The only way you could recover your data was from backups or by paying the attacker a $300 ransom to decrypt all of your data. The third and most important reason this attack gained so much attention was because it never should have happened.

The weakness that WannaCry attacked in Windows computers was well known by Microsoft, which had released a fix months earlier. But many organizations failed to install the fix, or were still using operating systems that are no longer supported by Microsoft.

The takeaways:

  • You must keep your Operating Systems current (no XP Pro or Vista)
  • You must patch those Operating Systems
  • You must patch the other programs that reside on your networks (Adobe Reader, Flash, Java, etc.)
  • You must run Endpoint Protection (antivirus) on all PCs and Servers
  • You must have a business grade firewall with Intrusion Prevention enabled
  • You should have a backup program capable of offsite backups

nocloud

Apple Transparency Report Shows Increased U.S. National Security Requests

Apple this week released its transparency report for the second half of 2016, revealing that U.S. government national security requests rose markedly from the previous six-month period.

According to the semiannual report, from July 1 to Dec. 31, 2016 Apple received between 5,750 and 5,999 FISA (Foreign Intelligence Surveillance Act) orders and National Security Letters, involving 4,750-4,999 accounts. This represents a significant jump from the first half of 2016, during which Apple received a range of 2,750-2,999 orders, involving 2,000-2,249 accounts.

The number of national security requests that the U.S. has issued to Apple continues to grow since the company first reported this statistic in its second-half 2013 transparency report. That report tallied only 0-249 such requests over the last sixth months of 2013.

Globally, law enforcement agencies worldwide requested details about Apple accounts linked to potential unlawful activity 2,231 times in the latter half of 2016. Apple cooperated in 79 percent of these cases, providing just metadata in 1,350 instances and actual content in 410 cases. Apple challenged or outright refused 175 of these requests. The requests involved 8,880 accounts in total.

The U.S. was responsible for 1,219 of these global account requests. Apple complied with these U.S. 83 percent of the time, offering metadata in 636 cases and content in 372 instances, while denying or challenging 71 such requests. Germany sent the next most requests, followed by Hong Kong, the UK, Australia, and then Spain.

Defense Contractor Leaves Sensitive Files on Amazon Server With No Password

defensecontractorSensitive files linked to the United States intelligence agency were reportedly left on a public Amazon server by one of the nation's top intelligence contractor without a password, according to a new report.

UpGuard cyber risk analyst Chris Vickery discovered a cache of 60,000 documents from a US military project for the National Geospatial-Intelligence Agency (NGA) left unsecured on Amazon cloud storage server for anyone to access.

The documents included passwords to a US government system containing sensitive information, and the security credentials of a senior employee of Booz Allen Hamilton, one of the country's top defense contractors.

Although there wasn't any top secret file in the cache Vickery discovered, the documents included credentials to log into code repositories that could contain classified files and other credentials.

Roughly 28GB of exposed documents included the private Secure Shell (SSH) keys of a Booz Allen employee, and a half dozen plain text passwords belonging to government contractors with Top Secret Facility Clearance, Gizmodo reports.

The exposed data even contained master credentials granting administrative access to a highly-protected Pentagon system.

The sensitive files have since been secured and were likely hidden from those who didn't know where to look for them, but anyone, like Vickery, who knew where to look could have downloaded those sensitive files, potentially allowing access to both highly classified Pentagon material and Booz Allen information.

"In short, information that would ordinarily require a Top Secret-level security clearance from the DoD was accessible to anyone looking in the right place; no hacking was required to gain credentials needed for potentially accessing materials of a high classification level," Vickery says

Password Manager Program Hacked

OneLogin, an online service that lets users manage logins to sites and apps from a single platform, says it has suffered a security breach in which customer data was compromised, including the ability to decrypt encrypted data.

Onelogin, Headquartered in San Francisco, provides single sign-on and identity management for cloud-base applications. OneLogin counts among its customers some 2,000 companies in 44 countries, over 300 app vendors and more than 70 software-as-a-service providers.

“The threat actor was able to access database tables that contain information about users, apps, and various types of keys. While we encrypt certain sensitive data at rest, at this time we cannot rule out the possibility that the threat actor also obtained the ability to decrypt data. We are thus erring on the side of caution and recommending actions our customers should take, which we have already communicated to our customers.”

Gartner Inc. financial fraud analyst Avivah Litan said she has long discouraged companies from using cloud-based single sign-on services, arguing that they are the digital equivalent to an organization putting all of its eggs in one basket.

“It’s just such a massive single point of failure,” Litan said. “And this breach shows that other [cloud-based single sign-on] services are vulnerable, too. This is a big deal and it’s disruptive for victim customers, because they have to now change the inner guts of their authentication systems and there’s a lot of employee inconvenience while that’s going on.”

The takeaway:

If you are going to use a password management program, pick one that stores your data locally on your PC and not in the “Cloud”.

Fireball:

It Is Not a Beverage

A Chinese digital marketer is to blame for the spread of malware called Fireball that reportedly has turned 250 million web browsers into ad-revenue generating “zombies” and infected 20 percent of corporate networks around the world.

The malware hijacks browsers and generates revenue for a Beijing-based digital marketing agency called Rafotech, said Check Point Software Technologies, which made the claim in a report published Thursday. Check Point calls this “possibly the largest infection operation in history,” and added that it can be turned into a distributor of any other malware family.

“Currently, Fireball installs plugins and additional configurations to boost its advertisements, but just as easily it can turn into a prominent distributor for any additional malware.”

According to Check Point, victims are infected with Fireball via stealth installs bundled with desirable Rafotech apps such as Deal Wifi, Mustang Browser, Soso Desktop and FVP Imageviewer. Additionally, it has been distributed via third-party freeware and spam campaigns.

Geographically hardest hit, so far, is India with 10 percent of infections, Brazil and Mexico; the United States represents 2.2 percent of infections.]

Ransomware: Best Practices for Prevention and Response

  1. Backup your files often and move them offsite- there are no guarantees that you can recover from Ransomware or that paying a ransom will unlock your files
  2. Educate your staff- do not click any web link that they are unfamiliar with and do not open any email attachment they are not expecting
  3. Restrict Network Administrator access- do not allow every user on your network to have the ability to go everywhere and do every thing
  4. Run an Endpoint Protection (antivirus) software- then insure that it updates itself hourly and performs a full scan nightly
  5. Update your software- you must patch your Windows Operating systems and you must installed patches and updates on the other programs that run on your network
  6. Install a Unified Threat Management (UTM) firewall- then enable ALL of the security features that are built into that firewall
  7. Block inbound emails that are on “black lists”- companies have a responsibility to keep their networks free of viruses, malware, Trojans, etc. If they do not, then their email servers are blacklisted
  8. Block firewall connections from foreign countries- unless you are doing business in a foreign country, why give them the opportunity to attempt to connect to your network

These are just a few basic things that you should be doing on your network to protect your business from the Internet. Feel free to give us a call if you have more questions.

Funnies

Computer Problem Report Form

 

  1. Describe your problem: ___________

 

  1. Now, describe the problem accurately: ___________
  1. Speculate wildly about the cause of the problem: ___________
  1. Problem Severity:
    1. Minor__
    2. Minor__
    3. Minor__
    4. Trivial__
  1. Nature of the problem:
    1. Locked Up__
    2. Frozen__
    3. Hung__
    4. Shot__
  1. Is your computer plugged in? Yes__ No__
  1. Is it turned on? Yes__ No__
  1. Have you tried to fix it yourself? Yes__ No__
  1. Have you made it worse? Yes__
  1. Have you read the manual? Yes__ No__
  1. Are you sure you've read the manual? Yes__ No__
  1. Are you absolutely certain you've read the manual? No__