by Felicien | Apr 16, 2019 | Education
A recently announced hack data security breach of Microsoft’s Outlook.com product has many wondering how to work with MSP customers to understand the scope and impact.
Ulistic recently spoke with several MSP security experts to understand more about the breach and next steps.
What Happened to Outlook.com Data?
It appears that the breach occurred when a support agent’s access credentials were compromised. Support agents are customer service representatives that handle technical issues and complaints. That led to unauthorized access to a portion of the accounts on Microsoft’s web email service from January 1 to March 29, 2019.
The hack apparently affected Hotmail and MSN users in addition to Outlook account holders. In an email to users, Microsoft noted that, “This unauthorized access could have allowed unauthorized parties to access and/or view information related to your email account (such as your e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses you communicate with), but not the content of any e-mails or attachments,”
Microsoft also said that the hackers were able to access content on about 6 percent of users.
Is That the Complete Scope of the Breach?
Not necessarily.
“At this time the impact of this particular breach is still under investigation,” noted Swinburne Charles of Checksum Systems, a Toronto IT services company. “However, overall it would not surprise any security expert that far more users were affected. The mere fact that the Microsoft support engineer’s credentials were affected so long would imply that the perpetrators had unfettered access to millions of email addresses and could have simply ‘botted’ their way around those mailboxes, scraping information such as name, email address, mail subject, and message body.”
Phil Cardone of Radius Executive IT, a Boston-area IT company, pointed out that Microsoft support technicians do not have access to end-user protected data. “This breach could have been much worse if the hackers had destructive intent and compromised the integrity of the Microsoft Office 365 environment,” Cardone said.
“The impact of this attack shows how vulnerable we all are to hacking,” added Anthony Buonaspina of Long Island, New York-based IT support company LI Tech Advisors. “Even through no fault of our own, our information can be compromised by a lapse in security by some individual at a company that maintains our information. It’s scary that these types of hacks can happen without our knowledge and we may or may not even get notified for months after an attack.”
What Should I Do If I Have an MSN, Hotmail or Outlook Account?
In cases like this, it’s important to take precautionary steps, whether or not your account is affected.
“Users should continue to employ safe email practices, keeping an eye out for an increase in phishing emails designed to solicit a response,” said Sarah Ober of Washington, D.C.-based IT company Intelice. “Attackers gained access to email addresses of contacts and had visibility into subject lines of emails, which could be used in targeted attacks.”
Buonaspina, Cardone and Charles all urged users to change their passwords immediately. Charles noted that companies “should not skimp” on deploying two-factor or multi-factor authorization for systems and applications. Cardone encouraged global account administrators to firm up security on Office 365 tenant accounts and using Office 365 Secure Score to assess and provision as many precautions as possible.
Is This Attack Like Other Ongoing Breaches or Is Something More Significant about This One?
“This attack is like many other ongoing breaches where soft passwords or internal security procedures are lax, allowing for security breaches like we see with Microsoft,” Buonaspina said. “What’s more significant about this one is that it undermines our trust in a major corporation. If they can’t get it right, how the hell are smaller, less security-minded companies supposed to keep their data and their clients’ data safe?”
Ober noted the need for end-user vigilance. “One concerning part about this breach was that it involved compromised credentials of a Microsoft support technician, and lasted for multiple months before being remediated,” she said. “It highlights the importance for all support staff to be vigilant with their own chain of security, as it is only as strong as the weakest link.”
“This attack went after the back-end system infrastructure versus the actual end-user experience,” Cardone explained. “A typical breach may affect day-to-day interactions between people and organizations, whereas this attack could have affected the structural integrity of the Microsoft Office 365 system infrastructure. This could have been much worse than it was.”
by Felicien | Apr 16, 2019 | Education
Large software and hardware manufacturers are generally a trusted source for updates, but that same level of trust with consumers is what makes these groups a heavy target for hackers. The recent infiltration of ASUS made it all too clear that no one is safe from the threat of malware attacks. The Taiwan-based tech giant recently was the high-profile victim of hackers as their automatic update tool was leveraged to distribute a malicious backdoor on nearly a million computers and other devices before the discrepancy was identified — over five months after the update was launched.
Trusted Digital Signature — Tainted Software
The malware distribution took so long to identify due to the accurate digital signature that the hackers were able to put in place. ASUS computers accepted the malware due to the “acceptable” digital signature, even though the software package itself was tainted. The delivery package was only the first wave of the attack, opening a potential vulnerability in the systems that were affected. Now, hackers are able to target these machines at will. To date, only about 600 machines have been hit with this second-stage attack. The hack happened sometime in late 2018, with Kapersky notifying ASUS of the situation in January 31, 2019.
ASUS Implements Advanced Security Measures
How is ASUS responding? Oddly enough, they didn’t raise the alarm with customers until digital security firm Kapersky went public with their findings around the attack, which they’re calling ShadowHammer. This notification to customers downplayed the severity of the attack, calling it an “attempt to target a very small and specific user group” in the official statement posted on their website. ASUS noted that they released a fix in the most recent version of the Live Update, one that included additional security measures that were meant to reduce the possibility of this happening in the future. Not only did the company strengthen its end-to-end software architecture, but they also enhanced the overall encryption of their updates.
Supply Chain Attacks Growing in Prominence
This is far from the first time that attackers have decided to go up the supply chain to target computers. The notPetya cyberattack that devastated machines throughout the US, Europe, Australia and Asia was delivered as an upgrade to popular accounting software that experts claim was made not for the demanded ransom — but just to spread mayhem throughout the world. The hackers who built and distributed the ransomware used much of the code from Petya, but that is where the similarities ended. With notPetya, the cybercriminals clearly didn’t think through their process for collecting money from victims, as it quickly disintegrated under the pressure of organizations attempting to pay and request their unlock keys. Unfortunately, the damage was already done as not Petya spread rapidly through networks, infecting machines and destroying files as it went. Microsoft, CCleaner and Transmission are a few other organizations that have been the victim of this type of attack vector over the past decade.
Are My Computers Infected?
With any attack of this scale, the first question on business owners’ minds is whether or not their organization may be vulnerable to this particular issue with ASUS. The service professionals at ASUS have been busily reaching out to customers since the update was released, along with the recommendation that you update their latest security patches and updates to ensure that the effects of the hack are washed from your system. Security giant Kapersky Labs has created an easy tool to determine whether your device was one of the millions affected by ShadowHammer, with the results based on your MAC address.
With hundreds of thousands of devices receiving the primary payload and only 600 devices targeted for a secondary wave, cyberattacks such as ShadowHammer are meant to cast a wide net in the hopes of getting the highly detailed information on a limited audience that they need. A key benefit of working with an IT solutions provider is their constant focus on security, allowing them to proactively scan sources such as Kapersky and take immediate measures to remediate the scope of the attack.
by Felicien | Apr 16, 2019 | Education
There is any number of reasons to encrypt an email in Microsoft Office Outlook, anything from details about your salary to negotiations to purchase a business. With the state of cybersecurity, you need to know that you are protected from individuals who may attempt to hijack your email as it is in transit between locations, too. Fortunately, Outlook has the functionality built in that will allow you to quickly and easily encrypt your email as well as stop people from forwarding the email message.
Why Is Email Encryption Important?
The rise of malware and ransomware has made many users wary of opening emails, and definitely can make you question opening any attachments — even those from a known user. One of the key reasons for utilizing email encryption is to prevent an attacker from intercepting emails and reading them, or even adding a questionable attachment that could be infected with malware. While there are some web-based encryption platforms, the most effective are often those that are built directly into the email platform being used by staff members on a daily basis.
Email Encryption in the Enterprise
Email encryption options have been around for years and can provide your email and attachments an added level of security that could be necessary for sensitive conversations. In the past, it’s been a bit more challenging to apply encryption and even required an add-in or separate application in order to ensure that your corporate emails are safe in transit. As far back as Office 2007, there’s been the ability to add one-click encryption that applied to a single message. You also have the option to encrypt all outgoing messages, a crucial addition for financial and legal organizations. Network eavesdroppers will be thwarted by this advanced function of Microsoft Outlook. If you are using the Office 365 suite, you can find instructions for encrypting your emails on Microsoft’s help site.
How Does Email Encryption Work?
It’s important to understand that email encryption is a two-way street. Not only is it required that you have the software options available to encrypt messages that you are sending, but your recipient must also be able to remove the encryption with a key in order to view the message or attachment. In Outlook, there is a certificate generated that allows you to store the email in your Sent items as well as provides recipients with a way to respond to the email — as you’ll have to open the encrypted file when it is returned to you. This can become problematic when you have multiple people on a distribution list for your email. When recipients are within your organization, Exchange server stores a copy of the encryption key for each individual on the server for ease of use.
Microsoft Outlook is one of the most widely-used email platforms in the country, especially for business professionals. The simple instructions for email encryption and the quick application of the rule for all emails means it is easier than ever to protect your confidential messages.
by Felicien | Apr 16, 2019 | Education
The image of a traditional PBX phone system may make you uncomfortable because systems in the past were either tied into a particular type of hardware or an individual vendor. While that may make you want to shy away from the enhanced functionality that you receive with a PBX system, today’s telephone switching is radically different than in the past. There are many flexible options for implementing your PBX (Private Branch Exchange) system, including virtual solutions as well as on-premise hosting. Learn more about PBX phone systems and see why they may be the right choice for your business.
Using Technology to Reduce Restrictions
Creating an extensible telecommunications system is crucial, as businesses communicate in more varied ways than ever before. Simply connecting two individuals via phone could include a complex dance of rerouting calls to a mobile phone, translating audio voice mails to text and routing faxes to an email address. With the new Open-Standards-based IP PBX, Internet Protocol is the underlying transport technology that is used to deliver telephone calls. This less restrictive option for communications delivery provides enhanced functionality for your investment.
PBX Features and Functionality
There are a wide variety of PBX phones, with the traditional analog PBX phone system managing calls by connecting over copper wiring — with the hardware generally living inside the telecom closet of your office. Analog PBX systems connect to POTS, or Plain Old Telephone Systems, lines that pre-date the internet. VoIP (Voice over Internet Protocol) or on-premise PBX systems utilize broadband internet to replace the copper lines, allowing these systems to deliver high-definition telephone calls and video. This provides the ability to provide sophisticated PBX features, including:
Call queuing
Application integration
Flexible business hour rules
A unified communication system with your CRM (Customer Relationship Management) software
Automatic Call Distribution queues that can evenly distribute calls throughout a department
Call transfers between extensions
Detailed records of incoming and outgoing calls
These advanced functions make it simpler for businesses to provide the flexibility that workers need to be productive regardless of their physical location.
Should You Choose On-Premise or Virtual Hosting for Your PBX?
Virtual hosting is an increasingly popular option for businesses that are interested in purchasing a PBX system. Also known as hosted VoIP, this internet phone system provides all of the call routing and management as well as the advanced features that you would expect from a PBX system. Instead of the upfront cost associated with purchasing a PBX system for on-premises use, you’ll pay a service provider a monthly fee to manage all of the hosting for your business. Per-minute charges may apply and there may be additional costs for extending the system with integrations or advanced functionality.
With on-premise PBX, businesses find that this option is more similar to a traditional PBX system. Your business buys the hardware and physically hosts the machines in a server room or phone closet. The key difference between an on-premise VoIP PBX is that it will leverage the internet connectivity for your office. You will still need a provider to handle the gateway for calling, but your ongoing monthly cost will likely be lower than a virtually hosted instance after you’ve covered the costs of expenses.
Determining which option is right for your business requires finding a strong partner with a deep understanding of the technology, who is willing to listen to the needs of your business and make a solid recommendation. The true benefit of investing in a PBX phone system is that you are providing your business with the telecommunications flexibility and the extensible system that will serve your needs both now and in the future.
by Felicien | Apr 16, 2019 | Education
Firewalls were developed over thirty years ago and function as the first line of defense for many business networks. This piece of network equipment is a perimeter defense that determines whether packets can move into or out of the network. While the basic concept of a firewall is simple, the way that it performs this function and the features it offers continue to evolve based on current threats.
Types of Firewalls
Firewalls come in two major categories: hardware and software. The physical firewalls are network appliances that connect to the rest of the IT infrastructure so it’s able to monitor packets. There are several methods they can use to secure the network and assist with thwarting potential intruders.
Hardware Firewalls
Stateful
Stateful firewalls retain information about the connections being made. It offers good performance because this technology allows it to skip inspecting every single packet. Once it has inspected a connection, it allows it for subsequent packets.
Application-level
Application-level firewalls that are hardware based are designed to protect the application’s connections. They address common attack methods used on that type of application, such as stopping cross-site scripting for a web application.
Proxy
When someone thinks about a standard firewall, a proxy firewall is most likely what’s on their mind. It stands between a host device and the data source and inspects the packets that are sent between them. This type of firewall may not stand up to complex attacks due to its simplicity, but it masks a lot of the network information.
Circuit-level
This firewall is another basic one that focuses on checking the TCP handshake. It’s not resource intensive since it doesn’t look at the packet, but that does mean that it won’t protect against sophisticated attacks.
Next Generation
These firewalls have advanced features that give businesses more ways to stop malicious traffic from making it through the appliance. Some examples of these include deep packet inspection, checking attachments in sandboxes, and terminating encrypted traffic. Third-party data can be incorporated into the rules and filters of the firewall to improve protection against emerging threats. They can also incorporate technology that is found in other types of IT security hardware, such as intrusion detection. The drawback of this firewall type is that it can significantly slow down network traffic.
Software-based Firewalls
Virtual Appliance
This firewall is a software package that’s installed on the business network and does not rely on a hardware appliance for protecting traffic.
Application-level
Some applications have firewalls built into the software itself to act as a second layer of protection. Anything that gets through the physical firewall of the business network and reaches the application layer needs to go through another inspection. These firewalls focus on threats that are most common for that piece of software.
Cloud-based
A cloud-based firewall leverages cloud computing technology for the virtual appliance. Some advantages of a cloud firewall include the ability to scale quickly, high availability, and cost-efficiency. For organizations with limited IT budgets, using a cloud-based service can give them access to powerful features that they wouldn’t have access to without paying a substantial upfront hardware fee.
The right firewall for your organization depends on the typical threats that you face, the sensitivity of the information you’re protecting, and your performance requirements.
