by Felicien | Mar 19, 2019 | Education
Norsk Hydro just got hit with a major ransomware attack that took down their entire worldwide network. It happened this morning, Tuesday, March 19, 2019, and we wanted to share this with you.
They experienced widespread system outages. This has been such a disaster that their aluminum production plants are now operating manually. All of their 35,000 employees worldwide have been affected.
For details view this 18-minute briefing from Norsk Hydro.
Feel free to contact us if you have any questions.
by Felicien | Mar 19, 2019 | Education
Endless airline terminals. Overpriced airport food. Overly-close seating on packed planes. What’s there to love about business travel? Sure, there are some road warriors who appreciate never having to clean a room or make a bed as they spend all their time in hotels, but for most people, business travel is simply something to be endured. Even 10 years ago, it would have been challenging to have the kind of high-speed access and seamless experience that you need for video conferencing, but today’s a different story. See how you can save time and money by utilizing some of these next-gen video calling apps.
Business Happens Everywhere
Workers want to be able to be productive anytime, anywhere — and that could include while watching their child’s baseball game, stepping out of a client meeting for a few minutes or even from home on the weekends. This is especially true of small business owners who are never truly off duty. Fortunately, video conferencing software and apps have come a long way from the fuzzy, slow-moving images and poor sound quality of the past to provide crystal-clear images and sound with no noticeable lag. If you haven’t tried it lately, video calling apps are now quite seamless to use and work equally well from your desktop, laptop, tablet or mobile phone.
Benefits of Video Calling
Let’s face it: travel is expensive, and the cost is not always justified for the value that you provide. There are certainly times when business travel will still be required, but many negotiations and conversations can happen equally well over a high-speed video call. Phone calls without video are not enough to provide you with the nuanced information that you receive when you’re able to see someone directly in front of you, and video calling fits that bill nicely. Business is increasingly global in nature, making video calls one of the few cost-effective ways to work with teams that are scattered throughout the region — or the world. Until the last few years, it was a bit more difficult to ensure that both individuals or teams had access to the right software and hardware to make video calling truly viable. With the majority of laptops being shipped with high-resolution video conferencing hardware already installed and the prevalence of smartphones, that is no longer the case.
Top Video Calling Apps
While certainly not an exhaustive list, here are a few of the top video conferencing apps that are used in business today:
Skype — consistently one of the top-rated apps by technology professionals and users
Zoom — free video calling that allows you to instantly share information from your phone
Cisco WebEx — businesses professionals love it, and there are extensive shared workplaces available in the platform
GoToMeeting — quickly and easily collaborate with partners and clients in real time
Slack— cross between a chat platform and video conferencing, built specifically for team communication
No matter what your video calling needs are, there’s probably a platform on the market today that will fulfill your needs — and cost far less than relying on expensive business travel.
by Felicien | Mar 18, 2019 | Education
TrickBot is up to its tricks again. Once cyber experts get a handle on it, TrickBot releases new modules that advance its capabilities. Here’s what you need to know to protect your organization from TrickBot.
Don’t Get Tricked By TrickBot
TrickBot is up to its tricks again. Once cyber experts get a handle on it, TrickBot releases new modules that advance its capabilities. Here’s what you need to know to protect your organization from TrickBot.
What Is TrickBot?
The Multi-State Information Sharing and Analysis Center (MS-ISAC) recently released a security primer on TrickBot. Originally developed in 2016 as a Windows-based banking Trojan, TrickBot has recently advanced its capabilities.
TrickBot is a modular banking trojan that targets user financial information and acts as a vehicle for other malware. It uses Man-in-the-Browser attacks to steal financial information such as login credentials for online banking sessions. (The majority of financial institutions consider Man In The Browser attacks as the greatest threat to online banking.)
Malware developers are continuously releasing new modules and versions of TrickBot— And they’ve done this once again.
How Is TrickBot Distributed?
TrickBot is disseminated via malspam campaigns. Malspam is a combination of malware and spam. It’s usually delivered through phishing or spear-phishing emails. Its goal is to exploit computers for financial gain.
These malspam campaigns send unsolicited emails that direct users to download malware from malicious websites or trick the user into opening malware through an attachment.
TrickBot is also dropped as a secondary payload by other malware such as Emotet. Some of TrickBot’s modules abuse the Server Message Block (SMB) Protocol to spread the malware laterally across a network. (SMB is an application-layer network protocol that facilitates network communication while providing shared access to client files, printers and serial ports.)
The developers behind TrickBot have continue to add more features via modules to this potent trojan virus. It can download new modules that allow it to evolve if left unchecked.
How Does The TrickBot Malspam Campaign Work?
The malspam campaigns that deliver TrickBot use third-party branding looks familiar to you and your staff such as invoices from accounting and financial firms. The emails typically include an attachment, such as a Microsoft Word or Excel document. If you open the attachment, it will execute and run a script to download the TrickBot malware.
And, TrickBot is really tricky. It runs checks to ensure that it isn’t put in a sandboxed (quarantined) environment. Then it attempts to disable your antivirus programs like Microsoft’s Windows Defender.
And even worse, TrickBot redeploys itself in the “%AppData%” folder and creates a scheduled task that provides persistence. Persistence is the continuance of the effect after its cause is removed. So, even after you remove TrickBot, it can still create problems.
What Happens If Your Network Gets Infected With TrickBot?
TrickBot’s modules steal banking information, perform system/network reconnaissance, harvest credentials and can propagate throughout your network.
TrickBot:
Will harvest your system information so that the attacker knows what’s running on your network.
Compares all files on your disk against a list of file extensions.
Collects more system information and maps out your network.
Harvests browser data such as cookies and browser configurations.
Steals credentials and configuration data from domain controllers.
Auto fills data, history, and other information from browsers as well as software applications.
Accesses saved Microsoft Outlook credentials by querying several registry keys.
Force-enables authentication and scrapes credentials.
Uses these credentials to spread TrickBot laterally across your networks.
What’s New With TrickBot?
In November 2018, a module was developed and added that gave TrickBot the ability to steal credentials from popular applications such as Filezilla, Microsoft Outlook, and WinSCP.
In January 2019, three new applications were targeted for credential grabbing: VNC, Putty, and RDP.
In addition, it can also steal credentials and artifacts from multiple web browsers (Google Chrome/Mozilla Firefox/Internet Explorer/Microsoft Edge) including your browsing history, cookies, autofills, and HTTP Posts.
How Can You Protect Your Organization From TrickBot?
We recommend that you contact us and arrange for the following to protect against the TrickBot malware:
Implement filters at the email gateway to filter out emails with known malspam indicators such as known malicious subject lines, and block suspicious IP addresses at the firewall.
Use managed antivirus programs on clients and servers, with automatic updates of signatures and software. Off-the-shelf antivirus isn’t enough.
Arrange for vulnerability scans to detect TrickBot or other malware threats that are hiding in your IT systems.
Apply appropriate patches and updates immediately after they are released.
Provide Security Awareness Training for your users. Regular training will ensure that they can recognize social engineering/phishing attempts, and refrain from opening attachments from unverified senders.
Help you employ a Password Management solution so your usernames and passwords aren’t disclosed to unsolicited requests.
Deploy a managed Anti-Spam/Malware Solution with the latest signature and detection rules.
Review security logs for indicators of TrickBot. If any are found, we can isolate the host and begin investigation and remediation procedures.
Make sure you adhere to the principle of least privilege, ensuring that users have the minimum level of access required to accomplish their duties. We’ll also limit administrative credentials to designated administrators.
Implement Domain-Based Message Authentication, Reporting & Conformance (DMARC). This is a validation system that minimizes spam emails by detecting email spoofing using Domain Name System (DNS) records and digital signatures.
If you don’t have a policy regarding suspicious emails, we can help you create one and specify that all suspicious emails should be reported to security and/or IT departments.
And more…
Don’t let TrickBot use its tricks to steal your confidential data. Contact us for comprehensive IT Security Analysis and Remediation to keep TrickBot out of your network.
by Felicien | Mar 18, 2019 | Education
Creating a business continuity plan is one of the most important things a company can do.
Business continuity ensures that your business is back up and running after a critical disruption, such as a natural disaster or cyberattack.
What Is Business Continuity?
Business continuity is a big-picture approach that ensures normal business operations are continued during an emergency. It’s designed to identify and mitigate risks, assign roles and provide clear communication to key parties.
Why Is Business Continuity Important?
Business continuity allows your business to keep running during or soon after a crisis. Not having a business continuity plan carries great risks, including:
Loss of customers
Extended downtime and subsequent revenue loss
Reputation erosion
Regulatory non-compliance
Creating a business continuity plan helps you maintain control and calm in what may otherwise be a chaotic environment.
What Are the Components of a Business Continuity Plan?
There are several core components of a business continuity plan:
Identify the team
Understand data
Assess and rank risks
Prioritize essential services
Price and build solutions
Develop policies and communicate
Test and refine
Each of these steps helps to create a broader understanding of both the threats and how the company addresses them should they materialize.
How Do You Build a Continuity Team?
Business continuity needs to begin at the highest leadership levels and buy-in needs to be built at every level. Every department or business unit should be involved in order to provide perspective on what’s most important and critical across the company.
The team should comprise members who have a deep understanding of how the business works, make good decisions and communicate clearly. This team may be different from a disaster recovery team, which focuses on remediation — dealing with an emergency when it materializes.
How Does Data Fit In?
Understand your data is crucial, especially when risks and solutions become clearer. It’s important to understand what data your company has, especially information that is personal or proprietary.
Your company needs to understand how the data is collected and formatted, where it’s stored, who has access and how it’s accessed.
How Do We Identify Risks?
Risks can take on many forms, some of which are more severe than others. While most people consider natural disasters and cyberattacks as the most common threats, there are other risks that present a threat to the enterprise. Some of these other risks need to be addressed immediately, just like a fire or ransomware attack.
It’s worth repeating that business continuity is about keeping the business operational while the threat is being addressed. These risks include:
Natural disasters
Cyber attacks
Data loss or theft
Employee error
Emerging competitors
Shifting market conditions
Political changes or legislative action
Loss of customers or crucial staff
The assessment phase requires identifying the risks and ranking them. Companies should determine the following for each risk:
Likelihood of occurring
Potential impacts e.g. financial, reputational, regulatory
Some models define risk as the product of the two (Risk = Likelihood x Impact).
How Are Risks Prioritized?
Once the risks are identified, they need to be prioritized. The most urgent risks should be given the highest priority. One way to think about risk is to consider the services that are most essential to your business viability. Is it the production of goods or services that your customers depend on? What about processes that need to be carried out for regulatory compliance?
Part of this assessment should include the impact of incidents on your most important customers. How likely are they to leave? What do they need that you provide to them?
Next, your teams need to create solutions to the most urgent risks. These may involve recovering key data and restoring online access to applications. They may require new IT solutions that strengthen network protection and monitor activity.
The identified solutions need to be priced before the company chooses which risk mitigation work should be financed first. Cost and feasibility may require a reprioritization of the risks.
When Do We Create Policy and Processes?
An important component of business continuity is developing the governance policies around governance during and after an emergency, how communications flow and from whom, and what systems are prioritized. The processes detail roles and actions to take at each phase of disaster recovery.
Once these documents are created, it’s important to share them and educate employees about what they mean. Understanding these processes before an incident occurs helps employees to react more effectively.
How Do You Know If Your Plan Works?
Testing is an important part of business continuity. Simulated drills can identify how employees perform, how effective the plan is and what needs to be changed. The value of a business continuity plan comes from continual reassessment, reprioritization, retesting and revising.
Disasters and incidents can derail companies in many ways. Business continuity planning helps minimize those impacts on your company and keeps you running during and after an emergency. To learn more about business continuity planning, download this free template.
by Felicien | Mar 18, 2019 | Education
Email is one of the primary forms of communication for today’s active businessperson, but there are certainly some challenges when you’re on the go. It’s not unusual to start an email on one device and save it as a draft to finish up later from your desktop. This productivity hack allows you to quickly jot down ideas on your mobile phone and save the email for further refinement when you’re back in the office. See some additional best practices for keeping your email synced across devices.
The Rise of Mobile Email
The share of global web pages served to mobile phones has changed dramatically over the past 10 years, from less than 3% in 2010 to over 52.2% (and climbing!) in 2018 according to Statista. This doesn’t even include tablet traffic, which accounts for approximately another 10% of traffic in the United States. The same shift can also be seen in email, with the percentage of emails being opened on mobile devices growing to 55% or greater. Return Path, an email data aggregator, shared that the converse is true for emails opened within an internet browser; this number has dropped from 37% in 2012 to 28% in 2017. These dramatic shifts are representative of the way we create emails, too.
The End of Poorly-Worded Mobile Messages?
While it would be great to note that the increased ability to work cross-platform would mean that you’re less likely to receive poorly-worded, autocorrected emails that originated on a mobile phone, but that’s probably too much to ask. However, the ease with which you can save messages for later editing and sending may reduce the possibility that it’s obvious your email was jotted down on a mobile phone. Business professionals are more likely to take the time to create a well-written message that covers the necessary points when they’re able to re-read the note on their laptop. Few people are able to flawlessly compose a thoughtful email message on a 4″ mobile screen.
Taking Control of Your Inbox
It’s all too easy to allow your inbox to control your life and make you extremely reactive, especially when your emails are close to hand at all times on your mobile devices. It’s essential to stay organized to reduce the possibility that you’ll miss replying to an important message when you’re on the go. Try using labels for “Need to Reply” or “Respond Tomorrow” that will prompt you to draft a reply the next time you’re in the office.
Don’t lose productivity when you’re out of the office — simply jot notes to yourself for later refinement! You’ll love this time-saving trick, and your email recipients will appreciate that your emails have had a few minutes of review and editing before they’re fired out of your Sent mailbox.
