Archive Monthly Archives: January 2018

The Comprehensive Guide to Understanding and Stopping Ransomware

The Comprehensive Guide to Understanding and Stopping Ransomware

Parkway tech


Cybercriminals are everywhere. Both domestically and around the world, countless hackers work day in and day out to penetrate the digital defenses of businesses just like yours, using a variety of proven, effective, and ever-evolving methods. Whether they infect your system with malware hidden in a seemingly innocuous email attachment or con an unsuspecting employee out of vital information through social engineering, the end results are the same: data loss, financial damages, lawsuits, reputational damage, bankruptcy, and worse.


Our team of certified system professionals understand how serious the modern threat of cybercrime is to businesses in your industry, which is why we’ve developed this whitepaper as a vital resource to show you how hackers think, what methods they use, and how you can stop them from victimizing your business. Without the right knowledge, tools, and technology to prevent hackers from stealing your information, your business is left prone to a major data breach.

A recently popular type of malware is the “ransomware” variety, which encrypts a victim’s files (making them unreadable) and only offers the key to recover them after a ransom has been paid. The unfortunate reality is that when it comes to your business’ vulnerability to ransomware and other types of malware, it’s not a matter of IF, it’s a matter of WHEN. There are simply too many varieties of ransomware to guarantee total safety for your business.

IT security can be a complicated and scary subject when it comes to modern cybercrime tactics such as ransomware. Most business owners cannot confidently claim that their business’ network is secure. Can you?

When it comes to ransomware, the most important consideration is email security, and often, it can be as simple as ensuring that you and your staff know what to look for.

What makes a victim a victim?

 The short answer is lack of awareness. Almost no hacking attempt can be a success without the victim playing at least some role in the process, such as:

  • Visiting a malware-infected, unsecured website, either via an email, inappropriate browsing habits, or otherwise.
  • Opening an untrustworthy attachment in an email from a hacker that’s disguised as coming from a sender such as a business contact, employee, client, government agency, etc.
  • Downloading files that include a stow-away malware program or virus.
  • Conducting any of the above while logged in with administrator rights provides even greater access to the hacker that’s infecting the system.

The bottom line is that digital security begins and ends with the user. Regardless of how modern, expensive or well-recommended your security software is, one wrong move by a single employee can be all it takes to infect your system. But that’s not the only threat to your security… 

Is your technology making you an easy mark? 

Outdated, unsecured, and just plain faulty technology is just as likely to make you an ideal target for hackers as an unsuspecting employee is. A major part of the investment in new technology is that it comes prepared to handle all previously identified hacking threats and security loopholes. The older your technology is, the more vulnerable it is to new hacking techniques. Here are three vital considerations you should keep in mind when evaluating your current technology:

  • Patch regularly, and patch often: Did you know that the most common way cybercriminals get into a network is through loopholes in popular third-party programs? That means the computer programs you rely on to get work done every day could be leaving you vulnerable to security breaches if you fall behind on updates. That’s why patch management is such a crucial part of proper IT security, in order to help you stay ahead of the non-stop tide of oncoming digital threats.
  • End of Life (EOL) is FINAL: As good as it is to run a frugal business, it’s important to keep in mind that you’re not a college student trying to make an old, beaten up laptop last until you can afford a new one. You’re running a business, with much more to invest in and much more to lose. When your software reaches EOL, it will no longer receive the vital security patches it needs to keep you safe. At that point, as much as you may like the current operating system, you have to let it go and replace it with the new, secure version.
  • Legacy technology isn’t worth the risk: Legacy software is often the gap in an otherwise capable suite of digital armor. Your business may have a brand new infrastructure, top-of-the-line security technology, and fresh-out-of-the-box desktops, but in the end, your unpatched, out of date legacy web browser will be what does you in. Just as with EOL, don’t let your favorite bit of technology put you at risk.

What is malware, exactly?

 It’s a word you’ve probably heard a lot. You know it’s bad, and that you have software (anti-malware) designed to help you stop it. But in the end, if you don’t really understand how the enemy operates, how can you expect to defeat it?

Malware comes in many different forms and is used by hackers in a number of different ways. It can be used to steal information, locate vulnerabilities in your IT systems for a secondary attack, or simply to cause damage. While cybercriminals continue to innovate new forms of malware and the ways they use it, there are currently three main types that you should be familiar with:

  • Malicious Scripts: This type attacks when you or a member of your staff visit the wrong web page. With the right conditions (user with admin rights, an outdated browser, lack of anti-malware software), simply loading the wrong web page is enough to infect your system.
  • Malicious Scripts: This type attacks when you or a member of your staff Embedded Media: While this form also attacks from a web page, it is through an infected media that is embedded in the site, such as a video or audio file. If your browser media player isn’t up to date (which is extremely common among today’s users), simply playing the media file can lead to a malware infection. the wrong web page. With the right conditions (user with admin rights, an outdated browser, lack of anti-malware software), simply loading the wrong web page is enough to infect your system.
  • Infected Files: The oldest form of the three is also the simplest. By downloading and running files (media codecs, screensavers, desktop images, etc.) that they haven’t properly inspected ahead of time, or that contain a hidden malicious file, the user openly invites malware into the system.

Types of Ransomware 

While there are currently three basic forms of ransomware, cybercrime methodology is constantly evolving. In order to stay effective, hackers work non-stop to find new ways to deploy ransomware; keep in mind that best practices can quickly become outdated.

  • Locker ransomware: This type works by denying access to the infected device. Generally, the scheme involves posing as a member of law enforcement and claiming that the victim has been a party to illegal activity (copyright infringement, illicit photography or media, etc.).
  • CryptoLocker ransomware: This type employs powerful encryption to lock down the victim’s files and data, even if the malware is removed It usually makes its way to the user’s device through an email attachment that they are tricked into opening.
  • Crypjoker: This form emerged as recently as January 2016, specifically targeting Windows operating systems to encrypt and lock down the user’s data. As opposed to CryptoLocker, Crypjoker gets to the victim as a PDF file attached to an email.

How Can You Keep Your Business Safe From Ransomware?

 When developing your ransomware defense, keep these recommendations in mind:

  • Make a considerable investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when necessary.
  • Test your backup and cybersecurity measures thoroughly and regularly; create dummy files and then delete them to see how fast they can be restored, or schedule a day to literally unplug your critical systems to find out how long it takes to get online again.
  • Be sure to make the most of the available resources (both provided online and through expert IT consultants) to ensure that you’re not overlooking vulnerabilities in your IT security methodology.
  • Employ email filtering, encryption, and continuity solutions to ensure that your lines of communication are secured.
  • Equip your business with industry-tested security solutions like firewalls, antivirus, antimalware, and network monitors to keep your systems safe from external threats.
  • Make sure your software and browsers are updated and patched on a regular basis.
  • Train your employees in best practices for safe browsing and email conduct so that they don’t click the wrong link or download the wrong file.

Seems like a lot, right? 

That can be a lot to handle for a business owner like yourself. You have clients to see to, employees to manage, and more on your plate every single day; should you really be expected to also oversee regular maintenance of your cybersecurity all on your own?

Of course not! 

The best way to ensure that your business is kept safe is by outsourcing your cybersecurity management to a reliable and experienced Managed Services Provider like our Information Systems experts. For an easily budgeted monthly flat rate, you can enjoy the peace of mind that comes with knowing your business is safe from the whatever modern cybercriminals may throw at it.

law_ebook

Can Your Legal IT Services Firm
Keep Law & Order With Your
Practice's Technology?

Learn how Parkway's Legal IT Services helps firms across North Carolina achieve better results.

Click Here
Download Our Free Report

Meltdown and Spectre Spawn New Round of Phishing Scams

Meltdown and Spectre Spawn New Round of Phishing Scams

Parkway tech


The recent announcement of the vulnerabilities found in the Intel, ARM, and AMD processors has sparked a new phishing campaign and not the good kind of fishing with bait and largemouth bass. Although, these hackers are using a particular kind of bait.


While Meltdown and Spectre require access to your system, hackers have various ways to gain access. Already hackers are using phishing emails to trick users into giving them access. They send out an email claiming to contain a patch for Meltdown or Spectre. Instead, the email installs malware on your system. This malware gives the hacker access to your system, allowing them to exploit the bugs and take the unprotected data.

Be wary of social engineering scams like phishing emails. Hackers are all too eager to take advantage of problems like this, and unfortunately, some people are so eager to fix the problem that they might not realize that the “patch” they just clicked on is now allowing a hacker to steal all their data.

WHAT IS PHISHING? 

Phishing is a hacking technique that “fishes” for victims by sending them deceptive emails. The “ph” replaces the “f” in homage to the first hackers, the “phone phreaks” from the 1960’s and 1970’s. Virtually anyone on the internet has seen a phishing attack. Phishing attacks are mass emails that request confidential information or credentials under pretenses, link to malicious websites or include malware as an attachment.

Many phishing sites look just like the sites that they are impersonating. Often, the only difference in many spoofed sites is slight, and easily missed the difference in the URLs. Visitors can easily be manipulated into disclosing confidential information or credentials to the hacker if they can be induced to click the link. Even blacklisted phishing sites can often get by standard filters through the technique of time-bombing the URLs. Then the URL will lead to an innocent URL initially to get past the filters but then redirect to a malicious site.

Although malware is harder to get past filters, recently discovered and zero-day malware stands an excellent chance of getting through standard filters and being clicked on, especially if malware hides in a non-executable file such as a PDF or Office document. This is how many of the recent ransomware attacks were pulled off. 

Now with Meltdown and Spectre looming over us, the average person is more susceptible to “quick fixes” and solutions to this issue.

Despite the lack of personalization, an astonishing 20% of recipients will click on basically anything that makes it to their inbox.

SPEAR PHISHING 

Spear phishing is an enhanced version of phishing that aims at specific employees of the targeted organization. The goal is usually to gain unauthorized access to networks, data, and applications. In contrast to the mass emailing of a phishing attack, which might see hundreds of attack messages sent out to random recipients within the space of a couple of hours, spear phishing is methodical and focused on a single recipient. Often the initial email will contain no URL or attachment. Instead, it will simply try to invoke the recipient into thinking that the sender is who they say they are. Only later on will the hacker request confidential credentials or information, or send a booby-trapped URL or attachment.

The additional customization and targeting of a spear phishing email, along with the lack of easily recognized blacklisted URLs or malware customization results in click-rates more than 50%!

law_ebook

Can Your Legal IT Services Firm
Keep Law & Order With Your
Practice's Technology?

Learn how Parkway's Legal IT Services helps firms across North Carolina achieve better results.

Click Here
Download Our Free Report

Major Security Flaw Discovered In Intel Processors

Major Security Flaw Discovered In Intel Processors

Parkway tech


Potentially every Intel processor sold in the last 10 years could have a critical security vulnerability that puts users at severe risk.


It’s often these days that poor IT security comes down to something like human error, and lack of awareness on the users’ part. It’s less often that there’s a widespread design flaw discovered in the technology itself, which is exactly what happened with Intel this week.

The Register published an article this week detailing how every Intel processor produced over the course of the last decade is affected by a design flaw that would allow malicious programs to access and read what should otherwise be protected areas of a device’s kernel memory. Kernel memory is dedicated to essential core components of an operating system and how they interact with the hardware.

What does this mean for Intel users? This flaw could allow cybercriminals to access valuable and sensitive information like passwords. It’s possible that something as simple as JavaScript on a webpage, or cloud-hosted malware could penetrate the most interior levels of an Intel-based device.

Even worse, a foundational flaw like this can’t be patched with a simple, everyday update – the problem is in the hardware, which means it needs an OS-level overwrite for every single operating system (Windows, Linux, and macOS).

In a statement released January 3rd, Intel claimed that this flaw isn’t necessarily unique to their processers.

“Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.”

According to Intel CEO Brian Krzanich, Intel was informed about the security flaw by Google a few months ago. Although the extent of this flaw isn’t fully known to the public right now, it appears that developers are working hard to patch systems over the course of the next few weeks. 

That said, the patching process won’t be easy, given that it will involve severing kernel memory from user processes. In a nutshell, that means users will face major performance lags, anywhere from 5 – 30%, depending on the specifics of the device.

The fix works by moving the kernel to a totally separate address space, making it nonexistent — and therefore, inaccessible — to a running process. Unfortunately, this separation process takes a lot of time to perform, as it forces the processor to dump cached data and reload from memory every time it switches between two separate addresses. The end result is an increase in the kernel’s overhead and a slower computer.

While it may not be noticeable for the average user on their home PC, this kind of lag will likely affect businesses using enterprise-grade cloud configurations the most. Be sure to keep an eye on this developing issue in order to ensure your Intel-based devices are properly patched.

As always, the best way to stay aware of threats like this, as well as protect against them, is to work with an expert partner. Our team of cybersecurity professionals will help you stay ahead of exposed vulnerabilities like these so that you can remain safe and focus on the work your business does.

law_ebook

Can Your Legal IT Services Firm
Keep Law & Order With Your
Practice's Technology?

Learn how Parkway's Legal IT Services helps firms across North Carolina achieve better results.

Click Here
Download Our Free Report

Experts Rush to Get Ahead of New Ransomware Attacks

Experts Rush to Get Ahead of New Ransomware Attacks

Parkway tech


Ransomware is now a household name, and there’s no going back. Even though cybercriminals have been using ransomware for years now, it wasn’t until the global WannaCry attack that awareness reached critical mass. 

Doctors and nurses went to work as usual last May in the UK’s Central Manchester University Hospital, but when they went to turn on their computers, all computer systems began crashing. Messages began to pop up on their computer screens demanding $300 in Bitcoin in exchange for restored access – the WannaCry ransomware had struck.

Targeted Manchester hospitals claimed that no patient info was compromised, but they did have to suspend services. The BBC reported that other hospitals in London, Nottingham, Hertfordshire, and Blackburn had also been attacked and that some phone systems went down for a period of time. Doctors and nurses were forced to use pens and paper to keep track of patient information. Once medical organizations across the UK had realized what was happening, some of them disconnected from servers at the National Health Service to try and avoid being attacked.

Exploiting Microsoft’s Operating System 

This is just one of the many stories that have unfolded over the last year where large organizations were targeted with one of the largest ransomware attacks in history, named “WannaCry”. Though experts did not know this at the time, WannaCry is a ransomware cryptoworm developed by North Korea and aimed at Microsoft operating systems. 

Though it seems unbelievable, there have now been more than 100 attacks like this across 150 countries just this past year. Most anti-virus software makers have scrambled to get ahead of these attacks. Once Microsoft’s experts had found that the attacks took advantage of a Windows vulnerability, they quickly released patches for computers running all versions of the operating system, including older versions such as Windows XP, Windows Server 2003 and Windows 8.

Kurt Baumgartner, at the security firm Kaspersky Lab, explained how effective and how quickly WannaCry ransomware can strike. 

“Affected machines have six hours to pay up and every few hours the ransom goes up,” said Baumgartner. “Most folks that have paid up appear to have paid the initial $300 in the first few hours.”

Other experts in the field of Cyber Security found evidence that these attacks were made using a variation of the malware called, “Wanna Decryptor”. This program is a Trojan virus that utilizes AES-128 encryption to make all files inaccessible to users.

Though many of the ransomware attacks were launched against the UK, Russia, Taiwan, and Ukraine, global firms like FedEx have come under assault as well. Officials from Europol said that the attacks were of an “unprecedented level and require international investigation.”

Meanwhile, China reported a massive attack against PetroChina that took some time to resolve; as a result, customers were forced to pay cash at all PetroChina gas stations until the ransom had been paid.

Spain also reported an attack against Telefónica, a large telecom organization. Their experts were able to determine that the attacks were spread through a vulnerability called “EternalBlue.” Their IT department quickly created a patch to prevent the bug from spreading.

Controlled Folder Access For Windows 10 

All of these attacks were launched against Windows-based systems, leaving IT security experts at Microsoft to take quick action to develop and release patches and other tools to stop cybercriminals. The fall updates to Windows 10 included many new improvements aimed at providing a much higher level of protection. One of these, known as Windows 10 FCU, has proven especially useful. Also known as Controlled Folder Access, this update protects files and folders from ransomware attacks using a simple methodology.

The exploit is based on the fact that most Windows programs have access to all files and folders on a computer system, which made it much too easy for hackers to gain access to those files and wreak havoc. Unrestricted access to files and folders might be convenient for users, but it opens the door to virus and ransomware attacks.

Customizing Your Operating System 

Though many users are not aware, Windows gives you the ability to greatly customize your operating system, including the capability to take action to protect your data from hackers. Using Controlled Folder Access, you can modify access to your important data, so that these files are given an extra layer of protection. If any program tries to modify files that have been placed in the “protected folder”, they will be blocked. This feature is found in Windows Defender.

Follow these steps to enable Controlled Folder Access on your computer:

  • 1
    Type Windows Defender in your start menu. This opens the Windows Defender Security System.
  • 2
    Navigate to the left panel and find Virus and Threat Protection. If it isn’t listed there on the left, then type “virus and threat protection” in the settings search box at the top left.
  • 3
    Click on Virus and Threat Protection Settings. This may appear in a new dialog box or on the right side of the Virus and Threat Protection page.
  • 4
     Scroll down and find “Controlled Folder Access”. Toggle the button to “On”. This enables the Controlled Folder Access feature.

Granting manual access to programs 

The most significant drawback to using this feature is that some of your favorite apps or programs may be blocked. The solution is simple: Manually grant access for these programs. Just below the toggle button, you’ll find a link called, “Allow an app through Controlled folder access”. Click on that and a new dialog box appears. Now click the “Plus” sign out beside “Add an allowed app”.

The familiar “Open a File” window on your computer will automatically open, giving you the ability to click on whatever file, folder or program you would like to exclude. Navigate to the EXE file and then click on “Open”. You have successfully added this program to your exclusions list.

This works for all your favorite programs like Photoshop, Dragon Naturally Speaking, and Quickbooks. Please note that Windows has its own list of “safe” programs that are already included, so there’s no need to grant manual access to programs like Excel and Publisher.

For more information about the latest IT security threats and how to protect you and your business against them, get in touch with our team of cyber security experts.

lead_ebook

The Best In Law
Meets...The Best In IT.

Learn how Parkway's Legal IT Services helps firms across North Carolina achieve better results.

Click Here
Download Our Free Report