Categories:
Blog

Getting Conned… Twice | New Ransomware Technique

Really Interesting article about a ransom-ware strain that encrypts your computer, and then asks for admin credentials to your computer in order to decrypt the files! Don’t do it! In effect, you are getting conned twice. The first time they got your files, the second time they could have everything!!!

 

Article: https://www.bleepingcomputer.com/news/security/commonransom-ransomware-demands-rdp-access-to-decrypt-files/

What is Sandboxing?

SANS published an interesting article (see below) showing that Windows Defender is now supporting sandboxing.

So what is sandboxing? And why is this a good thing. “Sandboxing is a software management strategy that isolates applications from critical system resources and other programs.” – Tech Definition. Sandboxing allows applications and code that come into your system to first go to the sandbox and “play” and be watched to see what they do. In this sandbox, the code and the application can be analyzed to see whether it’s malicious, or acting normal.

There are a couple of places you can deploy sandboxing, and it’s a good idea to have them at each level. The first level is on your firewall. Before code can even get onto your computers or servers, your firewall analyzes the code and makes sure it’s not malicious. An ounce of prevention is worth a pound of clean up! The other place sandboxing can happen is with your local anti-virus/anti-malware software (as mentioned in the article). At this point the code is on your computer, but at least it’s still isolated! So that’s a bonus!

 

article: https://isc.sans.edu/forums/diary/Windows+Defenders+Sandbox/24266/

You Should Try a Linux

I was reading an interesting article comparing Linux vs Windows (see below), and I realized most people have never toyed with a Linux OS. While Windows clearly has the market for business desktops, with Windows 7 being replaced using a Linux at home would be a worthwhile experiment. Currently I have two Linux OS’s at home, and three Windows.

There is a huge world of free open source applications (including Linux) that are powerful and fun to use.

Here’s a link on how to load Linux on your computer: https://www.wikihow.com/Install-Linux. But keep in mind, you’ll lose your old OS and most of your files.

Article: https://www.maketecheasier.com/linux-vs-windows/

Linux penguin

Don’t use these passwords… please

We’ve all heard many times how important passwords are, here are a list of common passwords people use, please don’t use these as it will make breaking your password really easy.

  • Season + year (e.g. Winter 2018)
  • Local Sports Team + Digits (e.g. Seahawks3)
  • Company Name +Year/Number/Special Character (e.g. VeloxSystems2018@)

So how do you compile a good password? Think length, and random. I like to use a good password manager (Lastpass.com) or a random word generator (https://randomwordgenerator.com/). Try to get your password to be over 12 characters and yet easy to remember, like a lyric to your favorite song, a favorite quote from a movie, or just a phrase you like, then add some numbers and symbols. Here are some good ideas to get ideas flowing

Why Do We Do and Say Dumb Things Online?

BBC has an interesting article about a 16 year old who is pleading guilty to hacking into Apple’s network. This kid “boasted about his activities” and broke into their network because “he was a huge fan and dreamed of working there.”

There is something that happens when you’re behind a computer (it’s called The Online Disinhibition Effect) where do and say things you’d never do in person. Would this kid really break a lock on Apple HQ building to get in? I doubt it. Would he physically steal cash from one of their retail stores? Probably not. But that’s just what he did.

The same thing happens to us in chat rooms or via email. People will curse and humiliate total strangers, when they would never dream of doing that at your local coffee shop. We assume we are anonymous. We pretend the other person isn’t just like us.

The next time you’re online, remember the person staring at the other end of your communication. That person is someone’s son or daughter. That person is probably just like you. Oh, and if you didn’t read the BBC article… you aren’t anonymous… we can find you.

Y2K – Real or Myth?

Interesting article from BBC discussing if Y2K was a myth… conclusion: no, it wasn’t, the only reason it was a HUGE problem, was because of IT folks who spent countless hours preparing for it. Basically it would have been a big deal, but they realized that before it happened. “The prudent sees danger and hides himself, but the simple go on and suffer for it.” Proverbs 27:12. 

https://www.bbc.co.uk/news/technology-45083650

Data Breaches: What’s Actually Reported

Are you still shredding your bills and blacking out your address on envelopes. I hope not. In this day and age your much more likely to lose you information from a data breach than from someone dumpster diving… and c’mom, I can just google your address to find out who lives there. Check out this recent article about a data breach from the BBC (Click Here), 10 million records stolen, and it happened in June. The Online Trust Alliance estimates there were between 82,000-250,000 security breaches in 2016, and that number is just going up. That’s 200 – 500 companies EVERY DAY! But we only hear about the big ones. How many little mom and pop stores do you think have your info and have terrible security? Probably lots.

 

So, what can you do about it? Here are some ideas to keep you safe.

  1. Realize it’s a matter of when, not if, your data is stolen
  2. Be suspicious of emails you don’t expect
  3. Be suspicious of real mail you aren’t expecting
  4. Use a password manager (My favorite it lastpass.com) and use complex passwords
  5. Encrypt your phone
  6. Encrypt your laptop

 

How Quickly Cyber Criminals Can Take Over

In a recent BBC article, they explain how easy it is for cyber criminals to take over a vulnerable server. And don’t think they aren’t targeting little guys, because they are using automated tools, you’re just as vulnerable as a Fortune 100 company for many attacks.

A test was done by a company that does cyber security to see how quickly a new server with vulnerabilies would be found out and exploited. Withing two hours of putting the server online, bots had found it, and laid siege to the network. Then within 15 seconds, they “Owned the network”

The articles states:


Within 15 seconds of getting access, the bot:

  • sought out and exploited several known vulnerabilities
  • scanned the network to which the server was connected
  • stole and dumped credentials for other vulnerable machines
  • created new user accounts for its creators to use

“It completely owned the network in an automated fashion,” said Mr Rustici.


If that doesn’t get your attention, I don’t know what will.

Full Article Here: http://www.bbc.com/news/technology-43788337

How Much Bandwidth Do I Need?

How do you decide what bandwidth you need for your office? The answer to this question can cost you hundreds of dollars in lost productivity for your people, or in additional costs paying for internet you don’t need.

Bandwidth Usage

Here is a list of typical bandwidth suckers and then we’ll calculate a couple different office sizes:

VOIP Phone Call Per Device .5 Mbps[i]
Music Streaming Per Device 2 Mbps
Video Streaming Per Device 4 Mbps
Smart Devices (Phone, Echo) when Idle Per Device 1 Mbps
General Web Browsing Per Device 1 Mbps

 

You also should plan on actually needing about 30% more than what’s calculated for smooth network operation.

Office of 10 People (Heavy Use):

If you have 10 people in your office and you are a creative agency (Art, Marketing, Design, Etc). you’ll probably have 50% of them streaming a video or music at any one time, and they’ll probably all have a smart phone. Of course, all of this assumes they are doing all of this ALL the time, which isn’t true, so as you get to a higher number of uses, you’ll want to change the calculations.

Music Streaming x 5 = 10 Mbps

Video Streaming x 5 = 20 Mbps

Smart Devices x 10 = 10 Mbps

General Web Browsing x 5 = 5 Mbps

Total without VOIP (45 + 30%): 58.5 Mbps down

Adding VOIP (VOIP x 10 = 5) 65 Mbps.

Office of 10 People (Light Use):

Here’s a possible scenario of an office with 10 people who are not a creative agency (I would call this an average office). We’re going to assume that at any one time 20% of them will be either streaming video, music, or surfing the web. Here’s the calculation.

Music Streaming x 2 = 4 Mbps

Video Streaming x 2 = 8 Mbps

Smart Devices x 10 = 10 Mbps

General Web Browsing x 2 = 2 Mbps

 

Total without VOIP (24 + 30%): 31.2 Mbps down

Adding VOIP (VOIP x 10 = 5) 36.2 Mbps.

Other Considerations

Speeds Less Than 100 Mbps

  1. Old Building
    1. If you’re in an old building where the wiring was done in the early 90’s, then you may have Cat3, which is limited to 10Mbps.
  2. Hardware Limitations
    1. WiFi
      1. Your WiFi device has a total limit of traffic it can handle. If you’re trying to run lots of computers on a single WiFi device, you’ll likely experience a bottle neck that isn’t close to the full speed of your ISP.
    2. Firewall
      1. You’ll need to have a commercial grade firewall to get a reliable 100 Mbps through your firewall. Google your make and model to see what speeds it can accept. Also, if you’re using any kind of content filtering or gateway services, this will slow down your connection more.

Speeds Greater Than 1000 Mbps

  1. OldBuilding
    1. If you’re in a building built before the early 2000’s, it was probably built with Cat5 cabling. Cat5 cabling limits your throughput to 100 Mbps. Cat5e and Cat 6 both support speeds of 1000 Mbps
  2. Hardware Limitations
    1. WiFi
      1. Your WiFi device has a total limit of traffic it can handle. If you’re trying to run lots of computers on a single WiFi device, you’ll likely experience a bottle neck that isn’t close to the full speed of your ISP.
    2. Firewall
      1. You’ll need to have a really good commercial grade firewall to get 1000 Mbps through your firewall. Google your make and model to see what speeds it can accept. Also, if you’re using any kind of content filtering or gateway services, this will slow down your connection more.
    3.  Switch
      1. You’ll need to make sure your switch can support 1000 Mbps speeds. If not, you’ll need to upgrade. If you want to experience the full speeds.

[i] http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.99.7039&rep=rep1&type=pdf

Ransomeware Still a Big Problem

In a recent article from the BBC, they discuss the fact that ransomware is still a huge problem, accounting for 40% of successful breaches. Not only that, but the criminals are targeting small firms too! [See Article Link Below]

So, what can you do about?

  1. Make sure your employees are well trained in how to detect spam in the email.
    • Basically don’t click links you didn’t request or aren’t expecting.
  2. Make sure your firewall is properly maintained
    • Ports should be closed if not needed
    • VPN’s should require two-factor authentication and password complexity
  3. Keep Anti-Virus working on your computers
  4. Have someone to call if you need help.
    • Have a trusted person you can discuss potential threats or weirdness with. Build a relationship now before you’re in a crisis. If you wait for a crisis, you will be needy and depending on who you talk with, you may buy a lot more than you need.

 

http://www.bbc.com/news/technology-43713037