Blog

[ALERT] A Big Locky Ransomware Phishing Attack Infects With the New Diablo6 Strain

Security researcher Racco42 discovered a new phishing campaign that is pushing a new Locky strain which appends the .diablo6 extension.

Larry at Bleepingcomputer wrote: “Locky is back and currently being heavily distributed worldwide. While Locky was at one point considered the largest distributed ransomware, over time it became much more common to see other ransomware such as Cerber, Spora, and now even GlobeImposter. Read More…

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Small Businesses Benefit From Managed IT Services

From start-ups to multi-billion dollar businesses, everyone is looking for ways to cut costs while turning a profit. In fact, many companies are just trying to keep things in the black, however that does not eliminate the need for practices that will improve and grow these businesses. Since few people have the expertise to manage much of today’s technology, a certain percentage of their budgets should be allocated to IT and software applications maintenance. Here are ways that Managed IT Services benefit small and medium businesses.

Benefits of Managed IT Services for Small Businesses

  • Increased productivity- Businesses are established to fill the need for a product or service while providing a livelihood for the business owners and their employees. In order to do this, businesses have to ensure they are working at full capacity at all times. Downtime or work performed at reduced levels is time and money wasted. Managed IT Services can help businesses not only quickly repair problems when they occur but also act as a proactive measure to spot and treat potential problems before they have an impact on productivity.
  • Supports in-house IT- Many businesses do not want to relinquish all IT maintenance control to an outside party, and small businesses do not always have the resources to support the type of IT department needed to keep their business running at full speed. A majority of businesses can benefit from adding the expertise, tools and availability of a Managed IT Services Provider to help support in-house IT departments.
  • Remote services- Managed IT Services Providers work from a remote location, providing desktop, email and back-up and recovery support services without adding to the actual number of “employees” on site. The services provided are unobtrusive and in the majority of cases, have no impact in the day-to-day activities of current in-house employees.
  • Affordable- Generally when you bring on a Managed IT Services Provider, a consultant will perform an onsite assessment of the company, its workflows and processes and the current state of its supporting technology to determine what services are needed to meet organizational goals. Business owners often have a choice between several different levels of service, making it possible for a company with a limited budget to choose a package that best suits their needs.

Security is a big concern for business owners and individuals alike. In the past, business owners have been reluctant to entrust secure or private information to a third party, offsite vendor. As Managed IT Services Providers continue to prove their value, more companies are realizing the benefits and value of their services. Managed IT Services Providers continue to improve technology to provide secure, quality services for businesses of all sizes. As a result, smaller businesses which operate with leaner budgets find themselves in a position to reap the benefits of these services. Business owners often have to make difficult decisions regarding how they will improve their business while sticking to the budget. As the market for Managed IT Services experiences continual growth in the next few years, this method of IT maintenance and service delivery will likely become the “norm” for small to mid size businesses looking to reduce costs and improve uptime and business continuity. Companies that recognize the benefits of Managed IT Services will have a jump on their competition.

Click here to learn how Presidium Networks can help you save reap these benefits and more with our Managed IT Services program for your business in the central Florida area.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Save Time and Money with Managed IT Services

If there is one thing most small businesses can agree on is that time equals money. Small business owners are in a position where they have to be a jack-of-all-trades, often spending most of their day wearing different hats. This is the nature of the small business and while expected is not always the best use of time. In order for a small business to be successful and remain competitive in an industry, there must be designated time for the owner to focus on growing and building the business. In many cases small businesses fail as a result of being unable to handle emergencies or other situations that are simply beyond the control and expertise of the owner. Leveraging Managed IT Services can help.

Any business that relies on technology, which covers almost every business operating today, can benefit from managed services. Managed services providers understand that not every business has the ability to pay for an internal IT department which can be very expensive yet necessary to ensure all aspects of technology are supported. Without this backup, many small businesses find themselves in a position where they have to foot a very expensive bill to recover from a disaster or emergency. In other situations, using out-of-date or ineffective technology is simply a waste of both time and money on the part of the small business.

Here we look at how small businesses can make the most of their time and money by hiring a managed services provider.

  • Focus on running the business- One of the major benefits of outsourcing your technology needs is that the owner and employees of the company can focus 100% on their individual duties to keep the business moving in the right direction. This is the most valuable use of time for all parties involved, instead of hours or even days lost when trying to deal with technological issues that in house employees are not trained to handle.
  • Offer expert advise – There are many small businesses that simply do not know what they need to improve the functionality of their business. The old adage, “what you don’t know can’t hurt you” does not apply in all cases. By consulting with a managed services provider you may discover areas of your business which can be improved that you previously thought were working “just fine”. Expert advice may be able to help you improve the efficiency of your business while positioning you better within the industry.
  • Support when you need it – Managed IT Services Providers are not only there in the event of an emergency or recovery, but also provide monitoring which can invaluable in preventing problems before they can impact the business.

It is important for every small business to carefully examine their technical needs in order to see what services will be most beneficial to the company. Managed IT Services Providers can offer services that not only reduce technology costs over time but also improves functionality which in turn saves time. When this balance is achieved a small business is in the perfect position to thrive and grow.

Click here to learn how Presidium Networks can help you save time and money with our Managed IT Services for your business in the central Florida area.

 

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Scary New CryptXXX Ransomware Also Steals Your Bitcoins

Now here’s a new hybrid nasty that does a multitude of nefarious things.Proofpoint researchers found that it was built by the same cyber mafia that’s behind the Reveton malware. A few months ago the 800-pound Dridex cyber gang moved into ransomware with Locky, and now their competitor Reveton has followed suit and is trying to muscle into the ransomware racket with an even worse criminal malware multitool. Read More

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

The Latest From CyberheistNews

Scam Of The Week: IRS Refund Ransomware

Many of us waited till the last moment before the April 15 tax deadline and are now holding our collective breath in expectation of that possibly rewarding refund. The problem is that cybercriminals are very aware of this anticipation and use social engineering tactics to trick taxpayers.
Knowing that many in America are waiting for word from the Internal Revenue Service concerning pending refunds, the cyber mafia is working hard to get in first with a massive phishing attack that has a ransomware attachment.
The attachment is an infected Word file, which holds a ransomware payload and encrypts the files of the unlucky end-user who opens the attachment, and all connected network drives if there are any.
I suggest you send this Scam Of The Week to all your friends, family and employees with something like the following message (Feel free to copy/paste/edit:)
“Cyber criminals are preying on American tax payers that have made the April 15th deadline and are now waiting to hear about their refund. There is a massive phishing scam going on right now which tries to trick you into opening a Microsoft Word attachment. But if you do, all your files will get hijacked and encrypted. If that happens, you only get your files back after paying around $500 ransom. Remember, think before you click, and do not open any attachments you did not ask for!”
Step employees through effective security awareness training, it is how to stay safe out there on the Wild, Wild, Web. Here is what the email looks like:
http://blog.knowbe4.com/scam-of-the-week-irs-refund-ransomware

New TeslaCrypt Ransomware Uses More Exploit Kits As Infection Vector

The new Internet Security Threat report from Symantec shows that the growth of file-encrypting ransomware attacks expanded from 8,274 in 2013 to 373,342 in 2014. This is 45 times more crypto-ransomware in the threat landscape within a one-year span.
Combine that with the new Verizon Breach Investigations Report last week which showed that you’ve got one minute and 22 seconds to save your files from being encrypted and you see the problem. Verizon calculated 82 seconds as the median time it takes for an employee to open a phishing email that lands on a company’s network and in their inbox.
TeslaCrypt is one of the latest copycat ransomware strains which has ripped off the CryptoLocker brand, and is now infecting user’s workstations through multiple exploit kits.
Apart from a laundry list of file types that ransomware normally encrypts, TeslaCrypt also tries to cash in on the $81 billion game market and encrypts over 40 file types associated with popular computer video games, like Call of Duty, Minecraft, and World of Warcraft as well as files related to iTunes. In other words: “all your files are belong to us”.
Instead of phishing attacks with attachments, the TeslaCrypt strain uses multiple exploit kits. An exploit kit (EK) is crimeware that gets sold on the dark web, and allows cyber gangs to infect legit websites. The workstation of the employee who clicks through to or visits that infected website gets exploited when it is not updated with the latest patches.
TeslaCrypt started out with the Angler EK, but recently also the Sweet Orange and Nuclear EKs. The Nuclear kit is used in a campaign right now. Employees that click on a link in a phishing email are being redirected to compromised WordPress sites that have this EK installed.
Brad Duncan, security researcher at Rackspace observed April 16th that in one case the kit successfully exploited a vulnerability in an out-of-date version of Flash player (13.0.0.182).
Once the workstation is infected, the delivered ransomware still uses the Cryptolocker branding. However, when the victim visits the payment site that instructs them on how to pay the ransom, it becomes obvious you are dealing with TeslaCrypt, which is the screen shot you see in our blog which has the links to the reports mentioned above as well:
http://blog.knowbe4.com/new-teslacrypt-ransomware-uses-more-exploit-kits-as-infection-vector
The payment process is run through a website located in the TOR domain. Each instance of the ransomware has its own Bitcoin BTC address. The files are encrypted by using the AES cipher, and encrypted files gain the .ecc extension.

What To Do About It

• The rule “Patch Early, Patch Often” still applies, but these days, better to “Patch Now” all workstations for both OS fixes and popular third party apps that are part of your standard image rolled out to end-users. A product like Secunia can scan for all unpatched third party apps.
• Make sure your Backup/Restore procedures are in place. Regularly TEST, TEST, TEST if your restore function actually works. The latter is often overlooked.
• The TeslaCrypt strain uses social engineering to make a user click on a link in a phishing email (It does not use email attachments). Also, this type of ransomware can use malicious ads on legit websites to infect workstations. End users need to be stepped through effective security awareness training so that they are on their toes with security top of mind when they go through their email or browse the web.
Find out how affordable this is for your organization today. You will be pleasantly surprised.
http://info.knowbe4.com/kmsat_get_a_quote_now

A Serious Legal Liability: Bad or No Security Awareness Training

If you have trouble getting budget for employee security education, please read this article and then forward it to the head of your legal department and/or or the person in your organization who is responsible for compliance.
The Department of Health and Human Services has stated that bad or no security awareness training is a main cause for compliance failures. This is true for not only health care, but all kinds of industries like banking, finance, manufacturing, and surprisingly, high-tech.
It does not stop with mere compliance failures causing regulatory fines. Trend Micro reported that 91% of successful data breaches started with a spear-phishing attack. The problem is that to be “letter of the law” compliant, you only need to herd your users once a year into the break room, keep them awake with coffee and donuts, and give them a “death by PowerPoint” awareness update. However, ineffective security awareness training could turn out to be a serious legal liability.
Why? Cybercrime goes after the low-hanging fruit: your users. Why spend time exploiting complicated software vulnerabilities when you can easily social engineer an end-user to click on a link? So your end-user did not get effective awareness training and falls for the hacker trick. Their workstation gets infected with a keylogger, the hacker now knows their login and password, and with that penetrates your network.

Three Scenarios

Simply put: if it’s the Eastern European cyber-mafia, their focus is to transfer out money from your operating account over a long weekend. If it’s the Chinese, they will steal your intellectual property. If it’s independent hackers, your customer database and credit card transactions are exfiltrated and sold on dark web criminal sites.
In all three cases you run the risk of a lawsuit:
• You might sue the bank for negligence, and they might sue you back. Massive legal fees are inevitable. If it is found out the attackers came in by social engineering a user, your case is significantly weakened. Go to Brian Krebs’ site and search for Patco Construction, a nightmare scenario. Here it is:
http://www.krebsonsecurity.com

• If the Chinese steal your intellectual property and you are exposed to a shareholder lawsuit, there will be a lengthy and costly discovery period. If it is found out the attackers came in by social engineering a user, your case is significantly weakened.
• If hackers get into your network, and an investigative journalist like Brian Krebs discovers a website that has all your customer records and credit card transactions, a class action lawsuit is not far away. (This is the legal profession’s biggest growth industry) cialis pills online. If it is found out the attackers came in by social engineering a user, your case is significantly weakened.
See the trend here? Not scaling your training to a level that effectively mitigates the risk you are exposed to is a severe legal liability. We have a whitepaper called “Legal Compliance Through Security Awareness Training” written by KnowBe4 and Michael R. Overly, Esq., CISA, CISSP, CIPP, ISSMP, CRISC. He explains the concept of acting “Reasonably” or taking “Appropriate” or “Necessary” measures.
Reading this whitepaper will help you to prevent violating compliance laws or regulations. In it, there are some examples of the Massachusetts Data Security Law and HIPAA to explain what is required. I strongly recommend you download this whitepaper if you have not already:
http://info.knowbe4.com/whitepaper-overly-kb4

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Maintaining HIPAA Compliance with Online Data Storage

Keeping patient records secure and private is the concern of every hospital and health care provider, but they are often overwhelmed with years and years of patient information and the lack of adequate storage space. Destroying these health records in order to make room for more storage is often not an option. Patients want access to all of their health care records, and physicians need them in order to better diagnose patients. Online data storage is a way to satisfy all of these issues.

Using online data storage for these records allows easier access for patients, and offers easier sharing of patient information from hospital to physician, as well as from physician to physician. Storing health records online isn’t, however, without security concerns Going Here. Patients, hospitals, and physicians want assurance that these confidential records will remain safe, private, and secure, and will only be accessed by those authorized to do so.

What is HIPAA?

HIPAA or the Health Insurance Portability and Accountability Act of 1996 was created in order to protect health information and give patients certain rights regarding their private health information. It also allows for disclosure of health information necessary for patient care. This act specifies safeguards necessary for administrative, and physical and technical handling of patient health information.

According to the U.S. Department of Health and Human Services (HHS.gov) HIPAA has many requirements and restrictions. It requires safeguards for:

  • Access Control
  • Audit Controls
  • Person or Entity Authentication

Access control is defined in the HIPAA Privacy Rule as “the ability or the means necessary to read, write, modify, or communicate data/information or otherwise use any system resource.” It should allow authorized users to only access the minimum amount of information necessary to complete job functions. The Access Control specification also requires the implementation of an exclusive user identification or user ID, and immediate access in case of an emergency.

What Type of Security is Necessary?

When dealing with patient records in an office, maintaining privacy and security usually involves storing patient files in locked cabinets where the files can be physically secured and visibly monitored at all times. When you are storing patient information online, certain precautions must be met in order to maintain the same security and privacy guaranteed each patient.

While HIPAA permits patient records to be transmitted over the Internet, businesses will want a service that offers file encryption, authentication and password protection in order to secure the information. Although HIPAA does not require online data storage services to have encryption, it does require that patient information be adequately protected and accessible only to authorized persons. Encryption is the best way to protect that information and ensure authorized access to those records. It is also important to offer backup services in case of a virus attack, flood, or fire. Finally, the service must offer a method of tracking any security breach, as well as the ability to lock out former employees after they have left or been terminated.

When storing patient information, it is important to stay HIPAA compliant, as the fines for not doing so are expensive. While online data storage for health care businesses guarantee less worry, work, and expense for health care providers, the service is only as good as the security offered. Remaining HIPAA compliant is vital in order to continue a good business relationship with the health care industry.

Click here to learn how Presidium Networks can help you maintain HIPAA compliance with our Remote Online Data Storage Services for your practice in the central Florida area.

Watch Movie Online Logan (2017)

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Password Strength is Key in Business and Personal Information Security

In today’s technologically driven business marketplace one of most often overlooked points of vulnerability to your business and personal information security is the strength or weakness of the passwords that you define for usage when logging into: your computer network, email provider, online banking, accounting or payroll applications. To underestimate the importance of strong passwords is to leave the door wide open to identity theft and corporate piracy. Your passwords must be a robust combination of all the characters that are available, must be unique for different applications and must not be a word commonly found in any dictionaries, in any language.

How do you maximize your business and personal information security?

We have been conditioned to use weak passwords. For many people the first password we ever needed was for our ATM cards. If this is the case we were limited to the numerals on the keypad 0-9. That simply will not cut it anymore. Malicious computer deciphering programs can run through all of the possible combinations in a matter of seconds. The same types of programs can run through all of the words in the dictionary, plus most common names, in multiple languages even spelled backwards, in a matter of minutes viagra purchase. You cannot have the same password for all of your password needs; if that one password was to get compromised then all of your sensitive private data would be at risk.

How do you come up with strong passwords that you can actually remember, without writing them down where they could be easliy found and used to cause you or your business harm?Movie Fifty Shades Darker (2017)

A good method is to come up with a phrase that is meaningfully unique to you, and therefore it will be something you will be likely to remember. For example: “I love muscle cars and custom motorcycles” or “Ping golf clubs are my favorites”

Use the first or last letter of each word to create a string or characters, from the example above: “I love muscle cars and custom motorcycles” I could come up with: “Ilmcacm” or “Iemsdms”

Replace one or more of the characters with its numeric position in the alphabet or a special character as in: Ilm3a3m or Ilmc@cm

Add a suffix or prefix to make it unique to each application that you will use it for.

  • For my Yahoo email I could use: YeIlm3a3m
  • For my Chase bank account I could use: CbIl3ma3m

Make sure that your each unique string of characters is at least eight characters long.

Now that you have a strong passwords, that last thing you need to worry about is using them wisely.

Do not write them down on a sticky note and put them under your keyboard or behind your monitor. Do not store them in the file system of your computer.

Do not use your passwords on computers that have open access to the general public, such as those found in Internet cafes, airports or mall kiosks.

Do not enter personal information such as your user names and passwords on unsecured websites.

Do make sure that the computer terminals that you use your passwords on have up to date anti-spyware and anti-virus applications.

Click here to learn how Presidium Networks can help you strengthen your business and personal information security with our Network Security Services for your business in the central Florida area.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →