In many a budget meeting, the idea is thrown around “do we REALLY need IT?”  Well, if this article doesn’t convince you that I.T. is invaluable, nothing will…

 

There is a new Ransomware strain out there:

A true self-replicating parasitic virus called

VirRansom!

As the name implies, it is a hybrid.  

It combines CyptoWall-like functionality, with active self-replicating virus infections of all files it can find, with the cybercrime Reveton family of malware’s locking of the PC’s main screen.  

Oh yea, it also demands 0.619 Bitcoin to let you back in.  Ouch.

SophosLabs states:

“Worms vs. Parasitics:  Most worms leave you with one, or perhaps a handful, of infected files that weren’t there before and need to be deleted.

Parasitic viruses, in contrast, may leave you with hundreds, or thousands, or more, of infected files on each computer.  If you leave even one of those infected files behind after a clean-up, the infection will start up all over again.

Worse still, the infected files can’t just be deleted, because they are your own files that were there before the infection started.  That makes cleanup even trickier.“

Before you go into full-fledged panic mode, there is good and bad news with this virus.  

You seem like you could use some good news at this point…

 

The Good News:  

The file encryption is not as advanced as CryptoWall, as they key to decrypt the files is contained in the malware itself.  Your antivirus should soon be able to decrypt the files and restore them (hint:  keep up with updates!), unless the bad guys are constantly changing the encryption keys.  In which case, it may take a day or more before your antivirus catches up.

The Bad News:

This is a full-fledged virus.  It will spread across your network, and doing a less-than-perfect job on the disinfection can easily lead to reinfection of your whole network.

CryptoWall-encrypted files that you can’t or don’t decrypt are harmless garbage forever, but you can delete them.  

With VirRansom, files that you don’t decrypt are still recoverable, but also still actively infectious.

It gets even nastier:  You can expect a VirRansom 2.0 soon, where they might implement “new features” such as:

• industrial-strength encryption like Crypt0Wall where you only get the decryption keys after payment
• infection of your email server, where emails are converted to a worm for maximum dissemination of their malcode.  (Think of the legal ramifications this may have on your business!)

You can mitigate these types of threats through both technical measures, and enforcing your company’s computer use policy.

 

Some technical measures:

• The 1st thing you need to do is test the Restore function of your backups, and make sure it works.  And have a full set of backups offsite.
• Start thinking about asynchronous real-time backups, so you can restore data files with a few mouse clicks.
• Get rid of mapped drives and use UNC links for shared folders.
• Whitelisting software, which only allows known-good executables to run, starts to look more attractive, as more and more of these viruses/malware surface.

Looking at the security policy angle, it’s time to actually enforce best practices:

1. Implement (and enforce) an “Internet Acceptable Use Policy or IAUP”.  This informs your employees what is (and isn’t) acceptable for use of their work computers while utilizing the internet.  They sign this document stating that they will use work computers within the parameters that are set out in the IAUP.
2. Prevent these types of infections to begin with, through effective Security Awareness Training.  The infection vector (think “patient zero”) is your end user (ie. anyone in your company that uses a computer at any time) opening up an attachment or clicking on a link.  Employees need to be not only informed, but trained on computer security.  Call this your “Human Firewall”.

 

Get a Network Security Analysis:  Find out just how vulnerable your computer network is!

Already infected?  

Technology by Design exterminates the bugs, and those nasty viruses!

1-204-800-3166 

We Make I.T. Work!

If you have security cameras watching over your business, home, or baby (via baby monitor camera) – this ALERT is for you!  

Your cameras have a password protecting it?  

Think again!

 

 

To start at the beginning…

Security cameras come loaded with pre-set usernames and passwords.  A lot of people do not change the pre-set usernames and passwords on the cameras, and leave the cameras set with the username and passwords they came with.  The “default” usernames and passwords.

A website called “Insecam” has been found, which indexed 73,011 locations with unsecured security cameras (meaning cameras that have not changed from their pre-set usernames and passwords), in 256 different countries.  The site, which has an IP address from Russia, is further broken down into insecure security cameras by manufacturer.  Specifically:  Foscam, Linksys, Panasonic, some listed only as “IP cameras”.  DVRs such as AvTech and Hikvision were also listed.  Each link could have up to 8 or 16 channels available (meaning that’s how many security camera views were displayed on one page).

You can choose to view cameras by country.  There are 40,746 pages of unsecured cameras, just in the 1st 10 countries.  The U.S. had the highest number of links available at 11,046.  There are 6536 in South Korea, 4770 in china, 3359 in Mexico, 3285 in France, 2,870 in Italy; 2422 in the U.K.; 2,268 in the Netherlands; 2,220 in Colombia; and 1,970 in India.  Like the site boasts, you can see “into the bedrooms of all countries of the world.”

Links available view into businesses, stores, malls, warehouses, parking lots, hotels, hotel pools, baby cribs, bedrooms, living rooms, and kitchens.  Recently the cameras viewed even showed the addresses and GoogleMap location, however when I checked the site again, this was removed.

The website claims that the purpose of the site was to “show the importance of settings and changing the security settings on internet cameras.  They claim that they have removed “all automatically collected cameras from the site” and that only filtered cameras are available now, so that “none of the cameras on Insecam invade anybody’s private life”.   Insecam states they have “also removed all cameras that still use default password settings.”  They state they only provide links to “public cameras without password protection at all”.

Insecam isn’t without conscience, and will remove any camera “upon e-mail complaint.”  With an email and a direct link to “help facilitate the prompt removal”, they will remove the link to the camera.  They also state that if you don’t want to email them, you can simply remove your camera by changing your password from the default password.

Moral of the story:  Change Your Password!

Want to check out the site to see if your cameras are on there?  Go to:  http://www.insecam.org/

 

Call

1-204-800-3166

For Cyber-Assistance!

 

Alert:  “Shipping Problem”

Black Friday and Cyber Monday are done and over with

(anyone else breathing a sigh of relief?).  

Online retailers have taken the lead in sales:  WalMart in the U.S. said Thanksgiving was its 2nd biggest day ever for online sales, and U.S.Target’s online buying was up 40% over last year.

This is the time of the year that people all over the world buy, buy, buy because they are able to find amazing deals, and they’re dying to get their hands on their new purchases.

However, just because U.S. Thanksgiving is over, doesn’t mean you’re safe from online scams.  

Criminal hackers keep track on the holidays just like us, a “scam calendar” if you will.  

Their calendar focuses on events just like this.  They are prepared, and have scam campaigns planned and ready to roll starting TODAY, for the rest of the month.

These malware campaigns are not discriminatory – they target home and office computers with equal enthusiasm.  

Roughly a billion of these criminal emails are sent EACH DAY.  

Cyber-Scammers are preying on people that have just made a lot of online purchases on Black Friday and Cyber Monday.  

Following are just a few of the scam campaigns being sent right now:

1.  “Shipping Problem” emails supposedly from FedEx, UPS, US Mail, or Canada Post:  

The email claims they tried to deliver a package from (for example “Apple Computer”) but could not deliver due to an incomplete address.  They ask you to “Please click on the link to correct the address, and you will get your package.”  If you click on the link, your computer will get infected with malware.  Warn everyone in the company, family members, and especially teenagers.

2.  Alerts via a TEXT to your smartphone that asks you to “confirm delivery” from FedEx, UPS, U.S. Mail, or Canada Post.  

They then ask you for personal information.  Don’t enter any information.

3.  Email supposedly from a major retailer stating that a mistake was made and they owe you a refund.  

It claims that there was a “wrong transaction”.  They then ask you to “click for refund”.  Your device will be infected with malware.  (We sent out an ALERT about this scam a few weeks ago.)

 

Malware or Virus Problems?  

1-204-800-3166

Ask Us How Our “Core Security Package” Could Save Your Company!

 

We Make I.T. Work!

 

ALERT:  CyberCriminals’ Black Friday/Cyber Monday

 

It’s almost that time of year again.  That time when saving-savvy shoppers get up at 2 am to get the must-have toy of the season at 90% off!  

…Yep, Black Friday.  

…And don’t forget the Black Friday of the couch surfing set – Cyber Monday.

As the title says, CyberCriminals are having their own Black Friday.  But not the way you might think…They go into scam-overdrive mode.  Black Friday and Cyber Monday are the busiest on-line shopping days, and CyberCriminals are out to cash in, and get rich…with your money.

What to look for in Black Friday/Cyber Monday scams:

1.  Too-good-to-be-true coupons that offer free phones or tablets.  

These coupons are all over the internet.  Don’t fall for it.  Make sure the offers are from a legitimate company.

2.  Watch out for alerts via email or text that you just received a package.  

It could be from FedEx, UPS, US Mail, or Canada Post.  Scam emails then ask for some personal information.  Don’t enter anything – it’s a scam.

3.  Fake refund from reporting to be from Amazon, a hotel, or a retail chain.  

It will claim there was a “wrong transaction”, and will ask you to “click for refund”.  Instead of a refund, your device will be infected with malware.

Especially now, the price of freedom is constant alertness and willingness to fight back.  

Remember to only use credit cards online, never debit cards.  

Be super-wary of bulk email with crazy-good BUY NOW offers, and anything that looks slightly “off”.

If you think you’ve been scammed, stay calm, and call your credit card company.  Cancel that credit card, and get a new one.

Happy Holiday, and Safe Shopping!

Infected?

Call 1-204-800-3166

We’ll help make your Black Friday/Cyber Monday bug-free!

We Make I.T. Work!

ALERT:  Pizza Deliver Delivers More Than You Paid For!

Everybody loves getting something for FREE!  

…Unfortunately, cybercriminals are giving you more than you paid for!

New spam emails are currently being delivered, claiming to be a campaign from “Pizza Hut”, which asks recipients to “click and claim” their delicious reward.

The link in the email looks similar to this:

“Of course, if you click on the link, you do not get a coupon for free pizza – you get a zip file containing a Windows executable which will make you part of a malicious botnet called Asprox or Kuluoz”, warns researchers at Cloudmark.

We recommend alerting your friends and family about this spam campaign, include a link to this ALERT, so they can see just how “official” the link request looks.

If you have already clicked on this link, or suspect your computer and/or network is infected, call us at 204-800-3166, or email helpdesk@tbyd.ca.  

 

Got Cyber-Bugs?

Call 1-204-800-3166

For Cyber-Extermination!

We Make I.T. Work!

 

Top 5 Facebook Scams

Facebook now has over a billion users, that’s a mind-boggling thousand million people who check their page regularly.  Of course, bad guys are going to be irresistibly attracted to a population that large.  Here are the top 5 Facebook scams they are trying to pull off:

1.  Who Viewed Your Facebook Profile:  

This lures you with messages from friends, or sometimes malicious ads on your wall, to check who has looked at your profile.  But when you click, your profile will be exposed to the scammer, and worse things happen afterward.

2.  The Facebook Colour Changer App:

This tries to trick you to personalize your Facebook page.  However, it also leads you to phishing sites, deceives you to share the app with your friends, and infects your mobile devices with malware.  Stay away from this app!

3.  Fake Naked Videos:  

There are tons of fake naked videos being posted all the time, using names of celebrities like Rihanna or Taylor Swift, that sometimes make it through Facebook moderators.  These scams are in the form of an ad or a post, and have a link to bogus YouTube videos.  That site then claims your Adobe Flash player is broken, and says you need to update it – but malware is installed instead!

4.  Facebook Videos With Come-On Titles:  

Computer bad guys often try enticing titles like “Not Safe For Work” or “Scandalous” to lure you into clicking on these videos.  You then get automatically redirected to phishing sites that steal your personal information.

5.  Check My Status Update To Get Free Facebook T-shirt:  

This sends you fake messages from your Facebook friends to go to their page, and get a free Facebook t-shirt.  It’s a scam.  Remove any access immediately to rogue applications if you have already clicked on something like this.

 

Facebook is Facebook.  

There is simply no way to change the colors of your profile, or change the theme.  Stay away from messages or links promising you otherwise, unless you want your PC or mobile device infected with malware.

Ask Us About Our ‘Core Security’ Package!

 

Got Cyber-Bugs?

Call 1-204-800-3166

For Cyber-Extermination!

We Make I.T. Work!

 

ALERT:  Ebola Scam

CyberCriminals cannot resist exploiting any disaster, or human suffering.  

Ebola is in the news, and everyone is afraid.  CyberCriminals prey on that fear.

Do not click on anything to do with Ebola.  

CyberCriminals are currently offering free toolbars that way they will warn you when Ebola pops up in your town/city.  

DO NOT CLICK!  You will be installing malware instead.

 

Got Cyber-Bugs?

Call 1-204-800-3166

For Cyber-Extermination!

We Make I.T. Work!

ALERT:  Ransomeware’s New Dangerous Tactics

 

 

 

CryptoWall V2.0 is now using “poisoned ads” on major sites like Yahoo, AOL and Match.com to infect unsuspecting victims’ networks.  

Malicious ads are nothing new, but the second-generation ransomware using them is worrisome.

Proofpoint says “The sites themselves were not compromised; rather, the advertising networks upon which they relied for dynamic content were inadvertently serving malware”.  

This means a so-called drive-by-download where the user does not have to click on anything.  

Up until now, CryptoWall was spread by spam with infected email attachments and download links sent by the Cutwail botnet, which users had to click on the link.

The website visitors hit by this “malvertising” are people who run unpatched versions of Adobe Flash.  The poisoned ads silently ‘pull in’ malicious exploits from the FlashPack Exploit Kit, hence the “drive-by-downloads”.

 

According to security researchers at Dell Secureworks, more than 830,000 victims worldwide have been infected with ransomware, a 25% increase in infections since late August when there were 625,000 victims.

The first ransom usually has a deadline of 4-7 days, and demands around $500.  Even bad guys have a conscience and understand its not always to get your hands on Bitcoins quickly.  However, when this deadline passes, the ransom doubles to approximately $1000, depending on Bitcoin exchange rates.

Counting the ransom payments to CrytoWall’s Bitcoin addresses, Proofpoint estimates that the attackers make $25,000 per day.  Recent data taken directly from the CryptoWall ransom payment server, shows that since August 2014, an additional 205,000 new victims have been claimed.

How To Help Prevent Infection:

1.  Do not use mapped drives.  Period.  

Use UNC names instead to connect to servers.  Apart from close to real-time (snapshot) fileserver backups, I also strongly recommend to deploy ad blockers for all the browsers in your organization, if you have not done so already.  Or make sure you use endpoint security that has ad-blocking built-in.

2.  Continue to focus on all endpoints being fully patched, Windows and all third-party apps.  

Also, configure endpoint browsers to only execute plug-in content when clicked, rather than automatically.  Uninstall apps that are not absolutely needed, make you attack surface as small as possible.

3.  Click-to-Play & Whitelisting.

Some browsers like Google Chrome and Mozilla Firefox allow you to enable click-to-play for plug-in based content, which can stop the automatic execution on exploits that target browser plug-ins.  Deploying a whitelisting product on all machines is also something you could look at – whitelisting will stop ransomware cold.

4.  Lifecycle Malware Detection

Technologies for lifecycle malware detection carry different names, including targeted threat protection (TTP), targeted attack protection (TAP), and “click-time link scanning”.  Whatever you call it, you want it in place.

5.  Company-Wde Internet Acceptable Use Policy

Having an Acceptable Use Policy (AUP) in place that forbids employees to use their machines for private browsing and have an edge device that blocks selected groups of websites (like all social media) is also something you should have in place.

6.  Prepare Yourself.

You could also open an account with coinbase.com get approved (it takes a few days), create a wallet, and buy a few Bitcoin “just in case” you get hit and your backup fails.

7.  Prepare Your Employees.

And obviously stepping all employees through effective security awareness training is a must these days.

Ask About Our Affordable ‘Core Security’ Plan

 

Got Cyber-Bugs?

Call 1-204-800-3166

For Cyber-Extermination!

We Make I.T. Work!

Home Depot Lawsuit

There have been a speculations that there will now be multiple class-action lawsuits filed against Home Depot based on the fact that they were negligent in regards to their IT security.

Some ex-employees from the Home Depot IT department are now claiming that management of the retailer had been warned for years that their Point Of Sale systems were open for attack and did not act on these warnings.

These same ex-employees claim that Home Depot relied on an antivirus program that was not being updated with new definitions. As well, security scans were done very irregularly, and only on a small number of stores, which meant that they were not able to detect any breach or see any unusual actions.

Moral of the Story?

Updates, updates, updates.  

Ask About Our ‘Core Security’ Plan!

 

Got Cyber-Bugs?

Call 1-204-800-3166

For Cyber-Extermination!

We Make I.T. Work!

 

Alert:  POS System Updates

It has come out that the security breaches at Target and Home Depot had yet another thing in common. Both security breaches were both allowed by a vulnerability in XP embedded that was more than 10 years old.

The XP embedded, which is used in their POS systems was Windows XPe SP3, which is not the last version of the XP-based embedded OSen.

In both cases, the security breach could have been avoided if they had upgraded to Windows 7 for Embedded Systems.

Specific malware has been created the past decade for embedded XP systems, which uses a technique called “RAM scraping”. Once the malware is in the system, it can pretty much do what it wants and take as much credit card data as it would like.

This is possible because Windows XP has relatively weak memory access protection, whereas Windows 7 memory protection is much better.

There’s two big points to be made here:  1.  Don’t skimp on IT support, and 2.  Make sure you upgrade your computer.

Had these companies not skimped out on their IT support, their computers would have been properly protected, and there would have been no security breach.

Ask About Our ‘Core Security’ Package!

Got Cyber-Bugs?

Call 1-204-800-3166

For Cyber-Extermination!