Security Tips: Business Email Compromise (BEC) Schemes

Business Email Compromise (BEC) Schemes

In the past few years, millions of dollars have been lost to fraudsters and scammers.  However, not all have been lost through malware attacks such as ransomware.  Business email compromise (BEC) schemes are sophisticated attacks focused mostly on companies who do wireless transfers frequently.  The FBI have estimated that nearly $750 million dollars have been lost to this type of schemes and affected more than 7,000 people between October 2013 and August 2015.  Below are a few versions of the scheme:

 

The Bogus Invoice Scheme

Referred to as “The Bogus Invoice Scheme”, “The Supplier Swindle”, and “Invoice Modification Scheme”. This scam is usually done by using the name of established partners of the business, they impersonate being an employee of the established partner while asking for wire funds for invoice payments to their fraudulent account by using a spoofed email, telephone, or facsimile.

CEO Fraud

Also referred to as “CEO Fraud”, “Business Executive Scam”, “Masquerading”, and “Financial Industry Wire Frauds”. The scammers impersonate high-level executives (CFO, CEO, CTO, etc.), lawyers, or other types of legal representatives while urging the victim that they are handling confidential and time-sensitive matters then pressuring the victim into wire transferring funds to a separate account which they control.

Account Compromise

In this scam, an email account of an employee is hacked and then used to make requests for invoice payments to fraudster-controlled bank accounts. Messages are sent to multiple vendors identified from the employee’s contact list.

Data Theft

This scam usually involves compromising an email of a role-specific employees (usually HR) in the victim’s company, then using the said email to gather identifiable information of other employees and executives which is later used as a jump-off point for more damaging BEC attacks to the company later on.

Below are some quick prevention tips on how you can avoid these types of attacks:

Prevention tips

  • Carefully scrutinize all emails. Be wary of irregular emails that are sent from C-suite executives, as they are used to trick employees into acting with urgency. Review emails that request transfer of funds to determine if the requests are irregular.
  • Educate and train employees. While employees are a company’s biggest asset, they’re also usually its weakest link when it comes to security. Commit to training employees according to the company’s best practices. Remind them that adhering to company policies is one thing, but developing good security habits is another.
  • Verify any changes in vendor payment location by using a secondary sign-off by company personnel.
  • Stay updated on your customers’ habits including the details, and reasons behind payments.
  • Confirm requests for transfer of funds when using phone verification as part of two-factor authentication, use known familiar numbers, not the details provided in the email requests.

 

To learn more about BEC attacks, you can read a more in-depth article from our partner’s, Trend Micro, informative article here.  If you have inquiries that you would like answered about this topic, you can also contact us at 893-9515 and we will be happy to help!

CT Link Becomes a VMware Enterprise Partner!

On June 29, 2018, CT Link officially signed up to become a VMware enterprise partner.  VMware’s core business focuses on support to modernize data centers, integrating public cloud, empowering digital workspaces and transforming security for its clients.  These focuses have helped VMware become one of the leading figures in the virtualization software market and a main reason why CT Link Systems, Inc. has decided to be an official partner focusing on products such as vSphere and vSAN.

VMware vSphere virtualizes and aggregates the underlying physical hardware resources across multiple systems and provides pools of virtual resources to the datacenter. As a cloud operating system, VMware vSphere manages large collections of infrastructure (such as CPUs, storage, and networking) as a seamless and dynamic operating environment, and also manages the complexity of a datacenter.

VMware vSAN on the other hand, is a hyper-converged, software-defined storage (SDS) product that pools together direct-attached storage devices (storage that is used individually and not accessible to others) across a VMware vSphere cluster to create a distributed, shared data store.

For those who are interested in learning more about VMware we will be releasing a more in-depth article on the vSphere and vSAN soon!  If you wish to learn more about it now, you can contact us at 893-9515 and we will be happy to answer your inquires!

Ransomware Lunch & Learn With Cisco!

Ransomware is becoming more prevalent now as more companies are starting to have their networks infected with these disruptive malware.  With this in mind, Cisco has been improving their security portfolio to keep your IT infrastructure same from these malicious malware attacks.  Learn more about it from our Cisco experts on July 17, 2018 at Discovery Primea at our Ransomware Lunch & Learn event!  Get a chance to win a Smart TV and other goodies as well as you learn more about how you can stay safe from ransomware attacks.  To learn more about the event or how to register for it, please contact us at 893-9515!

Microsoft To-Do adds New Features Steps and List Sharing

It’s now been over a year since Microsoft has released To-Do, it’s intelligent task management app which was developed by the team behind wunderlist.  With it being integrated with Office 365, the team has been collecting a multitude of feedback from users and have now released them in a couple of updates throughout this year.

One of these updates would be Steps which allows you to create sub-tasks to your main tasks to help break it down to smaller actionable items to help you focus on finishing the said task.  The number of steps will be displayed on the task to help productivity so that you know how far you are in that specific task.

 

Another update which was just recently announced was the feature of List Sharing.  List Sharing allows you to share your To-Do list with others so that collaboration will be easier as others may see your progress on your tasks or update it as tasks or Steps are accomplished.  This can be done through sharing a link to the ones you want to share your list with and once you are finished collaborating with whomever you are working with while still retaining the option to stop sharing it.  Microsoft says that this update will be available for most Office 365 users by mid June.

To learn more about To-Do on Office 365, you may contact us at 893-9515 so we can better help answer your inquiries!

Malware VPNFilter is on the Rise as Infected Routers Increase

On May 24, a report was published by security researchers upon the discovery of a group who had infected more than 500,000 home and small-enterprise routers in at least 54 countries with their malware VPNFilter.  This malware can attack, collect research, steal key credentials, monitor SCADA protocols, and install a kill command to destroy your device via your infected router.  These attacks have been happening since 2016, however there has been a spike in infections in recent weeks, mostly in Ukraine.  This has prompted the researchers to publish their report early due to its high threat and vulnerability level to the identified systems involved.

From observations from the researchers, they’ve noticed that VPNFilter’s infection goes through 3 stages:

Stage 1

Infected router enables the deployment and spread of the malware by locating target servers with downloadable images from Photobucket.com, extracting an IP address, and recognize several types of CPU architectures running on Busybox and Linux-based firmware. Redundant command and control mechanisms identify and adapt, such that if the Photobucket download fails, Stage 1 will download from ToKnowAll.com. It also listens for a trigger packet from the attackers, checking for the IP from api.ipify.org and stores it for later use. In this stage, the core malware code survives in infected systems even when rebooted.

Stage 2

It deploys intelligence collection such as file collection, command execution, device management and data exfiltration. It also deploys self-destruct capabilities. It can assess the network value the server holds, especially if the system holds potential interest to the threat actors. The actors can then decide if they can use the network to continue gathering data or use the system to propagate through the connections. The self-destruct function in this stage overwrites critical portions of the device for a reboot directive, destroying the firmware once attackers trigger the built-in kill command and leaving the device unrecoverable.

Stage 3

This stage contains modules that act as plugins for Stage 2. One packet acts as a sniffer for collecting data and intercepting traffic, such as website credentials theft and Modbus SCADA protocols, while another plugin allows for automated communication to ToR. Other plugins that have yet to be identified were observed to be included in this stage.

According to the researchers, you should take the following steps to help protect your systems from VPNFilter:

  • Reset your routers to restore its factory default settings. Rebooting stops Stages 2 and 3 from running on infected devices, at least until Stage 1 reinstalls both processes
  • Update the router’s firmware immediately once the manufacturers release the patch

For Trend Micro Smart Home Network users, you can be assured protection from this threat with the following rules implemented:

  • 1054456 WEB Linksys Unauthenticated Remote Code Execution -1 (OSVDB-103321)
  • 1054457 WEB Linksys Unauthenticated Remote Code Execution -2 (OSVDB-103321)
  • 1055170 EXPLOIT Generic Arbitrary Command Execution -1
  • 1056614 WEB Cisco Linksys E1500/E2500 apply.cgi Remote Command Injection -1 (BID-57760)
  • 1058664 WEB Cisco Linksys E1500 and E2500 Router Directory Traversal Vulnerability (BID-57760)
  • 1058665 WEB Cisco Linksys E1500 and E2500 Router Password Change Vulnerability (BID-57760)
  • 1058980 WEB Cross-site Scripting -14
  • 1059209 WEB Cisco Linksys E1500 and E2500 Router OS Command Injection Vulnerability (BID-57760)
  • 1059253 WEB Netgear DGN1000 And Netgear DGN2200 Security Bypass Vulnerability (BID-60281)
  • 1059264 WEB QNAP VioStor NVR and QNAP NAS Remote Code Execution Vulnerability (CVE-2013-0143)
  • 1059672 WEB Cisco Linksys E1500/E2500 apply.cgi Remote Command Injection -2 (BID-57760)
  • 1132723 WEB GD Library libgd gd_gd2.c Heap Buffer Overflow -1 (CVE-2016-3074)
  • 1133310 WEB Netgear R7000 Command Injection -1.1 (CVE-2016-6277)
  • 1133463 SSDP Simple Service Discovery Protocol Reflection Denial of Service Vulnerability
  • 1133464 WEB Netgear WNDR1000v4 Router Remote Authentication Bypass
  • 1133572 WEB Shell Spawning Attempt via telnetd -1.b
  • 1133802 WEB Netgear NETGEAR DGN2200 dnslookup.cgi Remote Command Injection (CVE-2017-6334)
  • 1133908 EXPLOIT QNAP Transcode Server Command Execution
  • 1134566 NETBIOS MikroTik RouterOS SMB Buffer Overflow -1 (CVE-2018-7445)
  • 1134567 NETBIOS MikroTik RouterOS SMB Buffer Overflow -2 (CVE-2018-7445)

If you have further inquiries on the above malware, you may contact us at 893-9515 and we will be happy to answer them!

Meraki Wireless Health is Now in Beta!

Last January Cisco announced that they would be adding an exciting new feature for Meraki, the Meraki Wireless Health.  In essence, Wireless Health is a powerful heuristics engine which can promptly find errors which are affecting the end users experience across multiple stages of their connectivity, which includes association, authentication, IP addressing and DNS availability, then does a quick cause of analysis and response.

This helps IT administrators to quickly find out whether there are users who are able or unable to successfully access the wireless network and easily identify the problematic access points, clients, and failing connection stages that are the source of bad end user experience.  Being able to see all access points (AP) in a given network is a critical factor in having a successful end user experience by identifying and repairing problems to avoid lengthy and inopportune downtime and latency.

With this in mind, Cisco as recently announced that Meraki Wireless Health has become available to all existing MR customers at no additional cost or charge as a generally available beta feature.  To access it, you just need to navigate to Wireless > Wireless health in the Meraki dashboard.

To learn more about Meraki, you can visit our Product page here or directly contact us at 893-9515 and we will be happy to help you!

Wireless Big Data: A Tech Update with Cisco and Pure Storage

Wireless big data has the ability to provide in-depth information and analytics which allows operators to facilitate data-driven approaches for network optimization and operation. CT Link Systems, Inc. in partnership with MSI-ECS Philippines will be hosting a tech update on Cisco (specifically on Cisco Meraki) and Pure Storage this coming June 14, 2018 at M Cafe.  We hope to help further educate our attendees on how today’s businesses can benefit on the new innovations from both brands when partnered up with our CT Link business solutions.

To learn more about these solutions, you can email rcruz@ctlink.com.ph or contact us directly at 893-9515 to find out how you can register for this event!

HPE Announces SimpliVity Support for Microsoft Hyper-V and SimpliVity Workspaces for Citrix

May 8, 2018 – Hewlett Packard Enterprise (HPE) announced that HPE SimpliVity 380 would now be able to run with Microsoft Hyper-V and they have partnered with Citrix to be a Citrix Workspace Appliance Partner.  With these new offerings, HPE hopes to enhance its ability to provide high-performance virtual applications and desktops ensuring a faster and easier way to deliver secure digital workspaces in today’s hybrid cloud environment while also increasing its customer’s hypervisor options.

HPE SimpliVity 380 with Microsoft Hyper-V offers businesses with an easier IT infrastructure solution which simplifies the data center by converging servers, storage and storage networking into one simple to manage, software-defined platform so that businesses will not be limited by the legacy IT infrastructure which cannot make use of the current IT environment.

This has resulted in an increased business agility and economics in the cloud in an on-premise solution.  With the pre-integrated, all-flash, hyperconverged building block simplifies IT by combining all infrastructure and advanced data services for virtualized workloads – this includes VM-centric management and mobility, data protection and guaranteed data efficiency.

The latest HPE SimpliVity 380 with Microsoft Hyper-V solution offers HPE SimpliVity customers the following core benefits:

Enables VM centric management and mobility

HPE SimpliVity hyperconvergence enables policy-based, VM-centric management abstracted from the underlying hardware to simplify day-to-day operations. VMware customers benefit from this core value with 95% seeing value and IT simplification. Now Microsoft Hyper-V customers can achieve the same benefit.

Data protection

Customers now have access to a hyperconverged solution with full-featured, built-in backup and recovery at no additional cost. These data protection features include the resilience, built-in backup, and bandwidth-efficient replication needed to ensure the highest levels of data integrity and availability, eliminating the need for legacy data protection.

Data efficiency

Efficiency is delivered by powerful built-in data services including in-line deduplication and compression and novel data architecture to speed business continuity and enable workload mobility. Guaranteed data efficiency saves 90 percent capacity across storage and backup combined and the benefits include slashing recovery point objectives (RPOs) and recovery time objectives (RTOs) from days or hours to seconds, with a guaranteed 60-second restore for a 1 TB VM.

Besides the Hyper-V partnership with Microsoft, HPE has also partnered with Citrix with a collaboration between the two on a solution portfolio integration, which includes the new HPE SimpliVity 380 with Microsoft Hyper-V, in the Citrix HCI Workspace Appliance Program.  So that the customers don’t have to create their own solutions to deliver their virtualized application and desktops, the HPE and Citrix solution is already pre-integrated and pre-tested in the SimpliVity appliance.  Customers will also find that the appliance program will make it easier to deliver new workspace solutions while being managed seamlessly with Citrix during the course of its lifecycle.  Thus creating a new standard for customers to easily deploy their digital workspaces with multi hypervisor, multi-cloud flexibility resulting in truly a top-class digital collaboration and borderless, productive workplace.

To learn more about these partnerships, you may find the original article here or you may contact us directly at 893-9515 and we will be happy to answer your inquiries!

Cryptomalware attacks become more prevalent with the increased popularity of Cryptocurrency

Cyptocurrency has been a hot topic over the last year, you may have heard plenty of people investing in this currency (such as BitCoin) hoping to strike it rich as its value has been highly volatile.  As revolutionary of an idea as it is for the market, there also those who wish to profit through this new-found trend by using unscrupulous means as well.  This is apparent with the introduction of a new type of malware which specifically targets such users whom use cryptocurrency, cryptomalware.

Just like how there is variety with ordinary malware, cryptomalware comes in different forms as well, ranging from client-side web scripts to mobile applications.  As of now, the usual modus operandi of cryptomalware are to target your computer to use its computing power to mine currency or to directly steal currency by intercepting your purchases by rerouting your payments to the criminal’s wallets instead.  Even IoT devices are now being targeted by these hackers in a way to expand their operations, knowing that the computing power of these devices are not as powerful as servers or laptops.

Cryptocurrency mining unlike many other malicious malware actively uses your computer for its computational resources to mine cryptocurrency.  This process puts a great strain on infected device and could cause its lifespan to significantly decrease.  A recent study from Trend Micro found that the most detected home event was cryptocurrency mining, showing that this is becoming more prevalent now even in the average consumers home.  To help mitigate the threat, below are a few tips on what you can do to lessen your chances on getting infected:

  • Regularly update devices with their latest firmware to prevent attackers from taking advantage of vulnerabilities to get into systems.
  • Change devices’ default credentials to avoid unauthorized access.
  • Employ intrusion detection and prevention systems to deter malicious attempts.
  • Be wary of known attack vectors, such as socially engineered links, attachments, and files from suspicious websites, dubious third-party applications, and unsolicited emails.

For increased security against these threats, you may also want to consider getting a proactive security such as Trend Micro™ XGen™ security.  With high-fidelity machine learning that can secure the gateway and endpoint, and protect physical, virtual, and cloud workloads, it will give you that second layer of defense to help secure your endpoint from threats like cryptomalware.

To learn more about cryptomalware  you may check this link or you may contact us directly at 893-9515 and we will do our best to answer your inquiries.

Microsoft Azure: an Affordable and Flexible Infrastructure in the Cloud

Getting a business started from scratch can be difficult, then adding into the equation of your internal infrastructure?  Now that can be a real challenge for some, even daunting.  Not knowing exactly what specifications you would need at first for servers can be costly, though this can’t be helped as requirements can be grow as you are already in the process of operating.  Due to this reason, many have started to use the services of IaaS (infrastructure as a service) providers such as Microsoft Azure.

Elasticity is one characteristic of cloud computing and its biggest benefits.  This means that you can either stretch or shrink your cloud service usage at any given time to better fit the needs of your IT workloads.  You will be able to seamlessly add or remove virtual servers, storage, network services while paying only for what you use.  This benefit is more prominent when you are heavily using applications where work can be divided among multiple identical applications or services running on different machines.

One of its features, Azure Virtual Machine Scale Sets (scale sets for short), is an identical pool of virtual machines running an application you control.  Azure has tools for you in which you can build or configure the Virtual Machines (VM) the way you want it and also taking control of how many you have at any time.  With scale set, you can have an on-demand fleet of VMs doing whatever work needs to be done but will grow or lessen whenever you need it to or if it reaches a certain parameter you’ve stated.

Scale Set fundamentals

“Cattle versus pets” is a popular metaphor of cloud scaling, which is often credited to a former Microsoft architect Bill Baker.  If servers are like pets, each one is lovingly raised, tended to carefully and even individually named while even being nursed back to health when they are sick.  If they are treated as cattle than they are all interchangeable and do not need to be given names, and when they get sick you get rid of it and get another one.  In a way, scale sets give you a way to clone a herd of “cattle” which you are able to choose its size and breed at any given time at the cost of the herd being identical.

Something important to remember about Azure scale sets is that they are identical VMs.  This means that you can customize the first in the herd, but the rest will be exactly like the first.  There are multiple ways to define your scale set, through the Azure portal, manually via Powershell or the Azure command-line tools, and through an Azure Resource Manager (ARM) template.  From this definition, Azure will know what size VM instance you would like to use, its name, quantity of machines in the set, etc.  You can customize the VM used by the scale set to include your application in three ways: by creating a completely customized VM image and supplying it to Azure, by taking a prebuilt Windows or Linux image and installing your application when the scale set is started, or by customizing the image to include container software and then loading the application container when the scale set is started, each having its benefits.

For a more in-depth read on how Azure Virtual Machine Scale Sets works, you may visit the link here or contact us directly at 893-9515!