Ransomware attack causes a US Telemarketing Company to shutdown before the Holidays

Ransomware attack causes a US Telemarketing Company to shutdown before the Holidays

Last year before the holidays, an Arkansas-based telemarketing firm was hit by ransomware.  Their employees at the time didn’t even know they were hit by it, however they felt the repercussions of the attack.  More than 300 employees were sent back to their homes and told that it would be best to try looking for another job as a worst-case scenario if they are unable to recover their data.

The attack that happened on October 2019, forced the CEO of the company to send a letter informing their employees of the situation.

“Unfortunately, approximately two months ago our Heritage servers were attacked by malicious software that basically ‘held us hostage for ransom’ and we were forced to pay the crooks to get the ‘key’ just to get our systems back up and running,” wrote Sandra Franecke, the company’s CEO, in the letter sent to employees.

With the initial recovery plan failing, it was estimated to only take 1 week, management decided to suspend operations while the process is ongoing.  However, many of the 300 employees are doubtful that the company will be able to survive this situation.

This situation is not as uncommon as you would think it is.  In the last few years, many other companies have decided that a ransomware attack was too costly for them to recover and ended up shutting operations down.  One example would be a Medical practice in Michigan opting to end their operations 1 year earlier than planned rather then deal with the fallout of a ransomware infection.

Situations like this could have been avoided given that they were able to:

  1. Have proper security measures implemented to detect and isolate suspicious files
  2. Had their data recovery plan regularly tested or had on implemented in the first place.

If you would like to learn how we at CT Link Systems, Inc. can help you company better secure your IT environment or even ensure that you have a good BCDR plan in place, Contact us at 8935 9515 and we would be happy to help you!

Recovery Failure: Spotting What Went Wrong

Recovery Failure: Spotting What Went Wrong

Everyone knows that backup is critical to a business’ operations to ensure that everything keeps going in a case of an unforeseen disaster. However, many businesses do not have backups until a disaster strikes, and for those who do have their backups, they can sometimes fall into a false sense of security.

One good example of this would be from a customer of Unitrends, large entertainment complex’s IT department (name is withheld for the reputation of the client).

Background

The IT division was responsible for multiple critical business operations which include the SQL Server databases, file shares, and customer loyalty systems. All of which were based on an on-premise data center. They ensured that they used best practices to protect the apps and data while also ensuring they had security up such as firewalls and a virus scanner. They also made sure to keep employees who had access to the corporate network aware of risky actions on the internet through training.

They were using Veeam to back up their primary data center while storing their backups locally and replicating to a remote site on a separate building on the property. All of this done through the corporate WAN. They also made sure to backup and test regularly to ensure that they could recover in the case of an unforeseen disaster.

However, even with all this precautions in place, there came a day when departments across the organizations contacted them saying that they could not access their applications. They could not find the problem until they saw that ransomware had started popping up on their screens.

No matter how much you train someone, as humans we are prone to errors. Someone clicked a link and infected the network. What made the situation worse, the ransomware actively sought the backup and immediately infected it as well.

Avoiding this scenario

So, what can you do to ensure that your backup stays safe?  Below are a few suggestions that can help your company prepare:

Phishing simulation – You must continuously educate your employees that they and the business is constantly under attack. Many companies are turning to products to educate employees by conducting simulated phishing attacks and security awareness training. Consider a product such as Bullphish ID by ID Agent.

Deploy Linux-based backup appliances – To avoid this and other Windows ransomware issues Unitrends backup and recovery appliances are delivered in hardened Linux.

Utilize cloud storage – Get your backups way offsite and physically disconnected from your production environment with Unitrends Cloud.

To learn more about Data Protection or Unitrends Solutions, you can contact us at 8893-9515 and we would be happy to answer your inquiries!

PlunderVolt: A new Vulnerability found in Intel Processors

PlunderVolt: A new Vulnerability found in Intel Processors

Academics from three universities across Europe have disclosed today a new attack that impacts the integrity of data stored inside Intel SGX, a highly-secured area of Intel CPUs.

It was reported by three academics from three different universities across Europe that a new attack was re that affects the integrity of data stored in the highly-secured area of Intel CPUs called the Intel SGX.  The attack exploits an interface which is in charge of controlling the voltage regulation of the Intel processor, this interface is something that many gamers will recognize as it is the same one that is used to overclock their CPUs.  The attack is aptly named, Plundervolt.

How it works

Plundervolt only targets Intel Software Guard eXtensions (SGX). The Intel SGX, for those unfamiliar with it, is a powerful security feature that is found on all modern Intel CPUs that keeps very sensitive data for applications to ensure that other applications are unable to access it.

By using the CPU’s energy management interface, it is able cause some changes in the SGX data just by altering the electrical voltage and frequency of the SGX memory cells. This causes bugs and faults appear within the data and operations which SGX handles.  Meaning, instead of destroying, Plundervolt sabotages output to weaken the encryption of SGX and even cause errors within apps that might have not been there before to exploit and steal data.

However, unlike other attacks, Plundervolt cannot be exploited remotely like luring users into a website and then being able to execute the attack.  Plundervolt needs to run from an app of an infected hosts with root or admin privileges.  So getting a successful attack may be harder compared to other attacks but once they are able to get in your system, they will be able to exploit your system much faster than most other attacks.

What Intel CPUs are infected and where can we get a fix?

According to Intel, the following CPU series are vulnerable to Plundervolt attacks:

Intel® 6th, 7th, 8 th, 9th & 10th generation CoreTM processors

Intel® Xeon® Processor E3 v5 & v6

Intel® Xeon® Processor E-2100 & E-2200 families

Plundervolt is nothing that end-users should worry about. It’s an attack vector that is of little interest for malware authors since it’s hard to automate at scale. It is, however, an attack vector that could be weaponized in targeted attacks, against specially selected targets. If Plundervolt is a serious threat depends on each user’s threat matrix.

For those who are looking for the update to fix this vulnerability, you may refer to the microcode and BIOS update here.

For any inquiries with regards to this vulnerability or any other security questions, you may call us at 8893-9515 and we would be happy to help you!

Liberty Mutual: An Insurance Case Study for Office 365

Liberty Mutual: An Insurance Case Study for Office 365

In the insurance industry, business is all about protecting valuable items of people.  This is why insurance industries need to make sure that they are using tools and technology that serve to bring their clientele sufficient protection.  This is to help make sure that their products and services stay innovative.  A good example of a company doing this in practice is Liberty Mutual.  With more than 50,000 employees and 900 global locations, Liberty Mutual is one of the few in the industry that experience business on a large scale.

This is why they have a few unique problems that they run into as a bigger insurance business.  They are forced to compete with many internet startups who have the advantage of mobility through the use of cloud-based technologies.  They also need to take care from their other competitors as well who try to disrupt their value chain and build stronger relationships with their client base.

To overcome these challenges, Liberty Mutual had to make a change, a digital transformation.  Microsoft office 365 and power BI were just the products to help them start this journey.  Office 365 improved the collaborations of their worldwide team.  They are able to share insights more conveniently, helping them with the product development process and shorten the time for breakthroughs for products the import and export globally.

Analytics is also a very important ability to have in the industry.  Office 365 has helped Liberty Mutual through faster response to market changes.  They are now moving to a more agile development process in which smaller groups from multi-disciplinary employee groups are able to collaborate on new products with more efficiency.  Chat-based real-time collaboration has increased their proportion of people across their company who normally could not collaborate with each other through regular means.  Analytic tools as well is the other way in which helped them increase their efficiency, this is where Power Bi comes in.  With just the right amount of user friendliness and high-level insights, even departments like Claims, Legal, Reinsurance and HR are able to quickly pick out information from just the dashboards and KPIs.

With new tech savvy recruits, they are now accustomed to wanting mobility compared to on-premise workstations.  They need to be able to have access to what is normally on-premise on the go, this is not only a storage concern but also security one.  Office 365 helped them as they are able to access their documents and emails on the go while still maintaining a high level of security for their employees.


To learn more about Office 365 and other Microsoft products, you may contact us at 8893-9515 and we would be happy to answer your inquiries!

University Medical Center Groningen: Citrix Endpoint Management Case Study

University Medical Center Groningen: Citrix Endpoint Management Case Study

As one of the largest hospitals in the Netherlands, the University Medical Center Groningen (UMCG) boasts close to 11,000 employees and have a wide number of patients who come for various reasons.  May it be for basic care, specialized diagnostics or even examinations, the doctors, nurses, and support staff work to give their patients the best of their abilities.

The Challenge: Organizational adopting mobility

Usually, most sensitive care data would be placed in one secure safe.  However, with the industry growing with more specializations, data must be now shared to multiple people who need it like specialists, general practitioners, peripheral hospitals and even the patient themselves.  Even employees are now becoming more mobile and not just working in the hospital but working even on the move or at home using their own devices.  These can cause security risks for UMCG if not properly addressed.

The Solution: Citrix Endpoint Management

UMCG has been a long user of Citrix solutions, they have been using Xendesktop (now known as Virtual Desktop) on thin clients before they considered Citrix as a way to alleviate their current problems.  To help solve their current issue, they are looking to use Citrix Endpoint Management (Formerly Xenmobile) and Citrix Sharefile.  With the use of Citrix Endpoint Management, UMCG was able to lower their investments, let them have a better picture of their environment while giving them more flexibility.  They were even given the preference to have their Citrix Endpoint management housed in their own data center. This is crucial for safety and redundancy to ensure its continuity and performance as it is a business-critical system with 5000 mobile devices.

With so many devices, not all of them would be feasible to be company owned.  Therefore, UMCG has opted to use Bring Your Own Device (BYOD) structure.  However, to ensure that the network is secured, UMCG has imposed if they were to choose a BYOD then they would need to install a Citrix Agent on said device to ensure that Citrix can manage the security of the network.

To UMCG, the Citrix mobility solution achieved their goal of making their information as available and consistent as possible. It helped isolate data to ensure that their data was secured in a sandbox environment while also giving them a simplistic approach to manage their mobile devices.  This worked well since they were already existing Citrix customers, making the integration process smoother.


To learn more about Citrix solutions, you can contact us at 8893 9515 and we would be happy to answer your inquiries!

Cloud One: A Trend Micro Solution for Cloud Builders

Cloud One: A Trend Micro Solution for Cloud Builders

With cloud technology advancements, more businesses are now connecting to the cloud to solve their IT needs.  This is why the cloud infrastructure services market is now filled with different vendors, this has also caused many stakeholders to become involved in these infrastructure decisions.  This has made cloud security even tougher.  To be able to maximize the benefits of the cloud, you need to be able to balance both your business objectives and cloud security to ensure the least amount of complexity.

Cloud One, a security services platform for cloud builders, delivers the broadest and deepest cloud security offering in one solution, enabling you to secure your cloud infrastructure with clarity and simplicity.

Cloud One will be able to help provide you by providing a powerful security which leaves you leverage to take the benefits and efficiencies that the cloud has to offer to your business.  Being designed with multiple services to make sure that specific cloud security needs are addressed, Cloud one gives you the leg room you need to solve your present challenges while still being able to help you with future cloud needs.

With support for all major cloud platforms, and solutions that integrate directly into your DevOps processes and toolchain, Cloud One is designed to provide the flexibility you need without slowing down your business or application delivery.

Benefits of Cloud One

Automated

Security as code lets your DevOps teams bake security into their build pipeline to release continuously and frequently. With built-in automation, including automated discovery and deployment, quick-start templates, and our Automation Center, secure your environment and meet compliance requirements quickly.

Flexible

Builder’s choice. Security for your hybrid cloud, multi-cloud, and multi-service environments, as well as protection for any vintage of application delivery—with broad platform support.

All-in-One Solution

One platform that has the breadth, depth, and innovation required to meet and manage your cloud security needs today, and in the future.


To learn more about Cloud One and other Trend Micro Solutions, you can contact us at 8893 9515 and we would be happy to answer your inquiries!

The State of Data Protection in 2019

The State of Data Protection in 2019

Unitrends has been doing an annual survey these past 5 years to find out the state of data security to see if improvements have been made to companies overall.  With more than 400 companies joining the survey, it was found out that data loss is still a prevalent problem despite us having better technology which should have prevented many cases.  This can be attributed to challenges such as reduced IT budgets and headcounts.  It was also found that cloud-based solutions such as DRaaS (Disaster Recovery as a Service) and direct-to-cloud back up of PCs and servers are now on the rise.

The challenges of Data Protection

One of the most basic job requirements for IT is to protect corporate data and keep the business applications running. However, that requirement is getting increasingly more difficult due to a variety of circumstances.

Organizations have seen a rise in their storage that require protection in the last four years, this has forced organizations to look for ways to keep their storage costs down.  This is seen from the data that organizations that needed 100TB of data has gone up from 11% of respondents in 2016 to 31% this 2019.

Organizations have also had their expectations for fast recoveries increased in the past 5 years.  An increase of 12% was seen compared to the last as organizations are now expecting to recover from downtime in less than 4 hours.  This increases the IT requirements that needs to be used from the existing tools an organization uses to procedures that need to set in place to ensure it happening.

Another thought to keep in mind is the direction in which customers plan to do with their data in the near future.  Many respondents of Unitrends’ survey have said that their direction is to move a larger percent of their enterprise data out of the traditional on-premise data center.  Although endeavors like this take a while, many years in fact, it is something worth considering when you are working on your road plan.

To learn more about your Data Protection options, you may contact us at 8893-9515 and we would be happy to help you with your inquiries!

Microsoft Whiteboard is now available on Web and Teams!

Microsoft Whiteboard is now available on Web and Teams!

Microsoft has recently made available Microsoft Whiteboard for web for all commercial Office customers!  For those who are not familiar, Microsoft Whiteboard is an app which Microsoft hopes to help in the brainstorming process of companies and schools.  This is another collaboration tool in which can be used anywhere and on any of your devices (as of now it is available for windows devices only) in real time.  They have also provided multiple templates on Whiteboard to help you get started on your collaborations, below are the templates available on Whiteboard now:

  • Brainstorming  
  • Effective meeting 
  • KANBAN sprint planning 
  • SWOT analysis 
  • Problem solving 
  • Project planning 
  • Retrospective  
  • Project milestones 
  • KWL (Know, Wonder, Learn) for education 

Run effective Teams meetings with Whiteboard

Besides the web release, you will now be able to use Whiteboard during team meetings to better collaborate.  All you need to do is click Whiteboard under the share option and you will automatically share it across all meeting participants and start collaborating without leaving the team experience.  This helps add variety to Teams meetings for when scenarios such as diagramming, expressing ideas, capturing agenda items and follow ups and remote training are needed. 

To learn more about Microsoft products, you can contact us at 8893-9515 and we would be happy to help answer your inquiries!

Citrix SD-WAN: delivering superb experience with high security and reliability

Citrix SD-WAN: delivering superb experience with high security and reliability

Have you considered using SD-WAN in your business?  If you have, I’m sure you have been overwhelmed by the sheer number of different vendors who claim that they have SD-WAN.  The truth of the matter is, out of those nearly 50 vendors who claim to have SD-WAN, maybe only less than half really are SD-WAN products.  Many vendors like to claim that they have SD-WAN to gain your awareness or to get recognition in the future.  However, they are not true SD-WAN products and just add confusion to your purchasing decisions.

Gartner has also made the effort into reduce the overcrowded segment by cutting down its evaluation to 20 vendors, one of these vendors is Citrix.  Citrix has worked to ensure that its SD-WAN solution not only helps your company now, but also has a clear and long-term product road map.  This is what makes Citrix trusted globally by their customers in healthcare, finance, manufacturing, and retail industry.  They all agree that its reliable solution helps to balance the high expectations of experience, security, and choice.

Citrix SD-WAN solution is designed to improve your workspace experience for productivity and to task users together by simplifying provisioning and day-to-day management for IT and networking professionals.  This can be seen in an improvement to cloud based applications such as Office 365.  Employees from branch offices accessing Office 365 would be able to see a superior performance no matter where it is located due to Citrix partnering with Microsoft for a better egress and support via a partner box in their servers.

For customers moving to the cloud, Citrix SD-WAN can help you securely enable local branch-to-internet breakouts through a built-in stateful firewall.  It has been recognized as a robust solution for branch connectivity to the cloud as well as a solution for your single and multiple data centers.

Maximizing the use of available bandwidth with sophisticated link bonding and network-path conditioning helps mitigate loss, and avoid the jitter and latency issues, while providing efficient and reliable throughput for business-critical applications.

To learn more about Citrix SD-WAN, you can refer to the original Citrix article here, or you can contact us at 8893-9515 and we would be happy to answer all your inquiries!

Cloud Security: The Shared Responsibility Model

Cloud Security: The Shared Responsibility Model

Have you ever asked yourself what the biggest threats are in the cloud?  The answer may not be what you’d expect it to be.  Rather than big named malware or cyber attacks, the biggest risk in the cloud happens due to service misconfigurations.  Despite the cloud’s clear operating model, teams continue to make simple mistakes or overlook the simple task of properly configuring the services they use in the cloud.

Security in the Cloud is a shared responsibility as both customer and provider has their respective responsibility, these are usually based on the Shared Responsibility Model.  The model defines which segments each are responsible for.  At a glance, are you doing your part?  Or did you assume it was handled by your provider?

One common misconfiguration misstep comes from pre-configured deployment services.  Most misunderstandings arise from thinking that after being given the configurations that they too will handle update patching and even maintenance of said configuration.  It falls on you the user to do these responsibilities and make sure that your system is safe!

Another common cause of misconfiguration is from human error.  As per our nature, we are bound to make errors along the way when working even if we take as much precaution as we can.  This is where automation can help make sure that these errors don’t occur.  Let’s say the operating system your team uses for your systems has a new patch that needs to be deployed. Instead of someone patching each of the production virtual machines, that team member should patch the original template of the virtual machines and a build system should redeploy production.

For safety measures as well, it is always in best practice to verify that your providers are doing their part in keeping you secure.  This is not to say that your provider is not doing their job, usually the 3 big cloud providers have an overwhelming amount audit evidence you can browse, its always just better to keep the habit of counter checking when security is involved.


Interested in learning more about our Cloud Security Solutions?  Contact us at 8893-9515 and we would be happy to answer your inquiries!