2018 Security Review: Looking at Old and New Threats

2018 Security Review: Looking at Old and New Threats

Cybersecurity is something all companies big and small need to pay attention to as more attacks are becoming increasingly more popular.  With company data being a corner stone of a business, it is no wonder attacks are becoming more frequent, if they can take your data then they can profit, its as simple as that.  Therefore, taking the time to review what has happened in the past is becoming more crucial in finding ways to make sure that you don’t fall victim to attacks that already have known fixes.  So, let’s look at some stats in 2018 from Trend Micro and see what the kind of attacks were done.

Messaging threats

Business emails are now a very important messaging tool within an organization or to external organizations and clients.  However, this has made it an attractive platform for cybercriminals as well.  In 2018, there was an increase of use of various messaging threats, there was an 82% increase in phising URLs compared to 2017.  There were also new modes of phising attacks done recently which made use of chats, SMS and other communication applications.

Besides phising, another form of messaging attacks that was widely used in 2018 was the business email compromise (BEC).  A BEC attack usually is done by either initiating or intercepting communication and to mislead employees to release or transfer funds to their own account.  This form of attack has a low success rate, however when it does succeed, the financial loss could be massive.

Ransomware

Ransomware on the other hand has seen a steady decline in 2018.  From the over 600,000 ransomware cases in 2017, now down to around 50,000 in 2018.  This can be attributed to more solutions readily available in the market that are keeping the threats at bay.

Cryptocurrency mining on the other hand has seen a new peak in 2018, with over 1.3 million detections, which is a 237 percent growth from the previous year.  There have been ample of ways that cryptocurrency-mining attacks have been perpetuated throughout the year, some examples are via penetration of ad platforms, popup ads, malicious browser extensions and many more.

To get a more in-depth security review, you may visit the original Trend Micro Security Review here.  If you have any inquiries on how to keep your business safe, please contact us at 893-9515 and we would be happy to help!

Security Advisory: SWAPGS Attack

Security Advisory: SWAPGS Attack

A new Security Vulnerability was recently announced by Microsoft which can be considered a variant of the old Spectre vulnerability.  This new vulnerability is called the SWAPGS attacks.  Its name comes from the fact that the vulnerability leverages on the “SWAPGS instruction”, one of the predictive executions within the affected processors which helps improve the speed of our computers.

So which systems are affected?

The researchers from BitDefender, the ones responsible for the discovery, have stated that the vulnerability affects all Intel CPUs manufactured from 2012 to the present.  However, Red Hat has also come out with its own security advisory  stating that the vulnerability affects x86-64 systems using both Intel and AMD processors, which AMD itself disputes as its own statement on this matter states they are not affected by the vulnerability.  The advisory also stated that from the industry feedback, they are not aware of a way to exploit this vulnerability of Linux kernel-based systems.

Is this attack easily executed?  Am I the target for these attacks?

With the details of these attacks fully disclosed, the chances of becoming a victim of these attacks are a lot higher.  However, as these kinds of attacks are very time consuming, cyber criminals would be more likely to attack more lucrative targets such as organizations or their key personal rather than target smaller individuals.

“Criminals with knowledge of these attacks would have the power to uncover the most vital, best-protected information of both companies and private individuals around the world, and the corresponding power to steal, blackmail, sabotage and spy,” Gavin Hill, vice-president for datacenter and network security products at Bitdefender warned.

What can I do to prevent this?

Firstly, this vulnerability was already included in the July 9 security update of Microsoft, so if you’ve already up to date with the security patches you don’t have to do anything.

As for existing Trend Micro users, given that this is a local type of vulnerability, Trend Micro IPS rule cannot be created for this. Vulnerability exploitable with only local access requires the attacker to either have physical access or be logged on to the vulnerable system. DPI can only detect attacks over the network.

As stated above, it would be best to immediately update your OS Security Patches, you may find a list below:

For more inquiries regarding this vulnerability, please do contact us at 893-9515 and we will be happy to answer them!

Beyond Office: Maximizing and Securing your investments with Office 365

Beyond Office: Maximizing and Securing your investments with Office 365

Are you Maximizing your Office 365 Investment? How about Securing Your Corporate Data?

So your business has invested (or is looking to invest) in Office 365, you’ve made sure that every user has a subscription and everyone is fairly happy using all the familiar office apps like Word, Excel and PowerPoint.  This however is only scratching the surface of your investment in Office 365, there is much more to office 365 then the office suite. 

Learn first-hand from our experts from Microsoft on how you can maximize your investment into office 365 as we take a look at some lesser used applications from the suite.  We’ll also be briefly be discussing one of the new security aspects in Office 365, Azure Information Protection (AIP), which will help you complete your DLP requirements in this age of digital transformation.

Get in touch with us at 893-9515 to learn how you and your company can register for this upcoming workshop!

How Citrix SD-WAN helped AgriFish provide better Connectivity at Sea

How Citrix SD-WAN helped AgriFish provide better Connectivity at Sea

The Danish AgriFish Agency, which oversees the Danish agricultural and fishing industries, is responsible for promoting the growth and responsible management of Danish natural resources. The agency works closely with farmers, fisheries, researchers, organizations and other governmental agencies to support its mandate. As part of its oversight responsibilities, the Danish AgriFish agency relies on a fleet of agency ships to inspect fishing activities in Danish territorial waters.

The problem that AgriFish encountered was the weak mobile coverage at sea, which the crew needed to access applications such as Microsoft Office as to communicate with those on land.  This forced them to have to go closer to shore to get enough reception, which was counter productive as they left the area of inspection most of the time.  This does not event factor in them manually managing their mobile connections as they had no visibility on what connections were functioning properly.

So how did they solve these issues?

They were soon introduced to Citrix NetScaler SD-WAN.  This solution helped them aggregate all their links so that instead of manually checking each link for the best connection, it would check each link and see which connection was best to use at the time, making sure each links were active rather than passive.  Combined with another Citrix solution, XenDesktop and XenApp, end users were able to remotely access their applications without and noticeable performance problems.

“Only one month after we went into production, the benefits were very obvious,” says Bjarne Lund, team manager for infrastructure development at AgriFish. “NetScaler SD-WAN consolidates multiple connections, so now the control vessel can make use of 3G/4G/LTE from all four cellular suppliers and satellite at the same time. The mobile coverage is increased dramatically.”

To learn more on how we can help you provide better connectivity to your remote sites, you may contact us at 893-9515 and we would be happy to answer your inquiries!

Ransomware Hits Florida Town, Costs them $500,000 in Ransom

Ransomware Hits Florida Town, Costs them $500,000 in Ransom

No matter how big or small your organization is, security is always something that should be considered when it comes to securing your business data.  This is especially so if you are mostly handling confidential data such as data from customers.  Unfortunately, a town in Florida learned this lesson the hard way as they were recently hit by a ransomware attack.  As their operations was put to a standstill, they had no choice but to pay the asking price of cyber criminals, 42 bitcoins (equivalent to $500,000).

This wasn’t the only attack that happened in Florida as well, another municipality ended up paying cyber criminals $600,000 when the attack severed their connection to important data.  The mayor of the town even stated that he could not believe that in such a small town they would encounter such attacks.  They aren’t alone however, during the past years many other organizations such as major hospitals were hit by ransomware and were forced to pay to gain access to business-critical data.

“Ransomware is the canary in the coal mine,” said cyber-security expert Kevin Beaumont, who argued that the spate of attacks showed organizations needed to get better at basic IT security.

What can you do to prevent this?

As stated above, one preventive measure is to make sure that your employees are briefed on basic IT security as to make sure they don’t fall to attacks such as phising to prevent criminals from getting into the network.

Another would be to have data protection measures up, you may even start with a simple back up set up.  This is to ensure that during time of attacks or system failures, you will have a starting point to recover instead of trying to get whatever you can from your infected systems.

You may also consider advanced security protection from vendors such as Trend Micro which can help detect and quarantine suspicious files and activities from the Server level or even on your multiple endpoints.

To learn more about these solutions and how we can help you, you may contact us at 893-9515 and we would be happy to find the best solution for you company!

Building an Autonomous Data Center for your Business

Building an Autonomous Data Center for your Business

Using Artificial Intelligence to Simplify operations – Unlock your Data’s Potential

Your business can’t afford any disruptions or delays. And you want nothing more than to spend less time on infrastructure. However, the complexity inevitably leads to unexpected problems and your days, nights, and weekends consumed taking care of infrastructure.  This is where HPE InfoSight can help your business.

Join us for our upcoming event, Building Autonomous Data Center, this coming July 11 at Holiday Inn Glorietta where you can learn first hand from our HPE Experts on how HPE InfoSight can help optimize and automate your business infrastructure!

If you would like to join the upcoming event, contact us at 893-9515 to learn how you and your company can register for this event!

Endpoint Security Redefined: OfficeScan to Apex One

Endpoint Security Redefined: OfficeScan to Apex One

Why Migrate to Trend Micro Apex One?

The threat landscape used to be black and white – you kept the bad stuff out and the good stuff in. Now its harder to tell the good from the bad, and traditional signature-based antivirus approaches alone are a weak defense against ransomware and unknown threats, which often slip through. Next-generation technologies help with some threats but is in no way foolproof, and adding multiple anti-malware tools on a single endpoint results in too many products that don’t work together.

Trend Micro Apex One uses a blend of advanced threat protection techniques to eliminate security gaps across any user activity and any endpoint.  It constantly learns, adapts and automatically shares threat intelligence across your environment.

We invite all our existing OfficeScan customers to join us this coming June 26, 2019 from 11:00 AM – 2:00 PM at Perfect Pint Greenbelt 2 to learn more about the benefits of migrating to Apex One.  To learn more on how to register for this event, you may contact your existing Account Manager or contact us directly at 893-9515!

 

Security Advisory: Microsoft Alerts Customers to Patch BlueKeep Vulnerability ASAP

Security Advisory: Microsoft Alerts Customers to Patch BlueKeep Vulnerability ASAP

In case you didn’t hear, another big vulnerability was reported by Microsoft on May 14, 2019 known as “BlueKeep” which takes advantage vulnerabilities of Remote Desktop Services (RDS), Remote Code Execution (RCE), and Remote Desktop Protocol (RDP).  However, BlueKeep only affects older version of Windows, so users of Windows 10 and 8 can rest easy.  The severity of the vulnerability though has forced the hand of Microsoft and they have actually made and released a security patch for its unsupported versions.  They have classified this vulnerability as a critical level threat.

This is why as of June 4, 2019, Microsoft once again urged its customers to apply the patch as soon as possible as more than 1 million devices are still vulnerable to the attack.  This is to avoid another widescale malware attacks like those of the WannaCry ransomware attack back in 2017.  Many companies were affected by the attack and caused many business operations to stop, more notably hospital operations.

What can you do to avoid being affected?

Microsoft has already provided the solution to BlueKeep, make sure you download the latest security patch for your corresponding OS (you can find the patches here).  You may need to reboot your servers to ensure the patch is running properly.

For those who are Trend Micro users, specifically those who use Deep Security, if you are unable to apply the patch due to other reasons, such as being unable to reboot your servers, please make sure that you apply the correct policy for the virtual patching of Deep Security to ensure the security of your servers.  Below is the Deep Packet Inspection (DPI) rule:

  • 1009749 – Microsoft Windows Remote Desktop Services Remote Code Execution Vulnerability

You can view the official Trend Micro article on it here.

For those who are looking into a longer-term solution, you can consider solutions such as Citrix Gateway and Virtual Apps to secure your remote connections to Windows servers.

To learn more about these solutions, you can contact us at 893-9515 and we will help introduce you to different options that you have to help prevent these kinds of vulnerabilities!

Cloud Backup vs. BCDR: The Difference Between the Two

Cloud Backup vs. BCDR: The Difference Between the Two

When discussing whether business’ have a business continuity and disaster recovery (BCDR) in place, many would say that they have some in place but really only have Cloud Backup in place.  So, what is the difference between the two?  Cloud backup, simply put, is backing up your data to a remote cloud-based server which is accessible to many different and connected resources.

While BCDR is focused more on ensuring that your business will be able to continue after a disaster, whether it be natural or due to human error.  Business continuity focuses more on the continued activity or how fast your business can go back into operation after a disaster, while disaster recovery refers to the set of policies which are put in place to protect your business’ technology infrastructure.

You can separate backup, disaster recovery, and business continuity by the time it takes to restore and/or recover your data and get back to work.  BCDR plans can help you speed up recovery time from days and weeks to simply just minutes or hours.   Below are three main reasons why businesses should have a proper BCDR plan in place:

To prevent downtime and loss of revenue

Businesses usually can’t afford downtime as it can significantly affect profits, with a BCDR plan, you can minimize the downtime and loss of revenue you would incur.

To prevent data loss

A BCDR plan in place can help you prevent the loss of data to ensure that your business can still operate, a study once found the 87% of businesses that lost access to their data for more than a week would eventually close down a year later.

To protect the business reputation

With how consumers expect most business to accommodate them 24/7, it can damage the business reputation once long periods of downtime is experienced by consumers.  With a BCDR plan in place, you can help prevent these types of reputation losses from happening.


To learn more about BCDR solutions, you can refer to our product page here, or you can contact us directly at 893-9515 and we will be happy to help you!

A Closer look at Processor Vulnerabilities

A Closer look at Processor Vulnerabilities

The past few years has been rough on processor security, this especially for Intel as one of the biggest processor vulnerabilities Meltdown and Spectre was for nearly all their modern CPUs.  Although patches came out almost immediately to solve these issues, this was just the start to the security vulnerabilities as other attacks such as MDS (Microarchitectural Data Sampling) have been popping up.  So why are these vulnerabilities and security flaws only now coming to light?  These issues actually are quite complex and would need a further understanding of the advances of CPU technology such as the following below:

  • L1/L2/L3 caches
  • Speculative execution
  • Pipelines and buffers
  • Hyper-Threading

If you are unfamiliar with the above technologies, they basically function as ways to help improve the speed of the CPU.  In theory, without these components, we could have a much more secure processor at the cost of performance.  Vendors are caught in a predicament of wanting to increase performance but also have to consider the security implications of newer technology.  This shows in the patches for recent vulnerability fixes which brought performance down of the CPU by 5-30%.  The latter number can be alarming but does not usually affect home users as the 30% is more frequent for servers.

Although vendors are still working on improving their security to prevent future vulnerabilities from happening, there are still ways to make sure that your data is protected like adding an additional layer of security.  With the help of 3rd party security vendors such as Trend Micro can help with products such as Deep Security through virtual patching.

To get a more in depth understanding of the processor vulnerabilities, you can refer to this article here.  To learn more about Trend Miro Deep Security, you can visit our page here or contact us directly at 893-9515 and we will be more than happy to answer your inquiries!