Information Technology News & Information

New Ransomware on the Rise!

New ransomware, Nemty, has been discovered according to the report from BleepingComputer. Nemty, as security researchers are calling it, has the possibility to spread using compromised Remote Desktop Protocol (RDP) connections. Nemty, like all other ransomware, holds the victim’s files hostage, deleting all shadow versions of the files while disabling the victim from any attempted recovery options. Payment is then required via bitcoins, which average about $1,000. Those infected will be prompted with this message: Unfortunately, being so new, a known fix is not available, but security researchers are working diligently to find a fix. While RDP is suspected to be the method of distribution for the ransomware, researchers have not yet confirmed this finding.  Most ransomware is distributed through phishing emails. If RDP is the method of distribution, confirming hackers have gained higher access to the machine, cutting out the middleman, and giving them full control of the computer. If you would like to find out more about how Hammett Technologies can keep your company safe, click here!

Information Technology News & Information

Security Holes Found in Android Phones

Security researchers have discovered a security hole in Samsung, LG, Huawei, Sony, and other Android-based phones, leaving multiple users vulnerable to phishing attacks through text messaging. The exploit takes advantage of the over-the-air (OTA) provisioning. Security researchers discovered that the industry standard of OTA provisioning, Open Mobile Alliance Client Provisioning (OMA CP), can be hacked into, allowing attackers to pose as network operators, sending false OMA CP messages to users. If hackers successfully gain access to the OTA, they can use OMA CP to send messages similar to the one above. These messages will ask the user to install new settings on applications. Upon installing, all traffic will then be redirected through a proxy server owned by the attacker, allowing them to read sensitive information. Out of all Android devices affected, researchers agreed that Samsung is the most vulnerable to this attack. Due to the lack of authentication on received OMA CP messages, users only need to accept the CP to install the malicious applications on their phones. Phones from Huawei and Sony do have a secondary defense against CP messages through the International Mobile Subscriber Identity (IMSI). However, hackers can also obtain this relatively easily. One such way was to download a malicious app meant to read the IMSI off a user’s phone. Another way, which entirely bypasses the IMSI is if the attacker sends the user a text message asking them to accept and install a pin-protected OMA CP message. If the pin is entered, the malicious software will be installed on the phone, completely bypassing the IMSI. If you are unsure if the message on your screen is from a trusted supplier, you should contact your service provider before continuing the installation. Small precautions like this can save you both time and energy in the future and prevent your sensitive information from being read by untrusted individuals. If you are worried about the security of your devices, consider contacting Hammett Technologies! Our team of trained professionals will make sure all your connected devices remain secure and up to date, saving you the headache! If you would like to learn more about what we do, click here!

Information Technology News & Information

Event Log Management for Safety and Compliance

Computers around the world are continually generating records that occur. While some of these are routine checks, others are hostile, aimed at gaining access to or even destroying your network. However, by checking and reviewing the log files, you can stay on top of these issues. From malware, damage, and loss and legal liabilities, log files contain all the day to day information of your network. Therefore, it is important to practice event log management daily. It must be collected, stored, analyzed, and monitored to meet and report on regulatory compliance standards like PCI and HIPPA. WHY LOG MANAGEMENT IS IMPORTANT Every transaction and event that takes place on a machine on your network generates a log file. Microsoft-based systems use Windows Event Log files. When working on Windows, monitoring the event logs is crucial. Windows Event Log files all contain crucial information, but of all of them, the Security Log is the most important. The security log provides log in events as well as what each user is doing. It is vital that your IT security team understands the Windows Security Log to spot a vulnerability or attack accurately. However, this information can be overwhelming and exhausting to look through.   If you use an Event Log Management tool, you can accurately and precisely navigate through log files, allowing you to find that single file that is causing an issue. Event Log Management is a crucial component in ensuring security and compliance, and it is essential to review all logs. SECURING THE CASTLE The top priority for any company should be security. Keeping the company safe from outside attacks that aim to disrupt customer’s data, exploit employee data, or crash a company’s server. However, attacks from the inside are just as real and can cause catastrophic damage. This is not to say that keeping your network safe from the outside is any less important, but you must be mindful of an attack from the inside. Perhaps you have an employee who is curious about financial records and wants to start drama among the workers or an employee who is upset about a decline for a promotion or pay increase and wants to delete years of data. These employees can create a backdoor into the network or give themselves admin privileges, attempting to fly under the radar from security. However, if you have a well-established ELM strategy, you can monitor these internal attacks accurately and stop them before they turn nuclear. PCI – DSS AND HIPPA COMPLIANCE Payment Card Industry Data Security Standard (PCI-DSS) provides IT professionals that handle consumers credit cards data. Any business that claims PCI compliance have to be able to show compliance in their yearly audit. If it is discovered that they are not, denial of processing and storing credit cards can occur. HIPPA requires a reliable audit trail to protect the personal data of all medical patients. HIPPA has two different significant rules: Privacy and Security. Medicaid and Medicare require, along with building an IT infrastructure and strategies to protect against threats to personal information, but there must also be preparations made for investigations of security breaches should they occur. Furthermore, you must be able to provide enough information to be able to establish occurred events, when they occurred, as well as what or who has caused them. Ways to Manage Events and Logs There are numerous ways to go about handling the logs for your networks, and WhatsUp Gold offers some of the best ways to do so: 1. Define your Audit Policy Categories Audit policies in Windows record the security log events found on your network’s log files for your company. With Microsoft Windows NT systems, audit policies have to be put in place manually on each server and workstation. However, Windows 2000 and 2003 Active Directory domains allow for Group Policy, which enables you to set universal audit policies for groups on the servers and even the domain. 2. Log Records Are Merged Automatically By default, decentralized records, such as Windows events logs and Syslog files, record their log activity. However, if you want to gain a “big picture” view of what is going on within your network, admins in charge of security and compliance need to be able to merge Windows event logs and Syslog files into one another in order to be able to monitor thoroughly, analysis, and report. It is necessary that you maintain your log data! Many compliance standards require data to be stored up to seven years. However, if you automate the process, life can become much more accessible. Automation can assist in data retrieval and the longevity of log data. It is important to remember: Archived logs must be readily obtainable. Automation helps reduce the risk of corruption. The larger the company, the more users and machines. With more users and machines comes an increase in bandwidth and network traffic, which will only further complicate the log file. Automation can greatly assist in making sure all data is collected. Usually, administrators use an event log management tool to record log event data from the servers and workstations. Make sure you find an event log management tool that supports a method to re-import collected log files into the database if they are needed. 3. Event Monitoring, Real-Time alerts & Notification Policies While your company may have most, if not all, Windows-based machines, it is important to branch out from the Windows event log monitoring system. Consider using Syslog as well. They have support for switches, routers, firewalls, IDS, as well as support for UNIX and Linux based systems.  Most products that perform real-time scanning and monitoring of logs require the use of an agent. However, if you can find a software package that can be used without an agent, go for it. This avoids many issues upon initial setup and continued maintenance. Every company has a different classification of what they find important, and what they want to be listed in the logs. The one security research

Information Technology News & Information Tech Tips

Windows 7: End of Service

It’s finally time to say goodbye to our old friend. In a few months, January 14, 2020, to be exact, Windows 7 will officially no longer be receiving security patches and updates from Microsoft. Therefore, if you are one of the many still calling Windows 7 your home, it may be time to think about moving to Windows 10. Why is this Important to Me? Many of you are probably thinking, “Why should I worry about moving to a new operating system?”. The answer is security. When Microsoft pulls the plug on the extended support (January 14, 2020) that means Windows 7 will no longer receive any critical updates. Updates that would fix security holes and exploits. This means that the longer you wait to move to Windows 10, the more at risk you are of an attack. Why Not Move to Windows 8? If you are looking for an Operating System similar to Windows 7, you should look no further than to Windows 10. Windows 10, while there are differences between them, is more similar to Windows 7. Windows 8, on the other hand, is, for lack of a better term, a mess. The desperate attempt to mix the mobile and PC platform was a disaster and will ultimately leave you with a sour taste wishing for anything else. The other reason to make the jump to Windows 10 and not 8 is because Windows 8 will also cease support soon. In January 2023 the extended support for Windows 8 will end, and with it will come the same security risks of Windows 7. As we said earlier, for those of you looking to fill the void left from your goodbye to Windows 7, Windows 10 is there. If you find yourself needing assistance in migrating yourself or your company to Windows 10, please give us a call! We will be more than happy to assist you in the transition to Windows 10! To learn more about what we can do to assist your company’s growth, click here!

Information Technology News & Information

Equifax Set to Pay $700 Million For Data Breach

In 2017, Equifax had just suffered a massive data breach, resulting in the theft of over half of all American adults’ personal information. Now, 2 years later, Equifax will pay a total of $700 million in fines for laws they broke and their negligent handling of consumer data. Reuters stated that of the $700 million, Equifax is set to pay $300 million in damages to consumers, a number that could climb as high as $425 million depending on how many people claim damages. LifeHacker has outlined exactly what to expect if you were a part of the 147 million Americans who had their data stolen. If you were to file a claim now, expect one of the following outcomes:                 1. Free credit monitoring for four years through Experian, or six years through Equifax. However, if you already have credit monitoring for the next six months, you could file a claim for the sum of $125 cash.                 2. Up to $20,000 cash if you can prove damages due to the data breach. However, to claim, let alone obtain such a large sum of money will require that you are able to prove without a doubt that you suffered damages directly related to the Equifax data breach.                 3. Identity restoration services for free for the next seven years. Chief Executive Mark Begor from Equifax said that he expects the $425 million would be enough to ensure all those who suffered damages would be financially compensated. However, US consumer advocates voiced several concerns regarding the supposed “substantial” amount. Ed Mierzwinski of the U.S. Public Interest Research Group regarded the fine as “…a parking ticket, not a penalty.” He also finds the number of hoops consumers must jump through, in order to be compensated for Equifax’s negligent handling of consumer sensitive information, ridiculous. Concerns about the short-sightedness of these “penalties and fines” is also on the minds of some. Chi Chi Wu, the attorney for the National Consumer Law Center stated that “The settlement provides some compensation right now, but the risk of identity theft is forever.” Many believe Equifax has been “let off the hook” for the largest data breach in American history, a viewpoint hard to argue with. After reading this, you are probably wondering yourself if your information had been compromised due to the breach. Well, the good news is that I can provide you the link to the website but can promise nothing in terms of the outcome of your discovery! Equifax has provided a website for consumers to review their data information. If you are a business owner and are worried about the security and safety of your business’s sensitive information, contact Hammett Technologies! We are experts in data security and can guarantee the safety and security of all your company’s sensitive information! Click here to learn how we can help your company stay secure!

Information Technology News & Information

Ransomware Aligns Its Sights with Schools

Following the cyber-attacks that occurred in Baltimore and Florida, last week, Monroe College in New York, had multiple campuses hit, and taken offline, by ransomware, crippling the college’s network. This has not just affected the school’s administrative departments; however; it has also hurt students and teachers. The ransomware is asking for an obscene $2 million for the safe return of the college’s data. Jackie Rugger, the executive director of public affairs at the college, said in an interview on Friday (07/12) with Inside Higher Ed that the school was still unsure who had carried out the attack, but that the school was actively working with local law enforcement and the FBI in order to determine where the attack originated from. There was no comment on whether the school would pay the $2 million ransom. For now, Rugger said, the school continues to operate. However, they have been forced to resort to using “historic” methods. Students and teachers have still been able to attend classes, with homework being turned in on paper. Ransomware infections are usually due to someone on the network falling victim to a phishing email scam. It is difficult to determine the severity and exact amount of ransomware attacks that occur daily, but cybersecurity firms believe that attacks are on the rise. What makes this attack different is that ransomware attacks that focus on colleges usually focus on a specific individual rather than the entire network, said Ben Woelk, according to Insider Higher Ed. He stated that this attack is demanding an amount of money he had ever witnessed before. Depending on how Monroe College reacts to this technological hostage situation could determine whether we see a string of upcoming ransomware attacks on colleges across the country. Cybersecurity analysts, as well as the FBI, believe that no business or institution should pay the ransom, should their network become infected. With no guarantee that the criminals would provide a key upon payment, it seems as though not paying would be a company’s best option. However, with ransomware, companies must understand that with each day, the ransom will continue to increase. In Baltimore, the city government refused to pay to ransom, opting to revamp its network, costing over $18 million. Therefore, despite the lack of reliability on criminals, businesses, and institution placed in this situation must come to terms with the lesser of two evils. At Hammett Technologies, our partners never have to worry about ransomware attacks. We use state-of-the-art cybersecurity software and hardware to ensure our partner’s data security, while not interrupting or slowing down their work process. Hammett Technologies practices prevention, halting cyber-attacks before our partners even know they were there. Want more information as to how we can help your business grow? Click here!

BUSINESSES WE TAKE CARE OF IN BALTIMORE & WASHINGTON Information Technology News & Information Tech Tips Uncategorized

Fileless Malware? Microsoft Pops the Hood on Astaroth

The Microsoft Defender Advanced Threat Protection Research Team have released a warning to all Windows users informing them that a notorious malware has resurfaced and has begun to spread once again. This malware, named Astaroth (The Great Duke of Hell), steals user credentials without ever needing to install malicious software. What makes this malware so notorious is not just that it deploys keyloggers and monitors the clipboard, aiding in its ability to steal login credentials, instead it does all this without downloading any executable file onto the user’s machine. The attack begins when the user opens a link within a phishing email. The link, unbeknownst to the user, opens a shortcut file which launches a terminal command that downloads and runs JavaScript code. From there the JavaScript pulls and runs two DLL files which do the dirty work of keylogging the user’s information and uploading it to the remote attacker. It does this entire process without the user ever knowing it is going on, raising serious concerns for businesses and personal machines. To stop the Malware, Anti-Virus programs need closely monitor how WMIC command-line code, applying rules to such code when necessary. This includes regularly checking the age of the files being called and flagging or completely blocking newly created DLL files. However, Microsoft’s anti-virus, as well as other anti-virus programs, have been updated to watch for such occurrences. Nevertheless, it is crucial that you remain cautious when online. Malware like this, even though modern anti-virus has been updated to watch for these suspicious actions, is not full proof. You should never look at your anti-virus as being the first line of defense; that what you are! If you are worried that an email may be a phishing scam, the chances are that it is. Always verify with the sender before you click on any links or download any files, and you will ensure that your computer and data remains safe! If you are worried that your business may be vulnerable to cyber attacks, contact Hammett Technologies! We use only the latest cybersecurity technology to ensure that your data is always safe. To find out more about what we can do to assist your company, click here!

BUSINESSES WE TAKE CARE OF IN BALTIMORE & WASHINGTON Information Technology News & Information Tech Tips

Performance Boost: Disabling Startup Applications

Is your PC slow to startup? This is a common issue for many users, and the fix is more straightforward than many imagine. When it comes to Windows, applications, for seemingly no reason, set themselves up to launch when your PC is booting. While there are specific programs that you would want to launch at startup, such as antivirus software, many programs that do launch at startup are not needed, and depending on the size of these programs, the speed at which your PC boots can be significantly affected. Microsoft is aware of this, however, and has offered a remedy for this issue for some time now. Windows offers the user the ability to customize what application launch at startup, allowing them to disable and enable which program will run when the computer is first started. To begin customizing your startup applications, you can either go through Task Manager or Settings. Task Manager will offer you a bit more information, but both offer the same end goal: making your PC boot faster. Using Windows Settings to Disable Startup Applications As I stated earlier, those of you that go through Windows Settings to customize your PC’s startup application will have a more basic experience but will ultimately achieve the same end goal: a quicker startup. In order to navigate to this menu, follow these steps: 1. Locate your Start Menu: This will be in the bottom left-hand corner of your screen 2. Locate settings “.” 3. Upon clicking the gear, you will be taken to the “Windows Settings” page. From there, locate and select “Apps.” 4. Locate and select “Startup.” If you have made it this far then take a second to accept the round of applause because you have successfully navigated to the correct page! All right, that’s enough celebrating. From here, you will be able to select which apps to wish to enable and disable at startup. You may notice that under the “On/Off Switch,” there is an “Impact Indicator.” This is a measurement of the approximate impact the application will have on the startup. When deciding what applications to disable first, look at the ones that have the most substantial impact on startup first because they yield the most significant performance increases if disabled. Using Task Manager to Disable Startup Applications If you are looking for a little more information regarding your system’s boot time and applications running at startup, using the Windows Task Manager is the best place to be! It allows you to quickly research applications you are unfamiliar with, making it easier to decide which apps can be disabled and which are better left alone. To get to the Task Manager, right-click on any empty space on the taskbar. In the popup menu, click on “Task Manager” (third from the bottom). * If your menu appears like this… …click on “More details.” The result should look something similar to this: Once you have the Task Manager, navigate to Startup, which should look something like this: From here you can see all the applications that launch when your computer starts. On the surface, Task Manage appears to be quite similar to Windows Settings. However, if you right-click on an application in Task Manager, you can gain further insight into what the application is. A right-click allows you to disable/enable an application, navigate to its file location, search online for the program for more information, and inspect the application’s properties.  Adding a Boost to Startup Now that you know how to disable startup applications get to work! If your PC takes a long time to boot, the culprit may be a few application, with a high impact, launching when your computer first starts. However, make sure you research the application you are disabling before you do so. Some applications, like the “Sound Blaster Control Panel,” is an application I use for better audio control on my computer. For my convenience, I leave the application on, even though it has a moderate impact on startup! Make sure you understand what you are disabled before you do so, or your PC may encounter slight errors when booting. If you have any questions, do not hesitate to reach out to us!

Information Technology News & Information

Securing the Power Grid

As technology continues to progress, security on a global scale becomes a larger concern for all. For any country, one of the largest concerns is a cyber attack that could cripple the power of multiple cities. The United States, however, has begun to take steps to counteract this potentially catastrophic situation. After multiple, unsuccessful attacks on the US power grid, the United States government has begun to look at other, older, methods to secure the power grid. The United States has decided that, instead of using updated technology to secure the power grid, the use of older, analog, manual technology is the best way to secure the nation’s power. The United States hopes that, by using manual techniques, the threat of a larger-scale attack will diminish significantly. Furthermore, manual technology means that only direct, physical access will allow access to the power grid, potentially eliminating cyber attacks entirely.   As technology continues to advance on a global scale, cyberattacks become more potential and more dangerous. It is interesting to see the United States, instead of contributing higher-tech to securing the power grid, is instead opting for older, retro-styled tactics of security. After all, the best security against a cyberattack is to eliminate the cyber aspect! Are you worried your business may be vulnerable to cyber-attacks? Contact Hammett Technologies today for a free assessment of your network! To find out more about what we can do to help your business grow, click here! (9/10/19) Update ZDNet has reported that the US power grid has just been struck by a cyber attack! Security researchers have discovered that the attack occurred due to an unpatched firewall, allowing hackers to use a DoS attack on the firewalls located in a power grid operator. You can read more about the incident on ZDNet!

Information Technology News & Information

Exploit in Microsoft Teams Leaves Users Vulnerable

Microsoft Teams is known for being a reliable chatting software that many businesses use for communicating and sharing documents within your company. We utilize Teams every day at Hammett Technologies and could not be happier with its overall ease of use, innovation, and productivity. However, recently, security researchers have discovered an exploit within the business chatting software from Microsoft. This exploit could potentially allow for malicious files to be downloaded and executed. How Can It Happen? Microsoft Teams utilizes the Squirrel project, which deals with installation and updating. Through the use of the “update” command, hackers can potentially upload and execute malicious files into Microsoft Teams. Along with this are other exploits, allowing for remote download and execution of malicious files. What Can I Do to Secure Teams? When it comes to computer viruses, the rule of thumb is always to make sure you and your team have strong passwords in place. This can deter unwanted guest from gaining access to your accounts and causing damage to your company. This rule applies here, as well. The only way malicious files can be uploaded Teams is through access, therefore, ensure that all members have strong passwords, ensure that permissions are set in place to ensure that those less trusted, or those with temporary access, are unable to upload or download documents. If you are unsure about the security of your Microsoft Teams environment, call Hammett Technologies! Our free assessment scans for issues like these and will bring security risks to your attention immediately. With us as your IT department, you can rest easy knowing your network, and online presence is secure! If you would like to find out more about what we can do for your company, click here!