Blog

Sextortion Scam threatens you with passwords lost in Data Breaches

There is a new kind of e-mail based scam that is targeting internet users. It’s called the Sextortion Scam and it works like this: you get an email from someone claiming to have logged into your account and installed malware, they say that they have recorded you or the programs you are using and will share that information with your contacts unless you pay them a ransom. The scammers also usually show you that they have your password to prove that they’re serious.

The good news is that you haven’t been hacked, the bad news is that they might have your password.

There have been dozens of data breaches over the last three years, most notably the massive Equifax breach in September 2017. Millions and millions of people have had their data exposed online by this kind of breach. What this means is that bad actors are able to purchase lists of the exposed data in order to extort money from unsuspecting internet users. With the purchased data these scammers email users their own passwords to “show” that they’ve been hacked, assuming that most people will keep their passwords even after they’ve been informed of a big data breach.

You can see if your email has been exposed in a breach by entering it into this website: https://haveibeenpwned.com/
And you can see if your passwords have been posted online by checking this page: https://haveibeenpwned.com/Passwords

If your email or password shows up in those searches please immediately change your password. For better security in the future, and to mitigate the risks of data exposure, please call PMCS at (818)957-5647 and ask for information about setting up a strong password policy for your business.

VPNFilter Router Malware a threat to Small Businesses

 

On May 23rd various tech companies started reporting on a router-based virus called VPNFilter, which had infected as many as half a million devices worldwide. The devices effected are primarily home and small business routers, including TP-Link, Netgear, Linksys, and Ubiquiti routers.

As of the first week of June various security concerns had expanded their definitions of VPNFilter and explored the damage that it can cause, which is much greater than initially understood.

How Does This Happen?

Routers are infected with the malware as a result of relying on default credentials (usernames and passwords) so infection can be totally avoided by ensuring that your devices are set up with unique usernames and passwords, something that is nearly universally recommended as a basic security measure for tech-users at all levels.

What Does It Do?

VPNFilter is capable of tracking your web traffic, performing Javascript injection man-in-the-middle attacks which can collect secure or private information, and of destroying your device if the person in control of your unit decides to execute a particular command.  The malware is a significant threat to privacy, security, and the functionality of your network. Because the malware relies on known vulnerabilities in the impacted devices there are some relatively simple fixes available.

How You Can Prevent Or Repair Infection

  • First – You should ensure that you never use a device with a default username and password. Whether you’re discussing a business server, a home router, or a Smart Baby Monitor it is a vital part of security protocol to ensure that your login credentials are unique and hard to guess.
  • Second – Keep your software up-to-date by applying patches, upgrading firmware, and maintaining support services. Ensuring a regular maintenance schedule for your connected devices will help to protect you against threats based on known vulnerabilities – as soon as a bug is revealed most companies hurry to create patches for it, but they only work if you keep your system up-to-date and install those patches. (For assistance with a maintenance plan explore PMCS’s Service Plan options on our Business Services page).
  • Third – Call your trusted technicians when you suspect there might be a problem. If you call PMCS as soon as you think something might be wrong we can go to work minimizing the impact of an infection or attack right away. Having an IT provider on speed-dial can save your business thousands of dollars per indecent – we do what we do best to get you back to what you do best with minimal time lost to server outages or long recovery processes.

If you are concerned that your router may be impacted by VPNFilter please call PMCS at (818)957-5647 for an assessment of your system and to see whether or not you need to update your firmware or activate services through the manufacturer. Fully infected routers will require the complete reinstallation of firmware to protect from VPNFilter; reinstallation should be undertaken carefully to prevent destruction of your device, so please call us if you believe you might be fully infected.

Holiday Season brings Security Risks – how to stay safe

The folks behind all sorts of online threats know that the holiday season is their most wonderful time of the year. As people are participating in unprecedented e-commerce, introducing new hardware into their environments, and rushing around with easily-skimmed cards it can be hard to defend yourself from all angles of attack.

 

Security Risks while Shopping

Online shopping can be a huge time-saver but it’s also a big risk. Amazon has done a pretty good job of securing customer data, but big firms like Target and Home Depot have been the victims of cyber attacks. Here are a couple of easy tips to keep yourself safer while shopping:

  • Use strong passwords and change them often
  • Don’t use the same password across multiple accounts
  • Pay in cash when shopping in person
  • Only order over a secure connection (when you can see the little lock in the URL bar)
  • Don’t shop on open wireless networks (like those at a college or a coffee shop)

 

Changing Hardware Environments

New kinds of tech get introduced around the holidays, but they aren’t always the safest things to bring into your ecosystem. Google Home and Echo Dot are cool toys, but they can store your searches. Web-connected devices like cameras or robots can be hacked to turn your device into part of a botnet. Even gifts like backup drives or a new phone for the office can pose a threat. Here are some things to keep you new hardware from becoming a headache:

  • Manage the settings on your home assistant devices to prevent them from collecting data
  • Change the default passwords on your IoT devices to prevent them from being hijacked by botnets
  • Keep an up-to-date antivirus to prevent infections from new hardware like hard drives or flash drives
  • Be cautious about downloading new apps for you phone – many of them are phishing scams or keyloggers

 

Defending Yourself can be difficult

There are all kinds of threats out in the world, but you can lower your personal risk by taking simple steps like updating programs and changing passwords frequently. Everyone should be running a strong, regularly-updated antivirus (we recommend ESET and you can call us if you’d like to purchase a license), and everyone should learn how to identify and avoid phishing attacks.

But what do you do to protect your business? What do you do to keep your work devices safe?

 

Business Protection is Priority One

Maybe more people are accessing your site this time of year, maybe your employees are handling heavier loads. There are a million things that can go wrong during this busy season and at PMCS we pride ourselves on preventing those problems. We take security very seriously and are proud of the ways that we can minimize risks to your business. PMCS relies on a suite of tools we can use to help you keep your business safe, including:

  • Enterprise-grade SonicWall Firewall devices
  • ESET Endpoint Protection Advanced – Antivirus for five or more users with an up-to-date threat console and remote monitoring
  • Proactive Maintenance Plans that check your systems for security risks
  • Backup Assist to keep your data safe and protect you from downtime in the event of an attack.

Don’t let yourself or your business be brought down by online threats this holiday season – call PMCS at (818)957-5647 for a free system assessment to identify any security risks. We’ll make sure your network is secure, your backups are stable, and that no downtime will plague you during this busy season.

Most businesses think their IT companies have done a great job of securing them, but when we come in with our tools we find gaps in coverage and all the flaws from previous systems. Give us a chance to explore your network and you’ll be shocked by the ways we can improve your security and protect your business and your customers.

Call to schedule your free assessment today!

(818)957-5647

Tarte Cosmetics exposes data of 2 million customers

There’s yet another story in the endless cycle of companies who have exposed their customers to ID theft and today it’s popular makeup brand Tarte Cosmetics.

In September Tarte came under fire for exposing 1400 customers’ names, addresses, email addresses, shopping history, and partial credit card numbers in an email that linked its recipients to a visible part of the brand’s customer database.

Now the same database appears to have been facing the open internet all along. Data from about 2 million customers from 2008-2017 has been found to be visible on Tarte’s servers. Researchers from Kromtech Security Center confirmed that the customer information was exposed, but they weren’t the first to find the database. Members of the ransomware group “CRU3LTY” had left a warning file in the database, though they hadn’t deleted the information, which is standard for CRU3LTY.

It’s easy to make jokes about this breach in particular because it’s a bit silly. Tarte isn’t the sort of brand you picture when you think of security risks and the data lost isn’t especially serious. Though Tarte customers will want to replace their credit cards and be on the lookout for phishing scams in the next few years this kind of loss pales in comparison to the massive September Equifax breach. Which would be okay, if both breaches weren’t symptoms of the same problem: a lack of focus on security.

We’ve seen the targeting of large financial institutions, medical facilities, military organizations, but it’s important that all online consumers realize that they’re at risk for data breaches and thefts. It doesn’t matter if you’re just buying from a single brand or participating in the ACA healthcare exchange, your data is at risk and you need to hold companies accountable for it so that they get serious about protecting your information.

Where do we go from here?

If you own a business that stores customer data it’s time to get serious. Tarte didn’t take the risk seriously and their customers will suffer as a result. Tarte is a large company that didn’t believe it had to test its security because its customers were low-value targets. But in the current climate all targets are high value.

If your company keeps client records it’s time to take a good, long look at your practices. PMCS can help – give us a call for an assessment of your security protocols and data environment.

In the meantime practice good netiquette, make sure everyone in your office has macros disabled on their email programs, and make sure everyone has their antivirus up to date.

But more than that, take your customers’ privacy seriously. Never store your customers’ data in a way you wouldn’t want your own data stored.

KRACK Threatens your Wireless Devices and Security

 

On Monday a new vulnerability in WPA2 Wireless Security was revealed. The vulnerability doesn’t allow people to snoop on your encrypted traffic but makes unsecured traffic easy to see.

Major Service Vulnerabilities

This vulnerability, known as KRACK impacts the security of everything from wireless access points and routers to laptops to cell phones to smart refrigerators. Some companies have already released patches for their devices, including Microsoft, Apple, Ubiquiti, and Netgear.

If you are a PMCS customer who has a wireless network or wireless devices set up at your office please contact us as soon as possible so that we can secure your wireless environment. We are working with vendors and manufacturers to make sure that all of your office’s wireless devices can be patched and protected to keep you and your customers safe.

Until your devices are patched we do not recommend sharing any sensitive information over a wireless network; use cellular data for your phone or a physical Ethernet connection in your home or office. HTTPS communications are safe from this vulnerability, but all non-HTTPS interactions are at risk for traffic capture and observation.

Please call PMCS at (818)957-5647 as soon as possible to schedule patching so that we can ensure your business is not at risk and your data stays secure.

KRACK threatens “Smart” devices and the Internet of Things

If your office uses wireless security cameras, has a wireless “smart” device like a fridge, or if you use wireless baby monitors at home all someone needs to do to access the traffic from those devices is be within range of your wireless network. “Smart” devices like security cameras and baby monitors aren’t frequently patched and are therefore significant vulnerabilities in your network. You may not care that a hacker can see when your office fridge needs its filter changed, but you don’t want people watching the security footage inside of your building.

Again, please contact PMCS right away to secure your office Wireless Access Points, Routers, and Laptops; we can help you to secure those devices now and help you plan moving forward with your wireless smart devices. Give us a call at (818)957-5647 so we can start working with you to secure your office against KRACK attacks.

Enormous Equifax breach may impact most American adults

On Thursday the credit-monitoring giant Equifax announced that they had been breached in late July. The breach has impacted 143 million consumers, with Social Security Numbers, Addresses, Drivers Licenses, and over 200,000 credit card numbers as part of the data stolen.

Equifax is one of the four major credit bureaus and as such is one of the few major entities outside of banks, doctors, or the IRS that Americans share their most sensitive data with. Equifax has started a program for consumers to see if they were impacted, and if so to provide complimentary ID theft protection – visit their site and sign up to see if your data was part of the breach and to claim your ID theft protection.

The breach included many types of personally identifying information that aren’t standard in other data breaches. A medical office that has its records stolen won’t have a history of previous addresses, an IRS breach typically won’t include a drivers’ license number, but this type of information and more was part of the Equifax breach. Since this information is used to answer security questions for the other credit bureaus and with other creditors the Equifax breach poses a major threat to consumer security.

How to protect yourself:

Even if you don’t qualify for the Equifax ID theft protection it’s important to have a plan in place when your data is stolen. And always be careful to monitor applications for credit in your name through lenders you’re associated with, download your free credit report each year (go to AnnualCreditReport.Com to request your reports from each credit bureau), and be extremely cautious about who you share information with, don’t sign up for store cards or more credit cards than you absolutely need, don’t wire money to or share credit information with someone you met through email.

Breaches are happening frequently these days – if you have a business and want to provide better peace of mind and security to your customers contact PMCS at (818)957-5647 to discuss security options that will protect you from the vulnerabilities that cause these kinds of leaks.

If you find yourself getting hit by ID theft often or are just worried about the risk read up on how to freeze your credit – security writer Brian Krebs has put together a FAQ about freezing credit and minimizing credit risk that everyone should read.

Onliner Spambot dumps 711 million records

A spambot called Onliner been dumping batches of email addresses and passwords into text files on a server hosted in the Netherlands. The data appears to be at least partially related to LinkedIn breaches. The information has been collected by the Onliner Spambot as part of a campaign of social media phishing, data-collection malware, and responses to email spam.

How do Spambots collect data?

In addition to collecting and dumping records in plaintext Onliner is also sending banking malware to the email addresses it has collected, extending its reach and the amount of data it has amassed.

Onliner primarily works by scraping data from previous breaches or vulnerabilities, like Heartbleed in 2014, and then sending out test emails to the addresses it has collected. The test emails will appear to be legitimate but will have a hidden pixel-sized image that, when opened, will collect information such as your IP address, operating system, and device information and send that information back to its servers. Once it has that info Onliner will send phishing messages to attempt to collect more saleable data.

Why a Spambot? What’s the point?

The goal of spambots like Onliner is to perpetuate themselves and steal data. It uses stolen data to steal more data, then uses its new stolen data to generate “trusted” emails to install malware on desktops to steal further data. Onliner is like a perpetual motion machine dedicated to stealing your credentials and infecting your computer.

Even if your computer isn’t being infected by a spambot simply having phishing attacks levied against your business can be a risk – untrained employees, busy schedules, and hectic environments can create an opportunity for abuse from spammers and phishers. Someone with a data snapshot from Onliner’s hidden image emails might be enough to convince someone in your business (or one of your customers or one of your vendors) to share more information or pay money to a malicious attacker, a situation that recently cost a Canadian university 10 million dollars.

Am I at risk?

If you use social media, have a LinkedIn account, have ever used the same password across multiple accounts, let your antivirus expire, or just have an email address there’s probably a chance that your data has been scraped from the internet at some point. You can find out by checking out a wonderful tool called Have I Been Pwned? that was put together by malware researcher Troy Hunt. Hunt’s website also includes a list of websites that have had their data pulled. For major breaches Hunt has organized a short summary of how the breach occurred and its history to help users decide if it’s secure to create accounts with those sites.

If you want to know if your email address has been picked up or if your data is at risk check out Hunt’s page and take a look around; at the very least it will let you know if perhaps it’s time to change your email address or password.

Moving Forward

So how do we go on when this kind of thing is becoming more and more common? Aside from practicing good internet hygiene like logging out of accounts, not using unprotected wireless access, and changing passwords frequently PMCS recommends a strong spam filter to keep you safe. We offer Spam Filtering in the form of Nuked Spam, a service that passes your email through our secure servers before it goes to your inboxes, insuring that anything potentially harmful stays out of your server environment. Because we work with industry leaders in spam identification and tagging we are able to keep bots like Onliner off of your system, so that they’re never able to collect data about your users or infect their desktops. In addition to strong spam filtering the protection of a good firewall will go a long way toward protecting your network and keeping your business up and running.

If you’re interested in improving your spam filter or would like to talk to us about security in the era of spambots like Onliner please give us a call at 818-957-5647 and we’ll create a solution perfectly tailored to your needs.

Microsoft Security – a state of the system

2017 has been a year of security updates. If you feel like you’ve been hearing more about breaches, vulnerabilities, code injection, and problems with computers across the map in the first half of 2017 than you did in all of 2016, well, you’re right.

In early 2017 a group of hackers calling themselves the Shadow Brokers started releasing documentation of vulnerabilities in Windows Operating systems and other commonly used programs. The vulnerabilities themselves are NSA software weapons; backdoors and code meant to enable the NSA to observe computer users was released online free for the taking of anyone who wanted to attempt to use the programs maliciously.

Microsoft and other large software companies like Adobe have been quick to respond to the leaking of the exploits, though Microsoft has come under fire from the public for allowing the vulnerabilities to go un-repaired for years in some cases. But the tech giant has deployed hundreds of patches since the leaks,  even going so far as to update its end-of-lifed Windows XP operating system to prevent attacks on users.

The methods of attack are insidious and frustratingly novel – it’s difficult for antiviruses or careful net hygiene to prevent attacks or infections that have never been seen before. One attack used Microsoft’s built-in Antivirus program, Microsoft Defender, to install malware through the program that was supposed to prevent the installation of malware. The devastating Wanna Cry Malware that spread so rapidly in early May was a result of the Shadow Broker leaks.

Nearly every week since the revelation of the vulnerabilities there has been a new targeted attack taking advantage of known openings in software, leading to dozens of patches being released from major software vendors to fix the bugs in their code.

Microsoft traditionally releases security updates and patches for its myriad operating systems on the second Tuesday of each month, sometimes leading to an influx of problems on the second Wednesday. On Tuesday June 13th a Microsoft Security Update for Windows 7, 8.1, and 10 caused several documented problems with commonly used programs.

There are seven major issues documented in Outlook alone that are causing problems for a number of PMCS clients. You can read further about the problems at Microsoft’s website and reach out to us here if you need help with the workarounds for your Outlook issues.

So where does that leave us?

There are threats that Microsoft is working hard to protect its customers from but the protection from those threats comes at the cost of impaired functionality – it’s a difficult choice to make, between security and convenience, but one with a clear answer.

Your Microsoft systems should have automatic updates enabled to ensure that any patches for known vulnerabilities are applied as soon as possible. It’s not worth the risk to your company’s data, privacy, and security to allow your systems to go without updates. Occasionally you may experience a loss of performance but that loss of performance, or few minutes without email, or difficulty opening attachments is a very small price to pay to protect yourself and your business from all of the threats currently operating online. It’s better to work through a minor fix in the settings of your email than it is to pay a ransom to someone who has locked down your server and is selling your data.

If you’re unsure about how to proceed with automatic updates for your desktop or your server please reach out to PMCS. We can patch and update your servers, configure your devices for automatic security updates. We can also provide you top-of-the-line antivirus protection against the less-exceptional threats out on the world wide web; a strong third-party antivirus is a must since Windows Defender has been compromised and used to spread malware, and PMCS can walk you through all the steps to choosing an antivirus that suits your environment.

The internet is a changing landscape, but you don’t have to walk it alone. Ask for help if you need it, that’s what we’re here for.

What the record-breaking heat wave has to do with your server

American Airlines is in the news this June because it has had to cancel 40 flights out of Phoenix Arizona due to high temperatures. The cancelled flights were all scheduled on Bombadier CRJ airplanes, which have a maximum operating temperature of 118 degrees Fahrenheit, one degree below today’s projected high as the Southwest experiences a record-breaking heatwave.

Airplanes need lift to get off of the ground, and while some planes can make up the difference with a longer runway, the CRJ can’t because of its mass. High temperature can impact the amount of lift a plane can generate because the heat can change the density of the air.

So what does this have to do with you and your server?

Servers also have a maximum operating temperature, but it’s nothing to do with lift.

Your server is full of processors, hard drives, lights, and RAM, all of which generate some amount of heat while they are operating. If your server gets too hot several things could happen as a result of the temperature. First your processors can fail because of overheating – the delicate electronics can slow down or completely malfunction if they overheat. The next concern is your hard drives, which may start generating read/write errors or which may fail entirely as a result of the metal components expanding in the heat.

Temperature sensitivity is why servers are frequently kept in dedicated server rooms with careful climate control. Many server rooms have their own dedicated air conditioning, insulation, and exhaust systems to keep server temperatures stable.

PMCS sells HP Proliant servers, the maximum safe operating temperature for a Gen 9 HP Proliant is 95 degrees Fahrenheit.

With temperatures across the Southwest expected to hit record highs and excessive heat warnings in place in California, Nevada, and Arizona it’s worthwhile to check and see if your sever can handle the heat.

If you aren’t sure your server is up to the challenge call PMCS for a consultation – we can offer a variety of solutions to keep your business running as cool as a cucumber.