Are You Having A Technology Emergency?

True North Networks Blog

True North Networks has been serving the Swanzey area since 2002, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

True North Networks has been serving the Swanzey area since 2002, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

2018 Winter Olympics Phishing Campaign Hides Evil Script in Image

winter olympics

According to researchers at McAfee, a new malware campaign is targeting organizations associated with the upcoming 2018 Winter Olympics in Pyeongchang, South Korea. This new technique is expected to make it into your users' inbox soon, so here is your heads-up. The attack is being delivered via phishing emails disguised as alerts from country's National Counter-Terrorism Center, with malicious Word documents attached. Future attacks could be using any social engineering tricks. Jonathan, from our friends at Barkly explained the technical background: "Once opened, the Word doc encourages readers to enable content. If they do, that triggers an embedded macro to launch PowerShell. Up to this point, this is nothing really new. But here's where things get interesting... Why this attack is different: What truly makes this campaign notable is its use of a brand new PowerShell tool called Invoke-PSImage that allows attackers to hide malicious scripts in the pixels of otherwise benign-looking image files, and later execute them directly from memory. Why that's dangerous: Not only does hiding the script inside an image file help it evade detection, executing it directly from memory is a fileless technique that generally won't get picked up by traditional antivirus solutions. No download necessary: Invoke-PSImage can be used to extract scripts from downloaded images or images hosted on the web. That means an attacker doesn't necessarily need to download an image onto a machine in order to get a script embedded inside it to run on that machine. In the case of this particular malware campaign, the image file is downloaded to the victim machine. Once extracted, the embedded script is passed to the Windows command line and executed via PowerShell. This attack is another troubling example of how attacks are evolving away from using malicious .exe's. In the past, we've seen many attacks abusing PowerShell follow a tried-and-true pattern: Spam email with Word attachment > Word attachment with embedded macro > Macro launches PowerShell script > PowerShell script downloads and executes malware .exe payload In these scenarios, traditional antivirus solutions have a chance of scanning and blocking the attack, but not until the very last step. Once the malware payload has been downloaded onto the device the AV might be able to block it, but only if the malware has been seen before and the AV has a signature it can refer to in order to identify it. In these scenarios, we've seen plenty of instances where the AV misses and the infection is successful. This new malware campaign presents an even worse scenario in which the AV doesn't have that opportunity: Spam email with Word attachment > Word attachment with embedded macro > Macro launches PowerShell script > PowerShell script extracts 2nd PowerShell script from image and executes it from memory > In-memory executed script gives attacker remote access and control With no malicious executable file to scan, this attack can easily succeed unless other protections are in place. Here are a few things you can do to reduce your risk of attacks like this:
• Train employees not to open email attachments from senders they don't know: They should be especially wary of Word documents that ask them to enable content/macros.
• Enforce stricter macro controls: For starters, consider blocking macros in Office files downloaded from the internet.
• Disable or restrict PowerShell: If PowerShell isn't being used for something vital on a machine, disable it. If it is being used for something vital, consider using PowerShell Constrained Language Mode. That will limit PowerShell to its most basic functionality and make many fileless attack techniques unusable."
We could not agree more! You need to create a security culture in your organization and these suggestions are important controls. This post is also at the KnowBe4 Blog, at the end it shows a great new way to create a security culture - at no cost:
https://blog.knowbe4.com/2018-winter-olympics-malware-campaign-hides-malicious-powershell-script-in-image

Continue reading
0 Comments

Employers beware: Wave of Phishing Scams Targeting Employee Paychecks

paycheck fraud photo

There is a new Direct Deposit phishing attack you need to watch out for. It's a sophisticated scam that starts with an official-looking email that asks you to click a link and access a website. Next, they ask you to confirm the data with your real username and password. Last, they use your info to access payroll portals, and reroute your direct deposit amounts to bank accounts owned by the bad guys. The lesson here is to never give anyone your credentials in response to an email... Think Before You Click! Employers may want to immediately take the following precautions to avoid security breaches as a result of these phishing scams:
• Alert your workforce to this scam.
• Direct employees to forward any suspicious requests to the information technology or human resources departments, rather than replying to the e-mail.
• Instruct employees to refrain from supplying log-in credentials or personally identifying information in response to any e-mail.
• Ensure that log-in credentials used for payroll purposes differ from those used for other purposes, such as employee surveys.
• Enforce (or, where necessary, establish) multifactor authentication requirements.
• Review and update the physical, technical and personnel-related measures taken to protect your sensitive information and data." Resource: https://www.lexology.com/library/detail.aspx?g=75685deb-06fc-4e47-a696-44843104f866

Continue reading
0 Comments

Staying Secure On The Road

While your network at home or at work may be secure, you should assume that any network you connect to while traveling cannot be trusted. Below are some simple tips that will go a long way protecting you and your data before you travel:

1. Identify which data you don’t need on any devices you are bringing with you and then remove it. This can significantly reduce the impact if your device is stolen, lost, etc.
travel safe2. Lock your mobile devices with a strong password or passcode to avoid anyone getting access to your information.
3. Install or enable software on your device so you can remotely track your location and even wipe it if it has been lost or stolen.
4. Update your devices, applications, and anti-virus software before leaving so that you are running the latest versions. Many cyber-attacks focus on systems with outdated software.
5. Do a complete backup of your devices prior to traveling. This way, if something does happen to them while traveling, you still have all of your original data in a secured location.
6. For international travel, check with your mobile service provider prior to leaving. Service providers often charge high rates for international data usage and you may wish to disable your cellular data capabilities while you’re away or purchase a local SIM card to allow for international travel.
7. Always ensure the physical safety of your devices while traveling by avoiding leaving them in plain sight such as in rental cars, taxis, etc for potential criminals to break in and grab your valuables.
8. Avoid using public wifi, especially in hotels, local coffee shops, or airports, as you never know who set them up or is accessing them. If you do use the wifi, ensure all of your online activity is encrypted or use a VPN (Virtual Private Network) which can encrypt all of your online activity when enabled.
9. Avoid using public computers, such as those found in hotel lobbies or cyber cafes to login to any accounts or to access sensitive information. Whenever possible, only use devices you can control and trust.
10. Knowledge is power! Share your knowledge of keeping your devices safe while on the road with friends, family and co-workers.

Resources taken from:
https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201702_en.pdf

Continue reading
0 Comments

Consumers worry about their data, but don't bother much with security

A recent worldwide consumer survey found a major disconnect between general fears about cybersecurity and the actions taken to protect not only their personal information, but their families from cyberattacks.

consumer blog

A McAfee survey of 6,400 people found that when it comes to online family safety, identity theft protection and the connected home many people either don't understand the risks or have simply not bothered to protect themselves.

When it comes to keeping track of what their children are doing online the survey found that almost one-third of parents do not monitor their kids online activities and device usage and 33 percent simply don't understand the risks well enough to explain all the potential dangers to their children. On the bright side 79 percent said they had talked to their kids about online safety.

Despite the many public hacks that compromised personally identifiable information that took place last year, only 37 percent of those surveyed use an identity monitoring service, although 67 percent claim to keep an eye on their various accounts to prevent identity theft.

The survey results surrounding the connected home offered an interesting mix of having about half the people being aware of the problems involved in remaining secure, but then again only half or so bothered to do anything to lock down their smart devices.

The most worrying statistic uncovered was that 44 percent of those surveyed leave their home network open and accessible to others, despite the fact that 63 percent said their biggest fear in this area is having their identity stolen through their home network.

The reason behind this lack of home network security is answered by the 53 percent who told McAfee that they are unsure how to secure their devices.

The survey consisted of 6,400 respondents from the U.S., UK, Australia, Germany, France and Singapore.

 

Resources: https://www.scmagazine.com/consumers-worry-about-their-data-but-dont-bother-much-with-security/article/734644/?DCMP=EMC-SCUS_Newswire_20180104&email_hash=5D5F08BA87AAE9B9AB6055F3032D5BB7&spMailingID=18772577&spUserID=MTM1OTIwMTIxNjMwS0&spJobID=1180237746&spReportId=MTE4MDIzNzc0NgS2 

Continue reading
0 Comments

A Year in Review from True North

It’s been a very exciting few months at True North, so we’d like to take a moment to share some recent business highlights:

  • On April 1, 2017, True North Networks celebrated its 15th Anniversary! Thank you to all of you, our valued clients, employees, friends and colleagues for making this a reality! Looking forward to the next 15 years! Follow us on Facebook to stay up to date!
  • We have significantly grown over the past few months and are excited to welcome the following to our TNN team! Julianne Kowaliw, and Bill Janoch. Visit our meet the team page to learn more!
  • On October 1, 2017, TNN recently rolled out CYFIR, a robust threat assessment technology, as part of our SecureWorkplace® cybersecurity offering. This technology rapidly identifies, isolates, remediates and removes threats from a network, minimizing downtime from a cyber event and improves speed to resolution. Contact us to learn more!
  • On November 1, 2017, True North in conjunction with the Financial Planning Association of Pittsburgh, PA hosted a FREE Cybersecurity seminar, featuring our own Steve Ryder, Matt Meade, from Buchanan Ingersoll & Rooney and Ben Cotton, CEO of CyTech. Click here to see where Steve speaks next!
  • On November 4, 2017, TNN held its first CPR & AED training for employees with the Swanzey Fire Dept. and become the first AED in Swanzey, NH. We now have 8 CPR certified TNN employees!
  • On November 16th, 2017, the TNN team celebrated a night out at one of our local community spots, the Colonial Theatre, where we enjoyed a show and lots of laughs! Click here to see photos from the show!
  • On February 21, 2018, True North Networks will be hosting, along with the Greater Keene Chamber of Commerce, its first “Business After Hours” event on Wednesday, February 21, 2018. We’re excited about 2018 and connecting with local business owners!
Continue reading
0 Comments
TOP