The “WannaCrypt” Global Cyberattack

On Tuesday, May 12th, we were introduced to unprecedented global cyberattacks known as “WannaCrypt” or “WannaCry”. This prolific ransomware attacked and infected tens of thousands of Windows-based servers and workstations, critically impacting financial firms, transportation infrastructure, and even the British National Health Service.

Infected German Train Departure Signs (Source:DPA)

Protection under RWA’s Managed Service Contract
Our clients receive regular security updates that guard against WannaCrypt and future variants.

 

Towards the end of last year, Microsoft started warning customers about best security practices with regards to Windows devices and the SMB protocol. The National Security Agency developed tools that could gain unauthorized access by exploiting Windows vulnerabilities, and likely used them to monitor the SWIFT interbank messaging network.

Rumors of the theft of the NSA’s hacking tools started to spread, and by February, the NSA alerted Microsoft so vulnerabilities could be addressed. In March, Microsoft quietly released security updates. By April, the hacking tools were publicly released.

On May 12th, hackers started deploying new ransomware, leveraging techniques used by the NSA hacking tools. Companies without up-to-date devices became a prime target — particularly businesses still using unsupported systems as Windows XP and Server 2003.

We anticipate variants of this attack to continue over the next few months. Unsupported and non-updated Windows systems will remain at risk.

   Guidance for the Home

  • Update Windows
  • Verify Backups
  • Install Antimalware Software
Ransomware can attack your systems, disrupt your business and permanently destroy your data. We strongly recommend upgrading or removing unsupported systems, regularly updating your devices and ensuring backup systems are up-to-date. If you need help updating, securing or backing up your systems, or have any questions, we are here to help you – contact us now.

 

If you’re not yet an RWA Managed Services contract client, please contact us to schedule your free first-time Health Check assessment. We provide expert solutions to meet your needs and maximize the return on your IT investment.

New Features in Windows 10 Creators Update

The latest major upgrade for Windows 10 is now available for installation. Aside from the usual performance and ease-of-use improvements, there’s a collection of new features targeted at tablet and pen users, as well as three everyday enhancements we’d like to highlight.


Pictured: Microsoft Wallet improvements

Night Light

At the end of the day, your brain responds to the lack of blue light in the sky by releasing melatonin as a precursor to sleep. Light from computer screens and phones can interfere with this process, so Microsoft is including Night Light with this release, giving you the option to limit blue light exposure from your screen at night.

Dynamic Lock

Dynamic Lock  allows you to automatically lock a Windows 10 PC when you step away from it. The most common use case involves pairing of Bluetooth devices such as phone or fitness trackers.

Picture-in-Picture

Movies and TV shows no longer have to be manually resized for viewing alongside your application windows. Dynamic picture-in-picture will automatically help you multitask without video getting in the way, though initial app support for this feature is limited.

 

Insecure Security Cameras

Software development is an iterative process. Dozens or even hundreds of times a day, a developer will re-compile their code, upload it to a test device, test, and iterate through this process in order to add features and remove bugs from the software.  They’ll usually have a preset development password and automated processes that allow them to test the code without having to re-enter the password manually every single time.

However, time and time again, we’re seeing vulnerabilities in security devices caused by these development passwords and development backdoor access. The passwords aren’t readily viewable or discoverable – however, in the case with Sony’s IPELA Engine IP camera, security researchers identified a hashed password, along with testing credentials that could be used to enable a log-in service for those cameras. While the development password hasn’t been discovered, it’s only a matter of time until it’s cracked.

This was the latest vulnerability found in dozens of announced camera and surveillance system vulnerabilities, part of hundreds of vulnerabilities found in network-connected devices and appliances in the last two years.  Once compromised, a hacker can start analyzing activity on the rest of your network and use the camera as a launch point for attacks on your data.

Sony has released a firmware update, but most owners of this system are unaware of the issue, nor vulnerability issues on other devices connected to their network. Contact RWA to schedule a free health check, and we’ll analyze the state of your network, devices, servers, and workstations and work with you on the next steps to secure your environment and protect your investments in information technology.

 

New Website Encryption Alerts

With an upcoming updates of Google Chrome, visitors to any website will notice warnings and notifications if the connection isn’t encrypted with a valid certificate. The notifications will look similar to this one…

… and will likely escalate until as the years go by until most public websites are encrypted.

We strongly recommend encrypting your business website, and RWA technicians are ready to assist. We will analyze your hosting and identify the best route you should take to encrypt your website, based specifically on your needs and the needs of your customers. For some, a new certificate from a free, automated certificate service will suffice. For others – especially those in the banking and healthcare industries – we will recommend a full Extended Validation certificate that tells your customers that your website handles your personal data or finances safely and securely.

Contact us to learn more.

1 Million Android Devices Breached – How Does This Happen?

android

It’s recently been announced that over 1 million phones have been infected by malware. Obviously, we’ve got some impressive piece of anti-virus to recommend… Right?

If you’re a regular iPhone and iTunes Store user, you have nothing to worry about. If you’re on Android, you’ll also be just fine as long as you stick with the Google Play Store or Amazon App Store. These app markets publish certified applications from registered developers, and when any malicious software is discovered, the smartphone will receive  “kill bits” that block those apps from ever running again.

When you’re using these smartphones and app stores as designed, you can’t download apps from untrusted providers on the internet. Infections will rely on hard-to-find vulnerabilities and devices that aren’t kept up-to-date. Modern apps rarely have enough access to the device to actually do damage, and they are often  completely unaware of other apps on the device and have no way to interoperate with them. This also means that most anti-virus software offerings for smartphones are ineffectual. You may be able to detect an infected Windows executable that’s been uploaded to the SD card, but that’s about it.

So, what happened in this breach? The vast majority of infected devices are in Asian countries, where far more people enable “Third Party Applications“, a feature that allows you to install apps from anywhere. Afterwards, they’ll visit shady app markets that often contain illegally cracked apps or software that is too good to be true. When they install those apps, they’ll grant nearly full permission for the app to access the device. Finally, once installed, there’s nothing preventing the app from contacting a command-and-control server, downloads additional malware, and stealing much of the user’s protected information.

Unless the device is jailbroken, a victim won’t lose complete control of their phone, but it can be a way in for hackers to find bank account information, Google Authentication, and other private data.

Our recommendations:

  • Keep Your Device Up To Date – Most of these infections happened on Android 4 – “Kit Kat”
  • Use Common Sense – Don’t download apps from people or stores you don’t trust completely.
    • Apple, Google, Microsoft, and Amazon have stringent vetting processes and the ability to instantly ban malicious actors, while most other vendors do not.
While we don’t recommend anti-virus products for typical phone users, we do recommend Intune and other MDMs for devices that need to access corporate data. This helps insure that only trusted, locked-down, and up-to-date devices can be used to access your protected information, and can wipe and reset the phone remotely if necessary. Contact RWA to learn more.

Map Charts Coming To Excel

Today, we’re taking a break from non-stop coverage of bad guys and threats posed to your organization. Microsoft announced a number of new products and updates during Ignite this week, and we’re glad to see this new feature coming to Excel through Office 365.

mapcharts

Map Charts takes a table of spatial data and generates colorized map of the results. There’s no GPS, and it won’t give you the same sort of functionality you can find in ArcGIS and certain third-party add-ons, but this is a really nice feature that’s finally included in the base package of Excel.

Map Charts will be introduced at the end of the year in Office 365. RWA is a Microsoft Partner, and when you’re ready to upgrade from an older or out-of-date version of Office, we’ll be glad to help.

Windows 10 Anniversary Update

Microsoft has recently released a major update to Windows 10. We don’t expect any major shakeups of Windows from here on out, but here’s a quick overview of the changes.

New Start Menunewstart

For families that don’t use portraits on their multi-user PCs, you can find the Switch User and Lock options under the “user” icon, shown above.

Dark Modedark

For people who spend long stretches of time looking at the screen, Dark Mode provides an experience across UWP reduces strain on the eyes. If you’re using classic desktop applications or using the PC less than an hour before you intend to sleep, we still recommend glasses that filter blue light, or color-adjusting tools such as f.lux. When using dark mode in a dark room, we also installing a bias kit lighting behind your monitor.

Edge Extensionsedgeextensions

Add-ons finally arrive in Microsoft Edge. Unlike classic plug-ins that introduced over a decade of vulnerabilities in Internet Explorer, you will need to visit the Microsoft Store in order to install approved extension, or system administrators will need to approve extensions before they can be installed on company machines.

Windows Ink

Pen support has been expanded to make it easier to capture handwritten notes, integrate with Cortana, and produce free-hand sketches.

Should you ban Pokémon Go from the workplace?

The latest mobile gaming craze has everyone from teenagers to their grandparents visiting parks, public spaces, and walking along neighborhood streets in an effort to capture 3D-animated monsters on their cell phone screen. I’ve personally seen 3 to 4 times the number of people out and about while jogging and in the parks, and many museum and memorial sites are asking visitors to refrain from playing the game.

pgony
Players need a GPS-equipped smartphone and internet access to play this game, and customers are asking about the ramifications for their business. Here’s our list of concerns:

  1. If your businesses uses Gmail and Google Apps, do not allow Pokémon Go on company smartphones.

    We understand that this is a temporary issue, currently being addressed, but the original release of the app utilized Full Access permissions with your Google Account, which could theoretically be used to compromise company data if you logged into Google Apps as well as the Pokémon Go app on the same device and Google account.

    Tools like Microsoft Intune MDM can be used to manage your mobile devices and generate a list of installed software. Contact RWA if you’re interested in learning more.
  2. Pokémon Go relies on GPS, and often fails to work indoors.

    The relatively weak signal from GPS satellites often fails to penetrate walls and ceilings, so your business may already be relatively safe.

  3. You can’t block cellular signals due to FCC regulations, but you can block access to the game via WiFi.

    If you have firewall access, simply block pgorelease.nianticlabs.com

    If you need assistance, contact RWA for a WiFi security audit or device configuration services.

As for marketing and promotion, if you’re a retail business or a medical clinic that caters to the younger crowd, we highly recommend taking advantage of the game by deploying lure modules nearby and advertising their presence on social media. In a strange twist, places of worship have a huge advantage relative to commercial businesses… They are recognized as public places and often designated “Pokestops”, giving youth pastors a new opportunity to reach out to visitors that may not regularly attend church.

If you or your children decide to start playing this game, please stay aware of your surroundings and keep safe.

Apple vs the DoJ: Is Your Smartphone Secure?

In the wake of the San Bernardino attacks this December, the Department of Justice took the unusual step of publicly filing legal action against Apple. Typically, when the federal government wants to gather evidence on criminals and terrorists, it will use secret courts to compel companies such as Apple, Facebook, and Google to release private data. In this particular case, the attacker had a government-issued cell phone for his day job, and the federal government intended to force Apple to create software that would help unlock the phone.

Does this mean that Apple can actually hack your phone? Not exactly.

Several years ago, Apple took steps to protect customer privacy by removing their own ability to unlock and decrypt the iPhone. Encrypted data can’t be accessed without a certain key, and it is protected by the combination of your PIN and a secret number unique to each device.

Any 4 digit PIN consists of 1 out of 10,000 different combinations. If a criminal had nothing better to do with his time, they could sit at the phone and try every single combination, and after a few days, they would unlock the phone. Fortunately, there several security measures in place on the iPhone to prevent this from happening. After several bad attempts to guess a PIN, it forces the attacker to wait several seconds to between each retry, followed by several minutes, and eventually an hour between each attempt. Also, if certain setting are enabled, an iPhone could permanently lock after 10 attempts.

iphone

The Department of Justice wanted a special version of iPhone firmware that would remove these security features and allow brute force attempts to guess the PIN. The iPhone will only recognize firmware cryptographically signed by Apple, and that’s why the Department of Justice required Apple’s assistance… once they obtained a special version of iPhone firmware, they would be able to upload the firmware through the iPhone’s pre-boot repair mode.

After Apple decided to fight back for several weeks, the Department of Justice asked the courts to drop the suit and will likely try this again when the public is paying less attention. In the meantime, they claim that a foreign security firm had found a way to crack the phone without Apple’s help, and in the end, no useful information was found on the terrorist’s phone.

RWA supports several Mobile Device Management services, including Microsoft Intune. Protect company data with Remote Wipe, restrict access to company data, and ensure that the latest security patches are installed on personally-owned or corporate-owned phones. Contact RWA today for more information.

Windows 10 Free Upgrade Ends July

When Windows 10 was released as a free upgrade, we were told it wouldn’t last… The current deadline for the free upgrade will be July 29th.

w10b

You can view Microsoft’s announcement below.

Don’t take a chance on an IT upgrades that may not be appropriate for your business. Prior to deploying desktop and network upgrades, reach out to RWA for a health check and network security audit. Windows 10 offers new solutions for authentication and management of your computers through cloud based solutions – Azure AD, Windows Intune, and the Office 365 suite – and some of these may be a perfect fit for your business. We’re a Microsoft Certified Partner, and we’re ready to help you make your move to Windows 10 and the cloud. To learn more, contact us today.

This upgrade is not applicable to Windows 7 or 8.1 Enterprise. These editions are almost always supported under Software Assurance through Microsoft and entitled to the latest upgrade during the term of the agreement.