Category: Uncategorized

Watch Your Google Docs: Program Being Used to Disseminate TrickBot Malware

Beware of any Google Doc emails you receive. Cyber attackers are using the word processing program for a phishing scam that disseminates TrickBot malware.  

Take extra caution if you receive a Google Docs document sharing email in the near future — it may be a phishing email.

Cofense, a computer and network security company that specializes in phishing scams and data protection, has recently revealed a new cyberattack, which uses Google Docs as its “Trojan horse.”

The scam plays out like this:

1. A user receives a Google Docs document sharing email. The document looks legitimate, and indeed, it is legitimate. Google Docs generates such emails when one user wants to share a Google Docs file with another user.

The text in the email states:

“Have you already received documentation I’ve directed you recently? I am sending them over again.”

2. The email also receives a new button (added by the attackers), which says “Open in Docs.” This button, when clicked on, redirects the user to a new Google Docs landing page.

3. Once the user has arrived on the landing page, they’ll see an error message. This message is fake and says “404 error.”

The idea is to get the user to believe that there was an initial error with the document download and to have them click on a malicious download link — one created by the attackers.

4. The user will click on this link, which is actually the payload of the malware. It’s the malicious software, which will corrupt the computer once downloaded.

The download link appears to be legitimate. In fact, it looks like a PDF document and even has an extension of “.pdf” like a legitimate file. The attackers engineered this extension by taking advantage of the fact that known file type extensions are hidden in Windows (as a default measure). Furthermore, they use a PDF icon as the malware program’s icon, even though the program is not a PDF at all.

5. Once the file has been clicked on and downloaded, the malicious software will begin doing its dirty work on the target’s computer. In this case, the malware is called TrickBot, and it’s an extremely popular and dangerous banking Trojan.

As soon as its executed, TrickBot gets to work and continues being highly active at corrupting its host device. It will begin to copy itself repeatedly onto the device — once every 11 minutes for 414 days. If allowed to run, it will also begin launching an increasing number of Svchost processes.

What Is TrickBot?

TrickBot is a type of malicious software and also goes by the name of TheTrick, TrickLoader, and Trickster.

Discovered in October of 2016, TrickBot is ever-evolving. It has been updated and upgraded continually over the past several years and continues to be a menace used in phishing scams.

TrickBot was originally a type of banking Trojan, and it still is, but it now also has the ability to drop additional malware wherever it lands. As a type of banking Trojan, the main goal of TrickBot has been to obtain sensitive financial information from host devices.

Basically, anything sensitive would be sucked up by TrickBot and delivered back to the source who disseminated it. When TrickBot is on your devices, it can obtain things such as login information for the financial institutions you visit online and drop additional malware such as the equally popular Emotet.

TrickBot can even drop ransomware onto a device. If this occurs, sensitive data and system access may be locked up and/or blocked off. A message will be sent to the device user that their data and/or system access is being held for ransom. Unless the user pays a large sum of money, their data will be lost forever.

How Can You Avoid Falling Victim to This Google Docs Phishing Scam and Others?

Phishing scams remain the chief way that cyber attackers corrupt files, filch information, and steal finances. A phishing scam almost always comes in the form of an email (although such scams can also be operated over the phone).

The goal of a phishing email is to first get the recipient to believe it is legitimate. Therefore, it will be appear to be from a source such as Google Docs, a bank, the IRS, or even a co-worker. The next step is to get the recipient to click on a link, download an attachment, or take another such action, which will inevitably lead to the launch of malicious software.

The best way to protect yourself and your company from phishing scams is to have the appropriate security software and hardware measures in place. Additionally, all employees must be continually educated on how to avoid falling victim to a phishing scam and on trending phishing attacks.

What to Do Now That Support for Windows 7 Is Ending

In just a few short months, support for Windows 7 will come to an end. Is your business ready?

If your business is currently operating Windows 7, it’s time to switch to Windows 10. Microsoft will be ending technical support for Windows 7 in January 2020.

 

An enormous number of businesses throughout the United States use Windows operating systems to run their companies. In fact, Windows famously runs the majority of the world’s entire population of computers — including those used in business and personal computers (PCs).

Each of these Windows computers has its own version of Windows’ operating system (OS). Right now, the most popular operating systems are Windows 7 and Windows 10. Windows 7 was originally released ten years ago in 2009, and Windows 10 was released in 2015.

Now, Microsoft is phasing out its support for Windows 7. According to the company, this was always the plan:

“Microsoft made a commitment to provide 10 years of product support for Windows 7 when it was released on October 22, 2009. When this 10-year period ends, Microsoft will discontinue Windows 7 support so that we can focus our investment on supporting newer technologies and great new experiences.”

So, when will this change take place?

According to the company, “The specific end of support day for Windows 7 will be January 14, 2020.”

They go on to say: “Microsoft strongly recommends that you move to Windows 10 sometime before January 2020 to avoid a situation where you need service or support that is no longer available.”

What Does the End of Windows 7 Support Mean for Your Business?

First off, it’s important to note that this change is definitely a big deal.

While the initial reaction of some companies and individuals may be that “end of support” doesn’t really matter, this assumption would be rather reckless. If you fail to update to Windows 10, Microsoft’s imminent cessation of support for Windows 7 has the possibility of causing your business huge problems. Specifically, the end of Windows 7 support means that Microsoft will no longer be providing any type of technical support and absolutely no software or security updates or fixes to this operating system.

As a result, if you run into a major technical problem with a computer running Windows 7 after the end-of-service date (January 14, 2020) or if your security is breached, you’ll get no assistance from Microsoft.

While this realization is shocking (and possibly rather annoying) for many, Microsoft has been warning users about the impending change for a long time. If you have Windows 7, you should have been receiving consistent advisories to this effect. Additionally, if you work with an IT service provider, they have likely been alerting you of the future change as well.

Security Issues With Microsoft 7 Moving Forward

One of the biggest reasons to update to Windows 10 is to ensure your company’s security in the face of possible cyberattacks.

When Microsoft says they’ll no longer be providing Windows 7 support, one of the things they’ll no longer be doing is providing security updates. Normally, Microsoft tracks security issues closely. When a specific cyberattack trend or weakness in their system becomes obvious, they release an update to fix the problem or better fend off would-be attackers.

On January 14, 2020, this will stop.

Unfortunately, cyber criminals are gleefully anticipating this date. They will take full advantage of the security gaps left in Windows 7 operating systems if they can. Those who fail to leave Windows 7 and move to Windows 10 will, of course, be the targets.

Have Questions About the Switch to Windows 10?

To be sure, Windows 10 promises to provide many useful updates and upgrades for Microsoft users. At the same time, the transition from Windows 7 to Windows 10 will certainly bring inevitable challenges. You and your employees will be forced to change some of your habits, and certain features you’re used to may become obsolete or have new properties.

If you haven’t already, now is the time to update your business’s software to Windows 10. Doing so sooner rather than later will allow for the fewest number of complications.

If you have questions or concerns about making a smoother transition from Windows 7 to Windows 10, speak to your IT service provider as soon as possible. There are steps you can take to make this transition less of a trial for yourself and your employees.

Cybercriminals no longer act alone. Find out the strategies and means cybercriminal networks are using to launch dangerous attacks against your organization. 

According to technology industry blogs, cybercrime incidents are growing by 15 percent each year and cybercrime has become the most profitable type of criminal activity around the globe. Cybercriminals are no longer acting alone and carrying out destructive activities that are relatively simplistic. Instead, cybercriminals have become more sophisticated in their approach. Activities are more damaging and organized. IBM’s CEO and president has stated that the new cybercriminal dangers are “the greatest threat to every profession, every industry, every company in the world.” Being aware of the fact that cybercriminal activity is now executed using the same types of structures and approaches seen in businesses can help IT leaders guard against the dangers cybercrime presents.

Common Types of Cybercriminal Activities

The scale and scope of cybercriminal activities have evolved swiftly since the 1990s. Back then, cybersecurity-related attacks entailed destroying websites and executing simplistic codes that reflected a strong dislike of the corporate culture. Now, modern cybersecurity-related attacks have not only embraced the notion of the corporate model, but have exploited the corporate world’s reliance on digital connectivity. Common cybercriminal activity now involves extortion, the theft of data and information, and sabotage. The design and spread of ransomware through electronic means reaps over $11 billion annually.

Hierarchical Structures

Besides using more sophisticated and profitable methods of wreaking havoc, cybercriminals have formed networks that resemble hierarchical structures within traditional organizations. Many groups of cybercriminals are led by someone who operates as a pseudo executive of a firm who designs an overarching strategy and tasks that are delegated to other leaders who resemble middle managers. In turn, those who work on developing malware and ransomware code are concentrated in a single “department,” while another group is focused on developing and executing distribution methods. Each group represents and operates like a functional department within an organization. Training and recruitment programs are also developed and executed for hackers that wish to join these extensive cybercriminal networks. Knowing that these networks are employing the same strategies and tactics as an experienced corporate marketing department means that any cybersecurity defense plan has to respond in an identical fashion.

The corporate structure and mentality have resulted in the equivalent of million-dollar salaries for some. Cybercriminals are also starting to incorporate other types of illegal activities into their “business models.” Some of those activities include illegal drug production and distribution, human trafficking, and counterfeit goods. Stopping and removing the threats that cybercriminals pose mean considering the possibility that these cybersecurity threats are occurring in conjunction with seemingly unrelated activities. Any defense plan must consider all possibilities and guard all potential and vulnerable points of access.

The Dangers of Purchasing Third-Party Computer Accessories

Think all computer accessories and cables are safe? Think again! Learn how your next accessory purchase could expose your organization to hackers and threats.  

Buying third-party accessories for computing devices can save money, but what if those purchases ended up being the cause of a cybersecurity attack and the exposure of your company’s sensitive data? New third-party charging cables that have come on the market could be your next data breach culprit if you’re not careful. According to a blog post written by NewQuest IT Solutions, modified versions of Apple’s Lightning cables could be used to gain unauthorized access to your organization’s devices. A hacker can use the wireless implant embedded in the cable to commit an intrusion simply by typing in the cable’s IP address.

How It Works

Since the third-party cable cannot be identified as counterfeit with the naked eye, it is easy for many to be fooled into believing it is legitimate. When you plug in the cable to charge or sync a device, a hacker can now access all the information on that device. The wireless implant inside the cable sends out signals equivalent to a Wi-Fi hotspot. By typing in the cable’s IP address, the hacker is able to pull up data from the device, install malware, send scripts and other commands. The hacker can accomplish all of this as long as he or she is within 300 ft of the cable’s wireless signal.

Devices at Risk

Any device that uses a third-party charging cable or accessory is at risk. That risk increases if multiple third-party accessories are plugged in or the supplier of the accessories could be considered suspect. Although the example highlighted by NewQuest IT Solutions is applicable to Apple devices, there are enough third-party cables and accessories for Windows-based devices that can make them far from risk-adverse. Smartphones, computers, tablets and older devices like the iPod that sync are all vulnerable.

What to Look For

To avoid buying counterfeit accessories and cables, double-check the packaging, the accessory and the supplier. Only purchase third-party accessories that are labeled as certified. Another way to avoid a potential cybersecurity threat is to only purchase from trusted and verified suppliers. Finally, consider switching to OEM versions whenever possible. Although the initial or per unit cost might be higher, it could save you and your organization a more expensive headache in the long run.

Outsourcing Managed IT Services Improves Business Goal Achievement

Industry leaders require a laser-focus on profit-driving initiatives. Outsourcing an organization’s IT oversight saves time, money, and keeps everyone on task.  

Whether you are a decision-maker for an upstart, mid-sized, or large corporation, outsourcing IT support, maintenance, and cybersecurity oversight can improve your operation. Managed services conducted by a third-party outfit with experience and expertise, brings high-level knowledge to the table that most business team members lack.

That’s generally because industry leaders staff their organizations with people who deliver profit-driving benefits. Managing an in-house IT team tends to distract from the goal-achievement tasks that keep an operation competitive and successful. Owners, CEOs, and other captains of industry with heightened IT needs would be wise to consider these five benefits of outsourcing.

1: Risk Reduction

Every business operates with a certain degree of risk. Those risks include fines for not meeting changing government regulations or falling behind competitors in cost-effective technology applications, among others. But perhaps the greatest threat that businesses of all sizes and every sector face are data theft and hacks. Without a doubt, less-than-adequate cybersecurity applications, protocols, and employee preventative training present the greatest threat to your organization.

2: Cost Consistent Budgeting

Entrepreneurs working hard to grow fledgling operations often have thin budgets. Every dollar counts and financial constraints generally do not allow for overspending. People in the private sector are fully aware they cannot manage a thriving enterprise using the faulty methods of the federal government. Either you have the revenue, or you don’t.

Managed IT service contracts allow decision-makers to allot a specific sum toward computer network oversight. There are no excessive payroll taxes, or unexpected overtime hours to strain the company’s resources. You write one monthly check and renegotiate when your managed services agreement expires.

3: Heightened Expertise

Perhaps the greatest difference between hiring an in-house IT team and outsourcing is the improved access to specialized knowledge. Some small and mid-sized operations think it’s savvy to hire a recent technical school graduate who has been immersed in the latest trends and technologies. That thinking seems reasonable on its face.

But the inherent flaw is that your outfit often requires that person, or team, to focus exclusively on your system and operations. What you lose over time is their immersion in trends, new applications, heightened cybersecurity threats, and other pertinent issues. A third-party managed service provider invests its time, resources, and people into cutting-edge training. When a managed services expert reviews your system, they bring the latest knowledge to every task. It’s simply not cost-effective to pay an IT team and then have them attend far-away seminars for weeks at a time.

4: Avoid Potential Downtime

After cyber-theft and hacks, downtime ranks among the most costly setback a company can experience. Imagine for a moment, you are looking out over your offices and employees are unable to work because the system is down. Now imagine you are paying them to not perform the necessary tasks to meet the business’ financial necessities.

When you outsource your IT needs to a third-party provider, it’s not uncommon for them to conduct due diligence, and preventive maintenance while your profit-driving staff is not on the clock. Smooth functioning networks are a type of hidden benefit that companies gain by having 24-7 IT services.

5: Improved Business Focus

Goal-oriented thought leaders enjoy improved success when they are able to focus on the things that make a company successful. Unless you are running a managed services outfit, computer issues, cybersecurity, and managing an IT team is not the best use of your time and brainpower.

Business visionaries achieve goals and enjoy the fruits of their innovation and labor by maintaining a laser-focus on industry trends, cost reduction, improved production, services, and staying ahead of their sector’s learning curve. It’s essential not to get bogged down in seemingly peripheral issues such as IT. Maximizing your skillset and outsourcing IT maintenance and oversight to a professional is the smart play.

Maximizing budgetary resources in a way that delivers the cutting-edge IT needs of today’s business community may be best left to professionals. When industry leaders take the time to do the math on best practices and profitable outcomes, third-party managed IT services remain a tried-and-true practice.

Are You Ready for the Cloud?

With a clear, comprehensive implementation plan, you can minimize downtime and disruptions while you move your data and applications to the cloud.  

Let’s walk through the 5 W’s + How.

• Who?
• What?
• When?
• Where?
• Why?
• How?

No, this isn’t an intro to journalism course. Instead, we’ll use this formula to break down your options for finding the best IT outsourcing firm to help you move your health care practice to the cloud.

What Should You Be Looking For?

Clouds are private, public or a hybrid of the two. These labels can be confusing. Public clouds aren’t open to the public and private ones serve as remote data centers for a single health care provider.

To decide the best cloud for your organization, determine what you’re actually looking for. Choose from a service that supplies platform, infrastructure or software as a service — PaaS, IaaS or SaaS. Relevant considerations include company size, HIPAA impact and what you wish to accomplish.

Who Is the Best Cloud Provider?

Healthcare IT News identifies seven top providers:

• Amazon Web Services, who developed these services first, has aggressive pricing and releases new features regularly. Their main service is IaaS.
• CDW Cloud Solutions, familiar to many healthcare organization, offers a variety of services, such as migration planning and project support.
• IBM Cloud, ClearDATA, Google Cloud Platform, Microsoft Azure and VMWare receive honorable mention.

It’s best to look into several services to determine the best one for your IT needs.

When Is it Time to Switch to the Cloud?

Most companies have some kind of cloud-based functionality already. For those still deciding whether to switch, the following questions can help clarify your thoughts.

• Who can help us with the migration plan?
• Is the management team stable?
• What’s the strategy driving the move?
• Are local providers reliable?
• Is it in the budget?
• Will we net a positive return on our investment?

These questions get right to the heart of the matter and help you find out if your team is ready, able and willing to make the switch.

Where Should the Data Centers Be Located?

The physical location doesn’t matter that much. It’s more important to replicate data and applications in distinct regions for redundancy and to ensure access to your data. Where you locate or have your IT consultants locate your backups is determined by the technology and configurations that work best with your systems. In fact, if you’re paying for around-the-clock monitoring, location becomes irrelevant.

Why Are You Thinking About Moving to the Cloud?

This question is a bit outmoded. A better question would be, “Why wouldn’t you move to the cloud?” That’s a question most companies have or are asking themselves right now. Cloud systems scale easily and they’re cheaper than the cost of maintaining your own local data centers. In the cloud, critical processes, such as data replication or disaster recovery are more straightforward.

Cloud services also offer a pay-as-you-go model that fits the budget of more practices and startups. While data security used to be considered a risk on the cloud, new technology has helped ensure the security of your systems and client data.

How Can You Get There?

Vet out an experienced healthcare IT provider that’s handled multiple cloud implementations and integrations. Reputable providers should be able to share their own cloud models, provide references, and ensure that you start and end with a reasonable budget.

Scalability is key in the cloud. It’s one of the major benefits, so make sure your organization is in a position to leverage it. With the right cloud set up, scaling up your user base should be easy and hassle-free. The documentation your IT consulting provides should include detailed plans regarding the tools and features needed for HITECH and HIPAA requirements. With a clear, comprehensive implementation plan, you can minimize downtime and disruptions while you move your data and applications to the cloud.

Are you working closely with your CFO to determine the most efficient and effective methods for maintaining your business infrastructure? These questions will help you drill in.  

Are your financial operations taking more time and effort than you realize? There are plenty of ways to reduce the overhead and operations cost of your finance team, but that starts with asking your CFO some tough questions. Finding the right business solutions to support your organization begins with a thorough knowledge of the landscape and the pressure points and redundancies that could be relieved through automation. The answers that your CFO provides to these searching questions will help you make the right decisions when you consider upgrades to your technology infrastructure.

1. Are we addressing compliance issues that are concerning for our business?

Business compliance goes far beyond the requirements for HIPAA, personal privacy and employee security. Today’s compliance requirements are varied and complex for even the simplest organization. If you are capturing or maintaining personal information — much less financial or health information — chances are your business is subject to California’s Consumer Privacy Act and those of several other states, besides. You’ll find a comprehensive state-based map online at the International Association of Privacy Professionals. Ensuring that your data stays safe and that you’re fully complying with these laws often falls to the CFO in terms of education, but the technology team in terms of implementation of the strategies.

2. Where do you see slowdowns during monthly, quarterly and annual closing?

Closing the books is a process that happens on a regular basis, but that doesn’t mean it’s fully routinized. Even the simplest tweak to this ongoing process may be enough to save thousands of hours of productivity over a relatively short period of time. Looking closely at the business’s models for this ongoing operation can identify some weak points that can be addressed through automation or software updates.

3. What are the barriers to fully integrating metrics into our organization?

Using metrics throughout the organization is a great way to keep your business running smoothly — and also quickly identify areas that need a little extra attention. Are there systems that do not work well together? Perhaps a large variety of solutions providers whose “solutions” are causing problems with other business units? Whatever the issues are, identifying what it will take to get to a unified metrics system for the organization may point to some opportunities to apply consistency to your operations and platforms.

4. Are there opportunities to reduce the cost of delivering a secure and efficient infrastructure?

Providing a secure infrastructure for your business is a critical success factor, but are you currently knocking it out of the park — or falling down on the job? If your teams are frustrated with the speed of change and you’re concerned that your operations aren’t fully secure, you may have some work to do on your infrastructure. Even something as simple as slow WiFi or poor networking in conference rooms can reduce the effectiveness of your staff and boost frustration levels beyond the breaking point.

One key way to improve efficiency, reduce costs and heighten security is to work with advanced technical support staff to review your business operations and ensure that you’re taking full advantage of the opportunities available on the market today. Leaders at the largest organizations in the world routinely work with external service providers to ensure that they have access to the tools and technology needed to create a secure and consistent infrastructure for their business.

Microsoft Vulnerability Affects Most Recent Operating Systems

Learn about two recently discovered vulnerabilities that could put your company’s computers and operations at risk and what Microsoft is doing to fix the issue.

Two newly discovered security vulnerabilities could put Windows users at risk of attack if they do not download and install security patches Microsoft recently issued.

What Are the New Microsoft Security Flaws?

Nicknamed DejaBlue, the two security flaws are designated CVE-2019-1181 and CVE-2019-1182. They are similar to the BlueKeep vulnerabilities Microsoft issued patches for in May 2019. The newest flaws, like Bluekeep, could allow hackers to create so-called “wormable” attacks that easily can be spread from one computer to another without any interaction from a user.

The main difference is that the newer security vulnerabilities are potential threats to newer versions of Windows products.

What Systems Does DejaBlue Affect?

There are potentially hundreds of thousands of computers that could be affected by the Windows worm. They sit within the Windows Remote Desktop Services (RDS) package. According to Microsoft, the vulnerabilities could affect the following systems:

• Windows 7 SP1
• Windows Server 2008 R2 SP1
• Windows Server 2012
• Windows 8.1
• Windows Server 2012 R2
• Windows 10 (all supported versions, including server versions)

That’s a massive number of potential targets that could be infected if the patches are not deployed and active monitoring tools are not in place.

Windows XP, Windows Server 2008 and Windows Server 2003 are not affected.

How Does DejaBlue Work?

Like with BlueKeep, the vulnerabilities can be used to exploit RDP, a tool that administrators use to connect to other computers on a network. Hackers could then use that exploit to code and load a worm that is automated. It would “jump” from one computer to another, potentially affecting millions of computers quickly.

What makes the DejaBlue and Bluekeep vulnerabilities so dangerous is that they can propagate without any user interaction.

What’s more dangerous is that the new vulnerabilities differ from BlueKeep, which targeted Windows 7 operating systems. The new exposures could affect Windows 7 and all recent versions of Microsoft’s operating systems. That amplifies both the risk and the potential impact.

“At this point, nearly every contemporary Windows computer needs to patch, before hackers can reverse engineer those fixes for clues that might help create exploits,” notes Wired magazine.

While a British intelligence agency, GCHQ, is credited with identifying BlueKeep, Microsoft notes that it identified the new threats itself. To date, no evidence that exists that indicates the vulnerabilities were known to third parties, the company said.

“These vulnerabilities were discovered by Microsoft during hardening of Remote Desktop Services as part of our continual focus on strengthening the security of our products,” Microsoft said in a release.

The scale of the potential damage is extraordinary. As of July 2019, there were as many as 800,000 computers worldwide that were still vulnerable to BlueKeep, with a much larger potential threat from DejaBlue.

What Can We Do to Protect Against Cybersecurity Threats?

The key to maintaining a secure network is developing a comprehensive, multilayered security strategy. A managed services provider can partner with you to develop a cybersecurity plan that includes:

• Comprehensive network perimeter monitoring using next-generation firewalls to detect, contain, disable and destroy threats
• Continuous monitoring of systems, endpoints and users
• Automated downloading and installation of software and firmware updates, upgrades and patches that respond to emerging threats
• Anti-malware, anti-spam and anti-virus software installed on each user’s machine or device, updated automatically, and analyzed to determine potential threats
• Email and data encryption
• Password security, including multifactor authorization
• Mobile device management, including remote location finding, disabling and wiping functions
• Cloud solutions for secure hosting of data, apps and operating systems
• Business continuity and disaster recovery planning
• Employee training

Having the right security in place greatly reduces your risk of being affected by a cyberattack that can debilitate your business, ruin its reputation and cost thousands to repair.