It is Black History Month, but it also contains Groundhog Day, Valentine’s Day, President’s Day (remind me, why did we decide to smoosh all of those birthdays into only one day?), and let’s not forget my favorite: National Margarita Day (2/22). For a short month, this is chock full of “days.”

What’s all that have to do with computers and security?

Quite a lot!

Every day, there is another announcement of some form of threat to your security: a data breach here, a ransomware attack there, new forms of malware, some other scheme for mining cyber-currency from your computer or smart phone, and even more sinister, the ever-present phone calls from “flaming idjits” that tell you about a problem with your computer that they have detected and called to help you fix. Please! That one just makes me angry. (Although you might be amused at the sheer number of individuals whom I’ve told to engage in physical acts that would require contortions beyond the ability of most…)

I know that no one can be kept on “high alert” day after day without getting weary of it. It is tough for me, and it is a major aspect of my job. I am always pleased when one of my clients gets an email and forwards it to me to ask, “Is this legitimate?” or “What should I do about this?” That means you’re staying on your toes and looking out for your own safety. That’s what I want you to do; that’s what I need you to do.

However I don’t know how many others are getting emails and continuing down the path of – there’s no other word for it – ignorance, and clicking on that link. Because, despite all of the protections that I’ve put in place on your computers, there is still the risk that if you click on a link in an email something bad could happen.

So what should you do if you are attacked?

1. First of all don’t panic, although that’s what most people do.

2a.  Simply pull the Ethernet cord from the back of the computer (there’s a little hitch to squeeze in before you unplug it).

2b.  Business owners, you need to make sure the affected computer is no longer communicating with the server.

3.  Do NOT turn off the computer! You will lose any forensic information that is available. I’m going to need that data to help remediate the problem.

4.  Call me immediately, and use your phone to send me an email with a photo of what’s on your screen so that I can identify the exact nature of the problem.

5.  Let me handle this for you – it is not a “DIY” (do it yourself) project! Don’t start “Googling” for the fix! Some Russian firm with 500 employees wrote the malware and will charge $79.95 to your credit card to fix the solution they created in the first place. And it won’t get fixed – you’ll simply be scammed…

6a.  After I have assessed the damage, and if it is necessary, you can reach out to the local police and to your insurance company.

6b.  For business owners, this is a reminder to make sure you get, or review, your cyber-liability insurance policy.

There, some “tough love” on Valentine’s Day. I hope that you don’t have to go through any of this, and can simply relax and enjoy National Margarita Day with me.

Thanks and safe computing!

Look, I know that as a business owner, office administrator, or practice manager you get emails from people that you don’t necessarily immediately recognize. It happens to everyone.

By the same token, you’d be hard pressed to ignore an email that was sent in response to one of yours.

That is unless, of course, you didn’t send the original email.

I was quite surprised to see an email from Ronald Perez telling me about an invoice. More so because he included my text regarding a call I was going to make to him.

Unfortunately, the “original” email is fake.

I always close with the word “Thanks!” and have a closing email signature. Neither of which appear in this email.

Looking very closely at the link, it goes to some confabulated address that I’m sure would attempt to ask for a user ID and a password – if it didn’t first attempt to download a key logger to track my future movements over the internet.

It is the very start of the holiday season, so please look carefully at the emails that you receive – BEFORE you click on the link.

And if someone is asking you to pay for something you didn’t order, simply delete it.

I thought that when Mozilla released Firefox 57, code named Quantum, it would live up to the recent hype about how fast it would be.

I did not find that to be the case.  My home page is www.google.com and it would take almost 10 seconds to load it.  That is ridiculously too slow.

I did some research and found others had complained about slow response and freezing web browsers.  The net result is a simple fix:  turn off the Accessibility Services (if you don’t need it).

  1. Click the menu button Fx57Menu and choose Options.
  2. Select the Privacy and Security panel.
  3. Go to the “Permissions” section.
  4. Check the Prevent accessibility services from accessing your browser checkbox.
  5. Restart Firefox.

Simple and sweet – and it works!

Here is the KB article if you want to read the entire description of these services and how you might be affected if you disable them: https://support.mozilla.org/en-US/kb/accessibility-services

Hope that helps!

 

Think back to the first time you ordered a book on Amazon.com. Wasn’t that a miraculous experience?

Just the thought of not having to sit in traffic to drive to the mall, and the ability to avoid the crowds while you sat at your desk and browsed through thousands of books without screaming kids or having someone looking over your shoulder as you decided between two authors. All of that was achieved with cloud technology. Of course, back then you used dial-up technology to connect to the internet. Things were slow, but you didn’t care – you thought that it was wonderful.

My, what a difference a decade has made!

The simple fact is, cloud computing is NOT a good fit for every company, and if you don’t get all the facts or fully understand the pros and cons, you can end up making some VERY poor and expensive decisions that you’ll deeply regret later.

First, you’ve got to review the standard features of any cloud-based software product. These include flexibility in terms of migrating your existing data to the software vendor’s product, thus obviating the need for hardware expenditures. You’ll be in a position to give your employees the ability to collaborate on the same information at the same time even if they are in diverse locations. And lastly, you will be able to scale up (or ramp down) the number of software licenses to match the speed of growth within your organization.

So if you are interested in using cloud technology for your business, you must start with your internet connection; in this case, the faster the better – as long as it fits within your budget. And, as a successful business owner, you know that something can go wrong at the most in opportune time and you know that you want to avoid that. Therefore, you should ask your IT professional about a cellular failover device to provide redundant back-up service for your internet service provider’s service.

When you work with any cloud software vendor you must understand that they will be keeping YOUR data on THEIR servers. You should find out from the software vendor how they will protect your data from any form of breach, and what actions they will take on your behalf if such an event occurs.

And, because your data is an integral part of your business, you have to ensure that it is backed-up as well as protected. By moving to the cloud you do not get to forego standard data-related housekeeping chores; you simply offload the responsibility to another party. But you should ascertain that they are going to be good stewards of your information by asking them how often data is backed up, and what their retention scheme is.

You will also want to review any and all mechanisms available to you if you decide to terminate your arrangement with the cloud provider. Reasons for this can be varied: They may be going out of business; you may feel you can no longer work within the constraints of the product because it has not evolved over time; or your organization has grown to the point that the product no longer suits your needs. At the very least, you don’t want your data to be held hostage. It is, after all your data. Know beforehand about the means to download it or how you could perform a data migration to another vendor.

All of this means that you should carefully review all of the terms and conditions associated with your account. If you are unsure of anything, or how you would be affected, print it out and have your lawyer review the document.

Because you’ve read this post, I’d like to offer you a FREE Cloud Readiness Assessment to show you there IS a better way to upgrade your computer network AND to demonstrate how a truly competent IT professional (not just a “computer guy”) can guide your company to greater profits and efficiencies, help you be more strategic, and give you the tools and systems to fuel growth.

To respond, please call our office at 866-912-8808 and ask for me, Larry. I personally want to take your call to answer any questions about this blog post, my company, and how we might be able to help you.

I think that I know my client base well enough to know that the majority of you don’t use Twitter, although you probably do know someone who does (no, I don’t mean that guy who seems to be in the news every day for his posts). Unfortunately, what is happening now with that venue is getting out of control.

In the past few weeks if someone in politics, or in the news media, tweets something that is antithetical to another group’s beliefs, that person’s inbox will be filled to the brim immediately with targeted opposition posts. There are these things called “bots” (short for robots) that are now spewing out antagonist tweets at an unprecedented rate. And they are using Twitter to attempt to change the course of political and social discussions.

We all realize now that the 2016 presidential race was subject to Russian cyber-meddling. Some analysts say that the recent ferocity of the latest assaults is but a mere preview of what could be coming in the 2018 elections. The purpose of these bots is to sow discord, and so far, they are succeeding. While top Russian officials have repeatedly rejected accusations of meddling, the top U.S. intelligence agencies are telling us otherwise.

I’ll certainly bet you never thought the information you got on your mobile device came from a robot programmed to serve up garbage, but it is happening. And now, more than ever before, you now have to question the integrity of the information that you receive. On the one hand, ever since the election Twitter has taken steps to counter false news and kill off fake accounts. On the other, unfortunately, the bots are also getting savvier at dodging detection.

A client called in on my support phone earlier this afternoon and told me that she had a “Microsoft System Security Alert” screen that was talking to her and that she couldn’t do anything with her computer.

I launched a remote session, and by using the Windows Task Manager I quickly ended the Internet Explorer applications that were running. It was a fast and easy fix for a really stupid problem.

I was extremely grateful that this particular home user called me, instead of the 800 number that was on the bogus alert screen (shown below). But my relief was short lived.

A few minutes later she was back on the phone saying the fraudulent alert was on her computer again. I killed it and ran a scan with Malwarebytes, which turned up nothing.

I reassured her that everything was fine.

When she called a third time, I had to ask what it was she was doing – so she showed me. She launched Internet Explorer and it opened on AOL’s home page. She told me she wanted to go to Amazon to check on a book. And she did so using the AOL Search bar and typing in Amazon.

On the resulting page AOL search results list (shown below), she clicked on the first link that was displayed. I finally understood exactly what was going on.

You see, that is a sponsored advertisement, meaning some organization paid AOL money to highlight their “product” based on a search. Underneath that is, in fact, Amazon’s legitimate web site listing.

I used this as an instructional moment by turning on Internet Explorer’s Status bar. I moved the mouse over the Amazon site link to show that https://www.amazon.com appeared in the Status bar. I then moved the mouse over the ad, and the following bunch of gibberish appeared:

https://174036060.r.bat.bing.com/?ld=d3iEIp8CztNDVVjNTYoqXRUjVUCUzK_5V032YvPMriEHbBBDFcwsFXQFK3s2qR9MgRW_xhZ9J5SlsoSk6f38u2TnHoDCUsZUB1JUNHwTr9OuZjeHpOBGhVUOyzHQ20xE-ECR9lob4HeScYrxeY00wTrgAAZ5Wu2BEbi0Pb9RjRzi-woEAc&u=http%3a%2f%2fgoo.gl%2fyD6Nby%3furl%3dhttps%253A%252F%252Fwww.amazon.com%252Fbooks-used-books-textbooks%252Fb%252Fref%253Dnav_shopall_bo_t3%253Fie%253DUTF8%2526node%253D283155

I calmly pointed out that if my client knew which web site she wanted to go to, she could simply type it in the address bar of the browser and go there – no searching necessary. She’s glad to have learned that.

What I can’t figure out is how in the heck AOL permitted this ad to be displayed in the first place. By having it up there, they are actively enabling those sleazebag “support agents” to run rough-shod over the typical older AOL user, who does not have a Managed Services Provider to answer her support phone calls.

It took 15 minutes to get through to an AOL Support rep. I’m hoping – after demonstrating exactly what we found – that AOL will take this ad down and pursue the bad actors in some way. Of course, that probably won’t happen…

Beware!

Update 09/07/2017: AOL has removed this ad from the search results list. Probably the fastest action they have ever taken…

It is bad enough that the inhabitants of the greater Houston metropolitan area, as well as huge swath of Texas, have experienced one of the worst natural disasters to ever befall the United States. But now, just as the sun is beginning to shine on the Lone Star State, the lowest of the low have begun to crawl out on the internet to take advantage of their suffering.

Yep, that’s right. There are already dozens of sleazebag web sites and email campaigns out there attempting to cash in on unsuspecting Americans who want to donate to relief efforts after the devastating hurricane. It never ceases to confound me that there are such technologically gifted individuals who feel it necessary to enrich their thieving lives by creating bogus web sites.

According to leading security investigator Brian Krebs (https://krebsonsecurity.com), “The Federal Trade Commission (FTC) issued an alert on Monday urging consumers to be on the lookout for a potential surge in charity scams. The FTC advises those who wish to donate to stick to charities they know, and to be on the lookout for charities or relief web sites that seem to have sprung up overnight in response to current events.”

The advice that Krebs offers includes this helpful note. “The FTC also warns consumers not to assume that a charity message posted on social media is legitimate, and urges folks to research the organization before donating by visiting charity evaluation sites, such as Charity Navigator (https://www.charitynavigator.org/).”

I have taken a look, and the Charity Navigator web site has links to a handful of local Texas-based organizations that can directly use the funds if anyone wishes to donate. While I was there, I reviewed their rating of the Red Cross. I had to stop for a moment and say, “Wait, what?” Sure enough, they are not ranked high because their overall administrative costs are out of line with most other organizations. And, as I discovered with some additional research, the funds you donate on their site for this event may not necessarily be used for hurricane relief. Suffice it to say: You’ve been warned.

Introducing AOL Desktop Gold

You may have received – or in all likelihood will receive – an email from AOL that reads, in part:

Thanks to one of my clients for forwarding this email to my attention. I had not heard of this before now, so I did some research.

From what I have read in a variety of online forums, this software is a complete travesty. It functions poorly, doesn’t address the needs of most users, and is subject to frequent crashes and computer freezes despite the (supposedly) frequent updates from AOL.

I’m not certain what they were thinking – other than asking hundreds of thousands of older adults for $4.99 a month to be able to send and receive emails – but for those of you who have not paid anything for AOL for years, this is a pretty drastic change.

AOL is saying that because they will now offer two-step verification, your AOL account will be more secure. They will be encrypting the emails that are saved on your hard drive so that no one will be able to read them, thus providing you with more protection. And, because you are a paying customer, you’ll have access to their tech support (definitely not US-based).

So, what should you do?

I am going to recommend that you DO NOT install this software unless you want the headache(s) of dealing with it. If there ever was a time to break free of the AOL desktop software, it is now. It should not be too difficult, but I’m going to cover the available options – and there are only three.

First, you can opt to sign up to receive the new AOL Desktop Gold software. You must have an existing AOL account and (at some point) you’ll have to provide your credit card for the monthly $4.99 charge. The first 30 days are free.

Now I called AOL customer support, and after waiting about 20 minutes for a representative, I asked about that little asterisked statement at the bottom of the email. The one that reads, “To avoid being charged the recurring subscription fee, simply cancel before the free-trial period ends.” This means exactly what it says. You can decide you don’t want to pay for this new software before you get charged. And when you tell AOL that, the software will stop working. Seriously. You won’t be able to access your emails – or your contacts. And you won’t be able to go back to the old desktop software version because the new one has scrambled the crap out of your emails. This is a one-way ticket. I warn you not to do it. If you run into a problem after you install this, I won’t be able to help you – you’ll have to call AOL tech support for help.

Second, you can keep your old software and use AOL in a browser. You will have 30 days from when you receive this email notification until your desktop software will no longer work in terms of sending or receiving email. So you can decide to bite the bullet and use a web browser to work with your new emails, as millions of people do. This isn’t a particularly awful transition, because things are pretty much where you expect them. And it is still AOL and all of your stuff is there for you.

Your existing desktop software will continue to let you access all of your email that was “Saved to my PC.” You will be able to use any browser (Internet Explorer, Firefox, Chrome, or Safari) to access your mail directly at http://mail.aol.com, where all of our “Saved to AOL” mail exists, as well as your contacts.
All of your downloaded email attachments can be accessed through the Download Manager in your old version of the AOL Desktop software, or through Windows Explorer in the folder where the files were originally saved.

I’m sure at least one of you is going to be curious and ask: Can I archive my old mail? The answer is: Sure you can; but you have to do it one at a time. There is no automated mechanism. You have to open the email, select File, then chose the type to save it as, and then you have to use a unique name for each one. If you have thousands of emails, you’ll have to work non-stop throughout those 30 days just to get a small portion of them saved. Not worth the effort…

Third, you can give up using AOL and use another email service. And this means changing your email address, which I know is a horrifying thought. The two free services that I suggest looking at are Outlook.com and Gmail.com. Changing your email address means that you would have to contact everyone you know to say, “Hey here’s my new email address.” You’ll also have to update any website where you sign in, and update any email subscriptions, and your phone and tablet. It is a huge effort, but I wanted to cover all the options. Irrespective of which one you chose, you can save your existing AOL contacts and import them.

Outlook, provided by Microsoft, is a free service that uses the same enterprise infrastructure that Microsoft uses for Fortune 100 companies. Only because you are not a company, you will receive AOL-like ads in your email. You can reduce some of them by using the privacy features in the profile settings. The web interface is clean and pretty straight-forward.

Gmail is offered by Google. It is free; it can be accessed on any web browser anywhere as well as on mobile devices. Similar to AOL, it is not ad-free. The company will display targeted ads; only not based on your activities in Gmail, but instead on things like your Google searches, the YouTube videos you watch, the apps you use, and the websites you visit. You can opt out of those targeted ads — but not Google’s data collecting — by turning off “ad personalization” in your personal Google settings.

There you have it, three not so great possibilities, but that’s the way of the email world in 2017.

AOL is rolling out this change in waves, so it may be some time before you receive the notice. I just wanted you to be aware of what’s going on, and to prepare for it.

Any questions, let me know in the comments.

The Washington Post reports “Massive cyberattack hits Europe with widespread ransom demands.” Updates from The New York Times indicate that this new attack has even spread to businesses in the United States.

Barely six weeks have elapsed since May’s WannaCry ransomware attack, which crippled more than 300,000 computers around the world. It is clear cyber-criminals are increasing their efforts to obtain cash. What we are witnessing now is merely a prelude to even more, possibly terrifying, attacks.

As you know, ransomware is malicious software that takes over the files on your computer by encrypting them and then posting a message telling you that if you want your files back, you’ll have to pay money (ransom) to the cyber-criminals who performed the deed.

The major form of currency for payment is Bitcoin, a block-chain mechanism for payment that provides complete invisibility for the cyber-criminal. It is both currency and a monetary system. Back in January 2017, one bitcoin averaged round $900. Throughout May, when the last ransomware attack took place, prices doubled to roughly $1,800. In mid-June, for reasons that are still unknown, the price skyrocketed to $3,000. And, as of this writing (June 27, 2017), the price is down to $2,374.

What accounts for the price changes? Bitcoin is considered a commodity, and the fact that there are a fixed number of coins available, causes speculators to “bid” and “ask” on the amounts just like stocks.

As for the causes for the recent spate of attacks? A group called the “Shadow Brokers” exposed hundreds of NSA hacking tools earlier this year. Software, with names like “Double Pulsar” and “Eternal Blue,” ended up in the public domain. Once out in the open it became quite clear to cyber-criminals that anyone who could download that code, build out a distribution method, and set up a bitcoin account would be in business rather quickly.

What the perpetuators of WannaCry found out — all too quickly — was that they needed a better back-end support system of “help desk” operators to explain to people how to obtain bitcoins and how to provide payment. In the end, one researcher found a controlling website name, purchased it, and effectively turned off the ability of the malware to “phone home.” As a result, files were not encrypted and the bit-coins did not reach the cyber-crooks. The lack of adequate planning “cost” them hundreds of thousands of dollars.

The majority of computers that were affected in May were running Windows XP, an older operating system that Microsoft stopped supporting in 2014. Yet there were also thousands of Windows 7 computers that didn’t have the April 2017 Microsoft monthly update installed.

There’s the 1999 film quote: “The first rule of Fight Club is: You do not talk about Fight Club.” Well, the first rule of running Windows is: You really have to install your Microsoft updates.

So why, if businesses know these horrifying threats exist, don’t they update their computers? I don’t have an answer for that, because not patching computers doesn’t make any business sense. You can say you don’t have the time or the manpower, but those are not valid excuses. Because the reality is this: if you want to continue to use your computers while these scourges exist, you should invest in an automated means of patching them!

What else should you be doing?

You should be verifying your backups and check that they have all of your data. If one of your computers gets hit, you must have the ability to restore those encrypted files. If you don’t take backups now, then add that to your list of things to do.

Finally, you need to upgrade your security tools. If you only use an anti-virus product that scans for known virus signatures, you are not adequately protected from these zero-day threats. You must have a modern, enterprise-grade, Internet Security product along with malware protection.

What is a small business or individual supposed to do if they get hit with ransomware? For one thing, they should contact the FBI and the local authorities. In 2000, the FBI established the Internet Crime Complaint Center (IC3) at htttp://www.ic3.gov where you can fill out an online form to file your complaint.

In the recently released 2016 Internet Crime Report, the FBI reports the IC3 received:

  • 2,673 complaints identified as ransomware with losses of over $2.4 million.
  • 10,850 tech support fraud complaints with losses in excess of $7.8 million.

Wait; what’s that? Last year, the FBI received four times as many reports of fake “tech support” complaints as they did for ransomware. And those cases cost small businesses and home users three times as much money!

This leads me to conclude that more people fall for the phony phone calls from “Microsoft” saying there are problems with their computers — but are willing to report and admit it — than they are about reporting being a victim of ransomware. Undoubtedly this is because the files that were encrypted were client-related and could cause substantial problems for their business and have ramifications in terms of bad press, privacy breach notifications, and possible law suits.

Where is all of this going to end up? I’m only certain of one thing. Cyber-criminals are going to continue to up the ante because they are going to go where the money is. Consider the bad actor parked across the street from a high-end automobile lot wirelessly loading malware into the electronic control units (ECU) of the cars waiting to be delivered. As security research firm FireEye reports, “a group of vehicles disabled on a busy highway could cause serious disruption. Municipal authorities may have little choice but to pay the ransom to reopen a busy commuting route.”

Every hardware component and computer that relies on software must be patched automatically, your Internet Security software must be enterprise-strength, and back-ups taken and inspected regularly. The threats already exist out there, and they are not going to go away any time soon.

In a recent article about ransomware and the affect it has on small businesses, the author states that “security experts say the first thing to do after a ransomware event is to upgrade security and backup processes.”

I had to read that twice before I realized how true it was and how erroneous the statement is.  If an IT consultant is taking these steps after the fact, then they have failed to adequately protect their client.  I cannot see working that way – it is backwards, last generation thinking.

You want to engage with an IT consultant who prepares an entire range of security measures for blocking the possibility of ransomware from affecting your small business in the first place.  Implementing heightened security and backup after the fact won’t cut it; security measures have to be implemented before a calamity occurs.

A new proverb in our industry states that “there’s at least one employee in the office that will click on anything.”  And because that is more often true than not, you need more than the standard list of preventative measures in place, which consist of:

  • Making sure you are running a robust security solution (Internet security, anti-virus, and anti-malware)
  • Keeping the operating system up-to-date
  • Avoiding the use of plug-ins (such as Java, Adobe Flash, and Silverlight) in your web browsers
  • Being careful with email attachments and links in emails from people you don’t know

While those steps are usually issued to help safeguard home users, a small business owner also needs to include the following elevated measures:

  • Employing an advanced Unified Threat Management device (firewall)
  • Enabling server and desktop back-up to a local device and the cloud

These additional factors should help obviate the statement made by the sources for the article’s author.

However, the most important step any security-conscious IT consultant must take is to ensure that appropriate employee education takes place on a regular basis.  This is because the ransomware threat landscape is constantly evolving. Cybercriminals have found a highly effective and lucrative approach to illegally making money.  As new forms of socially engineered threats appear, employees must be reminded and their awareness must be sharpened to distinguish between a valid email and a new phishing threat.

If you want this kind of training for your staff, contact me for further information.  Don’t be a victim to ransomware!