SonicWall, a leading perimeter security vendor, issued a mid-year update to its annual threat report in July. Amid the global disruption caused by the coronavirus pandemic some threat trends are surprising:

  • The number of malware attacks is down by 33%.
  • The instances of ransomware are up globally by 20%, but over 100% in the US.
  • Office files (Word, Excel, and PDF) continue to be used primarily for malicious intent.

There was a huge spike of IoT malware — up as much as 50%.
Also noted, but not at all surprising: Cybercriminals are increasingly targeting the large number of employees who are working from home.

Cybercrime has increased since the start of the pandemic, and the latest targets now include medical facilities, hospitals, and research labs. These focused attacks have two purposes: First, to disrupt normal business and day-to-day activity; second, to obtain research data related to potential vaccines and coronavirus solutions. Nation states – most likely China, Russia, and North Korea – are very interested in obtaining intellectual property. Based on these attacks, it appears to be far easier for these cybercriminals to steal someone else’s work than to do their own.

New, never-before-seen malware variants found in the first half of 2020 increased by more than 60%. This occurred despite the overall decline in the number of malware attacks. From this, we surmise cybercriminals are experimenting to see what version can effectively get through normal defenses.

In the first half of 2020, Office files and PDFs comprised one third of all new malicious files. One of the key takeaways from the analysis of these files is that “threats are becoming more evasive and more nefarious.”

However, ransomware is on the rise. By way of contrast, global ransomware rose 15% in all of 2019. In the first half of this year, despite a global pandemic that constrained most business activity in the second quarter, it is up 20%.

The report notes a very strong correlation between where the coronavirus hit and when ransomware attacks occurred. Looking closely at the numbers, I believe this trend will continue, and the United States is going to experience more cybercrime during the next few months until the rest of the country (particularly the South and West) reduce the number of infections.

One of the scariest aspects of these recent attacks is summarized as follows:

“To make matters worse, many ransomware operators have taken to selling or otherwise releasing company data if the organization refuses to or cannot pay.

“Even for companies that cooperate with the criminals’ demands, the trouble often doesn’t stop when the ransom is paid. Many organizations pay the ransoms, only to find their files are irretrievably corrupted or have been wiped out altogether. Ransomware attacks are so devastating that they’ve forced a number of companies out of business.”

Here is an analogy to put that in perspective. A stranger breaks into your house, steals some of your belongings, and contacts you, offering to sell them back. You agree, and after the items are returned, you find they are damaged beyond repair. Worse, some of the personal documents you kept in your desk drawer have been published on the internet so that everyone can see your financial position. You, as an individual, would be mortified. When this happens to a small business, the consequences are enormous.

In terms of IoT – devices that connect to the internet to provide various services – the first six months of 2020 saw twice the number of attacks as 2019. The report forecasts that the end of the year may show numbers surpassing the combined values of 2018 and 2019.

In the consumer space, IoT devices include: Amazon Echo, Nest smoke alarm, Ring doorbell, various home security systems, smart TVs, and even smart refrigerators. http://iotlineup.com has an extensive list.

In the business environment, IoT devices include: smart locks, smart video cameras, and smart lights and energy management. These components comprise all the security elements of typical building management functions.

What’s the motivation of cybercriminals to attack these devices? They are looking for a “back door” into networks with lower chances of detection so they can deploy other forms of malicious software to compromise the computers on that network. It is essential for both the IoT device manufacturers and people who use them to insist that security considerations should be top of mind for all new devices (older ones are unlikely to be retrofitted).

I don’t think have made any mention of Coinhive in recent editions because I knew it had been shut down in early 2019. But just to recap: Coinhive was a cryptocurrency mining service that installed software in a computer’s web browser to exploit that computer’s resources to mine bits of the cybercurrency, Monero.

In 2020, as if there wasn’t enough anguish, there is a replacement called XMRig, another Monero cryptominer. In June, the US Cybersecurity and Infrastructure Security Agency (CISA) announced that XMRig was among the three signatures that make up 90% of potential threats.

So, there you have it. From SonicWall’s perspective, we were not even half-way through the year and things were already looking pretty dicey from a security standpoint. There is general consensus among security companies that attacks will only increase, and as the coronavirus continues to beat down United States businesses, along with the disruption from the upcoming presidential election, the cybercriminals are not going to stand idly by. They are going to take full advantage of the turmoil, and they will exploit it to the best of their ability.

Thanks, and safe computing!

Some phishing campaigns work by impersonating well-known organizations or brands. If cybercriminals send an email that looks just like one that comes from a company you are familiar with – and possibly even doing business with – then their hook is set. You can either take the bait or delete the email.

Microsoft is a tempting target for cybercriminals to spoof because it has a large number of subscription-based products, like Office, OneDrive, Outlook, and even Windows.

In mid-July, Abnormal Security, which specializes in preventing email fraud, discovered two different attacks designed to trap unsuspecting victims with subscription renewal. The crooks impersonated actual email notices from Microsoft. Their goal was to steal sensitive information from the recipients by convincing them that they need to renew their Microsoft Office 365 subscription.

The first campaign consists of an email telling the recipient that Office 365 is now called Microsoft 365 and that they should renew their subscription by a specific due date. The email contains a “Click to Renew” link that takes the recipient to a submission form requesting certain sensitive data, such as name, address, and credit card number.

In the second campaign, the email warns the recipient that their Microsoft 365 subscription has already expired and that by a particular date, they must renew it. A “Renew now” link takes the person to a PayPal page that prompts them to enter their PayPal payment details. (I had to look this up, but I learned that Microsoft does accept PayPal.) Typically, the transaction is processed directly, but in this case, it goes to the criminal’s PayPal account.
In both cases, anyone who took the bait will eventually find their PayPal payment information misappropriated and their Microsoft credentials compromised by the attackers.

Why These Attacks Work

A convincing phishing attack incorporates a variety of elements to trick its recipients. These two campaigns adopt several familiar tactics.

  • Official source. By pretending to look like an automated notice from Microsoft, the email gives the appearance of coming from an official source. As such, the recipients may be more likely to follow the instructions in the email.
  • Sense of urgency. Like any effective marketing campaign, the emails conveyed a sense of urgency by warning the recipient that their Microsoft 365 subscription needs to be renewed or has already expired. Further, both emails gave the recipient only a couple of days to renew before the deadline was up. Because Microsoft Office is considered an essential service by many individuals and small businesses, people may overlook the suspicious signs and quickly click on the link to try to renew.
  • Convincing landing page. Hosted on a web site called “office365family.com,” the landing page for the first campaign uses the Microsoft Office 365 name and branding to appear legitimate. The page also borrows images, links, and a website footer from Microsoft’s actual site. However, there are telltale signs that the page is not legitimate. The fonts are inconsistent and many of the header links are broken.
  • Real URL. The second campaign links to an official PayPal page. Yet, there’s no verification as to the product being purchased, no specific entity or individual as the payee, and no guaranteed transfer of goods.

How to Protect Yourself

To guard yourself against these types of phishing campaigns, take the following steps:

  • Double-check the sender’s name and email address to ensure that they’re coming from legitimate sources – don’t just trust the display name.
  • Double-check the webpage’s URL before signing in. Attackers will frequently hide malicious links in redirects or host them on separate websites that can be reached by safe links. This technique allows them to bypass link scanning within emails by traditional email security solutions.
  • If the web site name looks suspicious, do not enter your credentials! Instead, contact me if you have any questions.
  • Verify the information with your office administrator or IT solutions provider for cloud-based subscriptions.

Analysis

If you ask why anyone would do this, the answer is simple: these campaigns generate significant revenue for little effort. One result is straight-forward, because PayPal provides funds directly to the cyber criminal’s account. The one that gains access to a business’ email account is another way. How? Well with those credentials, they now have a list of all of their contacts. They can see who works for which business and can then craft a third, and more disconcerting scam: Business Email Compromise (BEC) or CEO fraud.

A follow-up campaign will be sent to those contacts attempting to claim missing accounts, or asking for wire transfer payments, or various “we need this funding by this time” emails that use social engineering to convince office administrators and in-house bookkeepers to send money to the stated claimant. Only, these emails are not from who they say they are. According to the FBI’s Internet Crime Complaint Center (IC3), businesses in the United States lost more than $1.7 billion in 2019 to BEC scams.

Protecting your business from this kind of malicious email threat follows similar rules to those I stated above. And I’ll add one more factor to keep yourself and your business safe: If you get an unexpected email that asks you to send funds, CALL the person who is requesting it to confirm they sent it. It takes one minute to make a call. It could save you and your business tens of thousands of dollars.

Thanks, and safe computing!

I have written frequently about various scams and wrongdoing that have been perpetrated by “bad actors” around the world. Their attempts to profit by phishing for your personal information, obtaining your company’s data, or by wreaking havoc on your computers to collect a ransom have continued unabated. According to several threat analysis reports, these violations are escalating.

Accordingly, I have built what I consider to be an adequate security solution to offset, if not lessen, those threats. But as we all know, these unscrupulous offenders are relentless in their pursuit of illegal gains – because of the high payoff from their activities.

While reducing the number of attacks is one thing, I no longer believe that it is possible to eliminate them. I want to make sure that small business owners are aware of a variety of defenses that they can put in place to help prevent various attacks from ending badly for them and their business.

If you think back in historical terms, a castle had many defenses: the moat, the drawbridge, the battlements, the inner wall, and finally, the walls of the building itself. A business must have similar levels of security mechanisms in place to prevent cyber-attacks from causing devastation. Because without multiple layers of protection, the likelihood is, something malicious will get through, and whatever that something is, it will wreak havoc on you and your business.

In mid-June, I attended a webinar that featured one session that blew my simple analogy to shreds. Bruce McCully, president of Galactic Advisors, has come up with a more sophisticated method of determining risk, and thus, identifying areas of improvement for security measures for small businesses.

His approach comprises six layers of protection, which surround the assets of a company. He defines assets as any file system data, a Human Resources system, Payroll data, or database. Those six layers are:

  1. Human
  2. Perimeter
  3. Network
  4. Endpoint
  5. Application
  6. Data

The Human layer describes, as you would expect, the actions taken by the employees of a company. They are the first line of defense against any attacks on any small business, but they are also the weakest. This is why policies, procedures, and training are so important.

The Perimeter layer describes the rules required by the company’s firewall. A firewall is an appliance that reads the incoming and outgoing internet traffic and scans for anything unusual.

The Network layer is one that focuses on how an organization connects their computers and devices.

The Application layer involves the remote monitoring and maintenance software that IT technicians employ.

The Endpoint layer consists of the computers that run next-generation antivirus security.

Finally, the Data layer is the one that details the company’s back-up and restore policies. After all, if you are not backing up your important files – with the foresight of knowing how quickly you can restore them in the event of any attack – you are not protecting your assets.

All of this seems reasonably straight forward, and it is. Where it gets more complicated is when McCully says that it is not enough to have those layers and apply rules to them. No, he adds that it is essential to add gradations to those layers. He proposes four, although not all four apply to each segment. Those categories are:

  • Prevent
  • Guard
  • Detect
  • Mitigate

Yes, it would help if you prevented terrible things from happening. It takes a significant amount of discussion with a business owner to determine just how he or she would want to go about doing that. But it would be best if you also guard against inadvertent data loss that is not necessarily controlled by people. Next is the ability to detect intrusions of almost any kind, and define the alerting mechanisms to ensure they are acted upon promptly. Finally, you must develop Breach Response Procedures and possibly involve a third-party Security Operations Center to track the elusive path of the threat vector that attacked your company — and clean up afterward.

McCully then describes three levels of business needs for each of these components:

  • Basic needs
  • Security compliance requirements
  • Compliance-driven mandates

For each of these, he includes the following scale:

  • Non-essential, meaning it is not a core component of the company’s security program.
  • Recommended, because it is necessary to educate the company about the solutions, whereby they will invest in a more secure environment.
  • Mandatory, which he defines as “table stakes items;” these are items that, if not implemented, are considered negligent.

This vast matrix of layers, categories, and levels is truly wonderful, and incredibly thought-provoking material. I plan to spend several weeks working to formulate my responses for each aspect of this new roadmap. And the very first step in this arduous journey will be to apply all of these elements to my business, and to shore up my documentation and defenses. I am certain the result of those efforts will be various proposals for new and improved ways in which to safeguard your home computers, your “work at home” laptops, and all the small business networks that I serve.

Thanks, and safe computing!

In early March 2020, there have been nearly 3,100 deaths and more than 90,000 people infected with the respiratory disease known as COVID-19 across the globe.  After months of watching this take place in other countries, the previous few cases in the United States have begun to rise – including one here in Fort Lee, NJ.

For now, the Centers for Disease Control recommends several common-sense and very reasonable precautions.  These include regular hand washing or using alcohol-based hand sanitizer, covering coughs and sneezes (with your elbow or several tissues), and staying home and avoiding public spaces if you are feeling sick.  I’d like to point out that these are inherently smart things to do during flu season anyway, but I realize that most people don’t fear the flu despite the number of people who die from that disease each year.

So what should you do if local health officials declare a quarantine?  You should have a ready supply of your prescription medicine, tissues, pain-relieving medication (Tylenol or Advil), hand sanitizer (if you can find it), and face masks.  Don’t forget to keep your phone charged so that you can call someone for help if you develop symptoms (or they worsen).  There is significantly more information available by conducting an internet search (or using the Resources listed below).

But I want to shift this discussion to businesses – either the one you own or one for which you work.  How do you handle something completely different than your everyday normal?

Try to Prevent Further Infection

If your business has many employees or if it serves the public, you must think about ways that you can reduce the chance of spreading infection. Some options include providing hand sanitizer dispensers, wiping down frequently touched surfaces with household cleaners, and a more frequent cleaning schedule for common areas and restrooms.

If your business has delivery or service vehicles, you should clean the steering wheel, commonly touched dashboard or smart-drive appliances, door handles (both inside and out), and the key fob.

Given the current circumstances, you might begin to avoid shaking hands with customers and colleagues.  Touching elbows should suffice in a pinch or even a distinct nod of your head as a way of greeting.

Internal Communications

If public health officials discourage people from attending large gatherings, you should begin to think about how your company will communicate with staff members who are forced to stay at home.  Many businesses allow that kind of flexibility anyway, so you probably already have some informal communication channels via phone and email.

You should start to formalize those mechanisms now so that you are not scrambling at the last minute.  Make sure you have an updated list of contact information (phone numbers and email addresses), so everyone can contact co-workers quickly.  If your business uses VOIP, make sure that everyone understands how to use soft-phones, and provide a quick reference guide to configure an office phone at home.

Have your staff check to see if they can access their email at home from a web browser to ensure that all remote access rules are in place and that the staff members know their passwords.  If you have not yet implemented multi-function authentication (MFA) for your email, now is the perfect opportunity to do so.  Similarly, it’s worth making sure everyone has email access from their smartphones or tablets.

For some businesses, chat systems like Slack or Microsoft Teams can be effective mechanisms for your staff to remain in touch with one another in real-time.  Another alternative, if you need to conduct meetings frequently is Zoom.  If you don’t use this kind of technology now and are interested in investigating whether you should, please contact me for a discussion.

Remote Access to Your Business

Make sure your staff has access to your remote desktop access software and knows how to use it so that they can connect to their office computers.  (Don’t have remote access to your office? Again, contact me to discuss how your needs can be met.)

Do you have specific business resources, like your accounting system, that has unique security requirements?  If so, think about what additional provisions are necessary for someone working from home.

Your Office on Empty

If most or all your staff are working from home, what does that mean for your office?  Do your physical security systems or climate settings need to be adjusted?  Do you want to set up video cameras or other remote monitoring hardware?  Heck, who’s going to water the plants?  On a more serious note, if you have an on-premises server, you want to make sure it can be administered entirely remotely, including power cycling.

It’s also worth determining who will have responsibility for the office in the event of any problems, which could still occur even if no one is there.  What if a water pipe in the building breaks, or there’s a burglary?  Make sure it’s clear who will respond.

Everyday Business Functions

Think about the regularly scheduled aspects of running your business, with an eye toward those tasks that assume the presence of certain people.  Can they run payroll, accounts receivable, and accounts payable from a remote location?  Try to ensure that every key position has at least one backup, so if one person falls ill, your business’ ability to function won’t be compromised.

If international travel is a significant part of your business, you’re already figuring out how to compensate through videoconferencing and similar technologies.  But if you regularly travel only within the country or your area, think about which trips are essential and which you can replace by using online conferencing tools.

Finally, consider how your clients and customers will react to this new situation.  It’s unfortunately likely that there may be less work taking place so that you might see a decrease in your revenue stream; on the other hand, some businesses may see an increased workload.  For instance, if the number of patients in hospitals skyrockets, those business owners who support healthcare systems may struggle under the load alongside the doctors and nurses.

I hope and pray that all these preparations prove unnecessary, but they’re worthwhile to consider and implement just the same.  Too many businesses have failed after a fire, hurricane, or earthquake renders an office uninhabitable, and such natural disasters are all too common.  Others have closed their doors because a ransomware attack caused too much disruption to their day-to-day activities.  Planning for a better outcome now – while there is time to think clearly about what must take place – will ensure your continued business success.

Resources

World Health Organization

US Centers for Disease Control and Prevention

New Jersey Department of Health

New York City Department of Health

In mid-January 2020, Microsoft issued advisory ADV200001 warning of a vulnerability in the scripting engine of Internet Explorer.  Yes, I know, that’s gibberish to most of you.  It means that there could have been an attempt to execute code in attack mode via that browser.   How?  You could have received an email with a link that explicitly opened Internet Explorer (even if it wasn’t your default browser) and been sent to a malicious web site specifically designed by bad guys.   If exploited successfully, the attacker could have gained access rights to your computer.  As Microsoft put it at the time: “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

That’s very bad (I’d segue into the Ghostbusters “don’t cross the streams” theme about the definition of the word “bad,” but I’m sure you get the idea).

At the time, Microsoft did not have an immediate fix.  As of February’s “patch Tuesday,” they announced one with the heading “Security Advisory CVE-2020-0674.”  Microsoft will be patching desktop operating systems from Windows 7 clear through the latest version of Windows 10, plus a slew of server operating systems.

The Network Operations Center will be testing this set of updates for the next seven days.  If the patches pass those tests, then the updates will be available for all of you by the end of next week.  In the interim, I have only one thing to say:  DO NOT USE INTERNET EXPLORER, USE ANOTHER BROWSER!  There are several to choose from, for example, Mozilla Firefox, Google Chrome, Opera (which I didn’t recall as being around, but it still exists) or Brave (which I’m sure you’ve never heard of), heck there are probably some of you who use Edge in Windows 10 (heaven help you).  If you’re not sure what browser is your default, write to me and I’ll let you know.

But let’s get down to the meat of this:  If Microsoft announced the problem on January 17 and only released the solution on February 11, the bad guys had a considerable amount of time to take advantage of the vulnerability, and yet the world didn’t come to a screeching halt.  But I don’t – for one minute – want to suggest that you not patch a known vulnerability.  What I recommend, instead, is a moderate amount of common sense.  And the best way to implement that would be to stop using the problem-plagued browser, even after your computer receives the patches.

Bottom line:  this exploit is explicitly for IE – so to avoid any possible unpleasantness, don’t use it.  Simple really.

Thanks and safe computing!

In plain English, cryptojacking is the stealing the resources of your computer (processing power and electrical power) to mine a cryptocurrency. Data is “mined” on a computer by using special programs to solve complex, encrypted math equations to gain a piece of the currency.

Cybercriminals are always looking for the fastest and easiest way to conduct fraud, and one was revealed in late 2017. There is a company called Coinhive, which launched a service that mines for a digital currency, known as Monero, directly within a web browser. Anyone using the computer is completely unaware that anything is amiss; unless they realize their browser is running very, very, slowly.

According to Symantec, “cryptojacking is a way for cybercriminals to make free money with minimal effort. Cybercriminals can simply hijack someone else’s machine with just a few lines of code. This leaves the
victim bearing the cost of the computations and electricity that are necessary to mine cryptocurrency. The criminals get away with the tokens.”

In early 2018, Malwarebytes published a report on the current state of cryptomining and cryptojacking. Shown below is a map, which depicts the world view and it appears that the United States is greatly affected by this scourge:

According to cyber-guy Brian Krebs, “Monero differs from Bitcoin in that its transactions are virtually untraceable, and there is no way for an outsider to track Monero transactions between two parties. Naturally, this quality makes Monero an especially appealing choice for cybercriminals.”

If you think that something is not quite right with your computer, please give me a call. I want to be sure your computer isn’t running software you didn’t know anything about (and generating profits for crooks).

Cisco Systems earlier this week released a report from its Talos cyber intelligence unit. It contained a warning of 500,000 routers and storage devices in 54 countries that have been infected with malware. Their findings (https://blog.talosintelligence.com/2018/05/VPNFilter.html) pointed to the Russian government as having sponsored the hack, calling it “VPNFilter,” and that the software was simply waiting for activation. With a high preponderance of these devices in the Ukraine, it seems that an attack might be pending, or at least imminent.

I won’t bore you with the details (and they are voluminous), but the recommendations for how to thwart the hackers are quite interesting. End users are instructed to reboot their routers, modems, and network attached storage (NAS) devices to the factory default state and then to install the latest firmware. Internet Service Providers (ISPs) are instructed to reboot routers and cable modems for their customers and to ensure the devices are patched. Those two steps should, for all intents and purposes, knock out any of the malware that may have infected the devices.

Here’s my question: How many home users – or business owners – know how to perform those two steps? I do, because it is something I learned a long time ago as part of my job. But I can’t see asking any of my clients to do that. For one thing, the recommendations didn’t take into account the main task of saving existing settings – or at least writing them down – so they could be recreated after the device was flashed and rebooted.

In a “best case scenario” I can imagine someone was using a Linksys modem they purchased from a big box store and they didn’t configure anything; they simply followed the installation instructions. But in all likelihood, the SSID (i.e., the broadcast name) of their Wi-Fi is going to change. That means all of their wireless devices – computers, printers, tablets, and phones – will also need to be reset.

The report acknowledges that most of these devices are what we frequently call “set it and forget it,” meaning that they are expected to simply do their job once they’ve been installed. My concern about the recommendations centers on the fact that most individuals have no idea how to obtain the current firmware for these network attached devices. It isn’t very obvious from any of the manufacturers’ literature (and these include Linksys, TP-Link, and Netgear) that this is a task anyone should ever consider doing.

Granted a half-million devices is only a small drop in the bucket in terms of world-wide network device distribution. Yet it seems we have entered into a new “normal” for what people need to do – and learn – in order to better protect themselves from cyber security threats.

Thanks and safe computing!

A security-based newsletter entered my Inbox Tuesday afternoon and, like a gerbil, I immediately clicked it open to see what kind of shenanigans were going on in the world of cybersecurity.  You can imagine how intrigued I was at the following title:  “Chrome Is Scanning Files on Your Computer, and People Are Freaking Out.”

Well, that certainly got my attention, and I clicked on the link to read the article at Motherboard, and a lot of the associated links, and those associated stories and their links, and before I knew it, more than 30 minutes had gone by – and my jaw was just as slack at the end of that adventure as it was at the start.

Here’s the original article:  https://motherboard.vice.com/en_us/article/wj7x9w/google-chrome-scans-files-on-your-windows-computer-chrome-cleanup-tool

I’m going to give you the “Reader’s Digest” version because I don’t know if many of you are going to read that.

Let’s start with the basics.  Google Chrome is a browser, just like Microsoft’s Internet Explorer, and Mozilla’s Firefox, and Apple’s Safari.  The browser lets you explore the pages on the World Wide Web.

The focus of this article is that deep within the Google Chrome settings, there is a ‘clean up’ option that uses a third-party product (from antivirus vendor ESET) to scan for malware that could, potentially, harm the Chrome browser itself.

One of the parameters associated with this option, “Report details to Google,” is defined as follows: “Includes information about harmful software, system settings, and processes on your computer.”  And the default for this setting is to ALWAYS SEND the data to Google!  Obviously, this setting lets Google’s developers know how to handle any problems that may have been encountered during the scan.

Now that’d be great if Chrome simply scanned a few known locations in which malware frequently appears and then closed down.

Unfortunately, as the reporter describes it, the scanner reached further into the computer than anyone would have suspected, and it was going through the My Documents folder.  I can’t imagine that any malicious software would reside there that could cause any harm to the browser.  So that’s just overkill.  The exaggerated claim is that Google is spying on you, your files, and your computer.

According to a leading Google developer, the scanner “only runs weekly, it only has normal user privileges (meaning it can’t go too deep into the system), is “sandboxed” (meaning its code is isolated from other programs), and users have to explicitly click” on a box if anything is detected.

Like I said, this is the first time I’m hearing about this.  But the text of the “agreement” you have with Google when using Chrome can be found here: https://www.google.com/chrome/browser/privacy/whitepaper.html#unwantedsoftware

I looked into this, and it seems that this clean up “feature” has been in existence for more than a year, and is only now getting any reaction.  But that’s the wonderful nature of the Twitter universe.  Someone makes a discovery; some of her followers take a closer look and get agitated; a reporter asks a few questions, and then everyone gets all riled up about the intrusive nature of a global corporation.

I doubt that any of my clients who have Chrome have EVER seen a pop-up that malware was found.  And I know that many of you use Chrome and that some of you have encountered instances of malware.  It’s simply that the software I have installed on your computers scans more frequently than once a week, is constantly updated, and – most importantly –I monitor the results (not Google!).

While I would want everyone to turn off the setting that sends data to Google, the steps I have followed do not work for more than the logged on session.  If you close your browser and then re-open it, the setting turns itself on again.  I have checked, and it seems that this setting simply cannot be eliminated.

What’s my recommendation:  If you don’t mind having your machine bogged down every now and then by a scanner over which you (and I) have no control, you can continue to use Chrome.  But I would really like to know if you ever get a pop-up from Google about malware.  Otherwise, if you’d prefer a less intrusive browser, send me an email or give me a call and I’ll install Firefox and transfer your favorites.

Thanks and safe computing!

Read More →

It is Black History Month, but it also contains Groundhog Day, Valentine’s Day, President’s Day (remind me, why did we decide to smoosh all of those birthdays into only one day?), and let’s not forget my favorite: National Margarita Day (2/22). For a short month, this is chock full of “days.”

What’s all that have to do with computers and security?

Quite a lot!

Every day, there is another announcement of some form of threat to your security: a data breach here, a ransomware attack there, new forms of malware, some other scheme for mining cyber-currency from your computer or smart phone, and even more sinister, the ever-present phone calls from “flaming idjits” that tell you about a problem with your computer that they have detected and called to help you fix. Please! That one just makes me angry. (Although you might be amused at the sheer number of individuals whom I’ve told to engage in physical acts that would require contortions beyond the ability of most…)

I know that no one can be kept on “high alert” day after day without getting weary of it. It is tough for me, and it is a major aspect of my job. I am always pleased when one of my clients gets an email and forwards it to me to ask, “Is this legitimate?” or “What should I do about this?” That means you’re staying on your toes and looking out for your own safety. That’s what I want you to do; that’s what I need you to do.

However I don’t know how many others are getting emails and continuing down the path of – there’s no other word for it – ignorance, and clicking on that link. Because, despite all of the protections that I’ve put in place on your computers, there is still the risk that if you click on a link in an email something bad could happen.

So what should you do if you are attacked?

1. First of all don’t panic, although that’s what most people do.

2a.  Simply pull the Ethernet cord from the back of the computer (there’s a little hitch to squeeze in before you unplug it).

2b.  Business owners, you need to make sure the affected computer is no longer communicating with the server.

3.  Do NOT turn off the computer! You will lose any forensic information that is available. I’m going to need that data to help remediate the problem.

4.  Call me immediately, and use your phone to send me an email with a photo of what’s on your screen so that I can identify the exact nature of the problem.

5.  Let me handle this for you – it is not a “DIY” (do it yourself) project! Don’t start “Googling” for the fix! Some Russian firm with 500 employees wrote the malware and will charge $79.95 to your credit card to fix the solution they created in the first place. And it won’t get fixed – you’ll simply be scammed…

6a.  After I have assessed the damage, and if it is necessary, you can reach out to the local police and to your insurance company.

6b.  For business owners, this is a reminder to make sure you get, or review, your cyber-liability insurance policy.

There, some “tough love” on Valentine’s Day. I hope that you don’t have to go through any of this, and can simply relax and enjoy National Margarita Day with me.

Thanks and safe computing!

A client called in on my support phone earlier this afternoon and told me that she had a “Microsoft System Security Alert” screen that was talking to her and that she couldn’t do anything with her computer.

I launched a remote session, and by using the Windows Task Manager I quickly ended the Internet Explorer applications that were running. It was a fast and easy fix for a really stupid problem.

I was extremely grateful that this particular home user called me, instead of the 800 number that was on the bogus alert screen (shown below). But my relief was short lived.

A few minutes later she was back on the phone saying the fraudulent alert was on her computer again. I killed it and ran a scan with Malwarebytes, which turned up nothing.

I reassured her that everything was fine.

When she called a third time, I had to ask what it was she was doing – so she showed me. She launched Internet Explorer and it opened on AOL’s home page. She told me she wanted to go to Amazon to check on a book. And she did so using the AOL Search bar and typing in Amazon.

On the resulting page AOL search results list (shown below), she clicked on the first link that was displayed. I finally understood exactly what was going on.

You see, that is a sponsored advertisement, meaning some organization paid AOL money to highlight their “product” based on a search. Underneath that is, in fact, Amazon’s legitimate web site listing.

I used this as an instructional moment by turning on Internet Explorer’s Status bar. I moved the mouse over the Amazon site link to show that https://www.amazon.com appeared in the Status bar. I then moved the mouse over the ad, and the following bunch of gibberish appeared:

https://174036060.r.bat.bing.com/?ld=d3iEIp8CztNDVVjNTYoqXRUjVUCUzK_5V032YvPMriEHbBBDFcwsFXQFK3s2qR9MgRW_xhZ9J5SlsoSk6f38u2TnHoDCUsZUB1JUNHwTr9OuZjeHpOBGhVUOyzHQ20xE-ECR9lob4HeScYrxeY00wTrgAAZ5Wu2BEbi0Pb9RjRzi-woEAc&u=http%3a%2f%2fgoo.gl%2fyD6Nby%3furl%3dhttps%253A%252F%252Fwww.amazon.com%252Fbooks-used-books-textbooks%252Fb%252Fref%253Dnav_shopall_bo_t3%253Fie%253DUTF8%2526node%253D283155

I calmly pointed out that if my client knew which web site she wanted to go to, she could simply type it in the address bar of the browser and go there – no searching necessary. She’s glad to have learned that.

What I can’t figure out is how in the heck AOL permitted this ad to be displayed in the first place. By having it up there, they are actively enabling those sleazebag “support agents” to run rough-shod over the typical older AOL user, who does not have a Managed Services Provider to answer her support phone calls.

It took 15 minutes to get through to an AOL Support rep. I’m hoping – after demonstrating exactly what we found – that AOL will take this ad down and pursue the bad actors in some way. Of course, that probably won’t happen…

Beware!

Update 09/07/2017: AOL has removed this ad from the search results list. Probably the fastest action they have ever taken…