For about the last year, TRI has been moving customers to our virtualization solution. A big part of this move is due to the cryptovirus craze. TRI uses a technology that allows us to snapshot the virtual machines (or a network file share), and then rollback to a specific hour sometime within the previous 2 week period. We have on-boarded numerous new customers who had unfortunately fallen victim to crypto viruses, but recently, we had a customer on our solution get hit with a cryptovirus. This is their story.
Hello everyone! In this quarter’s newsletter we’re going to cover scareware, general maintenance tasks that can be done to keep your computer working well, and some discussion on what mesh wireless networks are, and how they work. So, let’s dig in!
What is Scareware? Scareware is a pop up that show up while on the internet telling you, you’re infected. You are not infected, it is not until you take action with the popup that you get infected (by clicking or calling).
The first thing you should do is Shut Down your computer. Many of them tell you not to, but that is because the scareware is loaded into your RAM (temporary working space). Once the computer shuts down that is cleared. The first thing I will ask when called is did you shut down your computer.
What I’d like to touch on with this article is more for our regular users. You don’t need a degree in computer science to understand that user accounts all over the internet are getting breached. So what can a regular user do to help protect their accounts? The quick and easy response is to say, “Enable two-factor authentication.” But as we’ve found with the Reddit breach, not all forms of two-factor authentication are created equally.
Easily the most common form of two-factor authentication out there right now is the SMS text message-based. Let’s say you log into GMail, you put in your user name, your password, and then GMail sends you a text message with a code that you have to put into the website before your login is complete. That’s SMS based two-factor authentication. That’s widely considered to be better than no two-factor authentication at all.
I want to do is talk a little bit about other options that exist. Specifically with GMail, as a lot of our clients use GMail, both for personal accounts, and G Suite for business.
TRI Newsletter – December 2018
Charity Scams to Watch Out for During the Holidays
‘Tis the season of giving, which means scammers may try to take advantage of your good will. A surprising fact about American donation habits is that everyday folks like yourself are the single largest driver of charitable donations in the United States. Giving USA’s Annual Report on Philanthropy found that individuals gave $286.65 billion in 2017, accounting for 70 percent of all donations in the country.
TRI Newsletter – October 2018
Browser Spyware Infections “scareware”
Please continue to be diligent and aware when going online to surf the web or check your email. I still get calls 2-4 time a day about attacks of “Scareware”. The first thing you should do is Shut Down your computer. Many of them tell you not to, but that is because the scareware is loaded into your RAM (temporary storage). Once the computer shuts down that is cleared. The first thing I will ask when called is did you shut down your computer.
(Example of browser “scareware”)
There’s a new email scam in town, and it’s taking people for quite a bit of money. The scam asserts that it has captured video of the recipient watching porn using their computer’s web cam, and threatens to send that video, along with the video the recipient was supposedly watching, to everyone in the recipients contact list. The twist? They give the recipient a password that the recipient has used in the past. It might be the distant past, or recent past, or even a password that’s currently in use.
This new twist lends a scary amount of credibility to the scam. To that end, as Vice reports, the culprits have made off with over half a million dollars so far in this scam. We’ve already had a number of clients call in about this scam, and our advice is to not pay the extortion money. You can find the full text of one of these emails on Kerbs On Security’s site, but I will post a snippet below.
Microsoft is stating that there is an increase in the number of phony tech support calls, The Register reports. Microsoft puts the number of tech support scam calls at about 153,000, and roughly 15 percent of those calls resulting in the victim losing money.
It’s important for everyone to remember that Microsoft will not call you to fix a problem with your computer. The two big reasons are that basically 90% of the computer-using world are their customers. That’s a lot of customers, and would require an impossibly large support team. The other reason is verification. Microsoft cannot verify who you are, and you cannot verify that it is actually Microsoft that’s actually calling you.
If you get a call from someone claiming to be Microsoft, do not give them any of your personal information, and do not let them remotely connect to your computer. If you have any concerns about such a call, feel free to reach out to us and we will assist in any way that we can.
An ArsTechnica article posted today is talking about a rash of websites that have been compromised, and are now delivering phony web browser updates to site visitors.
What’s important for our clients to understand is that all major web browsers have a control method for updates. Internet Explorer and Edge are updated through Windows Update. Chrome and Firefox both phone home and download updates from their trusted sources. There is never a legitimate reason for a website to distribute an update to your web browser.
As always, keep your anti-virus software up-to-date, and if you run into any problems, Reinforcements are just a phone call away.
Symantec had a bit of a bumpy 2017, starting out with the mis-issuance of roughly 30,000 secure website certificates. For a very in-depth read on that, check out Ars Technica’s post here.
With the mis-issuance issue in mind, The Register kindly reminds us that in mid-April of this year, Google Chrome is going to stop considering certain certificates issued by Symantec as being valid. This means that if you visit a site with one of these certificates, you will get a security warning before you see the actual web site you were intending to visit.
We just want you to be aware that these security warnings could be coming. It’s possible that site owners will have upgraded all of their certificates before the deadline. But if they don’t, then for those of you using the Google Chrome browser, you may expect to start seeing these warnings sometime in April. For those of you using Mozilla Firefox, the warnings should be popping up a month later in May. Unfortunately I couldn’t find time lines for Microsoft Internet Explorer or Edge.
The main take away is that if you see these alerts, give it some time. Don’t put any personal information into a site that has thrown one of these warnings. Given the wide spread popularity of Google and Firefox, web site administrators will be keenly aware when the switch has been flipped, if they weren’t aware already.
Ars Technica reports on a vulnerability to some Cisco firewalls. You can read their article here:
What does this mean to TRI customers?
Well, it looks like the vulnerability exists in Cisco’s ASA software that is used in many of their firewalls (note: some of the firewalls running the software don’t necessarily say ASA on them). If you’re using one of the affected firewalls, and you’re using WebVPN, you should patch immediately. That brings us to the next hurdle. Patches for Cisco devices either come from behind their paywall, or by contacting their Technical Assistance Center (TAC). Some people are reporting slow response times from TAC, and if you don’t have current support with Cisco, the download behind their paywall is out of reach.
If you’d like assistance assessing your firewall, working with TAC, or even replacing your firewall if it’s simply too old, we are here to help.