Issues With Internet Based Devices After Expired SSL Certificate

Recently, a number of Roku streaming channels mysteriously stopped working, leaving customers scratching their heads trying to figure out what went wrong.

After some research, Roku's support staff discovered that the issue stemmed from a global certificate expiration.

They advised impacted customers to update their certificates manually by visiting the company's website and following the instructions posted there.

Since Roku's announcement, both Stripe and Spreedly experienced similar disruptions that traced back to the same root cause. This issue has revealed a hidden flaw in the design of many, if not most Internet of Things devices, and many of them will ultimately suffer the same fate.

IoT devices are becoming increasingly popular, but unfortunately, making use of them is fraught with peril. Most have no security at all, and few have anything more than the most rudimentary security protocols in place and can be hacked with relative ease.

Worse, as this issue highlights, many IoT devices simply have no means of receiving updates automatically, which puts users on the hook to manually update every smart device they have in their homes.

Security researcher Scott Helme had this to say about the issue:

"This problem was perfectly demonstrated recently, on 30 May at 10:48:38 GMT to be exact. That exact time was when the AddTrust External CA Root expired and brought with it the first signs of trouble that I've been expecting for some time."

"We're coming to a point in time now where there are lots of CA Root Certificates expiring in the next few years simply because it's been 20+ years since the encrypted web really started up and that's the lifetime of a Root CA certificate. This will catch some organizations off guard in a bit way."

Heme notes that the next potentially significant date will be 20th September, 2021, when the CA certificates issued by DST Root CA X3 are slated to expire. If you have one or more IoT devices in your home, be aware, and be prepared to manually intervene when they stop working.

Call SpartanTec, Inc. if you the help of IT experts in securing your devices, network, and data. 

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

This New Malware Is Hitting Exchange Servers To Steal Info

Protect Your Company Data Webinar
June 25 1:00 EST
Register Here

In late 2019, a new strain of malware called "Valak" was detected. In the six months that followed its initial discovery in the wild, more than 30 variants of the code were detected.

Initially, Valak was classified as a simple loading program.

As various groups have tinkered with the code, it has morphed into a much more significant threat, and is now capable of stealing a wide range of user information. That is, in addition to retaining its original capabilities as a loader.

Researchers from Cybereason have cataloged the recent changes to the code. They found it to be capable of taking screenshots, installing other malicious payloads, and infiltrating Microsoft Exchange servers, which seems to be what it excels at.

Most Valak campaigns begin with an email blast that delivers a Microsoft Word document to unwitting recipients. These documents contain malicious macro codes, which is an old, time-tested strategy.

If anyone clicks on the document and enables macros, that action will trigger the installation of the malware. Chief among the executables run is a file called "PluginHost.exe," which in turn, runs a number of files, depending on how the Valak software is configured. There are several possibilities here including: Systeminfo, IPGeo, Procinfo, Netrecon, Screencap, and Exchgrabber.

It is this last one that is used on Microsoft Exchange servers and is capable of infiltrating a company's email system and stealing credentials.

It is the extreme modularity of the malware's design that makes it a significant threat worth paying close attention to. Cybereason found more than 50 different command and control servers in the wild, each running a different strain of the software, and each with wildly different capabilities. However, they all share a common infrastructure and architecture.

Stay on the alert for this one. We'll almost certainly be hearing more about it in the weeks and months ahead.

Call SpartanTec, Inc. now and let our IT team help you improve your cybersecurity measures.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Making This One Mistake With Your Network Can DESTROY Your Business

Protect Your Company Data Webinar
June 25 1:00 EST
Register Here

A lot of businesses wait until something breaks before they fix it. And even then, they may take a “patchwork” approach to fixing the problem. They are reactive rather than proactive. Sometimes taking a reactive approach is fine, but other times, and depending on the circumstances, it can lead to even bigger problems.

When it comes to network security, for example, being reactive to problems can be downright dangerous. It’s not just hackers you have to worry about. There are power outages, data loss, equipment failure and more. In IT, a lot can go wrong. But if you’re proactive about cyber security, you can avoid many of those pitfalls.

Reactive IT support used to be the norm. Most network security specialists went to work after something went wrong. Unfortunately, some businesses still have this reactive mindset when it comes to their IT and network security. They have an “it won’t happen to me” attitude. The truth is that these are the people most at risk. It’s not a matter of if, but when. Hackers and cybercriminals are more active than ever.

Thankfully, proactive support is now the norm. More and more IT services and security firms have the tools and resources to protect you BEFORE the worst happens. So, why partner with an IT services company?

There are many reasons why it’s a good idea. One great reason that doesn’t often get talked about is that working with an IT services company is an added value for your customers. When they know you’re taking IT security seriously – and when they know their data is safe – their trust in you is boosted.

When you build trust, you build loyalty, and customer loyalty is getting harder to come by these days. Plus, happy, loyal customers are much more likely to refer you to others who may be in need of your services. That alone makes investing in proactive IT security worth it.

Here’s another reason why working with a proactive IT services firm makes sense: it’s MUCH easier than trying to do it yourself. Many small businesses simply don’t have the resources to hire an internal IT specialist or a team. Not only can that be very costly, but it’s also rarely practical. Think of it this way: if you hire an IT specialist to handle your network security, manage cloud backups and provide general IT support, then what happens when they take a day off or take a vacation?

Having a dedicated IT specialist on your team isn’t a bad thing, but they can be stretched thin very easily. You could be left with gaps in your support should anything go wrong. Suddenly, you don’t have anyone you can call. Working with a dedicated IT services firm solves these problems.

To take that a step further, good IT services companies are also great at catching problems before they become problems. They can catch things that might not have even been on your radar. For example, if your cloud backup service isn’t backing up your data correctly, or is backing up the wrong data, they’ll catch that. Maybe you’re saving data that’s not properly encrypted. They’ll catch that. Maybe you have an employee using software that’s months out-of- date. Again, they’ll catch that.

When you call up an IT services company and say you want to take a proactive approach to your network security, they should be willing and able to provide just that. An experienced firm will have a team with the training, certification and experience required to tackle today’s cyberthreats, while managing your network’s day-to-day needs.

They know IT because they live IT. They help with data recovery should anything go wrong; they are your help desk when you have questions or concerns and they keep your onsite malware protection up-to-date. They are tailored to your business’s specific needs. And as you grow, they adapt to your changing needs.

Put an end to the outdated way of thinking about IT security. It’s time to be proactive and to recognize your company’s vulnerabilities before they become vulnerabilities. You just have to make the call. Get in touch with SpartanTec, Inc. now and let us help you.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Only 33 Percent Of People Change Password After Data Breach

Protect Your Company Data Webinar
June 25  1:00 EST
Register Here

 

A new study was published by researchers from the Carnegie Mellon University's Security and Privacy Institute and was presented at the 2020 IEEE Workshop on Technology and Consumer Protection.

The study has grim news for IT Security Professionals.

The key finding in the report is that only about one third of users will change their passwords after a company announces a data breach. This information was based not on survey responses, but on browser histories collected from the 249 participants who volunteered to open up their browser history for the purpose of the research.

The browser history data was collected between January 2017 and December 2018 and included both a complete map of all of the websites each participant visited during that time, and the passwords used by each user to access sites that required a login.

Over the course of the study, only 63 participants had accounts on breached domains during the data collection period, and of those, only 21 (33 percent) changed their passwords. Worse, 6 of the 21 took longer than 3 months to do so.

If that wasn't disheartening enough, most of the changed passwords were highly similar to the old password used. They were similar enough that simple brute-force techniques would be successful in giving a hacker access to the accounts in question, even after the password change.

It should be noted that this study was quite small in scale and limited in scope, so additional studies should be conducted to see if the trend holds up over time. However, it does provide a valuable, and worrisome data point that should give IT Professionals pause.

Education is the best way to combat this, but few companies spend the time and resources necessary to truly impart the seriousness of the consequences of a data breach. In addition, the message simply isn't getting through. That's unfortunate, and it could have tragic consequences, both at the personal and Enterprise level.

Call SpartanTec, Inc. if you need help in securing your business or client information.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Tips For Protecting Your Business Printers From Getting Hacked

Companies invest on resources that could help keep their devices and technology secure, however, they tend to overlook one important piece of hardware, the printer. Business printers, just like Wi-Fi networks and computers, could become an entry point for cybercriminals and hackers as well as a gateway to the sensitive information of your business. Here are a few things you need to know about making sure that your printers are safe and secure.

Why are business printers vulnerable to cyberattacks?

When evaluating the threats to network security, firms mainly focus on computers and servers not just because they are the ones that are most susceptible to external threats, but also since they get the bulk of online attacks. Printers are usually at the bottom of the list because they are not the main targets. Aside from that, their functions appear to be internal because they don’t interact with the external systems.

However, it is exactly because of their main functions, primarily scanning and printing, that make printers the perfect target of cybercriminals. Companies run crucial documents like employee information, tax forms, financial statements, and even medical records through printers and cybercriminals would love to have access to these information.

And they can easily do it.

Network printers store past print jobs in the hard drive, in some cases including those that were cancelled. If anybody tries to access the printer, even remotely, they might be able to see these important information by using a specialized tool to hack into a printer.

Files may also be hacked during wireless transmission since modern printers could now be linked to the internet. Hackers can exploit the open network ports of your printer to view data and they could also take control of vulnerable printers and send their own data through it.

How To Protect Printers

You should not disregard business printers when you are planning a cybersecurity approach. Always keep your printers secure by adhering to these basic practices:

• Always monitor your network
• Install printer software patches and updates right away.
• Always change the administration login and default password.
• Only allow devices that are owned by the company to connect to your printer.
• You should only use secure connections when linking to the printer.
• Don’t access your printer through a public internet connection.
• Use a firewall to restrict access to your printer.
• Prevent unauthorized access by requiring users to key in a PIN before they could print documents especially if you have a wireless printer.
• Don’t connect your printer to just any network especially if you are handling classified data. You should connect it directly to your computer by using data cables. You can also print using a thumb drive.
• Enable manual feeds so you can secure your printouts. With this setting, a user needs to input paper manually so there are less risks of dealing with stolen documents or leaving these important documents in the printing area.

Partnering with an IT company is also a good way to secure your business printers. IT experts do not just deal with your printed related problems but also other computer security concerns.

Call SpartanTec, Inc. and let our experts help you thwart cyber attacks, reduce your IT management costs, and keep your printer safe and secure.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

New Data Breach Affected Some Bank Of America Loan Applicants

If you're like many business owners, you may have recently applied for a loan through the Paycheck Protection Program (PPP) which was one of the COVID-19 relief funds established by the Federal government in response to the global pandemic.

If you applied for that loan through Bank of America, be advised that the company recently disclosed a security incident that impacted its online platform for processing those loan requests. The company says that it is possible that other lenders or organizations may have temporarily had access to significant portions of your application data.

The breached data included, but was not limited to:

• Your business' name and physical address
• Designated company contact officials
• Your firm's Tax Identification Number
• The name of the company owner
• The Social Security Number of the company owner, as well as the owner's email address, phone number and citizenship

Based on the initial findings of an investigation into the matter, Bank of America says that an SBA test server was at the root of the problem.

Per a company spokesman, "...this platform was designed to allow authorized lenders to test the process for submitting PPP applications to the SBA prior to the actual submission process."

The company's official words on the matter makes the issue seem rather insignificant, but there's more. Some business owners have reported that when they logged back into the system to check the status of their loan application, they could see the details of other loan applicants in their dashboard. That means that potentially, many more people than just 'authorized lenders' may have seen the details of your loan application.

The investigation is still ongoing, and so far, Bank of America has declined to comment on the growing number of reports described above, or offered any additional information. If you submitted your application to the PPP loan program by way of Bank of America, just be advised that for a brief period of time, others may have gained access to your application details, and that the problem that caused it has now been solved.

Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID complements that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime.

SpartanTec, Inc. is a local BullPhish agent. Contact us today for details.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Emails Saying Your Antivirus Is Expired Are Likely A Scam

A great many companies selling antivirus software have affiliate programs that help them expand their reach. Each time an affiliate sells a copy of the software, they get a cut.

It's a good business model used in a wide range of industries, and antivirus software companies have strict rules governing how their affiliates can market.

Unfortunately, not everyone plays by the rules. Recently, BleepingComputer sounded the alarm after being made aware of a scammy email campaign that uses deceptive marketing to try and convince people to buy their product.

The emails claim that the recipient's antivirus software is out of date, and provides convenient links allowing them to renew. The problem is, their software isn't out of date at all. It's a lie, designed to frighten people who aren't necessarily tech savvy into spending money they don't need to spend, all in the name of lining someone's pocket.

All scams take advantage of a few basic realities of modern life: Many people are too busy to check themselves to see exactly when their antivirus software expires. Many more simply don't know how. In both cases, an email recipient is likely to just sigh, pull out his or her credit card and spend a few bucks to keep the machine they're on protected.

It's easy to understand why the scam works, but that makes it no less despicable.

If you know anyone who isn't especially computer savvy and you feel they might fall victim to a scam like this, here is what to do. Gently remind them that whatever antivirus software they're using, the software itself will remind them when it's about to expire. There is no email needed, and before they spend any money, it's better to do some checking to verify that their expiration date is approaching. If they don't know how to check, they almost certainly know someone who does.

We may not be able to keep these scammers from ripping people off, but we can certainly put a dent in their profits, and that's a very good thing.

Call SpartanTec, Inc. if you need the help of an IT team in making sure that your emails, computer, and network are safe and secure from online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/