Quanexus February 2017 Newsletter

 


Jack - new

Quanexus February 2017 Newsletter

                                                                           by Jack Gerbs

Happy New Year!  Things have been very busy at Quanexus, and we are a little late getting out the first newsletter of 2017.  There has been a lot happening in the world of Cybersecurity.  There are more apps being forged with malware that spy and steal user information, and are being distributed from unauthorized sites.  While there is an increase in forged mobile apps, it is always a good practice to only download programs and apps from authorized sites.  Ransomware is still on the rise and is affecting many different industries.  Several hospitals have suffered from ransomware, causing them to stop operations and transport critical care clients to other nearby facilities and therefore, ransomware now has the potential to be life threatening.  A site that I follow that keeps track of trend data on criminal cyberattacks found that attacks against the single individual is up to 12%.  In February 2016, it was only 8%.  So, over the last 9 months there has been a 4% increase of threats against the single individual. If you are using Windows 10 with the SSL VPN FortiClient, there may be a compatibility issue.  Fortinet has a FortiClient app for Windows 10 that does not have the issue.  Expect Fortinet to release a new version of the FortiClient soon.  Quanexus has recently partnered with a company that provides social engineering security awareness training (SAT).  It is a comprehensive training program that should be included in your organization's overall SAT.

          

Quanexus Celebrating 25th Anniversary

   

  

In 2017, Quanexus celebrates our 25th Anniversary.  we want to express a huge thank you to our valued customers, our vendors and partners and our staff, we consider each and every one of you an integral part of the success that we have achieved over the past 25 years.  We look forward to the next 25 and all of the new technology that will be available.  Our goal will be to continue to remain in the forefront of the ever changing world of Data, Telephone Systems and all aspects of Security.



Fake Netflix App and SpyNote for Android 

                       

While there has been an increase in hacked/forged Android apps, the lessons learned in this article should be applied to anything you download, or link you click on. In January, Zscaler posted that they have identified forged Netflix apps with the SpyNote Rat.  The SpyNote Rat has the capability to view all messages on the device, listen to call conversations made on the device, view contacts, listen to live or recorded audio, view the device location and more.  More and more apps for the Android operating system are being hacked and easily finding their way onto your mobile devices.  

Some of the other applications that Zscaler has found with the SpyNote RAT are:

  • WhatsApp
  • YouTube Video Downloader    
  • Google Update
  • Instagram
  • Hack WiFi
  • Facebook
  • PokemonGo

Now for the good news.  Out of the apps surveyed on Google Play, none of them had been built using SpyNote.  So, you are relatively safe downloading applications from Google Play.  The real threat of SpyNote comes from applications that are downloaded from unauthorized sites.

The issue of downloading applications from unauthorized sites is huge.  Most owners of mobile devices don't consider the source of where the app is being downloaded from. They may type Netflix into their browser and click on the first link they see.  Then, they assume it is ok and click on it.  Other ways users click on links is in text messages, Facebook messages and invitations to play online games.

I can't stress enough that when you want to install an app or a program on your device, you should always go to the official site.  For example, if you want Netflix, go to Netflix.com.  Don't do a Google search and hope to get lucky or click on a promo link offering you a great deal.  The great deal may cost you more than you ever thought possible!

Clicking on links is the number one way systems get infected and if it is not SpyNote, it may very likely be a ransomware type application.  Bottom line, always go directly to the source to download programs and applications!


 

Ransomware, Life Threatening Cyber Attacks and More

  

In 2016, more than a dozen hospitals were infected with ransomware.  Most of these hospitals have paid the ransom because getting the systems back on-line was critical to patient care.

Late last year, Lincolnshire Hospital was hacked causing them to cancel over 35 surgeries and turning away 100's of patients.  Critical trauma and maternity patients were transferred to other nearby hospitals.  While the event is still under investigation, experts believe that the hospital suffered a ransomware attack that encrypted many of the hospital systems.  

In February 2016, the Presbyterian Medical Center in Los Angeles paid $17,000 in ransomware fees to get their systems unlocked.  The compromised systems included their email server, electronic medical records system and patient data.  As a result, the hospital had to transport many of their critical patients to other nearby hospitals.  In a letter, the hospital's CEO stated, "The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key."

It appears that no industry is immune from a ransomware attack, however.  Last month (January 2017), a hotel was hit with ransomware that disabled the room key card access system, and in 2016, a police department had ransomware take down the whole department.  The hotel paid the ransom and the systems were restored, but the criminals left a backdoor on the system so they could later gain access to it.

If you are ever infected with ransomware and you do decide to pay, there are a few things you should do immediately.  Similar to the hotel incident, where a backdoor was left on the system, it is likely that each of the other incidents had backdoors installed as well.  The system must be rebuilt to ensure that there are no remnants or backdoors remaining.  

The FBI's official stance is to not pay the ransom, but several agents speaking at conferences are suggesting that it may be in the organization's best interest to pay the ransom.  A concern that many have about paying the ransom is "will I really get my data back"?  Amazingly, the answer seems to be yes.  I have not heard or read of a single incident where the data has not been restored.  If you think about this, if the criminals don't restore the data, word would get out and that would weaken the opportunity and effectiveness of using ransomware as a tool to exploit users.

It is not entirely possible to block all ransomware, which is mostly distributed via social engineering.  Social engineering is the art of getting someone to do something they ordinarily would not do, such as clicking on a link in an email that contains ransomware or other type of malicious code.  There are several things you can do to avoid and deal with ransomware. While each of these items are almost equally important, I have listed them in the order of what I believe to be of most importance:

  • Security awareness training, users need to be trained to detect suspicious links.
  • Have a very reliable recovery solution.
  • Use a next generation firewall (NGFW).
  • Remove local administrative access to workstations.
  • Keep systems patched.
  • Have a good malware solution.

Who Are the Hackers Targeting?


There is a site I like to follow that keeps track of what groups are being targeted by hackers.  The site is www.hackmageddon.com, and the stats presented are from November 2016.  The largest motivation behind most attacks is cybercrime (82.7%). Number two is Hacktivism (9.3%), which are cyberattacks with the goal of doing financial or political damage to an organization.  The attack against Sony when they were about to release the movie "The Interview", a mockery of North Korea's Kim Jong Un, is an example of Hacktivism.

One of the stats I track closely is the Distribution of Targets.  Many home users don't believe that threats against them are real, but threats targeting the single individual are at 12%.  What is significant about this number is in February 2016, threats against the individual were at 8%. So, there has been a 4% increase in threats against individuals over the last 9 months. 

The other two stats of significance are the makeup of Industry and Organizational groups. Non-profits, at 28.6%, lead the organizational groups.  The issue is, with limited funds to invest in technology, non-profits often must make the choices that leave them vulnerable. 

 

       

Fortigate SSL VPN Client & Windows 10

For those of you who are running Windows 10 or considering upgrading to Windows 10, we have seen an issue with the FortiClient SSL VPN.  After the latest update in Windows 10, some of the clients are not properly working.  The symptom is, everything looks ok and the client goes to 100%, but then gives an authorization error message.  There is a FortiClient app (not program) available for Windows 10.  This app is working with no reported issues.

Once the app is installed, you will need to go to Windows network settings and select VPN.  From here, you can choose the FortiClient.  Most Fortigate VPN's are setup to run on port 10443, the default for the new client is 443.  If you do not have a public certificate, you will need to set it up to ignore certificate errors.  An example of setting up the remote gateway to connect to the site: example.com on port 10443 and ignore certificate errors, you would enter "example.com:10443?ice=1".  If you need assistance with this issue, please call our support desk.



Security Awareness Training

Quanexus has partnered with a company to provide social engineering security awareness training.  The platform has training modules that the users will be scheduled to take.  On a regular basis, mock phishing emails will be generated to test the effectiveness of the training.  Users will be given feedback if they clicked on a potentially evil email.  For organizations that are under regulatory compliance, this is a fairly inexpensive method of on-going security awareness training (SAT) and can be easily added to your SAT program.  As we have mentioned in several articles, the end user can be one of the most vulnerable aspects of organizational breaches.  Creating an open dialogue with training and a checks and balance program, the threat of ransomware, viruses and breaches in general can be greatly reduced.  Ask us for details if you have an interest.





For a fixed monthly fee, we are revolutionizing the IT industry with our Q-Works program. Quanexus' complete "managed services" package means that you will see increased performance, security, and reliability immediately, at an affordable price.

    

    Your business success depends on your IT infrastructure. You need Quanexus to deliver proactive services that not only keep your network up and running, but running effectively and efficiently.

   

If you have any suggestions or topics you would like to see covered, please contact us with an email at: This email address is being protected from spambots. You need JavaScript enabled to view it. or give us a call at 937-885-7272. 

We would love to hear from you.

Quanexus, Inc.

571 Congress Park Drive 

Dayton, OH   45459

 www.quanexus.com 


         QR 

 

 

Return on Investment... It Pays To Belong

When a business invests in the Xenia Area Chamber, it forms a partnership with over 400 other investors that leverage time, money, and other assets to create stronger individual businesses and a stronger community.