Category: Cyber Security

The Solar Winds Rabbit Hole: What’s happened and what’s next?
In most situations where a massive hack or breach has occurred, trying to get a handle on what has been compromised or even what is still compromised can be a challenge.

It’s unfortunately been our experience that in most cases things almost end up being worse than they initially look. Hackers are smart and if they can remain in your systems for a long time, they can get more to either use against you in a ransomware attempt or even leave breadcrumb behind to get back in your systems and hit you again.

This is why we will always say prevention is key, but sometimes despite your very best efforts a breach occurs. We think this is certainly what has happened in the case of the massive Solar Winds breach that is still being unraveled weeks later.

Even detection’s put in place by the NSA failed to detect this hack in time, and as of this week Microsoft was even included in it as it’s been exposed that some of their source code was revealed in the breach.

Hackers grow more and more sophisticated by the day and it requires a full-scale team effort to prevent your business from either an attack aimed at it specifically, or as the case has been with Microsoft, being looped into a breach that’s occurring to a vendor you may use.

Attacks from foreign bodies aren’t even very rare, international hacker networks are taking a growing lead in cyberwarfare. While most of these attacks are acts of espionage, if the payoff is lucrative enough hackers will strike anywhere.

It’s unknown what the real damage from the Solar Winds hack will end up being, or what if anything will come from the exposure of Microsoft source code, but we think this should serve as a wakeup call to anyone who doesn’t take the topic of cybersecurity seriously.

Here are some things you can begin to do to make your business more secure in 2021.
1. Have a Hardware Firewall like SonicWall. A hardware firewall makes it easier to have universal rules for your whole network versus having to configure rules for each device.
2. Enable Core Isolation and Trusted Platform Module (TPM) on your Windows 10 Devices. These protocols will work in tandem to help stop malware and ransomware on your Windows 10 Devices.
3. Also Enable Group Policy Settings with the Group Policy Editor. With group policy settings you can stop employees from doing things like opening attachments or random .exe files. You can also use group policy to prevent unknown USB devices from being used on work devices. Basically, group policy can prevent a lot of the activities that lead to ransomware or malware in the first place.
4. Use Next Level Multi-Factor Authentication with a Hardware Key. We believe strongly in Multi-Factor Authentication (MFA) and the next step to that could be introducing the use of hardware keys to your business, a hardware key is a token that won’t allow you to unlock a device without it. Most hardware keys will also work in conjunction with software MFA like LastPass.
5. You should Vet your Vendors, Even the “Bigger” Ones. As this Solar Winds breach has shown us, big or small a breach can happen to anyone. While you’re working on handling cybersecurity on your end you should also question the vendors you use as to what their cybersecurity policies are and what their plan is if a breach were to occur.
This is by no means an exhaustive list but like we usually say, starting is a great first step. If you’d like an information packet of the Cyber Security services Valley Techlogic can provide, reach out to us today! Our comprehensive Cyber Security plan addresses all these topics and many more.

Looking for more to read? We suggest these tech articles from the last week.
This article was powered by Valley TechLogic, an IT provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

Looking for IT Services in Fresno, Modesto, Stockton, Ceres, Atwater, Merced, Visalia or Lodi? We cover all these areas and more!
January 6, 2021
The ransomware attack crippling a major repair firm that no one’s talking about
Dell, Lenovo, even Apple brand computer and device repairs might be seeing major repair delays at the moment as a top repair firm they use was hit by a ransomware attack that ground their operations to a complete halt.

This has been seemingly squashed as a news worthy event for the moment but we think customers should be made aware that if they send their desktop or laptop in for a repair at this time they face major delays in getting it back. In fact, there may be a delay in even getting a box to send the machine back in as even shipping has also been affected by this ransomware.

Reported briefly by ItWire, this attack aimed at the security firm Symantec has taken down a number of systems across the country. From the attackers’ view point they were able to disable one of the end point protections allowing access, and to make matters worse the software was up to date at the time, leading to major questions as to how this was able to occur at all.

CSAT, used by Dell, Lenovo, Apple and more was hit just over a week ago and customers have been facing problems ever since.

We haven’t been able to confirm that any customer data was leaked, however, according to the ItWire article a number of screenshots of computer directories were placed online.

If the General Data Protection Regulation (GDPR) that governs in the UK applied in this case, these companies should have reported any exposed customer data within 72 hours. It’s possible no customer data was leaked but the scope of this apparent ransomware has us questioning whether that’s true.

We’re uncertain if business support class customers are facing the same delays as home users however as with most things there may be a trickle-down effect.

The ransomware that allowed this to occur was called NetWalker and it’s been responsible for 10 major breaches just this year. It’s clear to us ransomware as a service is not going anywhere soon when the payouts are so lucrative.

Released in April 2019, the average payout on a NetWalker attack is $175,000 in bitcoin following each successful campaign. One of the highest payouts was $1.14 million from the University of California. It’s estimated the NetWalker ransomware gang has made $25 million in all.

This latest attack shows that it’s not only a loss of data and having to pay a hefty sum that come as side effects from being hit with ransomware, the affected security firm and repair firm are also experiencing a major loss of credibility with customers that they may never fully recover from.

You may think your business is too small to be hit with a ransomware attack, but the fact is ransomware as a service has made orchestrating these attacks easier than ever. Even a small payout of a few thousand dollars may be worth it to some individuals with low moral standing just looking for some quick cash.

Or maybe they’re not interested in your money at all, maybe they’re interested in your data which may be more lucrative for them. Also, many hackers commit their attacks just for the thrill of it and will think nothing of dismantling your technology operations and leaving you stranded.

We don’t think this should happen to anyone; we can help businesses located in the Central Valley beef up their cyber security provisions to stop ransomware gangs in their tracks.

Looking for more to read? We suggest these tech articles from the last week.
This article was powered by Valley TechLogic, an IT provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

Looking for IT Services in Fresno, Modesto, Stockton, Ceres, Atwater, Merced, Visalia or Lodi? We cover all these areas and more!
November 18, 2020
This new California law means changes to your devices default passwords
California is used to being ahead of the game when it comes to technology. It comes as no surprise with our state being home to the mecca of technology, Silicon Valley. So of course, in an effort to regulate the Internet of Things (IoT) more seriously, California was the first state to introduce a law doing so.

Senate Bill 327 (SB-327) is the first law directed at the IoT and most of it’s measures are aimed at improving security of our devices. Cybercrime is a billion-dollar industry, so it makes sense to enact stricter regulations to protect consumers from having their devices hijacked and their networks held ransom.

Some of its most stringent requirements are aimed at password security. While it’s not mandating passwords at an OS or Software level (these are often set by the user), it is requiring changes be made to default passwords on a firmware level.

Starting January 2020 passwords on a firmware level must be randomized. The bill states:

1798.91.04.b Subject to all of the requirements of subdivision (a), if a connected device is equipped with a means for authentication outside a local area network, it shall be deemed a reasonable security feature under subdivision (a) if either of the following requirements are met:
1. The preprogrammed password is unique to each device manufactured.
2. The device contains a security feature that requires a user to generate a new means of authentication before access is granted to the device for the first time.
This means if you purchase a router it can no longer have the Username admin/ Password admin or a similar login convention. Passwords for routers and other connected devices as defined by the bill “any device, or other physical object that is capable of connecting to the internet, directly or indirectly, and that is assigned an Internet Protocol address or Bluetooth address” must have a randomized password and login name.

This may mean an extra bit of setup on the user’s part when purchasing a new device, and don’t toss that installation guide!

This gets even more complex when you think of devices such as servers, where rack scripting software may currently rely on every device having the same password to function. IT people will have their work cut out for them setting up new networks with these restrictions.

However, we applaud all efforts to make the internet a safer place, and we think SB-327 is just the beginning when it comes to regulating devices and the internet as a whole. With so much sensitive data being exchanged every day, it was a given change was coming to do more to protect it.

Also, while this bill only applies to devices in California it’s likely product developers will opt to have it in effect for other states as well.

With so many devices in our home and offices connected and listening, it makes sense to give these devices stronger protection with a stricter password to block hackers. We would like to see a bill that goes even further, regulating firmware updates and requiring companies to better support the devices they produce.

We outlined some of the pitfalls from companies failing update router firmware in this previous blog post.

As always, if you own a business in the Central Valley and are finding yourself trying to work with the new regulations from SB-327 or anything technology related, reach out to us for help or advice. We’re here to help.

Looking for more to read? We suggest these tech articles from the last week.
This article was powered by Valley TechLogic, an IT provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

Looking for IT Services in Fresno, Modesto, Stockton, Ceres, Atwater, Merced, Visalia or Lodi? We cover all these areas and more!
October 7, 2020
Business Email Compromise (BEC) and Phishing – How Do You Combat It?
Business email compromise (BEC) and phishing are not new ways to scam, as soon as email rose to popularity as a dominant form of communications scammers saw a lucrative window and took advantage.

Before we explain how to avoid it we should explain what Business Email Compromise (BEC) is. BEC is when a legitimate business is sent an email that looks like it’s coming from another legitimate business, but it’s not. It’s actually a scammer spoofing that email identity. This is the most popular form of phishing but it’s far from the only version. Scammers can even spoof your own domain, so an email looks like it’s coming from within your own organization.

How do you combat something so insidious? The top way is training, by training yourself and your employees properly on what to look for then you can avoid these scams which cost people located in the US $57 million last year.

Here are some of the things we look for when determining is an email is a phishing attempt.
1. It may contain a generic greeting such as “Hello sir or madam” or “Hi Dear” a company you do business with or a person you know would probably know your name.
2. The email mentions some kind of fraudulent activity on your account and has a link asking you to confirm your private details to unlock or otherwise reinstate your account. This is a VERY common scam.
3. The links in the email are NOT from the business the email is purporting to be when you hover over them.
4. The email may contain spelling errors and sentences that sound strange grammatically.
5. The logos in the email may be of a poor resolution because these scammers do not have access to the real company assets.
6. The email is coming from a CEO or President of a large organization and is asking you to wire money in exchange for a lump sum in return later. These emails may not have spelling errors or strange links but ask yourself – would any CEO or President of a large company be asking you to wire them money?
That last one is key, if all the obvious methods of detection fail you may have to rely on just asking yourself if the request in the email makes sense. If the email looks like it is coming from someone you know personally, reach out to them via phone or in person to ask about it. Most of the time, victims who have had their emails compromised or spoofed have no idea it’s even going on.

Beyond training on knowing what to look for in a phishing email these are our top 3 things to protect yourself from scams across the board.
1. Keep the software on your devices completely up to date.
2. Use Multi-factor or 2 Factor Authentication on your accounts.
3. Backup your data regularly so on the off chance something happens, you’re covered.
If you receive an email you suspect is a phishing attempt, the best thing to do is not respond to it and report it. You can report suspected phishing emails to the FTC here.

For businesses located in the Central Valley, we offer cyber security training as part of our managed service plans (which includes comprehensive training on how to avoid phishing attacks).

Looking for more to read? We suggest these tech articles from the last week.
This article was powered by Valley TechLogic, an IT provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

Looking for IT Services in Fresno, Modesto, Stockton, Ceres, Atwater, Merced, Visalia or Lodi? We cover all these areas and more!
September 30, 2020
3 Reasons You Want to Offer Cyber Security Training to Your Employees
Our blog is no stranger to the topic of cyber security. We’ve covered recent breaches, malware, and easy things you can do to stay safe on the internet and keep your devices free of viruses.

But what about the human element? It’s estimated that 90% of data breaches are caused by human error. We know that sounds high and you may be thinking how that can be possible.

Credit to xkcd.

We’re all aware of the trope of the genius hacker who can hack someone’s machine without them knowing AND without them doing anything on their side. For the most part this is just not true. There are ways for them to access your machine undetected by you, but most of the time you will be involved in some way

An example would be a sneaky malware attached to innocuous looking file (like an executable disguised as a PDF that looks like it’s coming from a coworker or friend whose email they spoofed). Examples like this are exactly how most bad actors are getting into the victim’s system.

What’s worse, they may not act right away. They may wait weeks or months gathers as much data as possible before striking, so they don’t just take YOU down but your business as well.

Another way is shown in the above comic, if a data breach happens on a site you frequent they will have your credentials for that site. The hacker will then go on to try those credentials on other sites such as email providers and banking websites.

This is why cyber security training is so important, you can have the best software in place to try to mitigate the human element, but bad actors will always be doing their very best to thwart that software. Having your team prepared properly is the only way to fully protect you and your business from a cyber-attack.

That training will cover topics such as good password hygiene (vary your passwords!) or how to use 2 factor authentication as just two examples. Some cyber security training providers will even conduct simulated phishing attempts so you can see first hand how easy it is to fall victim to one and how to avoid it.

To sum it up here are the 3 reasons we think cyber security training is a great idea.
1. It protects your business. Your employees will make the right choices if they receive a sketchy email or link to download something (such as forwarding it to your IT team instead of clicking on it).
2. It will make the software and programs you have in place for cyber security already more effective if your employees know how to properly use them (instead of possibly ignoring or even bypassing them).
3. It will allow you and your employees to stay up to date on recent or emerging threats so if there is something out there that is hard to avoid, you will know how to handle it.
You may be wondering where to go for cyber security training, and to be honest the best place to start is your IT Team. They should be taking the time to explain the systems they’re putting in place and how to use them in layman’s terms for you and your team.

We even create free resources for our clients such as our one page cyber security checklist (found here).

Your IT Team may even have a recommendation for the best online training you and your employees can attend. Two that we have personally worked with are ID Agent and Breach Secure Now. They both offer online training and even dark web monitoring.

In whatever way you go about it making cyber security training a necessary element in your business is taking a proactive stance against cyber-attacks.

Looking for more to read? We suggest these tech articles from the last week.
This article was powered by Valley TechLogic, an IT provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

Looking for IT Services in Fresno, Modesto, Stockton, Ceres, Atwater, Merced, Visalia or Lodi? We cover all these areas and more!
August 12, 2020
QSnatch Malware and the Safety of Network Attached Storage (NAS)
The QSnatch malware was first detected in October of last year, the goal of it appears to be in most cases to grab the credentials of the Network Attached Storage (NAS) it infects. It was also determined it has the capability to download further instructions from online servers, making it an extremely versatile malware.

In October it was reported that 7000 devices had been infected with this malware, however recently it was confirmed by CISA that in June of 2020 that had jumped to 62,000 devices, making it clear this malware is now being used more prolifically. We also have learned more about its capabilities. That includes:
- Credential scraper
- SSH Backdoor – This allows the hacker to execute code on the device
- Exfiltration – When run it allows QSnatch to steal a predetermined list of files
- CGI Password Logger – This allows the malware to install a fake version of your device’s login page, allowing them to steal your credentials
- Webshell functionality for remote access
That seems like a scary list of abilities and makes it clear that enacting security measures in all your devices but especially those that contain important data is imperative.

If you already use NAS you probably know the benefits, but for those that don’t or are considering it here is what’s beneficial about employing NAS devices in your organization:
1. More storage space, in most cases NAS devices are used instead of or in addition to regular servers.
2. Private cloud, a NAS device can be used to have a private cloud network in your business or even your home.
3. Media Servers, there are many NAS devices especially aimed as functioning as a media server.
4. Automated backups, a NAS device can function as your backup device or in addition to your primary backup device for more redundancy.
5. Lower costs, NAS devices tend to be much cheaper than traditional servers.
This is just a small list of the benefits but as with most devices there are specific measures required to keep them safe from a cyber-attack. This includes having a good plan for password security in your business – a hacker getting the password to one of these devices may be handing them the keys to the kingdom.

Also, as the name implies this is “network” attached storage, so you must have a secure network in place. You also want to make sure you’re regularly updating the firmware for this and any other devices you use.

Network attached storage devices are an excellent option for many businesses, as long as the proper protocols are followed to keep it safe.

Looking for more to read? We suggest these tech articles from the last week.
This article was powered by Valley TechLogic, an IT provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

Looking for IT Services in Fresno, Modesto, Stockton, Ceres, Atwater, Merced, Visalia or Lodi? We cover all these areas and more!
July 29, 2020
The Threat You Might Not Have Heard of – Stalkerware.
We’ve all heard of ransomware and malware at this point, but there’s one that may be flying under the radar. I’m talking about stalkerware.

Stalkerware is a type of software or application designed to monitor or secretly record you on your devices. The phrase was coined because it was often used by spouses or other intimate partners who want to secretly spy on their partners.

While in some cases it may be deliberately installed, there are variations of this now that are more insidious. Applications that can detect your GPS location even in the background, as well as applications aimed at parents looking to track their children’s devices that collect more data than they’re supposed to are two notable examples.

In either variation they’re definitely a violation of the user’s privacy. The Google Play Store (for Android phones) and Apple App Store (for iOS phones) both prohibit applications aimed at tracking your loved ones use without their knowledge or consent, but so many things are added daily it’s inevitable some will slip through.

On the other end, applications you install on purpose that collect data they shouldn’t is also a major problem. The data they’re collecting is often sold to third parties who then use it to market to you on websites you frequent.

Most of us are aware the free websites and applications we use on the internet are not really “free”. The cost is being inundated with sales ads, but ads specifically targeted to you by data you didn’t know was being extracted by your computer or phone is a violation none of us would willingly sign up for.

We’re left questioning how much privacy we can really expect on the internet, and what is needed to protect that privacy. Much more is required of our governments and legislatures to ensure that the private details of our lives aren’t sold to the highest bidder.

One high profile example going on right now is over the popular phone application TikTok. TikTok was recently banned in India due to privacy concerns, which the company vehemently denies.

It’s our recommendation that you vet the software, websites and applications you download or visit thoroughly, as well as uninstalling any not currently in use. While this won’t completely mitigate the risk of stalkerware, it may help minimize the damage.

Looking for more to read? We suggest these tech articles from the last week.
This article was powered by Valley TechLogic, an IT provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

Looking for IT Services in Fresno, Modesto, Stockton, Ceres, Atwater, Merced, Visalia or Lodi? We cover all these areas and more!
July 1, 2020
DDoS Attack or Not? Yesterday’s Outage Left Many Systems Down for Hours

Yesterday, an outage stemming from T-Mobile left many major systems down. Affected websites included T-Mobile itself, Instagram, Comcast, Sprint and Chase Bank. Was it a massive DDoS attack or just a server misconfiguration as they’re claiming?

First, it’s probably a good idea to explain what a DDoS attack or Distributed Denial-of-Service attack is and what it aims to do.

A DDoS attack is a cyber attack where the perpetrator or group of perpetrators seeks to make a server or network unavailable by attacking its connection to the internet. They typically do this by flooding the affected systems with traffic, overloading them and causing them to go down.

These attacks can happen to a single computer, an office, or even on a global scale. The website https://digitalattackmap.com/ attempts to track these DDoS attacks on a global level, however it’s somewhat controversial among cyber security experts as they question the veracity of it’s data.

Many time these outages are made apparent by the website https://downdetector.com/ which accurately tracked the cascading wave of websites that went down in yesterdays event.

Down Detector is a reliable source for tracking whether the connection issues you’re having are stemming from your network or the website or service you’re trying to access is truly down.

So, was yesterday’s event a DDoS attack or just an error? The public will probably never know. However as cyber crime continues to ramp up – purported to be a $6 trillion dollar industry by 2021 – it’s a good idea to have the best protections in place so you and your business don’t fall victim.

A DDoS attack aimed at your systems may expose other vulnerabilities, and the downtime alone can be costly. If your IT team isn’t adequately prepared to defend against this or any of the other varieties of cyber attacks plaguing the technology market, it might be time for a new team.

This article was powered by Valley TechLogic, an IT provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

Looking for IT Services in Fresno, Modesto, Stockton, Ceres, Atwater, Merced, Visalia or Lodi? We cover all these areas and more!

June 17, 2020