Bitcoin Extortion Password Scam

beware-of-password-scam-735x400.jpg

You may have recently received an email claiming hacking of your system where data, activity or login details were captured. The blackmailer then demands payment to a bitcoin address.

The emails that raise the most concern are the emails that contain user passwords. These passwords are normally collected from previous leaks where passwords were leaked or hacked.

We have recently recorded an increase in distribution of this email:


Hello!

My nickname in darknet is keir43. I hacked this mailbox more than six months ago, through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.

So, your password from <email address> is <password>

Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer and automatically saved access for me.

I have access to all your accounts, social networks, email, browsing history. Accordingly, I have the data of all your contacts, files from your computer, photos and videos.

I was most struck by the intimate content sites that you occasionally visit. You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching. Oh my god! You are so funny and excited!

I think that you do not want all your contacts to get these files, right? If you are of the same opinion, then I think that $802 is quite a fair price to destroy the dirt I created.

Send the above amount on my BTC wallet (bitcoin): <Bitcoin Walled Address> As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.

Otherwise, these files and history of visiting sites will get all your contacts from your device. Also, I'll send to everyone your contact access to your email and access logs, I have carefully saved it!

Since reading this letter you have 48 hours! After your reading this message, I'll receive an automatic notification that you have seen the letter.

I hope I taught you a good lesson. Do not be so nonchalant, please visit only to proven resources, and don't enter your passwords anywhere! Good luck!


What to do:

Most of these emails can be ignored, however if your email address and password has been previously leaked, it is advised to change your password on that site, and any other sites that use the same password.

Your passwords should be complex and unique, they should meet or exceed your company password policy requirements. In the absence of a complexity policy you can use this as a guide:


Strong passwords should comprise of a combination of:

  • 2 words, greater than 4 characters with at least 1 capital letter for each word

  • A 2 digit or greater number

  • At least one special character (!$%^&*()_+|-{}[]:<>?/)

It is recommended the password is created in the following format:

<Word><Number><Word><Special Characters>

Example passwords:

Stood95Ridden^1+

Hours55British_??

Piece90Present&**

Poor, or weak, passwords have the following characteristics: 

  • Contain less than eight characters.

  • Can be found in a dictionary, including foreign language, or exist in a language slang, dialect, or jargon.

  • Contain personal information such as birthdates, addresses, phone numbers, or names of family members, pets, friends, and fantasy characters.

  • Contain work-related information such as building names, system commands, sites, companies, hardware, or software.

  • Contain number patterns such as aaabbb, qwerty, zyxwvuts, or 123321.

  • Contain common words spelled backward, or preceded or followed by a number (for example, terces, secret1 or 1secret).

  • Are some version of “Welcome123” “Password123” “Changeme123”

To check if your details were previously leaked, you can use this website: https://haveibeenpwned.com/

if you are at all unsure, please feel free to call us

Security - Maximise Protection with Trend

worryfreeSlider2.jpg

Maximise your Protection

 

With Trend Worry Free Business Security  and Hosted Email Security

Action Required

  • Update Worry-Free Business Security to Version 10

  • Enable Hosted Email Security features for maximum protection and improved email digest for Apple iOS devices.


Update Worry-Free version 10

Trend Micro has released version 10 of Worry-Free Business Security, the centrally managed anti-malware solution. If you are receiving this email, this is the product that protects your IT system from advanced threats and malware by providing antivirus, web security, ransomware protection, and data security.

Whats new in version 10:

  • Predictive Machine Learning: The Predictive Machine Learning engine can protect your network from new, previously unidentified, or unknown threats through advanced file feature analysis and heuristic process monitoring. Predictive Machine Learning can ascertain the probability that a threat exists in a file or process and the probable threat type, protecting you from zero-day attacks.
  • Scan Per Device: In addition to manually scanning one or more device groups, Worry-Free Business Security allows you to scan selected devices to help you efficiently manage the devices on your network. You can also stop scanning any selected devices during the scan.
  • New Live Status Design: Find important information conveniently grouped into simple widgets. The widgets can help you identify key information such as threat intelligence and device status. You can also solve problems with a simple click in the new Action Center.
  • Automate Product Update: Worry-Free Business Security can help keep your protection up-to-date by periodically checking for the latest improvements and fixes. Use the Product Update feature to download and install update package automatically.
  • Email Notification Enhancements: Clarified email subject lines and a concise event summary with a possible solution can help you identify the action required and resolve problems faster.
  • HTTPS Web Threat Protection for Google Chrome and Microsoft Edge: Worry-Free Business Security has enhanced and extended your protection against malicious HTTPS websites. You can use the Google Chrome and Microsoft Edge browsers and be fully protected by your Web Reputation and URL Filtering policies without the need of browser add-ons.
  • Wildcard and Windows Environment Variable Support for Behavior Monitoring Exceptions: Worry-Free Business Security now supports wildcard characters and has enhanced the Windows environment variable support for approved and blocked programs in Behavior Monitoring. These enhancements give you more flexibility when defining exceptions.
  • Platform Support: This version of Worry-Free Business Security provides support for Microsoft™ Windows™ 10 Fall Creators Update.

Support for Windows 10 Spring Creators Update will be released on the 21/05/2018.


Enable Hosted Email Security new features

Trend Micro has introduced new features in its Hosted Email Security service to maximise protection. Many of these features are not enabled by default. Some of these features include:

Trend Micro Predictive Machine Learning uses advanced machine learning technology to correlate threat information and perform in-depth file analysis to detect emerging unknown security risks through digital DNA fingerprinting, API mapping, and other file features. Predictive Machine Learning is a powerful tool that helps protect your environment from unidentified threats and zero-day attacks.

After detecting an unknown or low-prevalence file, Hosted Email Security scans the file using the Advanced Threat Scan Engine to extract file features and sends the report to the Predictive Machine Learning engine. Through use of malware modeling, Predictive Machine Learning compares the sample to the malware model, assigns a probability score, and determines the probable malware type that the file contains.

The Advanced Threat Scan Engine (ATSE) uses a combination of pattern-based scanning and heuristic scanning to detect document exploits and other threats used in targeted attacks.

Major features include:

  • Detection of zero-day threats
  • Detection of embedded exploit code
  • Detection rules for known vulnerabilities
  • Enhanced parsers for handling file deformities

Quarantine email digests which allow you to release emails identified as spam has been impossible on Apple mobile devices until now with modification to your HES settings.

Security - Is your email is getting through?

spam-wall.0.0.jpg

You rely on email for business critical communication to your clients and suppliers, so you need to ensure you have done everything you can to ensure delivery of messages.

SPAM email is a big problem, distributing malicious payloads and affecting productivity. To alleviate the risk and volume of junk, Anti SPAM systems have become a standard requirement and are becoming more strict on what they will accept.

You can improve your email system reputation a number of ways by ensuring validity of your outgoing messages so that the receiving system accepts the messages as legitimate.

Contact ATS to find out what can be done to improve your email reputation.

  

Backups - Is your cloud hosted data & email backed up at all?

Even though your organization’s SaaS data is in the cloud, that doesn’t mean it’s completely safe. 

When it comes to working in cloud-based applications, the option of granular recovery isn’t a given. But the opportunity for human error is.

Whilst many cloud based offerings such as Microsoft Office 365 & G Suite by Google Cloud do include limited backup functionality within the service subscription, often these do not meet individual companies own data policies or requirements. Further to this, where they do, there is often a significantly longer recovery time than you would have come to expect from traditional local infrastructure.

ATS Solutions have offerings to resolve any short comings in the basic inbuilt functionality of these platforms. These offerings backup to other cloud services so you still do not have the overhead of local equipment or hassle of dealing with local backup drives etc. The following are a list of typical benefits seen from adding a more complete backup solution to your existing cloud based services - 

• Safe from the most common cause of data loss, user errors
• Recoverable from data loss due to system errors
• Available longer than a short 30-day window
• Protected against internal and external threats
• Available quickly when needed in the proper format

Your recovery position will depend on your cloud subscription. Contact ATS to find out how protected your data is.

ATS Recommended 

SC_Cloud_Backup_Logo.png

Security - Largest data breaches of 2017

Now we are in 2018, its time to look back at 2017 and the exploits that have had the biggest impact:

last year was an eye opening study in real-world repercussions for cyber security lapses. Executive firings, stock drops and class action settlements were among the knock on effects of a data breach.

  • Uber – Massive data breach of 57 million accounts. CSO Joe Sullivan and his deputy Craig Clark both lost their jobs for their roles in maintaining poor security standards and unethical handling of the breach debacle.

  • Equifax – Data Breach impacted 147 million customers. Following the public disclosure of the breach, the credit bureau lost a staggering $4 billion in market cap! This is living proof that data breaches impact stock prices. The CSO, CEO and CIO all stepped down from their roles. This story shows that public backlash against security blunders is now reaching the boardroom.
  • Securities Exchange Commission – The SEC released information about a breach that occurred last year of its EDGAR financial disclosure system that could potentially put at risk stock trading information. SEC Chair Jay Clayton was brought up in front of a senate panel to explain.
  • Anthem – The fallout from a class action against Anthem was the biggest on data breach settlements record! Following the breach of 80 million patient records, Anthem had to shell out $115 million in settlements.
  • UK NHS – This incident didn’t just put jobs or money at risk, it also put lives at risk too. The WannaCry outbreak in March caused an interruption in 16 different hospitals across the UK.
  • Yahoo – Although this was reported in 2016, the fallout from the breach continued when Verizon managed to secure a $350 million discount in their acquisition of Yahoo. Good thing too as after the deal went through Verizon discovered the breach actually impacted 3 billion users, not the 1 billion originally disclosed by Yahoo.
  • Marissa Mayer – The Yahoo fallout also affected the bank balance of the former CEO of Yahoo. Verizon forced her out early due to the breach. The board clearly made an example out of their leading executive. Mayer lost a $2 million bonus and up to $12 million in stock compensation as a result of how the company handled its data during her tenure.

The days of pretending that data breaches don't matter to the business or to executive job security are quickly drawing to a close. This past year has shown how real the implications can be for business viability, for the job prospects of top brass in charge when lapses occur, and even for the personal finances of CEOs when it all goes south.

Trend Antivirus has been making some massive movements in this space and just came out on top of NSS Labs 2017 Breach Detection Report with a 100% score. Let us know how you can better protect your data and IT assets from exploits.

Security - Meltdown and Spectre

2 new security vulnerabilities affecting every modern Intel processors has been discovered. These hardware bugs allow data, such has passwords and sensitive information, to be leaked to the attacker. 

The vulnerability allows the attacker to read the contents of the systems memory while the applications are running. this includes web browsers, email and business applications.

Cloud service providers have been frantically patching their systems to prevent data being stolen between its customers.


meltdown-text.png

Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.

If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure.

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre

Spectre is harder to exploit than Meltdown, but it is also harder to mitigate.


If you are wondering if you are affected by these exploits, the answer is probably yes.

What can you do to Mitigate this?

Patches and workarounds are available for these exploits, please contact ATS to discuss what is required to patch your infrastructure.

Name *
Name

News - Disconnection of Copper Network Services - NBN Rollout

With the imminent rollout of NBN services across Australia, traditional copper network services will no longer be provided. Data and voice services utilizing this older technology will be disconnected including:

  • Telstra landline phone services (excludes Telstra Velocity)
  • Landline phone services from all other phone companies where the service is provided over Telstra’s copper land line infrastructure
  • All ADSL, ADSL2, ADSL2+ internet services from all providers
  • Telstra BigPond cable internet services
  • Optus cable internet & phone service

ATS can assist

not only with your data services, but various VOIP telephony service options and solutions ranging from on premise to cloud hosted, we can also provide SIP services, software licensing and hardware/software phone devices.

With ATS Solutions for Voice:

  • Slash your phone bill
  • Host on your existing server virtualised
  • Make calls from anywhere with mobile and desktop client
  • Large choice of handsets
  • Built in Web Conferencing

More on our VOIP phone offerings - http://atswa.com.au/voice

Security - Serious WiFi Exploit KRACK Discovered

security_privacy_hacker_crime_thief_steal_data_information_digital_criminal_breach_binary_code_danger_safety_password-100411670-large.jpg

KRACK WiFi Exploit

ATS Recommend updating all WiFi infrastructure and WiFi enabled devices.

KRACK (Key Reinstallation AttACK) affects WiFI systems protected with WPA/WPA2 encryption, the mostly widely used WiFi encryption method. If you are using WiFi, chances are, you are using WPA.

The KRACK exploit allows attackers to capture traffic sent and received from your devices to discover your passwords, this exploit is effective with many https websites.

Some devices are more vulnerable than others, particularly android and linux devices.

KRACK in action:

What can you do to prevent these attacks:

All devices, including PC's, Mac's, smart phones, and WiFi infrastructure should be updated to correct this bug where available.

Smart phones that do not have a patch or firmware update to address this issue should switch off WiFi and use cellular data for communication.

Contact ATS to discuss the best course of action 

 

Security - Fortigate Firewall Updates

firewall-sicurezza-640x340.jpg

FortiGate Firewall Updates

Improved Firewall Protection

ATS recommend all Fortigate firewalls are upgraded to the latest FortiOS version 5.6.2

This update provides better protection, performance and reliability as well as the key features:

Application Control is a free service

Application Control is now a free FortiGuard service and the database for Application Control signatures is separate from the IPS database. However, Botnet Application signatures are still part of the IPS signature database since these are more closely related with security issues and less about application detection. 

New PPPoE features for improved NBN support

PPPoE dynamic gateway support (397628) Original design for PPPoE requires to configure a static gateway. Although it works in many scenarios, some customers require to add support for dynamic gateway for internet-service based routes.

NP6 Host Protection Engine (HPE) adds protection for DDoS attacks

NP6 processors now include HPE functionality that can protect networks from DoS attacks by categorizing incoming packets based on packet rate and processing cost and applying packet shaping to packets that can cause DoS attacks

How Do I Upgrade?

As these upgrades do interrupt the internet service, ATS recommend these are performed out of normal business hours. Upgrades can take a varying amount of time dependant on the current version your firewall is running and the speed of your internet connection.

Contact ATS for an estimate now.

More information regarding this release is here.

Security - Password Security

brute force.png

Password
Security

Brute Force Attempts and Password Changes

Hackers are becoming more sophisticated in exploiting systems as ransomware has proven to be very lucrative. As a result, the number of password cracking attempts we have observed has increased dramatically.

The systems you expose to the internet for communication, management and remote access allow for hackers to attempt to brute force your passwords. They use common usernames and attempt thousands of password combinations until they breach the system.

As hackers develop better methods and algorithms to successfully breach accounts, higher complexity in passwords is essential.

Elevated accounts, such as Administrative accounts should be changed periodically to a high standard of complexity. User accounts, especially those with remote access should be restricted by a policy that enforces password complexity. 

If you cant remember when your administration passwords were last changed, its time to do it.

One of the biggest risks is from parties that were given a password to your system at at time when they needed it. These persons now have the keys to your system and may have moved on to another company, or even your competition. Other 3rd parties may have been given access to do an integration with their own product and no longer need access.

News - Support for Windows Server 2003 and Windows Small Business Server 2003 ended July 14th 2015.

windows-server-2016-banner.jpg

IF YOU’RE RUNNING WINDOWS SERVER 2003, YOU’RE RUNNING 10+ YEAR OLD TECHNOLOGY.

Microsoft has ended support for Windows Small Business Server (SBS) 2003 and Windows Server 2003. If your business is relying on these solutions for day-to-day operation, this poses several risks:

  • Windows SBS 2003 and the workloads running on it has become more expensive to operate.
  • Exchange 2003 reached end of extended support on April 8, 2014, meaning your business-class email could be at risk.
  • Your computers and network could become vulnerable to malicious software and other security issues.
  • Any outdated software could create compliance issues.

Upgrade your Windows Server

Substantial improvements have been made in those 10 years that help businesses compete better in today’s marketplace. 

  • Reduced operational costs and increased efficiencies
  • Improved employee productivity
  • Ability to be cloud-ready
  • Increased business agility and ability to scale to accommodate business growth
  • Improved system availability
  • Ability to implement cost-effective backup and disaster recovery solutions 

Upgrading your ageing servers and operating systems can reduce costs and provide significant benefits that can easily outweigh any cost of upgrading. 

Windows Server 2016 redefines the server category, delivering game-changing features and enhancements in virtualisation, networking, storage, cloud computing, automation, and more.

If you are unsure if this may impact your business, please contact ATS Solutions

Name *
Name

News - Windows XP Support has ended

Since April 8, 2014, support and updates for Windows XP is no longer available. Don't let your PC go unprotected.

What is Windows XP end of support?

Microsoft has provided support for Windows XP for the past 12 years. But now the time has come for us, along with our hardware and software partners, to invest our resources toward supporting more recent technologies so that we can continue to deliver great new experiences.

As a result, after April 8, 2014, technical assistance for Windows XP will no longer be available, including automatic updates that help protect your PC. Microsoft will also stop providing Microsoft Security Essentials for download on Windows XP on this date. (If you already have Microsoft Security Essentials installed, you will continue to receive antimalware signature updates for a limited time, but this does not mean that your PC will be secure because Microsoft will no longer be providing security updates to help protect your PC.)

If you continue to use Windows XP after support ends, your computer will still work but it might become more vulnerable to security risks and viruses. Also, as more software and hardware manufacturers continue to optimize for more recent versions of Windows, you can expect to encounter greater numbers of apps and devices that do not work with Windows XP.

How do I stay protected?

To stay protected after support ends, you have two options:

Upgrade your current PC

Very few older XP computers will be able to run current version of Windows, which is the latest version of Windows. We recommend you contact your ATS account manager to discuss if this is a viable option.

Get a new PC

If your current PC can't run current version of Windows, it might be time to consider shopping for a new one. Ask your ATS account manager what new PC's are available. They're more powerful, lightweight, and stylish than ever before—and with an average price that's considerably less expensive than the average PC was 10 years ago.