Protect your Office 365 account against password hacking

By enabling Multi Factor Authentication (MFA) on your Office 365 accounts you can reduce the chance of a hacker getting access to your data

Recently we have seen more instances of Office 365 passwords being compromised to either:

  • Trick the user into transferring money into the attackers account.

  • Data encrypted and held for ransom.

  • Extortion

Good password practises and passwords is essential, but having a multiple authentication before having access to your data is another step the attacker has to take to gain access. Attackers will most likely pick and easier target when they encounter this.

Multi-Factor Authentication for Office 365 is a feature that prevents access to your data and email unless on a trusted device or through a second authentication.

Other features are also available on your Office 365 tenancy including: Azure AD integration, password policies and self service password reset

mr_robot-copy.gif


Microsoft products going "End of Life" in 2020 - Windows 7, Server 2008 R2, SBS 2011, Exchange 2010, Office 2010, Office 2016

EOL-banner.jpg

As of 14th of January 2020, Microsoft will end support (also known as “end of life” or EOL) on the following PC and Server operating systems and applications -

  • Windows 7, all versions

  • Windows Server 2008R2

  • Windows Small Business Server 2011

  • Exchange 2010 SP3

 

What Does End of Life Mean?

End of life is the date after which an application is no longer supported by the vendor, in this case Microsoft.  Actions like updates, patching, Office 365 integration and most importantly security updates will no longer be pushed out by Microsoft.  After vendor support ends you are able to continue using the operating system or application but you would be doing so at greater risk to your corporate infrastructure. New computer viruses and other malware are being developed all the time. Without the security updates to fight them off, your data and your systems become progressively more vulnerable to hackers and other online threats.

What to do?

January 2020 may seem like a long way off but it can come around quickly if there is no strategy or budget in place to upgrade effected assets to current and supported operating systems.  If you have any of theses systems within your environment, we can provide upgrade options suitable to your environment and costs for budgeting.

Later in 2020...

Microsoft love to bring out new products, this also means their old ones will at some stage, all go end of life.

On the 13th of October 2020 the following products will also become end of life –

  • Office 2010, all versions

  • Office 2016, all versions for Mac only

As usual there are all the usual potential pitfalls around 3rd party application integrations and platform support but that’s why you has us to assist. If you require any further information about anything in this article please contact us at sales@atswa.com or 08 6550 0000.

Bitcoin Extortion Password Scam

beware-of-password-scam-735x400.jpg

You may have recently received an email claiming hacking of your system where data, activity or login details were captured. The blackmailer then demands payment to a bitcoin address.

The emails that raise the most concern are the emails that contain user passwords. These passwords are normally collected from previous leaks where passwords were leaked or hacked.

We have recently recorded an increase in distribution of this email:


Hello!

My nickname in darknet is keir43. I hacked this mailbox more than six months ago, through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.

So, your password from <email address> is <password>

Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer and automatically saved access for me.

I have access to all your accounts, social networks, email, browsing history. Accordingly, I have the data of all your contacts, files from your computer, photos and videos.

I was most struck by the intimate content sites that you occasionally visit. You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching. Oh my god! You are so funny and excited!

I think that you do not want all your contacts to get these files, right? If you are of the same opinion, then I think that $802 is quite a fair price to destroy the dirt I created.

Send the above amount on my BTC wallet (bitcoin): <Bitcoin Walled Address> As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.

Otherwise, these files and history of visiting sites will get all your contacts from your device. Also, I'll send to everyone your contact access to your email and access logs, I have carefully saved it!

Since reading this letter you have 48 hours! After your reading this message, I'll receive an automatic notification that you have seen the letter.

I hope I taught you a good lesson. Do not be so nonchalant, please visit only to proven resources, and don't enter your passwords anywhere! Good luck!


What to do:

Most of these emails can be ignored, however if your email address and password has been previously leaked, it is advised to change your password on that site, and any other sites that use the same password.

Your passwords should be complex and unique, they should meet or exceed your company password policy requirements. In the absence of a complexity policy you can use this as a guide:


Poor, or weak, passwords have the following characteristics: 

  • Contain less than eight characters.

  • Can be found in a dictionary, including foreign language, or exist in a language slang, dialect, or jargon.

  • Contain personal information such as birthdates, addresses, phone numbers, or names of family members, pets, friends, and fantasy characters.

  • Contain work-related information such as building names, system commands, sites, companies, hardware, or software.

  • Contain number patterns such as aaabbb, qwerty, zyxwvuts, or 123321.

  • Contain common words spelled backward, or preceded or followed by a number (for example, terces, secret1 or 1secret).

  • Are some version of “Welcome123” “Password123” “Changeme123”

To check if your details were previously leaked, you can use this website: https://haveibeenpwned.com/

if you are at all unsure, please feel free to call us

Security - Maximise Protection with Trend

worryfreeSlider2.jpg

Maximise your Protection

 

With Trend Worry Free Business Security  and Hosted Email Security

Action Required

  • Update Worry-Free Business Security to Version 10

  • Enable Hosted Email Security features for maximum protection and improved email digest for Apple iOS devices.


Update Worry-Free version 10

Trend Micro has released version 10 of Worry-Free Business Security, the centrally managed anti-malware solution. If you are receiving this email, this is the product that protects your IT system from advanced threats and malware by providing antivirus, web security, ransomware protection, and data security.

Whats new in version 10:

  • Predictive Machine Learning: The Predictive Machine Learning engine can protect your network from new, previously unidentified, or unknown threats through advanced file feature analysis and heuristic process monitoring. Predictive Machine Learning can ascertain the probability that a threat exists in a file or process and the probable threat type, protecting you from zero-day attacks.
  • Scan Per Device: In addition to manually scanning one or more device groups, Worry-Free Business Security allows you to scan selected devices to help you efficiently manage the devices on your network. You can also stop scanning any selected devices during the scan.
  • New Live Status Design: Find important information conveniently grouped into simple widgets. The widgets can help you identify key information such as threat intelligence and device status. You can also solve problems with a simple click in the new Action Center.
  • Automate Product Update: Worry-Free Business Security can help keep your protection up-to-date by periodically checking for the latest improvements and fixes. Use the Product Update feature to download and install update package automatically.
  • Email Notification Enhancements: Clarified email subject lines and a concise event summary with a possible solution can help you identify the action required and resolve problems faster.
  • HTTPS Web Threat Protection for Google Chrome and Microsoft Edge: Worry-Free Business Security has enhanced and extended your protection against malicious HTTPS websites. You can use the Google Chrome and Microsoft Edge browsers and be fully protected by your Web Reputation and URL Filtering policies without the need of browser add-ons.
  • Wildcard and Windows Environment Variable Support for Behavior Monitoring Exceptions: Worry-Free Business Security now supports wildcard characters and has enhanced the Windows environment variable support for approved and blocked programs in Behavior Monitoring. These enhancements give you more flexibility when defining exceptions.
  • Platform Support: This version of Worry-Free Business Security provides support for Microsoft™ Windows™ 10 Fall Creators Update.

Support for Windows 10 Spring Creators Update will be released on the 21/05/2018.


Enable Hosted Email Security new features

Trend Micro has introduced new features in its Hosted Email Security service to maximise protection. Many of these features are not enabled by default. Some of these features include:

Trend Micro Predictive Machine Learning uses advanced machine learning technology to correlate threat information and perform in-depth file analysis to detect emerging unknown security risks through digital DNA fingerprinting, API mapping, and other file features. Predictive Machine Learning is a powerful tool that helps protect your environment from unidentified threats and zero-day attacks.

After detecting an unknown or low-prevalence file, Hosted Email Security scans the file using the Advanced Threat Scan Engine to extract file features and sends the report to the Predictive Machine Learning engine. Through use of malware modeling, Predictive Machine Learning compares the sample to the malware model, assigns a probability score, and determines the probable malware type that the file contains.

The Advanced Threat Scan Engine (ATSE) uses a combination of pattern-based scanning and heuristic scanning to detect document exploits and other threats used in targeted attacks.

Major features include:

  • Detection of zero-day threats
  • Detection of embedded exploit code
  • Detection rules for known vulnerabilities
  • Enhanced parsers for handling file deformities

Quarantine email digests which allow you to release emails identified as spam has been impossible on Apple mobile devices until now with modification to your HES settings.

Security - Serious WiFi Exploit KRACK Discovered

security_privacy_hacker_crime_thief_steal_data_information_digital_criminal_breach_binary_code_danger_safety_password-100411670-large.jpg

KRACK WiFi Exploit

ATS Recommend updating all WiFi infrastructure and WiFi enabled devices.

KRACK (Key Reinstallation AttACK) affects WiFI systems protected with WPA/WPA2 encryption, the mostly widely used WiFi encryption method. If you are using WiFi, chances are, you are using WPA.

The KRACK exploit allows attackers to capture traffic sent and received from your devices to discover your passwords, this exploit is effective with many https websites.

Some devices are more vulnerable than others, particularly android and linux devices.

KRACK in action:

What can you do to prevent these attacks:

All devices, including PC's, Mac's, smart phones, and WiFi infrastructure should be updated to correct this bug where available.

Smart phones that do not have a patch or firmware update to address this issue should switch off WiFi and use cellular data for communication.

Contact ATS to discuss the best course of action 

 

Security - Fortigate Firewall Updates

firewall-sicurezza-640x340.jpg

FortiGate Firewall Updates

Improved Firewall Protection

ATS recommend all Fortigate firewalls are upgraded to the latest FortiOS version 5.6.2

This update provides better protection, performance and reliability as well as the key features:

Application Control is a free service

Application Control is now a free FortiGuard service and the database for Application Control signatures is separate from the IPS database. However, Botnet Application signatures are still part of the IPS signature database since these are more closely related with security issues and less about application detection. 

New PPPoE features for improved NBN support

PPPoE dynamic gateway support (397628) Original design for PPPoE requires to configure a static gateway. Although it works in many scenarios, some customers require to add support for dynamic gateway for internet-service based routes.

NP6 Host Protection Engine (HPE) adds protection for DDoS attacks

NP6 processors now include HPE functionality that can protect networks from DoS attacks by categorizing incoming packets based on packet rate and processing cost and applying packet shaping to packets that can cause DoS attacks

How Do I Upgrade?

As these upgrades do interrupt the internet service, ATS recommend these are performed out of normal business hours. Upgrades can take a varying amount of time dependant on the current version your firewall is running and the speed of your internet connection.

Contact ATS for an estimate now.

More information regarding this release is here.

Security - Password Security

brute force.png

Password
Security

Brute Force Attempts and Password Changes

Hackers are becoming more sophisticated in exploiting systems as ransomware has proven to be very lucrative. As a result, the number of password cracking attempts we have observed has increased dramatically.

The systems you expose to the internet for communication, management and remote access allow for hackers to attempt to brute force your passwords. They use common usernames and attempt thousands of password combinations until they breach the system.

As hackers develop better methods and algorithms to successfully breach accounts, higher complexity in passwords is essential.

Elevated accounts, such as Administrative accounts should be changed periodically to a high standard of complexity. User accounts, especially those with remote access should be restricted by a policy that enforces password complexity. 

If you cant remember when your administration passwords were last changed, its time to do it.

One of the biggest risks is from parties that were given a password to your system at at time when they needed it. These persons now have the keys to your system and may have moved on to another company, or even your competition. Other 3rd parties may have been given access to do an integration with their own product and no longer need access.