Ransomware in Office 365 email

Avanan’s blog reported a large ransomware attack against Office 365 users. Avanan’s Cloud Security Platform started to detect a massive attack on June 22nd. The payload was inside an attached Microsoft Word file. By June 23rd Microsoft was blocking the distribution of this attachment in email messages. Avanan estimated that 57% of companies using Office 365 email received at least one message last week.

A variant of the Cerbex ransomware was found in the offending email attachments. If Cerbex executed on any computer all of the working files would be encrypted. A demand message for a $500 payment in bitcoins to unlock the files appears. All of your files are gone. Your last resort is a good offsite backup of everything that you have ever created.

Cerbex ransomware when Microsoft Macros are enabled

If you do not have an advanced malware protection service like Avanan then protect your office by disabling unsigned macros in Microsoft Word. If you have a domain controller you can block macro files from the Internet for all of your computers. The instructions from Microsoft can be found here.

McAfee Labs has seen a 165% rise in ransomware attacks in the first quarter of 2015. Seven hundred thousand attacks were detected just by McAfee in Q1, 2015. In April of 2016 Hory county school district in South Carolina paid over $10,000 in ransom to restore encrypted files from just one attack. In 2015 the FBI received 2,453 complaints about ransomware, costing the companies or users more than $24 million dollars.

An ounce of prevention is less than a pound of cure once again.

Who is watching your data? Need some help? Just send us an email.

LinkedIn passwords revisited

LinkedIn Password breach
Last week 117 million accounts and passwords for LinkedIn accounts became available for sale on the Internet. LinkedIn did confirm that this list came from a data breach in 2012.  This represents about one quarter of the accounts at LinkedIn. If you receive a message from LinkedIn to reset your password you need to refresh this information.  A message from LinkedIn also means your password is at least 4 years old. It also means your encrypted password can be hacked. LinkedIn did not change it’s password policy until after the data breach in 2012.

Your LinkedIn email address may also get a message from LeakedSource that solicits you to join there service because they have a copy of the database information. At their blog post is a list of the top 50 passwords used on LinkedIn from this list of 117 million accounts.  You can check to see if you use one of the easiest passwords to compromise on LinkedIn.

We all have scores of passwords that give us access to everything from games to our professional profile. Using a password manager can reduce the complexity of managing this mess. It is time to move your passwords from that list in the book, your excel spreadsheet, word document or your contact list on your phone. If you have employees a policy and procedure should be in place to manage all of the information necessary to run your business.

If you use Office 365 you can manage passwords to Internet sites.  After you log into Office 365 you can unlock access to LinkedIn, Dropbox, Box and thousands of other sites. Multi-factor authentication is available on Office 365 to make sure only the account holder can access your online accounts.  You do not have to authenticate each time you access the account you can authorize a device to access Office 365 for 2 weeks before you are prompted to check a text message or authentication app on your phone.

LastPass is an app that works with your computer, tablet or phone to save passwords.  The consumer version is free to use on your computer.   Twelve dollars per year gets you access from your phone or tablet.   A corporate version is available for $24 per year.  LastPass has features that can change passwords automatically and save them to your password vault. Forms can be filed with two clicks of your mouse saving time online typing static information.

If you want help to manage your passwords just email us.

Comcast Accounts for Sale

ComCastOver the weekend someone on the dark web of the Internet started selling a list of Comcast usernames and passwords.  The complete list had 590,000 email addresses and passwords.  Comcast was quick to respond to this disclosure. By Saturday night Comcast had a copy of the list and checked each entry to determine which accounts were valid. Two hundred thousand accounts at Comcast were forced to reset the password on the next login.

A Comcast representative confirmed that their security teams were certain that none of their systems had been compromised to release the account information.  The possible source for the know good email addresses and passwords could be Phishing attacks or malware installed on the victims computers. Keylogging malware can capture usenames and passwords from your keyboard.

“We’re taking this seriously and we’re working to get this fixed for those customers who may have been impacted,” a Comcast spokesperson told the Washington post adding, “but the vast majority of information out there was invalid.”

Comcast does not offer multi-factor authentication for your account.  Multi-factor authentication requires a password and one other form of identification to allow access to the account.  The other identification can be a text message, smart phone app or a security key in your computer.  If your password is compromised or lost your account is still safe with two factor authentication or multi-factor authentication. If your email is important then you should be using the best in class protection for your messages.  This should include everyone that has a bank account or brokerage account.  Your email is the destination for password reset confirmation messages.

You can check to see what services use multi-factor authenitcation at TwoFactorAuth.

If you are tired of looking for your password in a pile of post-it notes or a book you can use a password manager. Do you use the same password on multiple web sites?  LastPass is free to use on your computer and it does support multi-factor authentication. You can try LastPass here .

Want to know more about how to secure your life online? Click to Send message

Free UTM

Free Next Generation Firewall

Now you can get a free Cyberoam Next Generation firewall when you purchase 3 year total value subscription.Cyberoam NG firewall

What you Get:

  • Gateway Anti-Virus & Anti-Spyware
    • protects your network from  malware, viruses, worms, spyware, backdoors, Trojans and keyloggers.
  • Anti-Spam
    • real-time spam protection over SMTP, POP3, IMAP protocols, protecting your business from zero-hour threats and blended attacks that involve spam, malware, botnets, phishing, and Trojans.
  • Web Application Firewall
    • secure your internal websites and Web-based applications in your business against attacks such as SQL injection, cross-site scripting (XSS), URL parameter tampering, session hijacking, buffer overflows, and more, including the OWASP Top 10 Web application vulnerabilities. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.
  • Web filtering
    • comprehensive URL databases with millions of URLs grouped into 89+ categories.  Fine tune what your employees have access to on the Internet.
  • Intrusion Prevention System
    • Automatically detects, blocks, drops suspicious traffic coming in or going out of your network.
  • 24 x 7 Email, phone and chat Tech Support
  • A free Cyberoam NG firewall
    • NG 25 or NG25wING
      • 110 Mbps throughput on the appliance
      • NG25wING has up to eight WiFi access points available for your network
    • NG35, NG35wING,
      • 210 Mbps throughput on the appliance
      • NG25wING has up to eight WiFi access points available for your network
    • NG50
      • 550 Mbps throughput on the appliance
    • NG100
      • 750 Mbps throughput on the appliance
    • NG200
      • 1.4 Gbps throughput on the appliance

Business Class service that you can afford

It is time to retire the retail router that connects your business network to the Internet.  Your business information and your public image need not be tarnished because of weak or nonexistent protection. You can stop many of the problems before they even reach any of your computers.  If someone in your office does make a mistake the appliance can stop the information from going outside the US to criminals in other countries.

Data leak prevention can be customized for each group or individual.  Policies can be created to forward email for departing employees to their supervisor. Another policy can stop everyone or a specific person or group from uploading documents to the web, web mail, ftp site or peer to peer sharing site. Even transfers to web sites using SSL conception can be blocked with a policy on the appliance. Web chat can be limited by keywords and file transfers blocked. Or you can just block instant messaging sites if you do not use this for your business operations. This simply means you have control of your Internet connection.

Get this deal today just email us at Altura IT

Installation and setup is available if you want help to get started.

National Cyber Security Awareness Month

was created as a collaboratiCybersecuritymonthve effort between government and industry to ensure every American has the resources they need to stay safer and more secure online.

Our focus today is with small to medium businesses. Homeland security has created a Cyber Security Guide that will be used as a reference for today’s talk.

Yes, this is the same group that is responsible for airline security. I know many people see things that Homeland security does not do well, but their Cyber Security Planning guide is good place to start a conversation.

Businesses large and small can and need to do more to protect against growing cyber threats. As larger companies take steps to secure their systems, less secure small businesses are easier targets for cyber criminals.


Where do you start?


  • Identify and categorize your business information.
    • Your customer list is a key part of the business. Does everyone have access to this list? Do you restrict how this information is used?
    • Your sub-contractors or vendors are an important asset to your business.
    • Your business processes can be unique to your operation.
    • What other information would you consider your intellectual property?
      • Customer sales records
      • Credit card transactions
      • Medical records
      • Employee payroll records
      • Email lists
      • Marketing plans
      • Business leads
      • Produce design and development plans
    • Who should have access to your business information? Is it all stored where everyone can see all of your business? Is it encrypted so only the right people can read or change the data?



  • Company Policies, setting the rules for business conduct
    • Written policies are necessary in the employee handbook for these topics
      • Computer and Internet usage
        • You have to state that the equipment the business purchased are for business use. Unless it is in writing an employee can use any of the equipment for their own use.
      • Social media policy, even if you don’t use social media in your business, someone is talking about you.
      • Email usage policy including that you have the right to monitor company email usage. What to say and how to say it.
      • Privacy Policy for employee, customer or client information
        • Personally Identifiable Information
          • Name, address, social security number, email address, home phone number, cell phone number, date of birth
        • Personal health information
        • Customer Information
          • Names, address, payment information, credit card numbers, shipping information, purchase history, buying preferences



  • Train employees and yourself frequently, 2-3 times a year
    • Social engineering, also known as “pretexting,” is used by many criminals, both online and off, to trick unsuspecting people into giving away their personal information and/or installing malicious software onto their computers, devices or networks. Social engineering is successful because the bad guys are doing their best to make their work look and sound legitimate, sometimes even helpful, which makes it easier to deceive users.
    • What to look for in an email message that is really a phishing attempt
    • What information to give out to a telephone inquiry to your business. Find out who you are talking with. What do they need to know and why.



Secure your business network

You pay for the office, Internet connection, email service, and computers. You set the rules with your company policies.

What is multi layered security?


  • Don’t rely on just one technology to stay safe on the Internet
    • Just having an anti-virus program on your computer is not enough to prevent data loss or a compromised network or computer.
      • You can scan for viruses and malware at your Internet connection with one vendor and scan the computers, or end points with another vendor.
    • Control outbound Internet access, things that are not done on retail based routers.
      • Do you need to reach web sites in China to run your business? Do you need to talk with all of China or just a few places where you have contacts? You can apply this process to all 252 county codes on the Internet.
      • Filter non-business access outbound
        • Porn sites, hate sites, shopping sites, social media sites
        • Do you need to run a Chinese peer to peer application specifically centered on users uploading media content for other users to view using their application? If not then stop high risk traffic from exiting your network. Block 275 high or very high risk network traffic protocols that you just don’t use. Retail shelf routers don’t care or know what protocols( network language) the packets are using.
        • Log access to network to have an audit trail when something goes wrong.
      • Keep your software current. The Java program alone has had 101 security patches in the last year. The typical computer has 67 programs loaded that could become back doors to hackers if you don’t have the latest security patches.  A software patch management program will get you status for every machine in your office.
      • Passswords
        • If you have not changed your password this year how many people might have access to your information.
          • Change every time you have an employee leave. You change the locks or physical codes when someone leaves, why not your electronic locks
          • Use a password manager; you have to many passwords to remember today.
          • Don’t use a password on the list of the 1000 most common passwords
          • Use a pass phrase or sentence to unlock your password manager.
          • Two factor authentication methods, which require two types of evidence that you are who you claim to be, are safer than using just static passwords
            • Google and Microsoft have phone apps that will send authentication codes when you login from another location.
            • LastPass sends an email to your registered account when you access the service from a new location.
          • WiFi
            • WiFi Protected Setup
              • Created for home users who know little of wireless security and may be intimidated by the available security options to set up Wi-Fi Protected Access, as well as making it easy to add new devices to an existing network without entering long passphrases.
              • Wi-Fi protected setup is susceptible to attack because of a basic design flaw.  According to Computer Emerency Readyness Team, CERT, they are “unaware of a practical solution to this problem.”
              • September 2014 a security researcher, Dominique Bongard, demonstrated that  WPS could also be cracked offline using a computer.  This process extracts the third message from one failed access to the router.  This number is used to decode the 8 digit pin for the wireless access point.  Your access point no longer needs more than one unsuccessful log in to reveal it’s permanent secret code.
              • Is you WiFi access turned on 24 X 7 or just during the office hours?
              • Is you WiFi connected to your network with business information?
              • All these things happen with retail routers made for home use.
              • WLAN access should be restricted to specific devices and specific users to the greatest extent possible while meeting your company’s business needs.
              • Are you using the default password on your router?
                • Botnets capture routers with default passwords to disrupt Internet traffic.
              • Remote Access
                • If your company needs to provide remote access to your company’s internal network over the Internet, one popular and secure option is to employ a secure Virtual Private Network (VPN) system accompanied by strong two-factor authentication, using either hardware or software tokens.
                  • The easier the stores make it for managers to remotely handle payment transactions, the easier it’s also for thieves.
                  • Trustwave last year estimated that 63% of 450 data breaches studied by the security vendor were caused by security vulnerabilities that were introduced by a third party. Don’t become a “Target”.
                • All those phones and tablets
                  • You know everyone in your office has a smart phone. No one may have exactly the same phone unless you issued all of the devices. Now your company email is on each of those devices. When someone leaves the company how to do wipe the old company email off the device? Or do you just let them walk off with every customer contact that exists in your Exchange server?
                • USB drives
                  • Do you allow anyone to plug in a USB device to a machine on your network?

When you become one of the 60%.

According to the Verizon data survey 60% of data breaches occur in companies with less than 100 employees. What do you need to do now?

  • Arizona law applies to all non-encrypted personally identifiable information.
    • Name and social security number, all employee names have social security numbers in your payroll database.
    • Name and driver’s license or state id number.
    • Name and any of the following
      • Debit card number, credit card number, financial account number, password, security code or access code that would allow account access.
    • Must conduct a prompt investigation to determine if there has been a data breach. If this is true, you need to notify anyone that maybe effected. This notification occurs after law enforcement determines that it will not compromise their investigation.
      • This includes the loss of a laptop, notebook or flash drive with unencrypted data on the device.





Life time Backup

[wds id=”2″]

Lifetime Backup $50

Yes you can afford backup for your computers, phone and tablets
But you need to act soon. The offer expires on September 26th.


Stack social is offering lifetime backup for your personal computing devices for a one time fee of $50.  This cross platform solution will save up to 1 Tera byte of data on the Skyhub cloud backup service not for a year but the rest of your life.  Skyhub allows you to backup up to four computers with their software.   If you have a network attached disk storage system you can backup information to your Skyhub account.  If you are using any flash drives or other external hard drives they can also be stored out on the Skyhub backup service.

So the next time you jump in the pool with your phone in your pocket you pictures will be recovered from the servers at the Skyhub. No more lost memories from that precious device in your pocket or purse.

The lastest survey done by Harris Interactive, one of the largest market research and consulting firms in the world, shows that backup is still not used by up to 25% of computer users. Check out the charts at the top of this page. This information was provided by BackBlaze another online backup provider. BackBlaze personal backup is available for $5/month.

You have a computer, tablet or phone because you can no longer keep all of your information in your head.  Don’t loose this because you would not spend $50 for the next 30 years you need to keep this information handy.

Security Features from Skyhub:

  • Your files are encrypted before leaving your machine using 256-AES. You may specify your own encryption password. This method is considered among the top ciphers available today.
  • The website and client software have been hardened against attacks from hackers.
  • You can have a local copy of all of your files on a local external hard drive by enabling Hybrid+ from the Settings page inside the desktop software.
  • No one at Skyhub has your password to unlock your encrypted files.  You need to securely save this information using LastPass or another password manger.


Free Firewall with a 3 year subscription

Cyberoam Sophos
Are you tired of waiting for your business to be the next news headline with a security breach? You can protect your business network and intellectual property with a next generation firewall. But wait, you should also have full access to the fast Internet connection you purchased from Cox Verizon or Century Link. Get protection and speed with the fastest firewall system available for small and medium businesses, a Cyberoam NG universal threat management system.

You can block Internet access by country to stop data being leaked out to China, Russia, eastern Europe or any other country in the world. Even if the bad guys get in stop the information going out to other countries with Cyberoam’s NG firewalls. You can also block over 1000 protocol types from sending information out through your network connection. This includes proxy sites, the tor network and peer to peer network protocols. Cyberoam identifies and stops unwanted information on your network. Why would any of us want to allow a Chinese peer to peer application specifically centered around users uploading media content for other users to view to run inside your office network. Blocking unwanted traffic reduces your exposure to an attack.

Sophos Security Labs discovers on average 25,000 newly infected web pages per day. Everyone knows that an Internet router from a retail store just does not protect you from today’s threats. Cyberoam devices scan web traffic for viruses and malware. Intrusion detection and intrusion detection are part of the three year subscription to automatically stop new exploits coming to your network. On device reporting includes reports for PCI-DSS, HIPAA, GLBA and SOX compliance requirements. The identity and policy network security tracks all of your users activity by user login names. Know what your employees do online.

Through August 31, 2015 a TVSP subscription protects you with Gateway Anti-Virus & Anti-Spyware, Anti-Spam, Web & Application Filter, Intrusion Prevention System, 24X7 Email, phone and chat Tech Support. And you get a free next generation firewall.

Get your next generation firewall here.