April, 2018 | Presage Solutions, Inc.

Around 5 billion stolen credentials are available on the dark web, and cybercriminals like to use them in credential stuffing attacks. Learn how credential stuffing attacks work and what you can do to protect your company from them.

Around 5 billion stolen credentials are up for grabs, according to security researchers who monitor the dark web. These credentials, many of which come from data breaches, are exploited by numerous cybercriminals.

Cybercriminals know that many people reuse their passwords, so they use the stolen usernames and passwords in credential stuffing attacks. In this type of attack, hackers use botnets to test stolen credentials on various websites in hope that they find a match and gain access. This automated testing is done slowly using many different IP addresses to avoid setting off alerts (e.g., three unsuccessful login attempts) that could expose the attack.

Credential stuffing attacks are proving to be particularly problematic for companies. They are now the single largest source of account takeovers on web and mobile apps, according to one 2017 study.

There are several measures you can take to protect your business from credential stuffing attacks. For starters, let your employees know about the dangers of reusing passwords. Encourage them to create a unique password for not only their business accounts but also their personal ones. That way, if one of their personal account passwords is stolen in a data breach, hackers won’t be able to use it to access your company’s accounts.

Another way to protect your business is to set up two-step verification systems for your business’s web and mobile apps. With two-step verification, people need to provide an additional piece of information to log in, such as a one-time security code. Also encourage employees to use two-step verification for personal online accounts when possible. Many cloud service providers, retailers, and financial institutions now provide this functionality.

Finally, you might consider using a credential validation service (e.g., EyeOnPass). Each time someone tries to register, log in, or change their account password, the service checks the password against a database of known compromised credentials. If found in the database, the person is informed and required to change their password.

Having many applications and files open and stacked on top of each other can make it hard to work. Discover a fast way to get rid of the clutter.

If you have many applications and files open and stacked on top of each other when working on your computer, you are not alone. It is a common sight on computers in businesses worldwide. This clutter can make it hard to access the desktop or concentrate on the task at hand.

To declutter your desktop, you could take the time to minimize each window. However, if your computer is running Windows 7 or a later version, there is a much faster way. You just need to wiggle a window.

When you want to minimize all the windows on your desktop except for the one you are working on, all you need to do is:

1. Click somewhere at the top of that window.

1. Wiggle the window until all the other windows have minimized.

To maximize all your windows again, simply repeat these two steps.

If you do not like the wiggling technique, there is an alternate method you can use. On your keyboard, press the Windows logo key and the Home button at the same time. This keyboard shortcut works for both minimizing and maximizing all the inactive windows.

It is important to note that the wiggling technique and keyboard shortcut won’t minimize a few types of windows, such as Windows security warnings. This is by design since they are meant to be seen and read when they pop up. Plus, the wiggling technique and keyboard shortcut won’t work if you have an open dialog box in any window. For example, it won’t work if you have the “Font” dialog box open in a Microsoft Word file.

Fort Worth, TX- April 10th, 2018 — Presage Solutions, a Fort Worth – based IT company dedicated to helping local startups and SMBs with their IT needs as they scale, has launched a virtual CIO (vCIO) program to assist Fort Worth businesses of all types in need of Managed Services and back-end operation support.

“The vCIO program allows us to partner with our client’s management to build the vision and strategy so that their technology solutions achieve the business goals and priorities. This way, our clients focus on operating their business and we operate and manage their IT strategy and execution,” said Jay Hamilton, CEO of Presage Solutions, Inc.

Startups and small businesses today are facing enormous pressure to build value and bring products to the market FAST. When they start to bring on customers, they need someone to support the product, service and growing business. Their choices are: support the product internally with existing engineers and resources, build the support team and infrastructure internally, or hire an outsourced support entity. “Our clients typically don’t need a full time CIO and have found that we alleviate a lot of headaches and have the experience and expertise to provide their businesses with exactly the technology mix they need to meet their goals through the use of our vCIO program. With this program we partner with their team and share in their success,” adds Hamilton.

Melanie Morris, marketing manager for Fort Worth, TX-based EOSERA, a small biotech startup, adopted Presage’s innovative vCIO program recently: “We managed all of our IT services in-house for as long as we could before realizing we needed a dedicated expert team to help better organize our business technology and prepare us for rapid growth. Presage has become an extension of our team, and we couldn’t be happier. Presage helped revamp our communications and shared calendars, and they helped build a more robust, cloud-based file sharing system. Those changes enabled us to bring incredible innovation and technology to market quickly.”

As a managed IT service provider, (MSP), Presage helps small and medium sizes businesses select, install and maintain their IT infrastructure. Services span from application development, to help desk, to implementing cloud architecture or a combination cloud and on premise for any hybrid strategy. The hybrid cloud strategy can leverage the clients on premise architecture or use Presage’s own co-located servers in their secure datacenter.

“We want to help local SMBs to be successful! If startups choose the right MSP and IT solution from the start, then whenever changes need to be made or problems arise, we are intimately familiar with the system they are working on. It is not enough to hire an IT company to hook up computers, set up a wireless system and install software updates. Small businesses need an MSP that can prepare them for the challenges of big data, the inevitability of tech problems and the opportunities of hybrid cloud storage,” says Hamilton.

Here are some recent testimonials on Presage’s IT services.

About Presage Solutions, Inc.

Presage Solutions, Inc. is a Fort Worth, TX-based managed services firm specializing in IT support for small and medium sizes business across all sectors. Presage guides small and medium sized business through the growth process with the latest cloud-based IT solutions. Presage offers network-based services, and application development and integrations, with a proven production method which joins people, process and technology to meet

IT policies are important to have because they can help ensure that your company’s IT resources are being used appropriately and productively. Here are eight IT policies often found in companies.

Writing IT policies is not exactly fun, but it is important. They help ensure that a company’s IT resources are used appropriately and productively. Besides documenting requirements and expectations, IT policies often discuss the consequences of policy violations.

There are many different types of IT policies. For example, some IT policies document what must be done to safeguard business data. Other policies outline the actions needed to protect a company’s IT equipment and services. There are even policies that cover whether employees can use their personal devices for work.

Putting all the IT policies into one document would be enough to scare off even the most enthusiastic business leader from writing it and the most diligent employee from reading it. A better approach is to write a separate policy for each area important to a business. Here are eight IT policies commonly found in companies:

1. Acceptable Use Policy

The acceptable use policy covers what is expected of employees when they are using a company’s IT equipment (e.g., computers, printers) and services (e.g., email, Internet access). For example, when traveling for business, employees might be expected to use a company-provided laptop and virtual private network (VPN) to access files on the main network. Equally important, this policy also covers what is unacceptable. For instance, this type of policy typically states that employees must not engage in any illegal or inappropriate activities using the company’s IT equipment and services.

By its very nature, the acceptable use policy covers many IT assets. For this reason, companies sometimes create separate policies for certain resources. For example, rather than include an “email services” section in the acceptable use policy, they create a separate email policy.

2. Password Policy

Cybercriminals often count on being able to crack passwords when they attack businesses. One 2017 study found that more than 80% of hacking-related data breaches involved weak, default, or stolen passwords. Thus, it is important to have a password policy. This type of policy usually covers guidelines for creating strong passwords, how often passwords should be changed, and other password requirements (e.g., do not reuse or share).

3. Privacy Policy

Companies typically collect and store a lot of personal information about customers, employees, and other people with whom they interact. Examples of personal data include names, credit card numbers, driver license numbers, birthdates, home phone numbers, and personal email addresses.

Companies document how they are collecting, storing, using, and disposing personal data in privacy policies. Some businesses create both an employee-facing privacy policy and a customer-facing privacy policy (e.g., privacy policy to post on a website). In the latter case, businesses might disclose if customers’ data is being shared with or sold to third parties.

When writing privacy policies, it is important to comply with any laws and regulations governing them. For example, if businesses collect personal information from California residents on their websites, California state law requires the companies to conspicuously post a privacy policy that includes specific information, such as the types of personal information being collected.

4. Data Governance Policy

Data is a crucial element in most businesses’ operations. The data governance policy describes the measures that must be taken to manage the data when it enters, goes through, and exits a company’s systems. Specifically, the policy documents how a company is making sure that its data is:

- Accurate, complete, and consistent across data sources (i.e., data integrity)

- Easy to gather, access, and use

- Secured at all times

The data governance policy also identifies the people responsible for maintaining the security and integrity of the data. Plus, if applicable, it might mention any third parties that play a role in the company’s data management processes.

5. Disaster Recovery Policy

Most companies have disaster recovery plans that discuss the processes and procedures to be used to recover IT systems, applications, and data if a disaster occurs. Having a disaster recovery plan is crucial, but it is also important to have a disaster recovery policy.

A disaster recovery policy requires that the disaster recovery plan be tested and periodically updated. This policy helps the disaster recovery plan go from being words on paper to processes and procedures that will be ready for implementation if catastrophe strikes.

The disaster recovery policy identifies who is responsible for developing, testing, and updating the company’s disaster recovery plan. In addition, it often discusses, in broad terms, recovery requirements, such as allowable downtime and how to ensure business continuity in the event of downtime.

6. Cloud Policy

Cloud policies specify the person or group responsible for evaluating and selecting cloud service providers. They also usually include what must be done during that process, such as conducting security and risk assessments of potential providers.

In addition, cloud policies often explicitly state that:

- Employees are not allowed to use their personal cloud services for work. For example, they cannot store business data in a personal Dropbox or Google Drive account

- Employees cannot open a new cloud service account specifically for business purposes without prior authorization. In this case, policies sometimes document how employees can get approval or they list pre-approved cloud services.

Cloud policies can also cover other areas such as compliance requirements (e.g., how the cloud service provider must comply with the company’s privacy policy) and exit strategies.

7. BYOD Policy

Employees are increasingly using their personal smartphones and other mobile devices for work. This is prompting many companies to develop Bring Your Own Device (BYOD) policies to govern the use of employee-owned devices in the workplace. These policies often discuss:

- What (if any) personal mobile devices can be used for work

- What can and cannot be done with those devices (e.g., allowed to access emails but not download files)

- How employees are supposed to connect to the company network (e.g., through a VPN)

- The degree to which the IT staff will support the employee-owned devices

8. Social Media Policy

People post many details about their professional and personal lives on social media networks. Companies use social media policies to document their expectations regarding the nature and tone of the information being posted. These policies also define how a company will manage and monitor the online behavior of employees.

Social media policies need to strike a balance between a company’s needs and the legal rights of its employees, given the country in which the business operates.

In March 2018, the SamSam ransomware ravaged Atlanta’s computer systems, bringing many city services to a halt. This wasn’t the first time hackers used this ransomware to wreak havoc and it won’t be the last. Learn how SamSam differs from most other ransomware.

Many city workers and citizens in Atlanta, Georgia, won’t soon forget March 22, 2018. On that day ransomware shut down many of the city’s online services and even some government offices. The culprit was a ransomware variant known as SamSam.

This was not the first time SamSam struck in 2018. In February, it forced the Colorado Department of Transportation to shut down 2,000 computers. A month earlier, SamSam stopped city services in Farmington, New Mexico as well as halted healthcare systems at Adams Memorial Hospital and Hancock Health in Indiana.

The cybercriminals behind the SamSam attacks are not just targeting government and healthcare organizations. They are also attacking businesses, including an unnamed industrial control systems (ICS) company in January 2018.

Unfortunately, security experts believe that the SamSam attacks will continue because they are bringing in big bucks. Hancock Health paid $55,000 (USD) to get its files and systems back. And it wasn’t the only organization to give into the hackers’ demands. One Bitcoin account that hackers set up to accept ransom payments had a balance of more than $325,000 in the month of January 2018 alone. Plus, they likely have set up other Bitcoin accounts for that purpose.

Since SamSam is here to stay, it is a good idea to know how this ransomware works. Armed with this knowledge, you can better defend your business so that it does not become the next victim.

How SamSam Differs from Most Ransomware

To spread ransomware, cybercriminals often send out phishing emails. These emails use a convincing pretense to lure recipients into performing an action, such as clicking a link or opening an attachment. If the recipients fall for the ruse, their computers will likely become infected with ransomware.

In contrast, cybercriminals use organizations’ servers to spread SamSam. This is achieved by exploiting:

- Unpatched software. Hackers scan servers connected to the Internet, looking for unpatched servers. When they find one, they exploit the vulnerability to access the machine. For example, in the very first SamSam attacks in 2016, cybercriminals sought and exploited a known vulnerability in servers running Red Hat’s JBoss software.

- Exposed connections. Cybercriminals scan servers connected to the Internet, looking for exposed connections. When they find one, they use it to access the machine. For instance, hackers sought and exploited servers with exposed Remote Desktop Protocol (RDP) connections in a series of SamSam attacks in 2017. (RDP is a remote management tool developed by Microsoft.)

- Weak or stolen credentials. Hackers crack weak passwords or use compromised credentials to break into public-facing servers. For example, cybercriminals used a vendor’s stolen credentials to gain entrance to one of Hancock Health’s servers.

Once the hackers have control of a company’s server, they install SamSam. This ransomware does not immediately start encrypting files, though. Instead, it finds, infiltrates, and installs itself on more computers in the network. In other words, it is self-spreading ransomware. After SamSam has been installed on machines throughout the network, cybercriminals run batch scripts to execute the encryption code in the ransomware and present the victim with a ransom note.

Ways to Avoid Becoming the Next Victim

The best defense against SamSam is a good offense. Taking several precautions can go a long way in preventing an infection:

- Keep all software, including the operating system, up-to-date on each server and workstation in your business. Hackers like to take advantage of unpatched computers. Do not give them that opportunity.

- Secure RDP. While helpful for IT administrators, RDP can be exploited by cybercriminals who want to access businesses’ servers. There are several ways to prevent this, such as deploying an RDP gateway and limiting the number of users who can log in using RDP.

- Use strong passwords for the service and software accounts on your servers. This will make it harder for hackers to crack passwords. Even better, use two-factor authentication when possible and implement an account lockout policy to thwart brute force password-cracking attacks.

- Use security software, even on your servers. It can help guard against known ransomware attacks and other kinds of malware threats.

- Regularly back up files and systems, and make sure the backups can be successfully restored. Although this will not prevent a SamSam attack, you won’t have to pay the ransom if one occurs.

We can analyze your IT environment and make specific recommendations on how to protect your business against SamSam and other types of ransomware. Together, we can develop a comprehensive plan that will help keep your business from becoming the next ransomware victim.

M	T	W	T	F	S	S
« Mar				May »
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30

Monthly Archives: April 2018

How to Protect Your Business from Credential Stuffing Attacks

Wiggle a Window to Declutter Your Desktop

Presage Solutions, Inc. Engages Texas Startups with vCIO Program

8 Policies to Protect Your Business’s IT Assets

SamSam Is on the Loose and Headed for a Server Near You

Info

Latest Blogs

Small and Midsized Businesses Continue to to Be Common Targets in Ransomware Attacks

Office 2019 or Office 365: Which Is a Better Fit for Your Business?