RSS Feed
Latest Updates
Tips from Virsage: Phishing - August Newsletter
Posted by Andrea Montgomery on 14 August 2017 11:25 AM

Tips from Virsage: Phishing

 August 2017




Email is one of the primary ways we communicate.   We not only use it every day for work, but to stay in touch with our friends and family.  In addition, email is now how most companies provide online services, such as confirmation of your online purchase or availability of your bank statements. Since so many people around the world depend on email, it has become one of the primary attack methods used by cyber criminals. In this newsletter, we explain phishing, a common email attack method, and the steps you can take to use email safely.

Guest Editor

Dr. Lance Hayden is a Managing Director for Berkeley Research Group. An expert in security culture and behavior, he is the author of People- Centric Security: Transforming Your Enterprise Security Culture from McGraw-Hill. You can find him at



Phishing refers to an attack that uses email or a messaging service (like those on social media sites) that tricks or fools you into taking an action, such as clicking on a link or opening an attachment.  By falling victim to such an attack, you risk having your highly sensitive information stolen and/or your computer infected.  Attackers work hard to make their phishing emails convincing.  For example, they will make their email look like it came from someone or something you know, such as a friend or a trusted company you frequently use. They will even add logos of your bank or forge the email address so the message appears more legitimate. Then the attackers send these phishing emails to millions of people. They do not know who will fall victim, all they know is the more emails they send, the greater the chance for success. Phishing is similar to using a net to catch fish; you do not know what you will catch, but the bigger the net, the more fish you will find. There are several ways attackers use phishing to get what they want: 

Harvesting Information:  The attacker’s goal is to harvest your personal information, such as your passwords, credit card numbers or banking details. To do this, they email you a link that takes you to a website that appears legitimate. This website then asks you to provide your account information or personal data.   However, the site is fake, and any information you enter goes directly to the attacker.

Malicious Links: The attacker’s goal is to take control of your device. To do this, they send you an email with a link.  If you click on the link, it takes you to a website that launches an attack on your device that, if successful, infects your system.

Malicious  Attachments:  The  attacker’s  goal  is  the same, to infect and take control of your device. But instead of a link, the attacker emails you an infected file, such as a Word document. Opening the attachment triggers the attack, potentially giving the attacker control of your system.

Scams:  Some phishing emails are  nothing  more  than scams by con artists who have gone digital. They try to fool you by saying you won the lottery, pretending to be a charity needing donations or asking for your help to move millions of dollars. If you respond to any of these, they will say they first need payment for their services or access to your bank account, scamming you out of your money.


Protecting Yourself

In almost all cases, opening and reading an email or message is fine. For a phishing attack to work, the bad guys need to trick you into doing something. Fortunately, there are clues that a message is an attack. Here are the most common ones:

  • The email creates a sense of urgency, demanding “immediate action” before something bad happens, like closing your account. The attacker wants to rush you into making a mistake without thinking.
  • You receive an email with an attachment that you were not expecting or the email entices you to open the attachment. Examples include an email saying it has an attachment with details of unannounced layoffs, employee salary information or a letter from the IRS saying you are being prosecuted.
  • Instead of using your name, the email uses a generic salutation like “Dear Customer.” Most companies or friends contacting you know your name.
  • The email requests highly sensitive information, such as your credit card number or password.
  • The email says it comes from an official organization, but has poor grammar or spelling, or uses a personal email address like, or
  • The link looks odd or not official. One tip is to hover your mouse cursor over the link until a pop-up shows you where that link really takes you. If the link in the email doesn’t match the pop-up destination, don’t click it. On mobile devices, holding down your finger on a link gets the same pop-up. An even safer step is to copy and then paste the URL from the email into your browser or type the correct link.
  • You receive a message from someone you know, but the tone or wording just does not sound like him or her. If you are suspicious, call the sender to verify they sent it. It is easy for a cyber attacker to create an email that appears to be from a friend or coworker.

If you believe an email or message is a phishing attack, simply delete it. Ultimately, common sense is your best defen

NERC CIPv5 Cyber Security Training

Be sure to check out our free resources including the OUCH! newsletter, weekly blogs and Video of the Month. This month, we’re covering CIP v5: Operating Interconnected and Interdependent BES Cyber Systems. View the video at


Social Engineering:                        

Five Steps to Staying Secure:        

I’m Hacked, Now What?:                

OnGuard Online:                            

SANS Security Tip of the Day:        _of_the_day.php


OUCH! is published by SANS Securing The Human and is distributed under the  Creative Commons BY-NC-ND 4.0 license. You are free to share or distribute this newsletter as long as you do not sell or modify it. For past editions or translated versions, visit  Editorial Board: Bill Wyman, Walt Scrivens, Phil Hoffman, Bob Rudi             /securethehuman          @securethehuman 

Find this Article Online at :

Read more »

Tips from Virsage: What is Malware? - July Newsletter
Posted by Andrea Montgomery on 24 July 2017 09:28 AM

Tips from Virsage: What is Malware?

July 2017


You may have heard of terms such as virus, trojan, ransomware, or rootkit when people discuss cyber security. All of these words describe the same thing, types of programs used by criminals to infect computers and devices.  A common  term  used  to  describe  all these different programs is the word malware.   In this newsletter, we will explain what malware is, who creates it and why, and most importantly, what you can to do protect yourself against it.

Guest Editor

Lenny Zeltser focuses on safeguarding customers’ IT operations at NCR Corp and teaches malware combat at the SANS Institute. Lenny is active on Twitter as @lennyzeltser and writes a security blog at

What Is Malware?

Simply put, malware is software -- a computer program -- used to perform malicious actions. In fact, the term malware is a combination of the words malicious and software. Cyber criminals install malware on your computers or devices to gain control over them or gain access to what they contain. Once installed, these attackers can use malware to spy on your online activities, steal your passwords and files, or use your system to attack others. Malware can even deny access to your own files, demanding that you pay the attacker a ransom to regain control of them.

Many people have the misconception that malware is a problem only for Windows computers. While Windows is widely used (and thus a big target), malware can infect any device, including Mac computers, smartphones, and tablets. The more computers and devices cyber criminals infect, the more money they can make. Therefore, everyone is a target, including you.

Who Creates Malware?

Malware is no longer created by just curious hobbyists or amateur hackers, but by sophisticated cyber criminals. Their goal is to make money from your infected computer or device, perhaps by selling the data they’ve stolen from you, sending spam emails, launching denial of service attacks, or performing extortion. The people who create, distribute, and benefit from malware can range from individuals acting on their own to well-organized criminal groups or even government organizations. People who are creating  today’s sophisticated  malware  are  often dedicated to that purpose, developing malware as their full-time job. In addition, once they develop their malware, they often sell it to other individuals or organizations, even supplying their “customers” with regular updates and support.

Protecting Yourself

A common  step  to  protecting  yourself  is  to  install anti-virus software from trusted vendors. Such tools, sometimes called anti-malware software, are designed to detect and stop malware. However, anti-virus cannot block or remove all malicious programs. Cyber criminals are constantly innovating, developing new and more sophisticated malware that can evade detection. In turn, anti-virus vendors are constantly updating their products with new capabilities to detect malware. In many ways, it has become an arms race, with both sides attempting to outwit the other. Unfortunately, the bad guys are usually one step ahead. Since you cannot rely on anti-virus alone, here are additional steps you should take to protect yourself:

  • Cyber criminals often infect computers or devices by exploiting vulnerabilities in their software. The more current your software is, the fewer vulnerabilities your systems have and the harder it is for cyber criminals to infect them. Therefore, make sure your operating systems, applications, and devices are enabled to automatically install updates.
  • A common way cyber criminals infect mobile devices is by creating a fake mobile app, posting it on the Internet, and then tricking people into downloading and installing it. As such, only download and install apps from trusted online stores. In addition, only install mobile apps that have been posted online for a long time, downloaded by a large number of people, and have numerous positive reviews.
  • On computers, use a standard account that has limited privileges rather than privileged accounts such as “Administrator” or “root.” This provides an additional protection by preventing many types of malware from being able to install themselves.
  • Cyber criminals often trick people into installing malware for them. For instance, they might send you an email that looks legitimate and contains an attachment or a link. Perhaps the email appears to come from your bank or a friend. However, if you were to open the attached file or click on the link, you would activate malicious code that installs malware on your system. If a message creates a strong sense of urgency, is confusing, or seems too good to be true, it could be an attack. Be suspicious, common sense is often your best defense.
  • Regularly back up your system and files to cloud-based services, or store your backups offline, such as on disconnected external drives. This protects your backups in case malware attempts to encrypt or erase them. Backups are critical; they are often the only way you can recover from a malware infection.

Ultimately, the best way to defend against malware is keep your software up-to-date, install trusted anti-virus software from well-known vendors, and be alert for anyone attempting to fool or trick you into infecting your own system.


Secure Development Life Cycle: Agile Development 

Be sure to check out our free resources, including our blog and Video of the Month.  This month, we’re covering

Software Development Life Cycle: Agile Development. View the video at:



Social Engineering:          

Securely Using Mobile Apps:

Securing Your New Tablet:

Backups:                           ,;


OUCH! is published by SANS Securing The Human and is distributed under the  Creative Commons BY-NC-ND 4.0 license. You are free to share or distribute this newsletter as long as you do not sell or modify it. For past editions or translated versions, visit  Editorial Board: Bill Wyman, Walt Scrivens, Phil Hoffman, Bob Rudis             /securethehuman          @securethehuman 

Find this article online at :

Read more »

Virsage Update: WannaCry and other Ransomware
Posted by Andrea Montgomery on 16 May 2017 08:47 AM

There has been a lot of concern (and rightfully so) in regards to the WannaCry outbreak over the weekend. While the scale of last weekend’s attack grabbed the attention of the media, this type of threat has been present for several years.  We have seen a steady increase in the number of these attacks with the trend only increasing.  Reports of the industry reaching $1 billion in 2016 across various versions of these exploits has caused a shift in how companies are viewing this threat.  At Virsage we have taken a multi-dimensional approach to protecting our customers’ data. 

  1. Data Backups – Data backups are the foundation for ensuring that data is recoverable when a ransomware attack starts.  In the event that a ransomware attack is successful, having the ability to restore files quickly is key.
  2. Software Restriction – Our team is continually honing the types of files and locations that users can knowingly or unknowingly run them from.  While the effect of this facet of protection can cause issues with some legitimate applications that are corrected on a case by case basis, the rule in today’s network is “Deny by default”.
  3. Patch Management – Many of the ransomware strains take advantage of exploits in older versions of code that have been addressed by patches or updates.  Ensuring that your operating systems and applications are up to date helps to block potential threats.
  4. Anti-Virus/Malware Protection – AV and malware products today go beyond just looking at a virus definition file to identify threats.  With advanced pattern and user behavior recognition, they can shut down a suspected threat before it is able to execute.
  5. Network Security – Threats are everywhere on the Internet.  All traffic inbound and outbound is scanned with the “Deny by default” rule being put in to use again.
  6. Employee Education – Perhaps the biggest hole in the security wall is the end user.  As the threats become harder and harder to differentiate from a legitimate email, busy employees are quick to click on the malicious links. Phishing and Social Engineering training campaigns are a fundamental part of a comprehensive security policy. Virsage provides a monthly newsletter that can also be found on our news feed at where we offer ongoing user education.

We appreciate the trust that you put in Virsage as your IT provider and we work hard every day to ensure the security of your data.  

Read more »

Tips from Virsage: Internet of Things - May 2017
Posted by Andrea Montgomery on 09 May 2017 10:39 AM

Tips from Virsage: Internet of Things

May 2017


Internet of Things (IoT)

What Is the Internet of Things (IoT)

In the past, technology was relatively simple; you just connected your computer to the Internet and used it for your daily activities. However, technology became more advanced  when mobile devices  came into our lives, devices such as smartphones and tablets. These devices put the power of desktop computers into our pockets.  While  far more  mobile, these  devices also brought their own, unique security challenges. The next big technical advancement is the Internet of Things. The Internet of Things, often shortened to IoT, is all about connecting everyday devices to the Internet, devices from doorbells and light bulbs to toy dolls and thermostats. These connected devices can make our lives much simpler; for example, having your lights automatically activate as your phone recognizes when you get close to home. The IoT market is moving at an amazing pace, with new devices appearing every week. However, like mobile devices, IoT devices also come with their own individual security issues. In this newsletter, we help you understand what those risks are and what you can do to secure your IoT devices, your home, and your family.

Guest Editor

James Lyne (@jameslyne) is global head of security research at the security firm Sophos. A self- professed ‘massive geek,’ his technical expertise spans a variety of the security domains. He is a certified instructor at the SANS institute and often a headline presenter at industry conferences.

Issues With IoT

The power of IoT is that most of these devices are simple. For example, you simply plug your coffee machine in and it asks to connect to your home Wi-Fi network. However, all that simplicity comes at a cost. The biggest problem with IoT devices is that many of the companies making them have no experience with security. Instead, their expertise is manufacturing household appliances. Or perhaps they are a startup trying to develop a product the most efficient, fastest way possible, such as on Kickstarter. These organizations are focusing on profits, not cyber security. As a result, many IoT devices purchased today have little or no security built into them. For example, some have default passwords that are well known, perhaps even posted on the Internet, and cannot be changed. In addition, many of these devices have no option or ability to configure them; you’re stuck with whatever was shipped. To make matters worse, many of these devices can be difficult to update or may not even have the capability. As a result,  many  of the IoT devices you are using  can quickly  become  out of date  with known vulnerabilities that cannot be fixed, leaving you permanently vulnerable.

Protecting Your IoT Devices

So what can you do? We definitely want you to leverage the power of IoT devices securely and effectively. These devices can provide wonderful features that can make your life simpler, help save money, and increase the physical security of your home. In addition, as the technology grows, you  may have no choice but to purchase or use IoT devices. Here are some steps you can take to protect your IoT devices and yourself:

  • Connect Only What You Need: The simplest way to secure an IoT device is to not connect it to the Internet. If you don’t need your device to be online, don’t connect it to your Wi-Fi network.
  • Separate Wi-Fi network: If you do need your IoT devices online, consider creating a separate Wi-Fi network just for them. Many Wi-Fi access points have the ability to create additional networks, such as a Guest network. Another option is to purchase an additional Wi-Fi access point just for IoT devices. This keeps your IoT devices on an isolated network, where they cannot be used to harm or attack any computer or mobile devices connected to your primary home network (which is still the main interest of cyber criminals).
  • Update When Possible: Just like your PC and mobile devices, keep your IoT devices up to date. If your IoT device has the option to automatically update, enable that.
  • Strong Passwords: Change any passwords on your IoT device to a unique, strong passphrase only you know. Can’t remember all of your passphrases? Don’t worry, neither can we. Consider using a password manager to securely store all of them.
  • Privacy Options: If your IoT device allows you to configure privacy options, limit the amount of information it shares. One option is to simply disable any information sharing capabilities.
  • Consider Replacement: At some point, you may want to replace an IoT device when your existing one has too many known vulnerabilities that cannot be fixed or there are newer devices that have far more security built into them.

There is no one size fits all for every device, so it is worth checking for best practices and any publications on how to secure them. Unfortunately, most IoT devices were not developed with cyber security in mind, so many manufacturers do not provide much security information. But as awareness for cyber security grows, we hope to see more and more IoT vendors build security into their devices and provide more information on how to protect and update them.


Meeting NERC CIP Training Requirements

SANS has developed training for electric utility organizations subject to the NERC CIP Reliability Standards. Learn how SANS can help you meet the training requirements in NERC CIP-004 and CIP-003.



Password Managers:                      

Securing Your New Tablet:            

Securing Your Home Network:       ,,


OUCH! is published by SANS Securing The Human and is distributed under the Creative Commons BY-NC-ND 4.0 license. You are free to share or distribute this newsletter as long as you do not sell or modify it. For past editions or translated versions, visit Editorial Board: Bill Wyman, Walt Scrivens, Phil Hoffman, Bob Rudis, Cheryl Conley             /securethehuman          @securethehuman  


Read more »

Tips from Virsage: CEO Fraud - April 2017
Posted by Andrea Montgomery on 11 April 2017 12:03 PM

Tips from Virsage: CEO Fraud

April 2017

CEO Fraud

What Is CEO Fraud?

Cyber criminals are sneaky—they are constantly coming up with new ways to get what they want. One of their most effective methods is to target people like you. While cyber attackers have learned that unaware people are the weakest link in any organization, they have forgotten that knowledgeable people like OUCH! Readers [this newsletter] can be an organization’s best defense.

Cyber criminals have developed a new attack called CEO Fraud, also known as Business Email Compromise (BEC). In these attacks, a cyber criminal pretends to be a CEO or other senior executive from your organization. The criminals send an email to staff members like yourself that try to trick you into doing something you should not do. These types of attacks are extremely effective because the cyber criminals do their research. They search your organization’s website for information, such as where it is located, who your executives are, and other organizations you work with. The cyber criminals then learn everything they can about your coworkers on sites like LinkedIn, Facebook, or Twitter. Once they know your organization’s structure, they begin to research and target specific employees. They pick their targets based on their specific goals. If the cyber criminals are looking for money, they may target staff in the accounts payable department. If they are looking for tax information, they may target human resources. If they want access to database servers, they could target someone in IT.


Guest Editor

Angela Pappas is a director of information security training and awareness at Thomson Reuters. In her role, Angela is responsible for the ambassador program, eLearning, and educating employees about topics that pose a significant risk.

Once they determine what they want and whom they will target, they begin crafting their attack. Most often, they use spear phishing. Phishing is when an attacker sends an email to millions of people with the goal of tricking them into doing something, for example, opening an infected attachment or visiting a malicious website. Spear phishing is similar to phishing; however, instead of sending a generic email to millions of people, they send a custom email targeting a very small, select number of people. These spear phishing emails are extremely realistic looking and hard to detect. They often appear to come from someone you know or work with, such as a fellow employee or perhaps even your boss. The emails may use the same jargon your coworkers use; they may use your organization’s logo or even the official signature of an executive. These emails often create a tremendous sense of urgency, demanding you take immediate action and not tell anyone. The cyber criminal’s goal is to rush you into making a mistake. Here are three common scenarios:

  • Wire Transfer: A cyber criminal is after money.  This means they research and learn who works in accounts payable or the team that handles your organization’s finances. The criminals then craft and send an email pretending to be the targets’ boss; the email tells them there is an emergency and money has to be transferred right away to a certain account.
  • Tax Fraud: Cyber criminals want to steal information about your coworkers so they can impersonate employees for tax fraud. They research your organization and determine who handles employee information, for example, someone in human resources. From there, the cyber criminals send fake emails pretending to be a senior executive or someone from legal, demanding certain documents be provided immediately. 
  • Attorney Impersonation: Not all CEO Fraud attacks involve just email; other methods like the telephone can be used. In this scenario, criminals start by emailing you pretending to be a senior leader, advising you that an attorney will call about an urgent matter. The criminal then calls you pretending to be the attorney.  The criminal creates a tremendous sense of urgency as they talk about time-sensitive, confidential matters. This sense of urgency tricks you into acting right away. 

Protecting Yourself

So what can you do to protect yourself and your organization? Common sense is your best defense. If you receive a message from your boss or a colleague and it does not sound or feel right, it may be an attack. Clues can include a tremendous sense of urgency, a signature that does not seem right, a certain tone you would never expect, or the name used in the email being different from what the person actually calls you. The attacker may even use an email address or phone number you have never seen before, or an email address that is similar to your coworker’s or boss’s email. When in doubt, call the person at a trusted phone number or meet them in person (don’t reply via email) and confirm if they sent the email. Never bypass security policies or procedures. Your organization may have policies that define proper procedures for authorizing the transfer of funds or the release of confidential information. Requests that attempt to bypass those policies, regardless of their apparent source, should be considered suspicious and be verified before any action is taken. If you receive such a request and are not sure what to do, contact your supervisor, the help desk, or information security team right away.

Tip of the Day

Every day we post a new tip on how to make the most of your time online and how to stay safe. Get your daily security

tips at


Social Engineering:


What Is Malware: 

 Two-Step Verification: 

Tip of the Day:     


OUCH! is published by SANS Securing The Human and is distributed under the  Creative Commons BY-NC-ND 4.0 license. 
You are free to share or distribute this newsletter as long as you do not sell or modify it. For past editions or translated versions, visit Editorial Board: Bill Wyman, Walt Scrivens, Phil Hoffman, Bob Rudis, Cheryl Conley          /securethehuman           @securethehuman

This article can be found online:  HERE

Contacting Virsage:

View/Submit Tickets Online, Find Answers Online

Register at so that you can submit tickets, view/update your existing tickets, and search the knowledge base.   

  • Click here for information about registering to use the online ticketing portal.  
  • Click here for information on using our knowledge base. 
  • Click here to see how to view and update your support tickets.
  • Rate our service and subscribe to the newsletter to get updates from Virsage Support.


Critical or Urgent Issues

During business hours
Submit a ticket via the website at and mark the ticket as ’Priority 1’
……..  OR   ….…
Send an email including the word 'Urgent' in the subject line to
Outside of business hours
Submit a ticket via the website at and mark the ticket as ’Priority 1’
……..  OR   ….…
Send an email including the word 'Urgen't in the subject line to
……..  OR   ….…
Leave a voice mail 720-881-3800.  All of these will page the on-call technician.

Enter to win one of three (3) Amazon Gift Cards for $100 each:


Read more »