RSS Feed
Latest Updates
May
16
Virsage Update: WannaCry and other Ransomware
Posted by Andrea Montgomery on 16 May 2017 08:47 AM

There has been a lot of concern (and rightfully so) in regards to the WannaCry outbreak over the weekend. While the scale of last weekend’s attack grabbed the attention of the media, this type of threat has been present for several years.  We have seen a steady increase in the number of these attacks with the trend only increasing.  Reports of the industry reaching $1 billion in 2016 across various versions of these exploits has caused a shift in how companies are viewing this threat.  At Virsage we have taken a multi-dimensional approach to protecting our customers’ data. 

  1. Data Backups – Data backups are the foundation for ensuring that data is recoverable when a ransomware attack starts.  In the event that a ransomware attack is successful, having the ability to restore files quickly is key.
  2. Software Restriction – Our team is continually honing the types of files and locations that users can knowingly or unknowingly run them from.  While the effect of this facet of protection can cause issues with some legitimate applications that are corrected on a case by case basis, the rule in today’s network is “Deny by default”.
  3. Patch Management – Many of the ransomware strains take advantage of exploits in older versions of code that have been addressed by patches or updates.  Ensuring that your operating systems and applications are up to date helps to block potential threats.
  4. Anti-Virus/Malware Protection – AV and malware products today go beyond just looking at a virus definition file to identify threats.  With advanced pattern and user behavior recognition, they can shut down a suspected threat before it is able to execute.
  5. Network Security – Threats are everywhere on the Internet.  All traffic inbound and outbound is scanned with the “Deny by default” rule being put in to use again.
  6. Employee Education – Perhaps the biggest hole in the security wall is the end user.  As the threats become harder and harder to differentiate from a legitimate email, busy employees are quick to click on the malicious links. Phishing and Social Engineering training campaigns are a fundamental part of a comprehensive security policy. Virsage provides a monthly newsletter that can also be found on our news feed at support.virsage.com where we offer ongoing user education.

We appreciate the trust that you put in Virsage as your IT provider and we work hard every day to ensure the security of your data.  



Read more »



May
9
Tips from Virsage: Internet of Things - May 2017
Posted by Andrea Montgomery on 09 May 2017 10:39 AM

Tips from Virsage: Internet of Things

May 2017

 

Internet of Things (IoT)

What Is the Internet of Things (IoT)

In the past, technology was relatively simple; you just connected your computer to the Internet and used it for your daily activities. However, technology became more advanced  when mobile devices  came into our lives, devices such as smartphones and tablets. These devices put the power of desktop computers into our pockets.  While  far more  mobile, these  devices also brought their own, unique security challenges. The next big technical advancement is the Internet of Things. The Internet of Things, often shortened to IoT, is all about connecting everyday devices to the Internet, devices from doorbells and light bulbs to toy dolls and thermostats. These connected devices can make our lives much simpler; for example, having your lights automatically activate as your phone recognizes when you get close to home. The IoT market is moving at an amazing pace, with new devices appearing every week. However, like mobile devices, IoT devices also come with their own individual security issues. In this newsletter, we help you understand what those risks are and what you can do to secure your IoT devices, your home, and your family.

Guest Editor

James Lyne (@jameslyne) is global head of security research at the security firm Sophos. A self- professed ‘massive geek,’ his technical expertise spans a variety of the security domains. He is a certified instructor at the SANS institute and often a headline presenter at industry conferences.

Issues With IoT

The power of IoT is that most of these devices are simple. For example, you simply plug your coffee machine in and it asks to connect to your home Wi-Fi network. However, all that simplicity comes at a cost. The biggest problem with IoT devices is that many of the companies making them have no experience with security. Instead, their expertise is manufacturing household appliances. Or perhaps they are a startup trying to develop a product the most efficient, fastest way possible, such as on Kickstarter. These organizations are focusing on profits, not cyber security. As a result, many IoT devices purchased today have little or no security built into them. For example, some have default passwords that are well known, perhaps even posted on the Internet, and cannot be changed. In addition, many of these devices have no option or ability to configure them; you’re stuck with whatever was shipped. To make matters worse, many of these devices can be difficult to update or may not even have the capability. As a result,  many  of the IoT devices you are using  can quickly  become  out of date  with known vulnerabilities that cannot be fixed, leaving you permanently vulnerable.

Protecting Your IoT Devices

So what can you do? We definitely want you to leverage the power of IoT devices securely and effectively. These devices can provide wonderful features that can make your life simpler, help save money, and increase the physical security of your home. In addition, as the technology grows, you  may have no choice but to purchase or use IoT devices. Here are some steps you can take to protect your IoT devices and yourself:

  • Connect Only What You Need: The simplest way to secure an IoT device is to not connect it to the Internet. If you don’t need your device to be online, don’t connect it to your Wi-Fi network.
  • Separate Wi-Fi network: If you do need your IoT devices online, consider creating a separate Wi-Fi network just for them. Many Wi-Fi access points have the ability to create additional networks, such as a Guest network. Another option is to purchase an additional Wi-Fi access point just for IoT devices. This keeps your IoT devices on an isolated network, where they cannot be used to harm or attack any computer or mobile devices connected to your primary home network (which is still the main interest of cyber criminals).
  • Update When Possible: Just like your PC and mobile devices, keep your IoT devices up to date. If your IoT device has the option to automatically update, enable that.
  • Strong Passwords: Change any passwords on your IoT device to a unique, strong passphrase only you know. Can’t remember all of your passphrases? Don’t worry, neither can we. Consider using a password manager to securely store all of them.
  • Privacy Options: If your IoT device allows you to configure privacy options, limit the amount of information it shares. One option is to simply disable any information sharing capabilities.
  • Consider Replacement: At some point, you may want to replace an IoT device when your existing one has too many known vulnerabilities that cannot be fixed or there are newer devices that have far more security built into them.

There is no one size fits all for every device, so it is worth checking for best practices and any publications on how to secure them. Unfortunately, most IoT devices were not developed with cyber security in mind, so many manufacturers do not provide much security information. But as awareness for cyber security grows, we hope to see more and more IoT vendors build security into their devices and provide more information on how to protect and update them.

 

Meeting NERC CIP Training Requirements

SANS has developed training for electric utility organizations subject to the NERC CIP Reliability Standards. Learn how SANS can help you meet the training requirements in NERC CIP-004 and CIP-003. http://securingthehuman.sans.org/u/gY8

Resources

Passphrases:                                            https://securingthehuman.sans.org/ouch/2015#april2015 

Password Managers:                                https://securingthehuman.sans.org/ouch/2015#october2015

Securing Your New Tablet:                      https://securingthehuman.sans.org/ouch/2016#january2016

Securing Your Home Network:                 https://securingthehuman.sans.org/ouch/2016#february2016,,

License

OUCH! is published by SANS Securing The Human and is distributed under the Creative Commons BY-NC-ND 4.0 license. You are free to share or distribute this newsletter as long as you do not sell or modify it. For past editions or translated versions, visit securingthehuman.org/ouch/archives. Editorial Board: Bill Wyman, Walt Scrivens, Phil Hoffman, Bob Rudis, Cheryl Conley

securingthehuman.org/blog             /securethehuman          @securethehuman            securingthehuman.org/gplus

 


Read more »



Apr
11
Tips from Virsage: CEO Fraud - April 2017
Posted by Andrea Montgomery on 11 April 2017 12:03 PM

Tips from Virsage: CEO Fraud

April 2017

CEO Fraud

What Is CEO Fraud?

Cyber criminals are sneaky—they are constantly coming up with new ways to get what they want. One of their most effective methods is to target people like you. While cyber attackers have learned that unaware people are the weakest link in any organization, they have forgotten that knowledgeable people like OUCH! Readers [this newsletter] can be an organization’s best defense.

Cyber criminals have developed a new attack called CEO Fraud, also known as Business Email Compromise (BEC). In these attacks, a cyber criminal pretends to be a CEO or other senior executive from your organization. The criminals send an email to staff members like yourself that try to trick you into doing something you should not do. These types of attacks are extremely effective because the cyber criminals do their research. They search your organization’s website for information, such as where it is located, who your executives are, and other organizations you work with. The cyber criminals then learn everything they can about your coworkers on sites like LinkedIn, Facebook, or Twitter. Once they know your organization’s structure, they begin to research and target specific employees. They pick their targets based on their specific goals. If the cyber criminals are looking for money, they may target staff in the accounts payable department. If they are looking for tax information, they may target human resources. If they want access to database servers, they could target someone in IT.

 

Guest Editor

Angela Pappas is a director of information security training and awareness at Thomson Reuters. In her role, Angela is responsible for the ambassador program, eLearning, and educating employees about topics that pose a significant risk.

Once they determine what they want and whom they will target, they begin crafting their attack. Most often, they use spear phishing. Phishing is when an attacker sends an email to millions of people with the goal of tricking them into doing something, for example, opening an infected attachment or visiting a malicious website. Spear phishing is similar to phishing; however, instead of sending a generic email to millions of people, they send a custom email targeting a very small, select number of people. These spear phishing emails are extremely realistic looking and hard to detect. They often appear to come from someone you know or work with, such as a fellow employee or perhaps even your boss. The emails may use the same jargon your coworkers use; they may use your organization’s logo or even the official signature of an executive. These emails often create a tremendous sense of urgency, demanding you take immediate action and not tell anyone. The cyber criminal’s goal is to rush you into making a mistake. Here are three common scenarios:

  • Wire Transfer: A cyber criminal is after money.  This means they research and learn who works in accounts payable or the team that handles your organization’s finances. The criminals then craft and send an email pretending to be the targets’ boss; the email tells them there is an emergency and money has to be transferred right away to a certain account.
  • Tax Fraud: Cyber criminals want to steal information about your coworkers so they can impersonate employees for tax fraud. They research your organization and determine who handles employee information, for example, someone in human resources. From there, the cyber criminals send fake emails pretending to be a senior executive or someone from legal, demanding certain documents be provided immediately. 
  • Attorney Impersonation: Not all CEO Fraud attacks involve just email; other methods like the telephone can be used. In this scenario, criminals start by emailing you pretending to be a senior leader, advising you that an attorney will call about an urgent matter. The criminal then calls you pretending to be the attorney.  The criminal creates a tremendous sense of urgency as they talk about time-sensitive, confidential matters. This sense of urgency tricks you into acting right away. 

Protecting Yourself

So what can you do to protect yourself and your organization? Common sense is your best defense. If you receive a message from your boss or a colleague and it does not sound or feel right, it may be an attack. Clues can include a tremendous sense of urgency, a signature that does not seem right, a certain tone you would never expect, or the name used in the email being different from what the person actually calls you. The attacker may even use an email address or phone number you have never seen before, or an email address that is similar to your coworker’s or boss’s email. When in doubt, call the person at a trusted phone number or meet them in person (don’t reply via email) and confirm if they sent the email. Never bypass security policies or procedures. Your organization may have policies that define proper procedures for authorizing the transfer of funds or the release of confidential information. Requests that attempt to bypass those policies, regardless of their apparent source, should be considered suspicious and be verified before any action is taken. If you receive such a request and are not sure what to do, contact your supervisor, the help desk, or information security team right away.

Tip of the Day

Every day we post a new tip on how to make the most of your time online and how to stay safe. Get your daily security

tips at  https://www.sans.org/u/iS7.

Resources

Social Engineering:       https://securingthehuman.sans.org/ouch/2014#november2014

Phishing:                        https://securingthehuman.sans.org//ouch/2015#december2015

What Is Malware:           https://securingthehuman.sans.org/ouch/2016#march2016

 Two-Step Verification:   https://securingthehuman.sans.org/ouch/2015#september2015 

Tip of the Day:               https://www.sans.org/tip-of-the-day

License

OUCH! is published by SANS Securing The Human and is distributed under the  Creative Commons BY-NC-ND 4.0 license. 
You are free to share or distribute this newsletter as long as you do not sell or modify it. For past editions or translated versions, visit securingthehuman.sans.org/ouch/archives. Editorial Board: Bill Wyman, Walt Scrivens, Phil Hoffman, Bob Rudis, Cheryl Conley securingthehuman.sans.org/blog          /securethehuman           @securethehuman       securingthehuman.sans.org/gplus

This article can be found online:  HERE

Contacting Virsage:

View/Submit Tickets Online, Find Answers Online

Register at support.virsage.com so that you can submit tickets, view/update your existing tickets, and search the knowledge base.   

  • Click here for information about registering to use the online ticketing portal.  
  • Click here for information on using our knowledge base. 
  • Click here to see how to view and update your support tickets.
  • Rate our service and subscribe to the newsletter to get updates from Virsage Support.

 

Critical or Urgent Issues

During business hours
Submit a ticket via the website at support.virsage.com and mark the ticket as ’Priority 1’
……..  OR   ….…
Send an email including the word 'Urgent' in the subject line to support@virsage.com
 
Outside of business hours
Submit a ticket via the website at support.virsage.com and mark the ticket as ’Priority 1’
……..  OR   ….…
Send an email including the word 'Urgen't in the subject line to support@virsage.com
……..  OR   ….…
Leave a voice mail 720-881-3800.  All of these will page the on-call technician.



Enter to win one of three (3) Amazon Gift Cards for $100 each:   https://www.surveymonkey.com/r/amazongft


.

Read more »



Mar
15
Tips from Virsage: Ransomware - March 2017
Posted by Andrea Montgomery on 15 March 2017 10:00 AM

Tips from Virsage: Ransomware

March 2017

 

Ransomware

What Is Ransomware?

Ransomware is a special type of malware that is actively spreading across the Internet today, threatening to destroy victim’s documents and other files. Malware is software--a computer program--used to perform malicious actions. While ransomware is just one of many different types of malware, it has become very common because it is so profitable for criminals. Once ransomware infects your computer, it encrypts certain files or your entire hard drive. You are then locked out of the whole system or cannot access your important files, such as your documents or photos. The malware then informs you that the only way you can decrypt your files and recover your system is to pay the cyber criminal a ransom (thus the name ransomware). Most often, the ransoms must be paid in some form of digital currency, such as Bitcoin. Ransomware spreads like many other types of malware. The most common method involves emailing victims malicious emails, where cyber criminals trick you into opening an infected attachment or clicking on a link that takes you to the attacker’s website.

 

Guest Editor

Lenny Zeltser focuses on safeguarding customers’ IT operations at NCR Corp and teaches malware combat at the SANS Institute. Lenny is active on Twitter as @lennyzeltser and writes a security blog at zeltser.com.criminals trick you into opening an infected attachment or clicking on a link that takes you to the attacker’s website.

 

Should You Pay the Ransom?

That is a tough one. The problem is that the more often people pay these criminals when they are infected, the more motivated criminals are to infect others. On the other hand, you may have no other option to recover your files. Be warned though, even if you do pay the ransom, there is no guarantee you will get your files back. You are dealing with criminals; they may not decrypt the files, or even if they do provide you with a decryption method in exchange for payment, something may go wrong during the decryption process or your computer may be infected with additional malware.

 

Back Up Your Files

Perhaps the best way to recover from a ransomware infection and not pay a ransom is to recover your files from backups.

This way, even if you get infected with ransomware, you have a way of recovering files after rebuilding or cleaning up your computer. Keep in mind that if your backup can be accessed from the infected system, ransomware might delete or encrypt your backup files. Therefore, it’s important to back up files to reputable cloud-based services or to store your backups on external drives that are not always connected to your system. In addition, a common mistake that many people make with backups is to assume that it works without testing whether they can actually recover files. Be sure to regularly test that your backups are working, and confirm that you can recover the files you need should your system become infected with ransomware. Backups are important, as they also help you recover when you accidentally delete files or

your hard drive crashes.

Ransomware is a malware that, once it infects your computer, encrypts all the files on your computer, denying you access to them.

 

Further Protective Measures

Moreover, you can protect yourself from ransomware infections the same way you would against other types of malware: don’t get infected. Start by making sure that you have up-to-date anti-virus software from a trusted vendor. Such tools, sometimes called anti-malware software, are designed to detect and stop malware. However, anti-virus cannot block or remove all malicious programs. Cyber criminals are constantly innovating, developing new and more sophisticated malware that can evade detection. In turn, anti-virus vendors are constantly updating their products with new capabilities to detect malware. In many ways, it has become an arms race, with both sides attempting to outwit the other. Unfortunately, the bad guys are usually one step ahead, which is why you need to ensure you back up your files and employ these additional steps to protect yourself:

  • Cyber criminals often infect computers or devices by exploiting vulnerabilities in your software. The more current your software is, the fewer known vulnerabilities your systems have and the harder it is for cyber criminals to infect them. Therefore, make sure your operating systems, applications, and devices are enabled to automatically install updates.
  • On computers, use a standard account that has limited privileges rather than privileged accounts such as “Administrator” or “root.” This provides additional protection by preventing many types of malware from being able to install themselves.
  • Cyber criminals often trick people into installing malware for them. For instance, they might send you an email that looks legitimate and contains an attachment or a link. Perhaps the email appears to come from your bank or a friend. However, if you were to open the attached file or click on the link, you would activate malicious code that installs malware on your system. If a message creates a strong sense of urgency, is confusing, seems too good to be true, or has poor grammar, it could be an attack. Be suspicious, common sense is often your best defense.

Protect yourself from ransomware by remaining vigilant when opening email attachments or clicking on links, ensuring that you have updated anti-virus software, and confirming that your files are regularly backed up and can be restored.

 

An Easier Way to Manage Your Security Awareness Program 

SANS Institute’s new Advanced Cybersecurity Learning Platform (ACLP) makes deploying, maintaining, and measuring awareness programs easier and more effective. Learn more at https://securingthehuman.sans.org/u/jGf.

 

Resources

Phishing:                        https://securingthehuman.sans.org//ouch/2015#december2015

What Is Malware:           https://securingthehuman.sans.org/ouch/2016#march201 

Encryption:                    https://securingthehuman.sans.org/ouch/2016#june2016

Backups:                        https://securingthehuman.sans.org/ouch/2015#august2015

Microsoft Article:            https://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspx

SANS FOR610 Course - Reverse Engineering Malware:              https://sans.org/for610

 

License

OUCH! is published by SANS Securing The Human and is distributed under the  Creative Commons BY-NC-ND 4.0 license.

You are free to share or distribute this newsletter as long as you do not sell or modify it. For past editions or translated versions,

visit securingthehuman.sans.org/ouch/archives. Editorial Board: Bill Wyman, Walt Scrivens, Phil Hoffman, Bob Rudis, Cheryl Conley

securingthehuman.sans.org/blog          /securethehuman           @securethehuman       securingthehuman.sans.org/gplus

 

This article can be found online HERE

 

Contacting Virsage:

 

View/Submit Tickets Online, Find Answers Online

Register at support.virsage.com so that you can submit tickets, view/update your existing tickets, and search the knowledge base.   

  • Click here for information about registering to use the online ticketing portal.  
  • Click here for information on using our knowledge base. 
  • Click here to see how to view and update your support tickets.
  • Rate our service and subscribe to the newsletter to get updates from Virsage Support.

 

Critical or Urgent Issues

During business hours

Submit a ticket via the website at support.virsage.com and mark the ticket as ’Priority 1’

……..  OR   ….…

Send an email including the word Urgent in the subject line to support@virsage.com

Outside of business hours

Submit a ticket via the website at support.virsage.com and mark the ticket as ’Priority 1’

……..  OR   ….…

Send an email including the word Urgent in the subject line to support@virsage.com

……..  OR   ….…

Leave a voice mail 720-881-3800.  All of these will page the on-call technician.

 

Please provide the following information on all support requests:

  • Your Name
  • Company Name
  • Location (ie: what branch, working at home)
  • Phone Number and email address
  • Summary of the issue/request
  • When did the problem start?
  • Requested due date
  • Is the issue effecting other users, if so, specify username/locations
  • Any recent changes you are aware of?
  • Is the system down

NOTE:  Your subject line and description helps us reply more effectively, please provide as much information as possible.


 


Read more »



Mar
13
Internet Service Provider Outages in the Denver Area - 3/13/17 10:45am MT
Posted by Andrea Montgomery on 13 March 2017 11:01 AM
There are multiple outages in the greater Denver area impacting internet connectivity.  If you are experiencing an issue with your connection to the internet, we can assist you in determining if it is related to your internet service provider and we can help you open a case with your provider.  Please submit a ticket if you need assistance.   

http://downdetector.com/status/comcast-xfinity/map/**This issue was resolved by Comcast by approximately 11:45am MT

**This issue was resolved by Comcast by approximately 11:45am MT on 3/13/17

Read more »