Petya Ransomware – A Post From Our Partner Fortinet

Petya Ransomware

Following closely on the heels of WannaCry, a new ransomware variant known as Petya began sweeping across the globe, impacting a wide range of industries and organizations including critical infrastructure such as energy, banking, and transportation systems. FortiGuard Labs sees this as much more than a new version of ransomware. Rather it is representative of a new wave of multi-vector ransomware attacks that Fortinet is calling “ransomworm”, which takes advantage of multiple, timely exploits. In doing so, ransomworm is designed to move swiftly across multiple systems on its own, rather than staying in one place or requiring end user action.

Also, rather than focusing on a single organization, this type of attack uses a broad-brush approach that targets any device it can find with one or more of the target vulnerabilities to exploit. In this case, it appears that the attack can start with the distribution of an Excel document that exploits a known Microsoft Office vulnerability. However, because additional attack vectors were used (such as delivery via Windows Management WMIC), patching alone is inadequate to completely stop this ransomworm, which means that patching needs to be combined with good security tools and practices.

The Fortinet Security Fabric is providing comprehensive protection against the Petya ransomworm through several integrated and automated means, including automatic intrusion detection/prevention (IPS/IDS), malware protection (anti-virus), real-time analysis of suspicious code (FortiSandbox), and automated information sharing and more.

As the patch for one of the exploited vulnerabilities was issued by Microsoft earlier this year, we advise organizations to update their systems immediately. Older legacy systems and critical infrastructure are particularly vulnerable to this attack. However, given the multiple attack vectors, further security measures are needed.

Security Recommendations:

Our advice for organizations seeking to protect themselves from this malware include:

IT Department

  • Back up your critical systems’ files, and keep that backup offline
  • Ensure you have a ‘gold standard’ operating system disk and configuration, to allow you to reconstruct your desktop with confidence
  • Patch
  • Check the currency of your patches

Users

  • Don’t execute attachments from unknown sources

Security Operations

  • Push out signatures and AVs
  • Use sandboxing on attachments
  • Use behavior-based detections
  • At firewalls, look for evidence of Command & Control
  • Segment, to limit the spread of the malware and backup data being encrypted
  • Ensure that Remote Desktop Protocol is turned off, and/or is properly authenticated, and otherwise limit its ability to move laterally.

General Guidance

  • If affected, don’t pay
  • Share fact-of infiltration with trusted organizations, to assist with overall community efforts to diagnose, contain, and remedy

For more information about ransomware, please visit our Petya Central Content Hub.

For more information about Fortinet solutions to help stop ransomware, please visit our Enterprise Solutions Page.

Content written by Fortinet. CCNY Tech is a Fortinet reseller as a platinum partner.

On-Site Data Destruction

CCNY Tech is proud to offer on-site data destruction to our clients. Regardless of the industry of your company, nearly every disk drive containing device holds some form of data that can be considered “sensitive.” Some of your stored data may not be extremely sensitive, but what about bank statements, personal information, or even medical records? There is just certain information that needs to be completely destroyed, with no risk of that data falling into the wrong hands. This is where on-site data destruction becomes necessary.

Above all, the main reason any client would opt for on-site data destruction versus off-site is the added assurance that your company and/or customer information will never even leave your facility. When partnering with an on-site data destruction provider, you are given full transparency of the destruction process. Chain of custody concerns are also removed with on-site services. Customers can take comfort in the fact that there is no chance of the drives being mishandled during transportation resulting in a data breach.  

Data protection solutions are becoming increasingly more relevant to you and your company. If you are unfamiliar with data destruction and the whole IT Asset Disposition process, feel free to check out our website or call one of our trained ITAD experts today. We would be happy to discuss your company’s data security procedures, and to find a solution that works for you.

By Mike Buffa
CCNY Tech has a variety of ITAD related services including on site data destruction.  CCNY Tech also sell new IT equipment such as servers, networking, and storage equipment, along with custom configurations. Check out our site or call our team to learn more about our products and services! Visit Website

The 9 Steps to Network Security for Small Businesses

Small Business Owners: It’s Time

There are two main reasons why business owners are not taking proper steps to protect their networks; one reason is known as “security fatigue,” and the other reason is essentially denial. Security fatigue happens when cybersecurity becomes so overwhelming that business owners abandon practices altogether. Security is always changing and attacks are becoming more sophisticated, so some feel that their efforts are futile.

When business owners are in denial, however, they believe that they are not at risk of an attack. According to a poll, about 87 percent of small business owners do not feel that this is a legitimate threat. That same poll says that just 69 percent have measures in place to prevent attacks. These statistics leave an alarming number of small businesses without any intrusion detection/ prevention at all. Now let’s be clear here, data breaches are a real possibility for all companies, in all industries.

We understand that securing company networks, data, applications, and sensitive information can be terribly overwhelming. It can be even more stressful when customer information is on the line. As technology becomes more and more centralized in our businesses, our need for security becomes even greater. However, network security does not have to be as elaborate as you may think. While it is critical, it can be easily implemented and maintained.

9 Simple Steps to Network Security

1.Limit Your WiFi Range – Limiting your WiFi range is a simple way to help improve your network security. Having a WiFi range that extends further than your immediate building leaves your network more exposed to hackers. It may not seem like a likely issue, but it is more common than you may know.

2.Install a Firewall – A firewall is a very simple and manageable way to protect your network. Having a dedicated firewall allows for more in-depth inspection of packets entering your network. This helps to ensure a safer network for all employees, without creating a bottleneck for bandwidth.

A Fortinet Fortigate is a popular choice for business networks. They offer an array of security enforcement technologies and fight against advanced threats.

3.Physical Security – It can be very useful to keep your network infrastructure behind locked doors. Studies have found that the majority of breaches have been performed by employees – both intentionally and unintentionally. It can be best to keep network infrastructure off limits to anyone that does not need direct contact with it.

4.Educate Your Employees – Because inside accidents are so common, it may be beneficial to spend one day a quarter teaching best practices. This includes educating employees about opening certain emails, where to save company and customer data, spam filters, and clean desk policies, among others.

A clean desk policy means all employees keep company and customer data off of their desks when it is not being used. Any visitor, or even employees from other departments should not have the opportunity to view sensitive information.

Password training can also be beneficial. Not only is it important to not write down passwords, it is also helpful to use complex combinations and to change them frequently.

5.SSL and Encryption – Most businesses today have a website. If financial information passes through a website, it is up to the business to do their due diligence and protect that data to the best of their ability. A very easy way to kick this off is to enable SSL through your hosting provider. SSL stands for Secure Socket Layer and it ensures that everyone using your website has end to end (browser to server) encryption of their communication. This helps to protect against loss of data through packet sniffing.

6.Have a Centralized Accounting Server – In a world where over 80% of small businesses and over 60% of large businesses have reported being successfully hacked (according to cbsnews.com) it is vital to ensure timely forensics once an attack occurs. A centralized accounting server maintains logs from all devices on the network and can be used to determine the point of entry for an attacker, as well as their information (if the system isn’t compromised). These files are essential for damage control and future preparation.

7.Captive Portal on Access Points – Implementing captive portal for guest users on your network is a simple way to relieve some potential responsibility. This is done by ensuring guest users read and agree to an AUP (acceptable use policy) which explains acceptable use on your network. If a guest then uses your network to commit a crime in some way, your business is no longer liable for their actions.

8.Avoid BYOD – All management and employees should avoid using their personal devices for work. When office workers use personal phones, tablets, laptops, etc. at the job site, they open up the network to a number of threats. When connecting outside devices to the company network, it is then exposed to any viruses and threats that they may have been carrying. Likewise, when an employee brings work home on personal phones and computers, they compromise the work to the low level of security on their home network. Employee devices should not be connected to the company network and company work should not be brought home. This can leave a network very vulnerable.

9.Anti-virus and Automated Software Updates – Researching and installing proper antivirus is a great way to protect your network. Attacks can be hiding in all kinds of places and antivirus makes it just that much safer to visit websites and open emails.

Automated software updates are another helpful networking practice because it ensures that you are running the latest versions. Software updates often include patches to any issues in previous versions. This can include security leaks and holes. These updates run in the background, and even while you don’t notice that they are happening, they can be protecting your data.

CCNY Tech has a variety of products from some of the top names in the industry! We supply servers, networking, and storage equipment, along with custom configurations. Check out our site or call our team to learn more about our products and services! Visit our website to learn more at ccnytech.com.

The Basics of Making Passwords

Choosing a Secure Password

In today’s world, we all must create, remember, change, and update passwords. They are required for most of our devices and accounts: our computer, our phones, our social media, our bank accounts, etc. Passwords help to prevent other people from accessing our sensitive information. Some information, people do not mind others seeing; however, there is information out there, such as medical records and credit card information, that we would not like having in the wrong hands. Now take the stress of having your information compromised and the responsibility of correcting any issues and multiply it several equations to imagine the importance of security for companies. From small offices, to large corporations, every organization has some employee or customer data protected by passwords. This especially holds true for the individual use with computers, tablets, and mobile devices used on a daily basis.

Choose a Password that is Not Easily Identifiable

Choosing your name as your password for your account is not secure and it will also be easily guessed when another person tries to get into your account. This also applies to using usernames, partial or full, as the password.

Do NOT Make it THAT Easy

The first thing that pops into most people’s heads when they think of choosing a password is the word “password.” Do NOT use the word “password” as a password for any of your accounts as this is generally the first attempt by anyone wishing to break in.

Password Sharing

It is best to avoid password sharing whenever possible. It is tempting to let coworkers, friends, and family have access to our accounts, but sharing our passwords makes it less secure. The means by which we share also make it more susceptible, in some cases, to having your accounts compromised and valuable information unsecure. The more people that have your password, the more susceptible you are to the password getting into the wrong hands.

Password Strength

Use an appropriate mixture of alphanumeric values to ensure security. 123456 is not a good password and neither is qwertyuiop or abcdefg. Passwords should be long enough to be secure but still able to be remembered. Using the password a2b0333w9987u309e82@#4%^ would be a great password ideally but most likely difficult to remember. It is great to use phrases and sentences to help remember passwords. For example, “Alex goes swimming at 4:30 pm” can be used as a password Alexgoesswimmining@430pm. This style can also be used by using the first letter of memorable phrases to create passwords: Alex Loves Eating Pizza At 12 everyday to Alep@12everyday.

By: Jason Germond

CCNY Tech has a variety of products from some of the top names in the industry! We supply servers, networking, and storage equipment, along with custom configurations. Check out our site or call our team to learn more about our products and services! Visit our website to learn more at ccnytech.com.

Keeping Secure: Protect Yourself from Scammers Goin’ Phishin’

You may have seen it at one time or another, sitting in the office and you get a strange email from what appears to be your co-worker. Looking into this further, you approach your co-worker and find out this wasn’t them. In fact, they slightly changed the name to trick the recipient of the email into believing that they are someone else.

This is generally considered phishing. Phishing is a cyber act that uses tactics, such as made up emails and/or phone calls to get information, especially account numbers and credit cards. The end goal of phishing is generally to steal money. Phishing is illegal as it falls under identity theft.

 

Federal Trade Commission

If you fall a victim of phishing, be sure to report it through the Federal Trade Commission at www.ftc.gov/complaint. “The Federal Trade Commission encourages the use of up to date anti-virus and anti-spyware software and firewalls to prevent phishing while U.S. Computer Emergency Readiness Team reminds users to pay attention to URLs when entering personal information”(Phishing 101: Your Official Guide).

 

Report fake phone calls, within the United States, using the FTC Complaint Assistant form .

 

How Can a Person Protect Themselves Against Phishing?

Be aware of the signs:

 

Only give information on secured sites. An indication of a site being secure is the “s” after “http” in the url (ex. https://). It usually will also have a picture of a lock with the word “secure” next to it.

 

Phone Scams

You know your computer is not broken but somehow get a call telling you that someone wants to fix your computer. They don’t want to fix your computer; they want your money and personal information. Knowing what is out there and not being too trusting of every person helps to avoid being scammed. It’s okay to question things; in fact, it’s better to be safe than sorry.

 

There are also websites out there that are meant to be illegitimate to spoof and scam the person.  

 


Email Scams
: If something seems too good to be true it most likely is. A lot of the time, emails from phishing scams will have errors in grammar, especially since most professional companies proof their writing to minimize errors.

 

Others’ emails pretending to be someone they’re not

A majority of the time, messages contain noticeable errors. An example of this is a name spelled wrong. Let’s face it, if your friend’s email is really john.doe@website.com, an email from john.done@website.com is not your friend. Pay attention to details, as they may ask something strange such as credit card info or send a message totally different than how they usually write within their emails.  

 

In some cases, emails are slightly altered to trick a person into believing that they are a company that they truly aren’t. The company address may say that they are one company with one letter spelled wrong or different variation of the name to trick their audience.

 

Be careful of e-mail links. Put your cursor over the link but do not actually click on it. If the link does not match the words from the hyperlink, take note and do not click. Clicking links leaves your personal information along with your computer security vulnerable to cybercrimes.

 

CCNY Tech is a leader in IT Asset Disposition & E-Waste Disposal and offers a huge inventory of new, used and refurbished IT equipment.

CCNY Tech has been in business since 1988 and has built many long term relationships with companies, universities and other organizations by providing great value and outstanding customer service. Call CCNY Tech at 1-800-566-4786 or fill out the Contact Us form to learn how we can improve your IT requirements.

 

Top 7 Reasons Why Hiring an IT Company is a Good Financial Decision

The financial benefits to hiring an IT company instead of hiring an IT worker or additional IT workers is often overlooked. Hiring a full time IT worker for your company is expensive. There are many financial aspects to consider before hiring your own IT worker for your company.

1) Quickly Find Qualified People – Hiring an IT company gets the hiring process of IT staff accomplished without having to go through the HR process. IT companies have workers that have already gone through programs such as on the job training, education, and certifications. Workers coming from IT industries already have on-the-job experience and practice with other customer accounts.

2) No Commitment to Hiring – Possibility for Offering a Full Time Position – Some companies may find themselves in a position where the IT company that they are using for staffing provided them with a worker that does a lot within the company and becomes an asset. In some cases, the IT company may have criteria to ensure that the client does not take their workers. There are some ways of getting around this as some IT companies may require some monetary compensation for the help in filling their staff position. The benefit is that a person is not committed to hiring the person just because they work for them under the IT company.

3) Temporary Agency Takes on All Responsibility – The IT company has to deal with the risk involved in hiring a person to do the job. The insurance for the IT company’s member falls within the IT company, as they are responsible for their worker.

4) Cost Effective -A company needs to realize that an IT worker is going to need a salary. Adding to the salary, the worker will need paid time off(vacation, sick days, personal days, paid holidays, etc.), 401k, health insurance, etc. There will also be the cost of payroll and internal expenses.
Hiring an IT company gives a nice alternative to the costs of a full time IT worker considering the previous costs mentioned will be taken care of by the IT company that the worker comes from. For example, instead of paying an internal IT worker $50,000 for the company, the worker can be available to work as needed or on a contractual basis at a fraction of the cost.

5) Highly Productive – Since the workers hired from the IT company have a task to accomplish, they are there to just do the job and do it in a fast and efficient manner. The IT company already is aware that the worker they will provide the company has the experience and expertise needed to do the job that is required of them.

6) Specialized Skillset – The staff members that IT companies provide have skills that are added with the manner of the job. The IT company insures that they place the employee with the proper skillset to work within the company to get the project or requirement accomplished in a timely manner.

7) No Waste – With the ability to have an IT company’s worker on an as needed or contractual basis, the worker only works when needed. If there is only 20 hours of work needed, a company may contact the IT company to get a worker for those hours that they need. There will be no time spent waiting around for IT work to be created for the staff member, as would happen if that company hired a full-time IT staff member.

How does this work?

IT Companies have a full staff of engineers readily available for contracts or on an as needed basis to help with projects or emergency break/fix or recovery situations. Call an IT company that offers IT staffing. If you need a person to be on site for a certain number of hours per week, no problem, there are companies that can do contracts for that.

CCNY Tech has been expanding our regional IT services. To speak with a representative about IT Services call 315-724-2209 ext. 210. CCNY Tech has the best solution to keep your IT Infrustructure safe and IT staffed at a great price and value.

By: Jason Germond, IT Sales Specialist
CCNY Tech has a variety of products from some of the top names in the industry! We supply servers, networking, and storage equipment, along with custom configurations. Check out our site or call our team to learn more about our products and services!

CCNY Helps to Protect Against Ransomware Attack

CCNY Tech is an IT hardware sales, maintenance, and recycling company, located in Utica, NY. In the IT business for over 25 years, this company has learned the ins and outs of the tech world and has some of the most knowledgeable engineers. CCNY Tech provides support throughout the lifecycle of the datacenter. They supply, install, maintain, decommission, refurbish, and recycle networking equipment. CCNY Tech is there for any step of the process for businesses like yours.

The Attack
A company was targeted by a ransomware attack. Our team helped to uncover that the version of the ransomware was fairly new, and goes by the name of SamSam. The attack appeared to be a variation of the Locky family of ransomware which is a fairly common attack in use. The attack can only be started/performed from within the network of the targeted company. The attackers managed to lock down all systems (PCs and Servers) at the location, and an affiliated location. All business orientated systems were affected.

Although the attack appeared at the company location, it then spread from there via the VPN tunnels built between each yard and the datacenter back at headquarters. The attackers appeared to have either had direct access to a domain administrator level account, or performed an elevation attack against the Active Directory environment using a lower level user account made into a domain administrator for the duration of the assault.

The attackers used the elevated account on all affected systems due to the flat active directory setup that is currently used by the company. This means that if someone has an elevated account at HQ or a satellite site,k they can affect systems at any other affiliated location connected to their system via VPN tunnel. This allowed the attackers to spread as quickly as they did and with little to no affect on their ability to spread the virus as fast as possible.

Our engineers were unsure if the Cisco Meraki units being used had all Advanced Security Services installed and configured to protect internal systems from this type of assault. The virus is designed to spread on its own within a network segment after the initial user directed payload is delivered into a network. The Meraki systems can be setup to check for activity taking place within a network segment that it has defined to protect against system to system virus jumps.

The Process
Remediation was done on a system by system basis with a full wipe and rebuild of all infected PCs and servers in an offline state at Rubicon. At the other location, we were able to shortcut the process by deploying a clean OS image and deploying it to all machines in the office. This necessitated the purchase of new OS licenses for some systems, and new business software licenses as well (Microsoft Office, etc.) which we were informed needed to be physical keys and not VLA or Subscription based.

Recommendations
Restructure the Active Directory and the Domain Structure for the entirety of Location using a parent child domain set up. Location would become the parent domain, making it the central domain controller for your company. Each location outside of the main facility would be added on as a child domain. The child domain is controlled by the Location parent domain and while it can interact with it, it cannot directly affect it. This is designed to prevent an administrator level account at affiliated location being used against Location or even a sister child domain.

Design and implement a new equipment policy for any IT equipment that is added to the company’s infrastructure. If a new device is going to be added into the domain and it is a server, ensure that it goes through a hardening process by adding all of Location security software and remote management software prior to going live. For PCs and Servers, inventory all licenses to be applied and maintain a centralized spreadsheet containing all existing or newly purchased licenses across the company. This will reduce the attack vector to a known source, and will allow for quicker recovery if a wipe and rebuild is needed for a new piece of equipment.

Updating and tweaking Firewall settings, starting with enabling firewall logging. This gives the admin the ability to go back and check for anomalies in your system that may have crossed your network. From the firewall, depending on the model and manufacturer you can block certain protocols that would allow for remote access of a system and only allow access from a specific outside IP addresses. You may also run web filtering to prevent users from accessing questionable content. Intrusion Prevention protocols and DNS filtering can also aid greatly in preventing outside attackers from gaining a foothold.

Implement a tiered backup solution that will do local backups of each location and will then store a copy of the data off site. This would allow a restoration of each location that goes down back to the most recent update. Have all documents and files be backed up to a file server, which would be regularly backed up itself, while also using redundant drive arrays.

Spam filtering if it has not been implemented or installed before your exchange server. This can be via Barracuda, Fortinet or any other vendor who provides either standalone appliances or Virtual Machines.

Sandboxing software/hardware installed at Location HQ to scrub and check all files being moved through the VPN tunnels between locations or too central. Several Vendors offer variations on this such as Fortinet, Sophos and MetaFlows, all of which will test any files in the network traffic and can be specifically invoked by the end users as well if they have any concerns.

Block USB ports on the majority of systems in the company to prevent people from bringing in and using non approved USB storage devices such as thumb drives, USB HDD drives, etc. This can be implemented either by 3rd party software or Microsoft Active Directory Group Policy.

Jason Germond, IT Sales Specialist
CCNY Tech is an IT sales and services company. For over 25 years, CCNY Tech has been supplying IT equipment as well as providing maintenance and IT recycling services. Partnering with some of the top brands in the industry, they are experts in equipment and custom configurations. CCNY Tech IT professionals provides custom solutions to businesses of all sizes. Learn more at ccnytech.com.