Office 365’s user numbers are expected to surpass 100 million in 2017. With the vast amount of data shared via email in the Office 365 Suite, a critical question IT admins should be asking is: How secure is it?

While Office 365 comes equipped with native security features, the suite doesn’t offer the layered security protection businesses need to safeguard data. You can reduce risks by implementing a layered security approach. The key layers include Policies & Training, Filtering & Encryption Services and Security Software.

 

Read More

Every smart device owner has most likely experienced one moment where they reached for their device and it wasn’t there.

After a short, frantic search with no results, the dreaded thought enters the mind: “What if I lost it?”

Because of the small size and portability of these devices, they are easily misplaced.

Their size sometimes makes it easy to forget the huge treasure trove of information these smart devices contain. Text messages from friends, work email accounts, pictures of loved one, apps to access bank accounts and social media, location history, and more.

If you lost your smart device, how would you mitigate the potential damage that could be caused if it fell into the wrong hands?

Fortunately, there a few proactive measures that can be taken to ease the mind, should this situation occur.

Read More

 

Every so often another data breach makes the headlines. Some big name company discloses the loss of user data including credentials. Here is a list of the major breaches that have occurred in 2017. Within days if not hours, that data becomes available for purchase on the dark web and eventually on the open web for anyone to download. Over time, security analysts reviewing this data overwhelmingly draw one conclusion from the data – users love to use insecure passwords and reuse those same passwords across multiple accounts.

So how do these analysts come to this conclusion? By simply correlating usernames across services and comparing passwords. Remember, usernames are typically an email address, first initial and last name or some other easy to guess or infer combination. A username in itself is nothing more than an identifier and has no inherent security. The password component of a login is the security component of a typical login.

All username / password combinations are a form of Type I authentication (AKA something you know) and are the least secure method of authentication. Many providers now offer a second layer of authentication based upon Type II authentication (AKA something you have). This is typically the delivery of a unique code to a device that you possess like a cell phone or tablet.

When this is combined with the existing login authentication, the result is called “Two Factor Authentication” or “2FA.” This type of authentication dramatically reduces the likelihood that some else can log in using your Type I credentials without your knowledge.

Unfortunately, many users don’t enable 2FA for sites that support it. The other common habit is password reuse – using the same password for more than one site or service. The danger comes from breach data dumps that get posted publicly. All that is necessary then is for a malicious actor to try that username / password combination on other high value sites – an attack called a Password Reuse Attack. If the password has been re-used by the user across more than one site, the result could range from a minor inconvenience to devastating.

REDUCING RISKS

So how does one reduce risk while maintaining convenience for the end user? Here are a few action items:

  1. Enable Two Factor Authentication (2FA) for all applications that support it
  2. Use a password manager to manage logins across applications like
    • LastPass
    • Intel True Key
    • Dashlane
    • RoboForm
    • KeePass (Local vault)
  3. Consider adding 2FA using something like Duo to all your applications.
  4. Require users use a password generator along with a password manager
  5. Force users to change passwords immediately when a breach or compromise is reported
  6. Set a policy for minimum password requirements (Length, complexity, etc)
  7. Require that users NOT reuse passwords. This is hard to enforce but make the policy anyway

Users will complain initially but once they learn new habits, your risk profile will be lower and you will rest easier. I personally don’t believe that resetting passwords on a regular basis has any redeeming value if your initial passwords are sufficiently complex and passwords are not reused. When users do change passwords on a regular basis, they usually make a minor change to their existing password and end up with a  bunch of similar passwords across accounts.  Users are also forced to re-authorize any account that changes on connected devices. Password managers and 2FA virtually eliminate this behavior. The better approach is to change passwords only when a compromise is suspected.

ONGOING AWARENESS KEY TO SUCCESSFUL SECURITY

The key to successful security is ongoing user awareness training along with providing the tools and procedures that make it easier for users to implement security.

If your users suspect they have been compromised, they can check using the site Have I Been Pwned. This site is maintained by Troy Hunt, a Microsoft Regional Director. Users simply enter their email address and get a list of sites that include their username. If they get any hits, the results will indicate whether or not password data was included. If they find a password compromise, they should reset their password at ALL SITES where that password was used. Then they should change it to something different at every site. Stay secure out there!

This morning a unique campaign targeting Macs has caught our attention. This attempt contained a .zip file carrying a Mac (OSX) trojan known as Aptordoc (OSX.Dok).

All of these emails contained the OSX Aptordoc trojan, however, some also had a Windows trojan downloader known as W97M.Dropper (Mal/DocLnk-B) attached, also like the example pictured below.  These messages were destined to our Switzerland clients with the .ch domain extension.

Mac can be susceptible to malicious attacks

There is a common misconception that Macs cannot be infected.

While we see less attempts targeting Macs, they are definitely susceptible to malicious attacks such as this.  Below is and example of the current malicious email that is making the rounds. Under the example image is a rough unedited Google Translation to English.

At AppRiver, our SecureTide spam and virus filtering team works 24/7/365 to protect our customers from these types of threats as they emerge.

OSX trojan aptordoc

Unedited Google Translation:

Display Name: Canton Police Zurich

Subject: Unsuccessful contact attempt

Good day.
My name is Walter Seeholzer, I am an inspector from the Zurich Criminal Investigation Department.
We have tried to get in touch with you to ask you some questions, but unfortunately we have been unsuccessful.
This document contains a list of questions as well as my telephone number.
Best regards,
Walter Seeholzer

Your personal data will not be shared with third parties outside the Group without your express consent.
All these data-receiving agencies ensure compliance with data protection and data security.

For the online ordering or the purchase of certain services and products, the registration and registration of your personal data is indispensable.
This is the only way you can access your MCC or estv can provide you with the invoices.

It would be difficult to overestimate the business risks of ransomware and malware attacks.

Malware volume skyrocketed in 2016, increasing by more than 800 percent from the previous year. With that number continuing to rise, it is easy to see the scope of the problem that all businesses face. No matter how small the business is, any type of company is a potential victim.

Ransomware can infiltrate your business through many entry points, including email via attachments, links and with social engineering and through your web browsers.

Follow these best practices to keep your business clear of ransomware and malware:

Multi-layer Security

Secure your network with multi-layer approach. Your organization should protect all security gaps by combining email and web security solutions with an endpoint anti-virus (AV) protection layer. Web protection platforms complement email security and AV endpoints by blocking malware at the source, and by scanning networks in search of previously untraced malware.

Embrace the Cloud

A cloud-based security strategy will allow all your solutions to be updated thousands of times per day to ensure protection from the newest tricks and tactics. Ransomware is capable of propagating to external backup solutions directly connected to a PC. If ransomware manages to execute and start encrypting files, an online backup solution can roll back all the information before infection, enabling you to undo any damage.

Email Security

The best way to deal with ransomware is eliminate the risk. Accomplish this with advanced spam filters that ban emails from regions where you aren’t conducting business. You may also want to adjust your security settings to block macro-embedded Word documents or Excel files – both are common entry points for ransomware.

Cyber extortionists and ransomware attempts are here to stay, and will continue to threaten businesses of all sizes. However, a little bit of education and the right solutions go a long way. Hackers are constantly adapting and improving their weapons of choice, so you must be diligent. Make sure your users are well educated, initiate a multi-layer security approach and have a thorough backup plan in place.

Looking for more ways to prevent and defeat ransomware in your business? Download our free “Business Guide to Ransomware: Understand, Analyze & Protect,”

The whitepaper includes greater detail on the points above, along with best practices for securing your network via:

  • JavaScript and macros
  • Auditing and monitoring
  • Patch management
  • Employee education