Someone clicks a link, 23 Texas Cities attacked with Ransomware

Someone clicks a link, 23 Texas Cities attacked with Ransomware

Ransomware hits 23 local Texas governments.

On August 16, the state of Texas reported that 23 local governments had been hit with a ransomware attack. The Texas Department of Information Resources stated in their report that the attacks were performed by a single threat actor. 

The affected government systems remain offline three days later. 

These attacks are growing more common.

Hackers have been increasingly targeting state and local governments with ransomware and having great success doing so. A trio of Florida cities were affected by ransomware in June. Those attacks cost upwards of $1.1 million. The city of Baltimore refused to pay a May ransomware attack and the estimate to rebuild the city’s systems is upwards of $18 million.

As of July 2019, ransomware attacks have hit at least 170 county, city, or state government systems in the United States since 2013. Moreover, 22 of those attacks occurred in the first half of 2019, according to The U.S. Conference of Mayors.

“Threat Education is a more critical component of cybersecurity than most are willing to recognize,” said Steve Condit, Director of Partner Development at ITonDemand. “Every staff member is a potential vulnerability. Proper cybersecurity training is a necessity for all organizations in 2019.”

What are some security best practices? 

  • It is everyone’s responsibility to remain cyber aware and practice information safety.
  • Do not open suspicious or unexpected links or attachments in emails.
  • Hover over hyperlinks in emails to verify they are going to the anticipated site.
  • Be aware of malicious actors attempting to impersonate legitimate staff, and check the email sender name against the sender’s email address.
  • Use unique strong passwords or pass-phrases for all accounts.
  • Do not provide personal or organizational information unless you are certain of the requestor’s authority, identity, and legitimacy.
  • Alert ITonDemand HelpDesk if you have any concerns about the legitimacy of any email, attachment, or link.

PHISHING

Download our infographic and learn how to identify a phishing scam when you see one.

Other Articles You Might Be Interested In:

Office365 is not a Disaster Recovery Plan

Office365 is not a Disaster Recovery Plan

Disaster recovery plans are vital, not just important. Data becomes lost, deleted, purged, corrupted, all the time. Without that measure in place, data is truly lost. There does seem to be confusion on what constitutes a Disaster Recovery plan, however. While many...

read more
Data Backups and Disaster Recovery

Data Backups and Disaster Recovery

Data backup is a critical part of an organization’s overall disaster recovery plan. The concept of data backup is simple: you make copies of your data and store them in a different location in case data is lost or destroyed.

read more

ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471

info@itondemand.com

800-297-8293

 

LookBack Malware Targets Utilities Companies

LookBack Malware Targets Utilities Companies

LookBack looks to shutdown US Utilities

The U.S. utilities sector is starting to see higher levels of spearphishing attacks using “LookBack” malware. 

According to a security researcher, spear phishing email campaigns have been identified containing the malware initially targeting three major US utilities companies. The fraudulent emails impersonate a U.S.-based engineering licensing board, with emails originating from a threat actor-controlled domain.

The emails contain Microsoft Word attachments that use macros to install and run the LookBack malware. The malware specifically contains a remote access Trojan (RAT) module and a proxy mechanism used for command and control (C&C) communication. As soon as the attachment was opened, LookBack was initiated.

What to watch for:

Any email that contains attachments should receive hyper-vigilance and speculation. If you employ advanced email security, emails are scanned for malicious content and attachments but you shouldn’t leave that to chance. 

July’s LookBack attacks on U.S. utilities have not been associated with a known actor, and no infrastructure or code overlaps were identified.

PHISHING

Download our infographic and learn how to identify a phishing scam when you see one.

Other Articles You Might Be Interested In:

Office365 is not a Disaster Recovery Plan

Office365 is not a Disaster Recovery Plan

Disaster recovery plans are vital, not just important. Data becomes lost, deleted, purged, corrupted, all the time. Without that measure in place, data is truly lost. There does seem to be confusion on what constitutes a Disaster Recovery plan, however. While many...

read more
Data Backups and Disaster Recovery

Data Backups and Disaster Recovery

Data backup is a critical part of an organization’s overall disaster recovery plan. The concept of data backup is simple: you make copies of your data and store them in a different location in case data is lost or destroyed.

read more

ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471

info@itondemand.com

800-297-8293

 

Video Conferencing Vulnerability

Video Conferencing Vulnerability

Zoom Vulnerability

A major security vulnerability was recently discovered that affects all Mac users who have used Zoom video conferencing.

This vulnerability also affects RingCentral users, as RingCentral white labels their video conferencing with Zoom.

This allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission.

A step further, the vulnerability allows any site to DOS (Denial-of-service) a Mac user by repeatedly joining them to an invalid call. 

On July 8th, Jonathan Leitschuh, a security researcher identified the vulnerability saying:

“Additionally, if you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your machine that will happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage. This re-install ‘feature’ continues to work to this day.”

Zoom CEO, Eric Yuan has stated that a recent update fixes the issue and emphasized an increased focus on security to further protect users privacy.

PHISHING

Download our infographic and learn how to identify a phishing scam when you see one.

Other Articles You Might Be Interested In:

Office365 is not a Disaster Recovery Plan

Office365 is not a Disaster Recovery Plan

Disaster recovery plans are vital, not just important. Data becomes lost, deleted, purged, corrupted, all the time. Without that measure in place, data is truly lost. There does seem to be confusion on what constitutes a Disaster Recovery plan, however. While many...

read more
Data Backups and Disaster Recovery

Data Backups and Disaster Recovery

Data backup is a critical part of an organization’s overall disaster recovery plan. The concept of data backup is simple: you make copies of your data and store them in a different location in case data is lost or destroyed.

read more

ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471

info@itondemand.com

800-297-8293

 

HR and IT; How to Hire and Fire

HR and IT; How to Hire and Fire

Imagine this

An employee comes into work, goes to log-in at his workstation only to be alerted that his password is incorrect. His email isn’t coming through on his phone. He walks to his boss’s office to notify him of the issue. 

He was going to be let go. Except the boss didn’t have that “meeting” scheduled until 11. 

Staff changes are tough. There is the onboarding process and all of the stress associated with getting a new employee up to speed on the office, clients, and technology needs. 

Then there’s the firing process. A former employee who still has access to a company’s network and proprietary corporate data is a security threat. Not only is it emotionally difficult but on the data security side, it’s important to ensure that access to vital information is properly restricted at an appropriate time

What steps should you take to coordinate human resources needs with your information technology support?

Hiring

All technology needs can (and should) be taken care of prior to an employees first day. With 3-5 days notice, IT can have a new employee breezing through their first day. Without that notice, it drastically extends the runway of an onboarding process. Here are a few ways to ensure it goes smoothly.

Devices-

Technology needs vary by position. Understanding those needs helps you to anticipate the employees first day.

Needs

  • Mobile Device
  • Laptop (PC or Mac)
  • Desktop
  • Additional Monitors

Relevant applications

Accountants need Quickbooks. Everyone needs Microsoft Office. With this in mind, having that step to an employees onboarding lets their focus be where it’s needed.

Bonus: If multiple log-ins are used across the business, applications like 1Password act as a team vault for your passwords. This can be useful for new hires with multiple logins but needs set up securely as it stores sensitive information.

Email

Similarly, IT support can have the employee’s email account created for them. The employee should really only have to type a password and be on their merry way.

Extra step? Bookmark their email login in their browser. 

Firing

As we pointed out earlier, termination can be tricky. It’s a fine balance between respect for the employee you are letting go and protection from disgruntled employees erasing valuable work. 

Communication

It is important that your company make note of who is responsible for notifying IT of the restrictions. When working with an internal IT department, make sure that only senior IT personnel are notified of the termination.

Timing

Timing is everything. With meetings scheduled for terminations, your IT support can cut access to vital documents in the time allotted during the meeting. 

Give your IT team 48 hours notice of the termination and tell them who and when. Make sure to double-check that the information is correct.

Remote Access

VPNs and remote desktops are forms of how an employee accesses their work network. That access is managed when the user account is created, disabled, or removed. In the case of a termination, access is revoked during the coordinated window. 

Repurposing Devices

After a termination, properly wipe any devices to make sure there is no remaining information from a previous employee. This way devices can be repurposed for future employee use.

How ITonDemand Handles It

Through our client portal, clients can submit requests to both add and remove users. Adding and removing users can be discreet, coordinated, and organized with the right IT partner. 

PHISHING

Download our infographic and learn how to identify a phishing scam when you see one.

Other Articles You Might Be Interested In:

Office365 is not a Disaster Recovery Plan

Office365 is not a Disaster Recovery Plan

Disaster recovery plans are vital, not just important. Data becomes lost, deleted, purged, corrupted, all the time. Without that measure in place, data is truly lost. There does seem to be confusion on what constitutes a Disaster Recovery plan, however. While many...

read more
Data Backups and Disaster Recovery

Data Backups and Disaster Recovery

Data backup is a critical part of an organization’s overall disaster recovery plan. The concept of data backup is simple: you make copies of your data and store them in a different location in case data is lost or destroyed.

read more

ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471

info@itondemand.com

800-297-8293

 

Phishing Emails Disguised as Office365 File Deletion Emails

Phishing Emails Disguised as Office365 File Deletion Emails

Threat Level: High

A recently-discovered phishing scam pretending to be from the “Office 365 Team” is trying to trick users into their log-in credentials.

The alert notifies the user of an unusual volume of file deletions and urges users to review the activity.

When redirected, the users are encouraged to log-in to a page that is hosted on Azure, increasing the perceived legitimacy of the phishing campaign. The hackers have even gone as far as securing the page with a certificate signed by Microsoft.

It’s important to remember that Microsoft login forms will be coming from microsoft.com, live.com, microsoftonline.com, and outlook.com domains only.

If you think you may have been deceived by a phishing scam, it’s important to contact ITonDemand urgently to begin Incident Response.

For more information on avoiding phishing scams, download our phishing infographic below.

PHISHING

Download our infographic and learn how to identify a phishing scam when you see one.

Other Articles You Might Be Interested In:

Office365 is not a Disaster Recovery Plan

Office365 is not a Disaster Recovery Plan

Disaster recovery plans are vital, not just important. Data becomes lost, deleted, purged, corrupted, all the time. Without that measure in place, data is truly lost. There does seem to be confusion on what constitutes a Disaster Recovery plan, however. While many...

read more
Data Backups and Disaster Recovery

Data Backups and Disaster Recovery

Data backup is a critical part of an organization’s overall disaster recovery plan. The concept of data backup is simple: you make copies of your data and store them in a different location in case data is lost or destroyed.

read more

ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471

info@itondemand.com

800-297-8293