Ransomware hit a Michigan Doctor’s Office, The Results were Catastrophic

Ransomware hit a Michigan Doctor’s Office, The Results were Catastrophic

In recent months, hackers have begun targeting doctors offices and hospitals, receiving roughly 34% of all ransomware attacks. In an unprecedented incident, it just cost two doctors their practice.

What happened

Last month, the offices of Brookside ENT in Battle Creek, Michigan, experienced a ransomware attack. The hackers encrypted patient information and demanded a ransom in exchange for a password to decode the information. 

Drs William Scalf and John Bizon decided not to pay the ransom.

The hackers then proceeded to delete all medical records for the patients. The doctors had no record of anything from appointments to surgery results.

Some who had just undergone surgery are having difficulty receiving follow up care because there is simply no record of their surgery.

And because there is no patient schedule the doctors have to wait at their practice for someone to show up. There isn’t even a way to call and inform their patients as there are no phone numbers on record.

Rather than try to rebuild their practice from scratch, Brookside ENT will permanently shut their doors on April 30th, 2019.

It could have been worse.

If the hackers would have been able to view the information, not only would that have resulted in a HIPAA violation on the part of the doctors but it also would have compromised the identity security of all the affected patients.

What other practices can learn

Protect Your Email

91% of all malware originates in an email. Because each email account is a potential vulnerability, it’s important to employ a spam filter as well as provide training to your employees on identifying threats.

“…Education about the risks and preparedness are as important as IT security measures for protecting individuals and assets from cyber attacks,” said Katherine Keefe, Beazley Breach Response Services Head in response to the Brookside Ransomware attack.

Use Endpoint Malware Security

In the event of a ransomware attack, endpoint malware security can block lateral movement. This isolates the attack to a single device rather than encrypting every device on a network.

Endpoint security can also block the ransomware’s download of encryption keys.

Small Business, Big Target

Repeatedly, hackers are targeting small business because they are viewed as easy targets.

61% of all cyber attacks target small business.

This doesn’t have to be the case for your business. ITonDemand offers affordable and scalable IT solutions to partner in the prevention of these types of attacks.

PHISHING

Download our infographic and learn how to identify a phishing scam when you see one.

Other Articles You Might Be Interested In:

What to do about Windows 7 End-of-life

What to do about Windows 7 End-of-life

Windows 7 End-of-life In case you are unaware -- Windows 7 is coming to an end. Microsoft has planned for this for a long time. However, most users have not it seems. According to web analytics vendor, Net Applications, Windows 7 actually saw its user share increase...

read more
Does this email smell phishy to you?

Does this email smell phishy to you?

How to identify if an email is a phishing attack 91% of all cyber attacks are delivered through an email. A company of 5,000 employees will receive an estimated 14,400 malicious emails per year. It’s not abnormal to receive phishing emails. It’s only dangerous if you...

read more

ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471

info@itondemand.com

800-297-8293

 

Beware of TrickBot

Beware of TrickBot

Malware attacks are on the rise, but thankfully, so is the vigilance of individuals and IT MSPs.  

However the next big threat is on the horizon. On March 14th, the Cybersecurity and Infrastructure Security Agency, a unit of the Department of Homeland Security, released a report on malware called TrickBot.

What is TrickBot?

“TrickBot is a modular banking trojan that targets user financial information and acts as a dropper for other malware”, said the report. It is using man-in-the-browser attacks to steal the log-in credentials for finance-related sessions.

How it’s working

This malspam is embedding itself in email attachments in familiar formats like Word or Excel documents disguised as accounting reports or invoices. Once opened, the attachment will “prompt the user to enable macros, which executes a VBScript to run a PowerShell script to download the malware.”

It makes sure it is not running in a “sandbox environment” and then attempts to disable your antivirus programs.

Once it has established itself on a device, TrickBot will begin two different attacks.

Redirection attacks send victims to fraudulent banking site replicas when they navigate to certain banking websites. This fake website is hosted on the cyber threat actor’s (CTA) malicious server and harvests the victim’s login information.

A server-side injection intercepts the response from a bank’s server, injects additional client-side code into the webpage, and can steal the victim’s banking credentials through form grabbing. Form grabbing records sensitive information typed into HTML forms, rather than capturing all keystrokes as with a keylogger.

TrickBot is also using the Server Message Block Protocol to spread itself laterally across networks.

What you should do

Prevention
Familiarize yourself and your staff with common phishing tactics. Education is the ultimate end-user security practice. This is a necessity for network security.

For ITonDemand clients, spam filtering and endpoint malware security are in place to secure you from the majority of cyber attacks.

For more information on phishing, download our infographic below.

Incident Recovery

  1. If you think you have been infected, take the device offline as soon as possible. This protects you from any further data loss or further system/network corruption.
  2. Change all passwords from the infected device from a secure device.
  3. Contact the ITonDemand HelpDesk to see what further damage mitigation needs to be done.

For the full white paper issued by CIS, click here.

PHISHING

Download our infographic and learn how to identify a phishing scam when you see one.

Other Articles You Might Be Interested In:

What to do about Windows 7 End-of-life

What to do about Windows 7 End-of-life

Windows 7 End-of-life In case you are unaware -- Windows 7 is coming to an end. Microsoft has planned for this for a long time. However, most users have not it seems. According to web analytics vendor, Net Applications, Windows 7 actually saw its user share increase...

read more
Does this email smell phishy to you?

Does this email smell phishy to you?

How to identify if an email is a phishing attack 91% of all cyber attacks are delivered through an email. A company of 5,000 employees will receive an estimated 14,400 malicious emails per year. It’s not abnormal to receive phishing emails. It’s only dangerous if you...

read more

ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471

info@itondemand.com

800-297-8293

 

SpamTitan provides increased Security and Accessibility

SpamTitan provides increased Security and Accessibility

Growing problems call for growing solutions.

In mid-February, ITonDemand began to roll out a new solution to our client base to address spam and phishing email. This solution, called SpamTitan, is a response to additional security concerns facing IT infrastructures across the nation.  

91% of all cyber attacks originate in an email. This issue is front of mind for us and we are continuously working to provide the best solution in terms of both security and productivity.

As part of this, ITonDemand clients began to receive a new daily spam quarantine report in mid-February.  We thought we’d take the time to outline some of the changes in this new tool.

What does SpamTitan do to make it more secure?

SpamTitan has multiple “layers” in its security that a message must pass through, like a gauntlet if you will.

First, it will check to see if the recipient actually exists. Next, it will test the message against a series of community support algorithms and blacklists known as RBLs or Real Black Lists.

Next, a message will check to see if the sender has a valid sender policy framework. This check significantly reduces the amount of spoofing our clients will experience. After that, the message is filtered for content, banned attachments, viruses, and internal spam algorithms. A large number of these various layers can be customized and are support by eResources’ ITonDemand, allowing us to deliver a much more secure, yet flexible, product to our clients.

What impact will this have on our clients day to day?

None!  We want your email to continue to flow while keeping you protected.

How much less spam can our clients expect to see in their inbox?

There is no silver bullet to spam, ransomware, phishing, etc and anyone who claims they have it is lying. We do expect, with SpamTitan, to see a decrease in spam, particularly cases of spoofing and phishing. With SpamTitan’s layers our clients should see a noticeable difference in the frequency of fraudulent emails.

Are there new features with SpamTitan for users?

SpamTitan allows users to manage their own whitelists and blacklists. This means users have the ability for direct involvement in their own security.

The quarantine digests are much easier to comprehend and allow you to more effectively manage messages in your quarantine directly from the digest, making decisions on what to do with quarantined items significantly more efficient.

Moving Forward

Should you have any questions on the functionality or use of SpamTitan, don’t hesitate to reach out to one of our IT experts.

Other Articles You Might Be Interested In:

What to do about Windows 7 End-of-life

What to do about Windows 7 End-of-life

Windows 7 End-of-life In case you are unaware -- Windows 7 is coming to an end. Microsoft has planned for this for a long time. However, most users have not it seems. According to web analytics vendor, Net Applications, Windows 7 actually saw its user share increase...

read more
Does this email smell phishy to you?

Does this email smell phishy to you?

How to identify if an email is a phishing attack 91% of all cyber attacks are delivered through an email. A company of 5,000 employees will receive an estimated 14,400 malicious emails per year. It’s not abnormal to receive phishing emails. It’s only dangerous if you...

read more

ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471

info@itondemand.com

800-297-8293

 

8 Password Laws to Live By

8 Password Laws to Live By

We need to talk about the “Janet” in your office. You know the one. Sticky notes all over the desk and monitor labeled:

“MailChimp: Username/Password1”

Passwords are the front line of defense to your business. In most cases, it’s all that separates someone from your email, computer and network access, and all the sensitive information contained.

Password policies are company-wide initiatives to make sure that that line of defense is as strong as possible.

Here are a few starters for setting up an effective password policy.

1. Change your password every 6 months.

Keeping passwords for too long opens you to more vulnerabilities over time. In the event of an unknown breach, changing passwords also block out unwelcome parties.

2. But keep your password for a minimum of 3 months.

Hackers often try to circumvent the “I forgot my password” system. By setting your systems to require a password be kept for 3 months without system administrator intervention, you reduce the window and probability that that type of attack could occur.

3. Don’t use an old password.

This is an easy one. Older passwords have been around longer, thus increasing the chances that they may have been compromised. In the event they were secure and just phased out, make sure you have changed the password 10 times since.

4. Use complex passwords

The more intricate you can make your password, the better. Use capitalization, numbers, and symbols. One way to make it easy to remember is by replacing letters for similar symbols. Like: P@$$w0rd – but don’t actually use “password.”

5. Password Length

This one is easy. 8 characters. MINIMUM.

6. Have you heard of passphrases?

Passphrases are pseudo-sentences that can be significantly longer than passwords.

Like: Please lease lemon pledge (because who is going to guess that?)

Using Passphrases instead of passwords is just another way to decrease the risk of an account being breached.

7. Password Expiration Emails

Automated emails notify employees when it is coming time to change a password. This keeps your employees aware of when passwords will need to be changed before getting locked out of an account.

8. “But keeping different complex passwords is difficult!”

It doesn’t have to be. Both Google and Apple have “keychain” features that store and update passwords as necessary.

If you are looking for a more secure option than something usable by anyone with access to your device, 1Password stores passwords securely and lets you use them while only having to remember one password.

Other Articles You Might Be Interested In:

What to do about Windows 7 End-of-life

What to do about Windows 7 End-of-life

Windows 7 End-of-life In case you are unaware -- Windows 7 is coming to an end. Microsoft has planned for this for a long time. However, most users have not it seems. According to web analytics vendor, Net Applications, Windows 7 actually saw its user share increase...

read more
Does this email smell phishy to you?

Does this email smell phishy to you?

How to identify if an email is a phishing attack 91% of all cyber attacks are delivered through an email. A company of 5,000 employees will receive an estimated 14,400 malicious emails per year. It’s not abnormal to receive phishing emails. It’s only dangerous if you...

read more

ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471

info@itondemand.com

800-297-8293

 

Office365 “Non-Delivery” Phishing Scam

Office365 “Non-Delivery” Phishing Scam

Below are two emails alleging to be Office365 informing the recipient of undelivered messages.  Can you spot which one is the phishing scam?

 

Email 1

Email 2

If you guessed that Email 1 is the phishing scam, you are correct! 

In a new phishing scam targeting Office365 users, hackers are attempting to steal login credentials to infiltrate business’ systems. When the user clicks “Send Again”, it takes users to a fraudulent Office365 login screen. After the information is entered, the site redirects to outlook, leaving the user believing they are in no danger.

This is an example of a high-level phishing scam. 

Quick Ways to Identify Phishing Scams

1. Always look at the URL

If the URL looks in any way incorrect, don’t enter your account information.

If redirected in this case, the URL on the fraudulent landing page is incorrect.

2. Specificity

Phishing scams will generally omit specific names, addresses, or titles and use phrases like “Dear User”

In this case, the email says “Your messages couldn’t be delivered” rather than “Your message to email@address.com couldn’t be delivered.”

3. Display Name

Make sure that the display name matches the URL from the email.

In the fraudulent email, the address is sent from the URL us.ibm.com, rather than as from Microsoft Outlook. 

What can you do?

“Education and vigilance are the best line of defense against these types of attacks,” said Steve Condit, Director of Partner Development for ITonDemand. Keeping you and your staff informed on what to look for is the most effective way to stay secure. 

If you have fallen victim to this scam, the best course of action is to make sure you change the affected passwords as well as any accounts or applications that may have been connected to the affected email address. 

If you still have concerns on how to keep your business secure, contact us here.

PHISHING

Download our infographic and learn how to identify a phishing scam when you see one.

Other Articles You Might Be Interested In:

What to do about Windows 7 End-of-life

What to do about Windows 7 End-of-life

Windows 7 End-of-life In case you are unaware -- Windows 7 is coming to an end. Microsoft has planned for this for a long time. However, most users have not it seems. According to web analytics vendor, Net Applications, Windows 7 actually saw its user share increase...

read more
Does this email smell phishy to you?

Does this email smell phishy to you?

How to identify if an email is a phishing attack 91% of all cyber attacks are delivered through an email. A company of 5,000 employees will receive an estimated 14,400 malicious emails per year. It’s not abnormal to receive phishing emails. It’s only dangerous if you...

read more

ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471

info@itondemand.com

800-297-8293

 

Is My Home Network Secure?

Is My Home Network Secure?

When you’re at work, you access your email, documents, financials, and so on with a certain level of assurance of security. You probably didn’t set up that business network though.

In a Gallup survey of 15,000 people, 43% cited some remote work. Of those working remote, how many don’t consider the security of their home network?

Most homeowners stick to the basics with their home network; functionality. After all, if it isn’t broke, don’t fix it.

But between online shopping, bill payment, and your client’s sensitive data, do you actually know if your home network secure?

Here are four steps you can take to make sure it is.

Change your router login

When you move into a new home, it’s exciting. You’re redecorating and getting your new accounts turned on and getting your cable and internet hooked up. The last thing on your mind is changing the login credentials of your router.

If you are using a router setup by your ISP, it’s likely that both your username and password are admin.

This is a serious security issue if left unaddressed. Unique login credentials are a basic line of defense.

To change your login:

  • Access the login screen to your router by entering the IP address of your router into the search bar.
  • Login using username and password found on the back or bottom of the router.

(Probably admin and admin)

  • Under Security Settings, select User.
  • This should bring you to a prompt to change the password.

While most routers are similar if you have issues contact your ISP for specific instructions.

Enable WPA2

Enabling WPA2 means that the data you share over your wireless network is encrypted. This protects sensitive information that may be transmitted.

You can use either WPA2 – Personal or WPA2 – Enterprise. Each has their strengths and weaknesses. If you are less tech-savvy, personal will work just fine for you.

To turn on WPA2:

  • While logged into your router, select the network you wish to change.
    • Either 2.4 GHz or 5 GHz
  • Under Basic or Security, select the encryption type you want to use.

Disable Your 2.4 GHz Network

Lower frequencies travel longer distances. This is why you can see your neighbors wifi and their clever network names. The only problem with this is that if they can see it so can potential hackers.

The 5GHz network is a more recent development. Because it operates at a higher frequency, it is limited by solid walls and won’t function outside of a home. Not all devices are compatible with a 5GHz network, such as iPhone 4s and earlier and even some tablets. Although, if you do a lot of streaming, you’ll enjoy faster speeds with 5GHz.  

To disable your 2.4GHz network:

  • While logged into your router, select 2.4GHz network.
  • Under Basic, select Disable 2.4GHz Wireless

Firewall

Firewalls are a front line of defense in network security. They limit traffic based on security rules. Most wireless routers come with some form of firewall. However, it may not be enabled by default.

To turn on your router’s firewall:

  • While logged into your router, select Access Control.
  • Select Firewall.
  • From the menu, you can select the level of security from the firewall.

    Better Safe than Sorry

    At ITonDemand, we are fully committed to secure systems, wherever they may be.

    Don’t neglect your home network. It may be out of sight, running peacefully in the background. But, it is a vital part of your data security.

    Other Articles You Might Be Interested In:

    What to do about Windows 7 End-of-life

    What to do about Windows 7 End-of-life

    Windows 7 End-of-life In case you are unaware -- Windows 7 is coming to an end. Microsoft has planned for this for a long time. However, most users have not it seems. According to web analytics vendor, Net Applications, Windows 7 actually saw its user share increase...

    read more
    Does this email smell phishy to you?

    Does this email smell phishy to you?

    How to identify if an email is a phishing attack 91% of all cyber attacks are delivered through an email. A company of 5,000 employees will receive an estimated 14,400 malicious emails per year. It’s not abnormal to receive phishing emails. It’s only dangerous if you...

    read more

    ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

    1423 Powhatan St, Alexandria, VA 22314

    233 SW 3rd St, Ocala, FL 34471

    info@itondemand.com

    800-297-8293