Someone clicks a link, 23 Texas Cities attacked with Ransomware

Someone clicks a link, 23 Texas Cities attacked with Ransomware

Ransomware hits 23 local Texas governments.

On August 16, the state of Texas reported that 23 local governments had been hit with a ransomware attack. The Texas Department of Information Resources stated in their report that the attacks were performed by a single threat actor. 

The affected government systems remain offline three days later. 

These attacks are growing more common.

Hackers have been increasingly targeting state and local governments with ransomware and having great success doing so. A trio of Florida cities were affected by ransomware in June. Those attacks cost upwards of $1.1 million. The city of Baltimore refused to pay a May ransomware attack and the estimate to rebuild the city’s systems is upwards of $18 million.

As of July 2019, ransomware attacks have hit at least 170 county, city, or state government systems in the United States since 2013. Moreover, 22 of those attacks occurred in the first half of 2019, according to The U.S. Conference of Mayors.

“Threat Education is a more critical component of cybersecurity than most are willing to recognize,” said Steve Condit, Director of Partner Development at ITonDemand. “Every staff member is a potential vulnerability. Proper cybersecurity training is a necessity for all organizations in 2019.”

What are some security best practices? 

  • It is everyone’s responsibility to remain cyber aware and practice information safety.
  • Do not open suspicious or unexpected links or attachments in emails.
  • Hover over hyperlinks in emails to verify they are going to the anticipated site.
  • Be aware of malicious actors attempting to impersonate legitimate staff, and check the email sender name against the sender’s email address.
  • Use unique strong passwords or pass-phrases for all accounts.
  • Do not provide personal or organizational information unless you are certain of the requestor’s authority, identity, and legitimacy.
  • Alert ITonDemand HelpDesk if you have any concerns about the legitimacy of any email, attachment, or link.

PHISHING

Download our infographic and learn how to identify a phishing scam when you see one.

Other Articles You Might Be Interested In:

Office365 is not a Disaster Recovery Plan

Office365 is not a Disaster Recovery Plan

Disaster recovery plans are vital, not just important. Data becomes lost, deleted, purged, corrupted, all the time. Without that measure in place, data is truly lost. There does seem to be confusion on what constitutes a Disaster Recovery plan, however. While many...

read more
Data Backups and Disaster Recovery

Data Backups and Disaster Recovery

Data backup is a critical part of an organization’s overall disaster recovery plan. The concept of data backup is simple: you make copies of your data and store them in a different location in case data is lost or destroyed.

read more

ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471

info@itondemand.com

800-297-8293

 

LookBack Malware Targets Utilities Companies

LookBack Malware Targets Utilities Companies

LookBack looks to shutdown US Utilities

The U.S. utilities sector is starting to see higher levels of spearphishing attacks using “LookBack” malware. 

According to a security researcher, spear phishing email campaigns have been identified containing the malware initially targeting three major US utilities companies. The fraudulent emails impersonate a U.S.-based engineering licensing board, with emails originating from a threat actor-controlled domain.

The emails contain Microsoft Word attachments that use macros to install and run the LookBack malware. The malware specifically contains a remote access Trojan (RAT) module and a proxy mechanism used for command and control (C&C) communication. As soon as the attachment was opened, LookBack was initiated.

What to watch for:

Any email that contains attachments should receive hyper-vigilance and speculation. If you employ advanced email security, emails are scanned for malicious content and attachments but you shouldn’t leave that to chance. 

July’s LookBack attacks on U.S. utilities have not been associated with a known actor, and no infrastructure or code overlaps were identified.

PHISHING

Download our infographic and learn how to identify a phishing scam when you see one.

Other Articles You Might Be Interested In:

Office365 is not a Disaster Recovery Plan

Office365 is not a Disaster Recovery Plan

Disaster recovery plans are vital, not just important. Data becomes lost, deleted, purged, corrupted, all the time. Without that measure in place, data is truly lost. There does seem to be confusion on what constitutes a Disaster Recovery plan, however. While many...

read more
Data Backups and Disaster Recovery

Data Backups and Disaster Recovery

Data backup is a critical part of an organization’s overall disaster recovery plan. The concept of data backup is simple: you make copies of your data and store them in a different location in case data is lost or destroyed.

read more

ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471

info@itondemand.com

800-297-8293

 

Video Conferencing Vulnerability

Video Conferencing Vulnerability

Zoom Vulnerability

A major security vulnerability was recently discovered that affects all Mac users who have used Zoom video conferencing.

This vulnerability also affects RingCentral users, as RingCentral white labels their video conferencing with Zoom.

This allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission.

A step further, the vulnerability allows any site to DOS (Denial-of-service) a Mac user by repeatedly joining them to an invalid call. 

On July 8th, Jonathan Leitschuh, a security researcher identified the vulnerability saying:

“Additionally, if you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your machine that will happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage. This re-install ‘feature’ continues to work to this day.”

Zoom CEO, Eric Yuan has stated that a recent update fixes the issue and emphasized an increased focus on security to further protect users privacy.

PHISHING

Download our infographic and learn how to identify a phishing scam when you see one.

Other Articles You Might Be Interested In:

Office365 is not a Disaster Recovery Plan

Office365 is not a Disaster Recovery Plan

Disaster recovery plans are vital, not just important. Data becomes lost, deleted, purged, corrupted, all the time. Without that measure in place, data is truly lost. There does seem to be confusion on what constitutes a Disaster Recovery plan, however. While many...

read more
Data Backups and Disaster Recovery

Data Backups and Disaster Recovery

Data backup is a critical part of an organization’s overall disaster recovery plan. The concept of data backup is simple: you make copies of your data and store them in a different location in case data is lost or destroyed.

read more

ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471

info@itondemand.com

800-297-8293

 

Phishing Emails Disguised as Office365 File Deletion Emails

Phishing Emails Disguised as Office365 File Deletion Emails

Threat Level: High

A recently-discovered phishing scam pretending to be from the “Office 365 Team” is trying to trick users into their log-in credentials.

The alert notifies the user of an unusual volume of file deletions and urges users to review the activity.

When redirected, the users are encouraged to log-in to a page that is hosted on Azure, increasing the perceived legitimacy of the phishing campaign. The hackers have even gone as far as securing the page with a certificate signed by Microsoft.

It’s important to remember that Microsoft login forms will be coming from microsoft.com, live.com, microsoftonline.com, and outlook.com domains only.

If you think you may have been deceived by a phishing scam, it’s important to contact ITonDemand urgently to begin Incident Response.

For more information on avoiding phishing scams, download our phishing infographic below.

PHISHING

Download our infographic and learn how to identify a phishing scam when you see one.

Other Articles You Might Be Interested In:

Office365 is not a Disaster Recovery Plan

Office365 is not a Disaster Recovery Plan

Disaster recovery plans are vital, not just important. Data becomes lost, deleted, purged, corrupted, all the time. Without that measure in place, data is truly lost. There does seem to be confusion on what constitutes a Disaster Recovery plan, however. While many...

read more
Data Backups and Disaster Recovery

Data Backups and Disaster Recovery

Data backup is a critical part of an organization’s overall disaster recovery plan. The concept of data backup is simple: you make copies of your data and store them in a different location in case data is lost or destroyed.

read more

ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471

info@itondemand.com

800-297-8293

 

Intel chip flaw presents vulnerability from “Zombieload”

Intel chip flaw presents vulnerability from “Zombieload”

Threat Level: High

Intel announced last week, in what seemed to be a busy week for bugs, a critical flaw in their processors dating back to 2011.

The flaw is linked to the processor’s “zombie load” function, giving it its name. Zombie load occurs when a computer processor can’t properly process a load of data and needs to ask for help in order to prevent a crash. This function has been exploited to allow hackers to grab any data that was recently been accessed by the processor.

Intel processors are in 76.8% of computers worldwide. That includes both PC and Mac.

Protecting your machine

Microsoft, Google, and Apple have all released patches to address the vulnerability. Rather than clicking “Remind me tomorrow”, it’s vital to update your computer in a timely manner. 

However, due to the nature of a hardware flaw, the vulnerability will never truly be eliminated.

While Intel itself only rated the threat as “medium”, security experts are fearing it is much worse. “On a scale of 1 to 10, this is ’10’ serious,” said Robert Siciliano, CEO of Safr.me.

What we are doing about it:

ITonDemand is approving the recommended patches and will be sending them out to our user’s machines.

PHISHING

Download our infographic and learn how to identify a phishing scam when you see one.

Other Articles You Might Be Interested In:

Office365 is not a Disaster Recovery Plan

Office365 is not a Disaster Recovery Plan

Disaster recovery plans are vital, not just important. Data becomes lost, deleted, purged, corrupted, all the time. Without that measure in place, data is truly lost. There does seem to be confusion on what constitutes a Disaster Recovery plan, however. While many...

read more
Data Backups and Disaster Recovery

Data Backups and Disaster Recovery

Data backup is a critical part of an organization’s overall disaster recovery plan. The concept of data backup is simple: you make copies of your data and store them in a different location in case data is lost or destroyed.

read more

ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471

info@itondemand.com

800-297-8293

 

Microsoft Warns of a “Monster” Computer Bug

Microsoft Warns of a “Monster” Computer Bug

Microsoft has announced a vulnerability found in older versions of its Windows Operating Systems. The affected systems include Windows 7, Windows 2003, Windows XP, and Server 2008.

This unusual step for Microsoft, patching outdated systems, really hints at the severity of the uncovered vulnerability.

Microsoft announced the bug on Tuesday in a blog post saying “future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe.”

This vulnerability is being compared to the WannaCry worm that corrupted 200,000 systems just two years ago. Microsoft has said that they haven’t seen an example of anyone capitalizing on this vulnerability but considers it “highly likely”.

While normally Microsoft wouldn’t issue updates for the affected obsolete systems, it has rolled out patches to secure this vulnerability.

Windows 8 and 10 users are unaffected.

What we are doing about it:

ITonDemand is approving the patches from Microsoft and will be sending them out to our user’s machines. It is also important to make the transition from outdated systems, such as Windows 7, to Windows 10.

PHISHING

Download our infographic and learn how to identify a phishing scam when you see one.

Other Articles You Might Be Interested In:

Office365 is not a Disaster Recovery Plan

Office365 is not a Disaster Recovery Plan

Disaster recovery plans are vital, not just important. Data becomes lost, deleted, purged, corrupted, all the time. Without that measure in place, data is truly lost. There does seem to be confusion on what constitutes a Disaster Recovery plan, however. While many...

read more
Data Backups and Disaster Recovery

Data Backups and Disaster Recovery

Data backup is a critical part of an organization’s overall disaster recovery plan. The concept of data backup is simple: you make copies of your data and store them in a different location in case data is lost or destroyed.

read more

ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471

info@itondemand.com

800-297-8293