Phishing Emails Disguised as Office365 File Deletion Emails

Phishing Emails Disguised as Office365 File Deletion Emails

Threat Level: High

A recently-discovered phishing scam pretending to be from the “Office 365 Team” is trying to trick users into their log-in credentials.

The alert notifies the user of an unusual volume of file deletions and urges users to review the activity.

When redirected, the users are encouraged to log-in to a page that is hosted on Azure, increasing the perceived legitimacy of the phishing campaign. The hackers have even gone as far as securing the page with a certificate signed by Microsoft.

It’s important to remember that Microsoft login forms will be coming from microsoft.com, live.com, microsoftonline.com, and outlook.com domains only.

If you think you may have been deceived by a phishing scam, it’s important to contact ITonDemand urgently to begin Incident Response.

For more information on avoiding phishing scams, download our phishing infographic below.

PHISHING

Download our infographic and learn how to identify a phishing scam when you see one.

Other Articles You Might Be Interested In:

Data Backups and Disaster Recovery

Data Backups and Disaster Recovery

Data backup is a critical part of an organization’s overall disaster recovery plan. The concept of data backup is simple: you make copies of your data and store them in a different location in case data is lost or destroyed.

read more

ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471

info@itondemand.com

800-297-8293

 

Intel chip flaw presents vulnerability from “Zombieload”

Intel chip flaw presents vulnerability from “Zombieload”

Threat Level: High

Intel announced last week, in what seemed to be a busy week for bugs, a critical flaw in their processors dating back to 2011.

The flaw is linked to the processor’s “zombie load” function, giving it its name. Zombie load occurs when a computer processor can’t properly process a load of data and needs to ask for help in order to prevent a crash. This function has been exploited to allow hackers to grab any data that was recently been accessed by the processor.

Intel processors are in 76.8% of computers worldwide. That includes both PC and Mac.

Protecting your machine

Microsoft, Google, and Apple have all released patches to address the vulnerability. Rather than clicking “Remind me tomorrow”, it’s vital to update your computer in a timely manner. 

However, due to the nature of a hardware flaw, the vulnerability will never truly be eliminated.

While Intel itself only rated the threat as “medium”, security experts are fearing it is much worse. “On a scale of 1 to 10, this is ’10’ serious,” said Robert Siciliano, CEO of Safr.me.

What we are doing about it:

ITonDemand is approving the recommended patches and will be sending them out to our user’s machines.

PHISHING

Download our infographic and learn how to identify a phishing scam when you see one.

Other Articles You Might Be Interested In:

Data Backups and Disaster Recovery

Data Backups and Disaster Recovery

Data backup is a critical part of an organization’s overall disaster recovery plan. The concept of data backup is simple: you make copies of your data and store them in a different location in case data is lost or destroyed.

read more

ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471

info@itondemand.com

800-297-8293

 

Microsoft Warns of a “Monster” Computer Bug

Microsoft Warns of a “Monster” Computer Bug

Microsoft has announced a vulnerability found in older versions of its Windows Operating Systems. The affected systems include Windows 7, Windows 2003, Windows XP, and Server 2008.

This unusual step for Microsoft, patching outdated systems, really hints at the severity of the uncovered vulnerability.

Microsoft announced the bug on Tuesday in a blog post saying “future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe.”

This vulnerability is being compared to the WannaCry worm that corrupted 200,000 systems just two years ago. Microsoft has said that they haven’t seen an example of anyone capitalizing on this vulnerability but considers it “highly likely”.

While normally Microsoft wouldn’t issue updates for the affected obsolete systems, it has rolled out patches to secure this vulnerability.

Windows 8 and 10 users are unaffected.

What we are doing about it:

ITonDemand is approving the patches from Microsoft and will be sending them out to our user’s machines. It is also important to make the transition from outdated systems, such as Windows 7, to Windows 10.

PHISHING

Download our infographic and learn how to identify a phishing scam when you see one.

Other Articles You Might Be Interested In:

Data Backups and Disaster Recovery

Data Backups and Disaster Recovery

Data backup is a critical part of an organization’s overall disaster recovery plan. The concept of data backup is simple: you make copies of your data and store them in a different location in case data is lost or destroyed.

read more

ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471

info@itondemand.com

800-297-8293

 

Ransomware hit a Michigan Doctor’s Office, The Results were Catastrophic

Ransomware hit a Michigan Doctor’s Office, The Results were Catastrophic

In recent months, hackers have begun targeting doctors offices and hospitals, receiving roughly 34% of all ransomware attacks. In an unprecedented incident, it just cost two doctors their practice.

What happened

Last month, the offices of Brookside ENT in Battle Creek, Michigan, experienced a ransomware attack. The hackers encrypted patient information and demanded a ransom in exchange for a password to decode the information. 

Drs William Scalf and John Bizon decided not to pay the ransom.

The hackers then proceeded to delete all medical records for the patients. The doctors had no record of anything from appointments to surgery results.

Some who had just undergone surgery are having difficulty receiving follow up care because there is simply no record of their surgery.

And because there is no patient schedule the doctors have to wait at their practice for someone to show up. There isn’t even a way to call and inform their patients as there are no phone numbers on record.

Rather than try to rebuild their practice from scratch, Brookside ENT will permanently shut their doors on April 30th, 2019.

It could have been worse.

If the hackers would have been able to view the information, not only would that have resulted in a HIPAA violation on the part of the doctors but it also would have compromised the identity security of all the affected patients.

What other practices can learn

Protect Your Email

91% of all malware originates in an email. Because each email account is a potential vulnerability, it’s important to employ a spam filter as well as provide training to your employees on identifying threats.

“…Education about the risks and preparedness are as important as IT security measures for protecting individuals and assets from cyber attacks,” said Katherine Keefe, Beazley Breach Response Services Head in response to the Brookside Ransomware attack.

Use Endpoint Malware Security

In the event of a ransomware attack, endpoint malware security can block lateral movement. This isolates the attack to a single device rather than encrypting every device on a network.

Endpoint security can also block the ransomware’s download of encryption keys.

Small Business, Big Target

Repeatedly, hackers are targeting small business because they are viewed as easy targets.

61% of all cyber attacks target small business.

This doesn’t have to be the case for your business. ITonDemand offers affordable and scalable IT solutions to partner in the prevention of these types of attacks.

PHISHING

Download our infographic and learn how to identify a phishing scam when you see one.

Other Articles You Might Be Interested In:

Data Backups and Disaster Recovery

Data Backups and Disaster Recovery

Data backup is a critical part of an organization’s overall disaster recovery plan. The concept of data backup is simple: you make copies of your data and store them in a different location in case data is lost or destroyed.

read more

ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471

info@itondemand.com

800-297-8293

 

Beware of TrickBot

Beware of TrickBot

Malware attacks are on the rise, but thankfully, so is the vigilance of individuals and IT MSPs.  

However the next big threat is on the horizon. On March 14th, the Cybersecurity and Infrastructure Security Agency, a unit of the Department of Homeland Security, released a report on malware called TrickBot.

What is TrickBot?

“TrickBot is a modular banking trojan that targets user financial information and acts as a dropper for other malware”, said the report. It is using man-in-the-browser attacks to steal the log-in credentials for finance-related sessions.

How it’s working

This malspam is embedding itself in email attachments in familiar formats like Word or Excel documents disguised as accounting reports or invoices. Once opened, the attachment will “prompt the user to enable macros, which executes a VBScript to run a PowerShell script to download the malware.”

It makes sure it is not running in a “sandbox environment” and then attempts to disable your antivirus programs.

Once it has established itself on a device, TrickBot will begin two different attacks.

Redirection attacks send victims to fraudulent banking site replicas when they navigate to certain banking websites. This fake website is hosted on the cyber threat actor’s (CTA) malicious server and harvests the victim’s login information.

A server-side injection intercepts the response from a bank’s server, injects additional client-side code into the webpage, and can steal the victim’s banking credentials through form grabbing. Form grabbing records sensitive information typed into HTML forms, rather than capturing all keystrokes as with a keylogger.

TrickBot is also using the Server Message Block Protocol to spread itself laterally across networks.

What you should do

Prevention
Familiarize yourself and your staff with common phishing tactics. Education is the ultimate end-user security practice. This is a necessity for network security.

For ITonDemand clients, spam filtering and endpoint malware security are in place to secure you from the majority of cyber attacks.

For more information on phishing, download our infographic below.

Incident Recovery

  1. If you think you have been infected, take the device offline as soon as possible. This protects you from any further data loss or further system/network corruption.
  2. Change all passwords from the infected device from a secure device.
  3. Contact the ITonDemand HelpDesk to see what further damage mitigation needs to be done.

For the full white paper issued by CIS, click here.

PHISHING

Download our infographic and learn how to identify a phishing scam when you see one.

Other Articles You Might Be Interested In:

Data Backups and Disaster Recovery

Data Backups and Disaster Recovery

Data backup is a critical part of an organization’s overall disaster recovery plan. The concept of data backup is simple: you make copies of your data and store them in a different location in case data is lost or destroyed.

read more

ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471

info@itondemand.com

800-297-8293

 

SpamTitan provides increased Security and Accessibility

SpamTitan provides increased Security and Accessibility

Growing problems call for growing solutions.

In mid-February, ITonDemand began to roll out a new solution to our client base to address spam and phishing email. This solution, called SpamTitan, is a response to additional security concerns facing IT infrastructures across the nation.  

91% of all cyber attacks originate in an email. This issue is front of mind for us and we are continuously working to provide the best solution in terms of both security and productivity.

As part of this, ITonDemand clients began to receive a new daily spam quarantine report in mid-February.  We thought we’d take the time to outline some of the changes in this new tool.

What does SpamTitan do to make it more secure?

SpamTitan has multiple “layers” in its security that a message must pass through, like a gauntlet if you will.

First, it will check to see if the recipient actually exists. Next, it will test the message against a series of community support algorithms and blacklists known as RBLs or Real Black Lists.

Next, a message will check to see if the sender has a valid sender policy framework. This check significantly reduces the amount of spoofing our clients will experience. After that, the message is filtered for content, banned attachments, viruses, and internal spam algorithms. A large number of these various layers can be customized and are support by eResources’ ITonDemand, allowing us to deliver a much more secure, yet flexible, product to our clients.

What impact will this have on our clients day to day?

None!  We want your email to continue to flow while keeping you protected.

How much less spam can our clients expect to see in their inbox?

There is no silver bullet to spam, ransomware, phishing, etc and anyone who claims they have it is lying. We do expect, with SpamTitan, to see a decrease in spam, particularly cases of spoofing and phishing. With SpamTitan’s layers our clients should see a noticeable difference in the frequency of fraudulent emails.

Are there new features with SpamTitan for users?

SpamTitan allows users to manage their own whitelists and blacklists. This means users have the ability for direct involvement in their own security.

The quarantine digests are much easier to comprehend and allow you to more effectively manage messages in your quarantine directly from the digest, making decisions on what to do with quarantined items significantly more efficient.

Moving Forward

Should you have any questions on the functionality or use of SpamTitan, don’t hesitate to reach out to one of our IT experts.

Other Articles You Might Be Interested In:

Data Backups and Disaster Recovery

Data Backups and Disaster Recovery

Data backup is a critical part of an organization’s overall disaster recovery plan. The concept of data backup is simple: you make copies of your data and store them in a different location in case data is lost or destroyed.

read more

ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471

info@itondemand.com

800-297-8293