Why it's important to update Flash

Flash is common enough to be a prime target for malware.  A new Adobe Flash exploit has been found allowing criminals to run malicious code.

Flash is susceptible to tampered files used to display multimedia, videos and animations while you are browsing the internet. This mainly affects desktops; however, it’s not an issue with servers since servers are less likely to have users on them browsing the internet.

Understanding the new Adobe Flash vulnerability

  • Taking a closer look at the cause for infections spreading through Adobe Flash, the risk usually lies in binary browser vulnerability within the .SWF files, where it is dropped by an undisclosed iframe.
  • Iframe is an inline frame. Back in the 90s, Microsoft came up with the idea for basic webpages to point to another page. This allowed a website to combine the content of its page with another. An iframe allows you to embed one site into another one seamlessly, with two different webpages displaying as one. Sounds like a great idea at the time, right?
  • It initially worked very well for Internet Explorer. What wasn’t foreseen was malware authors exploiting these iframe features.
  • This exploit affects only Internet Explorer users, which is why we urge everyone to use a more secure browser such as Firefox or Chrome. 

What does this Malware vulnerability do?

  • The injected iframe may have something subtly embedded such as a single pixel within the SWF file.
  • It’s high risk to Internet Explorer Users, where the Iframe can identified by its negative absolute positioning and random number approach.
  • The usual behaviour from these types of files will eventually take you to a currently black-listed blank domain.
  • This, of course, could change at any time. It could pose as a spoof site, aiming to steal data or to install malware.

How to protect yourself

The solution is simple, stay on top of your Adobe Flash updates. This is very important, especially if you use your web browser to do online gaming, stream music, watch videos and animations, such as on YouTube, which nearly always uses Adobe Flash Player.  By keeping updated with the latest Adobe updates, you’ll help to close down those vulnerabilities discussed above, and more.

Update_Adobe_Flash_Message

It’s good news if your choice of browser is Google Chrome. Chrome automatically updates your browser to the latest version of Adobe Flash.

All Onsite PC Solution Managed Services clients are automatically protected during their monthly maintenance.

To learn how to update Adobe Flash, please see our article Here (https://www.ophtek.com/should-you-update-adobe-flash/)

 

Read More


HIPAA_Compliance

Is your medical office HIPAA compliant? Here are 8 HIPAA technical requirements you should address to avoid fines that could cost tens of thousands.

In recent years, there’s been cases of data leaks either through innocent cases losing a notebook or information to leak in the office. Tighter IT security measures and policies can help prevent unauthorized access to medical data. We’ve compiled a list in-line with the HIPAA and Omnibus technical requirements and regulations.

Review for HIPAA Compliance

  • Assigning unique usernames– This helps to identify and track different users in Medical Office software containing patient health information.
  • Contingency procedures for accessing medical data in an emergency– A well-documented procedure that can appropriately guide any authorized staff to access protected medical information.
  • Logging off idle sessions– This is a good way to protect and minimize any unnecessary user load on the system, as well as preventing any potential unauthorized access to unattended endpoints.
  • Encryption and decryption of data– Put into place an encryption and decryption process when accessing or externally sending out any sensitive medical information.
  • Auditing systems– It’s strongly advised to run periodic audit controls on systems, including software, hardware, and not excluding, procedures, that use and hold confidential and sensitive medical information.
  • EPHI Integrity– Prevent any alteration of destruction of protected medical information by implementing effective procedures and clear procedures.
  • Authentication procedures– Authenticate authorized staff that are verified to be who they say they are and which are granted access to specific medical information.
  • Securing external transmissions of data– Implement technical and updated security processes to protect data from unauthorized access, especially when transmitted via any type of electronic communications network.

Next Steps

Now that you have a better idea hipaa technical requirements within the IT portion of the HIPPA regulations. The next step is to take action and formulate your own policies and procedures.

Most changes in procedures can be delivered as onsite training for staff, which in our experience is very effective. You may have the best tools in the industry to protect data, however it is also what staff do within these procedures that matters. For example, staff may occasionally share usernames and passwords, or even write them down on a Post-It note and leave these on their desks, all of which are prone to social engineering types of compromises. Not only is this a risk, but it also makes it difficult to audit and trace any work or process carried out on endpoints.

For more ways to secure your medical office technology to ensure HIPAA compliance, contact your local IT professionals.

Read More


Locked_Computer

Cryptowall can bring your business to a screeching halt. Here is how you can protect yourself against what’s becoming the most malicious malware of 2014.

You don’t need to end up in trouble.  We’ve outlined some very important guidelines on what to do to avoid an attack like Cryptowall and Cryptodefense:

  • Scan any email attachments that land on your email account– especially PDF attachments, which can be disguised as either payments, invoices, receipts, complaints and so forth. This is generally how this Trojan enters the system.
  • Avoid clicking on any advertisements– not only does this attack happen through attachments, they have also been identified through infected banners on different web pages. Avoid clicking on them at all costs!
  • Avoid mapping drives directly to servers– For any person with administrator rights, if you’re working from your computer, aim to use remote access tools as needed. This will help reduce risk to the servers directly.
  • Lock down admin users– assign user accounts by name, so that if an attack happened, the user’s account can be frozen to avoid its credentials being for further used for unauthorized installations.
  • Verify Backups– a backup is only good if it’s one that can be restored. Test your backups regularly.
  • Off-site or offline backupshaving these will reduce the chances of suffering from a single point of failure due to such an attack. Please note that mapping Dropbox on your computer can still make it subject to this attack.
  • Whitelisting approved software– you can find tools and systems that can help you with these. You can specify what can run on any system on the network.
  • Utilize Windows Group or Local Policy Editor – Software Restriction Policies can be created to stop executable files from running on any given path.
  • Have a Bitcoin account set up in case nothing else works. Being prepared can help you save time.

Here’s what you can do if you find yourself compromised:

Like they say, prevention is better than a cure.

For more ways to protect yourself and your business from malicious attacks, contact your local IT professionals.

Read More


Malware holding data ransom

Cryptowall, Cryptolocker and Cryptodefence; all malware looking to hold your computer ransom. Here’s what you need to know about these viruses.

Cryptowall is one of the worst malwares out there that can maliciously encrypt your network and system files, holding them ransom in exchange for a Bitcoin payment. Typical Bitcoin payments can vary between $500 to $1000. Since there’s many hacker groups in existence in the wilderness, Cryptowall  has evolved from Cryptolocker to practically do the same thing. And to confuse matters even more, there’s another variant like Cryptowall known as Cryptodefense.

Cryptowall Decrypt Message

The ransom message from a Cryptowall infection

Cryptowall in a nutshell

  • Cryptowall works by using encryption to change all of your network files, making them unreadable.
  • It affects Windows XP to Windows 8 Operating Systems.
  • It also cleverly deletes Shadow Volume Copies to stop any admins from restoring encrypted files.
  • Only the attacker holds the key to decrypt the files that makes them readable again.
  • The ransom increases after 7 days to nearly double the amount and is only payable with Bitcoin.

With this angle of attack, it’s no wonder why hackers are using this hostile method to forcibly siphon Bitcoin payment from their prey.

Examples of attacks

Durham Police

Durham Police Department hit with Cryptowall

  • One prime example that has gained recent media coverage is Durham town police in New Hampshire. As a typical response from any law enforcement agency, the police refused to pay the ransom to cooperate with the cyber criminals.
  • It had impacted 1500 of their own computers, with most of their police e-mail system, spreadsheets and word processing functions being affected. It had bypassed their spam and AV filters, and was masked as an attachment in an email.
  • The danger lies in that the police receive plenty of emails with attachments to notify them of complaints such as potholes from residents, which of course, aren’t to be ignored. For this very reason an infected email attachment was opened, executed and it ran through the system.
  • Fortunately for them, they were able to stop the attack from spreading to other company functions and police networks in other towns by isolating their network and recouping their system from offline back-ups.

Business Decisions

Another example of an attack came from a client of Stu Sjourwerman’s security training firm knowB4.  The attack happened after an administrator opened an infected file, which ran through onto their 7 mapped server drives, encrypting all 75 GB of data held there.

There were many negative factors against them:

  • Firstly, they had unverified backups, which would take time to see whether they worked or not, a risk which would be costly to the time in terms of extended downtime with no guarantee of a successful restore.
  • Secondly, setting up a Bitcoin account involves a lengthy process to set up with society checks that can take days to complete.
  • In desperation with shortening their downtime, they decided to pay the ransom. It was a business decision, meaning either losing out $500  in Bitcoin or thousands for operation downtime.
  • The problem was, they didn’t have the Bitcoin to pay the ransom.

The turning point:

Bitcoin

  • Luckily, they had sought Stu Sjourwerman’s help, where he had Bitcoins at hand, ready for such an event like this one.
  • This company’s IT admins had, prior to this event, taken a security awareness course lead by ex- hacker Kevin Mitnick and with Stu Sjourwerman.
  • Contrary to the police case, this company had taken the advice from the course, and with Stu Sjourwerman’s Bitcoins, they managed to pay the ransom to avoid further downtime.
  • In the end they did recover their files; however there was corruption to one of their databases, which all in all took another painstaking 18 hours to return to normal.

Not all cases end well and not all ransoms release the files as promised. It’s really at the discretion the criminal cyber gangs controlling the attack.

For more ways to strengthen your office security and IT policy enforcement, contact your local IT professionals.

Read More


How Reliable is your Hard Drive?

Your hard drive contains irreplaceable data, pictures and personal info. A new Backblaze study gives us insight on the most reliable hard drives out there.

We’ve compiled a summary based on Backblaze’s new findings on hard drive reliability, covering the brands that tend to fail the most and how often it has been reported.

Backblaze

Backblaze, a backup service provider, has data centers that hold more than 100 petabytes of data on over 34,000 drives, impressive right? They’ve done all the hard work in testing a wide range of hard drives, some of which have failed and others that have remained in full working order.

They began documenting their study in January 2014 and have since updated their observations.

Here is a summary of what you need to know:

  • The worst failing drives have been the 3 TB Western Digital and the 3 TB Seagate. This has been tested from 3,846 Seagate hard drives with an average age of 1.9 years and an initial 9% annual failure rate, which is now up to 15%. From the 776 Western Digital hard disks tested, the report shows that they have averaged 0.5 years in lifespan and had an annual failure rate of 4%, which has increased to 7%.
  • Interestingly, the HGST drives (previously branded as Hitachi) have been the most reliable brand with their annual failure rate averaging around 1% out of over 1600 tested hard drives in the datacenter.
  • Despite Seagate and Western Digital having a poor reliability record compared to the HGST drives, the reliability on these two problematic brands have continued to perform better with the Seagate 1.5TB and 4TB sized drives, along with the 1 TB Western Digital drives.
  • Western Digital and Seagate’s 3 TB drives continue to be the worst performers. One assumption could be that these drives may buckle easily under a datacenter environment. Another possibility could be due to a difference in how they run within a drive farming setup (using enterprise drives) as opposed to removing them from external USB hubs.
  • From their extensive testing, Backblaze noted that the standard external USB drives, such as Seagate’s 3TB (priced at around $100 for consumers), performed just slightly better than enterprise drives which are over double the price!
  • There’s also a big difference between different hard drive models and their failure rates. Seagate’s Barracuda range has two different 3 TB drives, with Barracuda XT performing nearly three times as well as the struggling Barracuda 7200.14 model, with a 15.7% annual fail rate.
  • The same goes for Seagate’s 1.5 TB drives, such as the Barracuda LP, performing significantly better as a hard drive with an annual failure rate of 9.6% compared to the Barracuda 7200.11, which has a 25% fail rate.

Overall conclusion

When it comes to looking for a reliable hard drive, especially those that are of 1.5 TB and 3 TB capacities, we have a clear winner and that is the HGST brand. One thing is clear; there’s no hard disk that is ever 100% fail proof, even the HGST drives have been noted to fail at times. The highest HGST annual fail rate of 1.4%, from over a thousand tested hard disks, is still a very impressive record.Hitachi Western Digital Seagate 3tb Hard Drive reliability

Regardless of your hard drive brand, model and style, it is extremely important to replicate and backup your data on a regular basis, as you never know when a hard drive will fail.

We hope that Seagate and Western Digital improve their current 1.5 and 3 TB drives and pay attention to this continued study. Although most drives will come with a 3 year warranty, in the event of a hard disk failing, this shouldn’t be much of a financial setback to their customers.

For more information on storage for your office or home based business, contact your local IT professionals.

Read More