While the holidays are a time for family and celebrating, that does not mean that scammers won’t try to spoil all that holiday cheer! With each year, the threats online have only increased, and it has become such a large issue for unsuspecting consumers that the US Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has issued a statement, asking consumers to be more aware of their online surroundings; “…[CISA] encourages users to be aware of potential holiday scams and malicious cyber campaigns, particularly when browsing or shopping online,” said CISA. Therefore, making sure you are knowledgeable in simple cybersecurity tactics can ensure that scammers and other malicious online threats cannot steal your holiday cheer! The Scammer’s Holiday Christmas time is fun for everyone, including the criminals, unfortunately. BleepingComputer reported on a scam last year that targeted Amazon shoppers! This online scam was designed to appear to be an Order Confirmation email telling the recipient that their order had shipped and to click for more details regarding the order From BleepingComputer If the recipient clicked “Order Details” a Word document would be downloaded, asking the user to “Enable Content”. If done, the document would execute code that would keylog and steal anything the user typed, stealing personal information! Making sure you are aware of your online surroundings is vital to making sure your personal information is not leaked online or stolen! Protecting Yourself Online The holiday season is the perfect time for scammers to take advantage of unsuspecting consumers. Many people who shop online are unaware of the risks and are unaware of the signs of a trap. Here are some helpful tips from CISA to make sure you stay safe online: Avoid clicking on suspicious emails and email attachments ( Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Scams). Use caution when shopping online (Shopping Safely Online). Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on Charity Scams for more information. While each of these helpful tips are from CISA, if that is not enough to make you believe, Hammett Technologies also fully endorses each of these statements! Criminals will do whatever they can to steal your personal information over the holiday season. Therefore, remaining aware and cautious while you shop online will not only save you a lot of stress, it will save your money too! If you have any questions regarding anything above, please feel free to give us a call, or visit the What We Do page to learn more! We are happy to assist you, or your company, with all your cybersecurity needs!
Ransomware is one of the most dangerous computer viruses in the computer world today. It would not be surprising if many of you, regardless of your background knowledge of computers, have heard of ransomware to some extent. Perhaps it has been through the numerous cities that have been hit, or maybe it was because of the few schools that have begun to be targeted by this disastrous virus. With ransomware on the rise, more and more businesses are being targeted. In order to keep your business’s sensitive information safe, taking preventative measures immediately is the best course of action to ensure your computer systems are not held for ransom. Setting up your Defenses Running Backups One of the most important steps, one often disregarded by many businesses, is ensuring that all computer systems are backed up daily. In the event that your network becomes infected with ransomware, having backups of critical information systems and configurations can save millions of dollars in lost revenue. Educate and Reinforce Basic Cybersecurity Awareness Ransomware needs a human element in order to infect a computer system or network. Therefore, proper and regular training of staff on how to spot phishing emails and suspicious files is essential to a business’s overall cybersecurity. Ensure that staff understands “think before click” and the dangers of downloading attachments from unknown senders. Make sure staff are browsing safely as well and know how to spot fake websites. Fake websites can look strikingly similar to the real ones but often have variations in their URL, which give away their true identities. Make sure employees are suspicious of anyone on the phone or email asking for sensitive information. Always ensure you are communicating with a trusted individual before divulging sensitive information. Have a Plan in Place in the Event of an Attack Make sure a clear plan is established in the event an attack does occur. Ensure response plans outline how to request outside assistance from cyber first responders (state agencies, CISA, and MS-ISAC). Update and Patch Systems Regularly updating and patching computer systems not only keeps the systems running smoothly, but it also protects against viruses such as ransomware. Additional Resources Once all the above is completed, consider reviewing the following articles: MS-ISAC Security Primer – Ransomware CISA Tip Sheet on Ransomware NGA Disruption Response Planning Memo NASCIO Cyber Disruption Planning Guide Each article outlines further steps you can take to protect yourself from ransomware. A Trusted Defense If any of the above worries you, consider calling Hammett Technologies. We are a trusted IT company and are well versed in the dangers of all computer viruses, not just ransomware. We use only the latest technology to ensure your business’s safety, regularly backup all your systems, and train your staff on safety procedures when handling information online. When you partner with Hammett Technologies you do not become just a partner, you become a priority. If you want more information as to what we can do to assist your company, click here!
With Windows 7 service coming to an end in only a few days, we thought it was essential to give one last push to those of you who still have not made the jump to Windows 10. After January 15, Windows 7 will no longer be in service, meaning that all security updates will cease. Continuing to run an operating system without support from the developers (i.e. Microsoft), can be extremely risky and will ultimately and inevitably lead to a malware-infected computer. Furthermore, if your business is still using Windows 7 on its work computers, you must upgrade to Windows 10 immediately. Why Upgrading to Windows 10 is Important As you have already read, Windows 7 will be out of service by January 15. However, what you may not understand is what that exactly means for you. Virtually all “end of service” means is that Microsoft will no longer support Windows 7. However, the deeper meaning to that statement is that with Microsoft no longer supporting the operating system (OS), hackers will begin to reverse engineer patches and updates. Essentially, Windows 7 will soon become an open playground for hackers and malware developers. If you are insistent on staying with Windows 7, even though consumers are reporting that they are still able to upgrade for free, you can pay for security updates from Microsoft. This yearly subscription will enable you to stay on Windows 7 and continue to receive security updates from Microsoft, but costs will increase yearly. In our opinion, unless your business relies on Windows 7, there is no excuse not to upgrade to Windows 10. Why Upgrade to Windows 10 First and foremost, Windows 10 is far secure than Windows 7 at this point. With constant updates and patches that have improved performance and security, Windows 10 has come a far way from where it began. Furthermore, upgrading to Windows 10, if you have a valid license of Windows 7, is still free! All you have to do is download the Windows 10 installer and then upgrade it. It is that simple. If you have any questions or concerns, consider contacting Hammett Technologies! We are professionals when it comes to technology and can assist you and your company regardless of the situation! Give us a call and find out why we are the #1 growing MSP in Maryland!
Windows and Linux users are once again the targets of a new string of ransomware: Tycoon. First discovered in 2019, the new strain of ransomware was created to attack educational institutes and software industries. Once inside, Tycoon proceeds to encrypt file servers, demanding a ransom for decryption. What makes this ransomware different from its predecessors is its use of code to help disguise its presence on networks. Uncovering Tycoon Ransomware Discovered by researchers and security analysts at Blackberry and KPMG, Tycoon is quite unusual compared to other ransomware. Utilizing Java, Tycoon deploys using Java Runtime Environment (JRE) and compiles itself into a Java image file (Jimage) to hide its malicious payload. What Tycoon Does The ransomware infiltrates a network using unsecured internet-facing remote desktop protocol (RDP) servers. When the system is compromised, antivirus solutions are rendered useless due to Tycoon’s ability to elevate its privileges and disable them. Once executed, Tycoon ransomware encrypts all files connected with the network, adding filename extensions such as .redrum, .grinch, and .thanos. Like other ransomware, once all files are encrypted, users are prompted to pay a ransom (in the form of bitcoin) to obtain their data back safely. Staying Safe RDP is a common way for many malicious attack campaigns to infiltrate networks. Ports should only face outward towards the internet for extreme cases, and users accessing these ports should have strong, unique passwords. Regularly updating your system’s security is another good way to ensure your network remains safe. Regularly backing up your network and storing those backups offsite or off the network is another crucial step to take. Should the worst case scenario happen, a backup will save you time and money. Worried your network may be compromised or at risk to attackers? Wondering when the last time you backed up your network was? Hammett Technologies can take care of all your business’s technological needs without the headache. Give us a call and secure your data today!
Computers around the world are continually generating records that occur. While some of these are routine checks, others are hostile, aimed at gaining access to or even destroying your network. However, by checking and reviewing the log files, you can stay on top of these issues. From malware, damage, and loss and legal liabilities, log files contain all the day to day information of your network. Therefore, it is important to practice event log management daily. It must be collected, stored, analyzed, and monitored to meet and report on regulatory compliance standards like PCI and HIPPA. WHY LOG MANAGEMENT IS IMPORTANT Every transaction and event that takes place on a machine on your network generates a log file. Microsoft-based systems use Windows Event Log files. When working on Windows, monitoring the event logs is crucial. Windows Event Log files all contain crucial information, but of all of them, the Security Log is the most important. The security log provides log in events as well as what each user is doing. It is vital that your IT security team understands the Windows Security Log to spot a vulnerability or attack accurately. However, this information can be overwhelming and exhausting to look through. If you use an Event Log Management tool, you can accurately and precisely navigate through log files, allowing you to find that single file that is causing an issue. Event Log Management is a crucial component in ensuring security and compliance, and it is essential to review all logs. SECURING THE CASTLE The top priority for any company should be security. Keeping the company safe from outside attacks that aim to disrupt customer’s data, exploit employee data, or crash a company’s server. However, attacks from the inside are just as real and can cause catastrophic damage. This is not to say that keeping your network safe from the outside is any less important, but you must be mindful of an attack from the inside. Perhaps you have an employee who is curious about financial records and wants to start drama among the workers or an employee who is upset about a decline for a promotion or pay increase and wants to delete years of data. These employees can create a backdoor into the network or give themselves admin privileges, attempting to fly under the radar from security. However, if you have a well-established ELM strategy, you can monitor these internal attacks accurately and stop them before they turn nuclear. PCI – DSS AND HIPPA COMPLIANCE Payment Card Industry Data Security Standard (PCI-DSS) provides IT professionals that handle consumers credit cards data. Any business that claims PCI compliance have to be able to show compliance in their yearly audit. If it is discovered that they are not, denial of processing and storing credit cards can occur. HIPPA requires a reliable audit trail to protect the personal data of all medical patients. HIPPA has two different significant rules: Privacy and Security. Medicaid and Medicare require, along with building an IT infrastructure and strategies to protect against threats to personal information, but there must also be preparations made for investigations of security breaches should they occur. Furthermore, you must be able to provide enough information to be able to establish occurred events, when they occurred, as well as what or who has caused them. Ways to Manage Events and Logs There are numerous ways to go about handling the logs for your networks, and WhatsUp Gold offers some of the best ways to do so: 1. Define your Audit Policy Categories Audit policies in Windows record the security log events found on your network’s log files for your company. With Microsoft Windows NT systems, audit policies have to be put in place manually on each server and workstation. However, Windows 2000 and 2003 Active Directory domains allow for Group Policy, which enables you to set universal audit policies for groups on the servers and even the domain. 2. Log Records Are Merged Automatically By default, decentralized records, such as Windows events logs and Syslog files, record their log activity. However, if you want to gain a “big picture” view of what is going on within your network, admins in charge of security and compliance need to be able to merge Windows event logs and Syslog files into one another in order to be able to monitor thoroughly, analysis, and report. It is necessary that you maintain your log data! Many compliance standards require data to be stored up to seven years. However, if you automate the process, life can become much more accessible. Automation can assist in data retrieval and the longevity of log data. It is important to remember: Archived logs must be readily obtainable. Automation helps reduce the risk of corruption. The larger the company, the more users and machines. With more users and machines comes an increase in bandwidth and network traffic, which will only further complicate the log file. Automation can greatly assist in making sure all data is collected. Usually, administrators use an event log management tool to record log event data from the servers and workstations. Make sure you find an event log management tool that supports a method to re-import collected log files into the database if they are needed. 3. Event Monitoring, Real-Time alerts & Notification Policies While your company may have most, if not all, Windows-based machines, it is important to branch out from the Windows event log monitoring system. Consider using Syslog as well. They have support for switches, routers, firewalls, IDS, as well as support for UNIX and Linux based systems. Most products that perform real-time scanning and monitoring of logs require the use of an agent. However, if you can find a software package that can be used without an agent, go for it. This avoids many issues upon initial setup and continued maintenance. Every company has a different classification of what they find important, and what they want to be listed in the logs. The one security research