Ransomware Attack Goldeneye

Ransomware Attack: Goldeneye

Ransomware Attack Goldeneye

 

In the wake of another ransomware attack, this one labeled Goldeneye, we’re reaching out to ensure our partners that we’re focused on security first. According to Forbes, there are similarities with WannaCryptor, but experts are labeling this a variant of Petya aimed at the file system—specifically targeting the master boot record—instead of encrypting individual files. It utilizes the same attack vector that WannaCry used last month – an SMBv1 exploit that was patched in March under MS17-010 known as EternalBlue.

The attack has effected systems beginning in Ukraine, and has been confirmed as spreading through a trojanized version of M.E.Doc accounting software. The massive ransomware campaign was launched in the early hours of June 27, and the outbreak is spreading globally. The National Bank of Ukraine has shared a warning on their website to help protect other banks, and the financial sector is taking steps to “strengthen security measures and counter hacker attacks.” The Independent is reporting affected systems in Spain and India, along with issues arising for Danish and British companies.

Reports are now coming in that Goldeneye has reached the US, with systems affected in major companies like Merck. Advanced security systems can block the currently known samples of new ransomware variants like Goldeneye, keeping most users safe from system infiltration.

Just like the WannaCry cyberattacks in May, this attack is highlighting the importance of maintaining up-to-date patching to keep your systems safe from these exploitative malware programs. Keeping your systems fully patched and using a vetted security solution with network segmentation can help prevent large-scale issues.

Patching, in conjunction with third-party products like anti-virus, anti-malware & backup, are critical to providing the best IT services, and an integrated ecosystem of solutions allows you to:

  1. Close Windows vulnerabilities by keeping it up to date with latest patches from Microsoft
  2. Detect new threats as the IT landscape continues to shift with anti-virus and anti-malware protection
  3. Prevent an all-out disaster by procuring continuous backups of data

See how our partners and other AV solution providers are addressing the latest attack:

Bitdefender
ESET
Webroot
Malwarebytes
VIPRE
Acronis
StorageCraft


This article was provided by our service partner : Connectwise

Private Hosting Service

Benefits of choosing Private Hosting Services

Looking to make the move into the cloud can be a bit of daunting process, with so many options available. One of the first decisions to make is choosing whether you want to opt for public cloud provider or choose a private cloud Private Hosting Services solution.

With decades of experience within the IT sector, dealing with a range of business clients, we have highlighted security, flexibility and control as the key values to our clients and wanted to ensure all of our cloud services were done so through a highly secure private cloud platform.

We have jotted down 5 top reasons for choosing a private cloud model for your business, to help guide you on your way.

1. Sense of security

Without a doubt, the number one reason to opt for Private Hosting Services is the knowledge that you know, not only, where your data is located but exactly who can access it. Whilst there are certainly a number security controls in place on a good public cloud platform, you will never have the sense control and security that you achieve through a private cloud solution.

Security is especially important for businesses who may hold sensitive documents on their servers such as highly personal customer information or private financial data. Businesses have a responsibility to ensure their data is kept safe and secure at all times, making a private cloud provider the go to platform for rest assured data security.

2. Knowing where your data is

Closely linked to security and privacy, specific data location is another important difference between private and public cloud providers. You cannot be 100% sure where your data is being stored on a public cloud, with many providers holding your data abroad, and often even unable to specify the exact location of your files at any given time.

With a private cloud infrastructure, you will always know the precise location of your data. At NetCal all your data is held on state of the art, enterprise level equipment in temperature controlled environments in a distinct number of data centres, known to you at any given time.

3. Top performance

Another clear advantage for Private Hosting Services is the ability to have dedicated applications and a dedicated server which runs its own operating system for your business. This ensures you do not have to share processing power with other company applications, resulting in a more stable predictable performance which is optimised for your business requirements.

4. Take control

If you want to ensure you have complete control over your hardware and your virtual servers, a private cloud is the clearly favourable option. In addition, private cloud also allows much more control over Service Level Agreement (SLA) management. Public cloud platforms can only give you control over certain features of your operating system, applications and server, and a public cloud provider controls the SLAs with all clients.

Another advantage of a private cloud solution is complete control over your own failover plan, which is put in place to ensure that there is no risk of your cloud service becoming unavailable to users.

5. Be flexible

An enterprise level private cloud service is built from the bottom up and tailored for your individual requirements. This means that, you as a client are able to specify what you need (both technical capabilities and SLAs) and only ever need to take up the processing power that you require.

In summary Private cloud is highly compliant and highly flexible, providing you with complete control over your hardware, virtual servers, SLAs and failover plans, whilst ensuring you are operating at your optimum performance.

If you are considering migrating to a cloud solution, or want to better understand the benefits of opting for a private cloud provider, get in touch with one of the friendly and experienced members of our team and we can get you up and started in no time.

webroot

Web Security : Is Your Chat Client Leaving You Exposed?

Popular third-party chat platforms like Slack, Discord, and Telegram are just a few of the many new productivity applications that are being hijacked by cyber criminals to create command-and-control (C&C) communications infrastructures for their malware campaigns. As corporate web security teams become more aware of traditional malware threats and deploy new security solutions to defend against them, cyber criminals continue to innovate. Now they’ve turned to well-known chat and social media applications as platforms to communicate with their deployed malware.

Hiding in Plain Sight

The appeal of these chat programs for cyber criminals is born from the fact that many of them are free, easy to use, and incorporate application programming interface (API) components that simplify connections between the programs and custom-built applications. It’s this use of APIs that allows hackers to operate undetected on corporate networks. This clever technique enables hackers to entrench their access by camouflaging themselves with normal data flows. Plus, because this malware leverages software platforms and services that are readily available (and free), all hackers need to do in order to stay connected to their growing malware bot farm is set up an account on their chat platform of choice.

Granted, not all software using APIs is susceptible to this type of attack. However, these attacks are a clear demonstration that tools used by project management and software development teams can be compromised in ways that expose their organizations to significant risk. I predict that similar vulnerabilities in productivity services and applications used by corporate technology teams will continue to be exploited—at an even greater rate. In many ways, these attacks mirror what we’ve seen recently targeting core protocols that operate on the Internet.

Know Your Enemy

Luckily, knowing the enemy is half the battle. With this in mind, we can manage these types of threats, and some of the steps I recommend come down to basic cyber hygiene. I highly recommend security professionals deploy an antivirus solution that incorporates anti-malware and firewall services to all endpoints. A solid threat-intelligence service is also vital to educate security staff and business stakeholders on the current threats and threat actors targeting their business.

One final point: it’s a good idea to screen all outbound network traffic in order to verify that it’s going to legitimate destinations. Hopefully, you’ve already deployed these recommended security controls. If you are missing one or more of these elements, it’s time to shore up your web security efforts to protect yourself and your organization.


This article was provided by our service partner : Webroot

VMware vCenter Converter

VMware vCenter Converter : Tips and Best Practices

Vmware vCenter converter can convert Windows and Linux based physical machine and Microsoft hyper-v systems into Vmware virtual machines.

Here are some tips and suggested best practices

Tasks to perform before conversion :

  • Make sure you know the local Administrator password! If the computer account gets locked out of the domain – you are likely going to need to login locally to recover
  • Ensure you are using the latest version of Vmware vCenter converter.
  • If possible, install Vmware vCenter Converter locally on the source (physical machine) operating system.
  • Make a note of the source machine IP addresses. The conversion will create a new NIC and having those IP details handy will help.
  • Disable any anti-virus
  • Disable SSL encryption – this should speed up the conversion ( described here )
  • If you have stopped and disabled any services – make sure to take a note of their state beforehand. A simple screenshot goes a long way here!
  • If converting from hyper-v -> vmware. Install the Converter on the host and power down the converter before starting the conversion.
  • Uninstall any hardware specific software utilies from the source server
  • If the source system has any redundant NICs – I would suggest removing them in the Edit screen on the converter ui.
  • For existing NICs – use the VMXNET3 driver and set it to not connected.

Special considerations for Domain Controllers, MS exchange and SQL servers.

Although – You tend to get warned off converting Domain controllers, they do work OK if you take some sensible precautions:

  • Move FSMO roles to Another Domain Controller
  • Make another Domain Controller PDC
  • Stop Active Directory services
  • Stop DHCP service ( if applicable )
  • Stop DNS service ( if applicable )

For SQL and Exchange, you should stop and disable all Exchange and SQL services on the source machine and only start them back up on the target VM once you are happy the server is successfully back on the domain.

( note these steps are not necessary for V2V conversations and you should have the system powered off!)

________________________________________________

Tasks to perform after conversion :

  • Once the conversion has successfully completed, get the source physical machine off the network. You can disable the NIC, pull the cable and/or power it down. It should not come up again.
  • For V2V conversion, delete the NIC from the systems hardware properties completely.
  • Once the physical machine is off the network, bring the virtual machine up (ensure network is not connected initially )
  • Install VMwares and set the ip config ( that you noted during the pre-conversion steps )
  • Shutdown and connect the network and bring your Virtual system back up
  • Uninstall VMware vCenter Converter from the newly converted Virtual macine

Special considerations for Domain Controllers, MS exchange and SQL servers.

  • Create test user on DC and ensure he gets replicated to the other ones.
  • Delete this test and ensure that gets replicated
  • Create test GPO policy and ensure it replicates across all domain controllers
  • Check system, application and importantly the File Replication Service logs to ensure that their is no issues with replication.

 

For SQL and Exchange : double check that their is no trust issues on the virtual machine. Try connecting to the ADMIN$ share from multiple locations. If you do find the computer account locked out. Taking the machine in and out of the domain normally fixes it.

Once happy the machine is on your domain without any trust issues – restart and reconfigure the SQL/Exchange services as per how they originally were.

 

Windows Server 2016

Windows Server 2016 docs are now on docs.microsoft.com

Microsoft have recently announced that their IT pro technical documentation for Windows Server 2016 and Windows 10 and Windows 10 Mobile is now available at docs.microsoft.com.

docs.microsoft.com

Why move to docs.microsoft.com?

Well here microsoft promise:

“a crisp new responsive design that looks fantastic on your phone, tablet, and PC. But, more importantly, you’ll see new ways to engage with Microsoft and contribute to the larger IT pro community. From the ground up, docs.microsoft.com that offers:

  • A more modern, community-oriented experience that’s open to your direct contribution and feedback.
  • Improved content discoverability and navigation, getting you to the content you need – fast.
  • In article Comments and inline feedback.
  • Downloadable PDF versions of key IT pro content collections and scenarios. To see this in action, browse to the recently released Performance Tuning Guidelines for Windows Server 2016 articles, and click Download PDF.
  • Active and ongoing site improvements, including new features, based on your direct feedback. Check out the November 2016 platform update post to see the latest features on docs.microsoft.com.”

How to contribute to IT pro content

Microsoft recognize that customers are eager to share best practices, optimizations, and samples with the larger IT pro community. Docs.microsoft.com makes contribution easy.

Community contributions are open for your contribution. Learn more about editing an existing IT pro article.

Windows 10

Proxmox

Open Source Hypervisors and Hyperconverged Environments

We recently started looking at some of the open source solutions such as KVM/QEMU offered by RedHat and Proxmox to replace Microsoft Hyper-V and VMWare vSphere. So far they do appear somewhat feature-full especially for smaller environments. It appears though they do fall short of Enterprise features.

The performance and simplicity were definitely appealing with these solutions. Some of our staff was really into the Linux aspect of them since the Hypervisors have a full Linux shell. Controlling the enviornment easily from a cli was definitely a plus along with the common feel of logfiles and Linux kernel options.

Everything was promising but we got to the point of backing up multi-terabyte VM environments and the flexibility offered by common tools wasn’t working well enough for what we wanted to do. Products such as Veeam really do make it easy for even entry level administrators to use the complex environments.

For now we’ll be sticking with the big boys and keeping a close eye on the developments of Change Block Tracking in libvirt and the user-space tools in the coming year.