ransomware secuirty

The Ransomware Threat isn’t Over. It’s Evolving.

Ransomware is any malware that holds your data ransom. These days it usually involves encrypting a victim’s data before asking for cash (typically cryptocurrency) to decrypt it. Ransomware ruled the malware world since late 2013, but finally saw a decline last year. The general drop in malware numbers, along with defensive improvements by the IT world in general (such as more widespread backup adoption), were factors, but have also led this threat to become more targeted and ruthless.

Delivery methods

When ransomware first appeared, it was typically distributed via huge email and exploit kit campaigns. Consumer and business users alike were struck without much discretion. 

Today, many ransomware criminals prefer to select their targets to maximise their payouts. There’s a cost to doing business when it comes to infecting people, and the larger the group of people you are trying to hit, the more it costs. 

Exploit kits

Simply visiting some websites can get you infected, even if you don’t try to download anything. This is usually done by exploiting weaknesses in the software used to browse the web such as your browser, Java, or Flash. Content management and development tools like WordPress and Microsoft Silverlight, respectively, are also common sources of vulnerabilities. But there’s a lot of software and web trickery involved in delivering infections this way, so the bulk of this work is packaged into an exploit kit which can be rented out to criminals to help them spread their malware. 

Renting an exploit kit can cost $1,000 a month, so this method of delivery isn’t for everyone. Only those cybercriminals who’re sufficiently motivated and funded. 

“Because the cost of exploitation has risen so dramatically over the course of the last decade, we’ll continue to see a drop in the use of 0-days in the wild (as well as associated private exploit leaks). Without a doubt, state actors will continue to hoard these for use on the highest-value targets, but expect to see a stop to Shadowbrokers-esque occurrences. The mentioned leaks probably served as a powerful wake-up call internally with regards to who has access to these utilities (or, perhaps, where they’re left behind).” – Eric Klonowski, Webroot Principal Threat Research Analyst

Exploits for use in both malware and web threats are harder to come by these days and, accordingly, we are seeing a drop in the number of exploit kits and a rise in the cost of exploits in the wild. This threat isn’t going anywhere, but it is declining.

Figure 1. Still plenty of exploit kits out there. Source: Execute Malware

Email campaigns

Spam emails are a great way of spreading malware. They’re advantageous for criminals, as they can hit millions of victims at a time. Beating email filters, creating a convincing phishing message, crafting a dropper, and beating security in general is tough to do on a large scale, however. Running these big campaigns requires work and expertise so, much like an exploit kit, they are expensive to rent. 

Figure 2. Shade ransomware delivered from a recent spam email campaign Source: InfoSec Handlers Diary Blog

Targeted attacks

The likelihood of a target paying a ransom and how much that ransom is likely to be is subject to a number of factors, including:

  • The country of the victim. The GDP of the victim’s home nation is correlated to a campaign’s success, as victims in richer countries are more likely to shell out for ransoms 
  • The importance of the data encrypted
  • The costs associated with downtime
  • The operating system in use. Windows 7 users are twice as likely to be hit by malware as those with Windows 10, according to Webroot data
  • Whether the target is a business or a private citizen. Business customers are more likely to pay, and pay big

Since the probability of success varies based on the target’s circumstances, it’s important to note that there are ways of narrowing target selection using exploit kits or email campaigns, but they are more scattershot than other, more targeted attacks.

RDP

Remote Desktop Protocol, or RDP, is a popular Microsoft system used mainly by admins to connect remotely to servers and other endpoints. When enabled by poor setups and poor password policies, cybercriminals can easily hack them. RDP breaches are nothing new, but sadly the business world (and particularly the small business sector) has been ignoring the threat for years. Recently, government agencies in the U.S. and UK have issued warnings about this completely preventable attack. Less sophisticated cybercriminals can buy RDP access to already hacked machines on the dark web. Access to machines in major airports has been spotted on dark web marketplaces for just a few dollars.

Figure 3. Servers for sales on underground forums. Source: Fujitsu

Spear phishing

If you know your target, you can tailor an email specifically to fool them. This is known as spear phishing, and it’s an extremely effective technique that’s used in a lot of headline ransomware cases.

Modular malware

Modular malware attacks a system in different stages. After running on a machine, some reconnaissance is done before the malware reinitiates its communications with its base and additional payloads are downloaded. 

Trickbot

The modular banking Trojan Trickbot has also been seen dropping ransomware like Bitpaymer onto machines. Recently it’s been used to test a company’s worth before allowing attackers to deploy remote access tools and Ryuk(ransomware) to encrypt the most valuable information they have. The actors behind this Trickbot/Ryuk campaign only pursue large, lucrative targets they know they can cripple.

Trickbot itself is often dropped by another piece of modular malware, Emotet

What are the current trends?

As we’ve noted, ransomware use may be on the decline due to heightened defences and greater awareness of the threat, but the broader, more noteworthy trend is to pursue more carefully selected targets. RDP breaches have been the largest source of ransomware calls to our support teams in the last 2 years. They are totally devastating to those hit, so ransoms are often paid.

Figure 4. A slight dip but a consistently high amount of RDP malware seen by us last year.

Modular malware involves researching a target before deciding if or how to execute and, as noted in our last blog on information stealers,they have been surging as a threat for the last six months. 

Automation

When we talk about selecting targets, you might be inclined to assume that there is a human involved. But, wherever practical, the attack will be coded to free up manpower. Malware routinely will decide not to run if it is in a virtualised environment or if there are analysis tools installed on machines. Slick automation is used by Trickbot and Emotet to keep botnets running and to spread using stolen credentials. RDP breaches are easier than ever due to automated processes scouring the internet for targets to exploit. Expect more and more intelligent automation from ransomware and other malware in future.

What can I do?

  • Secure your RDP
  • Use proper password policy. This ties in with RDP ransomware threats and especially applies to admins.
  • Update everything
  • Back up everything. Is this backup physically connected to your environment (as in USB storage)? If so, it can easily be encrypted by malware and malicious actors. Make sure to air gap backups or back up to the cloud.
  • If you feel you have been the victim of a breach, it’s possible there are decryption tools available. Despite the brilliant efforts of the researchers in decryption, this is only the case in some instances.

This article was provided by our service partner : webroot.com

CyberSecurity

A Cybersecurity Checklist for Modern SMBs

The landscape of digital security is rapidly shifting, and even the largest tech giants are scrambling to keep up with new data regulations and cybersecurity threats. Small to medium-sized businesses (SMBs) are often left out of these important conversations, leaving themselves — and their users — vulnerable. In an effort to combat this trend, Webroot conducted a survey of more than 500 SMB IT leaders in the UK, revealing common blind spots in SMB cybersecurity practices. As businesses around the globe grapple with similar change, our Size Does Matter: Small Businesses and Cybersecurity report offers insight and guidance for companies regardless of geography. 

The biggest takeaway? We turned to Webroot’s Senior Director of Product Strategy Paul Barnes for his thoughts.

“The damage from data loss or downtime often means substantial financial and reputational losses, sometimes even leading to a business no longer being viable. A key learning for all small businesses should be to stop hiding behind your size. Instead, become educated in the risks and make your security posture a differentiator and business driver.”

When you’re putting together a cybersecurity checklist, you’ll need to do one thing first: check your preconceived notions about SMB cybersecurity at the door. Your business is not too small to be targeted. The data you collect is both valuable and likely vulnerable, and a costly data breach could shutter your business. More than 70% of cyberattackstarget small businesses, with 60% of those going out of business within six months following their breach. With both the threat of hackers and the looming possibility of increased GDPR-style data regulatory fines, your small business cannot afford to be underprepared.

The first step to a fully realized cybersecurity program? An unflinching look at your company’s resources and risk factors.

“Understand what you have, from a technology and people perspective, and the risks associated with loss of data or operations, whether through externally initiated attacks or inside threats,” advised Barnes. “This will allow you to plan and prioritise next steps for protecting your business from attack.”

For established SMBs, this type of internal review may seem overwhelming; with so many employees already wearing so many hats, who should champion this type of effort? Any small business that is preparing to modernize its cybersecurity protocols should consider bringing in a managed service provider (MSP) to do an internal audit of its systems and to report on the company’s weaknesses and strengths. This audit should serve as the backbone of your cybersecurity reform efforts and — depending on the MSP — may even give you a security certificate that can be used for marketing purposes to differentiate your brand from competitors.

With a strong understanding of your company’s strengths and weaknesses, you can begin to implement an actionable cybersecurity checklist that will scale as you grow, keeping your business ahead of the data security curve. Each SMB’s checklist will be unique, but these best practices will be integrated into any successful cybersecurity strategy.

Continuous Education on the Latest Threats

A majority of small to medium-sized businesses rely on software systems that are constantly evolving, closing old security gaps while potentially opening new ones. With a tech landscape in constant flux, one-off security training will never be enough to truly protect your business. Comprehensive employee training that evolves alongside cybersecurity threats and data privacy regulations are your company’s first line of cybersecurity defense. Include phishing prevention practices in these trainings as well. Although seemingly old hat, phishing attacks are also evolving and remain one of the largest causes of data breaches globally. Continuous training of employees helps build a culture of security where they feel part of the team and its success. 

Regular Risk Assessment and Security Audits

Just as one-off training is not sufficient in keeping your staff informed, a one-off audit does nothing to continuously protect your company as it grows. Depending on your industry, these audits should take place at least annually, and are the best way to detect a security flaw before it is exploited. Factors such as the sensitivity of the data your business houses, and the likely impacts of a successful breach—your risk profile—should guide decisions regarding the frequency of these security audits.

Disaster Response Plan

Having a prepared disaster response plan is the most effective way to mitigate your losses during a data security breach. Backup and recovery tactics are critical components of this plan. It should also include a list of security consultants to contact in order to repair the breach, as well as a communications plan that notifies customers, staff, and the public in accordance with data protection regulations. An MSP can work with your company to provide a disaster response plan that is customized to your business’ specific needs.

Bring Your Own Device

Never scrimp on mobile security. Many companies now tolerate some degree of bring-your-own-device (BYOD) policy, giving employees increased convenience and employer accessibility. But convenience is a compromise and, whether it be from everyday theft or a malicious app, mobile devices are a weak point in many company’s security. Including mobile security guidelines like automatic device lock requirements, strong password guidelines, and failsafe remote wipe access in your BYOD policies will save your company money, time, and heartache.

Layer Your Security

Finally, ensure your business has multiple layers of defense in place. Accounting for endpoint devices is no less critical than it’s always been, but businesses are increasingly learning that networks and users need protection, too. DNS-layer security can keep employees from inviting risky sites onto your network, and security awareness training will help your users recognize signs of an attack. No one solution is a panacea, but tiered defenses make a business more resilient against cybercrime.

Survey says: We don’t have time for this

One of the largest impediments to SMBs adopting these modern cybersecurity protocols is the perceived time cost, with two-fifths of IT leaders surveyed by Webroot stating they simply do not have the time or resources to fully understand cybersecurity threats. The uncomfortable truth is that, if you can’t find the time to protect your data, a hacker whodoes have the time is likely to find and exploit your security gaps. But there is a silver-lining, the smaller size of an SMB actually allows for a certain level of agility and adaptiveness when implementing cybersecurity policies that is inaccessible to tech giants.

“SMBs can no longer consider themselves too small to be targets. They need to use their nimble size to their advantage by quickly identifying risks and educating employees on risk mitigation, because people will always be the first line of defense,” said Barnes.

You’ll find additional benefits beyond the base-level protection a comprehensive cybersecurity plan provides. As 33% of SMBs surveyed by Webroot say they prefer not to think about cybersecurity at all, demonstrating that your company is ahead of the problem can be a powerful way to distinguish your business from its competitors. With consumer data privacy concerns at an all-time high, a modern cybersecurity checklist may be one of the best marketing tools available. The best way to stay ahead of cybersecurity threats is to stay informed. Read the entire Size Does Matter: Small Businesses and Cybersecurity report for an in-depth look at how your SMB contemporaries are handling data protection, and stay up-to-date with Webroot for additional cybersecurity reports and resources.

This article was provided by our service partner : webroot.com

remote access

Remote Access: What You Should Know

In the prehistoric age of computers, when they took up entire rooms in tall buildings, remote support was just a twinkle in the eyes of early engineers. Fast-forward several decades to the 1980s and the advent of the World Wide Web and voila! Remotely servicing machines was no longer a wishful thought, but an actual possibility.

Today, with billions of smart devices around the globe to support, managed service providers (MSPs) have come to rely on remote access tools to troubleshoot technology issues wherever the end user is in the world.

As remote access solutions become more sophisticated, there are fewer reasons to send technicians on site to support devices. This not only adds to an MSP’s bottom line, it also makes technicians and engineers more effective at their jobs.

What is Remote Access?

In its simplest form, remote access is a process where a technician is able to access a machine (it could be a computer, smart phone, or a server) from another location.

Can you think of an industry that doesn’t use smart devices (computers, phones, tablets, etc.)? Somewhere in the company’s infrastructure, there’s a machine – and those machines can malfunction. As glamorous as it would be to fly all over the globe to fix computers and phones in exotic locations, it’s not exactly cost-effective to send techs troubleshoot issues in person. So, when tech issues arise, it’s remote access to the rescue!

So, what’s the difference between remote access and remote support? Some in the IT community use those terms interchangeably. When you think about it, they’re not wrong. For the purposes of this article, the difference is this:

Remote access is the process where a technician remotely supports machines, mobile devices, servers, and systems that are unattended by the end-user.

Remote support is the same process essentially, with one key difference: the technician is assisting a person on the other end of the session while they address tech issues with the person’s device.

Choosing the Best Remote Access Software for Business

There are dozens of solutions on the market, ranging as broadly in complexity and capability as they do in price. Some cater to home users and others to enterprises. Some split up the remote access and support functionality into different tools. Others are all-inclusive (meaning one software offers the option to both support end users AND access unattended machines).

Narrowing the options down to the right one for your business can be tricky. It might even be tempting to opt for the cheapest one and hope for the best. But not all remote access solutions are created equal. Here’s what you should consider.

Security

Security is at the top of the feature list. Remote access without proper security exposes business data to cybercriminals. When data breaches happen, MSPs lose not only credibility, but money. MSPs can incur fines associated with data breaches, not to mention lost revenue due to poor reputation, lost clients, and remediation.

Look for a comprehensive security feature set that includes:

  • Role-based permissions
  • Password management
  • SSL
  • Alerts
  • Multiple authentication methods

MSPs that support industries like healthcare may require you to have specific security measures in place to comply with legal and ethical guidelines like PCI, DSS, and HIPAA. If these apply to you, make sure your choices include additional security features like:

  • On-premises options
  • Video auditing and recording

Reliable Connectivity

Another ding on an MSP’s credibility is slow, unreliable connectivity. Shaky remote access tools are bad for technician morale and can also leave your customers with a bad impression of your IT services. A remote access tool worth should let a technician connect to the device in seconds, temporarily install software for non-managed machines or break/fix scenarios, and will include options to install permanent agents as needed.

Cross-Platform Compatibility & Mobile Support

Companies that MSPs support will usually rely on an array of devices – both mobile and stationary – to run their day to day business functions. The thing is, many of these devices run off of different platforms, tasking MSPs with supporting Microsoft® Windows, Mac, Linux, Android, and Chrome. Likewise, it’s important for technicians to be able to access machines while they’re away from their desktops.

Integrations

Disparate systems are no good – that’s not a new idea. So, it’s crucial that the solution you choose integrates with the other systems you use (ticketing, billing, and business management). Otherwise, you could be creating more problems than you’re solving. When you’re researching remote access tools, ask yourself these questions:

Does this integrate with the solutions I already use?

Does this offer extensions and apps for enhanced capabilities?

How often are new solutions added to the integration roster?

Online Collaboration

A strong tech support team relies on collaboration to get the job done quickly and accurately. If your remote support solution doesn’t also offer remote meeting capabilities, you’re missing out on an easy way to promote team collaboration, and to share information quickly with your customers through screen-sharing and simple document sharing.

The right remote access solution allows your techs to help each other or request help easily, and gives them the capability to chat with end users, share screens with customers, and set up meetings to help explain issues quickly and directly.

Customization

White labeling is key for brand recognition and building trust. Remember that remote access can be daunting for end users. The more your customers see your MSP’s logo, colors, and messaging, the easier it’ll be to build your brand equity.

Beyond logos, colors, and custom URLs, consider which customizations would most benefit your team. The best remote access software will offer an array of editable settings, languages, designs, and workflows.

Setup & Implementation

Something to find out about before choosing a remote access tool is how much time and education is required before you’re up and running with your new solution. With some solutions, it’s a very simple process that involves installing an access point onto the machine(s) or “endpoint” you want to support. Be careful to consider things like compatibility – if your endpoints run on Windows OS, for instance, you should check to make sure the remote access tool support it.

The Future of Remote Access

Cloud information management has drastically changed how companies share resources. The cloud has made it possible for even the smallest companies to distribute information and resources around the world, making it crucial for MSPs to be able to administer cloud management and monitoring.

An MSP’s systems need to be able to weather the storm of a constantly changing industry. A robust remote access solution—allowing you to work in multiple environments and continue to support new tools—is key to building a successful business. Evaluate your selections for remote access tools by considering which solutions offer the development support you’ll need for scalability.

A Remote Access Solution that Checks All the Boxes

Every MSP and help desk needs a reliable and secure remote access tool that scales as the workforce needs change.

This article was provided by our service partner : connectwise.com

The Rise of Information Stealers

As noted in a previous blog post, mining malware is on a decline, partly due to turmoil affecting cryptocurrencies. Ransomware is also on a decline (albeit a slower one). These dips are at least partly the result of the current criminal focus on information theft.

Banking Trojans, hacks, leaks, and data-dealing are huge criminal enterprises. In addition to suffering a breach, companies might now be contravening regulations like GDPR if they didn’t take the proper precautions to secure their data. The ways in which stolen data is being used is seeing constant innovation. 

Motivations for data theft

Currency

The most obvious way to profit from data theft is by stealing data directly related to money. Examples of malware that accomplishes this could include:

  • Banking Trojans. These steal online banking credentials, cryptocurrency private keys, credit card details, etc. Originally for bank theft specialists, this malware group now encompasses all manner of data theft. Current examples include Trickbot, Ursnif, Dridex.
  • Point of Sale (POS). These attacks scrape or skim card information from sales terminals and devices.
  • Information stealing malware for hijacking other valuables including Steam keysmicrotransactional or in-game items

Trade

Data that isn’t instantly lucrative to a thief can be fenced on the dark web and elsewhere. Medical records can be worth ten times more than credit cards on dark web marketplaces. A credit card can be cancelled and changed, but that’s not so easy with identity. Examples of currently traded information include:

  • Credit cards. When cards are skimmed or stolen, they’re usually taken by the thousands. It’s easier to sell these on at a reduced cost and leave the actual fraud to other crooks.
  • Personal information. It can be used for identity theft or extortion, including credentialschildren’s data, social security information, passport details, medical records that can be used to order drugs and for identity theft, and sensitive government (or police) data

Espionage

Classified trade, research, military, and political information are constant targets of hacks and malware, for obvious reasons. The criminal, political, and intelligence worlds sometimes collide in clandestine ways in cybercrime. 

As a means of attack

While gold and gemstones are worth money, the codes to a safe or blueprints to a jewellery store are also worth a lot, despite not having much intrinsic value. Similarly, malware can be used to case an organisation and identify weaknesses in its security setup. This is usually the first step in an attack, before the real damage is done by malware or other means. 

“In late 2013, an A.T.M. in Kiev started dispensing cash at seemingly random times of day. No one had put in a card or touched a button. Cameras showed that the piles of money had been swept up by customers who appeared lucky to be there at the right moment.” –From a story that appeared in the New York Times

Just another day in the Cobalt/Carbanak Heists 

Some examples of “reconnaissance” malware include:

  • Carbanak. This was the spear-tip of an attack in an infamous campaign that stole over €1 billion ($1.24 billion) from European banks, particularly in Eastern Europe. The Trojan was emailed to hundreds of bank employees. Once executed, it used keylogging and data theft to learn passwords, personnel details, and bank procedures before the main attacks were carried out, often using remote access tools. ATMs were hacked to spill out cash to waiting gang members and money was transferred to fraudulent accounts.
  • Mimikatz, PsExec, and other tools. These tools are freely available and can help admins with legitimate issues like missing product keys or passwords. They can also indicate that a hacker has been on your network snooping. These software capabilities can be baked into other malware.
  • Emotet. Probably the most successful botnet malware campaign of the last few years, this modular Trojan steals information to help it spread before dropping other malware. It usually arrives by phishing email before spreading like wildfire through an organisation with stolen/brute-forced credentials and exploits. Once it has delivered its payload (often banking Trojans), it uses stolen email credentials to mail itself to another victim. It’s been exfiltrating the actual contents of millions of emails for unknown purposes, and has been dropping Trickbot recently, but the crew behind the campaign can change the payload depending what’s most profitable. 

“Emotet is an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Emotet continues to be among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors.”- An August 2018 warning from the American DHS

  • Trickbot/Ryuk. Trickbot is a banking Trojan capable of stealing a huge array of data. In addition to banking details and cryptocurrency, it also steals data that enables other attacks, including detailed information about infected devices and networks, saved online account passwords, cookies, and web histories, and login credentials. Trickbot has been seen dropping ransomware like Bitpaymer onto machines, but recently its stolen data is used to test a company’s worth before allowing attackers to deploy remote access tools and Ryuk(ransomware) to encrypt the most valuable information they have. The people behind this Trickbot/Ryuk campaign are only going after big lucrative targets that they know they can cripple.

What are the current trends?

Emotet is hammering the business world and, according to our data, has surged in the last six months of 2018:

Data recorded between 1 July and December 31, 2018. Webroot SecureAnywhere client data.

Detection of related malware surged alongside these detections. Almost 20% of Webroot support cases since the start of December have been related to this “family” of infections (Emotet, Dridex, Ursnif, Trickbot, Ryuk, Icedid).

What can I do?

  • Update everything! The success of infections such as WannaMine proved that updates to many operating systems still lag years behind. Emotet abuses similar SMB exploits to WannMine, which updates can eliminate.
  • Make sure all users, and especially admins, adhere to proper password practices.
  • Disable autoruns and admin shares, and limit privileges where possible.
  • Don’t keep sensitive information in plain text.

This article was provided by our service partner : Webroot

How RMM Solves Break/Fix Problems

Despite the rise of managed service providers (MSPs), many IT companies still operate on a break/fix model. But the proactive managed services model is far easier and more cost-effective—and helps you provide a much stronger level of service to your clients. If you’re still providing services on a break/fix basis, a remote monitoring and management (RMM) tool can help you make the transition to managed services.

Not sure of the benefits an RMM tool offers? Here are a few.

Cash Flow

In a break/fix model, clients only pay for your services when they need something fixed. As a result, cash flow is inconsistent and unpredictable. By contrast, MSPs charge a uniform monthly fee in exchange for constant, proactive monitoring of a client’s systems. RMM tools proactively monitor a client’s devices and networks, allowing you to charge a monthly fee for your always-on service.

Complex IT Issues

In a break/fix model, you don’t hear about an IT issue until it’s grown large enough for a client to notice. This usually means the problem has become widespread and complicated—whereas a problem in the early stages can be simpler and quicker to resolve. RMM software can detect IT issues before the client notices them, enabling you to fix them proactively before they cause widespread problems.

Wasted Time

Time spent to and from client sites can represent a large part of a break/fix technician’s day—and eats up resources that could be better spent elsewhere. It also takes additional time to analyze a client’s devices and gather basic information about the infrastructure and issue. Every second spent traveling or collecting background information hinders your company’s growth by reducing productivity. But with RMM, you can gather information automatically and solve issues remotely, reducing costs and making every second count.

Client Mistrust

If you operate on a break/fix model, you may fix a client’s issue only to have them call you the next day with the same issue or a related one. The more problems a client experiences, the less they’ll trust you. If you’ve supposedly already fixed the issue, they’ll wonder, why does it keep happening? That’s a problem you can avoid with the help of an RMM tool. Constant monitoring means you’ll always know what’s going on, and if you discover a potential issue, you can fix it quickly. Give the client a well-performing infrastructure, and you’ll deepen their trust in your services.

Limited Manpower

Break/fix models can keep your technicians constantly busy as they dash off to fix one client issue after another. If they’re overworked, they may miss incoming work. An RMM tool automates tasks to ease up the strain on your team and help them handle clients more efficiently.

Outdated Systems

Outdated systems can be a strain on break/fix companies. If a client experiences problems with outdated software or devices, they may budget for upgrades rather than for the IT services you provide—costing you potential business. RMM keeps your clients’ systems up to date with the latest tools and software.

Negative Associations

The break/fix business model may cultivate an unhealthy relationship between providers and clients. You make money only when your client’s system is failing. This creates a negative association in your client’s mind, and they may put off calling you until it’s absolutely necessary. At that point, of course, the problem is much more difficult to resolve. With RMM, you keep everything running as it should, building satisfaction rather than resentment.

Loss of Business

If you don’t offer managed services, someone else will—and it’s only a matter of time before your client finds them. Transitioning to an MSP with the help of an RMM tool means better service for your clients and more business for you.

By adding an RMM tool to your solution toolkit, you’ll be able to proactively detect problems before your client notices, allowing you to offer a better quality of service. In addition, your staff will experience an increase in productivity that will help your company’s bottom line.

This article was provided by our service partner : connectwise.com

cryptomining

A Miner Decline: The Surprising Slowdown of Cryptomining

In Webroot’s 2018 mid-term threat report, we outlined how cryptomining, and particularly cryptojacking, had become popular criminal tactics over the first six months of last year. This relatively novel method of cybercrime gained favour for being less resource-intensive and overtly criminal when compared to tactics involving ransomware. But mining cases and instances of mining malware seem to have dropped off significantly in the six months since this report, both anecdotally and in terms of calls to our support queue. 

The crytpo world has gone through significant turmoil in this time, so it’s possible the reduced use of malicious cryptojacking scripts is the result of tanking cryptocurrency values. It’s also possible users are benefitting from heightened awareness of the threat and taking measures to prevent their use, such as browser extensions purpose-built to stop these scripts from running. 

Setting aside the question of why for a moment, let’s take a look at some stats illustrating that decline during that time period.

Cryptojacking URLs seen by Webroot over six months beginning 1 July through 31 December, 2018, Webroot SecureAnywhere client data. 


Webroot endpoints detected URLs associated with over 17,000 cryptojacking instances over the last year.

New miner malware seen by Webroot 

Data from six months beginning 12 July through 9 Jan, 2019, Webroot data, units logarithmic.


Portable executable mining malware seen by Webroot threat intelligence. Data from hundreds of millions of Webroot sensors.

Monero mining profitability ($)

Data covering six months from 12 July – 9 Jan, 2019, Bit Info Charts, units logarithmic


We chose Monero as the currency to analyse here because of its popularityamong crooks operating miners or cryptojacking sites. However, results for Bitcoin over the same time period are similar.

Monero price ($)

Data covering six months from 12 July through 9 Jan, 2019, World Coin Index

Interpreting the data

None of the graphs are identical, but without too much statistical comparison, I think a broad trend can be seen: malicious mining is on the decline alongside a general decline in coin value and coin mining profitability. 

Profitability affecting criminal tactics is of course not surprising. The flexibility of exploit kits and modern malware campaigns like Emotet mean that cybercriminals can change tactics and payloads quickly when they feel their malware isn’t netting as much as it should.

Thanks to the dark web, criminal code has never been easier to buy or rent than in recent years, and cryptocurrencies themselves make it easy to swap infection tactics while keeping the cash flowing. Buying or renting malicious code and malware delivery services online is easy, so the next time the threat landscape changes, expect criminals to quickly change with it. 

Should I still care about miners?

Yes, absolutely. 

Cryptocurrency, cryptomining, and malicious cryptomining aren’t disappearing. Even with this dip, 2018 was definitely a year of overall cryptocrime growth. Our advanced malware removals teams often spot miner malware on machines infected by other malware, and it can be an indication of security holes in need of patching. And any illegal mining is still capable of constantly driving up power bills and frustrating users.

Where are cybercriminals focused now?

Information theftis the current criminal undertaking of choice, a scary development with potentially long-lasting consequences for its victims that are sometimes unpredictable even to thieves. The theft, trade, and use for extortion of personal data will be the focus of our next report.

What can I do?

Cryptojacking may only be on the decline because defences against them have improved. To up your chances of turning aside this particular threat, consider doing the following:

  • Update everything. Even routers can be affected by cryptojacking, so patch/update everything you can.
  • Is your browser using up lots of processor? Even after a reset/reinstall? This could be a sign of cryptojacking.
  • Are you seeing weird spikes in your processor? You may want to scan for miner infections.
  • Don’t ignore repeated miner detections. Get onto your antivirus’ support team for assistance. This could be only the tip of the iceberg.
  • Secure your RDP.

What can Webroot do?

Webroot SecureAnywhere®antivirus products detect and remove miner infections, and the web threat shield blocks malicious cryptojacking sites from springing their code on home office users. For businesses, however, the single best way to stop cryptojacking, is with DNS-level protection. DNS is particularly good at blocking cryptojacking services, no matter how many sites they try to hide behind.

Persistent mining detections might point to other security issues, such as out-of-date software or advanced persistence methods, that will need extra work to fix. Webroot’s support is quick and easy to reach.

In the end, cryptomining and cryptojacking aren’t making the same stir in the cybersecurity community they were some months ago. But they’ve far from disappeared. More users than ever are aware of the threat they pose, and developers are reacting. Fluctuations in cryptocurrency value have perhaps aided the decline, but as long as these currencies have any value cryprojackers will be worth the limited effort they require from criminals.

Watch for the use of cryptominers to be closely related to the value of various cryptocurrencies and remain on the lookout for suspicious or inexplicable CPU usage, as these may be signs that you’re being targeted by these threats. 

This article was provided by our service partner : Webroot

Vulnerability Management

6 Fundamental Best Practices of Vulnerability Management

Any security leader must be able to provide a standard for due care and help to build a comprehensive security program that is good for the entire business. This is no easy feat. With increased threats and security breaches becoming more sophisticated and pressured to be compliant, it comes as no surprise that security is today’s top buzzword. With all the security buzz on the minds of business leaders, we see an increase in demand for security initiatives. However, as leaders at small to medium-sized businesses look to their in-house staff to implement, they are discovering a lack of skills and resources to build the proper IT infrastructure to keep them secure. With the ease and greater benefits of outsourcing today, it’s creating more opportunities for their trusted managed service provider (MSP) to fill the demand with an as-a-service offering. It’s no surprise that managed security is growing at the highest rate of all Technology-as-a-Service, at a compound annual growth rate of 17%.

Often, we hear that MSP clients assume security is included as part of the standard of services already provided to them. We have also uncovered through interviews that organizations and MSPs alike often have a hard time getting their users to adopt better security practices, even simple ones to implement, like multi-factor authentication and password policies. One thing they all have in common, however, is that they want to be better at security.

Let’s start by stating that achieving ‘better security’ is all about the layers of security that can be established to protect the organization, its users, and most of all, its data. We also conclude that there is no ‘security bliss’ where all levels have been laid, and there is no longer any risk.

Security can best be established as a framework for users and the data they share. When we break down security into manageable layers, we can create the following categories. Each category has its own standards and processes to be documented and carried out by a security leader or a team of security leaders.

  • Governance
  • Policy Management
  • Awareness & Education
  • Identity & Access Management
  • Vulnerability Management

Each topic can be quite involved, so our focus for this article will be vulnerability management, as it becomes the foundational layer of the organization’s threat defense strategy.

Most MSPs are already offering services for managing vulnerabilities through patching operating systems and third-party products. Vulnerability management is just one part of the security process in identifying, assessing, and resolving security weaknesses in the organization. Often there is a focus on the technical infrastructure, like updating endpoints, managing components of a network, or the configuration of firewalls.

Let’s take a closer look at the process and practice of vulnerability management in these six steps:

  1. Policy — Your first step should include defining the desired state for device configurations. This also includes understanding the users and their minimum access to data sources in the organization. This policy discovery process should consider any compliance measures like PCI, HIPPA, or GDPR that may exist. Document your policy and your users’ access.
  2. Standardize — Next, standardize devices and operating environments to identify any existing vulnerabilities properly and to meet compliance needs noted during the policy discovery process. When you standardize all your devices, you also streamline the remediation process. If users are all operating on the same type of hardware/software setup, steps three through six have the propensity to be more effective and make the process more efficient.
  3. Prioritize — During remediation of a threat, any activities conducted must be properly prioritized based on the threat itself, the organization’s internal security posture, and how important the data residing on the asset is. Having a full understanding of your assets and the roles they play in the organization will play a critical role when prioritizing active threats. Document and classify your assets so you can easily prioritize when there is a threat.
  4. Quarantine — Have a plan in place to circumvent or shield the asset from being a bigger threat to the organization once compromised.
  5. Mitigate — Identify root cause and close the security vulnerability.
  6. Maintain — It is important to continually monitor the environment for anomalies or changes to policy, patch for known threats, and use antivirus and malware tools to help identify new vulnerabilities.

Vulnerability management is an essential operational function that requires coordination and cooperation with the business as a whole. Having the entire business buy into better security is paramount to the success of the program. The team must also have a set of supporting tools with underlying technologies that enable the security team’s success. Operational functions include vulnerability scanning, penetration testing, incident response, and orchestration. Remedial action can take many different forms: Application of an operating system patch, a network configuration change, a change to a custom-built application, a simple change in process, awareness and education for users who consume and share organizational data. Tools can range from RMM to SEIM, to simple antivirus/malware and backup toolsets.

At ConnectWise, we aim to promote security consciousness in everyday IT practices and help our partners elevate their value by offering Security-as-a-Service. With ConnectWise Automate®, you can perform multiple vulnerability management functions such as identification and management of assets, utilize the computer management screen to help quarantine and mitigate vulnerabilities, and patch Windows® operating systems, as well as third-party applications on a mass scale. You can also utilize monitoring and patching policies within ConnectWise Automate and bring automation to your vulnerability management process. Incorporate auto-approval and installation of critical and security updates once they are released from Microsoft®. When you implement automation into the workflow, you help to reduce human error and save valuable time.

This article was provided by our service partner : connectwise.com

Managed Security Services

Managed Security Services—the Opportunity, the Risk, and the Challenge

Worldwide SMBs are projected to grow their spending on remote managed security to an estimated $21.2 billion by 2021, making it the highest growth area in the managed services market. Yet many IT service providers are shying away from this services goldmine because they don’t possess the people, process, or technology to address increasingly sophisticated cyberattacks. Ironically, your customers believe you are handling ‘all things’ security related, which begs the question; is there a way to have a common language to communicate and mitigate the ambiguity of ‘who owns the risk?’

Why does your customer feel you are responsible for ‘all things’ security related? Have you ever said any of the following things to a prospect and/or customer? “We are your outsourced IT department. We reduce your risk and exposure. Our Virtual CIO (vCIO) meets with you quarterly to ensure your business and technology requirements are in alignment. You pay one monthly fee that is outcome driven. We do it all!” For more than ten years, our industry has preached managed services at every industry event and customer/prospect engagement. Our industry has prophesized managed services and therefore conditioned our customers that ‘we do it all!’

With today’s attacks becoming more sophisticated, the days of securing ourselves and our customers through a tools-based model (endpoint and firewall protection, email security/backup, and DNS) are not enough. Some managed service providers (MSPs) have started to add phishing services with security awareness training, which is an excellent step in meeting compliance for security awareness training.

To recalibrate our customer’s mindset, we need to be able to speak a common language about how the threat landscape has changed, and what has worked for years, won’t work in the future. A cybersecurity risk assessment is necessary to identify the gaps in your customer’s critical security controls and to determine actions to close those gaps. Learning how to perform a risk assessment, and more importantly, the art of having the conversation about ‘who owns the risk,’ are the critical next steps an MSP should be taking with their customers if they are not today. Vulnerability scanning and continuous monitoring would be critical next steps, post risk assessment.

This article was provided by our service partner : connectwise.com

Automation

5 Ways Your Business Benefits from Automation

1: Improved Organization

Automation tools distribute information seamlessly. For instance, when you automatically create a quote for a new project and can invoice it from the same system, all of the information regarding the project is in the same place. You don’t need to go looking for it across multiple systems.

Automation ensures that the information is automatically sent where you need it, keeping your information current, and preventing your team from spending a lot of time looking for it.

2: Reduced Time Spent on Redundant Tasks

One of the biggest benefits to IT automation is the amount of time your team will save on manual, repeatable tasks. Leveraging automation helps your team reduce the time spent on creating tickets and configuring applications, which adds up over time. Based on estimates, it takes 5 to 7 minutes for techs to open up new tickets due to manual steps like assigning companies and contact information, finding and adding configurations, and more.

With automatic ticket routing, you can reduce the time spent on tickets to just 30 seconds. For a tech that works on 20 tickets a day, that results in 90 minutes a day, or 7.5 hours a week, in additional productivity.

3: Well-Established Processes

The best way to leverage the most benefit from IT automation is to ensure you create workflows and processes that are set up in advance. Establishing these workflows will ensure that you create a set of standards everyone on your team can follow without having to do additional work. Once these workflow rules are established, these processes can help establish consistency and efficiency within your operations – and ensure you deliver a consistent experience to your customers, regardless of which tech handles their tickets. The Rosemead serving auto accident lawyers can help with accident cases.

Furthermore, the documented, repeatable processes can help you scale by making it easier to accomplish more in less time. Your team can focus on providing excellent customer service and doing a great job when they don’t need to waste time thinking about the process itself.

4: Multi-department Visibility

Maintaining separate spreadsheets, accounts, and processes makes it difficult to really see how well your company is doing. To see how many projects are completed a day or how quickly projects are delivered, you may need to gather information about each employee’s performance to view the company as a whole.

Automation tools increase visibility into your business’s operations by centralizing data in a way that makes it easy to figure out holistically how your company performs, in addition to the performance of each individual team member. You can even isolate the performance of one department.

5: Increased Accountability

With so many different systems in place, it can be difficult to know exactly what is happening at every moment. For instance, if an employee wanted to delete tasks they didn’t want to do, you’d need processes in place to know this went on. What if deleting something was an accident? How would you know something was accidentally deleted and have the opportunity to get the information back?

Automation reduces human errors by providing a digital trail for your entire operation in one place. It provides increased accountability for everybody’s actions across different systems, so issues like these aren’t a problem.

Automation is an easy way to develop the increased accountability, visibility, and centralized processes required for your company to grow and serve more clients. When selecting the right automation tools for your business, ensure that whatever solutions you’re evaluating helps in these key areas. Technology that help you manage workflows, automate redundant tasks, provide consistent experience to all your customers will help you provide superior levels of service to your customers – and help improve your bottom line.

This article was provided by our service partner : connectwise.com

Technical Support

Top Pitfalls of the Internal IT Team (and How to Avoid Them)

To handle the deluge of daily tasks, your internal IT team needs to run like a well-oiled machine. From managing security and ticket flow to conducting routine maintenance and proactive monitoring, your team requires expert efficiency to stay at the top of their game.

But all too often, common pitfalls can complicate your to-do list, creating extra work for your team. Recognizing these time traps is the first step to avoiding them—the second step is developing a fool-proof plan to avoid them in the future.

Pitfall #1: Windows 10 and the Perils of Patching

Consider this: When a new patch is released, hackers immediately swoop in to compare the update to the preexisting operating system. This helps them identify where the security loophole is—then use the information to exploit end users and corporations that are slow to patch the breach. In 2018, attackers exploited patch updates to steal valuable personal data on users and payment information. While these instances only account for 6% of the year’s total breaches, the negative consequences for those attacked are profound.

For years, Patch Tuesday helped IT teams keep track of the Microsoft® software updates. But with Windows 10, system fixes are no longer released on such a predictable schedule. That doesn’t mean patching stops being a top priority though. Managing patching is essential to safeguarding your software and machines against external threats.

The best way to avoid this common pitfall is to standardize your team’s policy for automatic Windows 10 patching. Set up alerts to update your team as soon as a patch is released—and enable broad discovery capabilities that cover your company’s entire inventory of production systems. Remember: It only takes one vulnerable computer to put your entire network at risk.

Pitfall #2: Incorrect Ticket Routing

Your internal IT team may field countless help desk tickets a day, and to maintain your high level of customer service, the pressure is on to correctly route each ticket to an expert technician. But with manual routing, there are endless opportunities for mistakes. What’s more, if your team isn’t routing tickets based on knowledgeable resources, you’re creating delays that can throw off the entire routing process—which is bad for business.

To avoid the obstacles that come with ticket routing, consider ditching manual in favor of an automatic ticket routing program. Workflow automation is quickly becoming an industry standard. As more IT teams make the switch, it’s becoming increasingly important that you do the same.

Pitfall #3: The Flaws of Manual Processes

Try as you may, human error is impossible to avoid. And in a complex IT environment, manual processes create the potential for errors that can put your entire workflow—and your system’s security—at risk.

What if a real emergency hits and your team needs to respond quickly? In this instance, the small, day-to-day IT tasks should be set aside in order to deal with the bigger problem. But if these tasks still follow a manual process, forgetting them is out of the question.

The best way to avoid this scenario is by nixing manual processes in favor of automation, whenever possible. For cases where manual is still essential, make sure the process is formalized—and that your team is fully trained to follow protocol.

Pitfall #4: Maintaining an Inventory of Assets

It’s up to you to keep your team’s project on track—but when information is owned by multiple managers and dispersed across countless spreadsheets and documents, project management can be next to impossible. And the more complex the project, the larger your inventory of assets. Talk about an organizational pitfall.

To avoid asset chaos, you need to find a solution that allows key documents, data, and configurations to be readily available to the team members that need it most. This will cut down on the time you spend pinging John for that report or chasing down Sarah for that serial number.

There are a number of solutions that allow for easy asset inventories. Many companies opt for free options, like Google Drive, to cut down on costs. But in doing so, you often lose out on optimal information security. More advanced options at a price are designed to expertly guard and intuitively aggregate assets—meaning everything is kept organized and safe.

Pitfall #5: Repetitive Admin Tasks

There are some things in life we, unfortunately, can’t avoid. Admin tasks often fall into that category. But these day-to-day to-do items, like tracking time, aren’t just tedious—they take valuable time away from other, more vital tasks. When this happens, either the admin tasks aren’t completed, or the more important responsibilities aren’t completed up to par—a no-win situation.

Ask yourself a question: Is your time really best spent making sure your techs are entering their time or tracking down that rogue endpoint? No, probably not. In lieu of hiring a full-time administrative assistant, try using a program that can consistently complete admin tasks. This way, you can focus your attention on bigger, more important projects while the tedious—but necessary—tasks get done.

Pitfall #6: More Reactive Than Proactive

As an expert IT professional, you can spend a lot of time putting out fires. System bugs, holes in security—whatever the issue, once you fall into the habit of taking a reactive approach to problems, you’re already losing efficiency. And when you’re inefficient, the end users’ productivity is plummeting.

A proactive approach to solving internal infrastructure issues is far superior, allowing you to fix infrastructure issues before they happen. The right software can help make this process that much easier; but before choosing one, consider these two key components of proactive IT problem-solving.

First, you need the ability to easily monitor and remotely control sessions. This will give you valuable insight into your team’s workflow and efficiency. Second, search for a program that facilitates system response monitoring. This will help improve your overall response time, so you’ll spend less time putting fires out. Renewed speed will also impress your end users, earning your team a reputation for efficiency.

With the right product and processes in place, your team will gain a firmer grip on proactive operations—and be more prepared to tackle reactive situations.

This article was provided by our service partner Connectwise.com