Category Archives: IT security

Grim ‘Reaper’ Botnet Could Come for Your Candy

'Reaper' Botnet

 

By Tony Ramsey, Practice Manager, Networking & Security

IoT devices and gadgets which are the primary target of the ‘Reaper’ botnet present a new attack vector and easy-to-exploit vulnerabilities. These vulnerabilities. coupled with the number of IoT devices, have certainly helped the ‘Reaper’ botnet reach the critical mass needed to deliver a massive DDoS attack or a crippling payload to its victims. But don’t fret, it hasn’t done so yet. When compared to the Mirai botnet attack last year, the good news is that security experts are more prepared for it. 

The major concern is the sheer number of infected devices and their combined computing power harnessed by botnet controllers through injection of malicious code that has the potential to cause massive problems.  

The numbers provided by 360 Netlab are impressive:

Infected bots connected to one controller: About 28,000 infected devices

Number of devices vulnerable to ‘Reaper’ botnet: As far as two million

It’s important to note, however, that this botnet has already lost the element of surprise. The ‘Reaper’ botnet controllers and some of its code are now known to the internet security community. Its method of infection: exploiting known vulnerabilities and its propagation between devices are also being analyzed.

Therefore, it is no longer a question of detection but prevention.  

This is certainly the time for device vendors to provide security patches for hardware and software platforms to address the specific exploitable vulnerabilities.

There’s much anxiety in the internet security community since we’ve not yet seen any attacks or malicious activity and the Reaper botnet still seems to be in the expansion phase; its intention for a concerted malicious attack is yet unknown, but we know that its potential magnitude of damage is quite large. 

Some of the infected networked devices are mainly for home and SOHO use, so education and awareness is needed by consumers who aren’t necessarily accustomed to applying security patches and in-depth configurations for threat mitigation.

‘Reaper’ Botnet Update:

The original claim in the security world that this is one of the largest botnet infections ever has been significantly reduced. As of today, the prediction is that the ‘Reaper’ botnet isn’t as far reaching as expected, but it could change at any moment. The question is, will the ‘Reaper’ botnet cause more widespread damage than the infamous Mirai?

 

KRACK & Adobe Flash Vulnerabilities: How to Protect Now & Prevent Later

Security VulnerabiilityAs you may know, there were multiple major security vulnerabilities announced yesterday. One specifically related to the WPA2 WiFi Security Protocol dubbed “KRACK” and another related to Adobe Flash. What happened and how can you protect your environment from the KRACK & Adobe Flash vulnerabilities? Below is what we shared with our current Managed Services customers, but even if you work with another provider or handle all of your IT system monitoring and management yourself, this may be helpful toward further understanding your risks and how to protect your environment.

WPA2 “KRACK” Vulnerability


What is it?: A critical vulnerability in the WiFi Protected Access II (WPA2) protocol which could allow someone within range of your wireless network to gain unauthorized access to traffic over that connection. 

This vulnerability applies to any device that utilizes the WPA2 protocol to establish secure connections, including Wireless Access Points, Endpoints (laptops, desktops), and Mobile Devices.

Microsoft has already released a patch and it is included in the October Security Rollup. For customers currently enrolled in our desktop patching program, this roll-up has been approved for immediate install. For customers enrolled in our Server patching program, we will apply the October Security Rollup per the normal patching schedule as servers typically will not have WiFi enabled. 

Further – some recommendations for your end users:

  • Avoid public WiFi (such as coffee shops, hotels, etc.)
  • When connected to WiFi, try to limit browsing to HTTPS sites
  • Consider using a VPN which will encrypt traffic end-to-end

While patching your endpoints will substantially mitigate the vulnerability, GreenPages will be watching for upcoming available patches and updates for the network devices in your environment in the coming days and weeks and will work with you to apply those expeditiously.

More specific details on this WiFi vulnerability can be found here.

Adobe Flash Vulnerability:

Adobe released a security update for a vulnerability that was recently discovered that could lead to remote code execution. 

  • If you are currently enrolled in a 3rd party patching program that includes Adobe Flash, we have already approved this patch for deployment to your environment.
  • If you are not enrolled, due to the risk potential for this vulnerability, it is highly recommended that you apply this patch to all devices in your environment. 

The Adobe Flash Security Bulletin can be found here.  

We’ll be writing a follow-up post next week about the KRACK & Adobe Flash vulnerabilities once the dust has settled to see how the industry has reacted and responded to these vulnerabilities so please check back then.

To learn more about GreenPages Server, Desktop, 3rd Party Patching, and Managed Services Programs, please call 800-989-2989 and we can set up a call to discuss.

By:

Jay Keating, VP Cloud & Managed Services
Aaron Boissonnault, Director, Hybrid Cloud Operations
Steve Stein, Director, Client Services

EndPoint Protection: Stopping Attacks Like WannaCry

Endpoint ComplianceIn the past few days, the WannaCry ransomware has attacked organizations all over the globe, in over 100 countries. It is believed to be the biggest attack of its kind ever. The malware enables the attacker to target endpoints without the users’ knowledge, which is exactly why endpoint protection is so crucial. This is causing massive issues in businesses all around the world. As of Sunday,

“More than 130,000 systems have already been compromised.” (Kessem, 2017)

Using a network monitoring tool is an ideal way to classify every PC, tablet, and smartphone on your network to determine if they are safe or not. An agentless monitoring tool gives your company the ability to see and control managed, unmanaged, and IoT devices.  In addition, 99% of computers are vulnerable to exploit kits, making unmanaged computers a serious threat to your network. The number of data breaches is growing exponentially, with more advanced malware and technology making it easier for hackers to get inside.

[Download Our Webinar on 20 Critical Security Controls Every Modern Company Should Have]

The Importance of Endpoint Protection

This is why a powerful endpoint compliance strategy is so crucial. There are no endpoint agents required for network access control authentication, which enables seamless visibility of every device and type connecting to your network. Network Access Controls can also help you detect and take action against suspicious endpoints the instant they access the network. It can also protect you against hacked Internet of Things devices, such as the Nest Thermostat, Phillips Hub, smart microwaves, smart ovens, security cameras, and much more. With hundreds of different, unsecured IoT devices connecting to your networks, it is vital for your company to know what they are. Using an agentless technology can help you discover, separate and assess devices on your network. Check out this great in-depth article on Network World.

Interested in learning more about how to protect your company?

Download our webinar recording on 20 critical security controls and learn what you can implement to gain understanding into the security of your environment and protect your company

By Jake Cryan, Digital Marketing Specialist

What IT Can Learn From Sochi

 

By Ben Stephenson, Journey to the Cloud

It’s no secret that the Winter Olympics in Sochi has had its fair share of problems. From infrastructure issues, to handling incidents, to security, to amenities for athletes, it seems like anything that could go wrong has gone wrong. So, what can IT learn from what has unfolded at Sochi?

Have your infrastructure in place beforehand

There are plenty of examples from Sochi about the proper infrastructure not being in place before the games started. There was unfinished construction around the city that consisted of exposed wires, uncovered manholes and buildings that weren’t finished. Many of the hotels were also unfinished. Some didn’t have working elevators, completed lobbies, or even running water (not to mention toilets that don’t flush). There’s a great picture circulating the web of an employee spray painting the grass green outside of an Olympic venue. Even the rings at the opening ceremonies malfunctioned. There were also safety concerns regarding the infrastructure of some of the ski / snowboard courses. The women’s downhill ski training runs were delayed after only three racers on the opening day because it was deemed too dangerous because one of the jumps was too big and athletes were “getting too much air.” In addition, Shawn White pulled out of the slopestyle event over safety concerns.

Sochi Elevator

Sochi Bucket Lift

Sochi grass

 

The first takeaway for IT from Sochi is to have your infrastructure in place and running properly before trying to start new projects. For example, if your organization is going to rollout a virtual desktop initiative you better take the proper steps beforehand to ensure a smooth rollout or you’re going to have a lot of angry people to deal with. For example, you need the correct WAN bandwidth between offices as well as the correct storage requirements in place for suitable performance. You also need to ensure that you have the correct network infrastructure in place beforehand to handle additional traffic. Finally, you need the proper server infrastructure set up for the redundancy and horse power necessary to deliver virtual desktops.

Make sure you have a way of handling incidents as they arise

There are always going to be unexpected circumstances that arise during the course of an event or project that have the potential of throwing you off. For example, there was a pillow shortage for Olympic athletes in Sochi. The following message went out to surrounding communities

“ATTENTION, DEAR COLLEAGUES! Due to an extreme shortage of pillows for athletes who unexpectedly arrived at Olympic Village in the mountains, there will be a transfer of pillows from all apartments to the storehouse on 2 February 2014. Please be understanding. We have to help the athletes out of this bind.”

I’m not going to pretend like I know what the plan was ahead of time to deal with supply shortages, but I’m going to go out on a limb and guess it wasn’t to borrow used pillows from strangers.

Sochi Pillow

IT needs to make sure they have detailed plans in place BEFORE starting a project so there is a protocol to deal with unexpected issues as they arise. For example, a few months back GreenPages moved its datacenter. Our team put together an extremely detailed plan that broke out every phase of the move down to 15 minute increments. They devised teams for specific phases that had a communication plan for each team and also devised a backup emergency plan in the event they hit any issues the night of the move. This detailed planning of how to deal with various issues in different scenarios was a big reason why the move ended up being a success.

Have proper security measures in place

Another picture that is circulating the web was taken by a journalist who returned to her hotel room to find keys in her door and the door wide open…even though she left the room with the door shut and locked. There were also reports that visitors in Sochi faced widespread hacking on their mobile devices. IT departments need to make sure that the proper security measures are in place for its end users to protect corporate data. This includes implementing authentication and encryption, using intrusion detection technologies, and edge scanning for viruses.

Sochi door lock

 

When dealing with top talent, make sure they have the tools to get their jobs done & stay happy

Olympic athletes certainly qualify as top talent, as they represent the best of the best at their crafts in the entire world. When dealing with top talent, you need to make sure they have the tools to get their jobs done and to stay happy. The yellow colored tap water in Sochi is probably not all that appealing to world class athletes who may be looking to quench their thirst after a long day on the mountain. I can’t imagine that the small bathroom with multiple toilets, but no stalls or dividers, goes over very well either.

Sochi Drinking Water

sochi toilets

 

In the business world, it’s important to retain top talent. IT can help keep employees happy and enable them to do their jobs in a variety of ways. One example is to make sure you’re offering the applications that people actually use and want. Another example is empowering employees to use the devices of their choice by implementing a BYOD policy.

Conclusion

Take these lessons from this year’s Winter Olympics in Sochi and apply them to your IT strategy and maybe one day you too can win your very own shiny gold medal.

 

If you would like to learn more about how GreenPages can help you with your IT operations fill out this form!

 

Photo credit http://bleacherreport.com/articles/1952496-the-20-biggest-sochiproblems

 

Cloud Security: From Hacking the Mainframe to Protecting Identity

By Andi Mann, Vice President, Strategic Solutions at CA

Cloud computing, mobility, and the Internet of Things are leading us towards a more technology-driven world. In my last blog, I wrote about how the Internet of Things will change our everyday lives, but with these new technologies comes new risks to the organization.

To understand how recent trends are shifting security, let’s revisit the golden age of hacking movies from the ‘80s and ‘90s. A recent post by Alexis Madrigal of The Atlantic sums up this era of Hollywood hackers by saying that “the mainframe was unhackable unless [the hackers] were in the room, in which case, it was simple.” That’s not far off from how IT security was structured in those years. Enterprises secured data by keeping everything inside a corporate firewall and only granting accessed to employees within the perimeter. Typically, the perimeter extended as far as the walls of the building.

When the cloud emerged on the scene, every IT professional said that it was too risky and introduced too many points of vulnerability. They weren’t wrong, but the advantages of the cloud, such as increased productivity, collaboration, and innovation, weren’t about to be ignored by the business. If the IT department just said no to cloud, the business could go elsewhere for their IT services – after all, the cloud doesn’t care who signs the checks. In fact, a recent survey revealed that in 60% of organizations, the business occasionally “circumvents IT and purchases technology on their own to support a project,” a practice commonly referred to as rogue IT, and another recent study found a direct correlation between rogue IT and data loss. This is obviously something that the IT department can’t ignore.

Identity is the New Perimeter

The proliferation of cloud connected devices and users accessing data from outside the firewall demands a shift in the way we secure data. Security is no longer about locking down the perimeter – it’s about understanding who is accessing the information and the data they’re allowed to access. IT needs to implement an identity-centric approach to secure data, but according to a recent Ponemon study, only 29% of organizations are confident that they can authenticate users in the cloud. At first glance, that appears to be a shockingly low number, but if you think about it, how do you verify identity? Usernames and passwords, while still the norm, are not sufficient to prove identity and sure, you can identify a device connected to the network, but can you verify the identity of the person using the device?

In a recent @CloudCommons tweetchat on cloud security, the issue of proving the identity of cloud users kept cropping up:

 Andi Mann

Today’s hackers don’t need to break into your data center to steal your data. They just need an access point and your username and password. That’s why identity and access management is such a critical component of IT security. New technologies are emerging to meet the security challenge, such as strong authentication software that analyzes risk and looks for irregularities when a user tries to access data. If a user tries to access data from a new device, the strong authentication software will recognize that it’s a new device and extra authentication flows kick in that require the user to further verify their identity.

What IT should be doing now to secure identity

To take advantage of cloud computing, mobility, and the Internet of Things in a secure way, the IT department needs to implement these types of new and innovative technologies that focus on verifying identity. In addition to implementing new technologies, the IT department needs to enact a broader cloud and mobile device strategy that puts the right policies and procedures in place and focuses on educating employees to minimize risk. Those in charge of IT security must also establish a trust framework that enforces how you identify, secure and authenticate new employees and devices.

Cloud computing, mobile devices, and the Internet of Things can’t be ignored by IT and the sooner a trust framework and a cloud security strategy is established, the sooner your organization can take advantage of new and innovative technologies, allowing the business to reap the benefits of cloud, mobile, and the Internet of Things, while keeping the data safe and sound. And to me, that sounds like a blockbuster for IT.

 

Andi Mann is vice president of Strategic Solutions at CA Technologies. With over 25 years’ experience across four continents, Andi has deep expertise of enterprise software on cloud, mainframe, midrange, server and desktop systems. Andi has worked within IT for global corporations, with software vendors, and as a leading industry analyst. He has been published in the New York Times, USA Today, Forbes, CIO, Wall Street Journal, and more, and has presented worldwide on virtualization, cloud, automation, and IT management. Andi is a co-author of the popular handbook, ‘Visible Ops – Private Cloud’, and the IT leader’s guide to business innovation, ‘The Innovative CIO’. He blogs at https://pleasediscuss.com/andimann and tweets as @AndiMann.