SpireTech Blog - Category: Security
IT Security topics
This month, a proof-of-concept (PoC) was sold on a hacker forum, suggesting that cybercriminals may be moving to a new level of sophistication in their assaults. By embedding malware inside video cards from AMD and NVIDIA, the criminals are able to better hide and stay under cyber security radars. The most recent proof-of-concept (POC) does not persist beyond a reboot, because it is not permanently installed in firmware – but other POC’s have demonstrated the ability to infect firmware.
There is nothing we can do at the moment to detect this type of malware. The only thing we can do is educate: Be careful what you click on and download. Avoid pop-ups and suspicious links: Cybercriminals can use malicious advertisements or fake online videos to lure you into clicking on them, which may lead to a phishing scam. Only click on links from trusted sources. If it’s not clear where the link leads, do some research before following it.
Today, the US Cybersecurity and Infrastructure Security Agency (CISA) announced that it has added single-factor authentication (SFA) to a rather short list of cybersecurity bad practices it recommends against.
The CISA’s “Bad Practices” list includes procedures that the federal government has deemed “extremely dangerous” and that should not be used by organizations in the public and private sectors, since they expose them to an unnecessary risk of their systems being hacked by threat actors.
Since the list was released in September 2017, it has been updated twice to include new practices that should be avoided at all costs.
In its latest update, CISA additionally added SFA to a list that includes bad practices such as using only one factor for authentication when authenticating into cloud or web applications; reusing passwords across multiple accounts (e.g. using the same password for a corporate and a personal email account); or exposing public folders to everyone with access to an organization’s IT resources. Read more...
Some of our employees just returned from a training session in Denver, CO – the first time we’ve attended such an event in person since Early 2020. Most of the discussion revolved around security and the persistent threat of ransomware.
We heard first-hand experiences from others that have been the victim of ransomware attacks. Ransomware is devastating to any business, and is certainly top of mind for us. While our basic managed services package includes Sophos Intercept X, which does well at stopping ransomware, we need to do more. Behind the scenes, we’ve been taking actions to increase our security posture and better protect our clients. In the coming months, we’ll be introducing additional security services to help keep our clients safe and secure – while at the same time increasing our readiness in case of an incident.
IT security is becoming more of an issue for insurance coverage, renewals, and large clients of our clients. Read more...
Although SpireTech uses Kaseya software for systems management, neither SpireTech or our customers were victims of the latest headline news breach. Our response, analysis of the hack, explanation of why we were not affected, and plans moving forward are below.
Kaseya makes software for IT systems management. It is used by enterprises and managed service providers alike to streamline technician effectiveness, enabling a few technicians to manage thousands of systems at scale, including patch management, health monitoring, and providing helpdesk services. Kaseya, based in Miami Florida, is one of the largest vendors of this type of software. SpireTech has been using Kaseya software for over ten years.
We sent the following notification to VIPsupport client key contacts on Friday afternoon:
On Friday 7/2/21 at 12:48pm PT we were notified by our Remote Monitoring & Management vendor, Kaseya, of an active security incident involving their software being used to deploy ransomware, and advising us to shutdown our management server until security experts can determine the cause.
We have shutdown our server under the presumption this will protect us (and you), and are actively monitoring our Sophos Intercept-X software for indicators of compromise – and at this point, there are none.
A new vulnerability affecting most Dell computers was announced this week. The vulnerability cannot be exploited remotely – but we have remediated the issue.
Our NOC team prepared an automation and removed the vulnerable file from all Dell systems supported under our VIPsupport management. Dell is releasing updates to their firmware update tool that will prevent this vulnerability from being exposed or reinstalled.
For more information on the vulnerability, you can visit Dell’s webpage regarding the issue here.
Apr 1, 2021
On the one-year anniversary of our cloud server migration solution, we’d like to re-post a youtube video of it in action: https://www.youtube.com/watch?v=ySvx4-6K8sQ
Ubiquiti, a vendor best known for inexpensive and reliable Wi-Fi gear has been hacked. Rumor is that an employee’s LastPass credentials were stolen, which allowed hackers access to Ubiquiti’s entire infrastructure, including customer data, passwords, and so on. The IT community has been annoyed by the vendor’s evasiveness in its response.
While we use and recommend Ubiquiti Wi-Fi gear, we do not use their cloud-hosted wireless management servers, and do not store information on Ubiquiti servers, so we do not believe our clients are impacted.
For more information on the breach, see https://www.theverge.com/2021/3/31/22360409/ubiquiti-networking-data-breach-response-whistleblower-cybersecurity-incident
Our service desk spent an unusual amount of time last month troubleshooting internet connectivity related issues for clients. Typically, we’re looking at speed or downtime issues at an office that workers are trying to connect to over VPN to work remotely. Oftentimes, we’re spending a lot of time dealing with technical support at the various ISP’s around town – which has led us to have opinions on who is good and who is not in the Portland metro area. It is almost always the ISP’s problem, and certain ones have earned a well-deserved spot on our “bad” list for being time-wasters or just plain unreliable. Talk to us before you order internet, please.
What can we do to mitigate these speed or reliability issues? There are two things:
- If you are keeping your office long term and have a second ISP available in your area, we can look at redundant internet connections, combined with a Bigleaf appliance. Bigleaf is a local company in Beaverton that offers affordable appliances that handle redundancy and speed optimization automatically. This is also useful when you are using a phone system that relies on the internet to function, such as VoIP.
An update that Microsoft released in March caused issues for many users, ranging from printouts and PDF exports containing no text, jumbled text/graphics, applications freezing or giving errors, or even a full system crash (aka “blue screen”) when attempting to print. We quickly blocked it from being installed, but had to roll it back on many systems where it had already been deployed. The “fix” to the patch that was subsequently released also caused further issues. This is unfortunate, because the patch also contains important security fixes.
We believe that the next update that will be released in April will fix the bug but we are proceeding carefully. For further technical information, please see the following article: https://windowsreport.com/kb5000802-kb5000808-bsod/