Posted by on

Five Essential Steps You Should Be Following to Protect Your Business

Cybersecurity threats are an ongoing issue for various industries from medical practices to architecture and engineering firms. Unfortunately, the consequences can often be disastrous, leading to breaches in confidential data or sensitive client information.

These cyber security threats are alarming and the data is clear:

A new study found that 22.8 million people were affected by healthcare security breaches in the first half of 2021.

During the first half of 2021 the number of breaches reported to the U.S. Dept of Health and Human Services Office for Civil Rights rose by 27%.

Cybercrime is slated to cause as much as $6 trillion in damages this year around the globe.

So how can you protect your business from these cybersecurity threats? By providing adequate training for all employees and ironclad security measures to protect all clients.

Foundational Security Training for Every Employee

The greatest security threat to any business is actually a minor mistake made by an employee that could result in a breach or attack.  Read more...


Posted by on

Much of what we write about, and often repeat around security in this newsletter is based on actual experiences and real-world stories that SpireTech has been a part of or privy to learn about from others in the security industry that often may not hit the news.  We never reveal the identity of those affected – but we do use these experiences to improve, and hopefully advise our clients of things to do (or not do).  We hope you take our advice to heart. 

We’ve talked about how people working from home should be using company-secured computers, or at least subscribe to our add-on package for securing home computers.  Many recent stories of attacks have the same common trends that we’ve written about before. Lack of multi-factor-authentication on email or services on the web that can lead to compromise, aged hardware such as firewalls or network equipment that contain firmware vulnerabilities the vendor is no longer supporting or providing updates on, and often relying on some of the ‘ease of access’ that is present in software but may not be ‘safe’ to use.    Read more...


Posted by on

This month, a proof-of-concept (PoC) was sold on a hacker forum, suggesting that cybercriminals may be moving to a new level of sophistication in their assaults.  By embedding malware inside video cards from AMD and NVIDIA, the criminals are able to better hide and stay under cyber security radars.  The most recent proof-of-concept (POC) does not persist beyond a reboot, because it is not permanently installed in firmware – but other POC’s have demonstrated the ability to infect firmware. 

There is nothing we can do at the moment to detect this type of malware.  The only thing we can do is educate:  Be careful what you click on and download. Avoid pop-ups and suspicious links: Cybercriminals can use malicious advertisements or fake online videos to lure you into clicking on them, which may lead to a phishing scam.  Only click on links from trusted sources. If it’s not clear where the link leads, do some research before following it.


Posted by on

Today, the US Cybersecurity and Infrastructure Security Agency (CISA) announced that it has added single-factor authentication (SFA) to a rather short list of cybersecurity bad practices it recommends against. 

The CISA’s “Bad Practices” list includes procedures that the federal government has deemed “extremely dangerous” and that should not be used by organizations in the public and private sectors, since they expose them to an unnecessary risk of their systems being hacked by threat actors. 

Since the list was released in September 2017, it has been updated twice to include new practices that should be avoided at all costs. 

In its latest update, CISA additionally added SFA to a list that includes bad practices such as using only one factor for authentication when authenticating into cloud or web applications; reusing passwords across multiple accounts (e.g. using the same password for a corporate and a personal email account); or exposing public folders to everyone with access to an organization’s IT resources.   Read more...


Posted by on

Although SpireTech uses Kaseya software for systems management, neither SpireTech or our customers were victims of the latest headline news breach.  Our response, analysis of the hack, explanation of why  we were not affected, and plans moving forward are below. 

Background 

Kaseya makes software for IT systems management.  It is used by enterprises and managed service providers alike to streamline technician effectiveness, enabling a few technicians to manage thousands of systems at scale, including patch management, health monitoring, and providing helpdesk services.  Kaseya, based in Miami Florida, is one of the largest vendors of this type of software.  SpireTech has been using Kaseya software for over ten years. 

Initial response 

We sent the following notification to VIPsupport client key contacts on Friday afternoon:  

On Friday 7/2/21 at 12:48pm PT we were notified by our Remote Monitoring & Management vendor, Kaseya, of an active security incident involving their software being used to deploy ransomware, and advising us to shutdown our management server until security experts can determine the cause. 

We have shutdown our server under the presumption this will protect us (and you), and are actively monitoring our Sophos Intercept-X software for indicators of compromise – and at this point, there are none.   

  Read more...

Posted by on

SpireTech does not use any SolarWinds software.  However, the longer-term effects of this hack are likely not going to be known for a while – if at all – because SolarWinds was used by many government agencies and larger enterprise companies.

As of this point, we know of no customer-affecting data breaches as a result of this hack.  However, with a hack of this magnitude, it is important to consider the larger supply chain – perhaps even your vendor’s vendors.  For example, Microsoft makes extensive use of contractors.  Microsoft has disclosed they were affected by the SolarWinds hack and there was unauthorized read-only access to their source code repository.  No access to customer data has been reported or disclosed as of this writing. 


Posted by on
To effectively monitor and manage their client’s systems MSPs (Managed service providers) often establish remote connections to all their client’s networks. Unfortunately, those multiple connections make MSPs a prime target for ransomware and hacking.

Posted by on

Evolved from Emotet and Trickbot malware, Trickboot has the ability to modify your computer’s firmware – basically, the portion of code that lives in chips in your motherboard – to survive even after a complete wipe and reinstall of your hard drive. 

The best defense against this malware is user education – typically, a user is tricked into opening a compromised Word document, usually received via an email attachment or link, and accepting macros. This causes the malware to execute and potentially download other harmful malware to your computer.  Be sure that any attachments you receive are legitimate – even attachments from “trusted” senders could be compromised.  If in doubt, forward to our helpdesk for advice on how to proceed. 


Posted by on

Over the last two months, we have seen several customers have their WordPress websites hacked.  Hackers installed a plugin or other backdoors and used the sites to send thousands of spam messages – or worse.  All sites were successfully recovered from backup and repaired by our IT Service desk, which is a billable event. 

Our investigation revealed that the hacks were due to sites not being kept up to date with security updates, or poor password management practices.  Read the rest of this month’s articles to discover ways to secure your WordPress website, and Managed WordPress hosting


Posted by on

In response to frequent WordPress hacks, we thought it might be helpful to write about some of the best practices we’ve used to secure WordPress websites. 

  1. Use unique, strong passwords for your login.  One of the techniques hackers use is a stolen password – a password you’ve used elsewhere – to login to your site.  Another technique is to crack a weak password using a bot, repeatedly trying weak password combinations. 
  1. Use Multifactor Authentication at your Wordpress login. Plugins such as “Google Authenticator” will implement this. 
  1. Update your installation at least monthly.  This includes updating WordPress itself, all plugins, and any themes you’ve installed.  
  1. Change your login page.  Bots will try the default login URL to find your login page.  Simply changing this URL to something unique will give them nothing to probe.  Plugins such as “WPS Hide Login” (https://wordpress.org/plugins/wps-hide-login/) can help make this change easily. 
  1. Install a security plugin.  Multiple plugins exist for free that will ban IP addresses that repeatedly try to access your login page, or change the default URL for you.  Caution
  Read more...
1 2 3 7