Category Archives: IT Services

Has Malware Made a Home in Your Router?

Hackers and cybercriminals, like most people, tend to gravitate towards high-reward activities. In this case, that means that focus is turning to creating malware that attacks the router, potentially infecting the users that leverage it to connect wirelessly to the Internet. Researchers at Kaspersky Lab recently discovered an example of such a malware, so today, we will review this threat and how to best protect your network.

Slingshot
This threat, codenamed Slingshot, targets MikroTik routers and utilizes a multi-layer attack to spy on the PCs connected to the router. By replacing a library file with a malicious alternative that subsequently downloads other pieces of the malware, Slingshot is able to bypass security solutions unscathed. It then launches a two-pronged attack, one leveraging low-level kernel code to give an intruder carte blanche access to a system, the second managing the file system and preserving the malware – allowing it to continue.

If this sounds impressive, it is – not only does this attack access additional code from an encrypted virtual file system, it does so without crashing its host. This quality and complexity led the security experts at Kaspersky Lab to conclude that this attack was state-sponsored. Based on reports, this malware can collect just about any data that it wants to from its target, from keystrokes to passwords to screenshots to network traffic.

According to MicroTik, their routing firmware has received a patch for this vulnerability, but it is still unknown if routers from other manufacturers are affected. If they have, Slingshot could suddenly become a much larger issue than it already is.

Other Router Malware
Of course, Slingshot isn’t the only issue that affects router security. The fail-safes and security measures baked into routers have been historically unreliable. This can largely be attributed to manufacturers building numerous products with no comprehensive strategy concerning their security and keeping it up-to-date. However, this doesn’t mean that the user is off the hook, either. It is up to them to actually update the router’s firmware, not something that is necessarily their first, second, or even twenty-third thought. Furthermore, the updating process can often be challenging, as well as time-consuming.

Hackers will often change the DNS server setting on a router in order to attack a network. Rather than directing you to the secure website you are trying to navigate to, the altered DNS will instead send you to a phishing site. Since these sites are often convincingly created and designed to fool their targets, you may not realize you are being victimized until it has already happened.

In addition to attacks like these, hackers will also often use methods like barraging their targets with ads or infiltrating them via drive-by download. Some attacks leverage cross-site request forgery, where a hacker will develop a rogue piece of JavaScript that will attempt to load a router’s web-admin page to alter the router’s settings.

How to Mitigate Damage to You
If you suspect that you are the target of a router-based attack, your first step should be to confirm that something is wrong. While there are assorted ways to accomplish this, the most effective is to check if your DNS server has been changed. To check, you’ll need to access your router’s web-based setup page, and from there, the Internet connection screen. If your DNS setting is ‘automatic,’ you should be okay. However, if it says “manual,” with custom DNS servers entered, you may have a problem.

In order to mitigate damage in the case of compromise, you’ll need to make sure that your router matches the specifications set by the manufacturer. To do this, make sure you:

  • Promptly install firmware updates: Keeping your router’s firmware up-to-date will assist you in keeping your router secure.
  • Disable remote access: By disabling the capacity for your router to be accessed remotely, you prevent the chance of someone changing the settings without your knowledge.
  • Disable UPnP: While there is definitely some convenience to be had with the assistance of plug and play capabilities, UPnP could lead to your router becoming infected, as it is predisposed to trust any requests it receives.
  • Change your access credentials: A simple means of upping your security is to change your access credentials away from the router defaults.

If you want to know more about your cybersecurity, the professionals at Net Activity are there here to help you keep your network and infrastructure safe. Call us at 216-503-5150.

Source – http://www.netactivity.us/malware-router/

Advertisements

Is Switching to a Third Party Hardware Maintenance Provider a Good Idea?

IT managers usually face the fiscal pressure of reducing costs while improving operational efficiency. One of the major costs involves repairing and replacing system hardware components. Strategies that help in extending legacy hardware life cycles are gaining popularity. They allow organizations to continue using the hardware for a longer duration and thereby minimize the cost of IT.  While it’s difficult to maintain a balance between legacy and contemporary hardware, this complex environment invites major challenges, this complex environment is important to maximize the value of data center systems.

alexandru-bogdan-ghita-481900-768x512

All of these strategies that aim at extending hardware life cycles focus on having alternative hardware maintenance plans. A major problem here is relying too much on the OEMs (original equipment manufacturers). They undoubtedly offer best-of-the-class experience; however depending solely on the OEMs would leave the hardware uncovered once the end-of-service-life date arrives. Moreover, the extended warranties are way too expensive. A better solution would be to hire the services of third party providers. Let’s see how…

Reduced Costs

Cash is often a huge concern and bottom line for IT managers while aligning operations and business priorities. Getting Dell, HP, EMC support from third party IT Managed Service providers seems to be more budget-friendly.

Simplified Approach

While concerning with OEMs for managing extended warranties of the hardware of your data centers is difficult. It leaves the IT managers confused with many points of contact and complexity that eventually increases the gap. A third-party provider possess the capability to handle multiple device types at a time ensuring that the IT managers focus on their core tasks rather than communicating with many points of contact at the OEMs.

Flexibility

OEMs have their support models. However, they concentrate more on their business’ core competency – selling hardware. Maintenance is the secondary goal and they often have rigid maintenance plans while they strive to excel in their primary goals i.e. the operational sales. IT managed service providers promote support activities as their core competency and therefore can adapt easily to different client demands. IT managers can be more comfortable working with these third-party providers.

Value Addition

A third-party IT maintenance provider offers reliable plans at the best market value. A partnership with them also gives IT managers the access to refurbished parts, making component purchasing decisions, migrating data, and help them move hardware between facilities.

Although hardware maintenance may not seem to be the game changer or revenue generator for businesses, it helps IT manager greatly to simplify operations. Net Activity, Inc. is an IT Managed Service provider in Cleveland that conforms to the latest technological advancements while delivering best-in-class service to its clients around Ohio. Please contact Harry Bhatia at 888-545-5346 to discuss further or visit our website http://www.netactivity.us/it-managed-services.html for more information.

Source – http://www.netactivity.us/blog/is-switching-to-a-third-party-hardware-maintenance-provider-a-good-idea/

Why Your IT Needs a Disaster Recovery Plan

We often hear in the news costly business disasters due to infected IT and mostly the losses are too big to overcome. Most of the time the IT disaster is harmful to an extent that data cannot be recovered and so, it is very important to have a disaster recovery plan.

33539041686_9489d3f599_h

Although planning for the unexpected can be difficult, it shields you when a natural or man-made disaster happens. It’s unpredictable as to how likely your organization is prone to cyber-attacks, it is vital for every organization must take IT disaster recovery and prevention as its primary objective. Here’s why:

HARDWARE IS BOUND TO FAIL

While IT hardware is built with the most secure practices and using tough components, there are doorways to peep in. Internet connections are a profound source of these kinds of interventions and disaster recovery plan is the only way to save the priceless data from being corrupted. A more sensible option is to have your data regularly backed-up by outsourcing your IT infrastructure to a Disaster Recovery service provider rather than building your own data center.

TO ERR IS HUMAN

Much like machines, humans also are not perfect. So, a disaster recovery system is essential that will keep log files by creating online backups and letting you restore files easily.

CUSTOMERS EXPECT PERFECT, ON-TIME DELIVERY

Customers have an advantage today as there are many options available in the market. If you can’t deliver on time, your competitor will. So, being prepared with a disaster recovery plan is always a good idea. You cannot complain about your anomalies to customers.

LOSING CUSTOMERS IS DEVASTATINGLY EXPENSIVE

It is widely known that retaining a customer is comparatively cheaper than re-acquisition of an old customer after an IT disaster. Customers maybe disgruntled when they learn that the organization they rely upon does not have enough security to secure their data. So, it is recommended to have a plan to detect defects long before they cause lasting damage to your business.

Net Activity, Inc. understands IT loopholes better and serves their best to shield you with proven disaster recovery plans and online backup systems. We are a company that has been providing IT Managed Services across the country since 2002 and ensure that your IT infrastructure remains safe and healthy.  Contact Net Activity today at 216-503-5150 to set up a Disaster Recovery Plan.

Source – http://www.netactivity.us/blog/why-your-it-needs-a-disaster-recovery-plan/

US Government’s Revelations Against North Korea Cyber Attacks

Recently, the FBI and The Department of Homeland Security (DHS) issued alerts to warn people of two types of malicious software or malware that the North Korean hackers are using to attack telecom, media, aviation, and finance industries.

One of the malwares is known as FALLCHILL and has been in use since 2016. It facilitates hackers to get access of and monitor infected computers remotely. The malware spreads when users accidentally download it by visiting infected websites. The DHS and FBI also mentioned that FALLCHILL uses multiple layers of ‘proxy malware’ to conceal its origin and makes it even more difficult to trace the hackers.

attack-1654734_1920

Another type of malware introduced by the North Korean hackers, named VOLGMER uses a spear phishing technique to infect computers. It sends a legitimate-looking email with a link that spreads the virus when clicked on. The US authorities say that North Korean computer hackers have been using this malware since 2013.

According to the DHS and FBI identified both the above mentioned malwares to be in association with HIDDEN COBRA, a term used by the US government to refer to the “suspicious & malicious cyber activity by the North Korean government.” In the recent years, North Korea has been linked to a few of the most high-profile, destructive cyber attacks that includes a $101 million theft from Bangladesh’s Central Bank in the year 2016, an attack on movie studio – Sony Pictures in 2014 and several disruptions to its neighbor South Korea’s systems. These hackers also have been accused of being the mind behind Wannacry Ransomware attack in May 2017 that caused a terrible loss to hundreds and thousands of computers across the world.

The North Korean cyber attacks have been making headlines for quite some time. However, the countries that are capable of doing so are constantly tracking, watching and spying on the capabilities of other countries. They usually attack the countries that fall beyond its immediate borders with cyber intrusions or missiles.

Net Activity, Inc. is protecting businesses of such kind of malware attacks since 2002 and has proven the competence of its IT Managed Services at the time of cyber attacks. Secure your network and hardware system before a malware takes its control. Contact Net Activity today at 216-503-5150 to learn how to protect your business from these malicious attacks.

Source http://www.netactivity.us/blog/us-governments-revelations-against-north-korea-cyber-attacks/

Is Ransomware a Threat to Enterprise Back-ups?

Recently, in May 2017 a ransomware named WannaCry was the matter of discussion among many organizations. The considerable damage WannaCry made to some of the corporate giants was constantly in the news and organizations were horrified due to the extensive loss in data. However, interestingly it didn’t take much time for the organizations to recover the lost data back from back-ups. Although this is a good thing, it may be an alarming situation if the enterprises are slowly adapting to ransomware, it is surely going to target advanced backup strategies.

Ransomware_33825560661-1

How could ransomware target system backups?

When the user attempts to hold data located at the target for ransom, it can be difficult for the target to restore it from the backup. Most of the home users and municipal corporations don’t invest heavily on data backup and recovery systems and rely on the basic, built-in protection for their computers, laptops, and servers. This basic system, known as Windows Volume Shadow Copy is present in the editions since Server 2003 and XP and stores pictures of the files on an endpoint. As it is commonly used by home users as well as small businesses, the ransomware such as WannaCry have tools to delete it.

Ransomware like Locky, WannaCry, Cryptolocker, and CryptXXX are capable of deleting the volume shadow copies with the help of strings in command line. This is probably the reason why some ransomware variants failed to make much profit as most enterprises use more robust protections than just shadow copies. WannaCry hit enterprises rather than attacking small businesses or home users and as a result global companies with thousands of employees fell victim to its attack. Within an enterprise, data backup adoption is at extremely high levels while cloud backup and recovery comprise a high percentage of cloud-based investments. Companies have the best potential to overcome a ransomware attack by restoring from backup.

Conclusively, with a malware like WannaCry, it’s proven by the ransomware authors they can attack enterprises. However, they don’t have a persistent mechanism. Additionally, the enterprise backups are too robust to cause much damage as they are capable of retrieving data from backups within a day at most. Although the enterprise backup systems are sufficiently secured, there’s something really to worry about as hackers intelligently innovate ways to overcome these technical obstacles. So, companies must be prepared with the possibility of ransomware attacking their backups for encryption or deletion.

Visit http://www.netactivity.us/wannacry-ransomware-latest-hack-explained-and-prevention-tips for more details about how Net Activity, Inc. is helping organizations stay protected from the malicious malware attacks.

Source – http://www.netactivity.us/blog/is-ransomware-a-threat-to-enterprise-back-ups/

Sophos Security Equipment – Security Made Simple

Choosing from the many brands of Unified Threat Management (UTM) is a tough task pertaining to the fact that many competitive companies have set their foothold on the market. The decision making process has become more difficult with overwhelming options available out there. To narrow down your quest for network security equipment, here is a proven technology that’s relied upon by many users for managing their IT security in a cost-efficient manner – Sophos.

Sophos Technologies, an international network security appliances provider features unified threat management appliances that offer user identity-based network security. Providing extensive security to individuals, it offers high-end security to organizations on a larger scale.

protection-symbol-on-computer-screen

However, before deciding on a UTM provider, you must consider the following parameters:

Intrusion prevention

The UTM provider must be capable of identifying malicious activity and log pertinent information about any fraudulent activity. The Sophos Security equipment performs the intrusion prevention that is a to menace entities and prevent their access. It bounces back intruders even before they enter your system and cause further damage.

Anti-Virus scanning

With the emergence of various kinds of malware, ransomware, backdoors, malicious LSPs, Trojans, etc. the role of anti-viruses expanded to implementing strategies to protect the PCs from other computer threats such as malicious and infected URLs, phishing attacks, electronic spamming, and advanced persistent threats.

Bandwidth adjusting

The UTM provider must detect the tempering of your internet service by an ISP. Sophos abates the traffic coming to a network to avoid congestion and allows intersections to perform smoothly.

Data loss prevention

Data loss prevention is a strategy that is used to prevent sending critical data across in a corporate network, accidently or maliciously. Your unified threat management provider should ensure NDA (non-disclosure agreement) that is capable of protecting proprietary information or any type of trade secrets.

Reporting

Many UTMs create reports that show how your network is being used. The implementation of reports involves extracting, transforming, and loading procedure (ETL). Reporting is very important for knowledge administration and business intelligence.Sophos tracks and stores all the information and facilitates easy retrieval.

Call us at 888-545-5346 to know more details or visit http://www.netactivity.us/services/it-managed-services to browse through our IT managed service offerings.

Source – http://www.netactivity.us/blog/sophos-security-equipment-security-made-simple/

Beware of PC Registry Cleaners: Are They Safe?

Windows registry is a repository which collects massive data about your computer as it practically records everything that is performed on Windows. It is literally a cluttered space as Windows, by itself is not capable of cleaning the system efficiently as it’s always busy in creating new entries. Even though you uninstall a program or application, it leaves some unneeded pointers in the registry and thus slows down your system.

PC Registry CLener

To resolve this issue, many PC registry cleaners are marketed to the users with the claim that they would speed up the computer system making it function better. However, before making your decision to purchase or install a free PC cleaner on your computer system because above all claims they make everything depends on the condition of your registry and the effectiveness of the registry cleaner that you select. Another thing to be considered is that registry cleaners usually delete things from the registry. While most of the times it is safe, there are times when registry cleaners caused serious problems to the computers and their data.

Though most of the modern PC registry cleaners feature built-in methods to reverse changes when things go against expectations, it is not recommended to invest in an advertised PC cleaning system. Being diligent while making your choice is the first step towards protecting your system from unwanted attacks. Also, remember to back up your registry before letting the cleaner to remove or delete entries. Doing this would save you even if the registry cleaner doesn’t have an ‘undo’ option, you can use the backed up registry file to restore it back.

One more important thing to be highlighted is that registry cleaners do not speed up the computers and so, you do not need to run them regularly. Hackers are talented enough to compromise the quality of the wide range of PC cleaning software as happened with CCleaner software in August and September wherein malicious hackers had illegally modified the version 5.33 of CCleaner software which was available for download for about a month.

Your computer data is precious and we, at Net Activity, Inc. recommend you not to install any PC registry cleaners without proper survey of their history. Also, think twice before going for cleaners that invest huge amounts on marketing and advertisements as they are no good.

Source – http://www.netactivity.us/blog/beware-of-pc-registry-cleaners-are-they-safe/