Managing Your Own Security With 2FA and Passwords

by Leave a Comment

I received an email from a client requesting help regarding a form his bank sent him to fill out because his bank detected a fraudulent attempt to access his account. They explained that the IP address of the failed attempt, which used his actual username, was located in Miami, Florida. My client lives in a town in Nassau County on Long Island.

It took a while before my client realized he had been locked out of his account for safety’s sake because of the fraudulent attempt. I get that. In a “normal world,” you’d ask that the password for the account be reset, you’d provide a new password, and you’d be back to online banking. But not with this bank. Nope, they wanted more — much more! They asked my client to acknowledge having taken one of the following options:

The hard drive of each computer was wiped clean and the operating system, as well as any software the Client utilizes was reinstalled. Thereafter, a scan utilizing proven effective anti-malware/anti-virus software was run on each of Client’s computers and no virus or other malicious software was found. [or]

Each computer was replaced with a cleaned computer. A scan utilizing proven effective anti-malware/anti-virus software was run on each of Client’s replacement computers and no virus or other malicious software was found. [or]

Client will access [bank name redacted] from a different computer/device and a scan utilizing proven effective anti-malware/anti-virus software was run on the computer and no virus or other malicious software was found.

The paragraph appearing before these options contained jargon that implied the computer itself had been compromised, thus warranting these extreme measures. But here’s the thing: that wasn’t the case here, and there isn’t any way to accurately determine when – or even if – this computer was the reason someone attempted to access the account.

I’ve written for years that name, email, and password information is readily available to anyone who wants it for nefarious means. Vast troves of data are inexpensive and they can pay off significantly if used maliciously. Anyone can go to https://haveibeenpwned.com to see if their email address is out in the wild. I found this client’s email address was in six data breaches.

With billions (yes with a “b”) of email addresses and passwords that can easily be cracked, less than honorable people miscreants then try to see if they can find other accounts that use the same credentials. Because, after all, most of us are creatures of habit (i.e., lazy) and don’t want to keep track of lots of different passwords.

After several discussions, I learned that my client used a specific construct for a username and password on different sites. It was an easy construct, something like joebob1823. While easily remembered, it is an awful security measure. How many sites was this used as a username? I didn’t ask. How many sites was this used as a password? Again, I don’t know. But if it was more than one, it was way too many.

Why? Because his email is associated with joebob1823, and joebob1823 is associated with a password for one of the compromised websites. Now, go to LinkedIn and see if this works to gain access to his account. Then go to Instagram, and Facebook, and all the social media sites. Next, try some common banks, like Citibank, Chase, or Wells Fargo. Then go after brokerage accounts, like Charles Schwab or Fidelity Investments. You see where this is heading. To a group of bad actors with nearly unlimited computing resources, this is child’s play. They set up scripts to run multiple iterations at various sites until they either gain access or the site stops them because of repeated violations.

What could help this client the most? That would be if his bank offered two-factor authentication (commonly referred to as 2FA). I explained it to him as follows:

You go to your bank’s website, supply your credentials, your username, and password, and click Enter or Next. Then, you must enter a code to continue. The bank can generate that code in several ways. For example, the back will call the phone number associated with your account, and an automated voice recites the numbers, one at a time. Or you can get an email sent to the email address associated with your account. You can then copy and paste that number into the field. Or you can use an app on your phone, such as the Google Authenticator. This app generates a series of random numbers every 45 seconds. Enter that number into the field, and you gain access to your account. The primary reason as to why this is a reasonably successful security measure is that this second form of confirmation is yours and yours alone.
Now there are known ways of spoofing every single one of those 2FA mechanisms. But they require more effort than most bad actors will use to hack an individual’s account. And using 2FA is much better than not having it. Surprisingly, my client’s bank does use 2FA, but it is not required. I am particularly livid about that when you consider what they want him to do to his computer because of the fraud attempt.

What else could help this client? The use of more sophisticated passwords. joebob1823 is not a rigorous or strong password. Using the University of Illinois at Chicago’s Password strength test (https://www.uic.edu/apps/strong-password/), it merits a complexity score of “Good” (although I disagree with that). There are many indicators on the results list that are red or yellow.

I suggested that he use a more complex formula to create a password, essentially using a phrase. For example, he has an adorable dog whose name is Lizzy. So, he could make a more complex password from the words, “Lizzy is a cute dog.” With minimal effort, this becomes Li##yI$@Cut3D06. Checking the complexity score, this received a “Very Strong” rating, and it only picks up some nits for repeating characters and numbers. But a simple dictionary attack is not going to discover this. And if it is used at only one website, then the likelihood of its being compromised is lowered exponentially.

Oh, and before you ask, yes, you can write these down if you are at home. Some of you may ask why I don’t recommend using a third-party product to keep track of passwords. That’s because I have yet to find one that has a sure-fire mechanism of preventing access to your account information if their database is breached.

Takeaway: Ask your financial institutions how to set up 2FA on your accounts, and start to use more sophisticated passwords everywhere.

Thanks, and safe computing!

From Trusted IT Provider to Fired (and Sued) “Computer Guy”

by Leave a Comment

I read an interesting article on NorthJersey.com in early April. The borough of Englewood Cliffs is suing its former IT company, claiming the owner failed to handle archived emails properly when it moved to the cloud. The borough started working with the IT company in 2012, but it seems some things were not handled properly after ten years.
Aside from the missing emails, the IT company was accused of negligence regarding the police department’s network security. The suit also accused the IT company of permitting old computers, and running obsolete software in the municipal building and the police department.

The borough has a new IT provider, having fired the old one in February 2021. After I read the article, I went to the old IT company’s website. I guess the owner didn’t want any further contact with the outside world while this lawsuit plays out because it no longer appears.

The situation that has the mayor upset is missing emails from three town council members from a specific time in 2019 when there was some rancorous debate about the 700 Sylvan Avenue property (Unilever’s building). But how can that be? There should have been back-ups from that time still available if the IT company used “infinite retention,” which is what I would have done for a borough and mayor that has proven to be highly litigious. And if those backups weren’t available, there should have been the email server’s stand-alone backup before the migration to Office 365. Either one would be able to provide any (or all the) missing correspondence. Of course, if the IT company didn’t use a trusted third-party vendor to perform the migration (there are less than a handful who are truly skilled at this), then I guess…

Because reputation is everything in this business, I don’t know how the IT company’s other clients will react to the lawsuit. I know that simply trying to explain the circumstances – if he’s even allowed to – will occupy the owner’s time for months, or possibly years, to come. Now, if any of those clients need someone to take a second look at their network and computer systems, I stand ready to see what is – or isn’t – being done to provide the best, most affordable monitoring, security, and backup solutions. (I’m looking at you, the borough of Leonia, because you engaged with this IT company too.)

Flowers Are Not the Only Things That Flourish in Spring — Scams Do Too

by Leave a Comment

A home user client forwarded an email requesting that I read it and advise him about the contents.

With the subject, “Important: Don’t lose access to your email account,” the email, purportedly from AOL Broadband Member Services, contained a reminder about a change in how the parent company, Verizon Media, was going to handle data. The email urged the recipient to review the new rules and went on to warn, “otherwise you will not [sic] longer have access to new email.” The center of the email contained a bold link to “Review and agree now.”

Of course, this email was a classic phishing attempt; however, anyone would have thought that the page was a legitimate AOL page upon clicking the link. The coding behind that web page was identical to AOL’s own. The only subtle difference would happen after a person entered an email address or user name and a password.

I didn’t take my experiment any further because I could see from the website URL that this was not a valid AOL page. The address was https://aolmaildomain.weebly.com. That was the final clue that convinced me this was not a legitimate email.

Weebly is a web-hosting service that lets you develop your own website. Because it is owned by Square, the payments processing company (Heliotropic Systems uses Square), it is designed to let people build e-commerce sites quickly and easily.

It did not take me long to discover the appropriate division to submit a complaint about this particular abuser’s website. I included a brief description of the problem and sent back a copy of the original email after receiving a confirmation of my case. The good news is, less than 24 hours after receiving the request from my client, the bogus website had been removed from Weebly.

Lesson to be learned: If you think the email you received is suspicious, don’t click anything. Forward it to me for review, and I’ll let you know if it is safe to proceed or delete. Please don’t think, for one minute, that you are bothering me when you do this. I’d rather take a few moments as a precaution than to take hours (or more) later to clean up a mess.

In this case, the consequences for someone who depends on AOL for email would have been a new “silent partner,” diligently reading their emails to harvest personal information — the first step towards identity theft.

The Future of Windows for All Business, Large and Small

by Leave a Comment

In March 2019, Microsoft introduced the public preview of a new cloud-based form of the Windows Operating System. It is called Windows Virtual Desktop, or WVD. It is a desktop and application experience that runs in Microsoft’s Azure cloud. Now, after a full year of pandemic use, Microsoft has improved the overall aspects of building and maintaining the desktop for IT Solutions Providers. For those who use the desktop, that experience has been significantly overhauled as well. You wouldn’t know you are using a cloud-based virtual desktop if you didn’t click a unique icon to run it.

What does all this futuristic technology mean? Well, for one thing, by the end of this year, I hope to offer WVD as an alternative to full-fledged desktop solutions along with Azure as a server replacement. In a few years, the typical five-year desktop and seven-year sever hardware refresh may fall by the wayside for small businesses. That’s because it will no longer be about how much RAM or the version of the CPU in a physical computer. Instead, it will be about the number of IOPS (input-output operations per second) and the overall internet speed at your business location.

The primary advantage of WVD is that you can access your business desktop from any device with a web browser. The login process uses multi-factor authentication for security. You connect to your business’ Active Directory server, which contains your user profile information. You get access to the full range of Office applications via Microsoft 365 and standard desktop applications like Adobe Reader and even QuickBooks.

One of the primary tasks Microsoft had to face at the start of the pandemic was to provide a “near-desktop” experience for millions of people suddenly working from home. They implemented new technology to enable fast access to user profiles via a recently purchased company called FSLogix. At sign-in, a user profile container is dynamically attached to the computing environment. The user profile is immediately available and appears on the system exactly like a typical native user profile. (In English: your desktop, files, and favorites are all there, just the way you expect.)

The one drawback to deploying all this cloud-based functionality is, the smaller the business, the higher the monthly cost per person. That’s because to use WVD, you need an Azure server — and that cost is the same whether you have two people in your office or ten. However, the monthly cost for a two-person office could be $200 per person, while at a ten-person office, that cost could go down to $50 per person. Note these figures are examples, and actual prices require careful calculation.

There is a vast educational factor involved in implementing this new technology stack. Previously, I would go to the Dell web site, configure a server with minimal specifications and have it shipped to my office for about $1,000. I would then use my Windows Server licenses (courtesy of my Microsoft partnership) to load up a base system. I’d create virtual versions of the servers and desktops to develop various end-user scenarios, implement the appropriate security settings, and thoroughly learn how things worked before deploying any of them at any client site.

Microsoft will let me do something similar with Azure and WVD. Still, it requires using their facilities to spin up the environment, build the desktops, create the simulated users, and test how everything hangs together. I am already in contact with a leading vendor that is willing to assist building the requisite cloud structures in this new format and help me price and deploy environments to clients. I would much rather work with a Sherpa to climb a mountain like this than do it on my own.

Over time, I envision many small business owners who want to keep their staff working from home will switch to using WVD to provide Windows desktops in those remote locations.

Lessons Learned

by Leave a Comment

In the evening during the last few weeks of a rapidly fading 2020, I sought some mindless solace watching the Discovery Network programs “Holmes on Homes” and “Holmes Inspection.” (Some of you may recall my writing about these shows in the Spring 2011 edition.) For those of you who are unfamiliar with this unique reality-show creation, I provide the following synopsis.

Mike Holmes is a licensed building contractor based in Canada. Over the years, he worked on numerous projects that increased his ire at the shoddy workmanship of Ottawa-based buildings, contractors, and home inspectors. He developed a TV series where he would work with victimized homeowners, review their problems, propose solutions, and, in his trademark phrase, “Make Things Right.”

Simply put, Mike Holmes is an entrepreneur. He developed a unique selling proposition, found a way to identify pain points common to the people in that niche, and provided a means to solve those problems. Similarly, I view a large aspect of my work at Heliotropic Systems in the same way.
Over the past ten years, I have met small business owners with computer systems that they purchased and supported on their own, some who have been helped by Staples or Best Buy employees, or (in rare instances) other IT solutions providers. Invariably the number of computer problems these business owners experience reaches a point where they cannot function properly, or they realize they require more experienced assistance. As a result, I get a call for help.

And yet, there are some calls for help that never result in an ongoing relationship. Looking back, I can recall one specific instance where the business owner was not interested in obtaining the requisite support needed to make their life – and their business – better. Mike Holmes only shows the successes on his TV programs, not the failures (although that might make for an exciting show on its own). But sometimes it is important for me to point out where I have dropped the ball – because that’s when I learn about how to be better.

In this case, a provider of health care solutions for older adults asked me about an anti-malware solution. I informed him that my answer to his question depended on whether he was using the consumer version or the business edition. He didn’t know which version he used, so we arranged for me to visit his office to conduct a network survey so that I could answer properly.

When I arrived, he explained how he had set up his office and his computers. He explained that the software he and his staff used was cloud-based. He showed me one of the computers and listed the software. He was certain everything was okay because he and his team had experienced very few problems.

What I saw was vastly different. Here was the owner of a healthcare-related business, which meant he was supposed to follow HIPAA guidelines. I started by asking about the results of his HIPAA Risk Assessment (the first step required for compliance) and his internal documentation. I learned he didn’t do the assessment and didn’t have any documentation. His network did not have a firewall. His computers ran the Home edition of Windows 7 and Windows 10, not the Professional version on which settings needed to be established for HIPAA compliance. His security software was a consumer version, as was his anti-malware software. He did not backup the files stored on the computers that were not associated with his cloud-based product. The computer hard drives were not encrypted (nor could they be on the Home version of Windows). In other words, his situation was a hot mess.

When I presented my findings to him a few days later – and spoke of what it would take to become compliant – I realized when his jaw dropped that I had failed in a significant way. You see, in the initial meeting, when I saw all those “red alerts” around the office, I got distracted and immediately slipped into my “tech support red shirt” mode. I neglected to take the time to ask him what his current and expected IT budget was. As it turned out, he didn’t even have an IT budget. Like the omnipresent Liberty Mutual commercials (as I said, I was watching a lot of TV), “he only paid for what he needed.” So, he couldn’t begin to fathom the amount of money I was proposing to upgrade this office’s computer network — an effort I call “technology stabilization.” Nor could he envision an ongoing, monthly expense to maintain that heightened managed security posture. And he certainly wasn’t willing to step up his game to comply with all necessary HIPAA regulations.

I tried – over the next year – to convince him that paying a HIPAA violation fine to the Office of Civil Rights (OCR) would be far more expensive than doing the right thing. But he had safely stayed beneath the radar for so long that he felt comfortable “saving money” by not doing anything. Eventually, I stopped sending him further entreaties to help him out.

What lessons did I learn from this experience? I always ask a prospect what their IT budget is, and what they think it should be. I always make sure to set appropriate levels of expectation afterward. I always follow my checklists faithfully so as not to forget important steps. I always aim to learn if a business owner places a high value on having reliable processes and procedures to manage their network and computers. The last thing I need is to have a constant fight each time I introduce a new feature to protect a business. And I always aim to “Make Things Right,” just like Mike Holmes.

Adobe Lays Flash to Rest

by Leave a Comment

On December 8, 2020, Adobe announced the following: “Adobe will no longer support Flash Player after December 31, 2020, and Adobe will block Flash content from running in Flash Player beginning January 12, 2021.”

So, that’s “all she wrote” for an application that lasted 24 years. But the end was not unexpected. In mid-2017, Adobe announced it would retire Flash from support and halt distribution of the application by the end of 2020.

The primary browser makers — Apple, Google, Microsoft, and Mozilla — also embarked on their own roadmaps for Flash Player’s end. Because the vast bulk of Flash content was created for websites and run in web browsers, those four developers’ plans carry enormous weight.

Here are how those browser makers will wrap up Flash — if they haven’t already done so — in the coming weeks.

Google Chrome

Google has stated that as of January 2021, “Flash Player will be marked as out of date and will be blocked from loading” in Chrome.

Edge and Internet Explorer

Because Microsoft’s Edge now relies on the same base code as Chrome, and Internet Explorer (IE) is maintained only as a legacy last resort for businesses, the Redmond developer’s path toward Flash finality is complicated.

Microsoft plans to purge Flash from Windows and will offer the uninstall-Flash update via Windows Update as an “optional” download in early 2021. The status will change to “recommended” a few months later.

During the summer of 2021, Microsoft will eliminate the remaining evidence of Flash support from the original version of Edge and IE.

Firefox

Mozilla has taken a straight-forward approach to vanquish Flash. Firefox 84, which was due to be shipped on December 15, 2020, will be the final version to support Flash. Firefox 85, slated for release on January 26, 2021, will arrive without Flash support.

Safari

Safari 14, the 2020 refresh that was bundled with the macOS 11 (“Big Sur”) upgrade in November, and offered in late September as an update to users running the earlier Catalina and Mojave versions of macOS, lacks any capability to run Flash content.

What Does This Mean For You?

With the Adobe Flash Player removed from your browser, you can expect some ads not to function properly, some games will not operate as you expect, and some websites will not display content (either properly or at all).

Please note: There is nothing you can do about it.

Every website owner has known for years this change was coming. It was their responsibility to create an alternative method of providing their advertising, games, and web content. If one of your favorite websites is not displaying content — or otherwise not appearing properly, you can locate their Contact Us section and send them a note. How responsive website owners will be after the fact is questionable. I have a feeling several will be scurrying to learn how to code in HTML5, the replacement method that has been available for almost six years.

How You Can Fix a Windows 10 Black Screen Problem

by Leave a Comment

The “black screen” problem in Windows 10 shows how nothing sometimes matters quite a lot. Seeing nothing except a black screen where the desktop and its icons usually appear is disconcerting because you don’t know what the computer is — or isn’t — doing.

I am an experienced Windows user, and when I encounter a black screen, I know at least two things immediately. First, just like you, I know that something is wrong with my computer. And second, because nothing is visible, I can assume something is not quite right with the graphics interface and the operating system.

As a start, that may be enough, but what most of you want is to get your desktop back. In this article, I’ll guide you through the methods I’ve found to fix this annoying problem.

Occasionally, you’ll start Windows and end up with what’s called a “black screen with a cursor.” Just as it sounds, this means the display is entirely black, except that the mouse cursor appears on that black background. The cursor might track your mouse’s movement even though it’s moving over a completely black screen.

In my personal experience, the black screen with a cursor occurs far more frequently than a black screen by itself (no cursor). The presence of a cursor that responds to your mouse’s movement is a good sign — even in the midst of a bad situation. It indicates that Windows is still working (partially) behind the scenes, and that the mouse driver can still track the cursor position on the screen. This means there’s an excellent chance that the desktop can be restored to regular operation using a few well-known key combinations.

Two keyboard combinations can (usually) restore normal operations

Both combinations involve pressing multiple keys simultaneously. This means using one finger to press the first key and holding it down, using a second finger to press the second key and doing likewise, then more of the same for a third key — and one of these two combinations requires adding a fourth and final key as well.

Attempt 1: Restart the graphics driver

This four-key combination tells Windows 10 to stop, then restart any graphics drivers that happen to be running. For your first attempt, do this: Windows key + Ctrl + Shift + B. I usually do the first three keys with my left hand, then press the letter B with my right index finger.

If you see the rapid flashing of the disk activity light, that’s a good sign. Sometimes the screen will return to regular operation a few seconds later, showing that the driver has reloaded and is now running successfully. Sometimes, nothing else will happen after the disk activity light stops flashing, so it is on to the second attempt.

Attempt 2: The three-fingered salute

This is a familiar key combo to anyone who has used Windows for a long time: Ctrl + Alt + Delete.

Even when the first attempt gets the graphics driver going, it still won’t light up the screen. And sometimes, when that’s the case, this key sequence will repaint the screen to show you the secure log-in options. If that screen does appear, click “Cancel,” and your desktop should reappear.

Attempt 3: Forced restart

If the cursor is absent, these key combos often won’t help (and sometimes they don’t help even when the cursor is present). In those cases, there’s only one thing to do next: forcibly turn off your computer. This means holding down the power button – for at least the count of 10 – until the device completely shuts down.

After a moment, press the power button again to turn on your computer. It should typically start with no black screen. If the screen remains black after you’ve gone through these steps, you need to call me!

Nobody wants to see a black screen on Windows 10

If you ever encounter this disturbing situation, you now have a pretty good idea of how to fix it yourself. In most cases, reloading the graphics driver or restarting the computer will do the trick. In other cases, there’s no choice except to let me know so that I can work through some of the more advanced troubleshooting sequences.

Anatomy of a Ransomware Attack

by Leave a Comment

I don’t know how technologically inclined you are, so I will ask this simple, rhetorical question: What is ransomware?

The answer is: Ransomware is a form of cyber-attack in which criminals take control of your computer’s files and block access to them until you pay a fee to release them.

Cybercriminals gain control of your files by placing malicious software on your computer. They can accomplish this goal in several ways; however, these are the two most common methods:

  • You open an attachment in an email, either a Microsoft Word document or an Adobe PDF file that contains a worm or a Trojan.
  • You click on a link in an email.

Here’s a summary of what happens next.

Once the malicious software is downloaded to your computer, one element will contact a “command and control” server on the internet to obtain a unique key. Another element then executes and uses that key to encrypt your files. To accomplish that task, it takes the contents of your files and turns each one into a mass of numbers and letters that your computer’s programs cannot read. After all that mayhem is complete, one of the rogue software elements sends a confirmation to the cybercriminal.

In some cases, before your files are encrypted, the cybercriminals will copy them to the internet. Part of the extortion message you receive may include a statement that they will release your confidential information to the public. This message is designed to be an added incentive to make you pay “full freight” to get the decryption key. In some reported instances, victims have been known to bargain for a lower fee and have successfully reduced the amount of the ransom.

How Does All This Happen?

Two of the main components that allow ransomware to run wild are Emotet and Trickbot.

Emotet is malicious software that is categorized as a Trojan, which means it appears as something innocuous; however, it carries an undesirable harmful payload. Initially, it was designed to steal banking credentials. Later iterations added features including money transfer and evasive functions.

Emotet arrives primarily in phishing attacks via emails that contain malicious links or Microsoft Word files that contain macros.

Once Emotet is on a computer, it attempts to establish persistence on the computer and then propagates through the local network via spreader modules. When it is activated, it will connect to the command and control server to report a new infection. It receives configuration data, downloads and runs files, receives instructions, and then uploads the requested data to the command and control server. The instructions it receives can launch other forms of malware based on the criminals’ intent and goals.

The fact that Emotet is easily released on an unsuspecting victim makes it a very serious threat. Bad actors can send a phishing email to millions of email accounts. Probability theory dictates that someone, somewhere, will click on the link or download the file and thus become infected. For any business – large or small – all it takes is one email to reach its target, and all the computers in the company could become compromised.

The Cybersecurity & Infrastructure Security Agency (CISA) reports that Emotet “can evade typical signature-based detection.” It is virtual machine aware and “can generate false indicators if in a virtual environment.” This means that the typical “sandbox” features used by some advanced security software may not be able to identify it.

Trickbot is another Trojan that uses various modules to attack a computer. These attacks include obtaining banking credentials and exfiltrating data.
The primary way in which Trickbot establishes persistence is by creating a scheduled task that runs with System privileges. The task is set to run at startup and repeatedly after that. The malware extracts and executes its code before contacting the command and control server. Trickbot’s program contains an initial encrypted list of servers to contact. Once a connection is established, it receives an updated list, and those servers have various modules and configuration files.

After it has started, Trickbot will steal passwords, steal email information, deploy web injections, and spread to other devices on the network.

What Does This Mean To You?

By now, I’m sure your eyes are glazing over, and you are wondering why I am subjecting you to this discourse.

We live in a world of coronavirus now, and unfortunately, the threat and associated risk of COVID-19 is everywhere — and equally, unfortunately, it is not going away any time soon. Cybercriminals will soon be counting on the turmoil and rampant misinformation about vaccines to lure the unwary into dangerous territory.

Wearing a mask, keeping your distance, and washing your hands will help lower your risk of getting the virus. For similar reasons, if you receive an email with an attachment, especially from someone you don’t know, you must always exercise caution!

The steps these malicious programs take on your computer occur extraordinarily fast — usually in less than a minute. You may not know that something terrible has happened until you see the ransom demand on your desktop.

It is because of programs like Emotet and Trickbot, along with others, that you must make sure you use next-generation advanced endpoint solutions to protect your computers and networks.

School and Cyber Protection

by Leave a Comment

This article is an expanded version of the “2 minute tech talk” I gave to the Fort Lee Regional Chamber of Commerce on September 16, 2020.

I spend time each day reading technology publications, newsletters, and Google Alerts about data breaches and cybersecurity. I do this because it is my responsibility as a Technology Solutions Provider. Based on recent trends, I believe that the general public is not aware that the COVID-19 pandemic has created a unique environment for attackers.

Every business sector faces the problem of how to define the appropriate level of cybersecurity. A significant challenge for businesses is that they have most of their staff working from home for the first time. Their traditional approach was to keep untrusted devices off their networks. With that premise upended, business owners must now contend with a new wave of threats from unpatched home computers running on unsecured home networks.

Cybercriminals invariably seek to exploit vulnerabilities of institutions. Unfortunately, many school districts are unprepared for this new challenge and are potential victims. On top of dealing with everyday issues like cyberbullying and sexting, the education sector faces some unique challenges.

First, it is a leading target for attackers. According to Microsoft Security Intelligence, the education sector accounted for 60 percent of all reported enterprise malware in the past 30 days. Since September 1st, a half-dozen schools have experienced ransomware attacks, including the Somerset Hills school district here in New Jersey.

Second, the education sector frequently uses older systems, and one of the most significant vulnerabilities is the continued use of Windows 7. Microsoft ended support for this operating system in January, which means it is no longer issuing patches for new security vulnerabilities. According to a study released in the spring, roughly 10 percent of the nation’s schools are still using Windows 7 computers. Many students may be using these older machines at home because it is common for children to be using older, hand-me-down devices.

States and school districts need to dedicate money and resources to ensure students can learn in a secure environment. However, financing the requisite level of security is problematic. Governor Murphy initially slated increased funding in the 2020 – 2021 budget but had to revise that downward after the pandemic began. For example, the Fort Lee school district’s budget was pared down by $352 million.

I hope learning about cybersecurity will eventually become part of the K-12 curriculum. That will require new coursework and additional funding. It would behoove the state to invest in more training and support for teachers, staff, and students to learn and practice good cyber hygiene to keep everyone safe.

If you are unsure how your school is implementing security measures to protect their students, contact the district office and ask. But keep in mind, there are two sides to the remote learning equation: The school’s and yours.

Here are five steps you can take to improve the security posture of children attending K-12 via distance learning.

  1. Make sure you are using an updated Windows 10 computer, an Apple computer running Catalina, or a Google Chromebook.
  2. Windows computers should not use a free internet security product because it will not protect your computer from most malicious attacks.
  3. Make sure your home Wi-Fi network router has the latest firmware update, that you use encrypted protocols, and that you employ a complex password.
  4. Check for router firmware updates twice a year (just like you test your smoke detectors when we enter and leave Daylight Savings Time), and change your password each time you update it.
  5. Ensure that your home network has a secure connection to the school district’s resources, preferably through a VPN.

Note that these are also useful practices for anyone who is working remotely from their office.

Thanks, and safe computing!

An Analysis of SonicWall’s Mid-year 2020 Threat Update Report

by Leave a Comment

SonicWall, a leading perimeter security vendor, issued a mid-year update to its annual threat report in July. Amid the global disruption caused by the coronavirus pandemic some threat trends are surprising:

  • The number of malware attacks is down by 33%.
  • The instances of ransomware are up globally by 20%, but over 100% in the US.
  • Office files (Word, Excel, and PDF) continue to be used primarily for malicious intent.

There was a huge spike of IoT malware — up as much as 50%.
Also noted, but not at all surprising: Cybercriminals are increasingly targeting the large number of employees who are working from home.

Cybercrime has increased since the start of the pandemic, and the latest targets now include medical facilities, hospitals, and research labs. These focused attacks have two purposes: First, to disrupt normal business and day-to-day activity; second, to obtain research data related to potential vaccines and coronavirus solutions. Nation states – most likely China, Russia, and North Korea – are very interested in obtaining intellectual property. Based on these attacks, it appears to be far easier for these cybercriminals to steal someone else’s work than to do their own.

New, never-before-seen malware variants found in the first half of 2020 increased by more than 60%. This occurred despite the overall decline in the number of malware attacks. From this, we surmise cybercriminals are experimenting to see what version can effectively get through normal defenses.

In the first half of 2020, Office files and PDFs comprised one third of all new malicious files. One of the key takeaways from the analysis of these files is that “threats are becoming more evasive and more nefarious.”

However, ransomware is on the rise. By way of contrast, global ransomware rose 15% in all of 2019. In the first half of this year, despite a global pandemic that constrained most business activity in the second quarter, it is up 20%.

The report notes a very strong correlation between where the coronavirus hit and when ransomware attacks occurred. Looking closely at the numbers, I believe this trend will continue, and the United States is going to experience more cybercrime during the next few months until the rest of the country (particularly the South and West) reduce the number of infections.

One of the scariest aspects of these recent attacks is summarized as follows:

“To make matters worse, many ransomware operators have taken to selling or otherwise releasing company data if the organization refuses to or cannot pay.

“Even for companies that cooperate with the criminals’ demands, the trouble often doesn’t stop when the ransom is paid. Many organizations pay the ransoms, only to find their files are irretrievably corrupted or have been wiped out altogether. Ransomware attacks are so devastating that they’ve forced a number of companies out of business.”

Here is an analogy to put that in perspective. A stranger breaks into your house, steals some of your belongings, and contacts you, offering to sell them back. You agree, and after the items are returned, you find they are damaged beyond repair. Worse, some of the personal documents you kept in your desk drawer have been published on the internet so that everyone can see your financial position. You, as an individual, would be mortified. When this happens to a small business, the consequences are enormous.

In terms of IoT – devices that connect to the internet to provide various services – the first six months of 2020 saw twice the number of attacks as 2019. The report forecasts that the end of the year may show numbers surpassing the combined values of 2018 and 2019.

In the consumer space, IoT devices include: Amazon Echo, Nest smoke alarm, Ring doorbell, various home security systems, smart TVs, and even smart refrigerators. http://iotlineup.com has an extensive list.

In the business environment, IoT devices include: smart locks, smart video cameras, and smart lights and energy management. These components comprise all the security elements of typical building management functions.

What’s the motivation of cybercriminals to attack these devices? They are looking for a “back door” into networks with lower chances of detection so they can deploy other forms of malicious software to compromise the computers on that network. It is essential for both the IoT device manufacturers and people who use them to insist that security considerations should be top of mind for all new devices (older ones are unlikely to be retrofitted).

I don’t think have made any mention of Coinhive in recent editions because I knew it had been shut down in early 2019. But just to recap: Coinhive was a cryptocurrency mining service that installed software in a computer’s web browser to exploit that computer’s resources to mine bits of the cybercurrency, Monero.

In 2020, as if there wasn’t enough anguish, there is a replacement called XMRig, another Monero cryptominer. In June, the US Cybersecurity and Infrastructure Security Agency (CISA) announced that XMRig was among the three signatures that make up 90% of potential threats.

So, there you have it. From SonicWall’s perspective, we were not even half-way through the year and things were already looking pretty dicey from a security standpoint. There is general consensus among security companies that attacks will only increase, and as the coronavirus continues to beat down United States businesses, along with the disruption from the upcoming presidential election, the cybercriminals are not going to stand idly by. They are going to take full advantage of the turmoil, and they will exploit it to the best of their ability.

Thanks, and safe computing!