StageFright Exploit Awareness : What You Need to Know

Standard

Screen-Shot-2015-07-27-at-10.32.45-1940x1271

Do you think sending and receiving video text is risk free? Believe it or not, it is now as easy as getting a common computer virus. There is a new exploit called ‘stagefright’ that is sent via video within a text message. The virus uses the android process named ‘libStageFright’ (which is built into every android device) to steal information. Android Central states, “the gist is that a video sent via MMS (text message) could be theoretically used as an avenue of attack through the libStageFright mechanism (thus the “Stagefright” name), which helps Android process video files. Many text messaging apps — Google’s Hangouts app was specifically mentioned — automatically process that video so it’s ready for viewing as soon as you open the message, and so the attack theoretically could happen without you even knowing it.”

Since it is exploiting a function on the device, a high number of android devices are vulnerable, but for the most part, there is a built in defense on about 95 percent of all devices as long as they are using Android Version 4.0 or higher. This protection is called ‘Address Space Layout Randomization’ and allows for software to not store its data in the same places so finding data is random. This is not a perfect fix, but does help.

Some good news is that this was not discovered by hackers so many are not exploiting it. Many large cell phone providers, such as HTC, Motorola, and Google, are working to release patches and updates to fix this vulnerability.  There are also a few free detector apps that are available on Google Play that help detect vulnerabilities. You can install the StageFright Detector App here.

If you have any questions about virus vulnerabilities, give Everon a call at 888-244-1748. We’re happy to help!

Everon & Webroot Secure Anywhere

Standard

WSA_Plain_Logo_Color

Everon’s partner, ITSupport247, is now using a new antivirus provider called Webroot Secure Anywhere.  Webroot is based out of Colorado, in fact, Webroot is so close to our call center that we can see their building from where we sit (maybe they will let us take a tour someday!). Before the switch, Everon had been reviewing various antivirus software. After extensive research, and ultimately choosing Webroot Secure Anywhere as our official antivirus, we couldn’t be happier!

The management for most antiviruses for businesses take place in a centrally managed console on a server or workstation within the network, and all machines must report to that location. The centrally managed console is then the sole connection to the outside world where it will look for definition updates to the antivirus company’s servers. In most cases, if you are not constantly reviewing the console, ensuring it is up to date and pulling the definitions over on a daily basis, you could have issues. Most consoles work decent enough to allow their agents to pull definition updates from the Internet themselves in the event that the console is unavailable, however, you still have many variables that can go wrong. Did you update your notifications properly? Do you back up the local database that manages the console?

After rebuilding a few consoles from scratch due to database failures, I realized that if an antivirus builds their console into the cloud, that would make my life so much easier, and that is exactly what Webroot does. Webroot built the centrally managed consoles right in their collocation facilities, thus taking away a potentially huge point of failure for businesses.

Webroot allows setup within minutes, as you first determine how many seats you need. This is directly proportionate to how many machines you want to be protected with the antivirus. Once you determine that, you create custom groups for your company (you don’t want the same rules to apply for your servers as you do your desktops), and then you are ready to push the product out. Webroot gives you an easy to install link that you can simply run with no login required. It is built custom to your site, and will link the machine back to your site, with all of your rules intact. Notifications are easy as well. You don’t need to set up a custom SMTP server to route notification emails through, you simply choose what you want to be notified on, put in the email addresses in the appropriate locations, and you are done!

Webroot has made antivirus management easy and Everon is proud to provide it to our client base. The antivirus is even good at protecting its resources (which to be honest is probably the first thing you should be concerned with when choosing an antivirus). PCMag rated it one of the best antiviruses of 2015. One thing that is very important in the world of antiviruses is what type of imprint it makes on the machine. Some antiviruses have GBs of files used to manage itself and its definitions, or scans take multiple hours. Webroot is a very small, very light package with hardly any imprint to a machine. Its scans are quick and efficient, and reporting back into the console happens within minutes usually.

Webroot Secure Anywhere is a great antivirus! Give our engineers a call at 1-888-244-1748 to see if Webroot and Everon would be a good fit for your company.

Staying Modern with Technology

Standard

13248-a-young-businessman-holding-a-cell-phone-pv

Technology is everywhere today: in your car, pocket, on your wrist, running your business, etc.  It is always advancing to become faster, more efficient, and cheaper.  Inevitability, these things  become obsolete and raises the question of  when or if you should upgrade.  When it comes to IT infrastructure for your business, Everon recommends a 3-5 year life-cycle.  This is especially important for the core components that drive your business such as servers, network equipment (like firewalls), and workstations.

From time to time, we run across a business that is using a 5-10 year old servers, workstations, or network equipment.  The mentality of, “if it’s not broke, why fix it?” sometimes comes into play.  When equipment that is 5+ years old does break, it is out of support/warranty meaning that you will be shelling out more money then you normally would for an emergency solution while losing money paying idle employees or affecting services that customers pay you for.  It’s a huge gamble that shouldn’t be taken lightly, which is why proactive budgeting and replacement should be done.  While most people don’t replace equipment at the 3 year mark, it’s a good trigger to plan ahead for action in year 4 or 5 which is why I like the 3-5 year lifecycle rule of thumb.

If you’re a small business owner or decision maker for one,  do you have any IT infrastructure older than 5 years?  If you don’t have a replacement plan in place, why not?  Now with that, think about how often you replace your cell phone?  Most people seem to do this every 2-3 years at most.  It’s rare you see a flip phone nowadays so why would you want the technology that is critical to your business take the back seat?

Everon recommends periodic reviews on your equipment to ensure a warranty is in place or to catch any aging equipment that slipped through.  If you need any assistance, Everon can help put together a technology assessment to see where you infrastructure stands and where it should be going.  Give us a call today!  888-244-1748 www.everonit.com

Datto vs Cryptolocker

Standard

alto2box

A few months ago, I wrote about my love for Datto (found here), but it was never more apparent than when I had to go up against the dreaded Cryptolocker virus - head to head.

Cryptolocker has become one of the most notorious pieces of malware that our generation has ever seen. The malware infiltrates a network through various means (usually through Java exploits) and immediately searches out network shares. It encrypts the files, holding them ransom until you pay a VERY hefty fee to recover them. The encryption done by Crytolocker is very secure and it is always changing.

Most recently, I dealt with a case of this virus with a client who was exposed through a Java exploit. Although our antivirus (Webroot Secure Anywhere) picked up the virus and quarantined it,  Cryptolocker found shares and went to work immediately. This caused the client’s main share to become encrypted - with over 34,000 files affected. This could have potentially become a nightmare, but because we have dealt with this before and we had the comfort of a Datto, we sprang into action!

The first step was to assess the damage and determine the culprit. We went to our main console for Webroot Secure Anywhere and found a machine that was reporting the issues. We immediately pulled that machine from the network and left it unplugged. We always wipe the host machines as a precaution. We know that in most instances we can wipe the virus from a simple scan from Webroot or Malwarebytes, however, due to Crytolocker changing the malware so frequently, we don’t like to take chances. Cryptolocker is very easy to wipe from machines, as it doesn’t put anything overly complicated on the machines to infect the network. Its devastation is done in the encryption of the files.

Once the host machine was found, we disabled the affected share from the network, and began full scans of ALL machines in the network. We wanted to ensure no other machines were infected at this time, and disconnecting the share prevents further encryption from happening. With the share disconnected, we then went through the share and gathered up all of the files with the Cryptolocker extension. Because this changes on a regular basis, you just need to identify what is being used for you. In this instance, the extension was .trslcla (they keep making the extensions weirder and weirder). Once we have identified all files encrypted in the share, we then mounted our Datto restore point, ready to move the appropriate files back over.

Because encryption was random, and covered over 34,000 files, we used another product (one of my all-time favorites) called Syncback, made by 2BrightSparks. We installed this tool on our server and pointed the source to the Datto restore and the destination to the share. Syncback allows you to compare two directories, determine the differences, and do whatever necessary to rectify those differences. We deleted all encrypted files, and then asked Syncback to tell us what was missing from the share that Datto had in place. Syncback told us the various files (which came out to being only around 18 files off of our original estimate) and we proceeded to restore the files to the share.

Because of Datto’s ease in which you can do restores, pointing to its directory and simply comparing was so quick and easy. We had the client up and running in around 3 hours from when the initial infection was identified, and the client hardly missed a day’s worth of work. This is a shining example of why I will always support the Datto product. It allowed us to take, what could have been an absolute disaster, and turn it into a huge win.

There are certainly no shortages of Crytolocker blogs that we have written in the past. See herehere and here for more information on Cryptolocker. As always, if you find suspicious files on your computer, give Everon a call at 888-244-1748 or email us at [email protected]. We’re here for you.

Samsung Galaxy Security Breach : How Users Can Reduce Their Risk

Standard
samsung galaxy phones-2

A random sampling of the popular Samsung Galaxy S4 and S6 phones, from around the Everon office.

According to reports released on June 16th, over 600 million Samsung mobile devices are vulnerable to a security risk that stems from a flaw on a pre-installed keyboard software produced by SwiftKey. If exploited, the device’s predictive text software can allow hackers to remotely access the phone’s GPS, camera, microphone, and even eavesdrop on inbound/outbound calls. Hackers can attempt to access personal data, including texts and pictures, and could install malicious applications without the user’s knowledge.

According to ABC News, Ryan Welton, a security researcher at NowSecure, discovered this flaw back in December 2014. He notified both the Samsung and Google Android Security Teams, and the U.S. Computer Emergency Readiness Team (CERT). Samsung has not publicly commented on the security flaw, but reports have stated that patches have been released to mobile network providers. Whether those providers have released those patches to devices is unknown.

Unfortunately, there’s not much Samsung Galaxy users can do to prevent this breach. The keyboard is already pre-installed on the Samsung Galaxy S4 Mini, S4, S5 and the newly released S6. This flawed application cannot be uninstalled by users. However, NowSecure, which has released a list of affected devices, states that there are a few remedies Samsung Galaxy mobile device users can take for protection:

  • Avoid insecure wi-fi networks

  • Use a different mobile device

  • Contact carriers for patch information and timing

If you’re unsure how to avoid insecure wi-fi networks, call Everon at 888-244-1748. We’ll do everything we can to help you reduce your risk.

——-

You may also like: