We'd love to hear from you

If you have an enquiry about our solutions or services then feel free to drop us a line to see how we can help.

Cyber Security


Cybercriminals Use Green Padlock Icon to Trick Victims

Cybercriminals Use Green Padlock Icon to Trick Victims

  • The green padlock icon has been associated with security for quite some time.
  • Although Google has abandoned it for its Chrome browser, the icon continues to be considered as an indicator of safety.

Criminals are exploiting this belief and branding fraudulent sites with the green padlock icon.

 

What is the green padlock icon?

The green padlock represents that the data exchanged with the website in question is encrypted.

  • Although this represents encryption, the existence of this icon does not mean that every site with this icon is secure.
  • Even when you see the icon, it is always a good practice to check the address bar for typos of legitimate websites to check if you’re accessing a phishing site or not.

What is happening?

With criminals looking for new ways to convince victims to click on phishing links, the use of the green padlock icon has shot up.

The availability of free certificate services has made this quite easy, especially during the holiday season when scams are on the high along with sales and promotional emails.

“The bad actors are getting these phishing domains and registering them. Then they are standing up phishing sites on those domains that are essentially clones of the various e-commerce sites to fool the end user into believing they’re on a legitimate e-commerce site,” say security experts.

How you can stay safe

Companies and individuals must do their part to stay protected from this type of fraud.

  • For individuals, the most basic thing to do would be to avoid clicking on suspicious links, especially those that seem too good to be true.
  • Organizations can add a layer of security by scanning for suspicious domains and filtering them out before the employees have a chance to access them.
  • Researchers also recommend monitoring the behavior of password managers. If they refuse to provide saved credentials for sites, this may be an indication of the site not being legitimate.

 

We’re Urban Network, we can help save your Business.

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in boosting productivity. Ensuring we aid our clients with employing the best & most appropriate practices, procedures and tools to increase efficiency in the workplace.

If you have any concerns or challenges with your technology generally, we would like to hear from you. Please contact the team today.

 

News Source: https://cyware.com/news/cybercriminals-use-green-padlock-icon-to-trick-victims-ba277e9b

 

Password-stealing hacking campaign is targeting governments around the world

Password-stealing hacking campaign is targeting governments around the world

A mysterious new phishing campaign is targeting government departments and related business services around the world in cyberattacks that aim to steal the login credentials from victims.

In total, the phishing attacks have targeted at least 22 different potential victim organisations in countries including the United States, Canada, China, Australia, Sweden and more. All of the attacks involve emails claiming to be related to the targeted government agencies and all of them attempt to trick victims into clicking an email link that asks for their username and password.

Anyone who enters their login credentials into the spoofed government agency websites will give cyber criminals access to their account.

 

The campaign has been discovered and detailed by cybersecurity researchers at Anomali; but while it’s clear a lot of work has gone into what researchers describe as a ‘persistent’ campaign, it’s unclear who is behind the attacks or what their ultimate motivations are. It could be an effort to conduct corporate espionage.

“It could be that the adversaries are trying to gain access to potential bidders to undercut the competition or to compromise government suppliers for more long-term gain,” Sara Moore, cyber-threat intelligence analyst at Anomali, told ZDNet.

The majority of the attacks focus on government departments, but a small percentage also target procurement and logistics firms related to the targets.

The country in which the largest number of these attacks have been seen is the United States with the U.S. Department of Energy, U.S. Department of Commerce and U.S. Department of Veterans Affairs among those targeted.

Those behind the attacks have been careful to create unique lures for each of their targets, using phishing emails containing a lure document purporting to be related to bidding and procurement activity of the department. In each case, the phishing email is written in the native language of the target department’s country.

For example, a phishing email targeting the U.S. Department of Commerce claims to contain information related to bidding on commercial products and services, with the target encouraged to open a lure document. The document contains an embedded link, which the target is encouraged to click through to – and it’s this that leads to one of the phishing websites.

Like the email and document lures, the phishing website is designed to look like the real one used by the agency or company that’s being targeted. These websites have legitimate names, information and documents used by the target in an effort to appear more authentic and avoid suspicion by the user.

While it isn’t known what sort of cyber-criminal operation is behind the spoofed websites and associated phishing campaigns, the domains are being hosted in Turkey and Romania. However, although that location doesn’t reveal who could be behind the attacks – because the attackers could set up phishing sites from any county in the world and could use any country to host the domains. During Anomali’s investigation, a total of 62 domains and 122 phishing websites were uncovered.

 

Researchers have notified the relevant CERTs (Computer Emergency Response Teams), informing them about the attacks – although it’s currently unknown if the attackers have managed to make away with any stolen credentials.

However, there are things that organisations in all sectors can do in an effort to protect themselves from this campaign or any other phishing attack.

“Organisations should make sure they have access to threat intelligence and research that provides details about the existence of these types of attacks. They should have the ability to integrate intelligence and research into their security infrastructures to enable detection, blocking, and response,” said Moore.

“Security-awareness training that teaches employees how to spot and report suspicious phishing email is also crucial,” she added.

 

We’re Urban Network, we can help save your Business.

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in boosting productivity. Ensuring we aid our clients with employing the best & most appropriate practices, procedures and tools to increase efficiency in the workplace.

If you have any concerns or challenges with your technology generally, we would like to hear from you. Please contact the team today.

 

News Source: https://www.zdnet.com/article/cybersecurity-this-password-stealing-hacking-campaign-is-targeting-governments-around-the-world/

 

Avoid ransomware by moving to the cloud, says AWS Public Sector boss

Avoid ransomware by moving to the cloud, says AWS Public Sector boss

 Amazon Web Services (AWS) worldwide public sector vice president Teresa Carlson believes the best place for governments to run their business securely is in the cloud.

Speaking at the AWS Public Sector keynote during AWS re:Invent on Wednesday, Carlson said the world is witnessing an increasingly complex security environment, with cities, states, and home of governments constantly targeted by cybersecurity attacks.

Carlson briefly walked through attacks that have targeted government entities in recent years, such as in Atlanta, which is still recovering from ransomware that crippled the city of Atlanta’s IT network last year, costing officials millions in recovery efforts.

 

“I was just in Johannesburg … the city there had a huge ransomware attack,” she said, noting that while ransom was paid, Johannesburg is still struggling to bring its systems back up.

Carlson also said she met with someone from the education sector recently who said they are getting attacked school by school and are paying in excess of $30,000 in ransom “because they don’t know what else to do”.

“So one of the things we actively talk about with government is a move to the cloud to in order to detect and defend potential cyberattacks,” Carlson said.

“And the good news is that there are some immediate steps you could take right now to protect the organisation, First, to have a viable backup in place for an effective solution to quickly restore.

“All these customers I talk to are running on data centres, unpatched, they talk about having a DR strategy — but guess what, they don’t have that.”

Touching on the City of Atlanta again, Carlson said data was lost and the devastation of this should not be minimised.

“This is an act of terror, this is an act of war,” she said.

“We have to treat this very differently.

“In fact, one of the things that I tell lawmakers is … these are like terrorist attacks. Our organisations, our government, our people, and we have to have laws in place … cloud is a good defender against it.”

There are three things Carlson said will help defend against attacks: Encrypt, backup, and inherit.

 

“All of our services are encrypted by default … and you can also inherit all the security policies and practices and architectures that are available to you,” she said. “Get yourself informed and understand that cloud is a really good way to defend against these … we have to get much more serious.”

Carlson was launching AWS’ new open source government resource catalogue, which aims to arm those in the public sector with standards and best practices for navigating the cloud world.

“The most senior leaders in government didn’t really understand what this whole cloud transformation thing was about … they want a catalogue of government resources,” she said.

Carlson said it will allow governments around the world to share information and best practices, and said AWS wants its customers to contribute to the information repository.

“There are such amazing solutions around the world and we want them to be shared,” she said.

Having used Capital One throughout his keynote on Tuesday as an example of a large company doing good things in the cloud, AWS CEO Andy Jassy was on Wednesday afternoon questioned by media on why he would parade an organisation that suffered a data breach.

“If you look at the major data breaches over the last five years, I think it’s about 26, 25 of them have been on-premises infrastructure,” he said.

“I don’t think this has shaken people’s confidence in any way in the cloud, we continue to see customers full-steam ahead.

“I think when most customers evaluate security posture in the cloud versus on-premises, they mostly come away believing their security posture is better in the cloud.”

Jassy said around eight years ago, security was one of the biggest barriers for government and the enterprise to use cloud, mainly because it was a very different type of technology.

“I would say that today, over the last five years, security has become one of the selling points of people moving to the cloud as they feel like they have stronger security posture in the cloud as they do on premises,” he said.

 

We’re Urban Network, we can help save your Business.

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in boosting productivity. Ensuring we aid our clients with employing the best & most appropriate practices, procedures and tools to increase efficiency in the workplace.

If you have any concerns or challenges with your technology generally, we would like to hear from you. Please contact the team today.

 

News Source: https://www.zdnet.com/article/avoid-ransomware-by-moving-to-the-cloud-says-aws-public-sector-boss/

 

Attackers Continue to Exploit Outlook Home Page Flaw

Attackers Continue to Exploit Outlook Home Page Flaw

FireEye issues guidance on locking down Outlook, claiming that security researchers, at least, are able to work around the patch issued by Microsoft.

A 2-year-old vulnerability in Microsoft Outlook continues to cause headaches for companies, as attackers are able to use a specific feature of the program to execute code and persist on previously infected systems, according to an advisory published by cybersecurity services firm FireEye.

The attack, which uses the Microsoft Outlook Security Feature Bypass Vulnerability (CVE-2017-11774) patched in October 2017, abuses the Outlook Home Page feature that allows a customized view to be shown for any e-mail folder. When exploited, the vulnerability allows code to run whenever an Outlook client homepage is opened. 

While the issue was patched, and the vast majority of companies have the update, attackers have been able to circumvent the fix to gain persistence on already-compromised systems, says Matthew McWhirt, senior manager at FireEye.

“We definitely continue to see the Home Page functionality being used by attackers, even though it was patched back in 2017, over two years ago,” he says. “We are also seeing attackers attempting to disable protections that the patch provides by circumventing some controls by modifying the registry on endpoints.”

The alert comes after the United States’ military warned in July that Iranian cyber espionage groups were using the issue as part of their attacks on targets in the United States, Europe, and the Middle East. Two Iranian groups — APT33 and APT34 — have used the attack since June 2018, according to FireEye. APT33, also known Elfin, has attacked industries and government agencies in the United States, Saudi Arabia, and South Korea, focusing the aerospace and oil-and-gas sectors. APT34, also known as Helix Kitten, has focused on financial, government, energy, chemical, and telecommunications targets in the Middle East and has operated since 2014.

Both groups seem to use the Outlook vulnerability as a way to gain persistence on systems that are already compromised. In addition, a recent submission to VirusTotal included an automated version of the attack for working around patched Outlook systems, FireEye stated in its alert.

“APT33 is a heavy user of this technique, and we have also seen APT34 using it as well,” McWhirt says. “I wouldn’t call it an ‘uptick’ — that is not why we are calling this out — but companies may think they are safe because they applied the Outlook patch, and they are not.”

In the automated version, submitted as an Excel file to VirusTotal, the persistence technique aims to modify the WebView registry key with an external URL in a type of cloud storage common to Azure, known as a storage blob, and has a method to “walk through the registry and reverse the … patch,” FireEye stated. Dark Reading could not confirm the existence of the file through a search on the hash provided by FireEye, but the company stated that the file appears to be attributable to an authorized red-team operation.

To foil such attacks, companies should enforce specific values for the registry keys used by the attack, or the use of Group Policy Objects (GPOs) in Windows. In its alert, FireEye listed the complete hardening guidelines that companies can put in place to prevent attackers from bypassing the Outlook patch.

“Without continuous reinforcement of the recommended registry settings for … hardening [against the attack], an attacker can add or revert registry keys for settings that essentially disable the protections provided by the patches,” FireEye warned in the alert.

While the specific attack appears to be industry-generated — with one security company detecting another security company’s exploit — malicious attackers and groups often adopt techniques pioneered by security researchers.

FireEye cautioned organizations to check to ensure that the specified registry changes do not break third-party applications that use the Outlook Home Page functionality. 

Because rolling back the patch’s hardening measures requires “some form of initial access,” the issue is not considered a failure of the patch by Microsoft, according to FireEye’s alert.

“However, the technique is under-reported, no public mitigation guidance is available, and — as a fresh in-the-wild example demonstrates … — initial access and patch overriding can be completely automated,” the alert stated.

 

We’re Urban Network, we can help save your Business.

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in boosting productivity. Ensuring we aid our clients with employing the best & most appropriate practices, procedures and tools to increase efficiency in the workplace.

If you have any concerns or challenges with your technology generally, we would like to hear from you. Please contact the team today.

 

News Source: https://www.darkreading.com/vulnerabilities—threats/attackers-can-circumvent-outlook-homepage-flaw/d/d-id/1336513

 

44 million Microsoft users reused passwords in the first three months of 2019

44 million Microsoft users reused passwords in the first three months of 2019

The Microsoft threat research team scanned all Microsoft user accounts and found that 44 million users were employing usernames and passwords that leaked online following security breaches at other online services.

The scan took place between January and March 2019.

Microsoft said it scanned user accounts using a database of over three billion leaked credentials, which it obtained from multiple sources, such as law enforcement and public databases.

The scan effectively helped Microsoft identify users who reused the same usernames and passwords across different online accounts.

 

PASSWORD RESETS HAVE ALREADY TAKEN PLACE

The 44 million total included Microsoft Services Accounts (regular user accounts), but also Azure AD accounts.

“For the leaked credentials for which we found a match, we force a password reset. No additional action is required on the consumer side,” Microsoft said.

“On the enterprise side, Microsoft will elevate the user risk and alert the administrator so that a credential reset can be enforced,” it added.

The OS maker has been a staunch advocate and promoter of multi-factor authentication (MFA) solutions.

Earlier this summer, the company said that enabling an MFA security measure for a Microsoft account blocks 99.9% of all attacks and that MFA bypass attempts are so rare its security team doesn’t even have statistics on this type of threat.

 

DETECTING 100% OF PASSWORD REUSE CASES IS IMPOSSIBLE

Microsoft typically warns against using weak or easy-to-guess passwords when setting up an account, but these warnings don’t cover password reuse scenarios.

This is because users might be using a complex password that would pass Microsoft’s checks, but Microsoft has no way of knowing if the user has reused that password in other places.

Once a third-party service has a security breach, and the user’s password is stolen and leaked online, this inadvertently puts the user’s Microsoft account at risk, despite having a strong password.

Hackers can take the leaked password and use it in an attempt to gain access to the user’s other accounts — such as Microsoft, Google, Facebook, Twitter, etc.. Microsoft calls this a “breach replay attack.”

A 2018 academic research study of 28.8 million user accounts found that password reuse and small modifications to the original password was common among 52% of users. The same study also found that 30% of the modified passwords and all the reused passwords can be cracked within just 10 guesses.

 

We’re Urban Network, we can help save your Business.

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in boosting productivity. Ensuring we aid our clients with employing the best & most appropriate practices, procedures and tools to increase efficiency in the workplace.

If you have any concerns or challenges with your technology generally, we would like to hear from you. Please contact the team today.

 

News Source: https://www.zdnet.com/article/44-million-microsoft-users-reused-passwords-in-the-first-three-months-of-2019/

 

4 Reasons why Security Awareness Training is very important

4 Reasons why Security Awareness Training is very important

 Back in 2018 data breaches cost UK organisations an average of £6.4 million.
Human error, meanwhile, accounted from anywhere between 60% and 90% of them.
Those facts alone are usually enough to convince people security awareness training is very important.
Usually….

As a Managed Service Provider, we can only advise our Client base of the benefits of why they need to introduce Security Awareness Training.

1. To prevent Data breaches and cyber attacks

Starting with the most obvious, security awareness training helps prevent data breaches.

The precise number of breaches security awareness training prevents is difficult to count. In an ideal world, we’d be able to run a controlled trial in which the exact same people working for the exact same company were divided into two groups: a control and a test group. The latter would be given training, the former would not. The two could then be compared to see the difference in knowledge.

Such situation is almost impossible – but that doesn’t mean advanced security awareness training providers are unable to demonstrate the ROI of security awareness software. Although an imperfect measure, it’s possible to measure the incidence and prevalence of breaches pre- and post-awareness campaigns and use the resulting metrics to glean an indication of ROI.

This is your first line of defence. If someone wants to access your device, they will first need to break this code. This is not an easy task, and can operate as a deterrent against theft. Some device manufacturers have an option to automatically wipe your device after a few unsuccessful attempts at your pass code or pin; so, even if your phone is stolen, your information cannot be accessed. For this reason, you should consider mobile device management for your users.

2. To influence company culture in security

A culture of security has long been seen as the holy grail for chief information security officers. Equally, such a culture is seen as notoriously difficult to achieve.

With the aid of security awareness training, some are heading in the right direction to gain this credible reputation.

By keeping an eye on indicators of culture, advanced security awareness training platforms can actually help security professionals monitor, nurture and develop a culture of security – making their people a proactive defence.

3. To make technological defences stronger

Technological defences are, clearly, a valuable weapon in preventing breaches. But technological defences require input from people. Firewalls need to be turned onto maximum security. Security warnings need to be acknowledged. Software needs to be constantly updated.

Few businesses today would dream of operating without technological defences. And yet, without security awareness training, technological defences are not used anywhere near their full potential.

To make matters worse, attackers today rarely bother attempting to penetrate businesses through purely technological means. Today’s attackers typically prefer to target people, who are sceptical but suffer from accidental clicking & lack of knowledge.

4. GDPR compliance

To be clear, compliance alone is no reason to introduce security awareness training. Those who introduce training solely to comply with regulations are heading for trouble.

But more and more regulators are demanding specific industries implement security awareness training throughout the entire Business.

Compliance can be a happy offshoot of security awareness training. Those who introduce it become more secure and, in many industries, meet a regulatory requirement to be secure & protected.

 

We’re Urban Network, we can help save your Business.

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in cyber security. Ensuring we aid our clients with employing the best & most appropriate security practices, procedures and tools to protect their sensitive data.

If you have any concerns or challenges with your cyber security, or with your technology generally, we would like to hear from you. Please contact the team today.

 

Your servers are full of Data, Cyber Criminals love them.

Your servers are full of Data, Cyber Criminals love them.

P 37% of cyber attacks are discovered directly on servers, making them the most likely place to identify an attack within an organisation. That’s one of the alarming stats taken from a recent survey of 2,700 IT managers around the world.

 

 But why are servers such tempting targets for cyber hackers?

1. Servers are at high value

Servers often contain an organisation’s most valuable data. For example, personally identifiable information (PII) such as employee and customer records could be stolen if they’re not adequately secured (for example, with encryption) on the server.

Regulations, such as the strongly introduced GDPR that protects EU citizens’ data, levy significant fines for non-compliance. Attackers know this and will threaten to release sensitive data if their demands are not met.

2. Server downtime is very costly

Servers are the motherboard of organisations and are critical to their day-to-day functioning. Unexpected downtime can seriously impact productivity by revoking access to important files or communication tools such as Microsoft Teams. Ransomware attacks can cause organisations to grind to a halt unless a costly ransom is paid.

In instances where an organisation is reliant on servers for commercial function downtime can be even more severe.

3. Servers are the perfect staging ground to attack

Servers are usually strongly connected in an organisation’s network. They are also online & running 24/7 all year round, which makes them an ideal platform for launching further attacks and performing reconnaissance looking for weak spots to exploit across the entire network. If you can’t identify a compromised server, the gates to your IT stronghold could be wide open to the elements.

So what can be done in order to secure your organisation’s servers? The answer is in the right combination of advanced protection, visibility with powerful tools like Endpoint Detection and Response (EDR) and server specific features such as File Integrity Monitoring.

With Sophos Sandstorm, you’ll receive a next-gen advanced threat defence. It provides a whole new level of targeted attack protection, visibility & Analysis. IT can quickly & accurately identify evasive threats before they enter your network.

What other solutions miss, Sophos Sandstorm uses powerful, cloud-based, next-generation sandbox technology.

 

We’re Urban Network, we can help save your Business.

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in cyber security. Ensuring we aid our clients with employing the best & most appropriate security practices, procedures and tools to protect their sensitive data.

If you have any concerns or challenges with your cyber security, or with your technology generally, we would like to hear from you. Please contact the team today.

 

GDPR Fines are nasty, here’s a few ways to avoid them.

GDPR Fines are nasty, here’s a few ways to avoid them.

In the recent months as you’re well aware of, both British Airways (BA) and Marriott Hotels have hit the headlines because of eye-watering GDPR fines – £183 million for BA and £99 million for Marriott.

The fines show that the GDPR (General Data Protection Regulation), has given enforcers like the UK’s ICO (Information Commissioner’s Office), some serious tools to play with. BA’s fine is almost 400 times larger than the ICO’s previous record fine – a unworthy $645,000 penalty handed to Facebook for the Cambridge Analytica scandal.

With these new fines in play, we highly recommend you make sure you’ve minimised your risk of being next in the firing line.

GDPR is focused on protecting European Union citizens and it applies to anyone who holds personal data on an EU citizen, wherever in the world you are located. Marriott, a U.S. organisation, is a case in point.

Here are five best rules we recommend all organisations stick to, in order to minimise the risk of a GDPR data loss fine:

  1. Patch early, patch often. Minimise the risk of a cyber attack by fixing vulnerabilities that can be used to gain entry to your systems illegally. There is no perimeter, so everything matters: patch everything you can get hold of.
  2. Secure personal data that’s in the cloud. Treat the cloud like any other computer you own – close unwanted ports and services, encrypt data and ensure you have proper access controls in place. And do it on all your environments, including QA and development.
  3. Minimise access to personal data. Reduce your exposure by collecting and retaining only the information you need, and making sure the only people with access to it are the people who need it to do their jobs. Not everyone needs access to certain data.
  4. Educate your entire team. Ensure that everyone who might come in to contact with personal data knows how they need to handle it – this is a GDPR requirement. Whether they’re invovled with computers or not, everyone needs to know.
  5. Document and prove data protection activities. Be able to show that you have thought about data protection, and have taken sensible precautions to secure personally identifiable information.

We can help

Urban Network can perform tests on your systems to ensure they are protected, as well as information that your business is conforming to best practice, including penetration testing and intrusion testing, however the very basic elements of patching endpoints with vendor security patching, and ensuring antivirus is up to date is the often overlooked start point.

Our Sentinel monitoring software can cover these elements of your network, and coupled with one of our recommended Enterprise Firewalls, the basics are all covered.

To add extra layers of additional security, Urban Network can liaise with you to ensure that there are comprehensive policies in place for password control, access control and network housekeeping and importantly remote access and BYOD policies. We can look at the current implementations of any other facet of your network, and give advice on industry best practices to ensure your business is sufficiently covering your risk.

 

We’re Urban Network, we can help save your Business.

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in cyber security. Ensuring we aid our clients with employing the best & most appropriate security practices, procedures and tools to protect their sensitive data.

If you have any concerns or challenges with your cyber security, or with your technology generally, we would like to hear from you. Please contact the team today.

 

With the power of Firewall, you can prevent Ransomware.

With the power of Firewall, you can prevent Ransomware.

Ransomware has vaulted to the top of the news, again. With devastating attacks continuing to impact governments, education and business operations in multiple states, counties and countries, With the United States being the most recent under attack.

Capital One was a major firm recently caught under fire of Ransomware.

These attacks can start in a number of different ways – some start with a simple phishing email, others begin with hackers leveraging vulnerabilities in networking stacks to gain a foothold and move quickly to other systems on the network. One of the most devastating network vulnerability exploited in a ransomware attack was Capital One a couple of months ago.

Since then, new vulnerabilities have been discovered, but there are still many networks out there that are vulnerable.

Unfortunately, many of these un-managed networks stack vulnerabilities that are ‘wormable’ which means that hackers & malware can exploit these holes in an automated method with no user interaction, enabling the infection to spread quickly and easily to a wide group of systems.

Of course, deploying an industry leading protection product like Sophos SG Series, and maintaining a strict patch management strategy are top best practices. But there are also other best practices you should consider to help keep ransomware, hackers, and attacks off your network in the first place.

Your firewall provides essential protection against exploits by closing up or protecting vulnerable ports, as well as blocking attacks using an Intrusion Prevention System (IPS). IPS looks at network traffic for vulnerabilities, and exploits and blocks any attempt for attackers to get through your network perimeter or even cross boundaries or segments within your internal network.

Here are the essential firewall best practices to prevent ransomware attacks from getting into and moving laterally on your network:

 

  • Reduce the surface area of attack: Review and revisit all port-forwarding rules to eliminate any non-essential open ports. Where possible use VPN to access resources on the internal network from outside rather than port-forwarding. Specifically for RDP, ensure port 3389 is not open on your firewall.
  • Apply IPS protection: Apply suitable IPS protection to the rules governing traffic to/from any Windows hosts on your network.
  • Minimise the risk of lateral movement: Protect against threats moving laterally on your network and consider segmenting your LANs into smaller sub-nets, assigning those to separate zones that are secured by the firewall. Apply suitable IPS policies to rules governing the traffic traversing these zones to prevent worms and bots from spreading between LAN segments.

We’re Urban Network, we can help save your Business.

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in cyber security. Ensuring we aid our clients with employing the best & most appropriate security practices, procedures and tools to protect their sensitive data.

If you have any concerns or challenges with your cyber security, or with your technology generally, we would like to hear from you. Please contact the team today.

 

Everything in Texas is huge, including the Cyber Attacks.

Everything in Texas is huge, including the Cyber Attacks.

Texas is a big state. Stupidly big. With up to 30 million residents it’s the second largest state in America, it has a land mass twice the size of Germany, and a GDP larger than Russia. Texans like to say, “Everything is bigger in Texas”, and usually that’s a good thing to brag about. However, this time bigger certainly isn’t better.

News hit a few weeks back that 22 government organisations in the Lone State were recently under attack by coordinated & intelligent ransomware attacks. It’s a bright reminder that as attacks continue to evolve, it’s crucial that your defences evolve even faster.

 

How do I make sure I’m not involved with an intelligent ransomware attack?

So how can you help ensure your organisation isn’t the next ransomware victim?

To hit the ground running, does your solution provide or have industry-leading technology to ensure attackers can’t use un-patched, vulnerable software programs to distribute and install ransomware into your systems?

Urban Network can perform tests on your systems to ensure that systems are secure, and your business is conforming to best practice, including penetration testing and intrusion testing, however the very basic elements of patching endpoints with vendor security patching, and ensuring antivirus is up to date is the often overlooked start point.

Should that not stop an attack – or should an exploit not be leveraged – how will your solution stop attacks it’s never seen before?

Our Sentinel monitoring software can cover these elements of the network, and coupled with one of our recommended Enterprise Firewalls, the basics are covered.

To add layers of additional security, Urban Network can liaise with you to ensure that there are comprehensive policies in place for password control, access control and network housekeeping and importantly remote access and BYOD policies. We can look at the current implementations of any other facet of your network, and give advice on industry best practices to ensure your business is sufficiently covering your risk

Keeping a continued eye on the security that is deployed in your systems.

 

We’re Urban Network, we can help save your Business.

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in cyber security. Ensuring we aid our clients with employing the best & most appropriate security practices, procedures and tools to protect their sensitive data.

If you have any concerns or challenges with your cyber security, or with your technology generally, we would like to hear from you. Please contact the team today.