A vulnerability in the WiFi WPA2 security protocol which was discovered several months ago was made public earlier today.  The vulnerability named KRACK impacts the underlying WiFi WPA2 security protocol itself so all devices that interact with a WiFi network are potentially vulnerable.  This includes mobile phones, laptops and IoT devices (e.g., Alexa, Nest, etc).  To exploit the vulnerability a 3rd party would need to be within range of the wireless network to which a device is connected.  If exploited the vulnerability would allow a 3rd party to intercept and read traffic originating from a device and potentially inject malicious code into that traffic.  However, the 3rd party would NOT be able to read or inject code into any traffic that was sent over an encrypted session such as a HTTPS secured website or a VPN connection.  Furthermore, though the vulnerability has been made public, the code in which to exploit it has not been made public so there is little risk of widespread attacks.

Vendors were alerted of this vulnerability when it was first discovered in August and some have already released patches.  Apple and Microsoft devices are much less likely to be exploited due to the way in which they implement the WPA2 protocol.  Both have also issued statements that they have already patched the issue within their respective Operating Systems.  Google has acknowledged its aware of the issue but will not have a patch for its Android OS for several weeks.  Tier1Net is currently working with its WiFi vendor partners to obtain and deploy patches to Wireless Access Points as they become available.

In the meantime, Tier1Net recommends avoiding public WiFi hotspots unless your respective device is running the latest version of its Operating System with all appropriate security patches installed.  For a full list of vendors and their patch release dates please see: http://www.kb.cert.org/vuls/id/228519

For more information or assistance please contact Tier1Net Support at 781-935-8050 or at HELP@TIER1NET.NET.

A new Ransomware attack named GoldenEye is rapidly spreading throughout Europe and Asia shutting down businesses and government networks alike.

Details are still emerging but experts believe the GoldenEye Ransomware attack is exploiting the same Windows vulnerabilities that were targeted by the WannaCry ransomware attack.  Microsoft released a patch to this vulnerability in March which was distributed to all potentially vulnerable PCs and servers via Tier1Net’s Windows Update services.

Nonetheless, it is possible this new Ransomware variant can exploit heretofore unknown exploits within Windows so Tier1Net recommends alerting all employees to be extra vigilant of all emails which request the recipient to click a link within the body of the email.  The GoldenEye attack has been using common phishing techniques so employees should be warned to suspect even emails coming from supposed trusted sources.

For more information or assistance please contact Tier1Net Support at 781-935-8050 or at help@tier1net.net.

 

 

The WannaCry ransomware is a perfect illustration of an attack which exploits multiple vulnerabilities within a network.

•  First it attempts to trick users into opening ransomware with common email phishing techniques
•  Then it attempts to exploit a Windows vulnerability to encrypt company data and hold it for ransom.
•  Finally it attempts to spread itself by infecting other PCs within the network.

There is no single solution to prevent cybersecurity threats such as WannaCry as they always attempt to expose multiple vulnerabilities within a company.  Tier1Net protects its clients against current and future cybersecurity threats by leveraging a balanced approach of prevention, education and redundancy.

How Do Tier1Net’s Managed Services Prevent Cybersecurity Threats?

Prevention:

•  Emails are scanned for known virus signatures, phishing techniques and potentially dangerous email attachments.
•  Network traffic is scanned at the perimeter by firewalls which examine all incoming and outgoing traffic for viruses and intrusions.
•  Tier1Net’s Managed Workplace solution automatically deploy patches to known vulnerabilities within a network.
•  Tier1net leverages advanced antivirus clients and internal network intrusion detection services to detect and prevent attacks from within the network.

Education: 

•  Tier1Net’s email phishing campaigns educate your employees on common email phishing techniques so they won’t be so easily fooled by the real thing.

Redundancy/Business Continuity:

•  Tier1net’s Disaster Recovery services provide the redundancy necessary to quickly recover from a cybersecurity attack.  Within minutes of an outbreak Tier1Net can quickly restore data from hourly snapshots which run seamlessly to protect corporate data.

It is this multilayered approach to Cybersecurity and data redundancy that Tier1net has specifically designed to prevent attacks and recover quickly should one ever occur.

If you have any questions about the WannaCry ransomware campaign or would like to learn more about Tier1Net’s services please email us at help@tier1net.net or call our office at (781)935-8050.

Thank you.

Tier1Net

Please join us in welcoming Eric Johnson to our Help Desk team!

  
Eric graduated from UMass Lowell with a degree in Information Technology. Eric’s broad range of technical expertise and proven track record of successfully supporting over 100 clients throughout New England for the past five years makes him the perfect addition to our staff. 

 

 

 

Last week’s “massive” Amazon cloud service outage lasted 4 hours and crippled businesses that were overly reliant on cloud hosted services.  It is for this reason that Tier1Net recommends a balanced hybrid approach.  This allows customers to benefit from the ubiquity of cloud hosted data in combination with the security and flexibility of privately stored data.  Tier1Net has developed a service which allows customers to store and access their data within their own private networks while at the same time leveraging Tier1Net’s cloud  where the data is synchronized and available in real-time.   Should an outage occur within the customer’s private network the data is available within the cloud, and in the unlikely event Tier1Net experiences an outage within its cloud the data is available from within the customer’s private network.

To learn more about Tier1net’s hybrid cloud solutions contact us at 781-935-8050.

Tier1Net is pleased to announce the addition of Dmitry Davidenko to our Engineering Team. Dmitry attended University of Southern Maine where he graduated with a degree in Business Management. He lives locally with his wife and 3 1/2 year old daughter.

Tier1Net is pleased to introduce Amy McKinnon as the newest member of our team.  Amy holds a bachelor’s degree in Business Administration from Salem State and brings over six years of experience in customer service and administrative support.  We are proud to welcome Amy to our team as office manager. 

 

 Please find Amy’s contact information below.

 Phone 781-935-8050 x-105

e-mail: amckinnon@tier1net.com

Last year, Intel announced that it will be discontinuing the majority of its McAfee Email Security Solutions as of January 2017.  Increasing its focus on other security areas, Intel will be exiting from several product areas, including McAfee Email Protection, or “AntiSpam.”

To help smooth the transition for existing McAfee Email Security customers, Intel/McAFee has identified Proofpoint as the supported alternative for McAfee Email Security Solutions, including AntiSpam service.  Proofpoint has been a leader in the Gartner Magic Quadrant for Secure Email Gateway for 7 consecutive years and is trusted by over half of the Fortune 100 to protect their organizations.  Proofpoint has products that not only match McAfee’s discontinued Email Security Solutions but also extend protection with more feature rich enhancements.  Proofpoint also has products that extend to adjacent messaging areas such as Archiving and Encryption.

Tier1Net has been working with Proofpoint since McAfee’s announcement and feels confident in moving forward with this transition.

Over the next ninety days, Tier1Net will be migrating all McAfee AntiSpam accounts to Proofpoint.  The migration to Proofpoint will be a simple overnight transition and will not interrupt your company’s mail flow or email security.    All existing approved senders and blocked senders will migrate to the new Proofpoint platform, and your employees will continue to receive daily quarantine reports.

Please contact us if you have any questions.

 

VMWare has scheduled the end of general support of its ESXi 5.0 and ESXi 5.1 hypervisors for August 24th, 2016.

The ESXi hypervisor is software which allows multiple virtual servers to share a single hardware host.

After the end of general support, VMWare will no longer release security updates or provide support for the ESX 5.0 and 5.1 hypervisors.

Unsupported software is vulnerable to outside threats and poses significant security risks.  In accordance with cybersecurity best practice, Tier1Net recommends upgrading all impacted servers to a supported VMWare ESXi hypervisor.

Tier1Net will be reaching out directly to all affected clients to review upgrade options.

If you have any questions, please contact our office at (781)935-8050.

A new ransomware spam campaign has been detected.  Cerber Ransomware is a file-encrypting virus distributed via spam email.  Cerber is designed to rename and encrypt file extensions on your machine, forcing you to purchase a decryption key from the perpetrators of this ransomware.

The Cerber Ransomware will appear as a spam email containing an RTF file attachment.  The spam email will have forged header information and may have a request to “Please check your invoice attached.”  The RTF attachment contains the Cerber Ransomware virus.  Victims of Cerber must open the RTF attachment in order to be infected with ransomware.

Please see below for an example of the Cerber Ransomware Spam Email.

How This Impacts You

Please alert all employees to not open any RTF file attachments from email.

Tier1Net has recently blocked RTF files through McAfee Email Security, so any Cerber Ransomware Spam Emails sent after 2:00pm on April 28, 2016 will be blocked for all clients enrolled in McAfee Email Security.

If you already received a Cerber Ransomware Spam Email, please do not open the RTF attachment.  Please delete the spam email permanently from your machine.  You cannot be infected with the virus if you do not open the attachment.

If anyone believes they have been infected by Cerber Ransomware, please contact Tier1Net immediately.

 

Steps Tier1Net is Taking

Tier1Net has recently blocked RTF files through McAfee Email Security which will deny delivery of any Cerber Ransomware Spam Emails.

Tier1Net encourages all clients to be vigilant as always about suspicious emails with attachments. Never open any file attachments without confirming authenticity with the sender first.

 

If you have any questions about the Cerber ransomware campaign, please call our office at (781)935-8050.