Introduction

SonicWall recently disclosed that its firewall appliances contain vulnerabilities within the code utilized for remote management.

Technical Information

To exploit the vulnerability an attacker would need access to the remote management interface of the firewall.  Tier1Net’s standard supported configuration mitigates against this vulnerability by blocking all public access to a firewall’s management interface.  Furthermore, SonicWall has stated that it has not received any reports of this vulnerability being actively exploited.

Steps Taken by Tier1Net

Tier1Net has identified all impacted firewalls within its customer and cloud networks and will be deploying patches once internal testing is complete.

Further Information

To view SonicWall’s vulnerability notification please visit: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009

Leading Next Generation Managed Services Provider Deepens FinTech Roots in New England

Thrive, a premier provider of Next Generation Managed Services, proudly announced today that it has acquired Tier1Net of Woburn, MA, a Financial Services sector focused Managed Services Provider. Tier1Net is now the fifth company to be acquired by Thrive under private equity owner, M/C Partners, along with Corporate IT Solutions of Norwood, MA, Precision IT Group of New York, NY, BizCompass of Westbrook, ME, and InfoHedge Technologies of New York, NY.

The acquisition of Tier1Net further strengthens Thrive’s New England Financial Services expertise with a strong and a talented engineering staff and extensive vertical industry knowledge. Tier1Net’s commitment to the Financial Services aligns well with Thrive’s long history of providing world-class next generation services to optimize the performance of financial business applications.

“We’re extremely excited to be partnering with Tier1Net to expand Thrive’s Financial Services practice in New England. Their long-term, loyal customers will be well-served by the combination of Thrive’s enhanced suite of Cybersecurity, Public, Private & Hybrid Cloud Next Generation Managed Services, along with Tier1Net’s Financial Services knowledge and commitment,” stated Rob Stephenson, Chief Executive Officer of Thrive.

“The combination of Thrive and Tier1Net is truly a technology gamechanger for New England Financial Institutions,” added Marc Capobianco, Tier1Net Chief Executive Officer. “The expanded product and services capabilities that our clients will gain as a result of this transaction will benefit them all. It’s a pleasure to be joining this first-class organization that has become one of the leading MSPs in the Northeast.”

Mr. Capobianco, Founder and Chief Executive Officer of Tier1Net, will join Thrive as an Executive Vice President and managing partner leading the New England & Corporate FinTech Practice. Matt Chabot, Co-Founder and Chief Technology Officer of Tier1Net, will also become a Thrive executive in a senior technology role reporting to Mr. Capobianco and overseeing the New England Financial Services practice.

“The acquisition of Tier1Net marks another advancement of growth in Thrive’s strategic mission,” said Gillis Cashman, Thrive’s Chairman and Managing Partner at M/C Partners. “As the fifth acquisition that M/C Partners has overseen for Thrive, we are thrilled at the opportunity to continue to capitalize on their success as the leading Next Generation Managed Services Provider.”

About Thrive
Thrive is a leading application enablement provider for Enterprises in a Cloud and SaaS-based world. As one of the largest Managed Services Providers in the United States, Thrive optimizes business application performance with their Suite of Next Generation Managed Services, which include Public, Private & Hybrid Cloud management, Cybersecurity, Networking, Disaster Recovery and more. Thrive’s Next Generation Platform helps compliance-driven businesses solve complex IT problems by delivering peak application performance around the globe, 24×7. For more information, visit http://www.thrivenetworks.com

SEC Issues Risk Alert on Cloud Storage of Client Records

 

Marc Capobianco

The U.S. Securities and Exchange Commission (SEC) has commenced a series of cybersecurity examinations on registered investment advisers (RIA’s).  It is evident the SEC is committed to understanding Cyber-related risks not only at RIAs, but with RIAs’ technology partners.  RIA’s are not able to simply move their client data and workloads to a third party cloud provider and consequently shift the compliance requirements to the cloud provider.  RIA’s must carefully assess their entire attack surface and implement a configuration management program that includes policies and procedures governing data classification, vendor oversight and proper security configuration to mitigate the risk of cloud-based providers.  As more firms continue to transition to cloud-based solutions, cybercriminals are simply shifting their focus and adapting their tactics to locate and steal valuable data.

What actions should your firm take when moving to a cloud provider?

1.  Enable advanced security features offered by the cloud provider.
-Enable data encryption (at rest and in transit)
-Enforce password complexity, account logouts and multi-factor authentication
-Enable audit tracking and event logging
-Disable legacy and weak authentication protocols
2.  Implement policies and procedures designed to support the installation, ongoing maintenance and regular reviews of cloud providers.
3.  Establish a baseline security standard and guidelines for security controls to ensure each cloud instance is properly configured.
4.  Implement vendor management policies and procedures that include regular patch management and hardware updates. Review and verify whether patches or updates did not unintentionally alter or weaken the established baseline security configuration.

For more information on this SEC Risk Alert please see:  https://www.sec.gov/files/OCIE%20Risk%20Alert%20-%20Network%20Storage.pdf

#compliance #cybersecurity #OneStepAhead

On May 19th several members of our team at Tier1Net will be participating in the American Diabetes Association: #TourDeCure: North Shore out of Topsfield MA. The Tour de Cure is more than just a ride, walk or run– it is a celebration of the ADA’s mission and a chance to raise critical funds to help fight diabetes. One in 11 Americans currently lives with this disease, and every 21 seconds someone in the US is newly diagnosed. We at Tier1 have made this an annual event to show our support for our colleagues that live with diabetes. We are looking forward to a fun-filled afternoon of friendly competition, food and fundraising!  To learn more about the event or if you’d like to support us in our fundraising efforts click HERE

Introduction

A critical vulnerability impacting Dell’s SupportAssist software could allow a remote attacker to execute code with admin privileges on impacted devices.  SupportAssist is installed by default on all Dell laptops and PCs and may also be installed or updated when visiting Dell’s Support website.

Technical Information

To exploit the vulnerability an attacker could lure a target to a malicious web page which would then allow remote code to compromise the SupportAssist tool.  Since the SupportAssist tool has admin privileges the attacker would then have full access into the system.

Steps Taken by Tier1Net

Tier1Net has identified all impacted devices within its customer networks and is deploying the patch which was recently released by Dell.  The patch should run with no user intervention required.

Recommendation for Home Users

For home users with Dell PCs please visit this Tier1Net knowledgebase article for instructions on identifying whether SupportAssist is installed and in need of the update.

Additional Information

https://www.dell.com/support/article/us/en/19/sln316857/dsa-2019-051-dell-supportassist-client-multiple-vulnerabilities?lang=en
https://www.zdnet.com/article/dell-laptops-and-computers-vulnerable-to-remote-hijacks/

Earlier this week, the SEC’s Office of Compliance Inspections and Examinations (OCIE) published a risk alert for Investment Advisers and Broker-Dealers regarding compliance issues related to Regulation S-P – Privacy Notices and Safeguard Policies.

The key areas identified by the OCIE were failure of firms to provide clients with privacy and opt-out notices, lack of policies and procedures and policies not implemented or reasonably designed to safeguard customer records and information.

Recent SEC examinations identified the following areas as most frequent compliancy deficiencies. 

What steps should your firm be taking?

Personal Devices: Ensure that employees do not regularly store or maintain customer information on their personal laptop without having policies and procedures to address how these devices are to be properly configured to safeguard the customer information.

Electronic Communication: Ensure your firm has policies and procedures to address the inclusion of customer personally identifiable information (PII) in electronic communication.

Training and monitoring: Maintain policies and procedures that require customer information to be encrypted, password-protected, and transmitted using only firm approved methods.  Secondly, provide adequate training and monitoring on these procedures to ensure they are being properly adhered to.

Unsecure networks: Implement policies & procedures to prohibit employees from sending customer PII to unsecure locations outside of the firm’s network.

Outside vendors: Require outside vendors to contractually agree to keep customers’ PII confidential.

PII inventory: Maintain an inventory and identify all systems on which customer PII is maintained.

Incident response plans: Maintain a written incident response plan that identifies and addresses role assignments for implementing the plan, actions required to address a cybersecurity incident, and assessments of system vulnerabilities.

Unsecure physical locations: Ensure customer PII is stored in secure physical locations.

Login credentials: Ensure customer login credentials are not disseminated to more employees than permitted under firms’ policies and procedures.

Departed employees: Maintain controls to ensure former employees do not retain access rights after their departure.

For more information please visit:  https://www.sec.gov/files/OCIE%20Risk%20Alert%20-%20Regulation%20S-P.pdf

#Compliance #OneStepAhead #GetTier1Net

 

Tier1Net welcomes Mike Shipka to the help desk team! Mike began his career way back in high school where he volunteered in the IT Department. He comes to us with several years of hands-on help desk experience, most recently supporting hundreds of users at Southern New Hampshire University.  In his spare time, when not tinkering with computers or playing video games, he can be found volunteering at the local cable access station and photographing live events.

By Marc Capobianco

This past week, I had the opportunity to spend two days in Washington DC at the IAA’s 2019 Investment Advisor Compliance Conference.  These two days were packed with sessions from SEC Commissioner Robert J. Jackson Jr., director of SEC Division of Investment Management, Dalia Blass, many other top SEC rulemakers, OCIE Officials and industry experts. Despite the 35-day government shutdown, the agency is hard at work on many new initiatives.

Financial institutions continue to be one of the top targets for Cybercriminals.  New data privacy laws are trying to keep pace with the rapid changing threat landscape. With GDPR approaching its one year anniversary in May, California recently passed sweeping legislation to enhance privacy rights and consumer protections for residents in the state of California.  This new act known as California Consumer Privacy Act (CCPA) is set to take effect January 1, 2020

Tier1Net is closely monitoring the latest developments from both Federal and State Legislative Agencies and working with our technology partners and clients to provide simple, secure, and compliant technology offerings.

#Compliance  #OneStepAhead   #GetTier1Net

Google recently announced a zero-day vulnerability within its Chrome web browser and released a notification that the vulnerability is actively being exploited in the wild.  At this time they have provided very limited technical details on the exact nature of the vulnerability but reports indicate that if successfully exploited an attacker could remotely run arbitrary code on a PC.

As a result, Tier1Net has executed a script to update all instances of Google Chrome running on Tier1Net managed PCs which are susceptible to this vulnerability.

Regardless, it is highly recommended to verify that your PC’s instance of Google Chrome is running version 72.0.3626.121.

For more information on checking Google Chrome’s version and updating it please click here

By Marc Capobianco

Financial Services sector continues to be a lucrative target for cybercriminals, with statistics showing data breaches rose 480% for this industry in 2018 alone. Email phishing remains the avenue of choice for cybercriminals and accounts for 92% of all attacks.  Unlike the past occasional phishing emails one might receive, which seemed obvious to spot (i.e. the rich Nigerian prince with millions tied up in a central bank who just needs $10,000), today’s phishing efforts are constant and Cybercriminals are leveraging advanced machine learning techniques to evade most modern firewall and endpoint detections systems.

 Today’s more elaborate phishing attacks often mimic an email from a co-worker, a vendor or bank that you regularly do business with, a client, or a website that you frequent (Netflix, Amazon).  The email looks legitimate and might be about a recent payment declined, your order being returned, or the status of an invoice payment.  The victim clicks the embedded link to review the order or account details and is taken to a fake website that looks identical to the legitimate website.  This fake web site may be using a disposable domain name that was set up for a very specific attack and will then vanish after the cybercriminal has siphoned the necessary data from their victim.

How to stay one step ahead?

Recommended Actions: 

1.        Implement Advanced Perimeter Anti-Spam Filtering Service with URL Defense

Advanced Email Protection services filter and quarantine inbound junk mail and spoofed emails in an individual quarantine while denying delivery for items containing known viruses or malicious content. URL Defense protects financial firms against targeted spear phishing attacks, zero-day exploits and advanced persistent threats.  URL defense employs sophisticated techniques to perform real-time dynamic analysis of the embedded URL in the e-mail protecting the user from accessing malicious, fake web sites or command and controller centers.

2.        Leverage Secure DNS Servers

Many organizations rely on public DNS servers from their ISP to direct web traffic to the appropriate domain name.  However, traffic can be directed to malicious or fake websites using newly registered domains, disposable domains, and other phone home command and control centers. Tier1Net recommends leveraging Secure DNS servers for name resolution and web browsing. These secure DNS servers use the Internet’s infrastructure to block malicious destinations before a connection is ever established identifying targeted attacks.

3.        Endpoint Protection with Artificial Intelligence

With more than 400,000 new viruses discovered daily, traditional anti-virus software is simply unable to keep pace.  Tier1Net recommends enhancing traditional AV software by adding on Intelligent Endpoint Protection and endpoint detection and response (EDR) that utilizes Machine Learning to protect against zero-day attacks.

Read more at https://techcrunch.com/2019/02/23/icann-ongoing-attacks-dns/

Contact Tier1Net to learn more about how Tier1Net is mitigating this risk with its Financial Services Cybersecurity Framework.

#OneStepAhead  #Cybersecurity  #GetTier1Net