The WannaCry ransomware is a perfect illustration of an attack which exploits multiple vulnerabilities within a network.

•  First it attempts to trick users into opening ransomware with common email phishing techniques
•  Then it attempts to exploit a Windows vulnerability to encrypt company data and hold it for ransom.
•  Finally it attempts to spread itself by infecting other PCs within the network.

There is no single solution to prevent cybersecurity threats such as WannaCry as they always attempt to expose multiple vulnerabilities within a company.  Tier1Net protects its clients against current and future cybersecurity threats by leveraging a balanced approach of prevention, education and redundancy.

How Do Tier1Net’s Managed Services Prevent Cybersecurity Threats?

Prevention:

•  Emails are scanned for known virus signatures, phishing techniques and potentially dangerous email attachments.
•  Network traffic is scanned at the perimeter by firewalls which examine all incoming and outgoing traffic for viruses and intrusions.
•  Tier1Net’s Managed Workplace solution automatically deploy patches to known vulnerabilities within a network.
•  Tier1net leverages advanced antivirus clients and internal network intrusion detection services to detect and prevent attacks from within the network.

Education: 

•  Tier1Net’s email phishing campaigns educate your employees on common email phishing techniques so they won’t be so easily fooled by the real thing.

Redundancy/Business Continuity:

•  Tier1net’s Disaster Recovery services provide the redundancy necessary to quickly recover from a cybersecurity attack.  Within minutes of an outbreak Tier1Net can quickly restore data from hourly snapshots which run seamlessly to protect corporate data.

It is this multilayered approach to Cybersecurity and data redundancy that Tier1net has specifically designed to prevent attacks and recover quickly should one ever occur.

If you have any questions about the WannaCry ransomware campaign or would like to learn more about Tier1Net’s services please email us at help@tier1net.net or call our office at (781)935-8050.

Thank you.

Tier1Net

Please join us in welcoming Eric Johnson to our Help Desk team!

  
Eric graduated from UMass Lowell with a degree in Information Technology. Eric’s broad range of technical expertise and proven track record of successfully supporting over 100 clients throughout New England for the past five years makes him the perfect addition to our staff. 

 

 

 

Last week’s “massive” Amazon cloud service outage lasted 4 hours and crippled businesses that were overly reliant on cloud hosted services.  It is for this reason that Tier1Net recommends a balanced hybrid approach.  This allows customers to benefit from the ubiquity of cloud hosted data in combination with the security and flexibility of privately stored data.  Tier1Net has developed a service which allows customers to store and access their data within their own private networks while at the same time leveraging Tier1Net’s cloud  where the data is synchronized and available in real-time.   Should an outage occur within the customer’s private network the data is available within the cloud, and in the unlikely event Tier1Net experiences an outage within its cloud the data is available from within the customer’s private network.

To learn more about Tier1net’s hybrid cloud solutions contact us at 781-935-8050.

Tier1Net is pleased to introduce Amy McKinnon as the newest member of our team.  Amy holds a bachelor’s degree in Business Administration from Salem State and brings over six years of experience in customer service and administrative support.  We are proud to welcome Amy to our team as office manager. 

 

 Please find Amy’s contact information below.

 Phone 781-935-8050 x-105

e-mail: amckinnon@tier1net.com

Last year, Intel announced that it will be discontinuing the majority of its McAfee Email Security Solutions as of January 2017.  Increasing its focus on other security areas, Intel will be exiting from several product areas, including McAfee Email Protection, or “AntiSpam.”

To help smooth the transition for existing McAfee Email Security customers, Intel/McAFee has identified Proofpoint as the supported alternative for McAfee Email Security Solutions, including AntiSpam service.  Proofpoint has been a leader in the Gartner Magic Quadrant for Secure Email Gateway for 7 consecutive years and is trusted by over half of the Fortune 100 to protect their organizations.  Proofpoint has products that not only match McAfee’s discontinued Email Security Solutions but also extend protection with more feature rich enhancements.  Proofpoint also has products that extend to adjacent messaging areas such as Archiving and Encryption.

Tier1Net has been working with Proofpoint since McAfee’s announcement and feels confident in moving forward with this transition.

Over the next ninety days, Tier1Net will be migrating all McAfee AntiSpam accounts to Proofpoint.  The migration to Proofpoint will be a simple overnight transition and will not interrupt your company’s mail flow or email security.    All existing approved senders and blocked senders will migrate to the new Proofpoint platform, and your employees will continue to receive daily quarantine reports.

Please contact us if you have any questions.

 

VMWare has scheduled the end of general support of its ESXi 5.0 and ESXi 5.1 hypervisors for August 24th, 2016.

The ESXi hypervisor is software which allows multiple virtual servers to share a single hardware host.

After the end of general support, VMWare will no longer release security updates or provide support for the ESX 5.0 and 5.1 hypervisors.

Unsupported software is vulnerable to outside threats and poses significant security risks.  In accordance with cybersecurity best practice, Tier1Net recommends upgrading all impacted servers to a supported VMWare ESXi hypervisor.

Tier1Net will be reaching out directly to all affected clients to review upgrade options.

If you have any questions, please contact our office at (781)935-8050.

A new ransomware spam campaign has been detected.  Cerber Ransomware is a file-encrypting virus distributed via spam email.  Cerber is designed to rename and encrypt file extensions on your machine, forcing you to purchase a decryption key from the perpetrators of this ransomware.

The Cerber Ransomware will appear as a spam email containing an RTF file attachment.  The spam email will have forged header information and may have a request to “Please check your invoice attached.”  The RTF attachment contains the Cerber Ransomware virus.  Victims of Cerber must open the RTF attachment in order to be infected with ransomware.

Please see below for an example of the Cerber Ransomware Spam Email.

How This Impacts You

Please alert all employees to not open any RTF file attachments from email.

Tier1Net has recently blocked RTF files through McAfee Email Security, so any Cerber Ransomware Spam Emails sent after 2:00pm on April 28, 2016 will be blocked for all clients enrolled in McAfee Email Security.

If you already received a Cerber Ransomware Spam Email, please do not open the RTF attachment.  Please delete the spam email permanently from your machine.  You cannot be infected with the virus if you do not open the attachment.

If anyone believes they have been infected by Cerber Ransomware, please contact Tier1Net immediately.

 

Steps Tier1Net is Taking

Tier1Net has recently blocked RTF files through McAfee Email Security which will deny delivery of any Cerber Ransomware Spam Emails.

Tier1Net encourages all clients to be vigilant as always about suspicious emails with attachments. Never open any file attachments without confirming authenticity with the sender first.

 

If you have any questions about the Cerber ransomware campaign, please call our office at (781)935-8050.

Apple has recently discontinued support for Quicktime for Windows.  Starting mid April, Apple will no longer be releasing critical security updates for this software.

Unsupported software is vulnerable to outside threats and poses a significant security risk as illustrated by the discovery of two critical vulnerabilities affecting Quicktime for Windows which will not be patched by Apple.

To address these critical vulnerabilities Tier1Net will be proactively uninstalling Quicktime for Windows on all PCs within our clients’ networks in accordance with cybersecurity best practices.

Affected clients have already been notified of this pending action.

To learn more about Apple’s discontinued support for Quicktime for Windows, please click here https://www.us-cert.gov/ncas/alerts/TA16-105A.

If you have any questions, please contact our office at (781)935-8050.

“Locky” Ransomware Campaign Targets SMBs

There is a largescale spam campaign currently targeting small and medium sized businesses, known as Locky. Locky is a ransomware campaign, designed to rename and encrypt file extensions on your machine, forcing you to purchase a decryption key from the perpetrators of this ransomware.

The current Locky ransomware campaign is a spam email with the subject: “FW: INVOICE COPY” which may appear to come from a fake email address at your company. The spam email will include a Zip File as an attachment, which includes the ransomware executable script.

Victims of Locky must open the Zip attachment, download the enclosed file, and agree to run the script in order to be infected with ransomware.

How This Impacts You

Tier1Net customers enrolled in McAfee Email Security are protected from this threat, as McAfee Email Security by default blocks all incoming Zip Files.

Please note that McAfee Email Security Clients may receive a Delivery Notification Email stating that the delivery of “FW:INVOICE COPY” was successfully denied. No further action is required.

If you are not enrolled in McAfee Email Security, please be vigilant as always about suspicious emails with attachments. Never open any Zip files without confirming authenticity with the sender first.

Steps Tier1Net is Taking

Tier1Net is working with McAfee to ensure that all executable scripts are being blocked, as well as Zip attachments.

If you have any questions about the Locky ransomware campaign, please call our office at (781)935-8050.

For more information, please visit:

https://myonlinesecurity.co.uk/fw-invoice-copy-pretending-to-come-from-a-random-or-unknown-name-at-your-own-email-address-js-malware-leads-to-locky-ransomware/

On Tuesday, February 16th, Google posted a blog outlining a vulnerability in glibc (the GNU C library) which is used in many products and leaves those products vulnerable to remote exploitation. The vulnerability, identified as CVE-2015-7547, is similar to Heartbleed and Shellshock in terms of the scope of affected systems, but is not as serious as it is significantly more difficult to exploit.

Successful exploitation of the vulnerability relies on the potential victim communicating with a hostile/malicious DNS server or to be subject to a man-in-the-middle attack. Nevertheless, the vulnerability is considered to be critical by the industry since it can lead to remote exploitation of the client system.

This vulnerability is being seen across the industry and Dell SonicWALL is working quickly to provide a hot-fix and patch to ensure continued protection with Dell SonicWALL SRA/SMA Series.

For Tier1net customers using Dell SonicWALL SSLVPN SRA Appliances:

•  All SRA firmware versions prior to 8.1.0.1-11sv for SRA 4600/1600/Virtual Appliance and 8.0.0.4-25sv for SRA 4200/1200 are affected.
•  Action: Tier1net will open trouble tickets for all impacted customers and install the Dell SonicWALL patch to resolve this vulnerability

If you also have Dell SonicWALL firewalls deployed, please note: The Dell SonicWALL threat research team successfully published an Intrusion Prevention Service (IPS) signature on Tuesday, February 16th that automatically updated all customer systems running IPS worldwide, protecting networks behind our firewalls within 12 hours of identification. Dell SonicWALL firewalls are not susceptible to the glibc buffer overflow vulnerability.

Full details about the vulnerability and protection can be found in this SonicAlert article.

Read How Dell SonicWALL Guards Against the Glibc Vulnerability blog by Ken Dang from SonicWALL.