By Marc Capobianco

This past week, I had the opportunity to spend two days in Washington DC at the IAA’s 2019 Investment Advisor Compliance Conference.  These two days were packed with sessions from SEC Commissioner Robert J. Jackson Jr., director of SEC Division of Investment Management, Dalia Blass, many other top SEC rulemakers, OCIE Officials and industry experts. Despite the 35-day government shutdown, the agency is hard at work on many new initiatives.

Financial institutions continue to be one of the top targets for Cybercriminals.  New data privacy laws are trying to keep pace with the rapid changing threat landscape. With GDPR approaching its one year anniversary in May, California recently passed sweeping legislation to enhance privacy rights and consumer protections for residents in the state of California.  This new act known as California Consumer Privacy Act (CCPA) is set to take effect January 1, 2020

Tier1Net is closely monitoring the latest developments from both Federal and State Legislative Agencies and working with our technology partners and clients to provide simple, secure, and compliant technology offerings.

#Compliance  #OneStepAhead   #GetTier1Net

By Marc Capobianco

Financial Services sector continues to be a lucrative target for cybercriminals, with statistics showing data breaches rose 480% for this industry in 2018 alone. Email phishing remains the avenue of choice for cybercriminals and accounts for 92% of all attacks.  Unlike the past occasional phishing emails one might receive, which seemed obvious to spot (i.e. the rich Nigerian prince with millions tied up in a central bank who just needs $10,000), today’s phishing efforts are constant and Cybercriminals are leveraging advanced machine learning techniques to evade most modern firewall and endpoint detections systems.

 Today’s more elaborate phishing attacks often mimic an email from a co-worker, a vendor or bank that you regularly do business with, a client, or a website that you frequent (Netflix, Amazon).  The email looks legitimate and might be about a recent payment declined, your order being returned, or the status of an invoice payment.  The victim clicks the embedded link to review the order or account details and is taken to a fake website that looks identical to the legitimate website.  This fake web site may be using a disposable domain name that was set up for a very specific attack and will then vanish after the cybercriminal has siphoned the necessary data from their victim.

How to stay one step ahead?

Recommended Actions: 

1.        Implement Advanced Perimeter Anti-Spam Filtering Service with URL Defense

Advanced Email Protection services filter and quarantine inbound junk mail and spoofed emails in an individual quarantine while denying delivery for items containing known viruses or malicious content. URL Defense protects financial firms against targeted spear phishing attacks, zero-day exploits and advanced persistent threats.  URL defense employs sophisticated techniques to perform real-time dynamic analysis of the embedded URL in the e-mail protecting the user from accessing malicious, fake web sites or command and controller centers.

2.        Leverage Secure DNS Servers

Many organizations rely on public DNS servers from their ISP to direct web traffic to the appropriate domain name.  However, traffic can be directed to malicious or fake websites using newly registered domains, disposable domains, and other phone home command and control centers. Tier1Net recommends leveraging Secure DNS servers for name resolution and web browsing. These secure DNS servers use the Internet’s infrastructure to block malicious destinations before a connection is ever established identifying targeted attacks.

3.        Endpoint Protection with Artificial Intelligence

With more than 400,000 new viruses discovered daily, traditional anti-virus software is simply unable to keep pace.  Tier1Net recommends enhancing traditional AV software by adding on Intelligent Endpoint Protection and endpoint detection and response (EDR) that utilizes Machine Learning to protect against zero-day attacks.

Read more at https://techcrunch.com/2019/02/23/icann-ongoing-attacks-dns/

Contact Tier1Net to learn more about how Tier1Net is mitigating this risk with its Financial Services Cybersecurity Framework.

#OneStepAhead  #Cybersecurity  #GetTier1Net

Recently, Cybersecurity experts Marc Capobianco and Patrick Ramsdell presented at a conference regarding the future of Cybersecurity at The Exchange (formerly Advent User’s Group) technology round table.  The sold out event was attended by many of Boston’s prominent Wealth Management firms.

 2018 will go on record as one of the worst years for data breaches with over 3600 breaches reported involving more than 3.6 Billion records.  Cybercriminals have rapidly acquired new cyber weapons and modified the ways they launch cyberattacks.

Weapons and attack capabilities that were previously only used by large-scale nation-state operations are now falling into the hands of the everyday criminals.  43% of these attacks target small businesses. Today’s attackers are more sophisticated and capable of exploiting weaknesses at previously unseen speed and scale.

The average security incident takes 240 days to detect and 87% of these incidents are first discovered by external sources. As such the need for advanced detection and response technologies is greater than ever.

 Tier1Net discussed the benefits of its Cybersecurity Business Operating Platform for Financial Services Organizations.  This advanced platform meets the current regulations, is ahead of newly proposed compliance regulations and includes four distinct tiers leveraging Hybrid Artificial intelligence and Advanced Machine Learning technologies.

 What attendees had to say:

 “A truly enlightening session.  Tier1Net presented a detailed overview of cybersecurity trends combined with specific examples of attacks they are currently seeing targeting financial firms.  With each example they explained strategies and solutions they can offer to stay ahead of these threats and also meet current and upcoming compliance regulations.  Its clear Tier1Net understands the challenges firms like ours face.”     ~ Kristin Vespucci-Case, Boston Financial Management

“Tier1Net’s cybersecurity roundtable was very informative. Not only did they give us an update on the current cyber landscape but they also provided us with some practical solutions that were appropriate for a company of our size. It was time well spent!”   ~ Patricia Melnick, Prio Wealth

If you are a financial service firm in need of guidance regarding Cybersecurity Best Practices and Compliance, please contact Tier1Net at 781-935-8050 to inquire about our Cybersecurity Business Operating Platform for Financial Services Organizations.

 

Please join us in welcoming Eric Johnson to our Help Desk team!

  
Eric graduated from UMass Lowell with a degree in Information Technology. Eric’s broad range of technical expertise and proven track record of successfully supporting over 100 clients throughout New England for the past five years makes him the perfect addition to our staff. 

 

 

 

Last year, Intel announced that it will be discontinuing the majority of its McAfee Email Security Solutions as of January 2017.  Increasing its focus on other security areas, Intel will be exiting from several product areas, including McAfee Email Protection, or “AntiSpam.”

To help smooth the transition for existing McAfee Email Security customers, Intel/McAFee has identified Proofpoint as the supported alternative for McAfee Email Security Solutions, including AntiSpam service.  Proofpoint has been a leader in the Gartner Magic Quadrant for Secure Email Gateway for 7 consecutive years and is trusted by over half of the Fortune 100 to protect their organizations.  Proofpoint has products that not only match McAfee’s discontinued Email Security Solutions but also extend protection with more feature rich enhancements.  Proofpoint also has products that extend to adjacent messaging areas such as Archiving and Encryption.

Tier1Net has been working with Proofpoint since McAfee’s announcement and feels confident in moving forward with this transition.

Over the next ninety days, Tier1Net will be migrating all McAfee AntiSpam accounts to Proofpoint.  The migration to Proofpoint will be a simple overnight transition and will not interrupt your company’s mail flow or email security.    All existing approved senders and blocked senders will migrate to the new Proofpoint platform, and your employees will continue to receive daily quarantine reports.

Please contact us if you have any questions.

 

VMWare has scheduled the end of general support of its ESXi 5.0 and ESXi 5.1 hypervisors for August 24th, 2016.

The ESXi hypervisor is software which allows multiple virtual servers to share a single hardware host.

After the end of general support, VMWare will no longer release security updates or provide support for the ESX 5.0 and 5.1 hypervisors.

Unsupported software is vulnerable to outside threats and poses significant security risks.  In accordance with cybersecurity best practice, Tier1Net recommends upgrading all impacted servers to a supported VMWare ESXi hypervisor.

Tier1Net will be reaching out directly to all affected clients to review upgrade options.

If you have any questions, please contact our office at (781)935-8050.

“Locky” Ransomware Campaign Targets SMBs

There is a largescale spam campaign currently targeting small and medium sized businesses, known as Locky. Locky is a ransomware campaign, designed to rename and encrypt file extensions on your machine, forcing you to purchase a decryption key from the perpetrators of this ransomware.

The current Locky ransomware campaign is a spam email with the subject: “FW: INVOICE COPY” which may appear to come from a fake email address at your company. The spam email will include a Zip File as an attachment, which includes the ransomware executable script.

Victims of Locky must open the Zip attachment, download the enclosed file, and agree to run the script in order to be infected with ransomware.

How This Impacts You

Tier1Net customers enrolled in McAfee Email Security are protected from this threat, as McAfee Email Security by default blocks all incoming Zip Files.

Please note that McAfee Email Security Clients may receive a Delivery Notification Email stating that the delivery of “FW:INVOICE COPY” was successfully denied. No further action is required.

If you are not enrolled in McAfee Email Security, please be vigilant as always about suspicious emails with attachments. Never open any Zip files without confirming authenticity with the sender first.

Steps Tier1Net is Taking

Tier1Net is working with McAfee to ensure that all executable scripts are being blocked, as well as Zip attachments.

If you have any questions about the Locky ransomware campaign, please call our office at (781)935-8050.

For more information, please visit:

https://myonlinesecurity.co.uk/fw-invoice-copy-pretending-to-come-from-a-random-or-unknown-name-at-your-own-email-address-js-malware-leads-to-locky-ransomware/

 

Dell recently notified Tier1net of a security vulnerability within its Dell Foundation Services that run on Dell PCs and laptops.  This could allow for a man in the middle attack to decrypt sensitive data transmitted from a PC or laptop running the Dell Foundation Services software.

As part of Tier1Net’s standard pre-configuration process, the Dell Foundation Services are removed by default so Tier1net customer’s risk of exposure should be minimal.  For the few client machines which have still have the software installed, Tier1Net will be running a tool to remove the vulnerability.

Dell has issued a statement apologizing for the oversight and will not be installing this certificate on any future machines.

For more on Dell’s statement, read below:

“Today we became aware that a certificate (eDellRoot), installed by our Dell Foundation Services application on our PCs, unintentionally introduced a security vulnerability. The certificate was implemented as part of a support tool and intended to make it faster and easier for our customers to service their system.  The certificate is not malware or adware. Rather, it was intended to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service our customers. This certificate is not being used to collect personal customer information. It’s also important to note that the certificate will not reinstall itself once it is properly removed using the recommended Dell process. We have posted instructions to permanently remove the certificate from your system here. We will also push a software update starting on November 24 that will check for the certificate, and if detected remove it. Commercial customers who reimaged their systems without Dell Foundation Services are not affected by this issue. Additionally, the certificate will be removed from all Dell systems moving forward.”

Read more here: http://en.community.dell.com/dell-blogs/direct2dell/b/direct2dell/archive/2015/11/23/response-to-concerns-regarding-edellroot-certificate

A new security vulnerability has been identified with the BASH shell used by Mac OS X, Unix and Linux.  A patch has already been released for this vulnerability.

Tier1Net does not employ Mac OS X/Linux/Unix within its network infrastructure.  However, certain nodes which incorporate Linux components may be impacted.  Tier1net is working with its vendors to determine if these nodes are vulnerable.  If any node is found to be vulnerable Tier1net will take immediate action to apply the appropriate patches to resolve the vulnerability.  As an added precaution Tier1net has verified no attack vector is available to any potentially impacted node.

Also Tier1net is currently evaluating the exposure of this security threat with regards to its managed services clients.

Based on current information, there is no known exposure to these clients.

Should new information be released to suggest otherwise, Tier1Net will notify all affected clients and take appropriate measures.

UPDATE: (9/26/14)

Tier1Net has spent the last day collecting data regarding this vulnerability, and waiting on clarification from vendors as to their exposure. It has been determined that Tier1net’s network infrastructure is not impacted by this vulnerability.
Furthermore, Tier1net has evaluated the risk to its Managed Service customers and determined little to no exposure within those networks. To those customers running Mac OS X at home or at work, Apple has stated the operating system is “safe by default,” and only vulnerable if a user has intentionally configured advanced Unix settings on their Mac device. For more information regarding the Mac OS X vulnerability please visit http://www.cnet.com/news/vast-majority-of-os-x-users-safe-from-bash-shellshock-bug-apple-says/ or http://www.apple.com

 

 

 

 

 

 

To Our Clients:

In a collaborative effort to enhance cyber security, Microsoft and Google recently announced their intention to cease support for certain SSL certificates within their Internet Explorer and Chrome web browsers.

Starting as early as September 26, 2014, Google Chrome will place a visual alert icon alongside certain previously trusted web addresses.  These visual icons will progress in phases over six months, as a means to alert visitors to potential security issues with a website.  Websites affected will be those which use SSL Certificates containing SHA-1 algorithm valid past 01/01/2016.  Microsoft will not be instituting any browser changes till later in 2016/2017.

To avoid the Google Chrome security icon from appearing our your site, Tier1Net will be re-issuing “Chrome Supported” SSL Certificates for all at-risk sites over the next few weeks.

Tier1Net will be contacting the owners of all at-risk sites to discuss the next steps for certificate re-issuance.

Please continue reading below for more information.

 

SSL certificate encryption, depicted by “https:” in a browser,  is what authenticates a website as secure and inimitable.  A theoretical breach in that encryption would allow another site to “copy” the https site, and potentially capture the secure traffic therein.   Today, there is little-to-no risk of a breach occurring in SSL encryption.   In future years however, technological advancements may increase the risk of SSL encryption breaches.  For that reason, Google is motivating certificate owners to upgrade their SSL encryption to the more robust SHA-2 algorithm.

To motivate certificate owners, starting this month, Google Chrome web browsers will display a warning icon next to any sites using SHA-1 certificatesThese warning icons will only appear on SHA-1 sites whose certificates are valid past 01/01/2016.  These visual warnings will progress over the next  few months from “secure, but with errors” to “neutral” to “not secure”:

To avoid these security warning icons from appearing on your site, Tier1Net will be re-issuing SSL Certificates for all at-risk sites.  The re-issued SSL Certificates will have the latest SHA-2 algorithm and will be “Chrome Supported.”

Tier1Net will be contacting all owners of at-risk sites to discuss next steps.

Please visit Google’s announcement to learn more.

Thank you.

Tier1Net