alt tag

Posts Tagged ‘malware’


Scheduling Security: Take Control of Your OS Updates

Wednesday, May 10th, 2017

update-1672385_640

It happens to everyone: You turn your computer back on after you intended to leave the office, or come in early to get a head start on a new project, only to be greeted by a 20-minute operating system (OS) update session. This common workplace frustration turns what should have been a four-minute job into a half-hour ordeal, forcing you to stay behind or defeating any time gains from starting early.

OS updates provide essential security fixes that keep your business safe, but the platforms have a knack for pushing updates at what feels like “the worst possible time.”

Here’s what you can do to remain one step ahead of your updates at all times.

Change the Default Settings

Don’t leave operating system updates on their default settings, because they’re likely to interfere with work when you need the devices. The solution to this productivity- and attitude-killing problem is to adjust the system settings to force the updates at a specified time when your team won’t need them. Other software, like Office, Photoshop, and web browsers, tend to be less of a problem, since their update sessions are usually much quicker.

Updates Are a Security Issue

The worst solution to update inconvenience is to disable automatic updates. While updates that don’t add any new features may seem irrelevant, they’re actually doing lots of work keeping you safe behind the scenes in areas like IT security and virus/malware prevention.

According to TrendMictro, malware and other security exploits tend to target known security holes that have already been closed through updates and patches. Instead of finding new exploits, it’s easier for hackers to continue to exploit the old ones and take advantage of users who do not update their computer software.

Schedule Around Work to Increase Productivity

Microsoft usually posts their updates on the second Tuesday of every month, which is commonly known as “Patch Tuesday.” However, this may not work well with your business if it disables employee computers Tuesday night or Wednesday morning. The ideal time for updates will differ depending on your business, but for the typical Monday-to-Friday 9-to-5 office, you will be best served by installing updates around 2 a.m. on Sunday morning. Devices can even be individually customized for each employee based on their personal schedule.

The IT Consulting experts at MPA Networks, serving San Francisco, San Mateo County, San Jose, and other San Francisco Bay Area cities, are ready to help your business make technology work for you, not against you. Scheduling updates is a desktop management and support issue, which IT Managed Services can deliver. Contact us today to find out how we can help you better manage your office computers.

Mac- and Linux-Based Malware Targets Biomedical Industry

Tuesday, March 14th, 2017

virus-1920629_640

The malware infection, discovered in late January, that’s been hiding out on Mac and Linux devices for more than two years doesn’t mean the security floodgates are open, but it is a reminder that these devices aren’t invincible. Apple is calling this new malware “Fruitfly,” and it’s being used to target biomedical research. While not targeted for Linux devices, the malware code will run on them.

This attack may hit a little too close to home for those industries MPA Networks specializes in protecting, including healthcare and biotech. That makes this a good time to reexamine security best practices for devices that aren’t commonly targeted for attacks.

Attacks Are Rare, But Not Impossible

Broadly speaking, any device that isn’t running Windows has benefited from a concept called “security through obscurity,” which means hackers don’t bother going after these devices because of a smaller market share.

Mac OS X and Linux provide more secure options than Windows for various reasons, but neither is an invincible platform.

Every so often, hackers strike the Mac community with malware—and when the attacks are successful, it’s typically because users don’t see them coming. The lesson here, of course, is to never let your guard down.

You may not need an active anti-virus program on a Mac, but occasional anti-malware scans can be beneficialAccording to Ars Technica, “Fruitfly” uses dated code for creating JPG images last updated in 1998 and can be identified by malware scanners. Anti-malware programs like Malwarebytes and Norton are available for Mac devices. MPA Networks’ desktop support and management can also improve user experiences on non-Windows devices.

Keep Your Macs and Linux Machines Updated

The old IT adage that says “keeping your programs updated is the best defense against security exploits” is still true when it comes to Mac OS X. While Mac OS X upgrades have been free or low-cost for years, not everyone jumps on to the latest version right away. For example, less than half of Macs were running the latest version of the OS in December of 2014. This means all the desktop and laptop devices running older versions of Mac OS X are exposed to security holes Apple patched with updates.

Typically, Apple only supports the three most recent versions of their operating system, which usually come in annual releases. Your workplace computers should, at the very least, be running a version still supported by Apple. The good news is that Apple quickly issued a security fix to address Fruitfly. The bad news? This isn’t the first Mac OS vulnerability malware has managed to exploit, and it won’t be the last.

The IT consulting experts at MPA Networks are ready to help your company find the right tools to increase productivity and improve security on all your office devices. Contact us today to get started.

8 Spring Cleaning Tips for Your Office Computers

Wednesday, March 1st, 2017

bucket-303265_640

When it comes to your office computers, a little bit of spring cleaning goes a long way. Sure, cleaning office computers can seem tedious. But think of it like preventative maintenance on a vehicle: In the best-case scenario, you’ll never know all the breakdowns you avoided.

Keeping your office computers clean and healthy minimizes your risk of downtime and increases productivity.

Here are 8 tips for your next round of spring cleaning:

1. Update All Software

Run updates and patches for the operating system, commonly used programs, and security software on every system. Program and operating system updates don’t just add features; they’re loaded with security updates that keep your devices safe. Most problems with computer security exploits stem from outdated software that allows hackers to break through established breaches that the developer already closed, so running updates and patches is your best line of defense.

2. Run a Full Anti-Virus Scan

After updating all the software on the computer, run a full anti-virus scan to catch any malicious software hanging out on the device. Active anti-virus protection does a good job of safeguarding the system against infections, but sometimes malware slips through the cracks.

3. Run a Full Anti-Malware Scan

Anti-virus programs go after specific, high-risk malware infections, meaning lower-level malware can still find its way onto your computers. Anti-malware programs including Malwarebytes and Spybot are better equipped to identify and remove malware that the anti-virus misses.

4. Defragment the HDD

Older PCs with traditional Hard Disk Drives (HDDs) may experience load time improvements from an annual drive defragmentation. However, newer Windows systems—and all currently supported Mac OS versions—handle this process in the background, so you don’t need to worry about it. If the computer is running a Solid State Drive (SSD), do not bother with the defragmentation process.

5. Remove Unnecessary Launch Programs

It may seem like every program installed on your computer wants to launch itself at startup—even those you rarely use. Removing unnecessary programs from the system startup can help improve performance and reduce login times. Windows 10 features a handy “Startup” tab on the Task Manager that lets users quickly toggle which programs launch with the system.

6. Check and Create Restore Points

Restore points can be a major time saver in returning a compromised computer to full operation. Restore points reverse most of the damage caused by malware and bad configurations, all with minimal effort. Check whether the computer is already using them, and create one if it isn’t.

7. Run a Full Backup

Backups are like restore points for when very bad things happen to a computer. It’s best practice to make at least two backups of a given computer’s files, and store them in different physical locations. This ensures that in the event of catastrophic loss, all the data saved on the computer up until the backup point is preserved. Mashable recommends verifying if automated backup services like Time Machine and Windows Backup and Restore are actually working.

8. Bust Dust on Desktops

This part of the spring cleaning process is literal. As we’ve previously discussed, excessive dust inside a computer obstructs airflow, which can cause crashes due to overheating and even damage components. CNET has a helpful guide on how to go about the dustbusting process.

A little spring cleaning makes for a more efficient office and stronger disaster recovery. The expert desktop support and management staff at MPA Networks is ready to help your workplace in San Mateo, San Francisco, the South Bay, and other Bay Area cities implement better practices. Contact us today for more information.

Antivirus Software: When One Is Better Than Two

Wednesday, December 7th, 2016

antivirus-1349649_640

If your company’s antivirus software is letting you down, you should think twice before installing a second one on a computer: It may actually make things worse.

Multiple antivirus programs working in conjunction on the same device is not a case of “the sum is greater than the parts” but rather “less is more.”

With many viable free solutions like AVG, Avast, and Avira, it can be very tempting to install backup for a paid option. However, the interaction between multiple antivirus programs leads at best to, essentially, nothing. At worst, it will be detrimental to system performance, stability, and security.

Stepping on Toes

The primary reason that running simultaneous antivirus programs on the same device is a bad idea is that the two programs will confuse one another for malware infections and try to eliminate each other. According to PC World, the antivirus scan conflicts can spill out and cause other programs to fail, while making the operating system less stable. Computer users may immediately notice general slowdown and shorter battery life after installing a second antivirus program.

Users may also be plagued with continuous “false alarm” messages after threats have been removed because the act of one antivirus program removing an infection will be seen by the other as a malware action. Therefore, if you’re installing a new antivirus program on a computer, you’ll need to remove the old one first. This includes removing Windows Defender.

Anti-Malware Scanning Software: Antivirus Backup Exists

Backup exists, but it’s not found in additional antivirus programs. Instead, your business can utilize additional programs commonly referred to as “anti-malware” that are specifically designed to catch infections antivirus software misses for improved protection.

The term “antivirus” is a bit misleading because the programs actually protect computers from a wide range of software-based threats on top of viruses including Trojans, rootkits, worms, and ransomware. Antivirus refers to a software security program that runs in the background at all times as an active form of protection. Anti-malware programs including Malwarebytes, SuperAntiSpyware, and Spybot work through “On Demand” scans, meaning they can be used periodically to clean malware infections.

The Recovery Clause

In disaster recovery situations, your IT staff may need to install a different antivirus program to combat a malware infection that the currently installed software can’t remove. In this situation, the old software will need to be disabled or uninstalled before the new program can get to work.

If you’re looking for better digital security options for your office, contact MPA networks today. Use our experience in IT consulting to your advantage for assistance in both preventing and reducing downtime over malware threats.

Are Chromebooks Right for YOUR Business?

Wednesday, September 7th, 2016

acer-791027_640

Google’s Chromebook platform has the potential to replace traditional laptops and increase productivity for businesses, much like it has in the consumer market at large. For the uninitiated,

Chromebooks are Cloud-oriented laptops that run most operations through the Google Chrome web browser instead of traditional desktop applications.

And, while lacking the raw horsepower and feature range found in Windows and Mac computers, Chromebooks manage to pack a ton of functionality in a secure, zippy, and affordable package.

Extremely Capable Machines

According to TechRadar, the Chromebook is an ideal device for workers who rely mostly, if not exclusively, on Cloud data storage and web applications. Employees that work mostly through Google Apps already will find the device a natural fit. If it runs in Chrome, it runs on the Chromebook.

Other employees who primarily use desktop computers may find a Chromebook a much more powerful productivity booster for a secondary mobile device compared with smartphones and tablets. While the devices may have slower CPUs than comparable laptops, they’re running an OS with little overhead bloat, so they tend to offer a smooth user experience.

Cloud-Based Advantages

The Cloud-based nature of Chromebooks makes them a great asset for malware prevention and simplified disaster recovery. According to Google, Chromebooks “are designed from the ground up to defend against malware and viruses.” Additionally, all files saved in web applications are stored in the Cloud, which means the disaster recovery process amounts to simply reloading the operating system. Moreover, Chromebooks are highly secure in the event of theft since they don’t store confidential data on the device itself.

Low Cost

Chromebooks are a cost-effective option for many companies, but small startups may have the most to gain. Don’t use—or can’t afford—costly management tools, server hardware, and other infrastructure? Chromebooks start as low as $150, with more capable models in the $200-250 range; high-end Chromebooks hit the cost ceiling at $500. These are much cheaper than typical enterprise laptops, making them an affordable alternative. Chromebooks are also a great option for business trips, considering three-day laptop rentals can cost between $70 and $150 per employee.

Results May Vary

Chromebooks aren’t for everyone, so make sure the device fits seamlessly into your workflow before making a company-wide commitment. If, for example, your employees need powerful systems with proprietary software for intense applications like video editing, rendering 3D models, or financial modeling, and these tasks are not offloaded into the Cloud, then Chromebooks are not for you. Also, it’s worth keeping in mind that Chromebooks lose most of their functionality when working in areas without an Internet connection, and that configuring a Chromebook to print isn’t as easy as on a PC or Mac.

That said, many of the Chromebook’s shortcomings could see improvements soon: Google is planning to add Android application support in the near future. If your workflow can adapt well to Chromebooks, the pros may outweigh the cons and then some.

Defend Your Network Against Advanced Persistent Threats

Tuesday, July 12th, 2016

computer-1500929_640

If you’ve looked over our previous posts since we’ve started our blog, you know how serious we are about protecting your company from everyday cyber-threats—mainly phishingransomware, and various other malware. Today we’d like to discuss a different form of cyber-threat plaguing businesses over the past decade: what the security community has termed advanced persistent threats, or APT.

What exactly is “persistent” about APT? Most hacking attacks can be classified as “smash-and-grab robbery”: Break into a network and make off with anything of value—user identities, account numbers, cash—and disappear before anyone notices.

An APT attack compromises a network’s defenses and stays as long as possibleweeks, months, or years—discreetly infiltrating servers, eavesdropping on email, or discreetly installing remote bots or trojans which enable deeper espionage.

Their primary goal is information—classified material, trade secrets, or intellectual property—that might draw interest on the black market.

Robbery, Inc.: A Worldwide Enterprise

While unsophisticated hackers might lurk in the shadows like criminal gangs, APTs often emanate from professional environments not unlike a prosperous Bay Area tech company—posh high-rise offices, full-time employees with salaries and benefits, and formal product development teams. The difference is they’re conducting business in China, Russia, and other cyber sanctuary nations where international cybersecurity is unenforced and intellectual property laws don’t exist.

The more extensive an APT infection, the harder it is to isolate and eradicate it—like cockroaches under a kitchen sink. Many enterprise IT managers simply accept APT as a fact of life—conceding that trying to combat these intrusions would actually encourage the culprits to dig deeper into the network.

So if APT makes long-term data theft inevitable, how can you still protect yourself? Make the stolen data unusable.

Alphabet Soup? Fight APT with DLP

The second acronym we’ll talk about today is DLP: data leak protection. DLP encrypts sensitive data so that it can only be accessed by authorized users or workstations with a corresponding decryption key. If that data is intercepted by an APT, it’s rendered unreadable—and worthless.

Multiple name-brand security vendors offer a wide range of turnkey DLP solutions. Low-end products will automatically encrypt data which follows specific patterns (Social Security numbers, 16-digit credit cards), while high-end products can be configured to use complex algorithms and language analytics to locate and protect other specific forms of confidential data (such as client files, product designs, or sales figures). When unauthorized access is suspected, files can be temporarily quarantined against a possible data breach before they leave the company network.

Are APTs already lurking within your network? What proprietary data can your business not afford to lose? How can you evaluate DLP products to find the best solution for you? Talk to us for help.

Data Breaches: Dark Times in the Golden State?

Wednesday, June 1st, 2016

lock-156641_640

Being the cyber-security geeks we are, we took great interest in combing through this year’s California Data Breach Report, released by the Attorney General’s office this past February. The report tabulates data collected from breach incidents which expose confidential information of 500 or more individuals, reported to the Attorney General as required by California law since 2012.

Over these past four years, there has been a total of 657 reported incidents, affecting over 49 million Californians—from Social Security and driver’s license numbers to financial accounts to health records, logins, and passwords.

By the Numbers: Not Much News to Us

The breakdown of California data breaches came as little surprise to us:

  • Malware and hacking accounted for over half of all breaches (54%), while responsible for a whopping 90% of all stolen personal records.
  • While physical breaches—lost or stolen unencrypted data on computers and mobile devices—came in a distant second (22%), they were the most reported by healthcare providers and small businesses.
  • Other breaches were attributed to human error (17%) or intentional misuse or unauthorized access by company insiders (7%).

After 178 reported major breaches in 2015 alone, the report estimates almost three in five Californians were victims of loss or theft of data.

Plug the Leaks, Block the Hackers

The second half of the report offers multiple recommendations for preventing data breaches in the future. Specifically discussed is the expanded use of multi-factor authentication (as we’ve already recommended) in place of simple, easy-to-guess user passwords such as “qwerty” or “12345” (as we’ve likewise lamented in a previous post). Stronger encryption standards are needed to protect confidential data, particularly within the healthcare sector.

However, the Attorney General’s primary recommendation is that all business and government organizations adopt their own risk management strategy based around the Critical Security Controls for Effective Cyber Defense, a comprehensive 20-point plan developed by the Center for Internet Security.

While a mishmash of federal and state-to-state regulations offer varying effectiveness against data breaches, the California report cites voluntary compliance with the CIS Controls as “a minimum level of information security that all organizations that collect or maintain personal information should meet,” while falling short of the full 20 standards constitutes “a lack of reasonable security.”

We agree the CIS Controls represent a solid roadmap, effectively “covering all the bases” when it comes to data protection. When you discuss security with a potential MSP partner, mention the CIS Controls as a baseline. If they downplay such a structured approach, you’re probably talking with the wrong vendor.

How well is your company meeting California’s data security guidelines? For a few tips on getting better, ask us today.

New Threat Targets Older Android Devices

Wednesday, May 11th, 2016

phone-716965_640

Smartphone users can be broken down into two camps: those who can’t live without lining up to buy the latest and greatest model the day it hits the stores, and those who hold on to their tried-and-true phone until it suddenly dies one morning.

There’s nothing wrong with sticking with “obsolete” hardware that still serves your purposes just fine.

But if your older Android phone (or tablet) is running an older version of the Android operating system (4.4/KitKat or earlier), you’re the designated target of this month’s new cyberthreat, dubbed Dogspectus by enterprise security firm Blue Coat.

Dogspectus combines elements of two types of malware we’ve already talked about: malvertising, passively spread through online ads, and ransomware, holding the victim’s data hostage until a fee is extorted.

“They Never Saw It Coming”—A Drive-By Download

Unlike most malware, which requires action by the victim (such as clicking on a phony link), a Dogspectus infection occurs by simply landing on a legitimate web page containing a corrupted ad with an embedded exploit kit—malicious code which silently probes for a series of known vulnerabilities until it ultimately gains root access—essentially central control of the entire device.

“This is the first time, to my knowledge, an exploit kit has been able to successfully install malicious apps on a mobile device without any user interaction on the part of the victim,” wrote Blue Coat researcher Andrew Brandt after observing a Dogspectus attack on an Android test device. “During the attack, the device did not display the normal ‘application permissions’ dialog box that typically precedes installation of an Android application.”

“Hand Over the Gift Cards, and Nobody Gets Hurt!”

A Dogspectus-infected device displays an ominous warning screen from a bogus government security agency, “Cyber.Police,” accusing the victim of “illegal” mobile browsing—and suggesting an appropriate “fine” be paid. While most ransomware demands payoff in untraceable Bitcoin, Dogspectus prefers $200 in iTunes gift cards (two $100 or four $50 cards) via entering each card’s printed access code (Apple may be able to trace the users of the gift cards—unless they’re being resold on the black market).

The device’s “kidnapped” data files are not encrypted, as with traditional ransomware strains such as CryptoLocker. But hijacked root access effectively locks the device, preventing any function—apps, browser, messaging, or phone calls—other than delivering payment.

The victim is left with two choices: shop for gift cards (Dogspectus conveniently lists national retail outlets!) or reset the device to its out-of-the-box factory state—erasing all data files in the process. Apps, music, photos, videos all gone.

Short of upgrading to a newer Android device, your best defense against Dogspectus and future ad-based malware is to install an ad blocker or regularly back up all your mobile data to another computer. For more on defending against the latest emerging cyberthreats, contact us.

Cybercrime Begins Over the Phone, Too—Don’t Let Your Employees Forget

Tuesday, April 19th, 2016

phone-388838_640

If you’ve been a regular reader of our blog, you know we’ve spent plenty of time discussing phishing, malware, and other cybercrime. It’s all part of our modern online world, and we know it will never really go away.

We’ve talked about the tricks scammers use, from links in bogus emails to simply visiting the wrong website. But don’t forget crooks are still stalking victims via good old Ma Bell.

Chances are you’ve received a phone call pitching one of these common scams—more than once:

  • The promise of a lower credit card interest rate or a reduced electric bill… provided you give the caller your existing credit card number(s).
  • A call on behalf of one of your family members, requesting wired money to bail them out of a foreign jail. With “people search” sites all over the web, it’s disturbingly easy for a scammer to not only obtain your phone number, but also the names of your loved ones.
  • And perhaps the most devious phone scheme: the service tech from “Windows” who warns that your PC has been detected with a dangerous virus, which he can immediately remove remotely—for a nominal service fee, of course—or guide you in removing via a removal tool download (which is the actual malware)!

Hopefully, you’ve learned to recognize such obvious schemes. But businesses large and small are also targets of sophisticated electronic con artists, and it only takes one employee’s slip-up to rob a company of anything from confidential information to simple cash.

When to Hang Up the Phone

  • Suppose one of your senior executives is speaking at an out-of-town industry conference (information freely available on the conference’s website). Your receptionist receives a call from an “event manager” saying they urgently need their email password changed in order to download their PowerPoint presentation within the next half-hour. If it’s actually a cyber-crook on the other end of the line, they’ll have successfully hijacked that email account—inbox, address book, archives, everything.
  • If your accounting team gets a call from an angry “vendor” demanding payment for a mysterious invoice that’s suddenly 90 days past-due—for something as innocuous as bottled water or toner cartridges—might they be directed to a bogus payment site to collect a quick payment? Banks usually won’t forgive such voluntary gaffes, and if the culprits are outside the U.S., that money is almost surely gone.

We’ve discussed the necessity of a comprehensive employee security training program. Don’t forget to include your employees on the lookout for phone scams as well. Also consider a policy of no password changes without alerting top-tier support of your managed service provider, or supplement usernames and passwords (or even replace them) with two-step verification.

Questions? Contact us today.

The Best Way to Check Your PCs for Malware—Fast and FREE

Tuesday, April 12th, 2016

antivirus-154669_640

A couple months back, we touched on the story of our normally tech-savvy friend who got tricked into allowing his desktop PC to be infected with obvious malware. At first, he had the sickening feeling that comes with a virus-infected computer—but thanks to some quick thinking and online research, he downloaded several popular free anti-malware apps to isolate and remove the malware programs before they could inflict real damage (identity theft, or worse). He figured that by running multiple anti-malware apps, his computer would be effectively “cross-checked” and his hard drive would once again be clean and secure—fingers crossed.

Running the Gauntlet of Anti-Virus Scan Engines

Running more than one anti-malware app was indeed a wise idea. But what if you could scour your system for malware using as many as 57 different name-brand anti-virus scan engines—in less than a minute, and all for free?

It’s a terrific one-stop Windows utility few users know about, but we’re happy to share it with you today with step-by-step instructions:

  • From the Options menu in Process Explorer (in the upper menu bar), choose VirusTotal.com > Check VirusTotal.com. VirusTotal by itself is a free site that will scan suspicious files and URLs. But linked through Process Explorer, it will analyze your entire operating system using at least 50 proprietary malware detection engines, including those from leading anti-virus brands like AVG, Bitdefender, Kaspersky, McAfee, and Symantec. A cybercrook may be able to write malicious code that eludes a few anti-malware apps—but over 50? That’s quite a comprehensive gauntlet, if not virtually impossible.
  • A Virus Total column will appear to the far right of the dashboard, with a ratio listed for every open application and process. A zero ratio (0/55) means all scanning engines concur the program is safe. A tiny ratio (2/55 or 3/55) is most likely a “false positive” (probably no real threat), while a heavy ratio (10/55 or higher) indicates multiple engines target it as likely malware.

“Less Is More”… But Not When It Comes to Cyber Safety

Learn more about uncovering malware via Process Explorer from InfoWorld security columnist Roger Grimes in the embedded video here. As a free utility direct from Microsoft, we highly recommend it as a simple yet comprehensive supplement to your current anti-virus software. Whenever you discover possible malware lurking on one or more of your company’s PCs, contact us immediately to help quarantine and safely remove it.