What is Umbrella?

September 13th, 2017 Comments off

Cisco Umbrella adds an additional layer of security between your network and threats existing on the internet. When you type a web address like facebook.com, your connection request is sent to a Domain Name Server to perform what is called a “DNS lookup.” This DNS server acts like the phone book of the internet that translates “facebook.com” into an IP address like “31.13.69.228” which is how machines identify locations on the internet.

The Umbrella DNS servers process over 100 billion such requests each day and learns from internet activity patterns. This knowledge combined with the threat intelligence they receive from TALOS, a global threat watchdog group, allows Umbrella to identify and flag unsafe websites. Umbrella will then block connection requests from subscribers that would otherwise connect them directly to one of these unsafe websites. Umbrella protects subscriber PCs and networks from the outside, much like a bouncer at a night club. The trouble makers get stopped at the door, while only those on the “approved list” are allowed access.

Sign up for a FREE trial here!

Categories: Uncategorized Tags:

Important Information on New Worldwide Ransomware

June 28th, 2017 Comments off

Tuesday news broke about yet another Massive Ransomware attack, similar to the Wannacry attack back in May. The latest worldwide Ransomware attack is called Petya. It has affected over 12,000 machines in around 65 countries including the United States. It infects a network and then encrypts files or entire hard drive on computers making them unusable, and demands that people pay to unlock them.

What does it do?

It attacks networks exploiting the same security flaw as Wannacry, EternalBlue. Another way this virus spreads is by getting the logins and passwords of users on a network, which allows it to spread and install on other machines. Upon infection, it will attempt to do two things: encrypt all the files on your local hard drive and try to find other machines to spread.

Once the computer is infected, a message appears demanding the ransom.

Are you at Risk?

If your organization is running a vulnerable version of Windows that hasn’t patched then your business could be at risk. ALL IT TAKES IS ONE UNPATCHED MACHINE in your environment.

How do you protect yourself?

  • Make sure you are up to date with the latest Windows updates, most importantly for this particular flaw.
  • Make sure all AV is up to date
  • Backing up all important data and make sure it can be recovered if in the event you are infected.
  • Make sure all employees are reminded to be cautious of opening any unfamiliar emails, attachments and websites. Pay special attention to links out to file sharing sites like Dropbox, Google Drive, etc.
  • Make sure all employees know, if they see the pop up screen or believe in any way that they have been infected they are to unplug their workstation from the network immediately, this is so it doesn’t spread throughout the network. They are to then report to IT Immediately.

For our SonicWall Customers:

  • Please ensure that your firewall has a current active Gateway Security Subscription, in order to receive automatic real-time protection from known ransomware attacks such as Petya.
  • Deploy SonicWall Deep Packet Inspection of all SSL/TLS (DPI SSL) traffic to identify and block all known ransomware attacks.
  • Ensure that your SonicWall email security subscriptions are active as 65% of all ransomware attacks happen through phishing emails.

If you have questions about this please call us. You may also refer to SonicWall’s blog post regarding this attack (https://blog.sonicwall.com/2017/06/locky-then-wannacry-now-petya-is-this-the-new-normal-in-cyber-security/?utm_campaign=NA-Petya_Ransomware_partner&utm_medium=email&utm_source=Eloqua )

 

Categories: Uncategorized Tags:

Important Notice To Our Customers

May 14th, 2017 Comments off

Since Friday news broke about a massive ransomware attack affecting computer systems in 47 countries. The Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) has confirmed the attacks and has indicated that they are related to a specific vulnerability disclosed by hackers on April 15. The vulnerability is present in multiple versions of the Microsoft Windows operating system, including Server and Desktop variants.

The vulnerability, commonly referred to as “EternalBlue”, affects the SMB protocol, which allows Windows devices to share files over a network connection. It was recognized under Security Advisory MS17-010, and security updates were released on March 14, 2017.

 

What does it do?

The malware has been named “WannaCry”. Upon infection, it will attempt to do two things: encrypt all the files on your local hard drive (this is typical behavior for ransomware), and try to find other machines to spread (this is less common.) A network with multiple vulnerable devices will quickly see itself reduced to uselessness, as a files are encrypted both on servers and workstations.

How can I get it?

Information on the attack is still being gathered by security firms, but the most common exposure to this particular threat is an unprotected connection on a public hotspot. If your system is not properly patched, an attacker (or a clueless user who has already been infected) can transfer the malware to your system at your favorite coffee shop, library, airport, etc.

The SMB protocol is mostly used in local networks, so it is safe to assume that traditional infection vectors, such as email, are also in use.

What should I do to mitigate the risk of infection?

No solution is 100% safe, but these are the most effective guidelines for protecting your computer and data:

  1. Make sure your Internet firewall is on.
  2. Make sure your system is fully patched.
  3. Avoid hotspots, at least for next the several days while the “pandemic” is contained.
  4. Distrust any attachments. Confirm with the sender that they sent you the message and attachment.
  5. Educate yourself – learn how to recognize a suspicious email.

To Our Managed Services Clients

The security updates associated with these vulnerabilities were approved for installation on March 27, 2017, and started rolling out to servers and workstations on March 28, so your systems should be protected.

Please be advised that any systems that have been placed on a patch exclusion policy (at your request) would not have received the relevant updates and might be vulnerable. We are working to identify any systems that may be missing these updates due to an exclusion policy or any other reason.

In Summary

With ramsomware, prevention is the best medicine. Please take note of the recommendations to mitigate your risk and be vigilant. You don’t know who is infected and, therefore, you should not trust any attachments. The bad email could come from someone you love and trust – because their addresses have been spoofed, or because their systems have been compromised.

Further Reading

Sincerely,

MTSi Support Team

Categories: Uncategorized Tags:

Today is World Backup Day!

March 31st, 2017 Comments off

Today, March 31st, is World Backup Day. No you don’t get it off from work and normally wouldn’t be going to any Backup Day parties, but it is a good reminder to revisit your backup solutions. Today is a good day to ask yourself… Is all the critical data you want being backed up? Are your backups working the way they should be? When was the last time you tested your backup solution? Do you even have a backup plan at all?

Keep in mind the 3, 2, 1 rule. Best practice is to keep 3 copies of your data, on 2 different storage mediums, with 1 offsite.  If you are doing local backups to a hard drive it is best to backup to 2 drives alternating and keeping them in different secure locations. Another thing to keep in mind is even if you are backing up locally, it’s recommended to backup to the cloud as well. This way if a disaster such as a fire, theft or ransomware attack happens, your critical data is safe in the cloud.

World Backup Day happens once a year, but your backups should be running daily. It is important to make sure your backups are working properly and can be ready for retrieval when you need them.

MTSi can provide you with the best solution that fits your needs, call our specialists today!

508.324.9475 • www.mtsolutions.net

 

 

Categories: Uncategorized Tags:

Welcome Christine!

March 20th, 2017 Comments off

MTSi is very pleased to introduce our new Client Service Coordinator, Christine Dixon. Christine recently moved to the New Bedford area after spending the last year in Chicago, IL but is originally from the Tampa, Florida area. She has spent the last 3 years in the IT Staffing industry, in both recruiting, sales support and coordinator roles. Combining that experience and her previous experience in the cable and communications industry, we felt Christine would be a great fit for our company. Please help us in welcoming her to our team!

Categories: Uncategorized Tags:

Advocate Health Care with $5.55 million HIPAA fine

March 7th, 2017 Comments off

FierceHealthcare reported Advocate Heath Care was hit with $5.55 million in penalties from a settlement with the Health and Human Services Department’s Office for Civil rights. This is the largest HIPPA enforcement action yet against a single entity.

Among OCR’s findings against Advocate:

  • It failed to fully assess the potential risks and vulnerabilities to its patient data.
  • It did not apply proper security policies and procedures.
  • It failed to implement physical access controls at a large data support center.
  • It did not obtain security agreements with its business associates.

Read the full story here.

This goes to show how important IT Security Policies are. A security policy helps provide the framework for keeping your company at a security level desired by you. In addition it also helps with compliance and audits.

In addition to a Security Policy businesses should also consider having a vulnerability assessment done. These assessments are run by IT Security professionals and analyze vulnerabilities on a business’ network. This analysis will identify security holes in your infrastructure. From there reports are developed to assign levels of importance and can be used for planning remediation.

Check out MTSi’s IT Security page to see how we can assist in keeping your environment protected and in compliance.

Visit our website here.

Categories: Uncategorized Tags:

Brief Introduction To Bitcoin Ransomware

February 18th, 2016 Comments off

For those readers unfamiliar with the concept of Bitcoin ransomware, we should take the time to briefly explain what this phenomenon is all about. Whenever a computer is affected by ransomware, nearly all necessary files will be locked – or encrypted – with a particular password. The end user has no idea what this password could be, nor can they regain access to their files.

The – allegedly – only way to restore file access is by paying a sum of money to the person responsible for infecting one’s device. In most cases, this amount can only be paid in Bitcoin, which a lot of people see as an anonymous digital currency, even though it is not. Hackers feel safe accepting Bitcoin payments, as they think people will not be able to trace the funds. Unfortunately for them, the blockchain keeps track of all resources in real-time, and is publicly accessible, making the digital currency anything but anonymous.

As one would come to expect, consumers and even IT professionals tend to panic when they are infected with Bitcoin ransomware, as they see no other option than paying the money. However, there are certain precautions people can take to either ignore the infection altogether or obtaining the decryption key – or password – to regain access to their files without paying anything.

Source: PC World and http://www.newsbtc.com/author/jp-buntinx/

Categories: Security Tags:

Backups Are Critical For Individuals And Companies

February 18th, 2016 Comments off

Needless to say, computer security is of the utmost importance to any user, regardless of whether it is a home computer or company machine. Regular backups are needed in every type of situation, and Bitcoin ransomware is a scenario in which a backup will be extremely useful.

Rather than paying the ransomware fee itself – which should always be a last resort – one can just regain access to their files by reverting to a backup before the Bitcoin ransomware infection took place. While this may lead to some missing information, at least the computer becomes usable once again. Reverting to an earlier backup saves a lot of time and money, instead of paying the Bitcoin sum.

Which brings us to the final piece of information users need to keep in mind at all times. Even if one were to pay the Bitcoin ransomware sum, there is no guarantee the hacker will give the password or decryption key to restoring access to one’s files. There are plenty of preventive measures to take, and users have no excuse to justify paying in Bitcoin when their PC is infected with ransomware.

Source: PC World and http://www.newsbtc.com/author/jp-buntinx/

Find out More about MTSi Remote Backup

Categories: Backups, Security Tags:

Preventing Bitcoin Ransomware Attacks

February 18th, 2016 Comments off

It is no secret how ransomware attacks will only occur due to a mistake by the end user. Similarly to how most of the malicious software in the world reaches critical mass, computer users need to stop clicking unknown links, especially when they are sent via social media or email. Even if that message comes from a family member or friend, never click any link included in the message to avoid ransomware, malware, or any other type of software infection.

Secondly, there is no need to install new software when prompted to do so. If a user is opening a link to a video on a website, and a popup appears to install additional software, click it away or leave the site immediately. Nearly all of these popups and websites are created for malicious purposes, such as spreading ransomware.

Granted, there is only so much that can be done regarding preventive measures. Now and then, someone will click a link they shouldn’t have, or open an email attachment containing Bitcoin ransomware. But when disaster strikes, there is still no need to start panicking all of a sudden. There are other precautions to take in the event of getting infected with this ransomware, but restoring access to files without paying the Bitcoin amount.

Comcast Introduces New Voice Line

October 15th, 2015 Comments off

Comcast Business has recently added a new voice line to their services. Comcast’s Voice Mobility Line allows the functionality of an office phone on the go. Voice Mobility offers many calling features like Simultaneous Ring, Sequential Ring, and BeAnywhere. These features are easy to manage in your online account or through your smartphones. The Voice Mobility app is compatible with your iOS or Android devices. Now you can easily take your office calls even when you are not at your desk. Learn more about Voice Mobility here.

To learn more about MTSi’s Carrier Services or to request a quote visit our website http://www.mtsolutions.net/internet.html

Comcast_Business_color

Categories: Uncategorized Tags: