What's New at TCG?
Hackers Use Google, Too?
September 25, 2014
Google is everyone's favorite search engine and it seems hackers love it, too! An article from Network World informed us that Google's many free services have recently been discovered to have been used by hackers to disguise data that was stolen from corporations and government computers. This form of attack has been deemed the Poisoned Hurricane. It uses a remote access tool known as Kaba, to infect systems and steal data.
The unfortunate victims of this attack are US and Asian based companies and governments. The hackers used spear phishing attacks to compromise various systems, then installed malware to steal information and send it to remote servers. This type of attack is very unique according to Network World's Gonsavles because it "disguised traffic between the malware and command-and-control servers using Google developers and the public Domain Name System (DNS) service of Fremont, Calif. based, Hurricane Electric."
This is used as a sort of transfer station where traffic could be redirected and seemed to be headed toward legitimate domains such as adobe.com, update.adobe.com and outlook.com.
These tactics are "clever enough to trick a network administrator into believing the traffic was heading to a legitimate site" claims Gonsalves. Hackers used forged HTTP's that identified with 21 legitimate domain names, and then would sign the Kaba malware up with a certificate from an expired organization.
The hackers used both a Google Developer Platform along with Hurricane Electrics Platform to transfer the stolen data. Through the Google Developers platform, developers can use the site to share code. This is where the attackers used the service to host code that would decode the malware traffic and determine the IP address for the real destination, and then redirect the traffic to that location.
With Hurricane Electric, the hackers took advantage of the fact that anyone can register for an account hosted DNS service, and this service allowed the hackers to "create A records for the zone and point them to any IP address" (Gonsalves). Google and Hurricane Electric have since removed the mechanisms that the hackers used.
Hackers are becoming very creative in their means of attacks and have proven to use common resources to do so. Be very aware of these new tactics in order to know how to protect yourself from these data breaches.
To read the full article, visit the page!
Gonsalves, Antone. “How hackers used Google in stealing corporate data.” Network World. 8 August, 2014. Online.
USB's do not seem like a likely danger, but research has found that a USB could give another person full control over your computer! According to an article from WCVB news writer, Jose Pagliery, German researchers found that anything that can connect via USB can potentially be reprogrammed to pose as another device. This is known as BadUSB.
An example of this type of attack is if a USB was programmed to trick your computer into believing it was a keyboard. Once connected, it would allow someone to access your computer, type some commands, and then have total control over your computer. It could even be reprogrammed to reroute your internet traffic so that your internet activity can be spied on, or worse, your private data stolen. This is a huge potential danger, and according to Pagliery, any good computer engineer could do this.
Other dangers arise if you download the wrong App on your phone, and then connect to your computer. The app can download malware onto your phone and then infect your computer when connected. All of these potential dangers makes borrowing a strangers USB or even letting someone charge their phone on your computer potentially very dangerous.
Unfortunately, today's antivirus and protection software does not detect these sort of attacks on your computers, mainly because it "isn't technically a computer virus in action, just a device masquerading as another one," states Pagliery.
So far IPhones and other smartphones have not been tested, but Androids are very susceptible to these types of attacks. To further enforce the danger of USB connection hacks, Pagliery tells us, "The Pentagon disabled its computers USB ports and banned the use of Flash drives in 2008 to prevent infection of government computers there." This precaution took place back in 2008, and now in 2014, researchers are finding even more problems associated with USB drives, so it is surely a cause to make sure you are not letting anyone else use your USB devices.
Another article by Graham Cluley explains how someone could use this access to your computer, and "open[ed] a browser window which surfed to a webpage containing a zero-day exploit," and compromise your computer in a matter of minutes.
Cluley offers some advice at the end of his article though, to help reassure people that there are some ways to protect yourself and business from these types of attacks. It must first be noted that these attacks are “sophisticated attacks which require considerable research and effort to pull off successfully . . . attacks are vendor-specific as every vendor creates their controllers differently” (Cluley). Also, if you have been keeping up with the latest software and making sure your computer is as highly protected as it can be, you may not be able to stop the USB from downloading the malware, but you may be able to detect and stop it before it fully compromises your computer. Most importantly, always be extremely cautious as to who you allow to use your USB. Cluley concludes with, “The golden rule is never plug anything into your computer that you do not 100% trust.”
In order to make sure your computer is fully updated and protected from these types of attacks, visit TCG's website www.tcgns.com and visit our Business Continuity page to learn how we can help protect and prepare your business from USB attacks.
To read the full article by Jose Pagliery, visit this website. To read the full article by Graham Cluley, visit this website.
Cluley, Graham. “Danger USB! Could a Flash Drive’s Firmware be Hiding Undetectable Malware?” Tripwire.com. 1 August, 2014. Online.
Pagliery, Jose. “USB Flash Drives have a Fatal, Universal Flaw.” WCVB.com. 2 August, 2014. Online.
Watering Hole Attacks
July 22, 2014
Internet criminals are being more and more sneaky with their attacks on businesses, and the latest plot to go after companies is known as Watering Hole Attacks. An article by Michael Sutton from Network World explains that this type of strategy is not meant to target just one specific company, but rather a “specific industry, a specific group of victims or the weak link in the security chain.”
Attacks can now infect a trusted and commonly used resource that potential victims will eventually go to use. According to the Network World article, it is “an avenue of attack that bypasses the stronger security controls by instead infecting users machines that than have access to the target network”. An example of this sort of attack happened last year when developers from major corporations such as Facebook, Apple, and Twitter were compromised when visiting the popular iPhoneDevSDK forum after a third party infected the forum. The key component to these attacks is the initial compromise of a trusted third party entity which will lead to the compromise of the larger target.
Another example of this sort of attack happening is from the UK Energy Sector that was attacked with a LightsOut Exploit Kit (EK). The article in Network World explains that the EK was injected into the website of Thirty Nine Essex Street LLP, which is a UK Law Firm that deals with energy law practice. Anyone who visited the infected website were secretly searched to establish a fingerprint of the client machine. If the victim was running a browser or plugin that the EK exploited, such as internet explorer, Java or Adobe Reader, the victim became infected. Next, a remote Access Trojan was installed and it gave attackers complete control over the victim’s machine.
IC3 is currently working on trying to find better solutions to protect businesses from this breach, but the main way all businesses can start to protect themselves is to treat all 3rd party traffic as untrustworthy until proven otherwise. Attackers are “influencing search engine results, posting to popular social networks and hosting malware on trusted file sharing sites” (Sutton Network World). Therefore, businesses need to have security checks on all third party sites.
Visibility is another challenge for enterprises using multiple offices and lots of security resources from different vendors but it gets worse since employers are more mobile and use personal devices for work purposes. This gives attackers more outlets to attack businesses from a third party device. Visibility is also a challenge when websites move to Secure Sockets Layer (SSL), the security technology used to establish an encrypted link between a web server and a browser, by default for traffic to protect end users privacy. Network World states SSL can benefit attackers because they can hide their attack from security solutions that don't sit inline and are not capable of inspecting traffic within an encrypted tunnel. Attackers are well aware that you cannot protect against what you cannot see, so they take advantage of SSL, and enterprises must find ways to inspect traffic even with SSL encryption, regardless of device or location.
In order to optimize protection, Enterprises should also have additional layers of advanced threat protection since attackers will likely use previously unseen exploits and tactics. Having behavioral analysis makes it more likely to detect these attacks or threats, and will help to keep your business safe.
To read the full article, check out Network World's page. To learn how TCG can help protect you against Watering Hole Attacks, see our Business Continuity page!
Sutton, Michael. “How to protect against watering hole attacks.” Network World. July 7, 2014. Online.
July 18, 2014
The FBI and Internet Crime Complaint Center (IC3) have issued a warning to businesses that a scam known as the "Man-in-the-E-Mail" is escalating, according to an article by Michael Cooney from Network World. Chief Technology Officers, Chief Finance Officers and Comptrollers need to be most aware of this new scam and are warned to implement a security system in order to protect their businesses from being targeted.
The "Man-in-the-E-Mail" scam works in such a way that a business will “receive an email via a business account that is purportedly from a well-known, commonly used vendor requiring a wire transfer to a designated bank account,” states the Network World article. These emails though, are spoofed addresses that have either added, removed or subtly changed the characters from the original address. Many times these spoofed emails have gone unnoticed until fraud detection alerts the victims or executives from each company talk to each other to verify the transactions have been transferred and completed.
The article said that the IC3 has received complaints from companies that were alerted by their suppliers about spoofed e-mails received using the company's name to request quotes and/or orders for supplies. Luckily, because this is relatively new and these emails are being sent to multiple suppliers who follow up with the victim companies whose emails have been spoofed and used to send out these requests, the companies have been able to discover the scam before any major transfers were made.
What the FBI and IC3 know so far is that the scams seem to be Nigerian based. They also know that the fraudsters are intercepting emails between the purchase and supply companies, which then can be taken and spoofed to impersonate each company’s real addresses. Another tip to know is that these companies being scammed are asked to send the wired transfer to a new bank account, typically fraudulent ones in China, Hong Kong, South Africa, Turkey or Japan, due to a "purported audit," states Conney.
The article from Network World offered these tips from the IC3 to try and help businesses protect themselves from these scams:
-Make calls to insure these are legitimate emails and requests being made.
-Utilize digital signatures in e-mail accounts
-Use a website domain email account rather than a free web-based account
-Do not hit reply when answering emails, but rather forward it and then type in the email address yourself
-Delete all spam
-Stay aware of any sudden changes in the company, including who you are still or no longer doing business with, and which companies are most commonly worked with etc.
These scams are typically used against companies who commonly make very large transfers, so in order to protect your business, heed this advice and make sure your business is safe!
To read the full article, go to Network World's page. To learn how TCG can help protect your business from these scams, check out our Business Continuity page.
Cooney, Michael. “FBI warns businesses “Man-in-the-E-Mail” scam escalating.” Network World. June 27, 2014. Online.
Natick Service Council Names TCG Benefactor
July 2, 2014
TCG is proud to annouce that we have been named a Benefactor by the Natick Service Council, Inc. The Natick Service Council is an advocacy, referral, case management, and information center serving the most economically disadvantaged members of our community. They help clients meet basic needs for food, housing, and access to health care with the goal of promoting self-sufficiency. They are guided by the motto "Neighbors Helping Neighbors" and serve our fellow community members with dignity, compassion, and confidentiality.
TCG strongly believes that as a part of this community, it is also our duty to give back to the community and contribute when we can. We are proud to be a part of such a strong community, and proud to work with the Natick Service Council to help and give back to our fellow neighbors. We will continue to work with the Natick Service Council to serve our community and all of its members!
TCG Receives MWOC Award
June 23, 2014
The Metrowest Work Opportunity Coalition (MWOC) recently gave awards to two local businesses that employ Price Center clients.
The first award went to The Computer Guys, who hired Marty Headd over a year ago. Marty dismantles and disposes of old hard drives for the firm's clients, preventing identity and data theft by thieves who mine junked computers for information.
The company has given Marty more hours and expanded responsibilities over time. He has also been fully integrated into the company's workforce, attending company outings and even the occasional poker night.
MWOC, a subsidiary of the Metrowest Chamber of Commerce, also gave an award to the American Girl Store in Natick, which employs Price Center clients Philip Jasset and Kerri MacLellan.
TCG is honored to have received this award. Marty is an excellent employee, is a pleasure to work with and has become part of the TCG family.
June 17, 2014
As business owners working in a system that revolves around technology and online data, it is becoming essential for businesses to purchase Cyber Insurance. Today, over 50 different carriers provide Cyber Insurance to protect companies against online attacks and the accrued losses. What companies are realizing though is that the insurance is not nearly enough to fully protect the companies, and there are major obstacles for both businesses and insurance.
The first major issue both insurance companies and insured companies are facing is that there is not enough historical data to help insurers appropriate an estimate for how much a company would need to be insured for. In the past, many data breaches have either gone unnoticed or were not reported publicly in order to avoid damaged reputation, but that has left insurance companies with very little reliable data. Also, attacks are becoming more and more advanced as time goes on, and so the data that the insurers do have is often outdated and no longer applicable. Past statistics are now almost irrelevant.
Last year, the total amount of Cyber Insurance paid was $1.3 Billion. Cyber Insurance numbers are significantly smaller in comparison to that of Property Damage Insurance. Most current insurance plans only cover clean-up costs such as attorney fees, implemented call centers and other steps to help stabilize the company after the breach takes place, but since they cannot estimate how much it would be needed to cover losses, the insurance is limited. Larger corporations are trying to take much more caution and buying millions of dollars’ worth of insurance, hoping to be able to cover any major damages done, but small or medium sized companies are still left with less coverage and greater risk.
The second major issue that insurance has almost no ability to fix is the intangible effects a data breach can have on a company. Loss of trust from customers, damage to a brand or company reputation can create far greater losses for a company. Unfortunately, there is no accurate way to estimate what those effects will have on a company. If we look at the case of Target, their brand reputation was seriously injured and many customers no longer trust shopping at their stores. Also, the Cyber Insurance that Target did have cannot fully cover the charges that Target is trying to repay to its customers along with the changes it is trying to make to the company to ensure this type of attack cannot happen again.
One tactic that Insurance companies are trying to use in order to better get an idea of an estimate for a company is to hire a hacker and have them find the weak spots in a company’s website in order to get some idea of what their risk would be, but even this is not a completely accurate plan, since cyber criminals are constantly changing their tactics and moving to more advanced technology. Also, with more and more companies joining cloud computing, it is still unsure whether or not this will be safer for companies or create greater risk. In cloud computing, one breach could potentially damage many companies at once, and the new cyber Insurance Industry needs to figure out how to protect these companies as best they can.
To read more about Cyberattack Insurance, check out the full article from the New York Times.
To learn how TCG can also help insure your company is protected from Cyberattacks, check out our Business Coninuity page and our Systems Management page and see how TCG can provide peace of mind for your business!
Perlroth, Nicole and Elizabeth A. Harris. "Cyberattack Insurance a Challenge for Business." New York Times. June 8, 2014. Web.
TOUR de Natick
June 9, 2014
For the past 10 years, TCG has proudly sponsored and rode in the Natick Rotary’s, TOUR de NATICK, Ride for Natick Scholars. This is an Annual Father’s Day tradition and once again TCG continues that tradition and asks that if you are a Friend of TCG, please join us in helping make this ride a continued success by bringing your family along and riding with us.
Tour de Natick is a production of Natick Rotary, a community-based service organization founded in 1927. One of over 50,000 Rotary Clubs in the US and around the world with over a million members internationally, Natick Rotary raises money and provides services for educational, charitable and medical causes.
Please join us in sponsoring the Tour de Natick and consider entering a riding team, yourself!
Update on Malvertising: Ransomware
June 6, 2014
It seems that criminals no longer need to kidnap a family member to demand a ransom; instead, internet criminals have developed a ransomware to go after your money. Most internet users know to be weary of certain websites and advertisements in order to protect your computer from viruses and having malware downloaded. However, according to an article in Network World by Jeremy Kirk, malicious advertisements have now started to appear on common domains such as Disney, Facebook, and the Guardian newspaper websites
Most internet users believe these major sites to be a safe place to browse and check out the various interest-based advertisements, but the article by Network World states that Cisco Systems recently discovered while monitoring their own user's browsing, that certain advertisements on popular domains are being tampered with by an outside third party. The malicious advertisements are rerouting users to another domain and instantly installing a Rig Exploit Kit after guessing the users login's and passwords. Once installed, the malware locks all of the user’s data access and installs a ransomware called Cryptowall that demands a ransom from the user in order to regain full access to the user’s data.
Cisco recently worked with law enforcement to shut down some of these attacks, but they have not been able to learn who is behind the attacks, and how to fully stop them from happening. Kirk’s article explains that the problems that arise are that these malvertisements are extremely difficult for websites to detect or even know they are being tampered with by an outside party. Along with that, these attacks could be made by more than one person, making it more difficult to track exactly where the source of these attacks are coming from. Finally, with the constant changes and upgrades in software and technology, unraveling these attacks and understanding them is only getting increasingly more difficult as time goes on. Law enforcement and Cisco are still working towards a solution.
Network World’s article offered some tips to internet users, such as the importance to note that the malware seeks out users who are running unpatched versions of Flash, Java or Silverlight Multimedia programs. Also, if ransomware is installed into your computer, the longer you wait to pay, the larger the ransom becomes, so be sure to alert authorities immediately! As tempting as it is to be seduced by Facebook and Disney's online advertising, with the danger of Malvertising on the rise and the threat of Ransomware, take caution on what advertisements you decide to click on, or simply avoid them altogether.
To read the full article on Malvertising, visit Network World's page. To learn how TCG Network Services can protect your business from Malvertising attacks, check out our Business Continuity page.
Kirk, Jeremy. “Malicious advertisements on major websites lead to ransomware.” Network World. June 6, 2014. Online.
TCG awarded Honorable Mention from Corridor Nine
April 8, 2014
Congratulations on Your Nomination!
I'm delighted to inform you that your company is receiving an "Honorable Mention" for your support of local education at the Corridor Nine Chamber's March Membership Breakfast. Corridor Nine is proud to recognize all the members that have supported education at our Annual Scholastic and Champion of Education Awards breakfast.
During the breakfast, we will ask you to stand to be recognized for your contribution to local education. Your company name has been placed on our "Honorable Mention" list that we distribute to the 200 attendees at the recognition breakfast.
Corridor Nine works very closely with the schools in our region through our School/Business Partnership program. The schools recognize the tremendous support they receive from the business community and submit nominations for our "Champions of Education" awards. The Champion of Education awards are given to individuals and business members who have contributed time, talent and/or resources to our schools in Westborough, Northborough, Shrewsbury and Southborough. Below is a list of the criteria the schools used to submit a nomination.
Champion of Education Awards Criteria for Nomination:
• Financial Support: sponsorship of mini-grant or scholarship, sponsorships for annual scholarship golf tournament, donation of a prize for golf tournament, direct donation to a school
• Volunteer Service for a school/business partnership program
• Materials or Equipment Donation: donation of supplies such as books, pens and pencils, markers, envelopes, transparencies, binders, chairs, file cabinets, furniture, dry erase boards, bulletin boards, wall/cubicle dividers, bookcases, tables, desktop computers, laptops, printers, calculators, lab equipment, etc.
• Business Expertise: speakers for career days, judges for science fairs and senior presentations, mock interviews, homework seminars, English as a Second Language student and family instruction, financial planning seminars for students, making good life choices seminars for students, student internships, teacher externships, engineering assistance for robotics teams and school projects, community representatives on school advisory councils
• Other: printing services (school handbooks, brochures, newsletters, reading lists), buses for school field trips, student scholarships for vacation-week sports camp, scholarships for study skills program, school T-shirts, food for school events, jobs for special needs students, even a truck!
Understanding BYOD Security Issues
February 21, 2014
Bring your own device. It’s the new trend taking over the work place: employees are using their own mobile devices for work purposes. Contrary to what you may think about mobile devices being distracting, businesses can actually benefit from employees using their own mobile devices for reasons such as cost savings, enhanced productivity and better communication. Although BYOD comes with many benefits, it also has many drawbacks, one of the major ones being security.
The two major security threats there are when it comes to bringing your own device to work are employees taking data out or viruses coming in – essentially threatening the entire organization. InformationWeek even went so far to say that BYOD is equivalent to Bring Your Own Malware, after taking the risks of bringing your own device into consideration. Employees typically think that only their personal devices are at risk however they might be surprised to hear that by just plugging their phone into a USB port they could accidentally give the computer a virus.
Companies should make a best effort to protect their information through added security precautions to safeguard their intellectual property and the overall health of the corporate network. However, businesses that have very sensitive information (such as social security, names, addresses, credit card numbers, health information, etc.) should make every reasonable effort to protect that information. Requirements for compliance like PCI, HIPAA and the like can carry hefty financial penalties for breach of information, especially if found to be negligent in that effort.
Many companies such as doctors offices or hospitals are "grossly noncompliant" according to the Wall Street Journal. In all cases, companies should take extra precautions by setting some guidelines and educating their employees on technology security if they choose to use their personal device for work purposes. A few of the basic security precautions that companies can take include ensuring that employees have security codes on their devices, setting limits for using devices in the work place, and educating employees on what to do if their device is lost. TechRepublic explains that BYOD can typically be pricy, therefore companies can cut down their costs by implementing specific guidelines. Companies can enforce these policies through HR by requiring employees to sign a contract saying that they understand and will comply with all policies when using their personal devices for work purposes. Conversely, companies can force these policies by implementing low cost Server Based Policies that govern the device that will in fact give the user no choice but to comply. The former still leaves you vulnerable to human error while the latter may not be received well by the employee.
The fact remains clear, as people are starting to integrate personal devices more often in the work place, it is very important that security is not compromised or else there may not be a company to go back to work to.
TCG Networks is acknowledged as the Official IT Services Partners of the Boston Cannons
February 13, 2014
BOSTON, MA (February, 11, 2014) The Boston Cannons of Major League Lacrosse (MLL), the premier professional outdoor lacrosse league, have announced a renewed partnership with TCG Network Services, acknowledged as the official IT Services Partner of the Boston Cannons.
Other elements of the partnership include weekly Social Media TecTips, game day hospitality, charitable involvement through the Cannons Care scholarship program, and fan interaction.
“We have had a great relationship with TCG over the past few seasons and are excited to welcome them back to the team,” Cannons VP & GM Kevin Barney stated. “We look forward to continuing this partnership for years to come.”
TCG covers all IT services and IT support in the Boston area, serving as the premier technology consultant for small and mid-sized businesses. Make sure to follow the Cannons on Facebook and Twitter for weekly “TecTips” to stay in the know!
TCG monitors and manages all aspects of our Network and Security with TCG’s TecCare Managed Services. From migrating email to Microsoft Office 365 to providing onsite and Help Desk support, the Team at TCG Network Services is one vendor we count on to keep our organization up and running.
About the Boston Cannons
The Boston Cannons are one of the founding franchises of Major League Lacrosse, the premier professional outdoor lacrosse league. They began play in June of 2001 and currently host home games at Harvard Stadium. They won their first MLL Championship on August 28, 2011. Season tickets for the 2014 season are now on sale. For more information or to purchase tickets, call 617.746.9933 or visit www.BostonCannons.com
Since 1987, TCG Network Services has remained on the cutting edge of technology while building a reputation as a trusted resource across New England. Their mission is to serve as a technology consultant for small and mid-sized businesses. The certified experts at TCG partner with customers to develop customized, cost-effective solutions that reduce expense, increase efficiency, and provide the competitive advantage necessary to take your business to the next level. TCG has the resources to handle all of your IT needs, providing you with the peace of mind you need to concentrate on running your business. Visit www.tcgns.com for more information.