Interlinked - Is your password asking to be hacked?

Is your password asking to be hacked?

With everything moving online these days it’s become increasingly difficult to keep track of all our passwords. However, it is absolutely no reason to make it easy for hackers to gain access to your personal information. Highly organised cyber-crime groups are on the rise, and they are able to use fully automated programs to effortlessly break into online accounts.

Is your password safe? 

The initial step for most cyber criminals is to run through a list of commonly used passwords. Once they have exhausted these possibilities, they will start trying variations, such as adding in a mix of upper and lower case letters, numbers, non-alphanumeric characters…etc.

Being aware of the threat is the first step to protecting your online security. Every year web security specialist SplashData trawls through millions of leaked passwords in search of the most popular ones. Here is their latest “Annual Worst Passwords List” – if you see any of your passwords on this list, then it is time to change it:

1 123456 14 abc123
2 password 15 111111
3 12345 16 mustang
4 12345678 17 access
5 qwerty 18 shadow
6 123456789 19 master
7 1234 20 michael
8 baseball 21 superman
9 dragon 22 696969
10 football 23 123123
11 1234567 24 batman
12 monkey 25 trustno1
13 letmein

Tips for creating a more secure password

Aside from the golden rule of not putting your password on a post-it note near your computer, there are many more ways to protect your accounts from unwanted access.

  • Create passwords of at least 8 to 16 characters long
  • Use a mix of letters, numbers and symbols e.g. 1nterl!nkED&
  • Avoid using dictionary words (including foreign words) as hackers use dictionary tools
  • Create a password that is not easy to guess e.g. your name, your phone number
  • Many websites now have password strength indicators when you are creating a new password – pay close attention to these and adjust your password accordingly
  • Memorise your password
  • Change your password regularly
  • Don’t reuse old passwords
  • Don’t share your password with anyone
  • Never email your password to anyone including yourself

Protecting your password is one of the easiest things you can do to boost your online security, so take action right away!

And remember, trustno1.

Managed Security

4 Simple Steps to Business Security

While technology advancement is aiding the move away from traditional bricks-and-mortar business models and boosting business expansion, it is also increasing the vulnerability of digital business assets. Main reasons for this include the wide array of different devices used by companies and the increasing complexity of software, presenting new security threats that could mean massive data loss and breaches of important customer information.

However that is not to say that businesses should avoid the use of technology. Rather, it is a reminder that businesses need to be vigilant of threats and implement preventative methods to protect their valuable assets and stay secure.

While there are a multitude of threats that evolve everyday, here are some of the biggest risks to look out for.

Ransomware

Ransomware is one of the most dangerous types of malware, with the ability to infiltrate business networks and block access to a file system, with some variations encrypting files.

Once the files have been encrypted, the ransomware will ask for payment in order to unlock the files. Usually, this is under the guise of a false warning suggesting a trial period for a program has expired.

A recent example is the CryptoLocker virus, which has been in circulation since September 2013. It comes through as an email and has the ability to encrypt all files in your network, with the encryption key released only upon payment.

For more details and examples of CryptoLocker emails click here.

Mobile Vulnerability

The advancement of smart phones has opened these devices up to security threats from malware, which are often not protected as users opt for short pass codes that are susceptible to easy access.

With its prominent use in business, mobile devices are now able to access company files such as emails and business applications, which leaves them open to risk.

4 Ways to Stay Secure

  1. Ensuring data security by implementing an business cloud storage solution ensures that all business data is backed up in case of a network breach or other disaster.
  2. Employ a Managed Antivirus solution to further protect your system and files from attacks and malware.
  3. For mobile devices, secure passwords or two-way authentication will ensure that only the necessary people have access to the devices.
  4. Outside of the mobile device’s internal settings, Enterprise Mobility Management also allows overseeing control of mobile devices for added security measures.

Don’t Delay Security

There is no predicting when and how an attack can occur, and when the entire business is at stake it is vital that you take action immediately.

If you are looking for a business security solution tailored to your requirements, speak to Interlinked on 1300 302 207 or email us at enquiries@Interlinked.com.au.

Interlinked is your strategic business partner, providing Managed Antivirus solutions using Webroot, the market leader in cloud-based threat detection. It is fully controlled and monitored by our dedicated support team to ensure that any risks to our clients’ businesses are eliminated at the first instance. Combined with the Interlinked Cloud with a 99.99% uptime guarantee and Enterprise Mobility Management services, our team is here to ensure the security of your digital assets while you focus on the day-to-day running of your business.

Scam Alert

Scam Alert – Woolworths Voucher Email Scam

A scam email purporting to be from Woolworths has recently been in circulation, claiming that recipients can receive a $150 voucher if they answer a simple question regarding the year Woolworths was founded. Woolworths do not currently have such a promotion and have warned of this on their website.

The email contains a link to an external site (which is not Woolworths) where the recipient is required to fill out their personal details, including credit card numbers.

Woolworths Scam Email

Example of Woolworths Scam Email

There are a few of things to look out for to identify the scam – firstly, the sender email is not from Woolworths. Secondly, when your mouse hovers over the links you will be able to see that they are not links back to Woolworths; they link back to a phishing site. Also, the grammar is flawed, with prize misspelt as “price”.

If you have received this email and have any urgent concerns regarding this issue, please contact Interlinked on 1300 302 207.

**UPDATE 12th December 2014**

Another one going in circulation is this Coles Christmas Surprise email – one way to identify it is that it utilises the old Coles logo with the circle on the left, which Coles no longer uses.

Coles Christmas Surprise

**UPDATE 9th December 2014**

We received a phone call earlier today from a victim of the above scam, who has had $100 extra charged to their phone bill after participating in the supposed questionnaire to win a Woolworths voucher and providing their mobile phone number.

Another scam email to also look out for is a similar one supposedly from Coles

Coles Scam Email

Example of Coles Scam Email

If you have received this email and have any urgent concerns regarding this issue, please contact Interlinked on 1300 302 207.

**UPDATE 10th December 2014**

More scam emails to look out for:

Bunning Scam

Example of Bunnings Scam Email

Supermarket Voucher Scam

Example of Supermarkets Voucher Scam Email

Myer Scam

Example of Myer Scam Email

Virus Alert

New CryptoLocker Variant Alert

Over the past few days we have noticed an increased circulation of variants of the CryptoLocker Virus, which will infect your computer and encrypt all usable files such as Word Documents, Excel, Access, MYOB, executable files…etc.

This virus will infect the local machine then spread to network drives and encrypt files. The scam involves you paying an amount of money to get a key to unlock the files, with no guarantees.

There is no way to cleanly remove the virus from the machine or decrypt infected files. The only way to restore files would be to restore from a recent backup. The machine would require formatting and reloading from the beginning.

The virus is spread by email, with the malware hidden within the emails.

Recent examples include:

  • an email “Offence report – Penalty Number :xxxxxxx” masqueraded as an infringement notice.
  • an email that says a parcel is ready to be picked up from a local Australia Post office.

If you receive such email please delete it immediately.

A few tips to help you stay protected:

  • Please ensure that your backups are working and you have a rotating set of drives or tapes
  • Ensure your Antivirus is up-to-date
  • Be aware of any emails that ask you to reply quickly or act fast
  • Alert users to new malware campaigns immediately. These typically increase over the holiday season
  • Educate users about phishing emails and other social engineering tactics
  • If the email is from someone you do not know, do not open it
  • Implement effective email security tools and policies, such as blocking executable or zipped attachments from unknown senders, or setting email filtering rules.
  • Prevent downloading executable or zipped attachments via HTTP/HTTPS connections.
  • Microsoft Essentials, AVG, and other free AV products should not be used
  • Isolate infected endpoints from the network as soon as possible
  • Subscribe to alert services such as Australian Government’s Stay Smart Online, which updates on the latest trends in our region.

If you have any urgent concerns regarding this issue, please contact Interlinked on 1300 302 207.

For further information on the CryptoLocker Virus, please click here.

**UPDATE 1st April 2015**

This second round of NSW Office of State Revenue (SDRO) fake emails are even more legitimate looking, making it of high risk to recipients.

Below are some screenshots of the email and the website it links to.

 CryptoLocker SDRO Scam Email
Scam email from SDRO

CryptoLocker SDRO Scam Website
Scam website imitating the SDRO

Once the user submits the security code to download their penalty or reminder notice, it downloads a malicious file containing the CryptoLocker virus variant.

SDRO has issued a statement on their website clarifying that they do not issue fines by email and they are only ever issued on the spot or by post.

Some key indicators that this email is fake:

  1. The email has not addressed the recipient by name.
  2. The email cites a traffic offence, however there are no car registration details mentioned.
  3. Hovering over the INVOICE and VIEW CAMERA IMAGES buttons, you can see that the link is not directed to a legitimate government website.
  4. The official website address is sdro.nsw.gov.au while you will see the fake one is nsw-gov.org.
  5. If you do visit the official website they have issued a scam alert, stating that the SDRO does not issue penalty notices or penalty reminder notices by email.

Another scam email also containing the same virus is one from Australia Post, similar to the below:

Australia Post Scam Email

 

auspost suspect email

Scam email imitating Australia Post

Fake Phone Bill - Cryptolocker

Scam email imitating Energy Australia

If you have any urgent concerns regarding this issue, please contact Interlinked on 1300 302 207.

iCloud Security

Two-factor verification for Apple iCloud

Following the iCloud hack scandal with photo leaks affecting numerous celebrities, Apple has revived the two-factor verification for its iCloud.

Two-factor verification brings increased security to iCloud by allowing users to tie in a verified SMS number or connected device, making it harder for an unauthorised user to hack an iCloud account even if they have your password or log-in credentials.

How to enable two-factor verification

In order to enable two-step verification, you must have a current password that meets Apple’s minimum standards of 8 characters complete with at least 1 number and 1 capital letter. If you have to change your current password in order to meet this standard, you’ll have a short waiting period before you can enable two-step verification.

  1. Go to appleid.apple.com from the browser on your Mac or PC.
  2. Sign in to the Apple ID you’d like to enable two-step verification for.
  3. Click on Password & Security in the left hand navigation.
  4. Answer the secret questions you’ve previously set up and click on Continue — if you don’t remember them, you can reset them if you have a backup email on file.
  5. Click on Get Started… under the Two-Step Verification section.
  6. As long as you have a device linked to your iCloud account on hand, click Continue on the next screen.
  7. Read the next two screens about two-step verification.
  8. Once finished, click Get Started on the second screen.
  9. Add your current phone number to start the verification process.
  10. Check your phone for a text message and then enter the 4-digit verification code.
  11. After your phone number is verified, a list of connected devices you can verify should appear.
  12. Click on Verify next to the devices you’d like to trust in case you need to use them for two-step verification in the future.
  13. Once you’re done verifying all your devices, click Continue.
  14. The next page gives you your Recovery Key which you’ll need to either print out or write down.
  15. Once you’ve gotten the code written down or printed, click Continue and then verify it by typing it out on the next screen. You won’t be able to continue until you confirm you know the code.
  16. Click Confirm in order to continue.
  17. Click the checkbox to confirm you understand what you’ll need in order to complete two-step verification should you forget your password.
  18. Click Enable two-step verification.
  19. You’ll receive a confirmation that two-step verification has been enabled. Click Done.

For more FAQs about two-factor verification, see the Apple website (here).

CryptoLocker Variant

CryptoLocker Variant Alert

Over the past few days we have noticed an increased circulation of variants of the CryptoLocker Virus, which will infect your computer and encrypt all usable files such as Word Documents, Excel, Access, MYOB, executable files…etc.

This virus will infect the local machine then spread to network drives and encrypt files. The scam involves you paying an amount of money to get a key to unlock the files, with no guarantees.

There is no way to cleanly remove the virus from the machine or decrypt infected files. The only way to restore files would be to restore from a recent backup. The machine would require formatting and reloading from the beginning.

The virus is spread by email, with the malware hidden within the emails. An example is one that says a parcel is ready to be picked up from a local Australia Post office. If you receive such email please delete it immediately.

A few tips to help you stay protected:

  • Please ensure that your backups are working and you have a rotating set of drives or tapes
  • Ensure your Antivirus is up-to-date
  • Be aware of any emails that ask you to reply quickly or act fast
  • If the email is from someone you do not know, do not open it
  • Microsoft Essentials, AVG, and other free AV products should not be used

If you have any urgent concerns regarding this issue, please contact Interlinked on 1300 302 207.

For further information on the CryptoLocker Virus, please click here.

Don't let legacy systems hold you back

Don’t let legacy systems hold you back

If you remember the complexity, time and effort it involved to implement the system that your company currently uses , you’d probably be tempted to not change a thing. Especially if it is all still working fine, “if it ain’t broke, don’t fix it” right?

What if we tell you that the benefits by far outweigh the negatives?

While your legacy application may be working now, one cannot ignore the immense benefits of cloud adoption, especially the fact that it prepares for the day when your application no longer works.

As previously discussed, the cloud brings about many benefits, including:

  • Cost reduction – shifting large capex to lower predictable operating expenses
  • Utilisation of the latest technologies
  • Facilitation of seamless growth
  • More benefits detailed here

We understand how daunting it is to imagine reconfiguring everything, so we have identified some common legacy issues and put together the following, which explains how the cloud works to address these issues:

How do I know that the cloud is suitable for our business?

The cloud offers scalability, ubiquity and centricity, making it accessible for everyone. The key is to determine exactly where cloud can deliver the greatest value for your business, and devise a unique solution that best fits your situation. It may help to seek advice from a professional IT consulting firm who is experienced in assisting other businesses with cloud deployments.

Your cloud deployment can be performed in two ways:

  1. Keep your legacy business processes largely intact by re-hosting to a low-cost, updated environment
  2. Break your application into separate components with application re-architecture

Moving to the cloud takes advantage of the greater economies of scale that it provides, giving your business greater agility and resilience.

If we suddenly switch everything over how do we know it all works?

The great thing about the cloud is that you can adopt it gradually. Think of it as a process, and start by moving parts that would perform better and are easier to manage in the cloud. Once you are familiar with the environment you can begin to move other parts of the systems over. Cloud is relatively inexpensive to adopt and allows for quick deployment and testing, so your business is able to try it out for different parts of your system to determine what works best.

How do we know it’s safe?

Reliable cloud service providers are able to offer secure data centres with uptime guarantees. Moreover, the cloud offers security that cannot be achieved within your premises in the event of disasters, such as a fire or theft. By moving your applications and data offsite, cloud allows for disaster recovery and business continuity.

But we have so much stuff in our system!

Yes, legacy systems cannot just be removed overnight, however you can remap certain processes to start making use of the cloud.

For example, you can implement a cloud solution that pulls and processes data from your legacy system when required, providing results of an advanced IT system. Another use is utilising the cloud’s infinite processing power to analyse large volumes of  big data held within legacy systems, allowing businesses to promptly identify opportunities and react faster to changes in their market.

Our legacy application is what our staff are used to!

If you choose to deploy with a trusted managed cloud provider, they can assist in providing user training and familiarising your staff with the new systems to maximise the working relationship on all sides. Moreover, with the involvement of a professional software development team, your cloud applications can be custom designed to look and function exactly like your on-premise counterparts.

We don’t want to move the application outside its life cycle.

While this may be a legitimate reason to delay adoption, if you wait until the end of life for applications that may hang around for a decade, that is a decade’s worth of savings and productivity that your business is losing out on. Your competitors may already be moving to more efficient systems that allow them to be more agile in responding to market changes, giving them a competitive advantage over your business.

Cloud adoption allows for implementation of new agile practices that will keep your business from falling behind your competition. It is important that businesses start exploring the components of their business that are more suitable in the cloud, and eliminate the risk of being left behind with stale legacy systems.

Unlocking the Cryptolocker

Unlocking the CryptoLocker

For those who have not heard of CryptoLocker, thank your lucky stars that you were not one of the estimated 500,000 victims that were affected by this ransomware. As for those who were unfortunately affected, or those who are simply curious to find out how to decrypt it, read on.

What is CryptoLocker?

CryptoLocker is a ransomware trojan which targets computers running Microsoft Windows. A CryptoLocker attack may come from various sources; one such is disguised as a legitimate email attachment. Once it worms its way into your system, it encrypts all of your files using strong AES-256-bit cryptography, which can only be unlocked by a private key.

What happened if someone fell victim to an attack?

The attacker demanded Bitcoins equating to around $300 USD in exchange for the key, or else the files stayed encrypted forever. According to BBC, 1.3 percent of victims paid to retrieve their files, totaling approximately $3 million USD before the criminal network was smashed by authorities and security researchers in May.

The solution is here – for free!

Researchers from FireEye and Fox-IT have managed to recover the private encryption keys used by CryptoLocker’s authors, as well as reverse-engineer the code powering the malware itself. Together they have launched the DecryptCryptoLocker – a free tool to assist victims of the CryptoLocker ransomware.

Use DecryptCryptoLocker here

However, FireEye warns that some data might not be recoverable, particularly if you’ve been infected by a CryptoLocker variant rather than CryptoLocker itself. “While these variants do appear similar to CryptoLocker, this tool may not be successful in all decryption processes because of code and functionality variances.”

How can I protect myself and my business from such attacks?

There are various preventative measures you can take from changes to your daily routines to restructuring of your IT systems. Here are a few we recommend:

  • If you receive an email with a suspicious attachment, do not click on it – this is especially so for files with .exe extensions (or .zip files containing .exe files)
  • Ask your IT department or service provider to block above mentioned file types from emails
  • Install or upgrade your email security to filter out spam more effectively
  • Show hidden file extensions – in the case of CryptoLocker, it frequently arrived in a file that is named with the extension “.PDF.EXE” – enable your computer’s ability to see the full file-extension to spot suspicious files easier
  • Backup your data regularly
  • Utilise external services to store backups on the cloud – ransomware such as CryptoLocker also affect files that are on mapped drives, so backing up to a cloud server ensures that your files are protected from such attacks
    (Learn more on protecting your business in the cloud from our previous post)

In a world where we rely heavily on technology for both work and personal uses, we must be prepared for the worst and protect ourselves at all times from attacks and other disasters. Speak to your managed services provider today to learn more about protecting your valuable business assets.

Protect your business in the Cloud

Remember playing with building blocks as a child? Spending hours of effort and concentration, carefully placing each piece into their perfect spots… and VOILA! It’s the best tower you’ve ever built. You spend every waking moment protecting this masterpiece, ensuring that it is safe and kept away from all possible harms.

Only for it to be knocked over by mum’s vacuum cleaner, shattered into a million pieces and impossible to be restored to its initial perfection. You felt angry, distressed, and a great sense of loss. How could this have happened?

Now fast-forward to today, and this time it is not the tower that has been destroyed. It is your valuable business data and information, which you have spent years of hard work to create and build. In the blink of an eye everything you need for your business to run is gone – what do you do now?

Protect Your Business In The Cloud

Disaster can strike at any moment, whether it be theft, a natural disaster or simple human error. With cloud computing, you can add reliable security measures to protect what’s important to your business.

By storing your data remotely either in a hosted server or managed server, housed in a secure data centre, your business is protected against physical theft of data. It also protects your information from system failures or natural disasters, such as a fire or flooding which may destroy all your physical data on-site.

Further to moving to a cloud storage, businesses are also able to use backup and disaster recovery methods to ensure further protection of valuable data and business continuity. Cloud storage provides peace of mind while still allowing flexible access to data for you and your employees, with access available anywhere via the internet.

Take Action Now

Another day without protection is another day your business is exposed to risks. Amongst its many benefits, cloud computing has certainly paved a new path for businesses security – speak to the Interlinked team today to learn more.