98% of mobile-device malware attacking Android (DROID) phones

Worldwide, a significant portion of the population owns and uses a smartphone;  mobile users search Google over 5.9 Billion times daily while over 6 Billion hours of YouTube are watched each month on mobile devices.  (Statistics taken from a presentation by Intel Corporation at the MOBILE World Congress 2014.)

Since most smartphones are based on Google’s Android operating system, these are the primary targets of malicious attacks.  Kaspersky Labs, a prominent anti-virus software manufacturer, reports that 98% of malware targeted at mobile devices attacks Google’s Android (DROID), which confirms “both the popularity of this mobile OS and the vulnerability of its architecture”.

Suggestions for DROID (and other smartphone) owners to suppress malware:

  • Keep your mobile phone updated with the latest patches
  • Deploy an anti-malware application

Visit http://blogs.computerworld.com/mobile-security/23577/98-mobile-malware-targets-android-platform for the entire article by Darlene Storm at ComputerWorld.

Fitness regime for your IT equipment: Keep it clean, cool, and empowered

IT (Information Technology) equipment is somewhat temperamental; it requires reasonable temperatures; stable, uninterrupted power; and some air flow to operate efficiently.  Cleanliness is important.  Here’s how to keep it toned.

IT equipment should be kept in a clean, neat, and (preferably) dust-adverse/static-resistant area; walls with painted surfaces, tiled or coated floors without carpeting, etc.  Fire-suppression equipment is a plus, but cannot be water-based.

Access should be restricted; a separate, locked room is ideal, but a closet with sufficient space and air flow can work for smaller sites.

Dust is the enemy of fans and electrical components; a reduced-dust environment and regular cleaning of equipment fans can lengthen the life of most items.  (Note: cleanings should be performed when equipment is powered-down, which is not always desirable or feasible.)

The area should have dedicated electrical circuits with sufficient amperage to match the power requirements of the equipment.  We also recommend an Uninterruptible Power Supply (UPS) for all critical items (and require them for equipment that we cover under our Comprehensive Support Program); the UPS provides emergency power when the input-power source is unavailable, but it also helps to regulate fluctuations in power, both spikes/surges (voltage overload) and brown-outs (reduction in voltage) that can damage sensitive equipment.

Cooling and humidity control are very important; most equipment runs optimally within a narrow range of temperature (64° to 81° Fahrenheit) and a maximum range of relative humidity of 60%.  HP, in an effort to be “greener”, lists current specifications on its DL360 server that provide a wider range of 50° to 90°F with 10% to 90% humidity (non-condensing).  However, cooler temperatures do make things last longer.  (The DL360 will actually throttle-back the CPU when the air-inlet sensors detect temperatures over 85°F.)

The area should have continuous air flow (to provide new, cool air while removing heated air that is exiting the equipment) and remain uncluttered to facilitate this air flow.  A dedicated A/C unit combined with a closed door is optimal; locating all equipment within a rack enclosure (with blanking panels over open areas) can enhance air flow.

TechAdvisory has 9 tips at http://techtimes.techadvisory.org/2011/11/9-steps-you-must-know-to-prevent-a-server-crash/.

Comparing Cloud-based services – Part 4: Prevention

Many Cloud-based services fall into one of these categories:

  • Productivity suites – Applications that help you be more productive
  • Storage – Storing, retrieving, and synchronizing files in the Cloud
  • Backup and Recovery – Backing-up data and being able to recover it
  • Prevention – Prevent malware, spam, and related components
  • Search – Find items from either a holistic or from a specialty perspective

In this issue, we’ll explore popular, Cloud-oriented options within Prevention, the highlighted item above, and compare them with one another.

Prevention is a necessary evil; it can slow end-point performance (since these tools are using computing resources to constantly scan for problems), but it is critical in keeping end-users safe from external threats like spam, malware, and viruses.  Cloud-oriented Prevention includes:

  • Email protection – Control spam plus encrypt and archive emails
  • End-point security – Secure end-user computers against attacks
  • Web filtering – Prevent unauthorized access to undesired websites

Email protection is wholly Cloud-based, but end-point security tools usually deploy an application onto the end-user computer while web filtering requires at least an adjustment to (ie: setup a proxy server), or an application installed on, the end-user computer.  We’ll cover only Cloud-based, email protection in this article.

Key issues for email-protection options include:

  • Administration – Easy setup and enforcement
  • Effectiveness – Works reliably and consistently
  • End-user interface – Intuitive, secure, and easy-to-use
  • Granularity – Allows multi-level policies and permissions

Popular, email-protection options (alphabetically) include:

  • Google Message Secure (formerly Postini; now bundled within Google Apps)
  • McAfee® (now Intel Security) SaaS Email Prevention and Continuity
  • Microsoft® Exchange Online Protection
  • ProofPointEssentials Business
  • Symantec Email Security.cloud (formerly MessageLabs)

Google Message Secure (GMS)

GMS was one of the best products at an excellent price of $12/user per year.  In 2013, Google discontinued GMS as a stand-alone service and bundled it within Google Apps.  Former GMS clients will retain the $12 pricing for a period of time, but will eventually pay the Google Apps for Business price of $50/user per year.

Visit http://www.google.com/postini/ for details on this transition.

McAfee SaaS Email Prevention and Continuity (MEPC)

Intel is currently rebranding McAfee within Intel Security; no timeframe on the conversion, but the McAfee logo (a red “M” on a shield) will remain associated with these services.

MEPC prevents spam, but also includes Continuity, which allows end-users to retrieve and send email even if their email service is unavailable; once the email service becomes available, all emails received and sent via MEPC are then resynchronized with the email service.  The price is $27/user per year.

McAfee also offers email encryption and email archiving.  (Please visit our site at http://www.Bryley.com/services/email-management/ for details on MEPC and related offerings.)

Microsoft Exchange Online Protection (EOP)

Microsoft provides email protection and archiving within its Office 365 suite, but also offers it as a stand–alone service under EOP, although it is directed solely at Exchange-based email.  In addition to spam and malware prevention, you can establish content and policy-based filtering to ensure outbound emails do not violate company standards.  Price is $12/user per year.

Visit http://office.microsoft.com/en-us/exchange/microsoft-exchange-online-protection-email-filter-and-anti-spam-protection-email-security-email-spam-FX103763969.aspx for details on EOP.  Or, visit our site for information on

Office 365 at http://www.Bryley.com/office365/.

Proofpoint Essentials Business

Proofpoint Essentials Business is a comprehensive offering that classifies security threats and then manages against their intrusion.  Outbound filtering, content filtering, and 14-day spooling are included; archiving is also available.  Proofpoint Essentials Business starts at $26.40/user per year.

Please visit http://essentials.proofpoint.com/ for more information.

Symantec Email Security.cloud

Symantec recently acquired MessageLabs spam filter and rebranded it within their Symantec.cloud services under Email Security.cloud.  It protects against targeted attacks, malware, spam, and the like using proprietary Skeptic technologies.  Content filtering is included; email encryption is available.

See http://www.symantec.com/email-security-cloud for details.

CryptoLocker Case Study

The following event depicts a real-life malware attack that infected a New England manufacturing firm. The company has chosen to share its story anonymously to help other businesses avoid a similar fate.

The unsuspecting sales rep certainly reacted in a way anyone would expect. He received an email with a voicemail attachment that looked like it came from the company CEO. When the CEO calls, reps jump to attention, and at this particular manufacturing firm based in New England, the business relies on a communication system that sends voicemails as email attachments. So the sales rep had no reason to suspect anything was wrong.

As it turns out, something was very wrong.

Click the link below to read the full article.

Bryley — CryptoLocker Remediation — 2013

5 Facts About Malware

One of our folk compiled this brief list on malware issues:

  • Vulnerabilities in Java are the #1 exploited vulnerability.  (Java is a popular, computer-programming language used in web-based applications.)
  • One of the main causes of malware is “Drive-By Downloads” where all you have to do is browse a website or click on a website from a search engine (Google, Yahoo, Bing, etc.) and you are downloading an infection.
  • Sales, R&D, HR, and other, multi-user email-boxes are targeted by malware distributors since these recipients are the most customer-facing employees; they typically have busy mailboxes and are accustomed to receiving a lot of email and opening it.  They are also accustomed, as part of their jobs, to regularly downloading attachments (resumes, pdfs, etc.).
  • 88% of attacks are on non-government (private) entities.
  • Small businesses with less than 250 users are the most-targeted group.

Are you curious about how to avoid any of these common vulnerabilities?  A member of our staff would be more than happy to discuss the steps you can take to secure your data.

Beware CryptoLocker

We have seen a rise in CryptoLocker virus attacks; these attacks can cripple the data files on your computer and on your computer network.

CryptoLocker is a destructive, ransomware virus; once downloaded, it locates and encrypts data files, which renders them inaccessible.  CryptoLocker does not announce its presence until all data files (Microsoft Office files, PDF files, etc.) are encrypted; it then asks for payment (ransom) to unencrypt these files.  (This type of ransomware is called “cryptoviral extortion”.)

The usual virus-delivery method is via email; the email looks legitimate and includes an attachment.  Once the attachment is clicked, the virus starts and then continues until all data files are encrypted or until the computer is powered-down.

You will not be able to unencrypt these files.  There is no cure.  There is no fix.

If the infected computer is connected to a computer network, data files on other computers and/or on the server(s) may also be encrypted and made inoperable.

Although payment is demanded to unencrypt the files, it should not be sent since any type of response to these criminals could open your computer network to future attacks.  The only recommended recovery method is to restore the encrypted data files from the latest backup.

Please visit http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information for more information on CryptoLocker.

Mike Morel, Engineer at Bryley Systems, suggests adopting these practices to reduce the risk of activating the CryptoLocker virus on your computer:

  • Do not open attachments within emails from sources that look legitimate, but are unexpected.
  • If you are expecting an attachment from someone, save the attachment first (without opening it) and then scan the attachment with your malware and anti-virus scanners before opening it.
  • Backup all data files regularly.

If you discover this virus, please immediately power-down the offending computer; if it is connected to a computer server, shutdown the computer network.  Then, call Bryley Systems at 978.562.6077 and select option one for technical support.

For additional information, see our lead article “Cybercrime targets smaller organizations” from the September 2012 edition of Bryley Tips and Information at

https://www.bryley.com/news/newsletter/bryley-tips-and-information-september-2012/.

Why small businesses struggle with cyber security

In part two of the interview with The Cleaning Crew, Bryley Systems President, Gavin Livingstone, explains why cyber security is sometimes overlooked within small businesses.

Why is cyber security important?

In a recent interview with The Cleaning Crew, Bryley Systems President, Gavin Livingstone, explained the importance of cyber security.  Watch the first part of the interview below.

Studies suggest cyber-security overconfidence in small/medium businesses

In a recent survey by Symantec and the National Cyber Security Alliance (NCSA), most small and medium-sized businesses participating felt they were safe from cyber threats, although just 17% of the 1,015 companies had a formal plan for cyber security.  Other contradictory items:

  • Although 77% recognized that strong cyber security was important for their brand, 59% had no plan on how to respond to a data breach.
  • Only 13% had a written Internet policy, but 62% believed that their employees knew the company’s Internet policy and practices.

 

Visit Small biz survey: No cybersecurity plans — no worries. What? for the full CNet article by Charles Cooper.

 

In a separate survey during the fall of 2011, research firm Opinion Matterspolled 200 IT decision makers working in companies of five to 250 employees.  Although almost 88% had web-monitoring/filtering software, over 40% of respondents have had a security breach due to unsafe web browsing.

 

Visit 40% of SMB have had a security breach due to unsafe Web surfingfor the full ConnectIT article by Mark Cox.

 

Both studies suggest that these businesses are not as secure as they think.

October is National Cyber Security Awareness Month (NCSAM)

According to the National Cyber Security Alliance (NCSA), October is the month to promote Cyber Security Awareness, which “…encourages people to do their part to make their online lives safe and secure.”

 

The NCSA’s philosophy is that safe browsing is a shared responsibility: “Everyone has a role in securing their part of cyber space, including the devices and networks they use.”  NCASM provides a focal point for participants to educate others about safe and secure usage.  Its three-part mantra:

  • Stop – Understand the risks and learn how to spot potential problems
  • Think – Consider how your usage of the Internet could impact others
  • Connect – Proceed with confidence now that you know what to expect

 

The official presidential proclamation states that NCASM is the time to “…recommit to ensuring that our information and infrastructure remain secure, reliable, and resilient”.

 

Business users may visit Keep My Business Safe for details on how to secure their businesses.  There are safety tips for individuals and some free security-checkup tools.