Malspam Campaign Personalizes Emails with Recipient’s Name and Address

A spam campaign is personalizing its emails with the recipient’s name and address so that more people will feel inclined to open the malicious attachment.

Sophos Labs has seen several versions of this scam pop up in recent weeks. But although the text differs across samples, all the emails generally follow the same format. The scam email includes the recipient’s first name in the salutation, their last name as the title of the attachment, and their physical address in the body of the message.

Here’s one example of the scam.

“Good day to you, [FIRST NAME]

I am disturbing you for a very important occasion. Though you don’t know me, but I have significant ammount of individual info about you. The fact is that, most probably mistakenly, the data your account has been emailed to me.

For instance, your address is:
[STREET ADDRESS] Borsetshire
ZZ99 3WZ

I am a lawful citizen, so I decided to personal details may have been hacked. I pinned the file – [LAST NAME].dot that I received, that you could view what data has become available for deceivers. Document password is – 3776.

Best regards,
[SENDER NAME] [sic]”

It’s not clear where the attackers obtain each recipient’s personal information. But considering the wealth of data breaches, it’s probable they purchased the data on an underground forum. They then could have used an automated tool to properly format the address based upon the recipient’s country of origin.

So what happens if the recipient clicks on the attachment?

Nothing too out of the ordinary. A Microsoft Word document opens and prompts the user to enter the password. It then asks them to “Enable Content”. If the user complies, the document tries two different web pages hosted on hacked servers and loads what appears to be a GIF file.

But as Sophos Labs senior security advisor Paul Ducklin explains in a blog post, there’s more to this file than meets the eye:

“In fact, the GIF file has just 10 bytes of valid header data, followed by a 256-byte decryption key, followed by about 0.5MB of binary data scrambled by XORing it with the decryption key repeated over and over. (This is known as a Vigenère cipher, named after a cryptographer from the 1500s who didn’t actually invent it.)

“The GIF header makes the file look innocent, even though it won’t display as an image, and the Vigenère scrambling means that the suspicious parts of the file aren’t obvious.”

At that point, the malicious code embedded in the Word document initiates a decryption process of the executable and saves it to the Temp folder. When Sophos Labs tested this attack vector, malware known as Troj/Agent-AURH infected their computer. The trojan enlisted their machine into a botnet and then awaited further instructions from its command and control (C&C) server.

This is not the first scam of its kind. We’ve seen other personalized campaigns targeting users in the UK and Germany. Those emails infected recipients with Maktub Locker ransomware and a banking trojan named Nymaim.B, respectively.

To defend against these types of scams, users should avoid clicking on suspicious links and email attachments. They should also not click on an attachment just because the email contains their personal information. Rather, they should generally assume someone gained their information from a data breach. They should therefore monitor their accounts for any signs that are indicative of fraud. If they believe the scam emails are more targeted in nature, they should report the attacks to law enforcement.

These are important online behaviors to keep your staff trained on. For more information on email security and training for best online practices, call us today at 800-421-7151.

As read on TripWire, article by David Bisson

Check Out this List of Free Ransomware Decryptors

We’ve gotten so caught up discussing ransomware prevention with our clients that we’ve neglected to mention that several strains have already been defeated. In fact, there’s a decent chance you can actually decrypt all your data for free. Always make sure to check these lists before responding to a cyber attacker’s demands.

The State of Ransomware in 2017

It’s been almost 30 years since malware was first created that could encrypt locally-stored data and demand money in exchange for its safe return. Known as ransomware, this type of malware has gone through multiple periods of popularity. 2006 and 2013 saw brief spikes in infections, but they’ve never been as bad as they are now.

In 2015, the FBI estimated that ransomware attacks cost victims $24 million, but in the first three months of 2016 it had already racked up more than $209 million. At the beginning of 2017, more than 10% of all malware infections were some version of ransomware.

Zombie Ransomware is Easy to Defeat

Not every type of infection is targeted to individual organizations. Some infections may happen as a result of self-propagating ransomware strains, while others might come from cyber attackers who are hoping targets are so scared that they pay up before doing any research on how dated the strain is.

No matter what the circumstances of your infection are, always check the following lists to see whether free decryption tools have been released to save you a world of hurt:

Kaspersky Lab’s No Ransom list
Avast’s free decryption tools
Trend Micro’s Ransomware File Decryptor’s Breaking Free list

But even when you can get your data back for free, getting hit with malware is no walk in the park. There are essentially three basic approaches to preventing ransomware. First, train your employees about what they should and shouldn’t be opening when browsing the web and checking email.

Second, back up your data as often as possible to quarantined storage. As long as access to your backed-up data is extremely limited and not directly connected to your network, you should be able to restore everything in case of an infection.

Finally, regularly update all your software solutions (operating systems, productivity software, and antivirus). Most big-name vendors are quick to patch vulnerabilities, and you’ll prevent a large portion of infections just by staying up to date.

Whether it’s dealing with an infection or preventing one, the best option is to always seek professional advice from seasoned IT technicians. It’s possible that you could decrypt your data with the tools listed above, but most ransomware strains destroy your data after a set time limit, and you may not be able to beat the clock. If you do, you probably won’t have the expertise to discern where your security was penetrated.

Don’t waste time fighting against a never-ending stream of cyber attacks – hand it over to us and be done with it. Call today to find out more:800-421-7151.

Which Type of Firewall is Right for You?

Software solutions are almost always more user-friendly than hardware solutions. There’s no need to worry about cabling, firmware, and power consumption. But when it comes to firewalls, a software solution just can’t measure up to its hardware counterpart. Make sure you have all the facts before deciding which is right for you.

Software firewalls

Calling a piece of software a “firewall” is a bit of an exaggeration. Installing it on a local hard drive is more like locks on a door than impenetrable walls. When data is scanned for threats by a software firewall, the information it contains has already been passed through your router, network switch, and finally your local hard drive.

Once the whole cycle has finished, software firewalls can prohibit risky activities based on blacklisted IP addresses, known malware definitions, and suspicious application requests.

Although these solutions do have value, they can’t guarantee that malware won’t spread to other systems before each packet of data can be scanned, unless they’re standing guard at your business’s gateway to the internet. And whenever the computer with the firewall is powered off, everything it protects is left unguarded.

Hardware firewalls

Because the drawbacks of a software-based firewall are centered around their inefficient network position, a hardware solution is the safer option. Hardware firewalls sit directly behind your router, so every single packet of data coming from the internet must pass through your gatekeeper before landing on any of your internal drives.

Most of these solutions include far more sophisticated controls than just web filtering and basic data scanning. Like most developments in the IT industry, newer hardware firewalls focus on “intelligent” functions that analyze huge datasets to recognize malware and cyberattacks based on irregular activities instead of relying solely on cataloged viruses and attack vectors.

Another benefit of hardware firewalls is that they’re always on. There’s no need to worry about whether the workstation hosting your solution will crash because these devices are built for 24/7 protection. The only downside to this type of solution is the level of monitoring and maintenance it requires. Hardware firewalls are extremely complex and managing them is no easy task.

“Cloud” firewalls

The most recent, and undoubtedly best, solution to network perimeter security are “cloud” firewalls. These are on-site pieces of hardware with software interfaces that can be managed remotely by certified security professionals.

This service model means that experts will monitor your network performance and security for anomalies while your team goes about its business as usual. No need for onsite tweaks and updates — all of it can be done remotely.

You may hear a lot of experts telling you that the age of on-site hardware has passed and everything can be done in the cloud. Remote administration may be the next wave in network services, but the need for hardware will never go away. If you need someone to manage your physical devices, contact us today.

Selecting the Perfect Office 365 Plan

Office 365 Business, Business Premium, Enterprise E1, E3, and E5. Each of these Office 365 plans offer different features and services. Implement the wrong one, and you may end up with a solution that doesn’t fully meet your company’s needs. To help your business select the right Office 365 license, we’ve summarized and listed the different features of each plan.

Business or Enterprise?

If you’re running a cloud-first business, you’ll have to decide between Office 365 Business and Enterprise. Both may have access to Office Online and OneDrive, but there are some notable differences between the plan.

For one, Office 365 Enterprise E3 and E5 plans have unlimited archive and mail storage space, while Business plans have a 50-GB storage limit and don’t provide archive access from the Outlook client.

When it comes to SharePoint, Business plans are short on enterprise search, Excel services, and Visio features. Additionally, unified communication solutions, Power BI, and Delve analytics are also missing from the Office 365 Business offering.

Although it may seem like Enterprise subscriptions are superior — and in some ways they are — Business plans are perfect for smaller companies running on a tight budget. Office 365 Business and Business Premium cost $10 and $15 per user per month respectively, while E5, the biggest Enterprise plan, costs $35 per user per month.

As a general rule, start looking for Enterprise plans when your employee headcount exceeds 50 people and users require more storage space and solutions.

E1, E3, or E5?
If you do opt for Office 365 Enterprise plans, you’ll have to examine the features and choose one of three plans (E1, E3, and E5) that suits your needs.

E1 offers basic enterprise solutions such as Outlook and Word, OneNote, PowerPoint, and Excel online for only $8 per user per month. Apart from this, users also get access to SharePoint Team sites, video conferencing, and Yammer for enterprise social media.

E3 provides all E1 features and adds data loss prevention, rights management, and encryption to ensure business security and compliance. While E5 is a full enterprise-grade solution with all the aforementioned features plus analytics tools, advanced threat protection, flexible Skype for Business conferencing, and unified communication solutions.

Small- and medium-sized enterprises will usually select either E1 or E3 subscriptions and decide to add third-party applications to meet cloud security and VoIP demands. But if you have the resources and prefer a fully-managed suite of Microsoft applications, E5 plans are the way to go.

Migrating to an Office 365 platform is a big step, and if you’re still undecided about which plan to opt for, contact us today at 800-421-7151. We don’t just provide Office 365, we assess your business and find the best solution that meets your budget and objectives.

“What do you mean I’m not safe from All Ransomware Attacks?!”

If your IT provider is anything like WAMS, then they do everything in their power to
protect you from all types of viruses, malware, and ransomware out there. Chances are that you
are paying accordingly for your protection and are getting sound advice from your provider. So
how is it that your IT provider cannot protect you from all attacks? After all, they should know
everything shouldn’t they?

We aren’t going to sugar coat things here… the truth is, we don’t and we can’t. But, we
can keep you as safe as possible. It’s unfortunate the way the ransomware industry, yes,
industry, is growing and changing today. Recently cybercrime has evolved into a full blown
industry; who would have thought that Ransomware as a Service would become a thing?
Criminals are getting smarter and constantly learning ways to get past what used to be viewed
as everything-proof security. The ones creating malware these days are just as brilliant as your
security solution experts; they have simply chosen the dark side of IT. It’s definitely a scary
thought, which is exactly why you need to equip yourself with as much security and protection
as is available to you.

Try to think of it this way: your IT provider in many ways is to your network system what
your doctor is to you. You visit your doctor when you are ill and come up with a solution for how
you will recover; what kind of treatment you will be needing. Most people also have regular
checkups with their physician even when they feel healthy just to ensure that everything is going
smoothly. Your doctor offers many preventative solutions as well, such as vitamins, diet,
exercise, and vaccinations. Your doctor is the expert, and yet even when following directions,
you still occasionally catch something. There are two aspects that your doctor cannot control
that can cause you to become ill: the environment and your actions. We all know that you have
minimal control over the environment; more importantly, your doctor can make
recommendations over and over yet without proper execution you are at a higher risk. Be it the
flu, a cold, a hereditary illness, etc. Try to think of your IT provider in the same way. Your
systems are monitored, updates are constantly implemented, and they protect you to the best of
their abilities. Your IT providers are the experts, but sometimes there are attacks that have
evolved; brilliant culprits who have figured out how to get past even the most up-to-date security
settings. And without proper security training, your staff may be your biggest risk factor for
allowing these infections to occur. Undoubtedly, a solution to fight and/or prevent these attacks
will be found quickly in most cases; that doesn’t mean that you may not be vulnerable. Like your
body to illnesses, there is always something out there that will present as a threat to your

If your IT provider doesn’t have all the answers, then what are you to do? The reality is
that nobody truly has all of the answers; and probably never will. The best strategy is to plan for
the worst and have steps in place to limit the negative impact. We can stay up to date in every
way possible, follow every IT security blog, and do everything in our power to stay updated and
ahead of the game on the latest attacks. The problem is that much like real-life illnesses,
ransomware is changing and evolving rapidly. When new ones begin to attack, there may not be
a set solution for neither prevention nor destruction, other than wiping your system and restoring
from a backup. However, below is WAMS’s prescription on the many ways that you can prevent
yourself from future attacks.

1. Stay updated.
Work with an IT provider that keeps you in the know on the latest updates
regarding major attacks and security breaches. For instance, WAMS posts vital information
on social media, to blogs, and sends out a WAMS Warning email any time there is a culprit
on the rise or a security issue coming forward.

2. Work with an IT provider that you know you can trust.
Why is this so important? Your
provider will make recommendations based on your system’s needs. You need to feel
excellent about the recommendations you receive from your provider, and more importantly,
be 110% confident that it is in your best interest to implement those recommendations if you
want your best chance at avoiding ransomware attacks.

3. Know that you are compliant
with all necessary data security obligations. It is important to
know that you are HIPAA, SEC, FERPA, FTC, and ITAR compliant in your security and data
storage. You also may be subject to the Payment Card Industry Data Security Standards as

4. Have redundant backups in place.
We truly cannot stress enough to you just how
important this is. If you do not have a redundant backup system in place and you are hit with
ransomware, you cannot retrieve your data unless you pay for the decryption key. The
number one problem with ransomware is that no matter how hard even the most brilliant of
IT providers try, decrypting ransomware without a key is completely unheard of. We’d like to
wave our magic wands and rid you of these nasty infections, but that’s not an industry
possibility… yet.

5. Email security. At WAMS, we implement Mimecast’s solutions not only for our clients but
internally as well because we know that we are protected from multiple different types of
attacks. Our solutions provide security, archiving, continuity, malicious Url defense,
attachment sandboxing, data leak prevention, and email encryption.

6. Mandatory security training
for your staff. We can’t control everything out there affecting
your network, but we can provide your team with security training and assist you in putting
together policies that will keep your network safe.

We can’t stress enough to you that this “prescription” is a list of steps for your best shot
at protecting yourself and avoiding future hits. Never underestimate the power that you give
criminals when you do not take the necessary precautions and allow yourself to be vulnerable. It
is vital that you are just as careful about the health of your network as you are about your own
health. Let your IT provider be your network doctor, and allow them to keep your system healthy.

“Lucky Charm” Keeps Hackers Out

Ralph’s been a good employee for you. Shows up on time. Gets the job done. Doesn’t hassle anybody.

He’s also a porn addict. When nobody’s looking, he’s visiting sites – on your network – that you’d be appalled to see. IF…you knew about them. Without careful monitoring and filtering, this kind of Internet use on your network can remain hidden.

Shocking? Hard to believe it could happen at your company? A survey by International Data Corporation (IDC) revealed that 70% of all web traffic to Internet pornography sites occurs during the work hours of 9 a.m. to 5 p.m. Ralph’s little visits may seem harmless, but they’re adding a serious level of risk to the financial health and security of your company.

Here’s how. A visit to an adult website can be tracked. And if a logged-in user’s identity is leaked, it can be embarrassing, to say the least, to that user. The user may even become a victim of “sextortion” or blackmail. Just ask any of the people who used Ashley Madison, a dating site for illicit affairs. When the site was hacked, users were suddenly at risk of having their indiscretions revealed. This gives cybercriminals a powerful lever to pressure an employee into revealing sensitive company data. Considering that 60% of security breaches start from within the company, you have to wonder what someone at risk of being exposed might do to keep their little secret, well…secret.

Let’s face it, if you’re not carefully monitoring and managing how your network is being used, your company’s data could be in serious jeopardy.

Content Filtering In Today’s Web 2.0 World
Whether you’re already monitoring user activity on your network or not, you need to stay vigilant about evolving risks. And content filtering is key. If your business is like many, you may already be doing some filtering. But is it enough? As technology evolves, hackers drum up ever stealthier ways to invade your network.

Cloud-based filtering, for example, becomes a must when mobile devices tap into your network. The old concept of a static, location-based “firewall” just doesn’t cut it anymore when your staff goes mobile.

Then there’s social media. It’s like a big window into the personal lives of your personnel. It lets cybercriminals “case the joint” before breaking in. For instance, when users log in to a personal Facebook account at work and talk about vacations, favorite hangouts or weekend activities, hackers can use that information for social engineering and other ploys.

The number of ways your network is exposed to potentially damaging content grows daily. It’s no wonder that 90% of companies and government agencies surveyed by IDC detected computer security breaches within the previous 12 months. Eighty percent of those organizations acknowledged financial losses due to these breaches. With odds like that against you, an up-to-date content filtering system could well be THE “Lucky Charm” that keeps your company, and your data, safe from all kinds of harm.

Fileless Malware is Back; Are You at Risk?!

How many times have you read a shocking headline, only to find the attached article incredibly underwhelming? Over the last several weeks headlines decrying the threat of “fileless malware” have been everywhere, but the truth is a little less scary. Let’s take a look at what’s really going on and who’s actually at risk.

What is This New Threat?

To oversimplify the matter, fileless malware is stored somewhere other than a hard drive. For example, with some incredibly talented programming, a piece of malware could be stored in your Random Access Memory (RAM).

RAM is a type of temporary memory used only by applications that are running, which means antivirus software never scans it on account of its temporary nature. This makes fileless malware incredibly hard to detect.

This isn’t the First Time it’s Been Detected

Industry-leading cyber security firm Kaspersky Lab first discovered a type of fileless malware on its very own network almost two years ago. The final verdict was that it originated from the Stuxnet strain of state-sponsored cyber warfare. The high level of sophistication and government funding meant fileless malware was virtually nonexistent until the beginning of 2017.

Where is it now?

Apparently being infected by this strain of malware makes you an expert because Kaspersky Lab was the group that uncovered over 140 infections across 40 different countries. Almost every instance of the fileless malware was found in financial institutions and worked towards obtaining login credentials. In the worst cases, infections had already gleaned enough information to allow cyber attackers to withdraw undisclosed sums of cash from ATMs.

Am I at risk?

It is extremely unlikely your business would have been targeted in the earliest stages of this particular strain of malware. Whoever created this program is after cold hard cash. Not ransoms, not valuable data, and not destruction. Unless your network directly handles the transfer of cash assets, you’re fine.

If you want to be extra careful, employ solutions that analyze trends in behavior. When hackers acquire login information, they usually test it out at odd hours and any intrusion prevention system should be able to recognize the attempt as dubious.

Should I Worry About the Future?

The answer is a bit of a mixed bag. Cybersecurity requires constant attention and education, but it’s not something you can just jump into. What you should do is hire a managed services provider that promises 24/7 network monitoring and up-to-the-minute patches and software updates – like us. Call today at 800-421-7151 to get started.

Be the First to Enjoy New Office Apps

Microsoft churns out new Office 365 features for users almost every month. Last year, there were several additions to Word, Excel, and PowerPoint that further enhanced user experience. This year, Microsoft will likely introduce new features that can benefit businesses. If you want to stay on top of new Microsoft features and experience these advantages yourself, then the Office Insider program is for you.

Early access
Similar to the Windows 10 Insider program, the Office Insider program grants users early access to new features, security updates, and bug fixes months before they are available for the general public. Office Insider is available on two levels: the fast ring, where updates are rolled out more frequently but tend to have more issues, and the slow ring, where features are released slower but have little to no software bugs.

The features you have to look forward to include: – When you sign up for the Office Insider Program you are immediately eligible to beta test, a machine learning feature that uses Cortana to schedule important calls, meetings, and events. When you need to set up an appointment over email, you can simply list your contact, add Cortana to the Cc: line, and state your meeting preferences.
Outlook – In January 30, Microsoft has increased Outlook 2016’s collaboration options. Insider subscribers can upload locally saved email attachments to OneDrive and collaborate with other employees.
Surface Pen – Surface device users in the Insider program can resize, rotate, and move objects in Word, Excel, and PowerPoint with the Surface Pen.
Competitive advantage
Because you’re getting early access to new applications, you’ll have more experience with the features compared to companies who wait for the general availability update. For example, you can test updates like PowerApps — a feature that allows businesses to create software without knowing how to code — and decide whether it’s right for your company months before other general users have worked with the product.

In other words, when your business can access and take advantage of Office 365 Insider features early, you’re essentially setting your company ahead of the competition since ‘late’ adopters will need to spend time getting acquainted with the new patch.

The final benefit of the Office Insider program is that you get to voice your opinion on the upcoming features, raise awareness to certain software issues, and provide ideas on how Microsoft can make things better.

Overall, enrolling in the Office Insider program can open up your company to a wide variety of productivity-boosting features. The only question you have to ask yourself now is: Do I want to be at the bleeding edge of tech innovations?

Contact us today to find out how you can get on the inside and know the latest in Office updates.

3 Common Mistake in Virtualized Networks

Data storage may be one of the easiest facets of virtualization to explain, but that doesn’t make it immune to problems arising from confusion. There are a few things that can cause virtualized data storage to underperform, and most of them can be easily fixed by technicians who know their stuff. Read on to find out whether you might have fallen for one of these mistakes.

Poorly structured storage from the get go

Within a virtualized data storage framework, information is grouped into tiers based on how quickly that information needs to be accessible when requested. The fastest drives on the market are still very expensive, and most networks will have to organize data into three different tiers to avoid breaking the bank.

For example, archived or redundant data probably doesn’t need to be on the fastest drive you have, but images on your eCommerce website should get the highest priority if you want customers to have a good experience.

Without a virtualization expert on hand, organizing this data could quickly go off the rails. Ask your IT service provider to see a diagram of where your various data types are stored and how those connect to the software-defined drive at the hub of your solution. If there are too many relays for your server to pass through, it’ll be a slower solution than the non-virtualized alternatives.

Inadequately maintained virtualized storage

How long will your intended design last? Companies evolve and expand in short periods of time, and your infrastructure may look completely different months later. Virtualized data storage requires frequent revisions and updates to perform optimally.

Whoever is in charge of your virtualization solution needs to have intimate knowledge of how data is being accessed. If you’re using virtual machines to access your database and move things around, they need to be precisely arranged to make sure you don’t have 10 workstations trying to access information from the same gateway while five other lanes sit unoccupied.

Incorrect application placement

In addition to watching how your data is accessed as the system shifts and grows, administrators also need to keep a close eye on the non-human components with access to the system. Virtualized applications that access your database may suffer from connectivity problems, but how would you know?

The application won’t alert you, and employees can’t be expected to report every time the network seems slow. Your virtualization expert needs to understand what those applications need to function and how to monitor them closely as time goes on.

Deploying any type of virtualized IT within your business network is a commendable feat. However, the work doesn’t stop there. Without the fine-tuning of an experienced professional, you risk paying for little more than a fancy name. For the best virtualization advice in town, contact us today at 800-421-7151.