The US Computer Emergency Readiness Team (US-CERT) has issued an alert stating that it has received multiple reports (worldwide) of Petya ransomware infections.
"Petya ransomware encrypts the master boot records of infected Windows computers, making affected machines unusable. Open-source reports indicate that the ransomware exploits vulnerabilities in Server Message Block (SMB)."
Security Bulletins and Updates
rmsource recommends updating all Intrusion Prevention platforms to detect or prevent on signatures addressing the following CVEs.
Microsoft issued work-around:
Microsoft has provided the following link for disabling SMBv1 as a work-around.
Please note: System Administrators will need to evaluate individual network environments and requirements prior to disabling any protocols.
WannaCry is a ransomware program first detected on
Friday, May 12, targeting vulnerabilities in Microsoft software. Since
the onset of the attack, it is estimated that 200,000 computers in 150
countries have been affected.
WannaCry utilizes the "EternalBlue" SMBv2
exploit, believed to be developed by the NSA and leaked to the public by the
"Shadow Brokers" hacker group on April 14th, 2017.
While a patch was released by Microsoft on March 14th, 2017 (MS
Bulletin MS17-010), unpatched devices and legacy systems (systems like Windows
XP that no longer receive security patches) are still vulnerable.
The initial infection appears to have resulted from
a malicious phishing email, however once a device is compromised, the malware
spreads through the networks as a worm, scanning and exploiting connected
Upon successfully infecting a system, the WannaCry
malware installs an encryption package that targets commonly used files, such
as audio, video and text documents:
The following image shows a comprehensive list of
targeted file extensions:
Infected systems will then display a pop-up window,
informing the users that their files have been encrypted and providing
instructions and links for payment and decryption.
Next Steps and Protection
While the spread of the WannaCry worm was greatly
slowed by a "kill-switch" being triggered this weekend, it is
extremely likely that new, more resilient versions will be released.
In order to ensure users and networks are protected
from various versions of this and other malware, the following practices should
It’s no secret that the cloud is taking its place as the leading technology for SaaS, IaaS and PaaS. However, there’s another shift taking place – IT departments are moving from managing costs to generating revenue. It’s a digital transformation that’s focused on the cloud. And, Microsoft Azure is leading the way.
The cloud is a huge part of this because of its flexibility. It can deliver what we’ve all come to expect from most any service in our personal and work lives – greater user experiences and powerful capabilities – something business organizations across industries are also expecting from their technology. That means organizations are making the technology shift to the cloud, especially Microsoft Azure, and they need cloud service providers to help manage this for them.
Chances are it’s at the core of your business strategy, too. The reality is that if you aren’t currently investing in the cloud, over the next five years you will be. Many organizations that have already invested in the cloud are now finding they need assistance maximizing its efficiencies, increasing security, and helping IT estimate the consumption dollars. Truly, the flexibility of cloud environments can easily get out of financial control – it’s not a simple turn-on-and-go scenario.
Because of this shift, we are often asked:
Do I get 24x7 support?
How do we manage security?
How can I properly estimate my monthly consumption costs?
Which workloads or applications should I move to the cloud?
Do I have to pay for Disaster Recovery when my VM’s are turned off?
Can I specify a geographic region to guarantee my data stays in the United States?
These conversations are drastically different than just a few years ago. If it’s time to make the shift or get your cloud services under control, find an experienced provider with the experts in place to help you get it right the first time.
As a Microsoft Cloud Service Provider, we have the resources and experience to help you take your business to the next level. Please contact our sales teams for more information.
rmsource spent the end of 2016 at CIO conferences and several charity golf events with customers. We also celebrated with our employee family with picnic's, team building events, and various after work activities. We closed the year with new employees, new relationships, and new vendor partnerships. We are looking forward to 2017!
For more information visit rmsource.com and follow us on Twitter @rmsourceinc!
Weaponized IoT (Internet of Things) - Mirai Botnet
Last year, the "Mirai Botnet" was used (in part) to mount a large-scale, multiple wave attack on DNS Service Provider Dyn, resulting in many high-profile sites such as Twitter, Amazon, Reddit and Paypal becoming inaccessible during the attack.
In a statement by Dyn's Chief Strategy Office, Kyle York, "This was a sophisticated, highly distributed attack involving 10s of millions of IP addresses."
This is believed to be the same botnet used in a record-breaking 620 Gbps attack on Krebsonsecurity.com in September.
Mirai source code was released by Anna-senpai (online pseudonym) on Hackforums (a hacker community site) this past September. Mirai works by using Mirai-infected devices to scan for IoT devices using default credentials. Once discovered and accessed using known default credentials, the Mirai code infects the device and creates a connection to a command and control server to then be utilized in large-scale DDOS attacks.
According to Dyn, a distributed denial-of-service (DDoS) attack began at 7:00 a.m. (EDT) and was resolved by 9:20 a.m. A second attack was reported at 11:52 a.m. and Internet users began reporting difficulties accessing websites. A third attack began in the afternoon, after 4:00 p.m. At 6:11 p.m., Dyn reported that they had resolved the issue.
The following map shows the affected areas and outage scope of the Oct 24 attack on Dyn. Source: Downdetector.com
While there is currently no definitive list detailing which specific device makes and models are vulnerable, Allison Nixon of Flashpoint stated that the botnet is "mainly comprised of IP Cameras and DVRs with components made by Xiongmai Technologies."
While many of the username and passwords within the botnet source code are generic and can be applied to multiple devices, Krebsonsecurity.com compiled the following table by reviewing the Mirai source-code for username and password combinations that could be linked to specific manufacturers and device type.
The Mirai code is loaded into memory, therefore infected devices can be temporarily cleaned by rebooting, however as the botnet is constantly scanning for vulnerable devices, re-infection can occur within minutes. Users of IoT devices should be advised to set strong usernames and passwords, however many devices that allow credentials to be changed by a web-based interface still contain telnet or SSH accessible passwords that are hard-coded into firmware, according to Flashpoints Zach Wikhom.
"The issue with these particular devices is that a user cannot feasibly change this password," Flashpoint's Zach Wikholm told KrebsOnSecurity. "The password is hardcoded into the firmware, and the tools necessary to disable it are not present. Even worse, the web interface is not aware that these credentials even exist."
Flashpoint's researchers said they scanned the Internet on Oct. 6 for systems that showed signs of running the vulnerable hardware, and found more than 515,000 of them were vulnerable to the flaws they discovered."
While electronics company Xiongmai denies that the majority of the attack came from its devices, and has even threatened legal action against various publications for tarnishing the company's reputation, the electronics firm has vowed to recall affected devices.
"The company confirmed that it will recall some of its older products sold in the US made before April 2015 in an effort to improve its password functionality."
Unfortunately, while there are many current suggestions and strategies to resolve this issue, ranging from ISPs detection and client notification, to a defensive counter-hack of infected devices, no clear long-term strategy exists.
What should you do if you believe your device is infected or vulnerable? While the following steps do not guarantee complete safety from the Mirai or other botnet infections, they are basic security steps that should be applied when using any network-connected devices:
Tech-Support Scammers Targeting a Younger Generation
At one point or another, most of us have received an unsolicited call by someone claiming to be from "tech support," informing us that they have detected a virus on our PC. While their delivery and tactics vary, their end goal is usually the same:
A recent Spiceworks report on the 2016 state of IT says that nearly 60% of IT pros surveyed don't expect their IT staff to increase in 2016.
In addition, the report states that despite rising average annual company revenue, IT budgets remain relatively flat. So in turn, IT departments will be tasked with doing more with less. This IT crossroads between fewer resources and growing demands is a perfect avenue for C-Suite leaders to bring in managed resources.
By utilizing one of our managed service offerings, we are able to provide our clients with access to certified engineers and software developers for a fraction of hiring full time employees.
For example, we recently provided a managed solution that offered 24/7 support for a client's call center sites, LAN, WAN and security infrastructure. It also gave the client access to our security, networking, and application engineers for a fixed monthly cost with guaranteed SLA's. By outsourcing these resource-intensive pieces of their security, networking, and specific applications, the client was able to lower costs and capitalize on the skilled expertise of our professional services teams – without the cost or extended timeline involved with hiring each specialized resource individually.
In addition, we also created a Private Cloud Solution for a client in the healthcare field, which allowed them to expand their physicians care network quickly while reducing the IT organization's workload and cutting infrastructure costs. The technologies utilized enabled scalability with a high level of dedicated support for the practitioners and office staff, which were also HIPAA and PCI compliant.
What IT needs are you finding squeezed? Contact us for information on how our solutions can help -- 877-319-3051.
It's no secret that mobile apps are the fastest growing segment of software development. Our custom application development team is experiencing a measurable uptick in requests for mobile apps designed to help businesses increase productivity by keeping employees connected across all devices.
The mobile app development space is also evolving quickly. One of the latest announcements came from Microsoft, who is continuing to deepen its developer resources through the acquisition of leading platform provider Xamarin.
The February 24th announcement describes the acquisition this way,
"In conjunction with Visual Studio, Xamarin provides a rich mobile development offering that enables developers to build mobile apps using C# and deliver fully native mobile app experiences to all major devices – including iOS, Android, and Windows. Xamarin's approach enables developers to take advantage of the productivity and power of .NET to build mobile apps, and to use C# to write to the full set of native APIs and mobile capabilities provided by each device platform. This enables developers to easily share common app code across their iOS, Android and Windows apps while still delivering fully native experiences for each of the platforms. Xamarin's unique solution has fueled amazing growth for more than four years."
"Through Xamarin Test Cloud, all types of mobile developers (C#, Objective-C, Java and hybrid app builders) can also test and improve the quality of apps using thousands of cloud-hosted phones and devices."
What does this mean for your business? With Xamarin integrated natively into the Microsoft stack, our development team can build and test native apps more efficiently and effectively than ever before. That translates to more robust options for you.
A major challenge facing IT leaders today is the cloud. These environments offer scalability, efficiency gains, and measurable ROI. But, they are not a one-size-fits-all solution. With public, private, and hosted options, most organizations end up with a hybrid cloud configuration. Buying the right cloud solution requires more than just server access. End-to-end support for the migrations, apps and business systems residing in that cloud are critical to success.
Here are three questions we recommend asking before moving apps and business systems to the cloud.
1. What apps are good candidates to be moved to a cloud?
The answer is most, if not all of them. Business applications are moving to the cloud at lightening speed, in fact the major players among software companies are forcing customers to move. Microsoft Office 365 made this move a few years ago. Application providers may provide some on-premise support however the trend has moved towards cloud hosted versions of their products.
The bottom line is that visionary business leaders are looking at how some or maybe all of their applications will move to a cloud in the coming years. Likely this is a hybrid environment that includes a mix of private, public, and some on-premise solutions depending on application or vendor requirements for support.
2. To which cloud option should we migrate?
Each type of cloud has its place in the mix. Some businesses require highly secure dedicated infrastructures integrated to their on-premise environments for regulatory requirements. These types of clouds require custom or specific policies and procedures to be met which might be unique to that business and their customers. In this case, a hosted private or hybrid cloud configuration works best.
Working with experts to evaluate the full needs of your business and then planning a cloud architecture that works for your business is key to a successful cloud strategy. Most businesses will use a mix of public, private, and on-premise solutions.
3. Should we invest in infrastructure or managed services?
This is a question business leaders are facing in organizations of all sizes. Companies generally have two areas they evaluate when making this decision.
The first is related to budgeting -- moving IT from a capital expense model (CapEX) to an operating expense model (OpEx). This shift carries tax savings opportunities and does not require the long-term planning for investments in infrastructure and other resources.
The second is related to hiring a Managed Service Provider (MSP) -- moving from internal hires and benefits to on call 24/7 certified experts for montioring and management of systems. This frees up your internal resources to work on mission critical and other projects while the MSP fills in the gaps.
Ready to hire the right partner for your cloud needs? We'll take responsibility and support for your cloud architecture end-to-end. Give us a call to learn about the rmsource difference.
Partial Resourcing Model™ Allows Businesses To Pay For Only What They Need
Recognizing the evolving challenges faced by IT and business leaders, rmsource, Inc. is adapting their service model to include an al a carte fee structure, much like cloud providers offer. The service is called the Partial Resourcing Model™ and it gives rmsource clients access to specialty IT resources when they need them.
Under a single monthly fee, organizations have access to highly-skilled professionals who specialize in almost every aspect of the IT spectrum -- Private/Hybrid Clouds, networking, security, Microsoft servers, app development, SharePoint, Office 365, and much more. This replaces the need to hire full-time or long-term contract employees and includes a suite of project management tools and resources.
“We believe this is an innovative support structure that better addresses the challenges IT leaders face every day,” says Robb Hultin, rmsource, Inc. president and co-founder. “Our model offers a customizable and actionable option for our clients to fill in IT skill and resource gaps in order to get projects completed on time and under budget.”
Hultin and the leadership team at rmsource, Inc. are focused on acquiring the best resources in order to support this model. The company relocated to downtown Raleigh, NC in September of 2015 to be in the midst of one of the most desirable U.S. cities to live and work. Competitive compensation packages and a new location offer comforts that improve the work environment and encourage employee retention.
More information about the Partial Resourcing Model™ can be found in this infographic or by calling 877-319-3051.
About rmsource, Inc.
rmsource, Inc. is a leading provider of IT solutions. As a sole source vendor, their Datacenters, Managed Solutions, Developers and IT Engineers work collectively to execute and solve IT challenges. They effectively reduce both management and infrastructure costs by fully managing clients' IT infrastructures, whether in their Data Centers via a Private or Hybrid Cloud or on-premise.
Toll Free: 877-319-3051