May 2017 Security Bulletin – DOUBLEPULSAR

by · Published · Updated

We recently sent the below email bulletins to you.  In light of the weekend’s events and the Ransomware attacks, we are sending the bulletins again and urge all of our customers to read the information contained within the bulletin and call Atlas Business Group on 0333 666 3330 with any questions or concerns you may have.  If you are on our Silver or Gold levels of service we will have already patched your machines to ensure they are secure, as part of the service we provide.  If you have any machines running Windows XP or Server 2003, immediate action should be taken to replace these as they are not secured and cannot be updated.  If you are on our Bronze level of service, please contact us to arrange for your machines to be updated.

An official statement from the National Cyber Security Centre states “Since the global coordinated ransomware attack on thousands of private and public sector organisations across dozens of countries on Friday, there have been no sustained new attacks of that kind.  But it is important to understand that the way these attacks work means that compromises of machines and networks that have already occurred may not yet have been detected, and that existing infections from the malware can spread within networks.

This means that as a new working week begins it is likely, in the UK and elsewhere, that further cases of ransomware may come to light, possibly at a significant scale.”

 

The National Cyber Security Centre advises “Companies can undertake three simple steps which are also set out on our website and can be summarised as follows:

  1. Keep your organisation’s security software patches up to date
  2. Use proper antivirus software services
  3. Most importantly for ransomware, back up the data that matters to you, because you can’t be held to ransom for data you hold somewhere else.”

BEWARE – Increased levels of SPAM & phishing attacks

We are urging all our customers to be vigilant at the moment due to a recent worldwide security problem resulting in an increase in SPAM emails & Phishing attacks which are being sent from “genuine” sources and therefore avoiding detection from security software.

If you receive any email which you are not expecting or is from an unknown sender with an attachment or link, please delete the email or call us for advice on 0333 666 3330.

Reported by The Register this week there was a leak last Friday resulting in thousands of windows machines worldwide becoming infected.

The infection is called DOUBLEPULSAR and once hijacked will use machines to send malware, spam netizens and launch further attacks.

There was a patch released in March 2017 by Microsoft, which ensures machines are not vulnerable but any machine that is not regularly updated will be vulnerable to the attack.  Any machine running Windows XP, Server 2003 or earlier will be vulnerable and no patch is available as they are now past end of life for MS Support.

If you are running any machines with XP/2003 or earlier, or if you do not currently have regular patching from us, please call us on 0333 6663330 to discuss your options and ensure your business is safe.

Please call us if you would like any further advice or information.

“Know your enemy and know yourself and you can fight a hundred battles without disaster” – Sun Tzu

Defending against Cyber Security threats is one of the greatest challenges businesses face in terms of their IT strategy.

This e-mail is designed to act as a guide in the first step of preparing your defences.

The general approach for defending against Cyber attacks, malware and system vulnerabilities is the same regardless of size of business: Ensure all servers and workstations are patched and update 3rd party applications regularly.  Restrict administrative access to your systems, and use robust malware protection software.

Atlas Business can ensure your systems are patched, up-to-date and improve security.

What are the threats?

Network Probe / Hostile Scan
A network probe attack can take a wide variety of forms and while some will target specific vulnerabilities in software and exploit packages, others will simply use a brute force approach to passwords in an attempt to gain access to your otherwise protected systems.
The impact to your business would be severe, and could lead to confidential data leaks or even complete loss of data and services.

Atlas Business can help ensure your infrastructure is secure and help prevent any vulnerabilities, by carrying out security scans of your infrastructure on a regular basis and take corrective actions as necessary. 

Distributed Denial of Service
DDOS attacks are generally connection or resource based.  A connection based attack will attempt to open as many simultaneous connections as it can within the targeted server. A resource exhaustion attack occurs when the server is overwhelmed.
DDOS attacks can have medium to high impacts to your business, resulting in severely degraded performance.

Atlas Business can help prevent almost all DDOS attacks buy ensuring you have a well managed hardware firewall and up-to-date security software. 

Brute Force Attack
Brute force attacks will usually target a single service with access to the internet, such as remote desktop, Outlook web access, and SMTP services.  The attacks will consist of a predictable and systematic check of all possible passwords until the correct one is discovered when it  will grant access to the network, often with administration privileges.,

The impact to your business is severe as it can result in data leaks or total loss of service/data.

Atlas Business can implement several measures which will help in preventing brute force attacks.

 

Phishing Attack
Phishing emails consist of mass email spamming events targeting users, predominantly small and medium size businesses.  The emails have an attachment that appears to be genuine and linked to the content of the email, usually a voicemail or invoice.
The attached file is actually malware called CryptoLocker, otherwise known as Ransomware.  The CryptoLocker malware encrypts files on servers, and in some cases even backups and then demands a ransom to un-encrypt the files.  Keeping up to date with patching on your servers and workstations is one vital step to protecting against malware.
The impact to your business from a ransomware attack can be very severe often leading to a complete loss of data and services unless the ransom is paid. Ransoms can range from £200 to £10,000 payable with bitcoins.

Atlas Business can help you introduce procedures that can reduce the incidence of ransomware attacks and can help ensure your data is protected. 

For more information please call us on 0333 666 3330