Apple Macs Targeted!

The very first instance of ransomware-as-a-service (RaaS) targeting MAC OS has been discovered for sale on the black market. This would allow cybercriminals to target Apple systems even with minimal tech skills.

Cyber security researchers at Fortinet were the first to make the discovery. The MacRansom is showcased on a TOR web portal and claims to be ‘the most sophisticated Mac ransomware ever’ and appears to be the first case of RaaR targeting Mac OS. Once the MacRansomware is triggered, it lock down files and demand 0.25 Bitcoins or an equivalent $700. It encrypts both com.apple.finder.plist and the original executable as well as altering the Time Date Stamp; this tactic renders the files useless even if recovered. The infection can only encrypt a maximum of 128 files. Researchers have noted that due to its limitation, it is not the most sophisticated compared to other OSX crypto-ransomware, but still capable of damage.

This proves that Macs may be less prone to malware infections than Windows based PCs, but by no means are they exempt from security threats. This is a wakeup call for Mac users to take the same precautions as PC owners when protecting their devices by using a reputable third party antivirus software.

For more information on protecting your Mac from Ransomware and other cyber threats, contact Power Consulting Group at 212-647-0377.

Beware of unexpected PowerPoint attachments!

Security experts have detected a booby-trapped PowerPoint file they term as “Zusy” that will download malware to a computer whenever a user hovers a link, no macro scripts required. The file is delivered to its potential victims as a file attachment with emails with subject line “RE:Purchase orders #69812” or “Fwd:Confirmation.” The name on the PowerPoint file itself is “order&prsn.ppsx,” “order.ppsx,” or “invoice.ppsx,” and there are reports that the file has been spread around inside ZIP files.

PPSX files are similar to PPTX files, except they enter the PowerPoint presentation view when opened, instead of the PowerPoint edit mode. When the user opens the document they are greeted with a prompt, “Loading…Please wait,” which is displayed as a blue hyperlink to the victim. Once the victim moves the mouse over the hyperlink, it results in PowerPoint executing PowerShell. The hover action was configured to execute a program in PowerPoint once the user mouses over the text. Upon enabling the content, the PowerShell code is executed and a domain named “cccn.nl” is contacted to download and execute a file that is responsible for delivering the malware downloader.

A Microsoft spokesperson explained that Office Protected View is enabled by default. The feature is meant to detect and remove malware. Users and organizations that are aware of the feature being off should review their security policy to take into account this attack vector.

For more information on ways to protect your organization from malware, please contact Power Consulting Group, 212-647-0377.

Cybercriminals hacked into centralized password manager!

Cyber crooks are back at it again, this time hacking into OneLogin, an online password manager that offers a single sign-on to multiple websites and services. In a statement posted by OneLogin, they mentioned that they could not dismiss the possibility that cyber criminals got keys to reading encrypted data, namely stored passwords.

Password managers such as OneLogin help users keep track of password for a growing assortment of websites and services that requires one. As opposed to recalling complex passwords for each one, users would only need to remember a master password. The password service would then unlock other accounts as needed. In 2015, rival company LastPass said they also experienced a breach where user information was accessed, though the company explained that no actual passwords were obtained. LastPass had encouraged users to change their master password.

Cyber security experts are all in agreeance that despite the possibility of a breach, it’s still better to use a password manager than using the same password for multiple sites. Since the breach, OneLogin has contacted impacted customers with specific recommended remediation steps to protect themselves.

For more information on OneLogin and securing your data, please contact Power Consulting Group, 212-647-0377.

Anti-phishing Security Update for Gmail on Android!

In light of the phishing email scam that plagued Gmail Android users last week, Google decided to roll out an update to its Gmail client that will warn users if they follow a link from a suspected email.

The attack last week consisted of an email that supposedly came from a known contact, prompting recipients to open documents in Google Docs. Anyone who followed the link was taken to a page that resembles Google Docs sign-in, but instead was designed to give the cyber attacker access to user’s email account. Google quickly disabled the attack, and retroactively flagged any of its malicious emails as spam. Less than 0.1 percent of Gmail users were affected. With over 1 billion Gmail users, the number of infected could still be as high as 1 million.

With this update, Google is giving users another tool to protect against clicking on suspicious emails. The update is available for everyone who uses a Google’s Android Gmail App. Users can access the update by heading to the Google Play Store and updating the Gmail App.

For more information on phishing emails and ways to protect your organization, please contact Power Consulting Group, 212-647-0377.

Auto Attendant and Call Queues for Skype for Business Cloud PBX in Office 365!

Users across the world are replacing their traditional phone systems with Microsoft’s modern voice solution delivered in Office 365 with Skype for Business Online. Skype for Business Online provides end-users the ability to make and receive business calls in the office, at home and on the road using their phone, PC, or mobile device.

This week, Microsoft announced the new capabilities that are now available for cloud voice customers. Generally grouped under the category of “media services”, these new features operate completely out of Office 365 and provide new experiences for the management of phone calls, from answering to call treatment to queuing to routing. What it means is that Office 365 users everywhere now have an option for a truly powerful set of communications capabilities all driven out of the cloud.

Auto Attendant provides an automated system to answer inbound phone calls to a company, play prompts to interact with the caller and determine the destination of the call. Prompts can be made from uploaded pre-recorded material or using text-to-speech in 27 languages while replies from callers can be captured using DTMF (touchtone) or speech recognition in 14 languages. Callers can speak the name of an end-user in the tenant directory to be routed directly to that person or they can be presented with a customized menu to support routing to different departments.

Call Queues implement an automated distribution system for calls that includes playing licensed music on hold for the caller and matching the caller with an available agent. Custom music on hold and custom prompts can also be uploaded to Office 365 for use with a customer’s Call Queue. Agents can be quickly configured for handing calls from a queue by using a simple distribution list, with calls routed in parallel to all agents who are signed in and configured to handle calls from the queue.

Both Auto Attendants and Call Queues are managed from Office 365 and allow users to have powerful call management functionality homed completely out of the cloud. To support this capability, users can acquire both toll and toll-free phone numbers from over 90 countries around the world, all without additional subscription cost. The system administrator then simply associates the numbers to the Auto Attendants and Call Queues directly from the Office 365 Admin Center or automates the process through PowerShell scripting.

 

If you’re interested in exploring Office365 for your office telephony/unified communications system please, please contact Power Consulting at 212-647-0377.

New Skype for Business Features!

Over the last few months, there has been a deeper integration of Skype for Business with iOS using Apple’s CallKit framework and Android devices, including MAC integrations. For MAC users, Skype for Business is available for download on Microsoft’s website. The MAC client will offer edge-to-edge video and full immersive content sharing and viewing.

For iOS devices, users can now do the following: (1) Answer Skype for Business calls from lock screen – This allows iPhone users to accept incoming Skype for Business calls right from the lock screen. Gone is the need to unlock the phone or launch the Skype for Business app to receive calls. The app will behave like a normal call displaying the caller’s information on the lock screen.

(2) Handle Skype for Business calls like any other call – The integration also allows you to switch between calls across Skype for Business, your personal cellular line and other VoIP applications supporting CallKit. If you are in an important Skype for Business conversation and receive an incoming cellular call, you can send the second call to voicemail or put the Skype for Business call on hold to accept the incoming cellular call.

(3) Built-in IT and user controls – These new features are enabled by default for all iOS app users. In situations where you may not want the Skype for Business calls to appear in the native iOS call log, the built-in IT and end-user controls allow you to disable the CallKit integration altogether.

Skype for Business is making enormous strides in new capabilities for both iOS and Android devices. Some features introduced for both platforms include:

(1) the ability to present in a meeting from your mobile app Now users can present content right from Android or iOS device. No more emailing files and links back and forth when you present from your phone or tablet. Now, sharing a PowerPoint deck in a meeting is as easy as selecting the file from your favorite cloud drive and presenting right from your phone. Once shared, the PowerPoint file also becomes available in the meeting’s content bin for other participants to download or present. On Android, you can also share a file stored on the device itself. With swipe gestures, you can easily transition between different slides. (2) Video-based Screen Sharing for mobile devices – This gives the ability to enhance the content viewing experience with Skype for Business on mobile devices by using Video-based Screen Sharing (VbSS) for content viewing on iOS and Android apps. It provides a seamless viewing experience, especially if you are sharing animated content such as CAD models.

For more information on Skype for Business features and how/where to get them, please contact Power Consulting at 212-647-0377.

IT ALERT: Winter Storm Stella

In preparation for the upcoming blizzard, which will affect the US eastern seaboard over the next 72 hours, Power Consulting is taking precautionary steps including:

  • Increasing our onsite and standby staff
  • Increasing network and systems monitoring staff and heartbeat
  • The progression of the storm will be continuously monitored by our Internal and Datacenter personnel

Please note our facilities resiliency systems are intact and functioning properly:

  • Gen Set Testing – Generators were tested 2/1/17
  • Fuel levels are sufficient
  • Procedures have been reviewed for emergency transfer to generator
  • Support vendors are on standby

To help prepare your own environment and systems please note the following:

  • Properly log off and shut down any unused and non-critical computer systems
  • If you are shutting down power/electric in advance of the storm contact Power Consulting Support to help properly down your systems
  • As power/electric is likely to go out for some duration be patient with email and computer access as it may take some time to come online post recovery
  • If your email systems are cloud based you likely will have online email access via mobile device throughout the storm
  • If your email systems are local/office based and power outages are affecting your facility you may have email outages throughout the storm

If you are unsure of your network status and preparedness please do not hesitate to contact Power Consulting personnel.

Additionally, if you would like to discuss additional support and business continuity services contact your PCG customer service manager.

Our customers are our top priority and we will keep you apprised of any further developments.

~ PCG Support Team

Russian Malicious Mac Macro!

images

According to the news source, Appleinsider, “Mac malware discovered In Microsoft Word document with auto-running macro.” This became the second example of a malware targeting macOS last week. Researchers in the security industry have detected the first in-the-wild instance of cyber criminals making use of malicious macros in Word documents to install malware on Mac computers – an old Windows technique. The hack uses a familiar social engineering tactic, deceiving victims into opening infected Word documents that subsequently run malicious macros.

According to Stu from the IT website SpiceWorks, the malicious Word document discovered was titled, “U.S. Allies and Rivals Digest Trump’s victory – Carnegie Endowment for International Peace.docm.” Mac users are always prompted to enable macros, but the cyber criminals are going after the weak link, the users. Selecting the embedded macro executes a function, coded in Python, that downloads the malware payload to infect the Mac PCs, allowing cybercriminal to monitor webcams, access browser history logs, and steal password and encryption keys. The IP address from which the malicious Word file originated from Russia and the IP was also linked to other malicious activities such as phishing attacks.

The best way to avoid such attacks is to educate employees through new-school security awareness training programs and have them deny permission to enable macros from running when opening a Word document they are unfamiliar, and avoid downloading software from third-party App Store or untrusted websites.

For more information on protecting your company against such attacks or if you have been a victim of the malicious scam, please contact Power Consulting at 212-647-0377.

CEO Fraud and W-2 Phishing!

images

According to an article from Stu Sjouwerman, the CEO of KnowBe4, “CEO fraud” is not new to the world of scammers. This is where e-mail attacks spoofing the boss and social engineering a high-risk employee into wiring funds to a bank account controlled by the perpetrators. There is also W-2 phishing. This happens when scammers impersonate the boss and ask a PDF with all employee tax forms. Per a new “urgent alert” issued by the U.S. Internal Revenue Service, internet criminals have now combined both schemes and at the same time are targeting a much wider range of organizations than ever before.

The IRS warned that phishers started this scam much earlier this year, attempting to extract W-2 data which can be used to file fraudulent tax refunds, duping the actual taxpayers. The agency alerted that the scammers also are targeting a much wider range of organizations in these W-2 phishing schemes, including school districts, healthcare organizations, chain restaurants, temporary staffing agencies, tribal organizations and nonprofits. People who are not required to file a return can still be victims of refund fraud, and even people who are not actually due a refund from the IRS.

W-2 phishers cooked up a new, more profitable scheme where after the successful W-2 phish they also attempt a cyberheist, looting the victim organization’s bank account. The IRS said that W-2 phishers now very often follow up with an “executive” email to the payroll or comptroller requesting that a wire transfer be made to a bank account they control.

Is your business protected from Malicious Cyber Attacks like Grizzly Steppe!?!

grizzly-steppe-jpg

As per the Department of Homeland Security (DHS), Russia’s civilian and military intelligence services engaged in aggressive and sophisticated cyber-enabled operations targeting the U.S. government and its citizens. The U.S. Government refers to this activity as GRIZZLY STEPPE. These cyber operations included spear-phishing campaigns targeting government organizations, critical infrastructure entities, think tanks, universities, political organizations, and corporations, and theft of information from these organizations. This stolen information was later publicly released by third parties.

The DHS defines Spear-phishing as the use of forged emails, texts, and other messages to manipulate users into opening malware or malicious software or clicking on malicious links. Spear-phishing attacks can lead to credential theft (e.g., passwords) or may act as an entry point for threat actors into an organization to steal or manipulate data and disrupt operations.

The DHS is attempting to thwart these efforts by partnering with the FBI, and releasing a Joint Analysis Report (JAR), which provides details of the tools and infrastructure used by Russian intelligence services (RIS) to compromise and exploit networks and infrastructure associated with the recent U.S. election, as well as a range of U.S. government, political, and private sector entities. The JAR also arms network defenders with the tools they need to identify, detect, and disrupt Russia’s global campaign of malicious cyber activity.

Contact Power Consulting Group, 212-647-0377, to find out how you can protect your business and network against Grizzly Steppe cyber-attacks as well as other cyber threats.