Sales: 833-641-1814 - Service: 585-582-1600
Day at the Belhurst Castle

Comment

Day at the Belhurst Castle

I was an honor to be part of experts at the DR/HIMSS event at the Belhurst Castle. I presented the concept that will be in a coming article on the business associate supply chain and those unknowingly bringing in the Trojan Horse cyber security risk into their organizations.

Comment

Microsoft patches 53 vulnerabilities, 11 critical

Comment

Microsoft patches 53 vulnerabilities, 11 critical

Description: Microsoft released its monthly security update, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 53 vulnerabilities, 11 of which are rated "critical," 40 that are rated "important” and one “moderate” and “low” vulnerability, each. The advisories cover bugs in the Chakra scripting engine, Microsoft Outlook and DirectX. This update also includes three advisories. One covers vulnerabilities in Adobe Flash Player, and another covers important bugs in the Microsoft Surface tablet. Additionally, there is guidance for how users should configure BitLocker in order to properly enforce software encryption.
Reference: https://blog.talosintelligence.com/2018/11/microsoft-patch-tuesday-october-2018_13.html

Comment

Comment

Why Patients Deserve an Electronic Paper Trail

According to a statement issued by Albany, N.Y.-based St. Peter’s Surgery & Endoscopy Center on Jan. 8, 2018, an unauthorized third party possibly gained access to approximately 135,000 patient records at their facility.  

Why Patients Deserve an Electronic Paper Trail.png

The key words here are “unauthorized” and “possibly,” meaning that St. Peter’s knows by the presence of malware on their server that someone with access may have knowingly or unknowingly allowed malware to be loaded through vectors of infection including web, email and/or a USB drive. The vector of infection also could have been via network worm or remote access if it was not secure.  It is disquieting because there has been no traceable activity in regards to the patient’s electronic files: it can’t be proved one way or another.

As frightening as this potential breach of patient’s records is to St. Peters and patients, it does provide an opportunity to bring up some preventative strategies to improve the health of your IT network.  

As a managed IT services provider specializing in HIPAA security, and a member of both the New York State Association of Ambulatory and Surgery Centers (NYSAASC) and the national Ambulatory and Surgery Center Association (ASCA), SkyPort IT regularly educates our clients about cybersecurity services and tools that should be utilized to help prevent and/or document breaches and basic procedures that allow you to build an electronic paper trail of every activity involving electronic protected health information (PHI) in your IT environment.

Who Has Your Back?

Because SkyPort IT specializes in HIPAA compliance for healthcare IT, policies and procedures for electronic records and information systems, we advocate for security on every layer and level of your information network.

In the case of St. Peter’s recent malware discovery, our breach management system would identify exactly what had happened and there would be no ambiguity related to where the files were or who had them because we track every file being accessed in the network.  We set up alerts so that if access to a file had occurred we could quickly track specifically who in the organization had touched these files, and the path they had taken. It can block operations with files to prevent critical data from leaving the environment.

More importantly, our healthcare cybersecurity services extend to ensuring that we prevent malware from making its way to your server, to begin with. As important as the software tools and services that we utilize to keep organizations like yours stay safe, are the HIPAA compliance policies and procedures we put in place for data protection.

Physical security for your server is especially important. All servers should be physically and remotely secure with limited access. If you have an IT person on staff, which many small to medium-sized businesses do not, you must have a policy and procedure in place to limit access to the organizations’ server.

Patient records are a gold mine.

There are a number of ways a worm or malware can infect or enter your IT network. While it is important for all employees to be educated about general good practices regarding their use of the internet and your internal network, it is critical that the employees most active on the network – such as your IT staff - are being vigilant.

The server is not a personal workstation and should only be used for appropriate work such as maintenance. Your IT staff, IT provider, or anyone with administrative access rights to the server, should never be engaged in these activities which are all vectors for intrusion:

  • Browsing the web

  • Looking at emails

  • Opening files off a thumb drive

  • Plugging in a cell phone

Recognizing that the server at a healthcare or medical organization holds information that is a gold mine for hackers is the first step in protecting your patient’s data, your business, and your reputation.  Advice and useful materials for cloud computing security and healthcare IT can be found here: https://www.skyport-it.com/useful-materials-just-for-you.

 

 





 

Comment

Comment

Another Docusign Phishing Scam - Do not be fooled!

Think before you click.

DocuSign Phishing.png
  • Was I expecting a document to sign?

  • Does it look off for some reason?

    • Hover over (do not click) buttons and links.

      • Link on button “Please sign here” goes to “http://playcoremusic...”

      • Odd looking email Doçusign “<dse_na2@docu-boxsign.net>” plus an email that was spoofed “user@mailcenter.docusign.com

      • “Download the Docusign App” is not a link to anywhere.

  • Under the hood? - If you go to File, then properties in Outlook you would find the real source of the email has nothing to do with Docusign Users or their mail servers.

If you are in doubt, throw it out!

Safe Regards,

Dan

Comment

Comment

Wi-Fi KRACKED?

On October 16, 2017 the U.S. Department of Homeland Security announced the news of the KRACK (‘key reinstallation attack’) flaw in the protocol which was designed to secure all modern protected Wi-Fi networks.  

Comment

Comment

SkyPort IT Nominates National Alliance on Mental Illness (NAMI) for M&T Business Challenge

Comment

      You already know that a whopping 143 million Equifax records were compromised. The difference with this one is that a big-three credit bureau like Equifax tracks so much personal and sometimes confidential information like social security numbers, full names, addresses, birth dates, and even drivers licenses and credit card numbers for some.  It can be the difference between being able to buy a house or sometimes even get a job or not. This breach and the way they handled it, including the announcement, was what Brian Krebs rightfully called a dumpster fire.  The problem is that with this much personal information in the hands of the bad guys, highly targeted spear phishing attacks can be expected, and a variety of other related crime like full-on identity theft on a much larger scale.  These records are first going to be sold on the dark web to organized crime for premium prices, for immediate exploitation, sometimes by local gangs on the street. Shame on Equifax for this epic fail. They will be sued for billions of dollars for this web-app vulnerability.  So this Scam of the Week covers what is inevitable in the near future, we have not seen actual Equifax phishing attacks at this point yet, but you can expect them in the coming days and weeks because the bad guys are going to take their most efficient way to leverage this data... email.  I suggest you send the following to your employees, friends, and family. You're welcome to copy, paste, and/or edit:   "Cyber criminals have stolen 143 million credit records in the recent hacking scandal at big-three credit bureau Equifax. At this point you have to assume that the bad guys have highly personal information that they can use to trick you. You need to watch out for the following things:      Phishing emails that claim to be from Equifax where you can check if your data was compromised         Phishing emails that claim there is a problem with a credit card, your credit record, or other personal financial information         Calls from scammers that claim they are from your bank or credit union         Fraudulent charges on any credit card because your identity was stolen     Here are 5 things you can do to prevent identity theft:      First sign up for credit monitoring (there are many companies providing that service including Equifax but we cannot recommend that)         Next freeze your credit files at the three major credit bureaus Equifax, Experian and TransUnion. Remember that generally it is not possible to sign up for credit monitoring services after a freeze is in place. Advice for how to file a freeze is available here on a state-by-state basis:  http://consumersunion.org/research/security-freeze/          Check your credit reports via the free annualcreditreport.com         Check your bank and credit card statements for any unauthorized activity         If you believe you may have been the victim of identity theft, here is a site where you can learn more about how to protect yourself:  www.idtheftcenter.org . You can also call the center’s toll-free number (888-400-5530) for advice on how to resolve identify-theft issues. All of the center’s services are free.     And as always, Think Before You Click!    It's only early days in this hack, there will be a lot more information coming out in the days ahead. We will keep you updated when more news is available.  

Comment

Scam of the Week: Equifax Phishing

You already know that a whopping 143 million Equifax records were compromised. The difference with this one is that a big-three credit bureau like Equifax tracks so much personal and sometimes confidential information like social security numbers, full names, addresses, birth dates, and even drivers licenses and credit card numbers for some.

Comment

      [ALERT] The IRS Issued An Urgent Warning Against An IRS / FBI-Themed Ransomware Phishing Attack  WASHINGTON, August 28, 2017 — The Internal Revenue Service warned people to avoid a new phishing scheme that impersonates the IRS and the FBI as part of a ransomware scam to take computer data hostage.  The IRS said: "The scam email uses the emblems of both the IRS and the Federal Bureau of Investigation. It tries to entice users to select a “here” link to download a fake FBI questionnaire. Instead, the link downloads a certain type of malware called ransomware that prevents users from accessing data stored on their device unless they pay money to the scammers."  “This is a new twist on an old scheme,” said IRS Commissioner John Koskinen. “People should stay vigilant against email scams that try to impersonate the IRS and other agencies that try to lure you into clicking a link or opening an attachment. People with a tax issue won’t get their first contact from the IRS with a threatening email or phone call."   I suggest you send employees, friends and family an email about this ransomware attack, you're welcome to copy/paste/edit:      "Heads-up! The IRS is warning against a new phishing scam that tries to make you download an FBI questionnaire. But if you click the link, your computer will be infected with ransomware instead. The scam email uses the emblems of both the IRS and the Federal Bureau of Investigation.  Remember that the IRS does not use email, text messages or social media to discuss personal tax issues, such as those involving bills or refunds. THINK BEFORE YOU CLICK!     The IRS stated: "Victims should not pay a ransom. Paying it further encourages the criminals, and frequently the scammers won’t provide the decryption key even after a ransom is paid. Victims should immediately report any ransomware attempt or attack to the FBI at the Internet Crime Complaint Center,  www.IC3.gov . Forward any IRS-themed scams to  phishing@irs.gov ."  Here is the official IRS Newsroom post:  https://www.irs.gov/uac/newsroom/irs-issues-urgent-warning-to-beware-irs-fbi-themed-ransomware-scam

Comment

WASHINGTON, August 28, 2017 — The Internal Revenue Service warned people to avoid a new phishing scheme that impersonates the IRS and the FBI as part of a ransomware scam to take computer data hostage.

Comment

      EXECUTIVE BRIEF: WHY ADVANCED THREATS DEMAND ADVANCED EMAIL SECURITY   Email usage continues to increase    Regardless of the proliferation of text and social media, email communication is still growing strong. According to a recent study by the Radicati Group, the total volume of worldwide emails sent and received reached 205 billion per day, with this volume projected to increase by at least 5% every year. And, this fact is not lost upon hackers, who are constantly seeking opportunities to exploit organizations. ( The Radicati Group, Inc.,   Email Statistics Report, 2015-2019  )  Anatomy of an email attack:  • A CFO gets an email from the CEO authorizing an emergency fund transfer. But the email is actually from a cybercriminal.  • An employee with administrative rights to key systems receives an urgent email from IT to update their network password. They actually disclose their password to cybercriminals.  • An employee receives an email to read an important attachment about their benefits provider. When they open the attachment, they unknowingly activate hidden Trojan malware.   E-mail threats organizations face today    Emails offer hackers a vehicle to deliver a variety of vulnerabilities to an organization. Some of the more common email-borne threats include:  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;  Malware  – email is one of the top delivery mechanisms to distribute known &amp; unknown malware, which are typically embedded into email attachments in hopes that the attachment will be opened or downloaded onto a computer or network, thereby allowing hackers to gain access to resources, steal data, or crash systems.  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;  Ransomware  – one particularly nefarious malware variant is ransomware. Once the email attachment is activated, the code embeds itself on a network and ransomware typically encrypts or locks critical files and systems. The hackers then coerce the organization to pay an extortion fee in order to have the files or systems un-encrypted or unlocked.  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;  Phishing  – this common hacker tactic utilizes emails with embedded links to hacker sites. When gullible users visit these sites, they’re prompted to enter PII (Personably Identifiable Information) that is in turn used to steal identities, compromise corporate data, or access other critical systems.  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;  Spear Phishing / Whaling  – in this variant of phishing, key IT/networking individuals or company execs are targeted using malware-laced emails appearing to come from a trusted source, in efforts to gain access to internal systems &amp; data.  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;  Business Email Compromise / CEO Fraud / Impostor email  – Over the past two years, Business Email Compromise (BEC) schemes have caused at least $3.1 billion in total losses to approximately 22,000 enterprises around the world, according to the latest figures from the FBI1. The FBI defines Business Email Compromise as a sophisticated email scam that targets businesses working with foreign partners that regularly perform wire transfer payments.  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;  Spam  – emails are used to deliver spam or unsolicited messages, which can clog inboxes and network resources, diminish businesses productivity, and increase operational costs.  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;  Outbound Email Hijacking  – corporations are also subject to corporate policies and government regulations, which hold businesses accountable for their outgoing emails and ensuring they protect their customer’s PII. Zombie attacks and IP hi-jacking can disseminate customer PII, ruining the reputation of a business.   Conclusion    Emails communications are essential to organizations today, something hackers are keenly aware of. Given today’s complex, mature threats, it’s tantamount that organizations deploy a multi-layered security solution that includes dedicated, leading-edge, email protection. To effectively combat today’s emerging threats, organizations are well-advised to implement a next-generation email security management solution that provides fundamental email protection. To learn more about ways to protect your organization’s emails.  &nbsp;What your next-gen multi-layered security needs to stop advanced threats.   &nbsp;&nbsp;(  www.ic3.gov/media/2016/160614.aspx  )   About SkyPort IT, Inc   SkyPort IT promises a relentless focus on data security and regulatory compliance so our clients can focus on their business by using best practices and best-in-class technology to proactively design, deploy, and protect clients’ IT infrastructure and data. Why Managed Security Services? Visit: www.skyport-it.com for the answer or for a free consult call us at 585-582-1600 or email SecureMe@skyport-it.com

Comment

In today’s hyper-connected world, email-based communications are not just commonplace – they have become a fundamental cornerstone for effectively conducting business, with the total volume of worldwide emails sent per day projected to increase by at least 5% every year. Given the ubiquitous nature of email communications, emails are and will continue to be a popular vector for a variety of threats.

Comment

      NotPetya Is a Cyber Weapon, Not Ransomware  Yesterday morning, after monitoring this new outbreak for 24 hours, I came to the conclusion we were dealing with cyber warfare, and not ransomware. Two separate reports coming from Comae Technologies and Kaspersky Lab experts confirm this now.  NotPetya is a destructive disk wiper similar to Shamoon which has been targeting Saudi Arabia in the recent past.  Note that Shamoon actually deleted files, NotPetya goes about it slightly different, it does not delete any data but simply makes it unusable by locking the files and then throwing away the key. The end result is the same.  Someone is hijacking known ransomware families and using them to attack Ukrainian computer systems. Guess who.  You never had a chance to recover your files.&nbsp;There are several technical indicators that NotPetya was only made to look as ransomware as a smoke screen:  It never bothers to generate a valid infection ID The Master File Table gets overwritten and is not recoverable The author of the original Petya also made it clear NotPetya was not his work This has actually happened earlier. Foreshadowing the NotPetya attack, the author of the AES-NI ransomware said in May he did not create the XData ransomware, which was also used in targeted attacks against Ukraine. Furthermore, both XData and NotPetya used the same distribution vector, the update servers of a Ukrainian accounting software maker.  Catalin Cimpanu, the Security News Editor for Bleepingcomputer stated: "The consensus on NotPetya has shifted dramatically in the past 24 hours, and nobody would be wrong to say that NotPetya is on the same level with Stuxnet and BlackEnergy, two malware families used for political purposes and for their destructive effects. Evidence is clearly mounting that NotPetya is a cyber-weapon and not just some overly-aggressive ransomware."  Cybersecurity has moved from Tech to a CEO and Board-level business issue  You did not sign up for this, but today it is abundantly clear that as an IT pro you are have just found yourself on the front line of 21-st century cyber war.&nbsp;Cybersecurity has moved from Tech to a CEO and Board-level business issue.  I strongly suggest you have another look at your defense-in-depth, and make sure to:   Have weapons-grade backups  Religiously patch  Step users through new-school security awareness training   I would be happy to visit and explain our Managed Security Services, multi-layered protection schema to current and prospective customers.&nbsp;  Think before you click!  Safe Regards,  Dan

Comment

NotPetya is a destructive disk wiper similar to Shamoon which has been targeting Saudi Arabia in the recent past.

Comment

      Scam of the Week: Massive DocuSign Phishing Attacks  DocuSign has admitted they were the victim of a data breach that has led to massive phishing attacks which used exfiltrated DocuSign information. Ouch. So here is your Scam of the Week.  They discovered the data breach when on May 9, 15, and 17 DocuSign, customers were being targeted with phishing campaigns. They now are advising customers to filter or delete any emails with specific subject lines. We do not repeat them here, because this newsletter might be filtered out, but you can see them at the blog, together with screenshots:  https://blog.knowbe4.com/scam-of-the-week-docusign-phishing-attacks   The campaigns all have Word docs as attachments, and use social engineering to trick users into activating Word's macro feature which will download and install malware on the user's workstation. DocuSign warned that it is highly likely there will be more campaigns in the future.  I suggest you send the following to your employees. You're welcome to copy, paste, and/or edit:  "Hackers have stolen the customer email database of DocuSign, the company that allows companies to electronically sign documents. These criminals are now sending phishing emails that look exactly like the real DocuSign ones, but they try to trick you into opening an attached Word file and click to enable editing.  But if you do that, malware may be installed on your workstation. So if you get emails that look like they come from DocuSign and have an attachment, be very careful. If there is any doubt, pick up the phone and verify before you electronically sign any DocuSign email. Remember: Think Before You Click."  Safe Regards, Dan

Comment

Scam of the Week: Massive DocuSign Phishing Attacks

DocuSign has admitted they were the victim of a data breach that has led to massive phishing attacks which used exfiltrated DocuSign information. Ouch. So here is your Scam of the Week.

They discovered the data breach when on May 9, 15, and 17 DocuSign, customers were being targeted with phishing campaigns. They now are advising customers to filter or delete any emails with specific subject lines. We do not repeat them here, because this newsletter might be filtered out, but you can see them at the blog, together with screenshots:
https://blog.knowbe4.com/scam-of-the-week-docusign-phishing-attacks

The campaigns all have Word docs as attachments, and use social engineering to trick users into activating Word's macro feature which will download and install malware on the user's workstation. DocuSign warned that it is highly likely there will be more campaigns in the future.

I suggest you send the following to your employees. You're welcome to copy, paste, and/or edit:

"Hackers have stolen the customer email database of DocuSign, the company that allows companies to electronically sign documents. These criminals are now sending phishing emails that look exactly like the real DocuSign ones, but they try to trick you into opening an attached Word file and click to enable editing.

But if you do that, malware may be installed on your workstation. So if you get emails that look like they come from DocuSign and have an attachment, be very careful. If there is any doubt, pick up the phone and verify before you electronically sign any DocuSign email. Remember: Think Before You Click."

Safe Regards,
Dan

Comment

      Latest Wannacry Ransomware Information  Hi Folks,  Just watched  https://www.sans.org/webcasts/latest-wannacry-ransomware-105150 .  If you’ve not been keeping up with the Wannacry ransomware, it’s probably worth an hour to view it. &nbsp;The insight on how people were tracking it down and reacting to it could be useful.  I’d give it a 4/5 on topic/interest/content depending on how much you’ve already learned about wannacry.  Safe Regards, Dan

Comment

Latest Wannacry Ransomware Information

Hi Folks,

Just watched https://www.sans.org/webcasts/latest-wannacry-ransomware-105150.

If you’ve not been keeping up with the Wannacry ransomware, it’s probably worth an hour to view it.  The insight on how people were tracking it down and reacting to it could be useful.

I’d give it a 4/5 on topic/interest/content depending on how much you’ve already learned about wannacry.

Safe Regards,
Dan

Comment