PDS Blog

URGENT: Email Scam Alert – August 3, 2015

lwicoMany businesses in the area are reporting that they have received emails requesting financial information or the transfer of funds. The emails “appear” to come from a company officer or financial executive but in reality, the email is coming from an unknown party who has spoofed the decision-makers email to appear legitimate.

These unknown parties have not hacked into the company’s email or stolen someone’s identity; instead they are relying on an old but effective practice of spoofing a person’s email called Joe Jobbing. There isn’t much an individual can do to prevent themselves from receiving a spoofed email; but how an individual responds can make a huge difference – financially.

Follow these few simple steps to decrease your chances of falling victim to a scam:

  • Never accept or generate financial transaction requests via email; especially if it isn’t already a common practice where you work.
  • If you receive an email that seems a little odd or out of custom, take a minute to validate with a phone call that it’s from the sender.
  • Automatically assume a request for financial information or significant changes to accounting practices is not legitimate.
  • Practice caution with releasing information by phone with individuals who have not been legitimately verified.
  • Consider removing website information identifying decision-makers names and email addresses.
  • Never post email addresses and contact numbers for finance administrators on a website unless it is absolutely necessary.

Prevention is key. Practicing the steps above will help you greatly reduce your risk in becoming a victim to an email phishing scam.

Posted in: CyberSecurity Announcements, Tech Tips for Business Owners

Leave a Comment (0) →

Simda Botnet

NCCIC-logo
National Cyber Awareness System:

TA15-105A: Simda Botnet

04/15/2015 08:51 AM EDT

Original release date: April 15, 2015

Systems Affected

Microsoft Windows

Overview

The Simda botnet – a network of computers infected with self-propagating malware – has compromised more than 770,000 computers worldwide [1].

The United States Department of Homeland Security (DHS), in collaboration with Interpol and the Federal Bureau of Investigation (FBI), has released this Technical Alert to provide further information about the Simda botnet, along with prevention and mitigation recommendations.

Description

Since 2009, cyber criminals have been targeting computers with unpatched software and compromising them with Simda malware [2]. This malware may re-route a user’s Internet traffic to websites under criminal control or can be used to install additional malware.

The malicious actors control the network of compromised systems (botnet) through backdoors, giving them remote access to carry out additional attacks or to “sell” control of the botnet to other criminals [1]. The backdoors also morph their presence every few hours, allowing low anti-virus detection rates and the means for stealthy operation [3].

Impact

A system infected with Simda may allow cyber criminals to harvest user credentials, including banking information; install additional malware; or cause other malicious attacks. The breadth of infected systems allows Simda operators flexibility to load custom features tailored to individual targets.

Solution

Users are recommended to take the following actions to remediate Simda infections:

  • Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date (see Understanding Anti-Virus Software for more information).
  • Change your passwords – Your original passwords may have been compromised during the infection, so you should change them (see Choosing and Protecting Passwords for more information).
  • Keep your operating system and application software up-to-date – Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it (see Understanding Patches for more information).
  • Use anti-malware tools – Using a legitimate program that identifies and removes malware can help eliminate an infection. Users can consider employing a remediation tool (examples below) that will help with the removal of Simda from your system.

Kaspersky Lab : http://www.kaspersky.com/security-scan

Microsoft: http://www.microsoft.com/security/scanner/en-us/default.aspx

Trend Micro: http://housecall.trendmicro.com/

  • Check to see if your system is infected – The link below offers a simplified check for beginners and a manual check for experts.

Cyber Defense Institute:  http://www.cyberdefense.jp/simda/

The above are examples only and do not constitute an exhaustive list. The U.S. government does not endorse or support any particular product or vendor.

References

Revision History

  • April 15, 2015: Initial Release

Posted in: CyberSecurity Announcements

Leave a Comment (0) →

When Is Your Business Ready For Managed IT Services?

If you are a small business owner and considering whether or not Managed IT Services will benefit your company, the answer is almost always- yes. There is little doubt that most small businesses can benefit from Managed IT Services, yet that in itself does not always justify the cost of bringing on a third party provider. Accepting that Managed IT Services Providers can offer solutions to common problems found in small business operation, the real question is: when does it make sense to switch from in house IT solutions to the next level which includes Managed IT Services?

There is a good chance if you are already considering Managed IT Services the time might be near when you are ready to make the switch. Small business owners do not have the luxury of a never ending IT budget, therefore it is very important to recognize when your current IT management is no longer cost effective. For most small businesses this occurs when the business grows to the point of needing either a contract with a local service provider who is “on call” for IT needs or hiring a full time IT person to remain on staff. There is of course another option for small business owners to consider and that is hiring a Managed IT Services Provider to oversee their IT needs.

If you are still unsure that your business is ready for the switch, ask yourself the following questions:

  • Do you find IT costs are continually increasing?
  • Is it difficult to find and retain quality IT staff?
  • Is your network and workstation performance and speed decreasing?
  • Are your employees spending more time dealing with IT issues than focusing on job they have been hired to perform?
  • Do you have problems with viruses, spyware and other security issues that could threaten the confidentiality of proprietary information?
  • In the event of a natural or man-made disaster, would your network be at risk? Would recovery be a concern?
  • Do you find network downtime is increasing?

If you answered yes to one or more of the above questions, then your business is ready for Managed IT Services.

Now that you have determined Managed IT Services are right for your business, the next challenge is finding the right provider of these services. This is a decision that should not be made lightly or rushed as the wrong provider can end up costing your company more money than your current situation. Before you begin the search for a Managed IT Services Provider you should first consider your IT budget as well as issues or problems you want to be addressed. It is important to remember that Managed IT Services are not a one-size-fits-all type of solution to business problems. Each business and industry has their own issues to contend with and a qualified Managed IT Services Provider will work with you to find the solutions that will benefit your company the most. If a potential provider is more intent on selling you services and not listening to the needs of your business, move on to another provider who is willing to listen to your concerns and offer customized solutions that address these needs. The point of outsourcing your IT management is to save money while freeing up time to focus on other business operations. For this reason it pays to put forth the effort to find the best Managed IT Services Provider to oversee your technology needs.

Click here to learn how PTOLEMY DATA SYSTEMS can help you benefit from Managed IT Services for your business in the U.S..

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Apple iOS “Masque Attack” Technique

NCCIC-logo

From the National Cybersecurity and Communications Integration Center (NCCIC) and United States Computer Emergency Readiness Team (US-CERT):

National Cyber Awareness System:

TA14-317A: Apple iOS “Masque Attack” Technique

11/13/2014 09:17 AM EST

Original release date: November 13, 2014

Systems Affected

iOS devices running iOS 7.1.1, 7.1.2, 8.0, 8.1, and 8.1.1 beta.

Overview

A technique labeled “Masque Attack” allows an attacker to substitute malware for a legitimate iOS app under a limited set of circumstances.

Description

Masque Attack was discovered and described by FireEye mobile security researchers.[1] This attack works by luring users to install an app from a source other than the iOS App Store or their organizations’ provisioning system. In order for the attack to succeed, a user must install an untrusted app, such as one delivered through a phishing link.

This technique takes advantage of a security weakness that allows an untrusted app—with the same “bundle identifier” as that of a legitimate app—to replace the legitimate app on an affected device, while keeping all of the user’s data. This vulnerability exists because iOS does not enforce matching certificates for apps with the same bundle identifier. Apple’s own iOS platform apps, such as Mobile Safari, are not vulnerable.

Impact

An app installed on an iOS device using this technique may:

  • Mimic the original app’s login interface to steal the victim’s login credentials.
  • Access sensitive data from local data caches.
  • Perform background monitoring of the user’s device.
  • Gain root privileges to the iOS device.
  • Be indistinguishable from a genuine app.

Solution

iOS users can protect themselves from Masque Attacks by following three steps:

  1. Don’t install apps from sources other than Apple’s official App Store or your own organization.
  2. Don’t click “Install” from a third-party pop-up when viewing a web page.
  3. When opening an app, if iOS shows an “Untrusted App Developer” alert, click on “Don’t Trust” and uninstall the app immediately.

Further details on Masque Attack and mitigation guidance can be found on FireEye’s blog [1]. US-CERT does not endorse or support any particular product or vendor.

References

Revision History

  • November 13, 2014: Initial Release

Posted in: CyberSecurity Announcements

Leave a Comment (0) →

Is the iPad Useful as a Mobile Computing Device for Businesses?

Some businesses have jumped on the iPad wagon and are finding creative ways to use the iPad as a mobile computing device. For example, the Global Mundo Tapas restaurant in Sydney, Australia uses the iPad as an interactive menu. There’s a budget airline, Jetstar Airways, using the iPad for in-flight entertainment, rented for $10 a flight. A luxury sedan by Hyundai comes with an iPad instead of a user manual. Other than these extreme cases, how can an iPad be used to increase productivity or convenience by the average business owner?

Conventions and Workshops

Do you travel to conventions and workshops for your business? Many people bring their laptop to these events. While laptops are of course very convenient compared to a desktop pc for traveling, the iPad weighs less and could be even more convenient if you’re traveling from room to room at a convention or workshop. These events are also often designed for networking – so you’re not just sitting at the table all day, glued to your laptop. The smaller, 2 pound iPad could be slipped into your purse or a small bag while you walk around the room, or even carried in your hand for easy access as needed, but without being cumbersome.

Flights and Traveling

It’s true a laptop can go on a flight with you, but even the smaller netbooks and laptops add to the weight of your carry on bags and can be frustrating when in the small seats of the plane. If you’re sitting in coach, you know every time the person next to you has to get up to use the bathroom you’re trying to balance the laptop and whatever else you happened to have out in your hands with turbulence knocking you around the aisle. The iPad could be slid into the pocket of the seat in front of you if you have to get out of the way for the passenger next to you – it’s about the size of a magazine.

The same holds true on trains, in taxi cabs, or as a passenger in someone else’s car. Just don’t try to use your iPad while driving, yourself.

Presentations & Sales

Do you travel to client offices to give presentations? How sleek would it be to whip out your iPad and give a sales presentation or demonstration? Apple reports that iPads can connect to the majority of projectors, so you could even broadcast that presentation over a large screen for a larger audience if necessary.

Replace Your Briefcase

Sure, the iPad has a word processor and spreadsheet. Those are always useful for business people. It would be much more convenient to read and edit documents on an iPad over your iPhone while on the road.

But what about the stack of magazines and newspapers you lug around with you in your briefcase? You could have all of your reading materials ready for you on the iPad and skip the briefcase. Use it as an ebook reader, newspaper subscription, and file storage and you’ve literally got everything at your fingertips. With the use of third party Apps, there’s little you can’t do with the iPad for as a mobile computing device for your business.

Click here to learn how PTOLEMY DATA SYSTEMS can help you get the most out of your iPads, Smartphones and other mobile devices with our Mobile Computing Services for your business in the U.S..

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Save Time and Money with Managed IT Services

If there is one thing most small businesses can agree on is that time equals money. Small business owners are in a position where they have to be a jack-of-all-trades, often spending most of their day wearing different hats. This is the nature of the small business and while expected is not always the best use of time. In order for a small business to be successful and remain competitive in an industry, there must be designated time for the owner to focus on growing and building the business. In many cases small businesses fail as a result of being unable to handle emergencies or other situations that are simply beyond the control and expertise of the owner. Leveraging Managed IT Services can help.

Any business that relies on technology, which covers almost every business operating today, can benefit from managed services. Managed services providers understand that not every business has the ability to pay for an internal IT department which can be very expensive yet necessary to ensure all aspects of technology are supported. Without this backup, many small businesses find themselves in a position where they have to foot a very expensive bill to recover from a disaster or emergency. In other situations, using out-of-date or ineffective technology is simply a waste of both time and money on the part of the small business.

Here we look at how small businesses can make the most of their time and money by hiring a managed services provider.

  • Focus on running the business- One of the major benefits of outsourcing your technology needs is that the owner and employees of the company can focus 100% on their individual duties to keep the business moving in the right direction. This is the most valuable use of time for all parties involved, instead of hours or even days lost when trying to deal with technological issues that in house employees are not trained to handle.
  • Offer expert advise – There are many small businesses that simply do not know what they need to improve the functionality of their business. The old adage, “what you don’t know can’t hurt you” does not apply in all cases. By consulting with a managed services provider you may discover areas of your business which can be improved that you previously thought were working “just fine”. Expert advice may be able to help you improve the efficiency of your business while positioning you better within the industry.
  • Support when you need it – Managed IT Services Providers are not only there in the event of an emergency or recovery, but also provide monitoring which can invaluable in preventing problems before they can impact the business.

It is important for every small business to carefully examine their technical needs in order to see what services will be most beneficial to the company. Managed IT Services Providers can offer services that not only reduce technology costs over time but also improves functionality which in turn saves time. When this balance is achieved a small business is in the perfect position to thrive and grow.

Click here to learn how PTOLEMY DATA SYSTEMS can help you save time and money with our Managed IT Services for your business.

 

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →