News

Contributed by Hugh Burns

Your domain name is critical to your business, both as your online brand, and also as something that controls many aspects of your day to day business operations including:

• Email delivery - ensuring you get your email
• Network functions - for example allowing remote access for workers
• Website - ensuring your public website is up and running
• Communications - for example VoIP phone systems, Skype etc

What many companies don’t realise is that they actually have no “ownership” of their own domain, and we’ll cover that issue in this article.

There are three important bits of information associated with every domain:

• Registrant
• Admin Contact
• Technical Contact

The Registrant is the person or entity that registered the domain, and effectively owns it.
The Admin Contact is the person or entity that the registrant trusts to handle issues or answer questions about any non-technical aspect of the domain management. 
The Technical Contact is the person or entity that the registrant trusts to handle any technical aspect about the configuration of the domain, for example your IT provider.

Unfortunately, what we often see is companies registering domains on behalf of other companies, and not setting these details up correctly. For example a business may get a website designed, and the company that hosts the website registers the domain on behalf of their client, and specifies themselves as the domain owner, and not the business they are registering the domain on behalf of. Remember the Registrant is the owner. If you’re not listed as the Registrant, you don’t own your own domain! If you get into a dispute with the company listed as the Registrant, the results can be disastrous. In extreme cases they could shut off email and other critical functions.

So how can I tell if my domain details are correct?

You can do what’s called a “WHO IS” lookup, which shows the information above. There are many websites that can do this for you, but here is one example: https://www.whois.net/
Enter your domain name (without www or anything else in front, e.g. computerculture.co.nz) which will return the Registrant, Admin Contact, and Technical Contact.

Our best practice recommendation is as follows:

Registrant – this should be the name of your company, not another company, and not an individual
Admin Contact – this should be the name of an individual within your company that can answer questions about the domain management.
Technical Contact – this should be someone who can handle the technical aspects of the domain, for example an internal IT person or your IT support company like us.

Please take the time to review your domain registration details. Its such a critical aspect of your business that often gets overlooked, and can have big consequences if not correct. Sometimes it can just be a timewaster trying to complete tasks like changes to email systems or websites if these details aren’t accurate.

If you would like any help with looking this information up, please let us know, or if you’ve had a look and are not happy with the current registration details, please also let us know and we can assist you with getting it sorted.

Lancom is the original source of this article here.

We often share information about malware and the danger of being targeted through the internet. However, the reality is that despite the abundance of information available warning of these issues, the emails of more and more businesses are being compromised. Email-borne risks include viruses, scams, phishing attacks and more. Knowing how to protect yourself against these attacks is challenging because hackers are dynamic and smart about how and who they target, making it difficult to know what is and isn’t legitimate.

In this article we help you to help yourself by pointing out a few common email threats and how you can identify them.

Suspicious looking emails – how to spot them

Emails are still one of the biggest vectors for malware and, though you’ve likely heard this before, every day private and commercial networks get compromised because - people open emails that they shouldn’t!
So, what should you look for?

• Emails that come from known senders with attachments and links that don’t conform to an expected norm, such as format, greetings, content (one example would be getting emails from yourself!)
• Emails from unknown senders
• Emails that addresses you in an unusual way (e.g. Dear Priscilab)
• Emails that have no greetings or introduction at all
• Emails that suggest that you have an issue that the sender will fix
• Emails that ask you to sign up to a website
• When they seem too good to be true such as "you won a prize" type of emails - that's probably because they are!
• Emails from unknown senders that have an “invoice” or “credit note” attached.

If you notice any of these unusual things, the message is pretty simple: do not open, do not respond, do not forward.

Curiosity killed the cat! Don’t click!

If any of these things pop up on your inbox, the message is simple: delete them immediately. Whatever you do, DON’T click on any links, open attachments or follow instructions to win a prize unless you are sure that the email is legitimate. If in doubt – DELETE!
Curiosity killed the cat, they say, but it can also kill your computer and the network. Hackers cleverly try to pique your interest – don’t fall for it. That ‘invoice’ or ‘tax refund’ that you open can make your life very difficult.

Some examples to help you help yourself

There are plenty of examples of the threats; this March 2016, the Department of Internal Affairs was notified about a spam Netflix email circulating the country, advising members to update their payment methods.
Earlier, in February, an email purportedly from ‘Microsoft’ congratulated recipients for winning an internal promotion. Hint: it wasn’t Microsoft sending the email and the promotion never existed.
These and plenty more examples can be found on the DIA’s website. You can also report spam/phishing emails on the DIA’s site here.

Err on the side of caution

The final note is a simple one: rather err on the side of caution than open something which looks tempting only to find it is a virus, phishing attack or other malware. DELETE should be the default action for any emails which look even slightly dodgy. That’s a far safer course of action than opening it up and opening yourself to compromise.

Contributed by Steve Shaw

When it comes to people's digital lives, entanglement is pretty much the norm nowadays. Ask almost anyone what's installed on their computer, phone, or digital device and you'll find a combination of work and personal information. We're always online and always connected whether it's to our friends, our family, our co-workers, our clients, or our suppliers. The lines between each piece of this information has become blurred. Now we're simply connected people.

For many, the digital push has started with their work. There's a much better ROI for an organisation than an individual when it comes to cutting-edge digital devices. As such, the devices we become familiar with and embed our digital lives into aren’t actually ours, but the organisation we work for. Likewise, for those whose first email account was provided by work, it easily becomes the default or only account that’s used – both for personal and work relationships.

So what happens when, for better or worse, someone moves on from and out of their native digital environment? Keeping good relationships is an essential part of any organisation, so maintaining a healthy link to an organisation after someone moves on can be key. How then can an organisation or individual prepare for a healthy breakup, digitally speaking?

Like most processes, the first step is always information gathering. What exactly would be lost if someone were removed from your organisations technological infrastructure? Phone numbers and email addresses of friends? A digital music collection? Personal emails? Family photos? Access to an email address linked to bank accounts? Losing any or all of the above could easily sour a relationship.

Once you’ve established just what’s going to be lost, you can then move forward. For each individual there will likely be a need to migrate data. From an organisation, however, the greatest need is to put in place policies and procedures that will set you up for when the inevitable need to disentangle occurs.

If you’re concerned about any of these points, talk to one of our friendly team members for assistance with the data migration.

It seems Apple has ended support for QuickTime on Windows and there are two major vulnerabilities found.

These vulnerabilities will allow a remote attacker to execute arbitrary code on Windows PC's running Quicktime.

Head over to the US CERT website, here, to see the full details.

Computer Culture's advice is to uninstall this program from all your Windows devices.

According to data and media global Bloomberg, the number of known Ransomware attacks has now surpassed five million, with just a single infection causing more than $325 million worth of damage in one instance. Ransomware locks the files on your computer and refuses to hand over the key until you’ve paid the demanded sum, or “ransom”. 

Ransomware has bigger implications for some industries than they might first realise. Not only does it impact day-to-day business while they can’t access their data or IT systems, but it can also cause some bigger affects down the line. Sensitive data that needs to be accessed regularly or whenever requested is the main point that should ring the alarm bells.

Unfortunately for the healthcare sector, the hackers have realised they’re a big juicy target. We’ve seen reported incidents of multiple hospitals in the US being infected with ransomware and having to resort to extreme measures to resume functionality. The fact that prominent medical facilities are giving in to the demands of cyber crooks because they had no contingency plan, is a sobering thought. This has also been reflected internationally, as Germany has also seen its share of ransomware attacks on hospitals. One hospital even having to resort to pen, paper and fax due to a sophisticated attack that brought their IT to a crawl.
The global healthcare industry’s being targeted as it ticks all the boxes for ransomware attackers. Those targeting the industry have realised it sits on a goldmine of sensitive information that’s so indispensable for its users, that they’ll pay almost anything to get it back. To make matters worse, healthcare is bound by regulations around medical records always being available, the fines for not having this data accessible would well outweigh any ransom for the data itself.

Its mere existence in the cybersphere should highlight the importance of security training and awareness. Simply knowing this malicious software is increasingly being used in phishing plots and web exploits can help prevent employees from putting their organisations in danger.
Like any other form of malware, the ransom-based variety looks to exploit outdated web browsers and plugins like Adobe Flash and Java. It also aims at unsuspecting users opening infected attachments harboured in spam emails.
While it continues to evolve and change, the best way to combat ransomware with maximum effectiveness is still as simple as prevention. Avoid any emails, links and plugins that you don’t recognise, and ensure you have regular backups of data that can be rolled back to should your systems become infected.

Talk to us about how we can help implement some contingency plans for your business.

We already know that ransomware has become a growing threat to users around the world. Just last week, Mac users saw their first such attack on Apple's operating system. By encrypting a user’s local files and holding them ransom for payment in the hundreds of dollars, the perpetrators have become increasingly sophisticated in their methods to extract money. The software is so difficult to deal with that the FBI advises people and businesses to just pay up to unlock their files.

Now, according to Trend Micro, the past 24 hours have seen a rash of new crypto-ransomware spreading through popular websites. The attack, dubbed Angler Exploit Kit, is taking advantage of vulnerabilities in Adobe Flash and Microsoft Silverlight, among others, to feed the malware through compromised ad networks.

Malwarebytes is reporting that the “malvertising” is hitting the BBC, MSN, nfl.com, The New York Times, my.xfinity.com and many others in the form of clickable banners. The anti-malware company provided lots of detail around the exploit, reporting a number of suspicious domains through which the ads are apparently served.

Google’s ad network was compromised in this attack, according to MalwareBytes. Last year, Google reported to have made progress in filtering ad injectors and malicious sources across the ad networks it manages. However, it would appear that the ad network still has work to do.

Up until recently one of the major security firms have seen 101 fake websites and the list is still growing.
These sites ask you to enter a code, supposedly to prove you are not a robot.
Their advice is:
Do not to enter Captcha codes to any penalty or police related websites.
Be especially careful about anything purporting to be a traffic infringement or the AFP (use you telephone to confirm any such email).

CAPTCHA stands for "Completely Automated Public Turing test to tell Computers and Humans Apart".

"Locky" feels like quite a cheery-sounding name, but it's also the nickname of a new strain of ransomware, so-called because it renames all your important files so that they have the extension .locky.

Of course, it doesn’t just rename your files, it scrambles them first, and – as you may already know about ransomware – only the bad guys have the decryption key and will happily sell it to you.

The most common way that Locky arrives is as follows:
You receive an email containing an attached document such as Troj/DocDl-BCF. 
When you open the document it looks like gobbledegook. 
At the top of the document it advises you to enable macros “if the data encoding is incorrect.”

DO NOT Enable Macros!  Use SHIFT + DELETE to send the email into oblivion.

In all likelihood you will know someone who has been a victim of a malicious piece of malware or had valuable data stolen through a well-orchestrated hack. Many organisations that suffer these and other attacks fail to take the proper precautions to prevent themselves from becoming victims.  Here are some of the precautions you can take.

Patching - Most attacks, whether they be malware or hacking attempts exploit weakness or vulnerabilities in Operating Systems and 3rd party applications. Normally, when an exploit is discovered, a publisher will release a fix to block it as soon as possible. If your system is maintained by our Managed Services, these patches will be applied automatically.

Mail Filtering - No small number of threats find their way into a network as an email attachment or link. Having a robust system to scan, scrub and quarantine these threats is essential. If you are not using Office 365 for your mail, we recommend Roaring Penguin for anti-spam protection.

Web Filtering - Blocking malicious websites from being accessed can go a long way to reducing the number of threats introduced to a network. 

Backups - A good backup and disaster recovery strategy should be in place to make sure that essential and business critical data is safe should the worst happen. Ideally, it should be located offsite. If you don’t already have an offsite backup solution, please call our sales team who will help you find a solution that meets your requirements.

Antivirus – We recommend our managed AV Defender to provide a strong defense against viruses.

An important resolution that you should carry out for the New Year ought to be setting up the security on your mobile devices.  This is now critical, as so much personal and company data is now either stored on the device or the device has access to this information.