Kevin Mitnick was once America’s Most Wanted hackers and has since become a cyber security expert. Watch him put his hacking skills to work to show you the importance of having the right solutions in place to protect your data against RansomWare / RansomeCloud threats.
iTB partners with industry leading Business Continuity and Disaster Recovery vendors who provide solutions to protect our clients from downtime and data loss, including Datto who provided this video.
Did you know that as at May 2021, there are twelve different versions of Windows 10 and nine of the earlier versions have reached End of Service? To ensure your device continues to receive critical monthly security and quality updates that contain protection from the latest security threats, you need to ensure your version of Windows 10 is up to date. Here’s how to confirm if your version of Windows 10 is up to date.
Windows-as-a-Service
With Windows 10, Microsoft introduced “Windows-as-a-Service”. A new approach to deploy, update and service Windows Operating System. Instead of releasing a new version of Windows every three to five years, as Microsoft did with past iterations (eg. Windows 7, Windows Vista, Windows XP), Microsoft continually update Windows 10. Windows 10 Updates (also called Patches) are categorised as two types: Quality Updates and Feature Updates.
What’s the difference between Windows 10 Quality Updates and Feature Updates?
Quality Updates are cumulative updates that are released once a month (“Patch Tuesday” is the 2nd Tuesday of the month) and contain critical security patches and other fixes to make Windows 10 more reliable. As they are cumulative, the latest update includes all previous updates that came before it. After the download is complete, Quality Updates can take from 15 minutes up to an hour or so to complete, depending on the performance on the computer, including a restart which is required to complete the updates.
Feature Updates are major upgrades to a new Version of Windows 10 that contain new functionalities. Feature Updates are released twice a year. After the download is complete, Feature Updates can take between 1 to 4 hours to complete, depending on the performance on the computer, including a restart which is required to complete the updates. Each Feature Update continues to receive Support and Quality Updates for 18 months after its initial release.
Windows 10 Feature Updates
To confirm if your Windows 10 version is up to date:
To confirm the current Windows Version and Build of Windows 10 you have installed: Start > WinVer > Enter. To check if your version of Windows 10 is up to date and your device in continuing to receive critical monthly security and quality updates, find your version in the above table and check the Support Until date. If you have Version 1909 or prior, we strongly recommend updating to the latest Version of Windows 10.
Windows End of Life, End of Support and End of Service
In recent times, there has been a reasonable amount of publicity (and hype) surrounding previous Microsoft Desktop Operating Systems (Windows 7, Windows XP) reaching End of Life (EOL), which raised awareness that operating systems needed to be upgraded. Windows 7 EOL date (14 January, 2020) was well publicised. After the EOL date, Microsoft ceased providing critical security updates for Windows 7. The same can’t be said for Windows 10 Versions that have reached End of Service. Many devices are running old versions of Windows 10 that no longer receive monthly security and quality updates. Software developers also cease providing support for their software on Operating Systems that have reached EOL.
Proactive Managed IT Support Services
For all iT and Beyond clients who benefit from our Proactive Managed IT Support Services, for continued stability and security, and to minimise disruption and inconvenience to users, we schedule the installation Windows Updates as follows:
Patch scans are automatically performed Weekly, after normal business hours, during the designated Weekly Maintenance window.
Quality Updates: If Weekly Patch Scans detect that any Quality Updates are needed, they are automatically installed after normal business hours, during the designated Weekly Maintenance window. This includes restarting workstations if required. We are notified when Servers require a restart to complete patch installations and restart Servers manually after business hours.
Feature Updates: To allow testing of these major version updates prior to installation, we manually deploy Feature Updates outside of normal business hours at a mutually agreed time, once a year.
Ransomware attacks are on the rise in Australia. Learn how to protect yourself against it and secure your devices.
iT and Beyond is an Australian Cyber Security Centre (ACSC) Partner. The ACSC Partnership Program enables Australian organisations and individuals to engage with the ACSC and fellow partners, drawing on collective understanding, experience, skills and capability to lift cyber resilience across the Australian economy.
This content has been replicated from the Australian Cyber Security Centre (ACSC) website https://www.cyber.gov.au/ransomware
What is Ransomware?
Ransomware is a type of malicious software (malware). When it gets into your device, it makes your computer or its files unusable.
Cybercriminals use ransomware to deny you access to your files or devices. They then demand you pay them to get back your access.
How does it work?
Ransomware works by locking up or encrypting your files so that you can no longer use or access them. Sometimes it can even stop your devices from working.
Watch this video to learn about ransomware and how to prevent it from infecting your devices:
The effects of Ransomware
Ransomware is a common and dangerous type of malware. It can affect both individuals and organisations.
Ransomware can cause severe damage. It can hurt your reputation, and cost you money.
What to look for
Ransomware can infect your devices in the same way as other malware or a virus. For example:
visiting unsafe or suspicious websites
opening emails or files from unknown sources
clicking on malicious links in email or on social media.
Common signs you may be a victim of ransomware include:
pop-up messages requesting funds or payment to unlock files.
you cannot access your devices, or your login doesn’t work for unknown reasons.
files request a password or a code to open or access them.
files have moved or are not in their usual folders or locations.
files have unusual file extensions, or their names or icons have changed to something strange.
If any of these things happen to you, check with your friends and colleagues first to see if they made any changes.
Our advice if you have fallen victim to an attack
We and the ACSC recommend that if you do experience a Ransomware attack, that you should not pay the ransom. There is no guarantee paying the ransom will fix your devices. It can also make you vulnerable to future attacks. Instead, restore your files from backup and seek advice.
It is vital to back up your data and implement effective cyber security practices.
HTTPS stands for Hypertext Transfer Protocol Secure, and as
the name suggests, provides security to your web traffic/users.
It is especially
important when those users are giving you any kind of personal information as
it provides multiple levels of protection to that information.
All web traffic is transmitted by either HTTP or HTTPS.
These stand for Hypertext Transfer Protocol and Hypertext Transfer Protocol
Secure respectively. As the names suggests, these protocols are very similar,
but have one major difference. HTTPS wraps an encrypted layer around regular
HTTP traffic, providing a much greater level of security.
This encrypted layer is called Transport Layer Security
(TLS, sometimes called SSL).
HTTP websites can be modified by third parties, ISPs or
Hotels/restaurants/other managers of free WIFI. These third parties can add advertisements
or other unwanted content (including malware) to websites that don’t use HTTPS.
While using HTTPS you and your visitors can be certain that no-one has modified
the content of your website, and no one else has access to information being
transmitted between user and web server.
HTTPS, and the synonymous padlock, are signs of
trustworthiness and authenticity.
Chrome is by far the most widely used browser. Compared to
its closest competitor Safari, Chrome accounts for more than four times as much
web traffic. Chrome averages around the 60% mark of total web traffic. https://www.w3counter.com/globalstats.php
Google was the first major company to
mark all HTTP websites as insecure and for the last couple of years and they
have strongly advocated that all HTTP websites migrate to HTTPS. Chrome
will eventually mark all http sites as affirmatively non-secure with a red
triangle and an exclamation mark unless and SSL certificate is supplied. https://blog.chromium.org/2018/05/evolving-chromes-security-indicators.html
An SSL certificate ensures all data passed between browsers and web server are kept private. The certificate can include a Serial number and expiration date, digital signature, name of the holder and a copy of the holder’s public key. In the past SSL certificates have been expensive although today they are more moderately priced. Paid certificates will usually have a more rigorous screening process and may come with insurance.
Some technologies, such as AMP (accelerated mobile pages,
which makes certain pages load almost instantaneously on mobile) require SSL.
AMP-ready pages also receive better rankings on Google. (there are other
requirements that must be satisfied before a site is amp-ready.)
There are many reasons why HTTPS is the preferred protocol
and is used by almost all major websites on the internet. From keeping your
visitor’s information safe, ensuring that your website is not modified by third
parties and a ranking boost from Google, migrating to HTTPS is an easy choice.
Should you choose to migrate to HTTPS iT and Beyond offer this service. Please contact us if you need
any assistance with your choice.
Use one of the evaluation websites listed below to evaluate the
security of your own website.
Last year over 6 million Australians were victims of online crime1, and that number will continue to rise unless something changes. iT and Beyond is a Stay Smart Online Partner and in an effort to further raise awareness of cybercrime, we are supporting Stay Smart Online Week 2018 – Reverse the Threat of Cybercrime. From October 8th to 14th, 2018 businesses all over Australia will be reversing their websites, social media pages and communications from colour to black and white, to draw attention to the dark side of the internet and thrust cybersecurity into the national spotlight. In a massive collaboration with businesses and individuals across the nation, the importance of the four key areas of Passwords, Software Updates, Public Wi-Fi and Phishing will be highlighted, and will hopefully impact Australians’ cybersecurity in a big way.
Stay Smart Online Week began in 2008, at a time when Stay Smart Online had 50 partners. Today, with over 1400 partners, they are a driving force of cybersecurity and awareness in Australia.
Network Security – Passwords, Software Updates, Public Wi-Fi and Phishing scams
Passwords
A study last year found that 59% of people use the same password across all accounts2. This is great news if you’re a cybercriminal. Our passwords are our first line of defense and can be the only thing keeping your information from the wrong hands. For these reasons it’s essential to create strong passwords and use different ones for all your accounts. Implementing two-factor authentication where possible is also strongly recommended.
Software Updates
It’s important to install critical software updates for all devices and apps as soon as they become available. These updates can add new features, install bug fixes and fix security holes that could let cybercriminals in. Despite these advantages, 80% of Android users and 23% of Apple iOS users haven’t installed the latest software updates3. By keeping up with the latest versions of firmware and software, we can give ourselves the best chance at fighting off malicious activity online. At iT and Beyond, as part of the Proactive Managed IT Support we provide, we update all critical software updates for Microsoft Windows operating systems on workstations and servers, Microsfot Office software, Adobe software, Java software and Browser software (Microsoft Edge and Internet Explorer, Google Chrome, Mozilla Firefox).
Public Wi-Fi
Public hotspots aren’t always safe, and when connecting to the internet this way you can never be sure cybercriminals can’t access your information. Some simple ways you can stay safe while using public Wi-Fi are turning off any auto-connects, avoiding online shopping and banking and critically evaluating any rogue hotspots before you connect.
Phishing scams – email, SMS, social media
As one on the most common online scams, phishing scams cost Australians $50 million in 20174. This included emails, SMS, social media messages and more attempting to trick individuals into giving out personal identifying information, online banking logins and credit card details.
Being diligent when assessing online communications and thinking before you click can be the difference between your continued cybersafety and a successful phishing campaign. Remember to avoid clicking links or opening attachments in suspicious emails, and never assume the person you are talking to is who they say they are.
The Stay Smart Online Week 2018 initiative provides a great platform for businesses to share knowledge, experiences and best practices, which will promote education and allow others to share the benefits. Feel free to participate in any way you can, because the more people who get involved, the bigger the impact on national cybersecurity awareness will be.
A new email phishing scam is hitting inboxes , targeting myGov login and bank account details. The email purports to be from the Australian Government Department of Human Services, and includes logos from the Australian Government, Medicare and myGov, which all serve to make the body visually convincing. The email demands an update to Electronic Funds Transfer (EFT) payments with Medicare, ultimately claiming that this will allow for “prompt Medicare payments for benefits and claims”.
Following the email’s link opens a replica myGov website, which features relevant logos and a familiar design. One indication of the illegitimacy of the website is its URL: mygovau.net. The real myGov website’s URL is my.gov.au. It’s a good idea to search for sign-in pages online, or type in the URL manually, rather than follow a link in an email. This ensures that you won’t be taken to an imitation site with a modified URL designed to steal your credentials.
If login details are input, security question and answer are requested, before the user is taken to a fake Medicare site. This site aims to retrieve a range of information, including bank name, BSB number, account number, customer number and online banking password. Of course, this information would never be requested via email, and should not be entered after following links in emails.
Computer Security Tips for staying safe
Never click links in emails claiming to be from myGov or Medicare. You will never be sent an email with hyperlinks or web addresses from either of these sources
Be wary of any email that asks you to login to an account or input personal information such as bank account details
Don’t open a message if you don’t know the sender, or if you weren’t expecting the message
Be suspicious if you receive an email not addressed directly to you, or that doesn’t use your correct name
Login to myGov by manually entering the web address in your browser, and check your inbox there for any legitimate emails from Medicare
Always check the sender email address, and confirm that it matches the email body and the domain name of the company the sender claims to represent
Hover over links in emails to verify the URL
Contact the organisation independently to confirm whether they sent the message
If you think your personal information has been compromised, contact Australia’s National Identity and Cyber Support Service, IDCare.
“KRACK” security vulnerability discovered in WiFi Protected Access II (WPA2) security protocol
A security flaw has been discovered that could be used to hack into any device that uses WiFi, including smartphones, tablets, laptops desktop computers, laptops.
Many modern Wireless networks use WiFi Protected Access II (WPA2) security protocol and security certification programs to secure the wireless computer network. WPA2 wireless protocol has a new security vulnerability called “KRACK”, which is short for Key Reinstallation Attacks. This security flaw has been discovered by researchers at KU Leuven, a university in Flanders, Belgium.
Attackers can use this to steal sensitive information that is sent over a WiFi network that uses WPA2, including credit card numbers, passwords and other sensitive information. It may also be possible for an attacker to inject malicious information into the WiFi network which could include malicious ramsomeware and malware. The attacker needs to be within Wireless range.
The vulnerability is not per individual device but the actual WPA2 protocol, which means all devices that use WPA2 could be affected.
What you should do about the WPA2 “KRACK” security flaw on your WiFi networks
KRACK does not use your WiFi password to get access to your network, so changing your WiFi password will not make you less vulnerable, although changing your password regularly is good practice.
Many WiFi product vendors will be releasing updated firmware and drivers for their products. To protect yourself, we strongly recommend that you update your hardware as soon as an update is available.
For our clients who enjoy our Proactive Managed IT Support and Network Security services, we have details of all WiFi equipment and will continue to monitor when vendors release updates and will install them as soon as they become available.
The devices and hardware that will need to be updated, once patches are released, include the following:
Wireless Access Points (WAP) including Office and Home routers
Desktop workstations
Laptops/notebooks
Mobile phones
Tablets and e-readers that use WiFi
Home devices connected to WiFi including Apple TV, NEST, Amazon Echo and Google Home
Printers, both home and office, that use WiFi
Any other device that uses WiFi
Need more information about KRACK, below are some helpful links to give you more of an insight into the KRACK WPA2 Vulnerability.
At iT and Beyond, as part of the Proactive Managed IT Support we provide to keep our clients systems safe and secure, we regularly monitor security alerts from are security partners.
One of our security partners Sophos, have some great IT Security Tips and have launched a Spot the Phishquiz to test your skills by spotting ransomware attempts. There are some great prizes on offer.
Cybercriminals are often smarter than we think, and they’re using those skills effectively to make phishing emails harder and harder to spot.
Sophos RansomWare IT Security Tips – Spot the Phish RansomWare Phishing scam online quiz.
Can you identify a phishing email from a legitimate one?
The new Sophos online Spot the Phish quiz, tests your skills to see how many fraudulent emails you can spot.
In this contest of speed and skill, correctly identify ransomware attempts from legitimate emails and be among the fastest participants and you’ll be eligible to win one of seven prizes: a 12” MacBook, three iPad Pros, or three iPhone 7s, complete with AirPods. But you better be quick as this is your final chance to play before this contest ends on the 20th of December 2016.
Don’t worry if you are not sure as there will be a chance to participate in the Sophos online phishing school to learn more.
This short Sophos video on our YouTube Channel also provides some great tips on IT Security:
Our Network Security solutions can show you how cost-effectively protect and maintain the security of your network, assets and data against external attack, providing you peace of mind.
Amazon Go Mobile Computing – a whole new way to shop, featuring the world’s most advanced shopping technology.
Mobile computing and our ability to harness its benefits to improve productivity has come a long way and continues to revolutionise business and every day activities.
Online retail giant Amazon, published this video on Monday 6 December, 2016 on their new physical store concept.
No lines, no checkout. Shoppers simply use the Amazon Go app on their smartphone, take the products they want, and go! Just walk out, without getting arrested. Technology detects your selected items and automatically charges your Amazon account when you leave the store.
Selecting IT Systems that are right for your business
As is the case for our small business, accounting firm or not-for-profit (NFP) clients, the IT Systems we choose, need to reduce our costs, increase our productivity, mitigate business risks and assist us to provide superior customer service to our clients.
At [contentblock id=2 img=gcb.png] , we practice what we preach when it comes to selecting IT Support Systems, including strategic research, investment and ongoing development of breed-of-breed technology that provides automation throughout the entire delivery of Proactive IT Support services we provide.
Although the IT Support industry is spoilt for choice of IT Systems Management solutions and tools, careful cost-benefit evaluation and ongoing improvements are required to maximise investment benefits. Some computer support tools are designed for specific tasks, whilst other solutions are feature rich and include components such as 24x7x365 Remote Monitoring & Management, Remote Control, Patch Management, Network Discovery & Performance, IT Automation, Backup and Disaster Recovery, Security, Professional Services Automation, Project Management and Customer Relationship Management.
After strategic research and testing of available solutions, we chose a unique IT Systems Management framework and online Client Support Portal that are both powered by leading global provider Kaseya and driven by Best Practice.
Kaseya Virtual System Administrator (VSA): Remote Monitoring & Management (RMM)
Kaseya Business Management Solution (BMS): Professional Services Automation (PSA) and Client Support Portal
Both IT Support systems are cloud based Software as a Service (SaaS) solutions. They provide the flexibility needed to customise Proactive IT Support configurations for our small business, accounting firm or not-for-profit clients. We continue to invest in ongoing development and improvements and their ability to help us prevent problems before our client’s notice them.
Kaseya’s solutions may not be the cheapest in the market, but as is the case with many IT Solutions, you get what you pay for.
Award Winning IT Support systems for Small Business, Accounting Firms and NFPs
