thinkCSC Security Alert

Security Alert: WannaCry Ransomware

By | BDR, Data Security, Managed IT Services, Ransomware, thinkCSC Security Alert

thinkCSC has been closely tracking a global ransomware attack called “WannaCry” that was initiated last Friday and has impacted organizations in at least 150 countries. The attack began in the UK, shutting down several hospitals, thereafter spreading to Spain. The attack has now spread globally to organizations of all sizes in all industries, including those in the United States.

Please note that organizations with network visibility and a comprehensive patching program are protected and will be able to defend themselves against WannaCry. This ransomware is spread throughout an organization’s network by taking advantage of vulnerabilities in Windows Server Message Block (SMB). Targeted organizations are those who failed to deploy the patches Microsoft had released to protect against these vulnerabilities.

To learn more about the SMB security patches and software vulnerabilities, read more here:

What Happens When WannaCry Ransomware Attacks?

When WannaCry ransomware is deployed, it encrypts files and demands a ransom of $300 in Bitcoin. thinkCSC urges organizations NOT to pay the ransom, as payment has not resulted in a release of the encrypted files. Read more here:

To learn more about the WannaCry ransomware attack, read more here:

thinkCSC Coverage:

The thinkCSC team is actively monitoring the situation.

All thinkCSC Managed Services Clients have patches in place for exploitation attempts against the Windows SMB vulnerability, as well as IPS network detection for the WannaCry ransomware.

Keep in mind that this is an ongoing campaign, and we are regularly updating our detection capabilities. Additionally, we are keeping a close eye on customer networks as events unfold. Please notify thinkCSC of any reported cases of WannaCry ransomware in your organization.

Recommended Courses of Action:

thinkCSC recommends all organizations take the following actions:

  1. Ensure that “Security Update for Microsoft Windows SMB Server (4013389),” reference Critical Microsoft Security Bulletin MS17-010, has been applied.
  2. Update endpoint protection and antivirus software definitions, and have all users leave systems powered on so they can receive patches and definition updates.
  3. Remove public access from any Windows system with Server Message Block that has not been patched (as a best practice, SMB ports 139, 445 should not be exposed publicly and should be blocked from all externally accessible hosts).
  4. Ensure that all internal Windows systems are patched, to avoid internal spread of WannaCry ransomware.
  5. Ensure critical files are backed up appropriately.

While thinkCSC believes that employees will always be the first line of defense against ransomware attacks, the only real solution is for leaders of all –organizations – businesses of all sizes, government entities, schools, hospitals, and –others – to invest in stronger IT security that includes offsite backup and recovery. These protections, combined with ongoing staff training, strict security policies, and constant vigilance, are an absolute necessity in today’s cyber-environment.

For new customers interested in information on obtaining our services, please contact us at

IoT Security: What Your Business Must Know

By | Data Security, Managed IT Services, thinkCSC Security Alert

One of the most recent and exciting developments in technology has been the Internet of Things (IoT). This is the term coined to describe the networking of devices we use as part of our daily lives that communicate with one another via Wi-Fi: appliances that can be programmed and started by using a smartphone app, self-driving cars, automatic messages reminding us of our to-do list items, etc. The industry is expanding rapidly, and many businesses are developing smart devices in their efforts to remain competitive, but IoT security, however, has lagged behind.

Jumping on the IoT bandwagon is an exciting opportunity for business growth, but ensuring security is the only way to mitigate the risks involved. In an area where real-time human oversight of wireless transmissions is difficult, methods of maintaining security must keep pace with the technology itself. However, as with all technological advances, this is a daunting task.

What are the risks involved with IoT for your business?

  1. The biggest risk with IoT is its reliance on wireless connections, as well as the sheer number of devices that are being connected together. Hacking is easier and more common in the wireless world, and hacking communications that are not being continuously monitored is easier and less risky for cybercriminals. In short, their chance of being detected and caught is lower in an IoT environment than with a more traditional network. This is complicated by many businesses feeling pressured to join the IoT movement prior to fully understanding the risks involved and developing solid security systems accordingly. A lack of good planning and preparation has caused many devices to be programmed using older generation operating systems, buggy software, generic manufacturer passwords, and other technical problems. These issues compound the security risks for all communications using IoT devices.
  2. In addition to the common reasons IoT introduces risk – stealing data, unsecured data connections, privacy issues – there is one threat that seems to fly under the radar, and that is the ability hackers have to introduce botnets and severely disable or interrupt legitimate internet activity, the method used by hackers on October 21, when a series of Distributed Denial of Service (DDoS) attacks caused widespread disruption in the US.
  3. More and more people are using personal devices, and those devices often are not secured properly. When these people access these devices at work, they often operate through your organization’s network. This means that your network is facing a potential security breach and attack by connecting to a less secure device. Banning devices from the workplace may be impossible. Your first line of defense against the unchecked proliferation of IoT, then, must be a robust, layered network and endpoint security, as well as threat detection protocols.

A Note for IoT product and system developers

For product and system developers, security cannot be stressed enough, since compromised security can devastate an endeavor. Even the perception of higher risk can doom a new product, especially one involved in the transmission of sensitive data. It is not enough to have the same level of security as traditional systems. IoT security is more complicated and must be more robust. Tighter access controls, more complex operator verification processes, stronger encryption, more extensive initial development, newer operating systems, more frequently changed password requirements (including the need to change the manufacturer password prior to use), etc. are vital to the security of your network and your business.

Handling security risks

IoT security is new, complex technology. It is beginning to reach into every aspect of our lives, and it will continue to grow in the foreseeable future. It is something that most individuals and companies can’t handle on their own. More than most other aspects of business, IoT security requires collaboration with experts. If you are concerned about your ability to adequately handle the risks, we are here to help in any way we can to meet your needs and raise your level of understanding, protection, and safety.

At thinkCSC, we believe that in order to achieve maximum success, regardless of the size or type of organization, you must make IT an integral part of your overall business strategy and partner with IT professionals who not only understand how to leverage technology to their advantage but who are also committed to understanding your business goals and aligning your IT strategy to them. We pride ourselves on having the best business-savvy technical experts in the industry. If you would like to learn how to create an IT security strategy aligned with your organizational goalscontact thinkCSC for more information.

Security Alert: Xerox WorkCentre

By | thinkCSC Security Alert | No Comments

We have received several reports from clients who are receiving suspicious emails from Xerox WorkCentre, whether or not they actually use the device.

If you receive a message with “Scanned Image from a Xerox WorkCentre” as a subject and a zip file as an attachment, DO NOT OPEN IT FOR ANY REASON.

As a general practice, no company or device (copier, fax machine, scanner) will ever send you a zip file. You may receive zip files from individuals, but companies and services will not typically send zip files; always proceed with caution.

The Service Desk is always available to answer questions if someone is unsure of a file or attachment. Please contact us if you have opened the email or receive suspicious emails in the future.

Security Alert: VoIP Users Targeted in Email Message Attack

By | thinkCSC Security Alert | No Comments

thinkCSC is urging all VoIP users to take precautions when receiving voicemail to email services, as thinkCSC has identified a new security risk targeting VoIP users. The attack sends a voicemail to email with a .zip or .exe attachment that, when opened, can infect the user’s system and network.

The voicemail to email message will look like it comes from your messaging system but will be from an unknown number. thinkCSC urges VoIP users to proceed with caution when receiving a message from an unknown number. Do not open any .zip or .exe files. Legitimate voicemail to email message formats are .wav or ,mp3 files; if you receive any other type of file, you should assume it is a fake voicemail to email message.

These harmful messages are typically from numbers using non-existent area codes. A listing of all U.S. and Canadian area codes can be found here.

What To Do If You Have Received a Fake Voicemail to Email Message on Your VoIP Service:

  • Do not open any message that is not in .wav or .mp3 format
  • If you receive a message with a .exe or .zip file attached, DO NOT open it
  • If you believe your system has already been compromised, or if you have already opened the file, contact thinkCSC right away.

If you have any questions or believe you have been a target of this threat, please contact our team at your earliest convenience.

Security Alert: Do Not Open .TIFF Files from Unrecognized Sources

By | thinkCSC Security Alert | No Comments

Zero-Day attacks targeting Windows users has been detected by Microsoft and is already affecting people in Asia an the Middle East. It is expected to spread to the U.S. and Europe very quickly. This vulnerability enters your system when you open a .TIFF file and allows the attacker (potentially on a remotely hosted computer) to gain administrative access to your system and network.

It is imperative that you refrain from opening any questionable .TIFF file, as the messages are often constructed to make the user believe they are coming from a trusted choice.

While Microsoft is working to develop a patch to protect users, at this time, current antivirus and firewall solutions are unable to prevent infection. Most vulnerable are Microsoft Office users who are running Windows Vista or Windows Server 2008. Microsoft Office 2003 through Office 2010 are impacted in this zero-day attack.

If you have any questions or believe you have been a target of this threat, please contact our team at your earliest convenience.

Security Alert – Installing OS X Mavericks

By | thinkCSC Security Alert | No Comments

We are receiving a number of reports from clients that the latest OS X Mavericks updates are creating major compatibility, hardware driver, file sharing and printing compatibility issues, as well as other problems. We recommend that you refrain from installing OS X Mavericks until you check with us in order to avoid downtime. Apple is providing OS X Mavericks under the normal updates section with no cost associated with the update.

Because of the issues we’re seeing, we believe the wisest approach is to contact our tech team first and make sure you will not experience any of the compatibility issues being reported. If you have already run the update and you’re experiencing problems, please let us know. If you have any questions or need assistance with your OS X Mavericks update, please contact our team at your earliest convenience.

Windows XP Faces Extinction

By | thinkCSC Security Alert | No Comments

extinctWindows XP, like the dinosaur, the Dodo Bird, and the Sabre Tooth Tiger before it, will be extinct by next April. There is no saving it – it’s doomed to be another relic in a museum. Because Microsoft support for Windows XP will end in April 2014.

Software can be a lot like a comfortable pair of boots. You like how it looks and feels. It’s comfortable. And because of that, you may hesitate to upgrade when you should. But like those broken-in, worn-out boots that leave you with at least a bruised ego, choosing not to upgrade your software can leave you with much more painful damage. Regardless of which platform you choose, upgrading your Windows operating system is crucial if you want to receive Microsoft support and protect your business systems from vulnerability. The risks of using extinct, unsupported software include:

  • Potential security breaches
  • Reduced functionality
  • Incompatibility with other programs
  • Increased downtime

There are two options for replacing your Windows XP system: Windows 7 and Windows 8. While Windows 8 is the most recent Windows version, Windows 7 may be the better choice for some businesses.

For those businesses in which the computer is a way to track invoices, send a few emails and occasionally update a website, Windows 7 may be the preferred choice. Windows 7 allows for a variety of customizations to the look and feel of your computer yet remains a basic tool for one-clicking your way to the programs and files you use most often.

For those businesses with a mobile workforce, and for those who work as much from a tablet or phone as they do a desktop or laptop, Windows 8 is designed to be a mobile-friendly operating system. Windows 8 is for people who embrace change and already spend more time using touchscreens than they do typing.

Now is the time to let go of your broken-in, worn-out operating system. It’s moved to the top of the endangered species list. And whether you choose Windows 7 or Windows 8, each platform offers better collaboration, performance and security than sticking with one that is on the extinction list. We recommend upgrading as soon as possible to ensure ongoing security and stability. If you’re not sure where to start, thinkCSC can facilitate the ordering and implementation of the new operating system. We can assess your current infrastructure to ensure its compatibility with new software. Contact us today for more information.

Crypto Locker Malware – Act Now

By | thinkCSC Security Alert | No Comments

cryptolockerRecently, several of our clients have been exposed to a new variant of malware which is becoming known as Crypto Locker. Antivirus vendors are working diligently to combat the virus. However, it is still possible for the malware to infect the machine even if it has current, up-to-date antivirus protection.

Crypto Locker specifically targets Word, Excel, PDF and possibly other file types. It encrypts the files and makes them unusable. Typically, a single machine (or more) on a network becomes infected. The malware proceeds to modify all of the specific files on that machine, as well as any files that machine has access to on its network, including mapped drives to shared servers. One infected machine can quickly spread, making nearly all company files stored on the network unusable.

On the machine that is actually infected, you will likely see a pop-up called CryptoLocker stating that your files have been encrypted and try to ransom you to pay hundreds of dollars to have them unencrypted.

thinkCSC would advise you to not pay them any money or give them any information.

It is unlikely that paying them will result in fixing your issue and this will likely result in fraud and other problems. It is important that these issues be reported as quickly as possible. The infected machine should be shut down and removed from the network.

On machines that are uninfected but trying to access files that have been changed by Crypto Locker, you may receive errors like ‘File is not in a recognizable format,’ ‘<Filename> cannot be opened because it is an unsupported filetype or has been damaged,’ and other variations of those messages.

The fix? In most cases, there is not one. The only tried and true solution, until Antivirus vendors are able to adapt, is to restore from backups. If you have an antiquated or untested backup system, possibly including tape backups, this could become quite problematic and lead to extensive downtime.

There are several lessons to learn from this. First, it is important to have a strong, automated backup solution that runs on a regular basis. Second, that backup solution should have monitoring and be tested on a regular basis. Third, point in time and time to restore need to be taken very seriously. If you only backup once day, you will likely lose an entire day or more of data should you need to restore. Time to restore is another important consideration. If you have to bring in tapes from offsite and then perform a restore, it will take longer before you and your data will be on working terms again. Fourth, it is always important to have currently licensed, updated Antivirus. This is a first line of defense and not a perfect solution that will stop 100% of all threats, so it is also important to have a complete protection system including email security, strong firewall, antivirus, and a comprehensive automated backup solution and patch management.

If you have been infected by this malware or would like to discuss thinkCSC’s Managed Services Program, Backup & Disaster Recovery (BDR) Solution, or any other concerns, please contact your account executive or contact us today.