3 Cyberattackers Putting Business at Risk

3 Cyberattackers Putting Business at Risk 600 329 Greenlight Managed IT Support Services | Sydney | Melbourne

Cyberattacks and data breaches happen worldwide, and no one is immune. Your business needs to protect its networks and systems, and secure sensitive data. But how much do you know about the types of cybercriminal out there. This roundup discusses the biggest threats and what they’re after.

Cybercrime Gangs

Online crime is a lucrative industry. Cybergangs go online to offer “crime as a service.” Their targets vary and can be spread out globally. In 2019, one international crime gang stole $100 million from more than 40,000 victims. Culprits were found in the US, Bulgaria, Germany, Georgia, Moldova, and Ukraine. Victims included small businesses, law firms, international corporations, and nonprofits.

Many of these bad guys may have started out in the digital environment, but well-established street gangs are turning their attention to cybercrime too.

Typically well-funded and organized, cybergangs work long-term to mount large-scale attacks. They target banks, law firms, healthcare networks, and other big businesses.

Still, small businesses can be targeted by cybercrime gangs. You could be the first domino to compromise a larger, more lucrative target in your supply chain.

State-based Actors

One nation pays an individual or group to target another country. On the digital battlefield this could mean:

  • tampering with an election;
  • infiltrating another country’s banking system;
  • compromising critical infrastructure;
  • accessing intelligence;
  • creating incidents of international significance;
  • engaging in propaganda, disinformation campaigns;
  • espionage.

In July last year our prime minister announced a “sophisticated state-based cyberattack” on political and private-sector organizations.

State actors also used cyber techniques to damage Iran’s nuclear program. They left an infected thumb drive in the parking lot. A well-meaning staffer found the USB and plugged it into the facility computers. The virus caused Iran’s fast-spinning centrifuges to go into overdrive.

These attackers are often motivated by nationalism, but this doesn’t mean businesses are safe. A politically motivated cyber actor might target a hotel hosting an international convention or gain access to a government vendor to send false communications.

Lone Wolf

Also known as disorganized crime, this is the online equivalent of a petty thief. Many make their income stealing money from low-hanging targets.

Some Lone Wolves are only interested in proof-of-concept: hacking into businesses and governments to see if it’s possible, without doing any damage once they are inside. 

Now that you better understand why your business might be targeted, it’s time to take the necessary steps. We can help solidify your cybersecurity stance. Partner with a managed service provider. Our experts can set up email security, remote access management, anti-malware scanning, and more. Contact us today!

Top 5 Risks When You Stay with Windows 7 this 2020

Top 5 Risks When You Stay with Windows 7 this 2020 1920 1280 Greenlight Managed IT Support Services | Sydney | Melbourne

Windows 7 End of Life

Microsoft will no longer be supporting Windows 7 after a ten-year stint—as announced last December 16, 2019.

The purpose of this direction is for the tech giant to pour its ample resources into more lucrative, newer technologies. Essentially, Microsoft has squeezed as much juice as it can out of Windows 7. It doesn’t make sense for them to continue providing technical assistance and software updates that protect PCs using the outdated program.

The Impact on Your Businesses

First and foremost, Windows 7 is still being used on 39% of all PCs.

And a year from now in January 2021, Windows 7 will be used on 18.7% of all PCs, which accounts for around 281 million machines.

What does that mean, exactly? That even at under 20% of total usage on PCs, there are still over 280 million systems with Windows 7 in place. At such a vast number, it’s fair to guess that small to medium businesses make up enough of those totals. Especially since many owners might wish to sidestep the costly nature of upgrades.

Though, with the removal of all support for the system, keeping Windows 7 installed will end up being more costly than merely paying for the upgrade to Windows 10.

So, as a business owner or stakeholder who may still be using Windows 7, you’re likely interested in knowing what might happen after neglecting to upgrade.

Let’s examine some of the most significant risks involved in continuing to use Windows 7 on your PC and how it can affect your workplace:

The Top 5 Risks of Staying with Windows 7

Risk # 1.      No More Technical Support

Last year, Microsoft patched 29 Windows 7 vulnerabilities in April alone.

Of those vulnerabilities, 6 were rated critical with the other 23 being deemed important.

Think about it, that’s one month alone—and the only reason those changes were made was due to an extended support phase focused on fixing flaws. Those snafus on Windows 7, since it’s an older system, have continually surged over the years. Now, without support, these issues will be seemingly never-ending.   

Risk # 2.      Heightened Cybersecurity Risk

Studies from 2018 about cybersecurity in small-and-medium-sized businesses reported that 67% of survey respondents experienced some form of cyber-attack. On top of that, another 58% went through a data breach with employee or customer information.

These stats prove that businesses are already susceptible to these attacks. With Windows 7 now lacking the infrastructure to deal with these issues, if you don’t upgrade, the consequences could be disastrous.

Risk # 3.      Additional Costs

On a per-system basis, it’ll be possible to receive extended security support. However, there’s an additional fee paid to Microsoft per computer to obtain the appropriate security updates. Furthermore, the dollar amount owed to Microsoft will double every year and caps out at a maximum of three years.

The price begins at $50 per machine—meaning by 3 years it’ll be $150 per device. If you have around 10 machines, that can prove quite costly.

Risk # 4.      Falling Behind the Competition

As Windows 7 becomes more obsolete, more businesses will be using Windows 10. 

As technologies keep improving, functionality enhances. If you’re on an outdated system, the slower it’ll run, and it’ll be less equipped to handle the state-of-the-art tools that’ll keep you ahead of your competitors.

Risk # 5. Frustrating Your Team

When your employees end up with inferior technology, their morale tends to suffer. For many staff members, it can be a bad look when you fail to equip them with systems, programs, and software that isn’t – at the very least – up to date.

If you don’t update to Windows 10 soon, your team might get the idea that you aren’t invested fully in their success. From there, frustration brews, work tends to be negatively impacted, and you’ll have an office full of employees at their wit’s end.

The Very Real Problem of Malware in the Workplace

As technology keeps reaching new heights, so does its propensity to be malicious and dangerous. Businesses far and wide must be eternally vigilant in the face of these threats that can damage both their reputation and bottom line.

For instance, recently, Landry’s, Inc., an American, privately owned, multi-brand dining, hospitality, entertainment, and gaming corporation, identified malware on its payment processing system.

The malware was designed to access payment card data from cards used in person. Interestingly, the card data wasn’t readable due to the end-to-end encryption technology used at points-of-sale. So, the malware was prevented from accessing payment card data.

Although this hasn’t occurred on a Windows 7, these attacks come from everywhere when sensitive information or money is involved. As proven by Landry’s, with state-of-the-art systems in place, these cyber breaches situations can be nipped in the bud.

So how do you mitigate these risks?

The short answer is to move to Windows 10 to receive the full support from Microsoft. This can be done by upgrading your operating system on your existing PC’s, assuming your hardware is capable of handling the demands of a modern operating system. If you PC is more than 3 or 4 years old, it is probably more cost effective to simply replace the PC.

dark web

Should Businesses Be Afraid of The Dark Web?

Should Businesses Be Afraid of The Dark Web? 1920 1440 Greenlight Managed IT Support Services | Sydney | Melbourne

While in the past a new business would only have to worry about physical threats that might walk in and try to steal from them, those days are long gone. Now, the biggest threat to businesses are invisible attackers that they will never even see coming until it’s too late.

These individuals are lurking in the shadows of your company’s network instead. This makes them even more dangerous than the criminals of yore, but where do they go after their attacks? Where do these cockroaches flee to? It’s called the dark web.

What is the dark web?

Ironically, the technology which makes the dark web possible was created by the US government in the 1990s. It’s called TOR, and this software allows computers to exchange information anonymously. Now, TOR has become synonymous with the dark web.

However, the dark web itself is much more than that. It’s a huge network of anonymous and hidden websites where the criminal world now does business. This includes a medley of unsavoury illicit activity from drug deals to weapons trading to child pornography rings.

The dark web is not entirely bad though, and there are some people who use it for legitimate purposes. This includes political activists and journalists who need to pass information anonymously to remain safe in corrupt countries.

The most interesting thing about the dark web though is that until recently nobody really cared about it, so what happened?

The arrival of the silk road and the explosion of the dark web

The Silk Road was an online marketplace on the dark web that allowed individuals to purchase illegal items for Bitcoin. In most cases, these users were kids looking to buy party drugs on the internet, but in 2013 the Silk Road was taken down, and in its place, many other dark web marketplaces have sprung up.

While many people despised the Silk Road for its blatant disregard for the law, it did have rules in place which permitted the sale of many things. Its new competitors though were not so caring about who became the victims of these sales.

Now, the dark net has exploded with activity surrounding crimes which are no longer as harmless as people doing their personal festival shopping. The dark net’s new business is in fraud and identity theft.

Cybercriminals now scrape and sell the personal data of individuals and businesses which they’ve stolen from websites or computers with poor security. This could include credit card numbers, medicare numbers, banking details, private documents and more.

What if my data is on the dark web?

If your information is already on the dark web, then there’s little that you can do. While the authorities do take these sites down when they can it’s likely that another one will simply pop up with it for sale again.

The best method for protecting yourself is to make sure this never happens. For an individual, the dangers of the dark web will be related to their identities, but the prize is often different for cybercriminals who are targeting a business.

They’ll most often go after your files. They want to compromise your databases so that they can either steal and then sell your customers information or even hold your information for ransom until you pay them. This can be scary, and it’s possible that everything you’ve worked so hard to build could be lost in one of these attacks.

What can I do to protect myself?

Protecting yourself from these criminals means having a good prevention method in place. Here’s what you can do to protect yourself.

Beef up your cybersecurity

Is your network security up to snuff? If not, you may want to have a cybersecurity company audit your safety procedures. This is particularly important if you work in an industry where you’ll be storing sensitive information on your customers.

Just installing a simple firewall is not enough. As your business grows you become a bigger target, and don’t think that just because you’re a local business that you won’t be attacked. Ransomware attackers couldn’t care less who you are as long as you pay.

Using two-factor authentication, a technique which requires more than one form of credentials, often one involving something that must be physically present, can help with this. While not fool proof, it makes it much harder for your accounts to be compromised.

Teach your employees good security habits

More often than not when someone says they were “hacked” the truth is that they were a victim of a phishing scam. Phishing doesn’t use brute force attacks to access your network, it simply asks your most vulnerable employee for the keys.

That’s why it’s important to make sure that everyone in your organization is up to speed on safety protocols. You should be having training sessions that help them to identify and avoid scams and to recognize when something is up.

However, if you have addressed the first item on our list, then your cybersecurity team should have roadblocks in place that stop naive employees from wandering into many traps designed to steal your information.

Though training your employees on safety protocols is something that you can do for free without even employing any new software. It just takes time and knowledge to accomplish.

Sign up for dark net monitoring

There are actually services which will monitor the dark web for you and tell you if your information is being sold. While there’s not a lot you can do if it’s already there, it does give you a heads up that allows you to go into disaster recovery mode.

You can use this opportunity to change your passwords, up your security levels and protect yourself from data breaches before they happen.

There are some cybersecurity firms which include this as a service in their packages, and that means they can take care of everything for you. This is particularly useful for smaller medical practices which handle sensitive information but may not have a large enough infrastructure to warrant a fulltime IT department.

Why it is Important to Secure Your Remote Desktop Server

Why it is Important to Secure Your Remote Desktop Server 1280 720 Greenlight Managed IT Support Services | Sydney | Melbourne

With a rise in employees working from home in recent years, there has also been an influx of cyber attacks on the very system that makes that possible.

Perhaps you’ve used Remote Desktop Protocol (RDP) for work or have had to resort to it when dealing with customer support. If either is the case, the first time you ever used it might have been something of a worry. Allowing a stranger full control of your computer via a desktop interface? Sure, that doesn’t sound sketchy at all.

However, it actually isn’t sketchy. Microsoft designed RDP to facilitate secure data transfer from one computer to another. In both theory and practice, RDP has shown itself to be one of the most integral technological inventions of the last couple of decades. This is most notably the case within the healthcare industry, whose existence relies on patient confidentiality.

Although where hackers are concerned, the turn of phrase, “This is why we can’t have nice things” also comes to mind. The FBI reported recently that, since 2016, RDP attacks have been becoming more and more frequent. These brute force attacks aim to collect data such as names, dates of birth, insurance numbers, which the hackers then sell on to the dark market.

But with more and more companies understandably turning to RDP to cover their workloads, this is a threat that has to be dealt with before it’s too late. That said, the solutions to securing our remote desktop servers, are also in our hands.

The Many Uses of RDP

There are plenty of reasons why companies and individuals resort to RDP. For one, the ability to connect to and control one computer from another means that not every worker should have to go into the office. In the same vein, business travelers can stand to use it for that very same reason.

If you’re traveling for work or want to work while on vacation and work for a company, you’ll need access to your files. Particularly so if those files are confidential. This is where RDP really stands out. Not only can you access your work computer from anywhere in the world, but you can do so from home, too.

Administrators also benefit heavily from RDP. Many large-scale technology companies use it to aid their customers with any problems they might be facing. Additionally, if you’re out of the office for one reason or another and the software or hardware fails, you can fix it from your own computer.

RDP is a helpful and convenient tool for businesses the world-over.

So then where do the hackers come into it?

How Attackers Compromise RDP

Ransomware such as CrySIS, CryptON, and SamSam among others have been utilized and spread through RDP. Most of these attackers use what is known as the brute force method.

The problem with brute force is that attackers don’t necessarily have to be professional at what they do. On the contrary, brute force attacks are literally just trial-and-error.

Brute-force is also, however, time and resource consuming. Its success relies on patience, perseverance, and volume rather than some magic algorithm. What this means for us is that we can take measures such as complex passwords to protect against them.

Securing Your Remote Desktop Server Against Brute Force

Brute force attacks usually begin with the attacker scanning a list of IP and TCP port ranges to find a port that’s open. This is the time-consuming part. Once the attacker has gained access, however they’ve done it, they can start to unleash malware chaos on your server.

That said, brute force attacks really do depend on the measures you have or haven’t taken in securing your desktop. By rectifying your mistakes, you can successfully keep attackers out.


Whitelist Your IP Address

Whitelisting an IP is a simple way of preventing RDS attacks. However, it’s also simple enough that it won’t block every attacker who is trying to get in, such as the case with roaming users. Whitelisting your IP address restricts outsiders from gaining access. In order to do this, you need to set up inbound rules on your firewall, and/or your RDP server.  For example:

  1. Connect to your RDP server
  2. Open Windows Firewall with Advanced Security
  3. Click Inbound Rules
  4. Find and right-click the RDP Rule
  5. Go to Properties > Scope

Inside of the Scope tab is where you’ll create your IP restrictions.

  1. Under Remote IP address, check These IP addresses
  2. Click Add…
  3. Type your IP address in the top field
  4. Hit OK

Note: If you want to add an IP range instead, click This IP address range and input said range.

Deploy an RD Gateway

Remote Desktop Gateway servers give RDP users a more secure and encrypted connection. Having an RDG lets you share your network connection with other programs, enabling an ISP connection that steers off unwanted outsiders.

To do this, you first need to go to your service manager within your RDP.

  1. Go to Server Manager > Remote Desktop Services > Overview
  2. Under Deployment Overview, click on the green RD Gateway icon to install it
  3. Choose the server on which you want to install the role
  4. Enter your external FQDN (fully qualified domain name) in the SSL certificate name box
  5. Hit Next >

Once your RD Gateway is installed, you can configure certificates and properties. In properties, you can set up rules such as maximum simultaneous connections and further SSL bridging. This should leave your RDP network to your RDP team.

Multi-Factor Authentication

It’s likely you’ve heard of two-factor authentication already, even if you’re not a software professional. Companies like Apple, Google, and Amazon are all quickly adhering to this forward-thinking way of ensuring the security of their users.

Multi-factor authentication can also be used in conjunction with the two methods above, tripling down on your high-security RDP forcefield for better protection. In short, MFA allows you to login to your RDP and then authenticate that login by other means such as SMS, automated phone call, email or an app on your phone.

Once authenticated by your second device, you and only you can partake in that session.

Use a VPN

Installing a VPN helps administrators to limit unauthenticated users. With software like FortiClient.  SSL and IPSec VPNs are used to provide a secure and reliable solution to attempted RDP attacks without the user needing to know the nitty-gritty on security and protection.

Once your remote desktop server is secure, you can continue to work from home or from the beach, if you want to.

It’s always better and cheaper to protect yourself and your company in advance.  To learn more about IT Security, please contact us.

2018 IT Security Update

2018 IT Security Update 1920 1280 Greenlight Managed IT Support Services | Sydney | Melbourne

Our computer systems will never be entirely secure. New techniques and procedures are constantly evolving, being implemented to circumvent current security measures. When one attack method is too heavily defended against, attackers look for new, innovative ways to avoid detection, increase infection rates, and gain wealth. 2018 saw the rise of cryptomining and cryptojacking, a shift in ransomware and malware, and a new target for phishing attacks. The best defense in this changing landscape is a layered approach involving proven security technology and end user education and awareness training.

Hardware-Based Threats

Two new vulnerabilities, Meltdown and Spectre, affected nearly every device with a modern CPU – that is, a processor made in the last 20 years – due to the way these processors function and isolate private memory. These vulnerabilities have existed for two decades before they were discovered, and until they were fixed, gave access to private data such as login credentials.

Cryptomining – The New #1 Threat

Cryptomining is an easier, less risky way to profit than ransomware. It works on any device, so not only are laptops and smartphones vulnerable, but so are other IoT connected devices like routers and TVs. The processing power of the CPU is redirected to mine a cryptocurrency, most commonly Monero, chosen for its anonymous blockchain and ability to run on consumer-grade hardware. The victim’s energy bill increases as the criminal profits. When scaling is used, the drain on the CPU is minimal when the mouse is in use, and then increases up to 100% at other times.

Some sites intentionally use cryptomining to generate revenue instead of bombarding site visitors with ads. These sites are primarily pornography, torrent, and streaming sites, that may not inform their visitors they are actively mining. The top cryptomining domains are making up 31%, at 28%, and at 26%.


Ransomware is a widespread and damaging type of malware typically used to extort money from the victims by encrypting their files. In 2017, ransomware hit hard. Companies were forced to pay expensive ransoms for their data. With the implementation of cloud backups for previous versions of files, and the widespread adoption of Windows 10, a more secure operating system, it is much harder for a ransomware campaign to be successful.

Ransomware attacks now target unsecured Remote Desktop Protocol (RDP) connections. Lacking adequate RDP settings leaves the environment open to attack; RDP access to previously hacked devices can even be purchased on the dark web. This allows the criminals access to the system and turns it into an entry point for browsing all of the data, disabling endpoint protection, and deploying ransomware or other malware.


Malware is software that was written to cause harm to data and devices. Malware continues to be a prevalent threat, but it is declining. Cryptomining is much easier and more profitable than deploying malware. In the first half of 2018, malware web traffic dropped from 2% down to 1%. With threat tactics and attack methods constantly changing in response to security, malware is becoming more resilient, harder to detect, and longer-lasting.

Botnets are the most common method to deploy malware. Emotet is currently the most persistent botnet. “[Emotet’s] payloads are delivered at an impressive pace, showing that threat actors have automated multiple steps in their campaign operations. Emotet aspires to increase the number of zombies in its spam botnet, with a concentration on credential-gathering.” (Webroot). Emotet can turn routers into proxy nodes for command and control infrastructure. As most residential routers are Linux-based without antivirus, they are often not set up properly and are easily exploited, with the victims being unaware that the Universal Plug and Play is used to plug IoT devices into their router.

Other forms of malware are also evolving. Trickbot can now ensure that their attack modules and web injections remain active for longer; this is accomplished with Tor servers as their level 1 command and control infrastructure. Zeus Panda, also called Panda Banker, has started to target more regions around the world. Criminals are changing their attacks to be less noticeable and more profitable.



Phishing attacks are on the rise. Phishing attempts increased from January to June by 60% (Webroot). Dropbox was a primary target, getting 17% of the attacks. Dropbox accounts can store personal, business, or financial data that leads to a much bigger payoff if the attacker can get access.

93% of breaches in an organization are due to phishing. Employee security awareness can be the difference between preventing an attack or being the victim of cryptomining, ransomware, or malware. Ongoing security training, especially when the course content is current, reduces the risk of infiltration proportionately. Based on testing:

  • Companies that run between one to five employee security awareness campaigns see a 33% phishing click-through rate
  • Companies that run between six to ten employee security awareness campaigns see only a 28% phishing click-through rate
  • Companies that ran at least 11 campaigns to train employees on security awareness saw the phishing click-through rate reduced to 13%.

Educating end users on how to spot and avoid phishing scams should be an ongoing process, to ensure that employees are aware of the most current methods of attack. End user training is the best form of defence, because even the most advanced security technology could potentially be circumvented by attackers eventually. Well-trained end users who know what to look for and are kept up-to-date on threats are more equipped to prevent attempted attacks. To educate your employees on current threats and attack methods, contact us for our security training.

In a constantly changing threat landscape, your computer security is only as good as your technology and training. New techniques are constantly being discovered, with targets and attacks changing all the time to exploit weaknesses in security. When one security area is bolstered, attackers change their methods and find another way in. The best defence is to combine proven security technology with ongoing end user training that will teach them how to spot a threat before it’s too late. Reduce your risk and keep your environment secure by providing security awareness training for employees. Contact us to learn more about IT Security.

Two factor authentication solutions

What is 2-Factor Authentication and How Can it Keep My Data Secure?

What is 2-Factor Authentication and How Can it Keep My Data Secure? 1000 667 Greenlight Managed IT Support Services | Sydney | Melbourne

In layman’s terms Two-factor authentication (2FA) can be thought of as “something you have, and something you know”.  Essentially it is a security protocol that gives the data on your network an added layer of data protection by requiring users to verify their identity twice when logging on to their user account.

Single-factor authentication is generally accomplished by entering a password at login, but 2FA asks for a second bit of data to further verify the user’s identity. This could be accomplished in one of several ways:

  1. With security questions, PIN numbers, or passwords, also known as knowledge factors.
  2. With possession factors, which may entail entering a code sent by SMS message to the user’s mobile, or the number from an identification card – essentially something the user owns that can be connected to them directly.
  3. Using biometrics, or inherence factors, such as a fingerprint, voice print, or iris scan.

Why use 2-factor authentication?

Depending on what type of business you conduct, a user name and password just might not be secure enough for some transactions. For financial, legal, medical, or other sensitive and confidential data, your clients may depend on your ability to adequately defend their information against any threat.

User names and passwords alone are too easily compromised. Some people have a hard time remembering passwords, and so may jot them down in places where they can be accessed by anybody. If their password is not changed on a regular basis, or if it is too easy to figure out, it won’t take much effort for a motivated hacker to gain access.

Two-factor authentication may provide the reinforcement you need to ensure your data is safe, by asking for input that only that user can provide, thus ensuring

What constitutes 2FA, and how do I get it?

Two-factor authentication asks for input from two different categories – such as one knowledge factor and one biometric factor, or first a user name/password combination, followed by a voice print or fingerprint scan.

Many industries have been hesitant to deploy a 2FA standard, and those that have in the past have developed the impression that it impedes workflows and makes the sign-in protocol difficult to manage for their IT teams.

On the customer-facing side, it is often deployed to mixed reviews: clients may know that it is important in terms of the extra security it provides, but may not appreciate the bother of signing in twice. This created a need for the technology to be more accessible and user-friendly, a need that has been met by a multitude of security-specialist app developers, such as Australia’s Token One.

The technology behind 2FA

2FA providers like Token One use an encryption technique called one-time pad, also known as OTP. OTP is essentially a crypto algorithm that encrypts a message using a randomly generated key that is matched to a one-time pad and key which is never repeated twice.

Since OTP is not based on algorithms, it is not vulnerable to hacking and is widely considered to be uncrackable. In one form or other, it has been in use since WWII, where it was used to transmit secret messages and in espionage.

The intrinsic reliability of OTP is what led developers to shape it into its current technological form, which is now leveraged by a multitude of cyber-security developers. With today’s tech security challenges and all of its implied perils, there has never been a more needful time to bring these solutions to market.

Greenlight ITC: cyber-security specialists in Sydney and Melbourne

Deploying a robust 2FA protocol such as Token One is simply a smart choice. If you are in an industry such as healthcare, education, the public sector, legal, or financial, and you are not yet using a 2FA protocol or if your current 2FA system is not living up to its promise, Greenlight can help. Call today to speak to one of our technicians about Token One, and how it can help protect your company from whatever comes next.

Internet Explorer patch arrives to fix critical vulnerability

Internet Explorer patch arrives to fix critical vulnerability 150 150 Greenlight Managed IT Support Services | Sydney | Melbourne

Last week the internet went into meltdown after a critical bug was found in all versions of microsoft’s internet explorer applications.
The vulnerability known as CVE-2014-1776 allowed “An attacker who successfully exploited this vulnerability to take complete control of an affected system.
The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Microsoft had previously stated that it would not patch and maintain windows xp as of early April however due to the severity of the vulnerability they have decieded to create an update for the exploit.
All versions of windows now have the patch available and it has been applied to all of our customers systems on managed server/desktop support plans.


Computer binary code

Australian Businesses Suffer Significant Blows from Heartbleed Bug

Australian Businesses Suffer Significant Blows from Heartbleed Bug 1448 2048 Greenlight Managed IT Support Services | Sydney | Melbourne

Computer binary codeAs many as 10 percent of Australian businesses were affected by the recent Heartbleed attack, as security experts say Google “bungled” the entire situation. The bug, which makes sensitive data vulnerable to hackers, was first discovered in March by Neel Mehta of Google Security and then by security firm Codenomicon in April. The issue was only made public on April 7, after Google informed OpenSSL about it.

Its Impact on Australian Businesses

The security breach had a significant impact on Australian businesses and ordinary Internet users. In fact, one technology writer revealed in a post that 10 percent of 200 ASX-listed companies have been affected. That includes CERT Australia, the organization that is supposed to coordinate information about digital threats. Several GE Money sites were also among those vulnerable to attacks because of Heartbleed.

At least 500,000 sites have been discovered vulnerable. These include the Coles Mastercard and Mayer Card websites.

Data security is crucial to businesses. It’s important that companies can secure their customers data because, as one security expert puts it, Heartbleed is catastrophic. And since among the most critical businesses affected by security issues are banks, it’s important that clients are aware of the preventive measures their banks are implementing.

CNET Australia contacted several banks to find out what measures they’ve taken to protect customer data as well as advice on how they can ensure their data is secure. All the banks they talked with confirmed that their sites were not affected by the bug and most did not recommend customers change their passwords. CNET also talked to other major businesses like PayPal, Yahoo 7 and ANZ and got the same response. However, Yahoo 7 did not answer if customers need to change their passwords while ANZ recommended updating passwords regularly. GE Money says its customers’ data has not been compromised but also urged its customers to change passwords.

Websites Aren’t the Only Ones Affected

The impact of Heartbleed isn’t limited to websites. A Yahoo! news report said that it also affected equipment that connects to the Internet. That includes routers, firewalls, and switches. Because these products could contain the bug, it makes information —usernames, passwords, and credit card information — that’s passed through these equipment also susceptible to hacking. Cisco and Juniper, two of the largest creators of networking equipment, have confirmed this.

Changing passwords may not be enough to protect your data if the equipment is infected. While it’s easy to fix websites by installing updates, networking equipment needs to be repaired by makers.

Google Failed to Disclose the Issue Immediately

It’s a bold move for the two companies to be transparent about the issue. One security and computer forensics professor commends Cisco and Juniper for being upfront with clients, which can’t be said to most companies, like Google.

Google has received flak for the way it responded to the discovery of the bug. The search engine giant has patched its systems in March, weeks before news about Heartbleed became public. Furthermore, a handful of companies were also able to take counter measures earlier than most businesses.

Many felt that it failed to responsibly disclose the bug. IT security experts are calling it a selfish act. They felt that Google looked after its own interests first. And ordinary Internet users agree that there was a lack of responsible disclosure.

Many suspect that Google played favourites and deliberately withheld the critical information from rivals like Yahoo. Sites like Flickr and other Yahoo’s web services became vulnerable to the bug while Facebook, CloudFlare, and Akamai seemed to had a heads up and were able to patch their systems earlier than April 7, when the issue has been made public.

But what’s most interesting is news that Google allegedly didn’t inform the government about Heartbleed when it should. While it’s not surprising for companies to wait until they were able to patch their systems before they make any public announcement, keeping it from the federal government is another. Google’s delay could have resulted in making federal systems vulnerable to attacks.

According to a TIME article, the “NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cybersecurity report.”

So What Can You Do?

Heartbleed will have lingering effects. Because it stayed undetected for several years, there’s no telling how much information was compromised and what hackers can do with that information. That’s bad for businesses.

It’s great that many companies have taken the necessary steps in minimizing the consequences of this bug but it’s even more important to take matters into your own hands. Be more proactive. Change and update passwords regularly and strengthen your IT systems. Having the right IT infrastructure is critical. It is your lifeline.

If you’re unsure about your company’s Internet security, contact Greenlight now. We can help make your IT systems updated, reliable, and secure.


Dropbox Security Issues: Should You Worry about Your Company’s Data?

Dropbox Security Issues: Should You Worry about Your Company’s Data? 800 1050 Greenlight Managed IT Support Services | Sydney | Melbourne

DropboxShould you be worried about data security? This is a very relevant question since news of the Heartbleed bug broke out. As a result, numerous businesses implemented preventive measures and assured their customers that their data are safe.

Dropbox is one of those.  But the problem, critics say, is that Dropbox failed to do it right. Instead of sending direct emails to its users, Dropbox published a post in its blog, which is buried deep in its website. In it, Dropbox offered assurance and advised customers to regularly update their passwords.

Is That Enough to Secure Private Information?

According to the company, its security team is working non-stop. It has patched all public-facing systems that run on OpenSSL and re-issued and re-keyed SSL certificates for all domains. It also advised using strong passwords and not sharing it with other services. That’s one step to ensuring your data is safe. The next step is to check your routers and firewalls for infection. These could have been infected as well and it’s advised to get it checked by the manufacturer.

Dropbox also regularly issues transparency reports to show customers which agencies request access to user data. But critics say the reports aren’t very clear when it comes to data requests for users from countries other than the United States. If that isn’t enough reason to be concerned, Dropbox was also listed by Edward Snowden as one of the cloud providers that will soon become part of the National Security Agency’s Prism spy network in leaked documents.

Some were so concerned that they are calling for people to stop using Dropbox on a site called Drop-Dropbox. This, however, didn’t deter the company in its continued efforts to provide great service. Ross Piper, vice-president of enterprise strategy, undermined concerns about compromised data by Australian companies.

Your Data Could Still Be at Risk

Even without the Heartbleed bug, user data could still be at risk. There’s a risk of losing important data every time you use Dropbox, according to a post from Business IT. Most of the time, simple habits can result to getting sensitive information to fall in the wrong hands. Things like using a personal Dropbox account and sharing folders with others can make you at risk of hacking. That’s why everyone should exercise caution when storing and sending files through Dropbox.

What Does This Mean for Australian Businesses?

Dropbox is opening its first Australian office. And that is a strong indication of the kind of relationship the company has with its Australian market. The company claims that 95 percent of the top 100 Australian listed companies are Dropbox users. It takes pride in the fact that Australia has one of the highest per capita usage rates in the world. Dropbox is also working to meet the requirements of the Australian privacy principles.

Should You Still Continue Using Dropbox?

Although there are several alternatives for cloud storage and a couple of glitches in the past couple of years, Dropbox is still best in show. It’s easy to use. It’s universal. Plus, there’s an option for individuals to use it for free.

You can find comfort in the company’s commitment to privacy and security. One of its tools, Perfect Forward technology, prevents any vulnerability from regaining past access. According to CNET, it doesn’t allow any previous access a key might have had to be used again. That basically means you don’t have to worry about Heartbleed again.

Despite all these, Dropbox allows fast and secure file-sharing between computers. But you need something stronger for your business. Contact Greenlight if you need help in building computer networks that will allow seamless — and hack-proof — file-sharing methods. We can help protect your company’s data so you don’t have to worry about encryption flaws again.

Heart bleed bug Scare: Are YOU Protected?

Heart bleed bug Scare: Are YOU Protected? 150 150 Greenlight Managed IT Support Services | Sydney | Melbourne

Over the past few weeks, you may have heard some chatter about a security vulnerability named “Heart Bleed.” Not surprising.

According to the Sydney Morning Herald, the Heart Bleed security flaw has exposed tens of thousands of businesses to attacks by malicious hackers.

And as with any security scare hitting the web, businesses want to know “should we be worried?”

The short answer? Yes. The long answer? Read on to find out how Heart bleed can harm your business, and what you should do about it.

What is the Heart bleed bug, and How Does it Work?

Heart Bleed is software vulnerability that allows malicious hackers to access a range of network-connected devices and illegally gather passwords, usernames, encryption keys and personal information.

The vulnerability exists in OpenSSL software used by tens of thousands of businesses running open source web servers including Apache and nginx. The attackers’ goals are to gather sensitive information to gain unauthorized access to websites and networks. This data can then be sold to third parties.

Furthermore, malicious parties are able to:

  • Impersonate a website while suppressing alerts about invalid certificates
  • Decrypt all communication between your computer, tablet, phones and any online service 

How do I know if I’m vulnerable?

The fact the websites that you probably use on a daily basis have reacted very quickly to the bug is great, but because the Heart Bleed bug has been around for close to two years, there is a reasonable risk that your usernames and passwords may have been previously compromised without your knowledge.

You may have noticed that some sites you’re registered to may have logged you out as a security measure.

What are some services that have been affected?

Fortunately for many businesses, Microsoft products do not utilise the OpenSSL encryption mechanism. As such, it is extremely unlikely that your computer usernames and passwords were compromised when logging onto your company’s webmail, computer or virtual private networks.

The major Australian Banks have also released statements indicating that there exists no risk to their financial software and databases.

The bad news is that approximately two-thirds of the Internet runs systems using OpenSSL, and the likelihood of you having an exposed account is high.

A few of these are:

  • Google, including Gmail
  • Pinterest
  • Tumblr
  • Yahoo
  • GoDaddy
  • GitHub

Unconfirmed, but likely:

  • Twitter
  • Facebook
  • Apple
  • eBay

Mashable have also put together a fairly comprehensive list of web services that have been affected by Heart Bleed. Check out the Mashable Heart Bleed article here.

How can I protect my business from the Heart Bleed bug?

As with most wide-spread security vulnerabilities, the developer community has mobilized to educate and address the bug to minimize the extent of its damage.

It’s extremely important that you contact your IT service provider (or department) and ensure that your network is protected from the Heart Bleed vulnerability. In the majority of cases, service providers have proactively patched the vulnerability, but a phone call is a clever precaution.

A further step would be to revisit your business password policies. Passwords like “password123” are not going to cut it, and we strongly recommend mandatory password changes every 30 days.

For web-accessed software (think Gmail, MailChimp, your Sydney Morning Herald account, etc), we recommend using password management software such as LastPass.  LastPass enables users to use a single Master Password to protect the tens (or hundreds) of website user credentials.

The added benefit to using LastPass is that their software can identify websites you use that have been compromised by the Heart Bleed virus, making it easier for you to know whether your data is at risk.

If you re-use the same passwords across multiple websites, you may still be vulnerable. If you don’t routinely change your websites’ passwords, it’s possible that even your customers’ information may have been accessed.

Make sure that you select a new, secure password, and that you don’t re-use the same password across multiple websites. If you think your network may have been compromised by the Heart Bleed bug, get in touch with us today for a free consultation and simply call (02) 8412 0000.