We have seen a number of Windows update scams over the years, but according to McAfee, they are on the rise. The latest attack type is smarter and more effective than ever.
If you manage Windows machines, this is definitely something to watch out for!
A report published by McAfee throws new light on an old problem. A new type of scam targeted Windows users.
The problem is called Magniber and its ransomware disguised as a legitimate Windows update.
The Magniber ransomware has been very cleverly designed. It hides its true purpose until the very last minute and only reveals itself once all your files are locked down and it makes its demands.
The good news is that it hasn’t integrated into Window’s built-in update mechanism and still depends on user action.
The bad news is that every aspect of the Magniber ransomware has been designed to quietly infiltrate user devices until it’s too late.
Machines are compromised when a user visits an infected website.
As not all antivirus or malware scanners monitor memory, it can be missed until it’s too late.
Once active, the malware encrypts all files on accessible drives and sets itself up as an administrator.
Once its work is complete, it will open a ransom window and demand payment in return for restoring access.
If you refuse to pay, data is deleted for good. If you do pay, presumably your files are restored.
As the malware sets itself up as an administrator, there’s nothing stopping a hacker gaining access to the device directly to plant more malware or copy data.
That’s much more involved than running the ransomware but there have been instances where hackers piggybacked malware to see what they can find.
Mitigating against Magniber ransomware
As we mentioned, the main weakness of Magniber ransomware is that it requires users to visit an infected website and click a download link.
This is where IT policies, staff training and awareness and internet security controls come in.
Teaching staff to not visit such websites and to never click links can be very effective.
As can showing staff how Windows update really works or that IT will take care of system updates so staff don’t have to.
This is your first line of defence.
A network security solution that can detect websites with infected links can also be useful.
This is your second line of defence.
Using a security solution that can scan device memory for malware is also valuable.
This is your third line of defence.
While prevention is always better than cure, its situations like this where backups prove their worth.
Backups are your final line of defence.
The power of backups against ransomware
Most ransomware will encrypt files and promise to unlock them in return for a crypto fee.
What we don’t know is the proportion of ransomware that actually unlocks those files once paid.
If we were betting people, we would bet on that being a relatively low number. Which means it’s likely to be futile to pay the hacker what they are asking for.
If you applied the rules of rational economics, the vast majority of ransomware payments would result in data being unlocked.
After all, if word got around that data was lost even after paying up, that revenue stream would soon dry up.
But, neither economics, nor malware is rational, so all bets are off.
This makes the case for regular backups.
Regular backups means if you don’t pay the ransom, you can wipe the infected system and rebuild it from backup.
At the most, you lose a few hours or a day of productivity.
As most backup solutions cost less than the average ransom and can cover any number of devices, it’s money well spent.
Staff education and training is a great preventative measure but nothing beats a strong secondary defence in IT policies and security solutions.
If you need help with any of that, Cloud Heroes are here to help.Read More
The modern business environment is one of competing priorities. The business needs to make information accessible to help productivity. IT teams and security admins need to lock down information to prevent it being lost or hacked.
Both are viable priorities.
Information is essential for a business to run. We have to share information to be able to function and that will typically involve sharing, making copies and sending outside the business to clients.
Security still needs to be maintained though as information is currency. In the right hands, it’s your currency that helps build relationships and gets business done. In the wrong hands, it can be held against you, shared without your permission or given to competitors.
How do you manage the two?
The cloud can help.
Cloud services and productivity
Not that long ago, information was locked down. Businesses were divided into silos and information and responsibility was kept within those silos.
It wasn’t a particularly efficient way to work, which is why it failed.
We are now working in a more open environment but there’s still a battle between keeping information accessible so it can help productivity and locking it down to keep it safe.
Overzealous managers or security admins can often get in the way of productivity and collaboration.
We have all seen it and we have all rolled our eyes at it when trying to share information with others.
We can avoid all that by switching to the cloud.
Let’s look at a real life example.
If your business is anything like ours, you would identify a piece of data, a file, a document or information relevant to the task at hand.
You will make a copy of that information and share it via email, Slack or company channels.
There will now be several copies of that information that need to be secured and controlled.
Once you share copies of data, you lose control over it. That’s not a great way to manage data security. While you may trust everyone in the distribution list, accidents happen. We all know they do.
Auditing is impossible and it’s difficult to notify all interested parties when an update has been made to any of that information.
It gets business done, but not in a particularly efficient way.
Now let’s look at a cloud example.
This is how we and thousands of other firms now work and we encourage you to work this way too.
You identify a piece of data, a file, a document or information relevant to the task at hand.
Rather than make a copy and share it, you share access to the actual piece of data within the cloud.
You add the relevant people to the access list for the document, provide read-only, edit or administrative permissions as required and share the link to that document.
Only the people with that link or with permission can access it, so your security admin is happy.
Relevant parties have access to the information and can act upon it, which makes managers happy.
Every change to that data is tracked, with a full audit trail for every change by every user, which makes your data controller very happy.
The core copy of the information can be secured and updated as required and everyone can see the changes.
Access can be changed or revoked at any time to help maintain data security.
All without having to make multiple copies of information, lose control of that information or risk colleagues or clients working on outdated documents or obsolete data.
That’s just one example of one particular instance that happens millions of times around the world.
There are likely many other ways controlling access to data can benefit your business without impacting productivity, but you get the idea.
Balancing productivity and security with the cloud
Switching to cloud services like Office 365 means you regain control of your data, increase security, maintain access and can effectively audit any changes.
All without impacting productivity and actually improving the way you work by making data available anywhere at any time. But only for authorised users.
It’s no wonder more businesses than ever before are switching to the cloud!
Not only is it cheaper and easier to manage, it helps you maintain full control over business intelligence while providing access to those who legitimately need it.
When data is currency, control is everything!Read More
Reports are coming thick and fast reporting a drastic increase in scams targeting the general public using cost of living, energy and discounts.
High Street banks and Citizens Advice are calling for people to be aware of a range of scams.
Scams include phishing emails supposedly from energy companies or Ofgem, WhatsApp messages from relatives who need help paying for a new phone, emails from the Department of Work and Pensions telling you to apply for cost of living payments and others.
As always when things get tough, scammers seek to benefit from it.
You don’t need us to tell you how tough these times are, but we are going to highlight some particular scams and what to do about them.
Energy companies or Ofgem
Given the energy situation right now, there’s an obvious nervousness about what the future holds. This gives scammers an edge as messages around energy costs are emotional and sidestep the rational side of our brain.
One scam doing the rounds is purportedly from Ofgem, the energy regulator.
It asks you to apply for a pair of energy rebates of around £700. The email looks convincing but some have said it is dated 2020.
Ofgem isn’t sending emails like this. They regulate the energy companies, they don’t get involved in the rebate scheme.
WhatsApp messages to help family members
Another scam doing the rounds right now is a WhatsApp scam. You’ll receive a message from an unrecognised number purporting to be from a family member.
The message says they lost their phone or were mugged and need you to send them some money to buy a new phone. They are borrowing a phone right now, hence the unknown number.
This is another very convincing scam that uses emotion to try to sidestep the logical side of the brain. It is apparently proving very successful.
Top tips to avoid the worst cost of living scams
If you or your staff are receiving messages or emails that aren’t being filtered by your systems, train everyone to spot them.
Here are some things to look out for:
Spelling and grammar – Some scam messages look really good, while others have obvious errors. Look for things that just don’t ‘feel’ right like informal greetings, wrong names, wrong dates or poor layout.
Unknown numbers or email addresses – We receive hundreds of emails a day at work and at home, but we’ll recognise the vast majority of them. Ignore any messages that request information that your team doesn’t recognise. You can always follow up directly with the supposed sender via other channels to verify.
Attachments – Businesses send attachments all the time, but we recognise them or the sender. If a message gets through your filters with an attachment, train staff to never open it if they are unsure of the sender or the contents.
Offers that are simply too good – If an offer sounds too good to be true, it probably is. Use the same principles you would in business, at work or at home to decide whether an offer sounds legitimate or not.
Most of all, remind staff that most organisations won’t email directly from unknown email addresses or call them from unknown numbers.
If in doubt, delete the message and follow up with the organisation directly through another channel.
If it’s important, the organisation will get in touch another way.
For energy scams, most discounts are being applied automatically, so there’s no need to give bank details or personal details to any organisation, whoever they are.
If your email filters aren’t capturing email scams or filtering out junk, perhaps it’s time to look at an alternative solution. Contact one of our team to see how hosted email can help!Read More
Microsoft has released the first major update to Windows 11, update 22H2.
We have seen small updates and fixes ever since Windows 11 was released but this is the first major update we have seen.
There is a selection of feature and productivity updates in this new version. We have tested it here and it seems to work well, on our test machine anyway!
Windows 11 update 22H2
Windows 11 update 22H2 was released on 20th September 2022 and is gradually being made available across the world.
It’s a gradual update and Microsoft is watching carefully for feedback and issues before it makes it universally available.
Given some of the faux pas Microsoft has made over updates in recent times, we think this is a good idea.
Even though you can control Windows updates in enterprise, curious users always seem to find a way to update even when you don’t want them to!
So, what’s in Windows 11 update 22H2?
Microsoft Defender SmartScreen update
Microsoft Defender SmartScreen has been updated to add phishing protection. Phishing has become a primary attack vector at home and at work.
Any tangible improvement to protections has to be a good thing.
Windows 11 22H2 adds a check that monitors anywhere users add their Microsoft credentials.
For example, if a user visits a malicious website and enters their login details, the system will alert them and explain the potential threat.
Smart App Control is being updated to automatically block untrusted or unsigned apps.
It will also block those VBA office macros that were the cause of so much trouble earlier this year.
File Explorer tabs
File Explorer tabs is such a simple thing but we had had to wait years for it to arrive. Mac OS has had them for ages, now Windows users will too.
It’s an excellent feature addition that should make life much easier for system admins and general users alike.
Focus Sessions and Do Not Disturb
Focus Sessions and Do Not Disturb allow users to focus more on what they are doing and minimise distractions.
It won’t prevent colleagues coming up to your desk and interrupting you. It will suppress notifications and provide timers to help you concentrate on getting that presentation or content done on time though.
Clipchamp is a new video editing tool for Windows 11. It’s a modern version of Windows Movie Maker that can help you design and edit videos for marketing or just for fun.
It’s no replacement for enterprise tools but if you want to quickly edit a video to add to content without having to pay for, or learn a new application, Clipchamp can help.
Windows Studio update
Windows Studio is a webcam app that adds backgrounds, blur effects, noise cancellation and other goodies to meetings.
There’s a new Eye Contact feature in this update that will somehow make it look as though you’re making eye contact even when you aren’t.
Windows Shell is getting an update too. The new UI is more in keeping with Windows 11, the taskbar and Start menu are getting some attention and a new Suggested Actions menu will copy something from elsewhere.
There’s also a new snapping mechanism that makes it easier to place windows, tile them and snap them into place.
There are also improvements to the Windows Account page, Windows Update and new settings sprinkled liberally around the interface.
Task Manager is also getting a new look with a more Windows 11-like UI, a new side menu and a much clearer and cleaner way to access information.
While most users won’t get to see the new Task Manager, home users and admins will find it a much nicer place to be.
There is a lot to this update even though it isn’t quite the showstopper we saw with Windows 10. Nevertheless, the improvements all seem to be user-driven and offer proper benefits to home and business users.
Have you tried it yet? Have any opinions on it? Tell us about it if you have!Read More
Domain names are incredibly important for a business. They provide the online identity for your website and create an emotional and psychological link between your website and your brand.
Domain names are acquired through domain registrars. These are companies licenced to provide access to domain names and be able to register them with the Internet Corporation for Assigned Names and Numbers (ICANN).
Without a registrar, you cannot buy and use a domain name.
So how do you choose a good one?Read More
Part of the benefit of using cloud solutions is being able to place responsibility onto the provider rather than having to shoulder the burden yourself.
We would like you to know that Cloud Heroes takes its part in that very seriously and are a provider you can trust.Read More