Tag Archive for MSFT

| June 24, 2018
Comments Off on Undersea Data Center

Undersea Data Center

Updated 08/09/2019 – Microsoft has installed two underwater cameras that offer live video feeds of the sunken data center. You can now watch all kinds of sea creatures swimming around a tank that holds 27.6 petabytes of data.

Undersea Data CenterFollowers of the Bach Seat know that Microsoft (MSFT) has experimented with undersea data centers to save costs associated with deploying data centers. Back in 2015, I wrote about MSFT’s initial experiment off the California coast where MSFT first tried out the idea of an underwater data center. Redmond has announced phase 2 of Project Natick. Phase 2 of Project Natick is designed to test the practical aspects of deploying a full-scale lights-out data center underwater called, “Northern Isles.”

Undersea Data CenterKurt Mackie wrote in an article at Redmond Magazine that Microsoft is testing this underwater data center off the coast of Scotland near the Orkney Islands in the North Sea. Microsoft wants to place data centers offshore because about half the world’s population lives within 125 miles of a coast. Locating data closer to its users reduces latency for bandwidth-intensive applications such as video streaming and gaming, as well as emerging artificial intelligence-powered apps. Latency is the time it takes data to travel from its source to customers. It is like the difference between using an application on your hard drive vs. using off the network.

Mr. Mackle posts that the original underwater data center had the computing power of 300 PCs, Phase 2’s computing power is equal to “several thousand high-end consumer PCs,” according to Microsoft’s FAQ page. This next-generation underwater data center requires 240KW of power, is 40 feet in length, and holds 12 racks with 864 servers. The submarine container is mounted on a metal platform on the seafloor 117 feet deep. The Phase 2 data center can house 27.6 petabytes of data. A fiber-optic cable keeps it connected to the outside world. Naval Group, a 400-year old French company built the submarine part of the project.

The interesting part (U.S. Navy submarines have had computers onboard for years) is the lights-out part. Lights out allow Microsoft to change up how data centers are deployed. Northern Isles’s cooling techniques are changed. The cold-aisle temperature is kept at a chilly 54F (12C) to remove the stress temperature variations place on components. This temperature is maintained by using a heat-exchange process developed for cooling submarines. Ben Cutler, Microsoft Research Project Natick lead told Data Center Knowledge, “... by deploying in the water we benefit from ready access to cooling – reducing the requirement for energy for cooling by up to 95%.”

heat exchangerWith Phase 2, Mr. Cutler explained to DCK there’s no external heat exchanger, “We’re pulling raw seawater in through the heat exchangers in the back of the rack and back out again.” This cooling system could cope with very high power densities, such as the ones required by GPU-packed servers used for heavy-duty high-performance computing and AI workloads.

According to DCK the first iteration of Project Natick had a Power Usage Effectiveness (PUE) rating of 1.07 (compared to 1.125 for Microsoft’s latest-generation data centers). The lower the PUE metric, the more efficiently the data center uses electricity. Microsoft hopes to improve the PUE for the phase 2 data center.

off-the-grid tidal power.Data centers are believed to consume up to 3% of the world’s electricity. The new cooling options change up the Northern Isles data center power requirements. It can run off the Orkney Islands’ local electrical grid which is powered by renewable wind, solar and tidal sources. One of the goals of the project is to test powering the data center with an off-the-grid source, such as using nearby tidal power.

Future versions of the underwater data center could also have their own power generation. Mr. Cutler told DCK, “Tide is a reliable, predictable sort of a thing; we know when it’s going to happen … Imagine we have tidal energy, we have battery storage, so you can get a smooth roll across the full 24-hour cycle and the whole lunar cycle.”

This would allow Microsoft to do away with backup generators and rooms full of batteries. They could over-provision the tidal generation capacity to ensure reliability (13 tidal turbines instead of 10, for example). Mr. Cutler says, “You end up with a simpler system that’s purely renewable and has the smallest footprint possible.”

Northern Isle underwater data centerThe Northern Isle underwater data center is designed to run without being staffed. This fact cuts down on human errors. It is designed with a “fail-in place” approach where failed components are not serviced, they are just left in place. Operations are monitored by artificial intelligence. Mr. Cutler said, “There’s a lot of data showing that when people fix things they’re also likely to cause some other problem.

By operating in ‘lights out’ node with no human presence, allows most of the oxygen and water vapor to be removed from Northern Isles’ atmosphere. MSFT replaced Oxygen with 100% dry nitrogen. This environment should greatly cut the amount of corrosion in the equipment, a major problem in data centers on land.  Mr. Cutler told DCK, “With the nitrogen atmosphere, the lack of oxygen, and the removal of some of the moisture is to get us to a better place with corrosion, so the problems with connectors and the like we think should be less.

The Redmond Magazine article says Project Natick’s phase 2 has already proved that it’s possible to deploy an underwater data center in less than 90 days “from the factory to operation.” The logistics of building underwater data centers are very different from building data centers on land. Northern Isles was manufactured via a standardized supply chain, not as a construction process.  Mr. Cutler said, “Instead of a construction project, it’s a manufactured item; it’s manufactured in a factory just like the computers we put inside it, and now we use the standard logistical supply chain to ship those anywhere.

standard ISO shipping containerThe data center is more standardized. It was purposely built to the size of a standard ISO shipping container. It can be shipped by truck, train or ship. Naval Group shipped Northern Isles to Scotland on a flatbed truck. Mr. Cutler told DCK, “We think the structure is potentially simpler and more uniform than we have for data centers today … the expectation is there actually may be a cost advantage to this.”

The rapid time to deploy these data centers doesn’t only mean expanding faster, it also means spending fewer capital funds. Mr. Cutler explained, “It takes us in some cases 18 months or two years to build new data centers … Imagine if instead … where I can rapidly get them anywhere in 90 days. Well, now my cost of capital is very different … As long as we’re in this mode where we have exponential growth of web services and consequently data centers, that’s enormous leverage.

rb-

If Project Natick stays on the same trajectory, MSFT could bring data centers to any place in the developed or developing world without adding more stress on local infrastructure. MSFT’s Cutler told DCK “There’s no pressure on the electric grid, no pressure on the water supply, but we bring the cloud.”

As more of the world’s population comes online, the need for data centers is going to skyrocket, and having a fast, green solution like this would prove remarkably useful.

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| April 30, 2018
Comments Off on ATM Jackpotting

ATM Jackpotting

ATM JackpottingThe U.S. Secret Service has warned (PDF) financial institutions of logical (jackpot) attacks on Automated Teller Machines (ATMs). These ATM attacks originated in Mexico and have spread to the US. These jackpotting attacks are an industry-wide issue and as one vendor stated, are “a call to action to take appropriate steps to protect their ATMs against these forms of attack and mitigate any consequences.”

The attack mode involves a series of steps to defeat the ATM’s existing security mechanisms and the authorization process for setting the communication within the ATM. Internal communications are used when computer components like the mainboard or the hard disk have to be exchanged for legitimate reasons.

Description of an ATM attack

Automated Teller Machines (ATMs)In a Jackpotting attack, the criminal gains access to the internal infrastructure of the terminal to infect the ATM PC or by completely exchanging the hard disk (HDD). There are a number of steps the attacker has to take for this type of attack:

  1. The top of the ATM must be opened.
  2. The original hard disk of the ATM is removed and replaced by another hard disk, which the attackers have loaded with an unauthorized and/or stolen image of ATM platform software.
  3. In order to pair this new hard drive with the dispenser, the dispenser communication needs to be reset, which is only allowed when the safe door is open. A cable in the ATM is unplugged to fool the machine into allowing the crooks to add their bogus hard drive to the ATM.
  4. A dedicated button inside the safe needs to be pressed and held to start the dispenser communication. The crooks insert an extension into existing gaps next to the presenter to depress the button. CCTV footage has shown that criminals use an industrial endoscope to complete the taskATM's

In other Jackpotting attacks, portions of a third-party multi-vendor application software stack to drive ATM components are used. Brian Krebs at Krebs on Security reports that Secret Service issued a warning that organized criminal gangs have been attacking stand-alone ATMs in the United States using “Ploutus.D,” an advanced strain of jackpotting malware first spotted in 2013.

Mr. Krebs also reports that “During previous attacks, fraudsters dressed as ATM technicians and attached a laptop computer with a mirror image of the ATMs operating system along with a mobile device to the targeted ATM. Once this is complete, fraudsters own the ATM and it will appear Out of Service to potential customers according to the confidential Secret Service alert. At this point, the crook(s) installing the malware will contact co-conspirators who can remotely control the ATMs and force the machines to dispense cash.

In previous Ploutus.D attacks, the ATM Dispensed at a rate of 40 bills every 23 secondscontinuously dispensed at a rate of 40 bills every 23 seconds,” the alert continues. Once the dispense cycle starts, the only way to stop it is to press cancel on the keypad. Otherwise, the machine is completely emptied of cash, according to the alert. While there are some risks of the money mule being caught by cameras, the speed in which the operation is carried out minimizes the mule’s risk.”

Specific Guidance and Recommendations

The most common forms of logical attack against ATMs are “Black Box” and “Offline Malware”. The steps to minimize the risks to ATMs are the same as any other enterprise device.

  1. Make sure firmware and software are current with the latest updates, are important protections to mitigate the impact of Black Box attacks. Four out of five cash machines still run Win XP or Win XP Embedded. The Secret Service alert says ATMs still running on Windows XP are particularly vulnerable, and it urged ATM operators to update to at least Windows 7 to defeat this specific type of attack.
  2. Use secure hard drive encryption protections against Offline Malware
  3. Use a secure BIOS remote control app to lock the ATM BIOS configuration and protect the configuration with a password.
  4. Deploying an application whitelisting solution.
  5. Limit Physical Access to the ATM:
    • Use appropriate locking mechanisms to secure the head compartment of the ATM.
    • Control access to areas used by staff to service the ATM.
    • Implement two-factor authentication (2FA) controls for service technicians.
  6. Set up secure monitoring
  7. Use the most secure configuration of encrypted communications. In cases where the complete hard disk is being exchanged, encrypted communications between ATM PC and dispenser protect against the attack.
    • Ensure proper hardening and real-time monitoring of security-relevant hardware and software events.
    • Investigate suspicious activities like deviating or non-consistent transaction or event patterns, which are caused by an interrupted connection to the dispenser. Monitor unexpected opening of the top hat compartment of the ATM.

rb-

Followers of the Bach Seat know how to secure their PCs, I have written about securing PCs many times here. So the question is why not ATMs? Research says that consumers go into the branch less every year. The experts say that by 2022 customers will visit a branch only 4 times a year. In many cases, ATMs are the bank’s surrogates for most cash transactions. It makes sense to get it right.

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
| April 24, 2018
Comments Off on Barracuda Networks Has Been Bought

Barracuda Networks Has Been Bought

Barracuda Networks Has Been BoughtWhile the massive Equifax data breach is still fresh in everyone’s minds and the cybersecurity workforce is expected to be short nearly 2 million people. IT security expenditures to top $1 Trillion by 2022. Private equity giant Thoma Bravo, LLC has jumped back into the IT security market with both feet. Barracuda Networks has been bought by the private equity firm in a deal that’s valued at $1.6 billion.

BarracudaBarracuda (CUDA) sells appliance and cloud-based cybersecurity and data protection services. Clients include; Boeing, Microsoft and the U.S. Department of Defense. Barracuda says it has over 150,000 customers. Upon the close of the transaction, Barracuda will operate as a privately held company.

Barracuda Networks has been bought

Barracuda Network was founded in Ann Arbor, Michigan in 2003. From Ann Arbor, it raised at least $46 million in venture funding prior to its IPO. CUDA went public on the New York Stock Exchange in November 2013, pricing its IPO at $18. Barracuda acquired Yosemite Technologies in 2009 to expand its offerings into the storage market.

Barracuda NexGen FirewallBarracuda continued to innovate in the run-up to its acquisition. eWeek reports that in March 2017, Barracuda debuted new data backup and recovery capabilities for VMware and Microsoft virtual machines. In June 2017 Barracuda announced its new Sentinel service. The service uses artificial intelligence (AI) and container-based technologies to improve email security.

Barracuda also enhanced its network security products and services in 2017. eWeek reported in November that the company expanded the cloud capabilities for its Web Application Firewall (WAF) and NexGen Firewall products. The new capabilities include usage-based billing for the NextGen firewall running in the Amazon Web Services (AWS) cloud. The firewall included automated configuration capabilities for the WAF, thanks to an integration with the Puppet DevOps tool.

CEO BJ Jenkins commented on the transaction, “We will continue Barracuda’s tradition of delivering easy-to-use, full-featured solutions that can be deployed in the way that makes sense for our customers.

Thoma Bravo

Thoma Bravo is a Chicago-based private equity firm with $17 billion under management. Their appetite for IT firms is rather broad. Some of it’s most notable purchases have been:

  • Thoma Bravo is a Chicago-based private equity firmSeptember 2014 – $2.4 billion purchase of Detroit-based Compuware.
  • December 2014 – $3.6 billion acquisition of Riverbed.
  • In October 2015, they teamed up with Silver Lake to buy IT infrastructure management vendor SolarWinds for $4.5 billion.
  • April 2017 – Purchased a minority stake in the freshly re-spun McAfee.
  • June 2017 they purchased Remote Monitoring and Management (RMM), IT security management vendor Continuum.

Their portfolio has included brands such as; Bomgar, Digicert, Digital Insight, Dynatrace, Hyland Software, Imprivata, iPipeline, Nintex, PlanView, Qlik, SailPoint, and SonicWall.

Thoma Bravo has resold many of its holdings in recent years.

TechCrunch notes that private equity firms began more aggressively buying up software companies last year. The thinking seems to be they can generate reliable returns from such investments. The biggest take-private deals lately include:

  • Marketo, a marketing software maker. Went public in 2013 and was taken private again by Vista Equity Partners in 2017 for $1.79 billion in cash;
  • The sale of event-management company Cvent last year to Vista Equity Partners in a $1.65 billion deal.
  • Cybersecurity risk-monitoring platform SecurityScorecard raised $27.5 million from the VC arms of Google, Nokia, and Intel.

Other notable IT security equity funding recipients include; Attivo NetworksDarktrace, and SentinelOne.

Investopedia speculates that Thoma Bravo is paying a pretty high premium for Barracuda. CUDA now trades at 139 times earnings and 4 times sales. But under private management, its products will likely be integrated with the firm’s other software products to generate synergies.

CRN notes that being a privately owned company will give Barracuda a stronger ability to chart its own destiny. They will not have to “tap-dance to the Wall Street music,” Michael Knight, president and chief technology officer at solution provider Encore Technology Group, Greenville, S.C., said. He hopes Thoma Bravo’s infusion of capital will enable Barracuda to continue driving its public cloud business, a more solidified SD-WAN toolset, and more integrated endpoint security protection.

Rb-

I have used Barracuda products at past jobs. Including their SPAM-Email firewall appliances and their cloud-based backup up system. The pricing was adequate. Renewals were easy. The email firewalls were really robust and almost set and forget.

The few times when I needed tech support, it was available in Ann Arbor, Michigan. Barracuda, founded in Ann Arbor, was one of the early believers in the area as a high-tech hub. Barracuda has plans to spend  $2.3 million on the expansion of its operations center in the former Borders Books offices at 317 Maynard Street. The expansion will add 115 new jobs in downtown Ann Arbor over the next four years. I hope that after Barracuda Networks has been bought by Thoma Bravo, the deal does not have a “Chainsaw Al” that will kill that growth.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , ,
| March 10, 2018
Comments Off on Follow the Open Source Money

Follow the Open Source Money

 Matt Asay at Infoworld recently pointed out some interesting data on who really contributes to open source. Wikipedia, the most well-known open-source project, defines open-source software as software whose source code is published and made available to the public, enabling anyone to copy, modify and redistribute the source code without paying royalties or fees. Open-source code can evolve through community cooperation. These communities include individual programmers as well as large companies.

Open sourceAdobe developer Fil Maj used the GitHub REST API to pull public profile information from GitHub users. The REST API is a low-bandwidth protocol used on the internet that allows two software programs to communicate with each other. Using the API, Mr. Maj collected the company field from all 2,060,011 GitHub user profiles who were active in 2017 (“active” meaning ten or more commits to public projects). Using that data, Mr. Maj was able to pull the total number of corporate contributors to GitHub, with results that might surprise you.

Here are the ranking of GitHub contributors, with their total number of employees actively contributing to open source projects on GitHub:

RankCompanyEmployees Contributing
1Microsoft4,550
2Google2,267
3Red Hat2,027
4IBM1,813
5Intel1,314
6Amazon.com881
7SAP747
8ThoughtWorks739
9Alibaba694
10GitHub676
11Facebook619
12Tencent605
13Pivotal591
14EPAM Systems585
15Baidu584
16Mozilla469
17Oracle455
18Unity Technologies414
19Uber388
20Yandex351
21Shopify345
22LinkedIn343
23Suse325
24ESRI324
25Apple292
26Salesforce.com291
27VMware271
28Adobe Systems270
29Andela259
30Cisco Systems233

The author points out, this is not a perfect measure, but it is a much richer, more accurate data set for figuring out total contributors for any company. Even with that caveat in mind, we end up with many more corporate open source contributors than previous data suggested.

Microsoft’s contributions to open source

Microsoft's contributions to open sourceThe new data shows Microsoft (MSFT) is the number 1 open source contributor. Redmond has twice the number of contributors compared to its next nearest competitor. Remember Steve Ballmer‘s developers! developers! developers! meltdown?  For those of us that were around when Mr. Ballmer, the Microsoft CEO called open source as a “cancer” and “anti-American,” this is a remarkable change of heart for MSFT.

Red Hat

Red Hat (RHT) Mr. Maj’s data puts the open source leader among the top contributors. Red Hat has dramatically fewer engineers on its payroll than Google (GOOG) or Microsoft. As such, it’s doubly impressive that Red Hat would place so highly. Pretty much every engineer in the company works on open-source projects.

Amazon

 

Amazon logoAmazon (AMZN) Often considered an open source ne’er-do-well, Amazon comes in at No. 6 in the rankings. AMZN has nearly 900 open source contributors on staff. The article points out that Amazon has perhaps not publicly led the open source effort in the same way as Google and Microsoft have, but it remains a strong contributor to the projects that feed its developer community.

China is a net consumer of open source

Chinese companies like Baidu, Tencent, and Alibaba, which have long been perceived to be net consumers of open source, actually contribute quite a bit according to the new data.

Legacy firms

Legacy firms like Intel (INTC), Oracle (ORCL), Adobe (ADBE), and Cisco (CSCO) rank among the top 30 open source contributors reports InfoWorld.

rb-

Color me suspicious, but have these firms really embraced open source. Have they just adapted their business model to usurp elements of open source to lay their proprietary code on top of it? This saves them the bother of writing new code and yet they can charge proprietary costs for software where they have reduced their development costs.

Tom Brady hanging high fiveAfter all, numbers don’t lie. Stats say that in 2014, half of the companies said they use open source in their product. Just one year later, the number grew to 78%. Consequently, as long as open source continues to enjoy its place in the sun, we should expect the Microsoft-open source bromance to continue.

Related article

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , , , , ,
| November 29, 2017
Comments Off on DIY Ransomware

DIY Ransomware

DIY RansomwareSophos has recently uncovered a new trend of cyber DIY’ers who are breaking into computers one at a time and manually running ransomware on them. Apparently, these purveyors of bespoke malware are tired of the mass distribution channels employed by WannaCry and NotPetya.

cybercriminalWhy bother using stolen NSA exploits or sending millions of booby-trapped email attachments when you can do it yourself. For whatever reason, some cyber-criminals have decided that if you want something doing properly, you have to do it yourself.

The Naked Security blog points out that many companies, notably small businesses, outsource their IT to, or pay for lots of help from, outside contractors. These contractors might live in another part of town, or elsewhere in the country, or even on the other side of the world. To let remote sysadmins look after your Windows networks, the most widely used tool is Microsoft‘s (MSFT) own Remote Desktop Protocol or RDP for short.

Microsoft Remote Desktop ProtocolFor those who haven’t used it, the author describes RDP as a tool that allows remote use even of fully graphical applications that can’t be scripted or operated via a command prompt. They can work like being right on-site.  That means that the RDP password you’ve chosen for your remote sysadmin (or that you’ve let them choose for themselves) is essentially the key to your office – a weak password is like a server room door that’s propped open, inviting any passing snooper to take a look inside.

brute force attackSo, if the crooks using a network search engine such as Shodan, notice that you’ve got RDP open to the internet, they’ll take a poke around. Sophos security experts who’ve investigated a number of recent RDP attacks have often found evidence that a tool called NLBrute was used to try a whole range of RDP passwords – a so-called brute force attack – in the hope of sneaking in.

Once they’ve got your RDP password – whether they use NLBrute, or simply look you up on Facebook to find your birthday and your pet’s name – they’ll log on and immediately create various brand new administrative accounts. That way, even if you get rid of the crooks and change your own admin password, they’ve already got backup accounts they can use to sneak back in later.

Here’s what you can expect to happen next, based on what Sophos has seen in the attacks they have investigated:

Female hacker - teachprivacy.comStep 1: The crooks download and install low-level system tweaking software, such as the popular Process Hacker tool. Tools of this sort are regularly used by legitimate sysadmins for troubleshooting and emergency recovery. The bad guys can also use it for no good. They can modify the operating system, kill off processes, delete files, and change configuration settings that are usually locked down.

Step 2: The cybercriminals turn off or reconfigure anti-malware software, using the newly installed tweaking tools.

Step 3: The bad guys go after the passwords of administrator accounts. If they can’t get an admin password, they may try logging in as a regular user and running hacking tools that try to exploit unpatched vulnerabilities to get what’s called EoP, or elevation of privilege.

EoP means that already logged-on users can sneakily promote themselves to more powerful accounts to boost their powers. Sophos has seen EoP tools left on attacked systems that tried to abuse vulnerabilities dubbed CVE-2017-0213 patched by Microsoft in May 2017 and CVE-2016-0099, patched by Microsoft back in March 2016.

database servers

Step 4: The crooks turn off database services (e.g. SQL) so that vital database files can be attacked by malware. Files such as SQL databases are usually locked while the database server software is active, as a precaution against corruption that could be caused by concurrent access by another program. The side-effect of this is that malware can’t get direct access to database files either, and therefore can’t scramble them to hold them to ransom.

Step 5: The crooks turn off Volume Shadow Copy (the Windows live backup service) and delete any existing backup files.  Shadow copies act as real-time, online backups that can make recovery from ransomware a quick and easy process. That’s why crooks often go looking for shadow copies first to remove them.

Step 6: The crooks upload and run ransomware of their choice. Because these DIY criminals have used their illegitimate sysadmin powers to rig the system to be as insecure as they can, they can often use older versions of ransomware, perhaps even variants that other crooks have given up on and that are now floating around the internet “for free”.

These bespoke hacks mean the crooks don’t have to worry about using the latest and greatest malware, or setting up a command-and-control server, or running a hit-and-hope spam campaign.

In one attack, Sophos saw a folder on the desktop containing four different types of ransomware. The crooks ran each in turn until one of them worked.

Many ransomware attacks are distributed indiscriminately, and therefore rely on a “pay page” – a Dark Web server set up specially to tell victims how much to pay, and how to pay it.

But the author notes these RDP crooks are already personally involved to the extent of logging into your network themselves, so there’s often what you might call a “personal touch”.

Pay ransomware in bitcoinRather than automatically squeezing you via a website, the blog says you’ll probably see a pop-up telling you to make contact via email to “negotiate” the release of your data. At the time of writing the Bitcoin address used by that attacker contained BTC 9.62, with 1 bitcoin valued at $11,388.33 (11-28-2017) currently worth almost $110,000.

The Sophos investigators found that the victims of this kind of attack are almost always small-to-medium companies: the largest business in our investigation had 120 staff, but most had 30 or fewer. With small-scale comes a dependence on external IT suppliers or “jack-of-all-trades” IT generalists trying to manage cybersecurity along with many other responsibilities.

In one case a victim was attacked repeatedly, because of a weak password used by a third-party application that demanded 24-hour administrator access for its support staff.

Sophos recommends these steps to cut your risk of becoming a victim of DIY Ransomware:

  1. If you don’t need RDP, make sure it’s turned off on every computer on the network: RDP can be used to connect to servers, desktops, and laptops.
  2. Consider using a Virtual Private Network (VPN) for connections from outside your network. A VPN requires outsiders to authenticate with the firewall first and to connect from there to internal services. This means software such as RDP never needs to be exposed directly to the internet.
  3. Use two-factor authentication (2FA) wherever you can. To log on with 2FA you need a one-time logon code every time. If crooks steal or guess your password, it’s no use on its own.
  4. Patch early, patch often. This prevents crooks from exploiting vulnerabilities against your network reducing your exposure to danger.
  5. After an attack, check to see what the crooks have changed. Don’t just remove the malware or apply the missed patches and be done with it. Especially check for added applications, altered security settings, and newly created user accounts.
  6. Set a lockout policy to limit password guessing attacks. With three guesses at a time followed by a five-minute lockout, a crook can only try out 12 × 3 = 36 passwords an hour, which makes a brute force attack impractical.
  7. If you’re using a third-party IT company and they haven’t already suggested the precautions Sophos listed above, why not ask them why, and ask yourself if they’re the right people to be looking after your network?

Related article

  • Hackers have cashed out on $143,000 of bitcoin from the massive WannaCry ransomware attack (CNBC)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
« Older Entries   Recent Entries »