Category Archives: Blog

Posted on Author Atlantic Computer Services Categories Blog

RDP Brute Force Attacks Blocked By Windows 11

A small but important feature was recently incorporated by the Windows 11 design team.  A new Account Lockout Policy enabled by default has been added.  This policy automatically locks user accounts (including Admin accounts) after ten failed sign-in attempts.

The account remains in a locked state for ten minutes, requiring users to wait that amount of time before they can try again.

The addition was made in a bid to prevent or at least minimize the risk of brute force attacks being made against systems. This is used in instances where different passwords are tried in rapid succession until an attacker gets a hit and is given some level of access on a target system.

It’s an excellent change because many human operated ransomware attacks rely on simple, brute force methods. Statistics gathered on the subject by the FBI indicate that between 70 to 80 percent of network breaches are because of brute force attacks.

The above describes the default settings, but Admins will have a great degree of flexibility in terms of deciding the exact policy.  The number of unsuccessful attempts before lockout can be varied. The lockout duration can be varied. The option to disable Admin accounts can be toggled on or off. Of course, the entire policy can be disabled if an Admin so desires.

Interestingly, Windows 10 has a similar lockout policy but it is not enabled by default, which is the important change here.

We regard this as another of those small but important changes that the Windows 11 team is making designed to make the new OS better, safer, and more secure than anything that Microsoft has released previously.

Kudos to the Microsoft engineers who are working tirelessly to ensure Windows 11 is a smashing success.  If the preview we’ve gotten to this point is any indication, it certainly will be!

0
Posted on Author Atlantic Computer Services Categories Blog

New Android Malware Disables WiFi To Attempt Toll Fraud

There’s a new threat to be aware of if you own an android device.  Microsoft recently warned that their researchers had spotted a new toll fraud malware strain wreaking havoc in the Android ecosystem.

Toll fraud is a form of billing fraud. It is a scheme whereby bad actors attempt to trick unsuspecting victims into either calling or sending an SMS to a premium number.

In this case, however, the scheme doesn’t work over WiFi so it forces the device the user is on to connect to the mobile operator’s network.

What typically happens in a non-scam situation is that if a user wants to subscribe to paid content, they need to use WAP (Wireless Application Protocol) and they need to switch from WiFi to the mobile operator’s network.

Most of the time, the network operator will send a one-time password for the customer to confirm their choice.

The threat actors running this scam don’t do that.  The toll fraud malware makes the switch automatically and without informing the user.  In fact, it actively suppresses warnings that might alert the user to what’s going on.  The result is that the user winds up with a hefty bill for a service they didn’t even know they were signing up for.

This is accomplished via JavaScipt injection which is hardly new. Although in this case, it’s being implemented in a novel fashion and is designed to keep the whole operation as discreet as possible.

The following items happen completely under the radar:

  • Disabling the WiFi connection
  • Navigation to the subscription page and auto clicking the subscription button
  • Intercepting the one-time password in cases where one is used
  • Send the OTP code to the service provider as necessary
  • And cancelling SMS notifications

This is a tricky one to defend against, so be sure your employees are aware and on the lookout for mysterious charges on their accounts.

0
Posted on Author Atlantic Computer Services Categories Blog

DuckDuckGo Browser Blocks Microsoft Trackers

If you haven’t heard of DuckDuckGo, it’s a tiny browser that only gets a fraction of the traffic that Google does. If we’re being honest, it gets only a fraction of the web traffic that Bing does.  The search engine does have some pluck though and bills itself as the engine of choice for those who value their privacy.

In fact, blocking trackers is DuckDuckGo’s main selling point. It is the overriding reason that those who use the tiny search engine don’t simply go somewhere else.

That’s why when Jack Edwards discovered that DuckDuckGo did not stop data flows to Microsoft’s Linkedin domains or their Bing advertising domains, the company received fierce backlash from their user base, who felt betrayed.

The reason that DuckDuckGo was in the habit of letting Microsoft trackers through lies in the fact that they’re in an advertising partnership with the much larger company. To block all their trackers would be to cut off their own revenue streams and the company makes a big chunk of its revenue via Microsoft Advertising.

The backlash against the discovery, posted and widely shared on Twitter, prompted CEO Gabriel Weinberg to issue a statement.

Weinberg’s statement reads:

“Recently, I’ve heard from a number of users and understand that we didn’t meet their expectations around one of our browser’s web tracking protections.  So today we are announcing more privacy and transparency around DuckjDuckGo’s web tracking protections.”

The new policy can be summed up as follows:  DuckDuckGo will now block most of Microsoft’s trackers for most of the time.  They are making exceptions for trackers used by Microsoft Advertising, because without that, the company would be down a vital revenue stream.

Significantly, this means that all third-party trackers affiliated with Microsoft are now blocked, and while it’s not a perfect solution, it should be enough to mollify the engine’s user base.

0
Posted on Author Atlantic Computer Services Categories Blog

WordPress Plugin Leaves Sites Vulnerable

Researchers at Defiant authored the popular Wordfence security solution for WordPress users and they have detected a massive campaign that has seen hackers actively scanning for websites employing the Kaswara Modern WPBakery Page Builder plugin.

The plugin was recently abandoned by the creative team behind it before receiving a patch for a critical security flaw.

The flaw, tracked as CVE-2021-24284 would allow an attacker to inject a malicious Javascript into any site using any version of the plugin, which would allow the uploading and deletion of files that could easily lead to a complete takeover of the site targeted.

What makes this campaign so impressive is the fact that the hackers have scanned more than a million and a half sites so far, searching for vulnerable targets.  Fortunately, only a tiny percentage of sites scanned have been running the vulnerable plugin.

Based on the data collected, the campaign appears to have started on July 4th of 2022, and is ongoing to this day.  The attacks originate from more than ten thousand unique IP addresses, indicating a large, organized group of attackers. The identity of the group behind the campaign is not known at this time.

The bottom line here is simple.  If you are running this plugin, we recommend stopping immediately and uninstalling it. Since it has been abandoned by its authors, there’s no fix coming and no matter how helpful it may have been to you, it’s just not worth the risk.

Even if some other group adopts the plugin later, there’s no telling how long it might take for that to happen. Even if it did, there’s no way to know how long it might take them to develop a patch for it.  For now then, your best bet is to treat this plugin as toxic and steer clear of it.

0
Posted on Author Atlantic Computer Services Categories Blog

Blog 3 – How small businesses can go big on cybersecurity

Good Fences Make for Secure Data

Investing in firewalls, anti-malware and data encryption software

Firewalls and anti-malware tools can help you by keeping unwanted actors out of your IT network. These tools work by restricting access to only pre authorized users and these are primarily defensive measures. Data encryption software, on the other hand, is more proactive and works to code your data and store it in a different form such that it makes sense to only those who are authorized to access it, using a decryption key. Proactive measures are your strongest approach to data protection.

Timely security patches and updates

Make sure you apply security patches and perform software updates on time. Usually software makers release product updates and security patches when they find vulnerabilities and security lapses in their software. Don’t ignore those alerts that a software upgrade is available. It may contain more than just a few new features. The timely application of these patches and updates ensures that the discovered vulnerability is not exploited by cybercriminals.

Seems like a lot of work? Not if you outsource it to a trusted MSP partner.

While cybersecurity is indispensable, trying to do it all in-house can be complicated and expensive. Signing a service agreement with a managed service provider (MSP) to manage your IT infrastructure is a great solution to this challenge. You can benefit from their expertise, knowledge and staff strength, without having to worry about getting it all done on time.

0
1 9 10 11 12 13 236