Without a easy to use password management solution in place, it’s almost inevitable at least 1 of the following will occur:
– You will use weak passwords
– Passwords will be reused
– Passwords will not be cycled out on a regular basis

One clever and simple product is QWERTY CARD, priced at ~$7aud each it allows virtually anyone to make a secure unique password for any service.

For example to generate passwords for Facebook and Youtube, I would use the card shown below to generate

Space Bar Code + AIRGAP + Site Name
Facebook: sh(/J3Hq.Q2s.o”.mA*qq1
Youtube: sh(/J3Hq.Q2s.o<q9&9*A

As no two cards are unique, the ability to choose your own secret passphrase, and the trailing ‘site name’ unique for each password makes this a very secure solution. Even if the card was compromised, without the personal secret, the password is still secure, and can be rotated on a regular basis by changing the secret.

What are your thoughts on the QWERTY card? Do you have a different solution in place?

The post Generating secure password’s with QWERTY Cards first appeared on Air-Gap.

Ransomware is quickly becoming one of the largest threats to organisations of all shapes and sizes, and the stuff of nightmares for both IT professionals and business owners.

McAfee reports that ransomware attacks have doubled in 2019 and the reality is it’s a threat you’ve likely already experienced before or will in in the future in some form or another. If you’ve experienced ransomware before, the first thoughts are often denial, shock, helplessness, followed by anger. By the time you find out your network is infected by ransomware, it’s probably too late to stop it and you’ve been presented with a “pay up, or lose it” screen.

Before continuing, if your experiencing an active ransomware attack make sure you have completed the following steps:

1. Isolate the network to stop the attack spreading. Shutdown network switches, routers and modems
2. Call your IT Provider and executive manager, you may need to start your disaster plans.
3. Check your backups are intact, if they are secure the servers and start copying them onto an offline storage device (ie USB hard disk)
4. Start anti-virus scans, file search to identify how far the infection has spread
5. Identify ‘patient zero’ (source of the infection) and how it entered the system, ie clicking on an infected email

If you successfully caught the infection in time, cleaned up the infection with your anti-virus and restored lost files from backups, well done.
If your not so lucky your in for a rough ride.

One of the first objectives ransomware attacks when targeting your network is destroying your backups and restore points saved on both the local computer, and saved on network shares/devices.
If you’ve signed on and found everything gone, I’ll save you the ‘pep talk’ and leave it at your not the first and certainly won’t be the last.

Moving forward with no backups you have only 3 options;

1. Kiss your data goodbye and start wiping disks
2. Attempt to decrypt your data
3. Pay the ransom

The official rule is “never pay a ransom”, the funds will most likely be used to fund crime or terrorism and you have no guarantee the data will actually be decrypted. This is all high and mighty, but not when it’s your irreplaceable data!

How to proceed; (This is general advice)

1. Identify the type of type of ransomware that has infected your network.
   
   You might be able to restore the files for free.
   Some variants may have weaknesses that can be exploited to unlock the files and their may be notes from other unlucky individuals that have been successful/unsuccessful at recovering their files by paying the ransom.
   
   Online Ransomware Detection Tools:
   https://www.nomoreransom.org/en/index.html
   https://id-ransomware.malwarehunterteam.com
   
   
2. Determine what files are missing and calculate the value/disruption of business for each file in dollars.
   If the files are only low value reference material that can be recreated or re-downloaded you might be able to write it off. On the other hand it’s irreplaceable or costly to reproduce you might want to consider paying the ransom
   
   
3. Call a local ‘Ransomware Recovery specialist’.  Once you know the type of ransomware, damage and have determined you need recovery you are best off contacting a specialist for assistance. They may be able to recover lost files without resorting to paying the ransomware or assist you through recovery process.
   
   
4. Consult with business owners, legal team and insurers on the legalities on paying the ransom. This is a very high risk transaction and may be against company policy or local laws to complete. Your insurer may refuse to reimburse you or might be able to provide additional resources.
   
   
5. Try to establish a dialogue with the attacker. Many attackers will decrypt a file as proof that they have the decryption key.
   If possible try to decrypt a single file for a smaller amount before paying the full amount.
   Paying an attacker does not guarantee the files will be decrypted, you are gambling and the odds are quiet literally 50/50.
   
   
6. Calculate and obtain the required bitcoin. Take note of the currency they expect it in. ie $5000usd of bitcoin.
   When transferring the money take extreme care that the transaction address is 100% correct, it’s impossible to reverse an incorrect transaction.
   
7. Wait. Automated schemes may send you the decrypt tool instantly, other days, weeks, months or not at all.
   
   

Don’t trust the attacker not to re-infect your network. Take lessons learned from the attack immediately to secure your network. ie Implement mail scanning, reducing access permissions, re-evaluating AV vendor, improving backup

Do you need help securing your network or recovering from a malware event?
Give us a call on 1300 733 240 or by sending us a message.

The post Ransomware: Should you pay? first appeared on Air-Gap.

When most organisations think of keeping their infrastructure updated, their response is usually keeping the operating systems of their desktops and servers current, as-well as updating their firewalls firmware on an occasional basis. Very frequently these 7 network devices slip through the gaps creating potential security vulnerabilities.

Network Printers
Every organisation has them and quite often they are the nemesis of the IT department who are just happy to keep them working! As these printers become more complex and perform more tasks such as directly saving scanned documents into computers, the need to keep them updated is vital. Recently HP was forced to patch its OfficeJet range of printers after it was discovered a maliciously crafted fax sent to the printer could allow an attacker to completely take control of it.

Cameras
This is a device that slips the minds of most administrators and can pose a critical threat depending on how its configured, particularly if they are directly exposed to the internet. Threats can range from an intruder viewing the camera stream live without a password to being completely controlled by a hacker and used to gain access to the internal network.

IP Phones
They sit on our desk often without any thought of exactly how they work. No longer are they straightforward devices that only activate when picked up, but rather full fledged computers with always on microphones and now even cameras. In 2015 it was reported that Cisco Small Business IP Phones had a bug where remote attackers could eavesdropped in on which reinforces the need for organisations to have a proactive approach to security.

Wireless Access Points
Due to the nature of broadcasting access to your organisation, its critical. From time to time Wireless Access Points receive patch’s to improve performance and patch security issues such as KRACK which was discovered in late 2017 compromising WPA2.

Network Switches
Like with Wireless Access Points, managed network switches are at the heart of the network and often the first piece of infrastructure a device will communicate with. Due to their ability to run unhindered for years and inconvenience in updating rarely are the kept upto date. Despite their reliability they do have flaws, such as was discovered in early 2018 when automated bots searched the internet looking for vulnerable Cisco switch’s and deleted their configurations.

Motherboard BIOS
While most organisations do a good job keeping operating systems and software upto date, rarely is the BIOS which controls the underlying hardware ever update on desktops, laptops and servers. Very few machines will notify the administrator a update is available unless the motherboard vendors software is installed. Many manufacturers have released updates to patch against the recently identified Meltdown and Spectre CPU vulnerabilities affecting most Intel machines all the way back to 1995!

Emerging IoT Devices
As time goes on, the importance and difficulty of ensuring infrastructure up-to date will become more complex due to the Internet of Things turning unconventional devices into full fledged computers. One of such is the growing uptake of ‘Smart’ products including TV’s, lightbulbs, doorbells and automation products which are network enabled.

Keeping track of all the devices in your organisation needing to be updated can be challenging. Our suggestion at the minimum is that if your device has a network IP-address it should be documented in ideally an asset register and checked at-least once a year. If you register the device with the manufacture when you purchase it, you may receive notification if an update is ever available.

Does your business need assistance or advice keeping everything ticking away?
Give us a call on 1300 733 240 or send us a message to see how we can help

Have you come across any unusual products requiring an update, let us know in the comment below.

The post 7 devices your probably forgetting to update first appeared on Air-Gap.