S & J Technologies

Just a Click Away!  01/01/2018 -                   Denton, TX - The Year in review                Call Us at (214) 884-6398

Monday - Thursday : 9am - 7pm / Friday : 9am - 5pm / Saturday : 9am - Noon / Sunday : Closed

 

News & Events


01/01/18 Denton, TX - What's open and What's not - The year in review


             

Another year has come and gone while Denton keeps on changing. We’ve had to say goodbye to several of our favorite stores and restaurants, but we’re excited to see what the new faces in town have to offer in 2018. Take a look back at what we loved and lost this year (cue sad Sarah McLachlan music):

After 60 years, Weldon’s Saddle Shop and Western Wear rode off into the sunset in January. Owner Weldon Burgoon decided to retire and, after talking it over with his pastor, sold his 345 E. Hickory St. storefront to Applejacks Liquors, which opened in June.

While a lot of Texans maintain that Whataburger is superior, California expats and burger enthusiasts have been able to get their Double-Double fix ever since In-N-Out opened in February at Rayzor Ranch Town Center on University Drive.

Denton’s grocery store landscape morphed quite a bit this year. The 800,000-square-foot WinCo Distribution Center opened in February at Rayzor Ranch Town Center. The all-natural store Green Foods Nutrition also opened in February at 405 Fort Worth Drive, but shuttered its doors three months later. Micro-grocer Blue Bag Market opened downtown at 503 S. Locust St.in August, while discount store Aldi opened a second Denton location in September at 1317 Ector St.

But the real question is, will we ever get an HEB?

Argyle’s culinary options expanded with the addition of Kimzey's Coffee and Bumbershoot Barbecue at the intersection of U.S. Highway 377 and FM407 near Earl's 377 Pizza. Kimzey’s opened in March as West Oak Coffee Bar’s sister shop. Bumbershoot followed in April as a food truck-style park.

We're getting a huge entertainment center. Andy B's, from Missouri, announced plans for a 41,000-square-foot entertainment center at Rayzor Ranch Town Center, set to open next fall. Features will include bowling, laser tag and tons of games.

We’re also getting a huge furniture store. A 40,000-square-foot Rooms to Go will open at Rayzor Ranch Town Center in the spring. Features will include bed frames, couches and a nice credenza your aunt will find quite tasteful.

In movie theater news, Movie Tavern completed its renovations in March by adding more screens, reclining seats and a new menu. But there’s also a new kid coming to town. Construction has started on the Alamo Drafthouse Cinema at Rayzor Ranch Town Center. The theater is expected to open by fall 2018.

Denton has one less place to get its Cajun food fix. Dani Rae’s Gulf Coast Kitchen closed at the end of May after eight years of business. The expansion of Interstate 35E has made the building no longer operable. The restaurant’s owners tried to find another location but couldn't find anything in their price range.

The owners of The Candy Store at 110 W. Oak St. decided to retire in April and closed up shop. They sold their storefront to Denton Vape Parlor, which opened in July. Some of the barbers from The Bearded Lady are now permanently inside the space, although barbers still staff the truck behind East Side Denton.

Some homestyle staples decided to play musical chairs with their restaurant locations. Old West Cafe doubled its seating area when it moved to the former Black-eyed Pea off Interstate 35E near Lillian Miller Parkway in March. Cartwright's Cafe, a new concept from Cartwright's Ranch House, moved into Old West’s former location at 1020 Dallas Drive in August.

Downtown Denton has also found more space for folks to throw their own shindigs. For more intimate affairs, Venue on the Square opened in August above First People's Jewelers. The aptly named space holds about 40 guests and can be rented by the hour. For larger events or weddings, booking is open for the Monroe Pearson building on East Oak Street. The 21,000-square-foot space — once a grocery warehouse — will start hosting events in April.

After months of hype and speculation, Spiral Diner & Bakery opened its Denton location in September. The all-vegan restaurant took up some space in the mixed-use Railyard development at 608 E. Hickory St. The owners of The Bowllery, another popular spot for Denton vegans and vegetarians on Avenue C, announced its closure in December after they lost their lease.

Crossroads Bar is now Crossroads Cocktails and Karaoke, featuring a new name and larger space, at 1125 E. University Drive — the same strip center as the former Mable Peabody's Beauty Parlor & Chainsaw Repair, which closed in September to the chagrin of many in the LGBTQ community. Crossroads will continue to host drag shows on Sunday nights and regular karaoke nights.

A few more Asian food options are expanding to our neck of the woods. Rock N Roll Sushi opened in mid-November at 321 W. Hickory St. Rick Villarreal, former athletic director of the University of North Texas, franchised the business to bring it to Denton after seeing successful locations in Alabama and Mississippi. Hanabi Ramen & Izakaya, a Japanese restaurant with locations in Fort Worth and Carrollton, is expected to open soon just down the street from Rock N Roll at 501 W. Hickory St.

The Embassy Suites by Hilton Denton Convention Center opened the first week of December at Rayzor Ranch Town Center. The hotel and convention center has already booked about $3 million in business as far out as 2024.

TB Winds opened on the Square in November, saving Denton-area musicians from having to drive all over Dallas-Fort Worth for instrument repair and supplies. Owners Tony Barrette and Jen Guzman offer service to walk-in customers and by appointment on the second floor at 112 W. Oak St.

It seems like now might be a good time for Dunder Mifflin to expand its brick-and-mortar operations. Office supply store Staples closed its only Denton location on Colorado Boulevard back in September. Its competitor OfficeMax closed its Loop 288 location and consolidated to its sister location, Office Depot, at 2300 San Jacinto Plaza.

Finally, any business section led by our own Jenna Duncan would be remiss not to mention the rockiness of the Denton beer scene this year. Beer store, bar and music venue Lone Star Taps & Capsshuttered in July after owners said profits at the Denton location were steadily declining. Baron's Brewwerks, the only wine and beer making supply store in Denton, closed in September. Dennis Wood, the store's owner, posted online to say Denton wasn't ready to sustain that type of business, but thanked his loyal customers for coming by the shop.

We’d be lying if we said we didn’t shed a tear over the closure of Denton’s first brewery, Audacity Brew House, which shut down its taproom in November after three years in business. Owner Doug Smith said the brewery closed because of investor disagreements. But the beer Audacity developed with Texas Motor Speedway, No Limits Checkered Past Texas Ale, is owned by the Denton County speedway and there are plans to have it brewed elsewhere.

There’s a ray of hope on the hops-filled horizon, though. Denton County Brewing Co. opened in May at 200 E. McKinney St. The brewpub is serving up its own creations alongside a curated selection of other beers and wine — which can also be ordered to go.


12/14/17  F.C.C. Repeals Net Neutrality Rules

Ajit Pai, the F.C.C. chairman, said the rollback of the net neutrality rules would eventually help consumers because broadband providers like AT&T and Comcast could offer people a wider variety of service options.
Credit Tom Brenner/The New York Times

WASHINGTON — The Federal Communications Commission voted on Thursday to dismantle landmark rules regulating the businesses that connect consumers to the internet, granting broadband companies the power to potentially reshape Americans’ online experiences.

The agency scrapped the so-called net neutrality regulations that prohibited broadband providers from blocking websites or charging for higher-quality service or certain content. The federal government will also no longer regulate high-speed internet delivery as if it were a utility, like phone service.

The action reversed the agency’s 2015 decision, during the Obama administration, to better protect Americans as they have migrated to the internet for most communications. It will take a couple of weeks for the changes go into effect, but groups opposed to the action have already announced plans to sue the agency to restore the net neutrality regulations. Those suits could take many months to be resolved.

Ajit Pai, the chairman of the commission, said the rollback of the rules would eventually help consumers because broadband providers like AT&T and Comcast could offer people a wider variety of service options. Mr. Pai was joined in the 3-to-2 vote by his two fellow Republican commissioners.

“We are helping consumers and promoting competition,” Mr. Pai said in a speech before the vote. “Broadband providers will have more incentive to build networks, especially to underserved areas.”

The discarding of net neutrality regulations is the most significant and controversial action by the F.C.C. under Mr. Pai. In his first 11 months as chairman, he has lifted media ownership limits, eased caps on how much broadband providers can charge business customers and cut back on a low-income broadband program that was slated to be expanded to nationwide carriers.

His plan for the net neutrality rules, first outlined early this year, set off a flurry of opposition. Critics of the changes say that consumers may have more difficulty finding content online and that start-ups will have to pay to reach consumers. In the past week, there have been hundreds of protests across the country, and many websites have encouraged users to speak up against the repeal. After the vote, numerous groups said they planned to file a lawsuit challenging the change.

The five commissioners were fiercely divided along party lines. In front of a room packed with reporters and television cameras from the major networks, the two Democratic commissioners warned of consumer harms to come from the changes.

The F.C.C. voted to dismantle rules that require internet providers to give consumers equal access to all content online. Here’s how net neutrality works.

 By AARON BYRD and NATALIA V. OSIPOVA on Publish DateNovember 21, 2017. Photo by Michael Bocchieri/Getty Images.Watch in Times Video »

Mignon Clyburn, one of the Democratic commissioners, presented two accordion folders full of letters in protest to the changes, and accused the three Republican commissioners of defying the wishes of millions of Americans.

“I dissent, because I am among the millions outraged,” said Ms. Clyburn. “Outraged, because the F.C.C. pulls its own teeth, abdicating responsibility to protect the nation’s broadband consumers.”

Brendan Carr, a Republican commissioner, said it was a “great day” and dismissed “apocalyptic” warnings.

“I’m proud to end this two-year experiment with heavy-handed regulation,” Mr. Carr said.

During Mr. Pai’s speech before the vote, security guards entered the meeting room at the F.C.C. headquarters and told everyone to evacuate. Commissioners were ushered out a back door. The hearing restarted a short time later.

Despite all the uproar, it is unclear how much will change for internet users. The rules were essentially a protective measure, largely meant to prevent telecom companies from favoring some sites over others. And major telecom companies have promised consumers that their experiences online would not change.

Mr. Pai and his Republican colleagues have echoed the comments of telecom companies, who have told regulators that they weren’t expanding and upgrading their networks as quickly as they wanted to since the creation of the rules in 2015.

“There is a lot of misinformation that this is the ‘end of the world as we know it’ for the internet,” Comcast’s senior executive vice president, David Cohen, wrote in a blog post this week. “Our internet service is not going to change.”

But with the F.C.C. making clear that it will no longer oversee the behavior of broadband providers, telecom experts say, the companies could feel freer to come up with new offerings, such as faster tiers of service for business partners such as HBO’s streaming service or Fox News.

Such prioritization could stifle certain political voices or give the telecom conglomerates with media assets an edge over rivals.

Consumer groups, start-ups and many small businesses say there are examples of net neutrality violations by companies, such as when AT&T blocked FaceTime on iPhones using its network.

These critics of Mr. Pai, who was nominated by President Trump, say there isn’t enough competition in the broadband market to trust that the companies will try to offer the best services for customers. The providers have the incentive to begin charging websites to reach consumers, a strong business model when there are few places for consumers to turn when they don’t like those practices.

“Let’s remember why we have these rules in the first place,” said Michael Beckerman, president of the Internet Association, a trade group that represents big tech firms such as Google and Facebook. “There is little competition in the broadband service market.”

Mr. Beckerman said his group was weighing legal action against the commission. Public interest groups including Public Knowledge and the National Hispanic Media Coalition said they planned to challenge Mr. Pai’s order in court. Eric T. Schneiderman, the New York attorney general, also said he would file a lawsuit.

Dozens of Democratic lawmakers, and some Republicans, have pushed for Congress to pass a law on the issue, if only to prevent it from flaring up every couple of years at the F.C.C. — and then leading to a court challenge.

One Republican commissioner, Mike O’Reilly, said he supported a federal law created by Congress for net neutrality. But he said any law should protect the ability of companies to charge for faster lanes, a practice known as “paid prioritization.”

Any legislation action appears to be far off, however, and numerous online companies warned that the changes approved on Thursday should be taken seriously.

“If we don’t have net neutrality protections that enforce tenets of fairness online, you give internet service providers the ability to choose winners and losers,” Steve Huffman, chief executive of Reddit, said in an interview. “This is not hyperbole.”

Netflix, which has been relatively quiet in recent weeks about its opposition to the change, said that the decision “is the beginning of a longer legal battle.”

 
Netflix US ?
@netflix
 
We’re disappointed in the decision to gut #NetNeutralityprotections that ushered in an unprecedented era of innovation, creativity & civic engagement. This is the beginning of a longer legal battle. Netflix stands w/ innovators, large & small, to oppose this misguided FCC order.


5/12/17

All you need to know about ransomware in 60 seconds


Everything you need to know about ransomware: how it started, why it's booming, how to protect against it, and what to do if your PC's infected.

What is a ransomware attack?


Ransomware is one of the biggest problems on the web right now. It's a form of malware which encrypts documents on a PC or even across a network. Victims can often only regain access to their files and PCs by paying a ransom to the criminals behind it. A ransomware infection often starts with someone clicking on what looks like an innocent attachment, and it can be a headache for companies of all sizes.


Cybercriminals didn't use to be so obvious. If hackers infiltrated your corporate network, they would do everything possible to avoid detection. It was in their best interests not to alert a victim that they'd fallen victim to cybercrime.

But now, if you are attacked with file-encrypting ransomware, criminals will brazenly announce they're holding your corporate data hostage until you pay a ransom in order to get it back. It might sound too simple, but it's working: cybercriminals pocketed over $1bn from ransomware attacks during 2016 alone.

What is the history of ransomware?

While ransomware exploded last year, increasing by an estimated 748 percent, it's not a new phenomenon; the first instance of what we now know as ransomware appeared in 1989.

Known as AIDS or the PC Cyborg Trojan, the virus was sent to victims -- mostly in the healthcare industry -- on a floppy disc. The ransomware counted the number of times the PC was booted: once it hit 90, it encrypted the machine and demanded the user 'renew their license' with 'PC Cyborg Corporation ' by sending $189 or $378 to a post office box in Panama.

The AIDS demand for payment - by post.

How did ransomware evolve?

This early ransomware was a relatively simple construct, using basic cryptography which mostly just changed the names of files, making it relatively easy to overcome.

But it set off a new branch of computer crime, which slowly but surely grew in reach -- and really took off in the internet age. Before they began using advanced cryptography to target corporate networks, hackers were targeting general internet users with basic ransomware.

One of the most successful variants was 'Police ransomware', which tried to extort victims by claiming to be law enforcement and locking the screen with a message warning the user they'd committed illegal online activity, which could get them sent to jail.

However, if the victim paid a fine, the 'police' would let the infringement slide and restore access to the computer. Of course, this wasn't anything to do with law enforcement -- this was criminals exploiting innocent people.

An example of 'Police ransomware' threatening a UK user.

While somewhat successful, these forms of ransomware often simply overlaid their 'warning' message on the user's display -- and rebooting the machine could get rid of the problem.

Criminals learned from this and now the majority of ransomware schemes use advanced cryptography to truly lock down an infected PC.

What are the main types of ransomware?

Ransomware is always evolving, with new variants continually appearing in the wild and posing new threats to businesses. However, there are certain types of ransomware which have been much more successful than others.

Perhaps the most notorious form of ransomware is Locky, which terrorised organisations across the globe throughout 2016. It infamously made headlines by infecting a Hollywood hospital. The hospital gave into the demands of cybercriminals and paid a $17,000 ransom to have its networks restored.

Locky remained successful because those behind it regularly update the code with changes which allow it to avoid detection. They even update it with new functions, including the ability to make ransom demands in 30 languages, helping criminals more easily target victims in around the world. Locky became so successful, it rose to become most prevelant forms of malware in its own right.

Cryptowall is another form of ransomware which has found great success for a prolonged period of time. Starting life as doppleganger of Cryptolocker, it's gone onto become one of the most successful types of ransomware.

Like Locky, Cryptowall has regularly been updated in order to ensure its continued success and even scrambles file names to make it harder for victims to know which file is which, putting additional pressure on the victim to pay.

While some ransomware developers -- like those behind Locky or Cryptowall -- closely guard their product, keeping it solely for their own use, others happily distribute ransomware to any wannabe hacker keen to cash in on cyber extortion - and it's proved to be a very successful method for wide distribution.

One of the most common forms of ransomware distributed in this way is Cerber, which has been known to infect hundreds of thousands of users in just a single month. The original creators of Cerber are selling it on the dark web, allowing other criminals to use the code in return for receiving 40 percent of each ransom paid.

Cerber has become so successful that after it has surpassed Locky - which appeared to mysteriously disappear over Christmas, although remerged in April with new attack techniques - to become the most dominant form of ransomware on the web - accounting for 90 percent of ransomware attacks on Windows as of mid-April 2017.

In exchange for giving up some of the profits for using Cerber, wannabe cyber fraudsters are provided with everything they need in order to successfully make money through extortion of victims.

Indeed, now some criminal groups offer this type of ransomware-as-a-service scheme to potential users at no cost at the point of entry. Instead of charging a fee for the ransomware code, they want a 50 percent cut.

How much will a ransomware attack cost you?

Obviously, the most immediate cost associated with becoming infected with ransomware -- if paid -- is the ransom demand, which can depend on the type of ransomware or the size of your organisation.

Recent research revealed that a quarter of companies which paid a ransom paid over £5,000 to retrieve their data, while a further quarter paid hackers between £3,000 and £5,000.

The most common ransom paid amongst small and medium-sized businesses was between £500 and £1500, proving that there's still easy money to be made from targeting organisations of this size.

There are also examples of high-profile targets paying five-figure fees in order to regain access to their networks, especially in cases where criminals threaten to delete data if they're not paid.

Ultimately, whatever the size of the company, time is money and the longer your network is down, the more it's going to cost your business.

Even if you regain access to your networks by paying a ransom, there will be additional costs on top of that. In order to avoid future attacks -- especially if you've been marked as an easy target -- be prepared to invest in additional cybersecurity software and to pay for additional staff training.

There's also the risk of customers losing trust in your business because of poor cybersecurity and taking their custom elsewhere.

Why should businesses worry about ransomware?

To put it simply: ransomware could ruin your business. Being locked out of your own network for even just a day will impact on your revenue. But given that ransomware takes most victims offline for at least a week, or sometimes months, the losses can be significant. Systems go offline for so long not just because ransomware locks the system, but because of all the effort required to clean up and restore the networks.

And it isn't just the immediate financial hit of ransomware which will damage a business; consumers become wary of giving their custom to organisations they believe to be insecure.

How does ransomware infect your PC?

It's the modern enterprise's reliance on the internet which is enabling ransomware to boom. Everyday, every employee receives hundreds of emails and many roles require these employees to download and open attachments, so it's something which is often done on autopilot. Taking advantage of employees' willingness to open attachments from unknown senders is allowing cybercriminals to successfully run ransomware campaigns.

Like other forms of malware, botnets send ransomware out en masse, with millions of malicious phishing emails sent every single second. Criminals use a variety of lures to encourage targets to open a ransomware email, ranging from offers of financial bonuses, fake online purchase receipts, job applications from prospective employees, and more.

A spam email claiming the target has purchased a flight - complete with fake invoice containing the ransomware.

While some messages give away clues to their malicious nature with poorly-worded messages or strange return addresses, others are specially tailored to look as convincing as possible, and appear no different from any other message the victim might be sent.

Once the malicious attachment has been opened, the user is encouraged to enable macros in order to view and edit the document. It's when this is enabled that the ransomware code hidden within the macros strikes. It can encrypt files in seconds, leaving the victim with a ransom note demanding a payment ranging from a few hundred dollars to tens of thousands of dollars in order to get them back.

Which organizations are targets for ransomware?

Any business can find itself a victim of ransomware, but perhaps the most high-profile incident occurred when the Hollywood Presbyterian Medical Center in Los Angeles became infected with Locky ransomware. The infection left doctors and nurses unable to access patient files for days, until the hospital opted to give into the ransom demands of hackers in order to restore services.

"The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key," Allen Stefanek, CEO of the hospital, said at the time.

Locky is one of the most successful forms of ransomware.

Hospitals and other healthcare organisations are popular targets for ransomware attacks, because they are often willing to pay. Losing access to data is a life-or-death matter for them -- and hospitals don't want to be held responsible for letting people die due to poor cybersecurity. However, there are even cybercriminals who think attacking hospitals is too despicable an activity.

But there are plenty of other sectors criminals will happily target, including educational institutions, such as the University of Calgary, which paid a ransom of $20,000 to hackers. Any large business is at threat and there's even the prospect of ransomware infecting industrial systems.

Why are small businesses targets for ransomware?

Small and medium -ized businesses are a popular target because they tend to have poorer cybersecurity than large organisations. Despite that, many SMEs falsely believe they're too small to be targeted -- but even a 'smaller' ransom of a few hundred dollars is still highly profitable for cybercriminals.

Why is ransomware so successful?

You could say there's one key reason why ransomware has boomed: because it works. Organisations can have the best antivirus software in the world, but all it takes for ransomware to infect the network is for one user to slip up and launch a malicious attachment.

If organisations weren't giving in to ransom demands, criminals would stop using ransomware. But businesses do need access to data in order to function so many are willing to pay a ransom and get it over and done with.

Meanwhile, for criminals it's a very easy way to make money. Why spend time and effort developing complex code or generating fake credit cards from stolen bank details if ransomware can result in instant payments of hundreds or even thousands of dollars from large swathes of infected victims at once?

There are even ransomware-as-a-service schemes available on the dark web which allow the most technically inept wannabe cybercriminals to start sending out ransomware -- in exchange for a percentage of their ill-gotten gains going directly into the pockets of the creators.

What does Bitcoin have to do with the rise of ransomware?

The rise of crypocurrencies like Bitcoin has made it easy for cybercriminals to secretly receive extorted payments, without the risk of the authorities being able to identify the perpetrators. The secure, untraceable method of making payments makes it the perfect currency for criminals who want their financial activities to remain hidden.

Cybercriminal gangs are becoming more professional -- some even offer customer service and help for victims who don't know how to acquire or send Bitcoin, because what's the point of making ransom demands if users don't know how to pay?

Globe3 ransom demand for 3 Bitcoin - including a 'how to ' guide for those who don't know how to buy it

How do you prevent a ransomware attack?

With email being by far the most popular attack vector for ransomware, you should provide employees with training on how to spot an incoming attack. Even picking up on little indicators like poor formatting or that an email purporting to be from 'Microsoft Security' is sent from a obscure address which doesn't even contain the word Microsoft within it might save your network from infection.

There's also something to be said for enabling employees to learn from making mistakes while within a safe environment. For example, one firm has developed an interactive video experience which allows its employees to make decisions on a series of events then find out the consequences of those at the end. This enables them to learn from their mistakes without suffering any of the actual consequences.

On a technical level, stopping employees from being able to enable macros is a big step towards ensuring that they can't unwittingly run a ransomware file. Microsoft Office 2016 -- and now Microsoft 2013 -- both carry features which allow macros to be disabled. At the very least, employers should invest in antivirus software and keep it up-to0date, so that it can warn users about potentially malicious files.

How do I get rid of ransomware?

The 'No More Ransom' initiative -- launched by Europol and the Dutch National Police in collaboration with a number of cybersecurity companies -- offers free decryption tools for ransomware variants to help victims retrieve their data without succumbing to the will of cyber extortionists.

The portal offers decryption tools for ransomware varients including Crypt XXX, MarsJoke, Teslacrypt, and Wildfire. It's updated as often as possible in an effort to ensure tools are available to fight the latest forms of ransomware.

The No More Ransom portal offers free ransomware decryption tools.

Another way of working around a ransomware infection is to ensure your organisation regularly backs up data offline. It might take some time to transfer the backup files onto a new machine, but if a computer is infected and you have backups, it's possible just to isolate that unit then get on with your business.

Should I pay a ransomware ransom?

There are those who say victims should just pay the ransom, citing it to be the quickest and easiest way to retrieve data -- and many organisations do pay.

But be warned: if word gets out that your organisation is an easy target for cybercriminals because it paid a ransom, you could find yourself in the crosshairs of other cybercriminals who are looking to take advantage of your weak security.

And remember that you're dealing with criminals here and their very nature means they may not keep their word. There are stories of victims paying ransoms and still not having files returned.

What's the future of ransomware?

Ransomware is continually evolving, with an increasing number of variants now engaging in additional activities such as stealing data or weakening infected computers in preparation for future attacks.

Researchers even warn that ransomware could soon hold whole operating systems hostage, to such an extent that the only two options available to the user would be to pay, or to lose access to the entire system.

And ransomware isn't just a problem for Windows PCs; Apple Macs are vulnerable to it too.

Can you get ransomware on your smartphone?

Absolutely. Ransomware attacks against Android devices have increased massively, as cybercriminals realise that many people aren't aware that smartphones can be attacked.

In fact, any internet-connected device is a potential target for ransomware, which has already been seen locking smart TVs.

Researchers demonstrate ransomware in an in-car infotainment system.

Ransomware and the Internet of things

Internet of things devices already have a poor reputation for security. As more and more of these make their way onto the market, they're going to provide billions of new attack vectors for cybercriminals, potentially allowing hackers to hold your connected home or connected car hostage.

There's even the potential that hackers could infect medical devices, putting lives directly at risk.

As ransomware continues to evolve, it's therefore crucial for your employees to understand the threat it poses, and for organisations to do everything possible to avoid infection, because ransomware can be crippling.


5/12/17

Phishing: Would you fall for one of these scam emails?
There's still plenty more phish in the sea, as workers can't stop clicking on scam emails. Would these ones trick you?

Phishing scams continue to be an effective method.

Staff are still falling for phishing scams, with social media friend requests and emails pretending to come from the HR department among the ones most likely to fool workers into handing over usernames and passwords.

Phishing scams aim to trick staff into handing over data -- normally usernames and passwords -- by posing as legitimate email. It's a technique used by the lowliest criminals as part of ransomware campaigns, right up to state-backed hackersbecause it continues to be such an effective method.

In a review of 100 simulated attack campaigns for 48 of its clients, accounting for almost a million individual users, security company MWR Infosecurity found that sending a bogus friend request was the best way to get someone to click on a link -- even when the email was being sent to a work email address.

Almost a quarter of users clicked the link to be taken through to a fake login screen, with more than half going on to provide a username and password, and four out of five then going on to download a file.

A spoof email claiming to be from the HR department referring to the appraisal system was also very effective: nearly one in five clicked the link, and three-quarters provided more credentials, with a similar percentage going on to download a file.

The effectiveness of a phishing campaign.

Workers are apparently slightly more cautious about emails that ask them to download an invoice; this one saw the lowest clicks and downloads of any of the lures the company tried. Only three percent of workers reported the simulated attacks.

Example of a phishing scam.

"The click rates can vary massively from five percent to 45 percent depending on the scenario and how it tempts the user to click," said Jason Kerner of MWR's phishd division. The company measures how likely it is for workers to fall for a phishing scam.

"You get the really spammy type plain-text emails asking for a money transfer -- they'll just delete or report it. Whereas if we do ones from the internal helpdesk of that company and it originates from a domain that looks very similar to their domain -- it could even have the company name just slightly misspelt -- people aren't picking up these warning signs," he said.

"A quick glance isn't enough," said Kerner. "You have to train them to go through the steps and double check it if it looks a bit suspicious; check the 'from' address -- is it pointing at a domain you normally go to for this kind of thing, especially if it's from another department?"

Other warning signs include elements of urgency in the email -- like a money transfer that has to be done immediately -- along with typos or mistakes in branding.

Another scam: Would you click through?

Some might argue that gaining access to a staff email account is of limited use, but the security company argues that this is a handy for an assault. A hacker could dump entire mailboxes, access file shares, run programs on the compromised user's device, and access multiple systems, warned MWR InfoSecurity. Even basic security controls, such as two-factor authentication or disabling file and SharePoint remote access, could reduce the risk.

The company also reported bad news about the passwords that users handed over: while over 60 percent of passwords were found to have a length of 8 to 10 characters -- the mandatory minimum for many organizations -- the company argued that this illustrates how users stick to minimum security requirements. A third of the passwords consisted of an upper-case first letter, a series of lower-case letters, and then numbers with no symbols.

It also found that 13.6 percent of passwords ended with four numbers in the range of 1940 to 2040. Of those, nearly half ended in 2016, which means one-in-twenty of all passwords end with the year in which they were created.

"This method of circumventing complexity requirements is a gift for attackers," the company warned.

To mitigate these risks the company said that organisations should:

  • Monitor the internet for dumped user credentials and new attacks.
  • Train employees to report malicious emails.
  • Build controls that assume compromised credentials.
  • Monitor externally accessible servers, such as a mail server of VPN, for unusual activity.


5/8/17

Microsoft's Windows warning: Hackers hijacked software updater with in-memory malware.  Advanced attackers are using a blend of in-memory malware, legitimate pen-testing tools and a compromised updater to attack banks and tech firms, warns Microsoft.

Microsoft is warning software vendors to protect their updater processes after discovering a "well-planned, finely orchestrated" attack that hijacked an unnamed editing tool's software supply chain.

As Microsoft's threat response group explains, the attackers used the update mechanism of a popular but unnamed piece of editing software to gain a foothold in several high-profile technology and financial organizations. The software vendor itself was also under attack, it says.

The espionage campaign, dubbed WilySupply by Microsoft, is likely to be financially motivated and target updaters to reach mostly finance and payment-industry firms.

In this case, they used the updater to deliver an "unsigned, low-prevalence executable" before scanning the victim's network and establishing remote access.

Attacking the update process of trusted software is a nifty side door for attackers, since users rely on the mechanism to receive valid updates and patches.

Microsoft notes the same technique has been used in a number of attacks, such as a 2013 breach of several South Korean organizations via a malicious version of an installer from storage service SimDisk.

Attackers have the added benefit of access to free open-source pen-testing tools like Evil Grade, which helps exploit faulty update implementations to inject bogus software updates. As Microsoft notes, WilySupply did just this, shielding the attackers from attribution through unique tactics and tools.

The other pen-testing tool the attackers used was Meterpreter, the in-memory component of the Metaplsoit framework.


"The downloaded executable turned out to be a malicious binary that launched PowerShell scripts bundled with the Meterpreter reverse shell, which granted the remote attacker silent control. The binary is detected by Microsoft as Rivit," Microsoft notes.

Despite the reliance on commodity tools, Microsoft notes a few traits typical of advanced attackers, including the use of self-destructing initial binary, and a memory-only or fileless payload to evade antivirus detection.

Security firm Kaspersky in February reported a rise of in-memory malware attacks on banks across the globe, with attackers using Meterpreter and standard Windows utilities to carry out the attacks. As the company noted, the URL responsible for downloading Meterpreter was "adobeupdates.sytes[.]net".

Microsoft traced the source of infections at customer sites to the compromised updater with Windows Defender Advanced Threat Protection (ATP) console, its Windows 10 security feature for containing and investigating malware outbreaks.

"By utilizing the timeline and process-tree views in the Windows Defender ATP console, we were able to identify the process responsible for the malicious activities and pinpoint exactly when they occurred. We traced these activities to an updater for the editing tool," says Microsoft.

"Forensic examination of the Temp folder on the affected machine pointed us to a legitimate third-party updater running as service. The updater downloaded an unsigned, low-prevalence executable right before malicious activity was observed."



5/1/17

Fast FAQ: ?Does Windows 10?
When you're searching for answers, Google's autosuggest feature lets you know what other people are looking for when conducting similar queries. In this, the first of a new series, we provide some answers to the most popular queries, as suggested by Google.

DOES WINDOWS 10 NEED ANTIVIRUS SOFTWARE?

There's no easy yes-or-no answer to this controversial question.

Every copy of Windows 10 includes Windows Defender Antivirus (the successor to Microsoft Security Essentials), which includes all the features normally associated with third-party antivirus software. It downloads new signatures several times a day and also has a cloud-based component.

That built-in software is turned on automatically with a new installation of Windows, and Windows also turns it on if you have third-party antivirus software installed that reports it is out of date (if you fail to renew a subscription, for example).

Windows 10: The smart person's guide [TechRepublic]

We won't pass judgment on whether Windows Defender is better or worse than third-party alternatives. But if you prefer a third-party program, feel free to install it. Windows Defender slides gracefully out of the way when it detects a third-party program.

DOES WINDOWS 10 COME WITH OFFICE?

The combination of Windows and Office is so popular that it's not surprising some people wonder whether they aren't included as a single package.

But a standard installation of Windows 10, whether it's from a retail copy of the software or on a new PC, does not include any version of Microsoft Office. If you want Office on a Windows 10 PC, you'll have to pay for it.

Windows 10 does include a Get Office app, which lets you sign up for a trial of Office 365. The free OneNote app (a member of the Office family) is also included as part of a standard Windows 10 installation, and the lightweight "modern" versions of Word, Excel, and PowerPoint are also available free through the Windows Store.

DOES WINDOWS 10 HAVE BLUETOOTH SUPPORT?

If your PC, tablet, or mobile device has Bluetooth hardware, Windows 10 supports it. Of course, that doesn't mean you can automatically count on that hardware being there.

Under Microsoft's certification requirements for Windows 10, Bluetooth hardware is listed as Optional for desktop and laptop PCs. If Bluetooth is present on a newly designed device, however, the minimum hardware requirements include compliance with the Bluetooth 4.0 specification and support for the Bluetooth Low Energy protocol.

Given the prevalence of Bluetooth keyboards, mice, and audio hardware, you're very likely to find a Bluetooth radio on a newer PC. On older systems without Bluetooth hardware, you can add support with an inexpensive USB dongle.

To check the status of Bluetooth support in Windows 10, go to Settings > Devices and look for the Bluetooth (or Bluetooth & Other Devices) category.

DOES WINDOWS 10 INCLUDE MOVIE MAKER OR ANOTHER VIDEO EDITOR?

If you remember early versions of Movie Maker, consider yourself a genuine Windows greybeard. After its debut in Windows Me (yes, really), Movie Maker continued to improve steadily and eventually became a part of the Windows Essentials package.

This lightweight video editing program developed a loyal cult following, but after a 2012 update development stopped, and the product was officially discontinued and pulled from Microsoft's download pages in January 2017.

Ironically, the Windows 10 Creators Update (version 1703) doesn't include any video editing software. For those tasks, you'll have to find a third-party app.

DOES WINDOWS 10 AUTOMATICALLY UPDATE?

Yes, Windows 10 automatically updates. In fact, the automatic updates are a core feature of the "Windows as a service" model, and many Windows Update features you might have grown accustomed to with Windows 7, such as the option to download updates and then choose which ones to install, are no longer available.

If you have Windows 10 Pro or Enterprise, you can use Group Policy settings to defer updates temporarily, by up to 30 days for quality updates and up to 365 days for feature updates. But once those deferral periods expire, the updates are mandatory.