LAN Systems eNewsletter - Vulnerability Updates

May/June 2014 eNewsletter

Vulnerability Updates on CryptoLocker, Heartbleed and Internet Explorer are the focus of this issue

CryptoLocker continues to be a threat with catastrophic consequences. Even if you use a Cloud service for data backup, please read the update for important information.

If you have any questions or want to discuss, please feel free to email or call.

We highly recommend our Full Service Backup Management Plan and I have included a coupon to get you started on the full package.

Thanks,

Mary

Update on CryptoLocker Attacks

CryptoLocker and its variations is one of the worst infections seen. It changes how we think about backup and protecting computer systems.

Since CryptoLocker attacks network attached drives even in the Cloud, we have to focus on a backup plan that provides a point-in-time restoration rather than a revision restoration. Additionally, even though the virus itself is easy to remove, we have to focus on early detection. Below are our additional safeguards that we suggest adding to your computer system.

Point-in-time restoration: Since this threat can encrypt any files that are shared even those in the Cloud or on a server, an offline backup is essential. Since most backups today are disk-to-disk, we suggest rotating disk backups between two or three devices. This means getting an additional NAS or USB drive to swap out at least twice a week. We already recommend a three-tiered backup approach - local data redundancy, data backup to media and offsite storage, but additional drives that serve as offline storage is essential for this particular threat. Our Cloud backup solution, Mozy Pro, is good protection as it creates daily images that are stored for 90 days

Early detection: Add MalwareBytes real-time protection to every computer on your network that receives email or connects to another computer. This will run in the background and report if the CryptoLocker virus has been downloaded by reporting the registry entry.

Prevention option: Removal of local administrator rights from all or selected users is a strong prevention option, but it does impact the way you work with your computer. For instance, if you remove local administrator rights the user will not be able to install programs or printers.

Without getting too technical, I want to let you know how to add to your protection for this very malicious threat. There have been many victims that have paid the ransom as they have no other option to recover their data. This threat is so serious that it cannot be ignored.

If you would like more information on protection options, please email me at mary@lansystems.com.

The IT Services People!

In This Issue

CryptoLocker Update

Hearlbleed Update

IE Vulnerability

Solutions and Services to help you grow your business

System and Network
Design & Installation
Microsoft, Linux and Unix
Servers and desktops
vCIO Strategy
Architecture review
System installation
Network security
Storage solutions
Virtualization

Service and Support
Support agreements
Onsite services
HelpDesk support
System maintenance
Emergency services

Data recovery

Managed Services
24/7 system monitoring
Real-time notification
Automatic updates
Quickly fix problems
Alarming for critical events
System health reports
Follow up action plan

Data Backup Plans
Online combined with local or offsite storage
Easy to manage
Restore individual files or entire system
Safe and affordable

Update on Heartbleed

On April 1, 2014, Google security notified the OpenSSL team of the bug later called Heartbleed. The choice of April Fools Day seems curious with Google's fondness for pranks, but the risk is real. OpenSSL is the open source project for Secure Sockets Layer (SSL) that establishes links between Web browsers and servers.

If you think this is esoteric, your are not alone. In fact, a majority of Internet users did not change their passwords despite the warnings.

Even with the vulnerability, it is complicated to exploit someone in the real world. If you are concerned, change your passwords and avoid unfamiliar domains.

Symantec has additional information and guidance here.

Update on Internet Explorer

The Internet Explorer vulnerability being called XPocalypse is being patched by Microsoft even for XP. The attack that appears to rely on having Adobe Flash Player installed exploits IE 9, 10 and 11, but Microsoft warns the underlying vulnerability is in all versions on IE.

Originally, Microsoft was not intending to patch XP but has included it in the update.

The update went live today, May 1, at 10 PDT. If you are like most people, you have automatic updates turned on, and you'll get this new update without having to do anything. If you haven't turned it on automatic updates yet, you should do so now. Click the "Check for Updates" button on the Windows Update portion of your Control Panel to get this going.

Read the Microsoft Blog post here.