Just want to throw this out there and see what other people are doing to keep attacks at bay.
We are finding phishing and malware attacks are getting more and more sophisticated and it is getting harder to avoid them. We got hit by a crytowall 4 attack a while ago but fortunately have good backups. Even when we found out which machine it was, nothing showed up when you scanned it with all the virus and other scanners we could get our hands on. We just wiped the machine anyway.
We learned the other day about a new type of malware that is extremely dangerous. If it got onto one of the machines that does internet banking (not mentioning the bank name), the machine can be controlled from elsewhere. When the user logs on using their smart card and pin entry devices which are both plugged into the machine, the malware then puts up a screen saying "Authorising account" or some such message with a waiting logo and in the background the hacker is putting payments through on a hidden screen. The hacker then prompts the user (again) for their pin, which authorises the hidden payment(s). I didn't think they could get past not having the card and pin present.
We now have software to stop people plugging their own devices in:
https://www.endpointprotector.com/
and lots of web filters, but you still have the problem of people clicking on links in emails. We have started sending out emails with quiz type questions to try to educate people.
http://www.intronis.com/msp-resources/smb-phishing-quiz/
I got 8/9. I blame the lack of tea first thing this morning for the other one ;-)
Thanks,
You need government intervention if not regulation for that. Existing laws could be applied, right?
It's all about *INTENTION**!!
On Wed, Nov 16, 2016 at 8:28 PM, Peter Cushing pcushing@whisperingsmith.com wrote:
Just want to throw this out there and see what other people are doing to keep attacks at bay.
We are finding phishing and malware attacks are getting more and more sophisticated and it is getting harder to avoid them. We got hit by a
Yesterday I had a strange occurrence. When I was logged into my Win 10 Pro PC as a non-privileged domain account, I kept getting a notification that my local admin account was trying to logon remotely. and a dialog to logoff the domain account or cancel the remote access. So I ran MalwareBytes and it found and quarantined a few things and rebooted. Still kept getting the remote access request from my local admin account, but additional scans turned up nothing. If I tried to logon with my local admin account, it would automatically log off in about 20 seconds. Good thing I had another local admin account that I was able to go in and change the other local admin account password. Once I did that, no further dialogs about remote access. A deep scan with ESET AV still turned up nothing. Not sure who/what was trying to use the local admin account to gain access to my PC or where the request was coming from. Scary.
Fred
On Wed, Nov 16, 2016 at 5:28 AM, Peter Cushing <pcushing@whisperingsmith.com
wrote:
Just want to throw this out there and see what other people are doing to keep attacks at bay.
We are finding phishing and malware attacks are getting more and more sophisticated and it is getting harder to avoid them. We got hit by a crytowall 4 attack a while ago but fortunately have good backups. Even when we found out which machine it was, nothing showed up when you scanned it with all the virus and other scanners we could get our hands on. We just wiped the machine anyway.
We learned the other day about a new type of malware that is extremely dangerous. If it got onto one of the machines that does internet banking (not mentioning the bank name), the machine can be controlled from elsewhere. When the user logs on using their smart card and pin entry devices which are both plugged into the machine, the malware then puts up a screen saying "Authorising account" or some such message with a waiting logo and in the background the hacker is putting payments through on a hidden screen. The hacker then prompts the user (again) for their pin, which authorises the hidden payment(s). I didn't think they could get past not having the card and pin present.
We now have software to stop people plugging their own devices in:
https://www.endpointprotector.com/
and lots of web filters, but you still have the problem of people clicking on links in emails. We have started sending out emails with quiz type questions to try to educate people.
http://www.intronis.com/msp-resources/smb-phishing-quiz/
I got 8/9. I blame the lack of tea first thing this morning for the other one ;-)
Thanks,
-- Peter Cushing IT Department WHISPERING SMITH
This communication is intended for the person or organisation to whom it is addressed. The contents are confidential and may be protected in law. Unauthorised use, copying or disclosure of any of it may be unlawful. If you have received this message in error, please notify us immediately by telephone or email. www.whisperingsmith.com
Whispering Smith Ltd Head Office:61 Great Ducie Street, Manchester M3 1RR. Tel:0161 831 3700 Fax:0161 831 3715 London Office:17-19 Foley Street, London W1W 6DW Tel:0207 299 7960
[excessive quoting removed by server]
-
Fred Taylor -
Man-wai Chang -
Peter Cushing