Published February 05, 2021
Many recent news reports have come out regarding a massive hack of the Solarwinds Orion IT asset management system. This compromise is unprecedented in scale and reach, and the fallout from it will reverberate throughout the IT industry for years.
Solarwinds Orion is one of many IT asset management systems (New River Computing uses one called Connectwise Automate). This software is great for managing a large number of IT systems, with the ability to provide security updates, monitoring, and many other functions from a single console, with the click of a mouse. These abilities make it an ideal target for a malicious actor – By owning a software system such as this, the bad actor in turn owns every company or agency that uses the software.
Solarwinds Orion was hacked from the inside, most likely because of poor security practices at the Solarwinds company. Once the hackers had the ability to change the Orion software, they added backdoor code to it that was then distributed to Orion customers, allowing the bad actors access to every network that uses this management tool.
Starting in March, as many as 18,000 companies and government agencies downloaded the malicious software – 425 of the Fortune 500 companies, 10 top US telecoms, the Pentagon, Departments of State and Treasury, and many others. This malicious backdoor software remained undetected for months, allowing the bad actors access to the infected network resources, data, and almost anything on a network that you can imagine. The backdoor code is so stealthy that many organizations may not ever know that they were compromised.
The attack was almost certainly perpetrated by a government – Russia, China, and the US all have the capabilities to achieve an attack like this, as well as many other state actors. This attack will have long lasting impacts, taking years to clean up, and changing IT management behavior.
Luckily, New River Computing did not use any Solarwinds software, and so we and our clients were not affected by this attack. Early in 2020, however, New River Computing looked around and realized that security was the top priority for our internal resources. The IT industry as a whole has spent the last few years improving efficiency of and driving down costs for rigorous asset management. But Security has been lagging behind, as evidenced by this attack. New River Computing will be spending 2021 and beyond improving access to top-notch security tools and techniques.
Please feel free to reach out if you have any questions.
Published April 11, 2016
Have you ever been tempted to try to acquire expensive software without paying for it? It turns out that &quto;free" software can be more expensive than one might think!
Take Photoshop for example: Subscribers can sign up and start using Photoshop for as little as $10, a far cry from the high upfront cost that it used to be, in the range of $600+. Adobe’s move to this subscription model makes it easy for aspiring artists or even amateur photographers to use the professional software at a reasonable cost.
Don’t want to pay? Cracked versions of Photoshop are illegal, and trying to obtain them can lead to more than just legal trouble. A Google search for "Photoshop crack," "Photoshop key," or similar keywords can yield a wide array of results. It’s possible that some of these results will actually lead to a download of Photoshop. However, many of them can lead to pages full of malware, viruses, or worse.
When searching for a "free" version of copyright protected information or product, there is a high probability of coming across websites that are less than trustworthy. Often times, these sites have malicious advertisements or pop-ups that are created to harm the computer and the entire network that is connected to it.
New River Computing has seen quite a few “ransomware” infections in recent weeks as a result of Flash ads from searches, malicious email links, and more. Here’s an example of what can go wrong:
We received a call about some files not being accessible. Our engineers connected to the server and immediately noticed the issue—all of the client’s files had been encrypted by a malicious virus. Our team jumped into action right away and disabled access to the server to stop the encryption process. The next step was to identify the infected computer. After a bit of digging, the computer was identified and steps were taken to determine how it became infected. By stepping through the web browser’s search history, several sites associated with free software were identified. Many of these sites contained pop-ups and Flash-based ads. It was eventually determined that the infection came from a compromised Flash ad stream.
Here’s how the virus works:
After all is said and done, several engineers worked simultaneously in order to regain control and scrub the network, adding up to about 11 hours, with the cleanup cost totaling around $1500. Comparing the costs of a virus remediation vs the costs of paying for Adobe Photoshop: For the same price as the infection cleanups, the user could have had the full Photoshop subscription for 30 months (2 ½ Years) or just the photography suite for 150 months (or 12 ½ years.).
We should note that we were able to restore all files that had been encrypted, because there was a complete and current backup.
As Robert H. Heinlein once said, "TANSTAAFL!" (There ain’t no such thing as a free lunch.)
Published February 16, 2016
Click on the image below to view Microsoft’s infographic of The Risky Business of Outdated Technology!
We can help - contact us for a free network review.
Published April 25, 2014
Peer-to-Peer or P2P is a method of sharing of files between two or more computers on the Internet. Users share files via P2P by using peer-to-peer applications such as Gnutella, KaZaA, iMesh, LimeWire, Morpheus, SwapNut, WinMX, AudioGalaxy, Blubster, eDonkey, BearShare etc., and list goes on and on.
The P2P application takes a piece of allotted data or sometimes whole directories from your hard drive and allows other users to freely download this content, and vice versa. P2P programs are most often used to share music and videos over the Internet. Although sharing, by passing around a CD or DVD is not illegal; sharing by creating multiple copies of a copyrighted work IS illegal. Some P2P programs will share everything on your computer with anyone by default. Much of the P2P activity is automatic and its use is unmonitored. Computers running this software will be busy exchanging files whenever the machine is turned on. Using P2P software can be, and often is very dangerous.
Downloading and sharing files which contain copyrighted material is against the law. The responsibility to restrict sharing and monitor the legality of files on your network lies solely with you and/or your employer (if it takes place at work using company equipment).
This is what can happen:
The Digital Millennium Copyright Act (DMCA) makes it a crime to create software that helps distribute copyrighted materials. It also limits an Internet Service Provider’s (ISP) liability if the ISP notifies the alleged infringer and suspends access to illegal copies of copyrighted materials.
Some of the P2P programs themselves contain “spyware” that allows the author of the program, and other network users, to see what you’re doing, where you’re going on the Internet, and even use your computer’s resources without your knowledge to carry our various activities –the most popular use at this time is to harvest computer power to mine Bitcoins. Another annoyance with this type of software is that once installed, these applications can be almost impossible to remove. In some cases a user has to know which files to remove and which registry entries to edit to completely get rid of the application. Content downloaded via P2P applications can be potentially laced with malware, be legally protected copyright data or be personal and/or private information. Tests carried out by various researchers have revealed that common P2P searches often contain very sensitive, private data including: patent applications, medical information, financial and other personal and business-related information.
Since the computers running the P2P programs are usually connected to a network, they can be used to spread malware. Another risk is that various types of illegal files can be downloaded and re-shared over P2P networks by mistake. Users can even have files placed on their machines without knowing by others who want to share illegal material without getting caught. This tactic allows nefarious users “spoof” their personal network and IP address information. Short explanation: they use YOUR computer network to distribute and share THEIR illegal material so, it’s traced back to YOU and not THEM. So, in the end, YOU will be the one getting the knock on the door from law enforcement.
“Stealing is Stealing and Wrong is Wrong”. There’s no need to use P2P software to enjoy music and movies. There are multiple free and LEGAL options available to watch movies and listen to music. While most of these free services are ad-supported, many also offer very low cost subscription options that, in my personal opinion, are worth every penny and are ad-free!
Some of the sites listed here, provide some or all content at no charge. They are funded by advertising or represent artists who want their material distributed for free. This is not an exhaustive list but, it’s a good place to start.
TV shows: Watch TV shows online legally and free->> Hulu TV
Music Listen to music online legally and free->> Pandora (personal favorite), Last.fm , I Heart Radio, Xbox Music and Spotify.
Remember that it’s important to delete any files on any machines which may have been obtained over a P2P network and to also remove the P2P software. Use caution while surfing the internet and use some of the legal alternatives mentioned above for consuming media. If you suspect users on your business network of using P2P software, please don’t hesitate to contact New River Computing for support.
As always, STAY SAFE!
Published December 17, 2012
Here’s a great info-graphic from the security researchers at F-Secure that explains how cyber-criminals steal money from bank accounts.
The original post can be found here.