Recently, the FBI has discovered a hacking threat that affects at least half a million wireless routers and other devices across the world. This malware creates a "botnet", a group of connected devices that can launch an attack simultaneously, and also allows these devices to steal website credentials or can shut the appliance down completely. Because these devices do not have an Intrusion Protection System (IPS) or an anti-virus solution, they are easily exploited. Small home and office products as well as network-attached storage devices are affected.

The FBI recommends:

  • 1) Reboot these devices to disrupt and help identify affected appliances.
  • 2) Disable remote management settings.
  • 3) Secure appliances with a new, strong and encrypted password.
  • 4) Keep firmware up-to date.
  • 5) Optional: Completely reset the device.

More reading:

https://blog.talosintelligence.com/2018/05/VPNFilter.html
https://www.ic3.gov/media/2018/180525.aspx

If you are not sure if one of your devices is affected, we can evaluate for best practices up to and including replacement of your network appliances with one of our recommended products. Contact us to schedule service.

LeeShanok takes IT security seriously and it is our duty to inform our clients about potential threats and vulnerabilities that can affect your business. LeeShanok is monitoring the current status of available updates and will continue to inform its clients of any new information.

If you have any questions or need assistance with checking and updating your devices, please don't hesitate to contact us.

Your Technology Partner,
The LeeShanok Team

Tucson: 520.888.9122
Phoenix: 602.277.5757

IT NEWS - Ransomware 2018


On May 31, 2018, Security Intelligence published a mid-year article “Are Ransomware Attacks Rising or Falling?” (https://securityintelligence.com/are-ransomware-attacks-rising-or-falling)


  • Ransomware is the top variety of malicious software, 76% of breaches were financially motivated, and 28% of attacks involved insiders (employees).
  • Ransom-related attacks are moving to more targeted methods, focusing on quality rather than quantity of targets according to F-Secure.
  • In 2017, Malwarebytes tracked a 90 percent increase in Ransomware over 2016, with monthly increases up to 10 times the rate observed the previous year.

Many of the following items are managed for you by LeeShanok. Please review the following checklist, and schedule a call with your LeeShanok Account Manager if there remains any uncertainty.


Monitor Activity - Be made aware of attacks that get through firewall.

Blacklist - Slenders, domains, and geographies that have sent malicious messages.

Backups - Back up servers and file shares regularly, and periodically validate effectiveness. Some backup strategies involve multiple sources and destinations, and may include software from more than one manufacturer. This adds to the complexity but the objective is the same, make sure you can recover from disasters.

User Profiles - If your user’s profile folders are on their local PCs, consider re-directing them to a common storage location that is included in backups.

Patches - Apply patches to Servers and end-user computers, Windows, devices, and software. It's true that updates occasionally cause problems, but a lack of updates will certainly increase vulnerabilities. If your server has updates in queue, don’t wait too long to apply and reboot.

End-Point Protection - Protect PC’s with antivirus/antimalware software from respected providers (we recommend Trend Micro). Make sure subscriptions haven't expired and that real-time protection is active. Central purchasing and administration allows for consistent protection, alert handling, license renewals.

Windows Firewall - Protect end-user computers with active Windows Firewall, or use the firewall if present in your antivirus software.

Network Firewall - Periodically review your network firewall to make sure it receives software and firmware updates and is supported. Businesses providing internet access to customer’s through a business center or guest-wifi will benefit from content filtering and traffic shaping. We recommend Cisco Meraki and Cisco ASA with FirePower.

Network Segmentation – Segment your network into logical groupings, limiting access by an attacker.

Educate Users – Let us host a free workshop for employees and satellite offices on "IT Security for the Common Worker", and we will even supply lunch for your team.



Your Technology Partner,
The LeeShanok Team

Tucson: 520.888.9122
Phoenix: 602.277.5757

Ransomware encrypts files and demands ransom. Malware-facilitated blackmail uses a different strategy, delivering trojan-class malware to mobile devices that gathers information and transmits it outside the network, then threatens to make public some private information unless you pay a fee, classic blackmail. More Information

In most cases, you can avoid malware by downloading apps only from Google Play Store, Microsoft Store and The Apple Store. But two apps in Google's Play Store (Wallpapers Blur HD, Booster & Cleaner Pro) were infected with malware that demanded $50 to stop a leak of photos, Facebook messages, web browsing history, emails, and location history to all contacts in the device and in breached cloud accounts like Facebook.

Before this malware initiates it's malicious activity, it must obtain permission to manage calls, read and send messages and have access to contacts. Why would a wallpaper app or an app that boosts a devices' performance need access to these areas? It doesn't, and should never have been given these permissions. Here is a familiar app and the permissions it has been granted:

So what can you do? First, read reviews of any app you are considering, though there can be fake reviews mixed in. Second, after download and installation, you will be asked to grant access permission to areas of your device and data. This is the time to stop, read and think through each granting. If any seem odd, then deny access and uninstall the app. Then do some research about the app, and only when satisfied should installation be completed. Third, mobile devices can be further protected with one of the free antivirus and firewall apps for Android and iPhone devices:

Best Security Apps and Antivirus for Android
Best Antivirus for iPhone in 2018
Contact us with any questions or concerns, or to discuss your situation in depth.

IT NEWS - MONSOON SEASON


Monsoon Storms can cause...

  • Shorts and Damage from WATER
  • POWER Surges and Outages
  • Failure from Excessive HEAT

WATER - In your server/comm room, look for gaps between floor, walls, and ceiling, and around conduit entry paths and terminations. Water will follow cables into rack-mounted and free-standing devices, then seek low points on the floor to pool. Being a good conductor with little resistance, water lets big current flow where it shouldn't, zapping anything in it's path.


Use Silicone based sealer to fill gaps in walls and around conduit and cable terminations. Patch roof coatings and gaps around flashing now to stop water on it's way to Arizona.


It's wise to stock up on a roll of plastic sheeting and several spools of quality duct tape. If you notice water entering above or near equipment, use the sheeting to direct it away from equipment and secure it with duct tape. This costs far less than a server "Turtle Shield" as shown:


POWER - Spikes, shorts, lows and outages cause unplanned shutdowns and can damage electronics and data. Uninterruptible power supplies (UPS's) condition lines against low voltage brownouts and power outages, which can spike when power returns. If power remains off, the UPS can initiate normal shutdown and avoid data loss. Check UPS batteries using monitoring software or dashboard.


Matching the UPS' power capacity to the equipment plugged in doesn't just make sense, it's important to increase the up-time after power outage, and to lengthen battery life. Servers can require 1500 VA, Desktop PC's 600 VA, Switches/Routers/Firewalls 350 VA, and you add the power consumption of all devices together for total power consumption.


If you haven't checked your backups in a while, now is a good time. Review logs for frequency and successful completion, then restore a few test files and folders. If you're not sure, create a new full backup before the first storm hits. We're here if you need help.


HEAT - Monsoon storms are accompanied by excessive heat. As dust accumulates inside enclosures and airflow around components slows down, it's like wearing a heavy jacket on a summer day with little wind. It won't take long to exceed your comfort zone. Most electronic components have built-in temperature limits that cause rapid shutdown to avoid damage. The best prevention is adequate airflow around the devices in a relatively dust-free environment, with all internal fans working well. Don't forget to annually air-wash the interior of your computers.


Monsoon storms can be dramatic, but these tips can help protect both network and data.


Your Technology Partner,
The LeeShanok Team

Tucson: 520.888.9122
Phoenix: 602.277.5757

LeeShanok has been nominated for a second time to be part of the Cisco Small Business Executive Advisory Board (SBEE). Cisco executives and senior management teams will meet with board members to encourage quality, interactive dialogue on the development of small business products, solutions, services, marketing programs, tool and initiatives.

The cornerstone of the SBEE is the opportunity to influence Cisco’s overall strategy and future direction in the small business segment.

“This is a great opportunity to partner with Cisco Systems, a leader in the technology industry, in support of providing new technologies that makes sense to small businesses. Being part of SBEE is a great opportunity to allow us to be the spokesmen on the technology needs for small businesses to Cisco”, LeeShanok said.

About LeeShanok
LeeShanok Network Solutions has provided professional IT consulting services in Arizona since 1997.

About Cisco
Cisco (NASDAQ: CSCO) is the worldwide leader in networking that transforms how people connect, communicate and collaborate.

For more information, media contact:
[Eric LeeShanok, LeeShanok Network Solutions (520) 888-9122, press@leeshanok.com]

The PCI Security Standards Council maintains and promotes security standards for the Payment Card Industry, providing tools to assess, train and certify companies involved in eCommerce. Credentialing of vendors help industries like Property Management reduce exposure by identifying PCI Compliant vendors. Don't worry, your selection of LeeShanok Network Solutions was a wise move, as we are PCI compliant and a member in good standing of The Compliance Depot.

On June 30, 2018, the eCommerce industry will say goodbye to SSL and early versions of TLS, and so should you.

SSL and TLS are cryptographic protocols used to create secure communications between two systems, authenticating them, and protecting the confidentiality and integrity of data passing between. SSL and early versions of TLS have vulnerabilites that cannot be patched and put organizations at risk of being breached.

Here is what you can do:

1. Attend a webinar to better understand the issue and recommendation, and if it affects your firm and payment card transactions - https://info.pcisecuritystandards.org/webinar-migrating-from-ssl-early-tls-video-2018
2. Enlist the help of your IT services vendor. If you are a Managed-IT client of LeeShanok, we've got you covered. If not, we can help you evaluate exposure and guide your conversion.
3. Migrate your devices to TLS 1.2, configure it securely, and keep it updated.

Contact us to discuss your situation, exposure and migration

IT NEWS - CURRENT SECURITY THREAT - IoT (Internet of Things) ATTACKS


The FBI has posted a warning regarding non-secured IoT(Internet of Things), or "smart" devices.


According to Techopedia, the Internet of Things is "everyday physical objects being connected to the internet and being able to identify themselves to other devices." This object no longer "just relates to its user, but is now connected to surrounding objects and database data." These objects can be refrigerators, garage door openers, thermostats, DVR's, healthcare appliances, vehicles, doorbells, door locks, fitness trackers and cellular phones to name a few. Even dog collars and hearing aids can be connected to the internet!


Hackers are searching for vulnerable devices to use "as proxies or intermediaries for Internet requests to route malicious traffic for cyber-attacks and computer network exploitation." A malicious cyber actor may gain access to and utilize the compromised device to invade a local network, send spam emails and/or attack other networks outside of the original one. Because the IP address of a local device is in the U.S., many of the filters that would block this type of behavior from known suspicious countries could allow this traffic to pass.


How to protect yourself:

  • Always keep a product's firmware and patches up to date. This includes routers and firewalls.
  • Reboot devices regularly.
  • Change any default passwords immediately. Never reuse a password on more than one device.
  • If possible, keep any IoT objects on a separate network or VLAN from the main network.
  • Install antivirus on any applicable devices and keep them up to date.

For further reading:
https://www.ic3.gov/media/2018/180802.aspx


If you are not sure if one of your devices is affected, we can evaluate for best practices and make recommendations. Contact us to schedule service.


LeeShanok takes IT security seriously and it is our duty to inform our clients about potential threats and vulnerabilities that can affect your business. LeeShanok is monitoring the current status of security threats and will continue to inform its clients of any new information.


If you have any questions or need assistance with checking and updating your devices, please don't hesitate to contact us.


Your Technology Partner,
The LeeShanok Team

Tucson: 520.888.9122
Phoenix: 602.277.5757

LeeShanok Network Solutions will be hosting a booth at the Arizona Multihousing Association Phoenix Trade Show May 10, 2018.

Click here to learn more!

You know the proverbial "lump in the throat", a common reaction among ethical rational people when viewing this latest attack on innocent human life.

Some of the recently discovered scams will strum your heartstrings into picking links or downloading flyers for...

  • Blood drives
  • Gun control
  • Exclusive videos
  • Donations to charities
  • Contributions to the families of victims

Our anti-phishing partner, KnowBe4.com, recommends each of us communicate with friends and family to be especially careful following sensational events (good and bad) with lots of news coverage.

Here's a tip we all should practice. When you receive an email, tweet, text message, phone call, or letter that you did not ask for, do not click on any links or buttons and do not call phone numbers in the message. Instead, open a web browser to a search field, and search for the organization. Then from their legitimate website, gather the email address or phone number and contact them directly. You can then safely pick most links with confidence, and gain legitimate access to resources without risk of infection or exploit.

For charitible donations, use the same technique by contacting the organization directly rather than through a link in an email or message. For blood drives, contact your local Red Cross directly rather than through any messaged link or downloaded flyer.

And if you are not sure, contact the experts at LeeShanok Network Solutions, and we will evaluate the situation and ensure your network remains safe.

Tips for Staying Safe

  1. Updates should come from an official manufacturer's website
  2. View emails from recognized senders only
  3. Verify the source before opening or downloading any files
  4. Check for grammatical errors or unusual information in emails
  5. Ensure that spam filters and antivirus are active and updated
SCROLL TO TOP