CACTUS IT

bevanpy

Single Sign On (SSO) company OneLogin has a major security breach

by

The global online identity management company OneLogin has reported that they have been the victims of a security breach. On the 31st of May 2017 OneLogin released a statement saying:

Today we detected unauthorized access to OneLogin data in our US data region. We have since blocked this unauthorized access, reported the matter to law enforcement, and are working with an independent security firm to determine how the unauthorized access happened and verify the extent of the impact of this incident. We want our customers to know that the trust they have placed in us is paramount.

ref: OneLogin press release

All impacted users should have received an email from OneLogin detailing the steps that they should take to secure their accounts and associated passwords.

This is the type of incident that will have to be reported by any and all UK businesses after GDPR regulations come into effect in May 2018. It also shows that EVERYONE is susceptible and that no company can claim to be immune from this type of incident.

The message here for me is to have a plan in place in case this happens to you…. and if you have a OneLogin account, you should have already reset your passwords including any that have been re-used.

Please contact Cactus IT if you have a business in the North of England and would like some help assessing your corporate data security needs. 

Microsoft responds to the recent WannaCrypt ransomware

by

Microsoft has acted quickly in response to the recent WannaCrypt ransomware attack that has seen massive global infections and disruption to critical healthcare services.

If you have any concerns about your business systems or are unsure about how or if this might impact you, Cactus IT are offering a free backup audit* that you are welcome to contact us about.

Engineers at the company have been working through the weekend to better understand the virus and also to release a security patch for the retired Windows XP and Windows Server 2003 products.

The Windows XP and Server 2003 operating systems went end of life in 2014 but are still used in production in many organisations. No security updates have been made publicly available since 2014, but this large scale attack on a known vulnerability has seen a quick response. Microsoft released a security patch earlier this year that patched the vulnerability for Windows Vista, Windows 7, Windows 8 and Windows 8.1. Please run windows updates as soon as possible to make sure that the March update has been installed. The recent attack is reported to not be targeting the Windows 10 operating system.

If you are still using Windows XP or Windows Server 2003 and would like assistance in migrating over to new and fully supported operating system, please contact us at Cactus IT to discuss a migration strategy.

For additional information on this ransomware attack, and to download the Windows XP and Server 2003 patches, please refer to this article from Microsoft: Customer guidance article 

  • Our free backup audit is for an hour of our time and is available for businesses in Yorkshire and surrounding areas- please contact us for more information

12th May “Global ransomware offensive”

by

To date, almost 100 countries have been impacted with the NHS in England and Scotland having to resort to pen and paper. Operations cancelled and Accident and Emergency units shut down by the crippling ransomware infection.

How did this happen?

Short answer: a convincing phishing email (SPAM email) was opened on a Windows PC that was not regularly updated.

A strain of ransomware names “WannaCry” has been delivered by a very well organised and synchronised mass email attack. The convincing email entices the recipient to open an attachment that infects Windows operating systems with the malware that exploits a vulnerability that has not been patched.

Cactus IT offer patch management solutions, please get in touch if your business Servers and PC’s are not regularly updated.

What does the malware do?

Once infected, the malware acts as the logged on user, gaining access to all of the files and folders that the user normally accesses. Systematically locking the files with an encryption key that leaves them completely locked for access and useless without the encryption key. The criminals are asking for a ransom to be paid in Bitcoins (a virtual currency) in exchange for the key to gain access to the locked files.

Only a backup can save you in this situation, Cactus IT offer a free backup audit to make sure that you have the right solution and that is “actually works”. Please contact us for more information.

Why didn’t my anti-virus prevent this ransomware?

The ransomware used in this attack was unique and had never been seen before. Known as a “Zero day attack”, without the signatures of this malware know to Anti-Virus vendors, it is invisible to the software.

A multi-pronged defence works best in this situation- Anti-virus, web filtering, firewall and user training. Please get in touch if you would like assistance with any of these defences.

What do you need to do?

  1. Backup, Backup, Backup!! Always keep a reliable backup of your critical files, with at least one copy “off site”. Follow the 3-2-1 backup rule
  2. Install business class anti-virus software and keep it up to date
  3. Regularly update and patch your Windows operating system and installed software (Windows XP and Server 2003 are no longer supported and no patch is available for this)
  4. Review your folder security access and restrict access rights to folders where possible
  5. Be vigilant and train your staff on how to identify suspicious email attachments and links

Cactus IT can help and assist you, if you are unsure about any of the points above, please contact us for advice.

If you are experiencing a live ransomware attack, then call Action Fraud immediately on 0300 123 20 40.

Office 365 data residency location

by

Will GDPR impact on your data residency requirements? 

Are you part of a United Kingdom business that subscribes to Microsoft Office 365 services? You may also have regulatory compliance’s that require your data to be kept within the United Kingdom?

If that is the case, then Microsoft now offers the option to relocate your data, but you need to act before the deadline of the 15th of September 2017.

EMEA (Europe, Middle East and Africa) Microsoft customers who subscribed for Office 365 services before the 2nd of September 2016 will have had their tenants created in EMEA and/or UK datacentres.

Microsoft services that can be relocated to the UK, currently include Exchange Online Mailbox Content (e-mail body, calendar entries, and the content of email attachments) and SharePoint Online site content and the files stored within that site, including Project Online and Access Online content.

Once relocated, Microsoft will not replicate the data outside of your region (the United Kingdom has its own region).

But there are some downsides to the move

Because moving mailboxes takes time, it is likely that you will have users with mailboxes in different regions at the same time. Some features involving accessing multiple mailboxes, won’t fully work during the move and some features like accessing shared calendars may only work in Outlook Web App. You will also have little control over when the move happens.. Anytime until 24 months after the request!

In summary, I would suggest that you only move if you have to. I would also suggest that if your organisation is small with less than 50 mailboxes, you should also consider creating a new tenant in the region of your choice and moving your own resources at a time that is suitable for your business.

Here are a few useful links that I have found relating to this:

Office 365 data centre locations:

https://o365datacentermap.azurewebsites.net

How to request a data move:

https://msdn.microsoft.com/en-us/library/dn879433.aspx

What to expect during and after the move:

https://msdn.microsoft.com/en-us/library/dn879434.aspx

If you need assistance relocating your data or assessing your needs, please contact us at Cactus IT where we would be happy to advise.

Using Redstor Instant Data to recover your Windows 2012R2 Server after a disaster

by

Disaster recovery is critical for business continuity, we all know that. But, how often is your strategy tested? In the video below, I demonstrate the backup and recovery of a Windows Server 2012R2 virtual machine using Cactus IT infrastructure powered by Redstor Backup Pro ESE software.

Redstor Backup Pro ESE (enterprise server edition) includes the “Full System Backup” feature that allows the software to take a complete backup of the server and all of its contents. This backup is sent to our cloud infrastructure where it is encrypted and replicated to a second secure location.

The restore process is very flexible and can be at a file and folder level, application level or complete Server level. This is done using Redstor’s Instant Data feature that runs as a separate application and does not require the full backup software to recover your server. It is easy to use and optimised for Cloud Backup.

I demonstrate a full Server recovery to Microsoft Hyper-V infrastructure that quickly recovers the server as a virtual machine. The complete process from starting the restore to logging onto the recovered virtual machine takes around 30 minutes. The download of the virtual hard drive took me around 25 minutes over my fibre ADSL connection, the solution is very flexible and there are also options to recover your data from a high speed local (LAN based) backup.

Cactus IT are available to design, install, test and maintain your backups with our hosted infrastructure and centrally managed, automated, cloud backup software.

Please contact us if you would like any advice or assistance.

Hackers Threaten To Remote Wipe Millions Of iPhones- Cactus IT has some advice

by

statement after receiving a demand for ransom from a group calling itself “Turkish Crime Family”. The $75 000 cryptocurrency (like Bitcoin) needs to be paid by Apple before the groups deadline of the 7th of April. The group claims to have access to nearly 600 million Apple email and iCloud accounts. Having this information could not only give them access to data, but they are threatening to remote wipe millions of iPhone’s.

Apple have responded to say

The News/Media website “Motherboard” contacted Apple who responded in an email:

There have not been any breaches in any of Apple’s systems including iCloud and Apple ID. The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.
We’re actively monitoring to prevent unauthorised access to user accounts and are working with law enforcement to identify the criminals involved. To protect against these type of attacks, we always recommend that users always use strong passwords, not use those same passwords across sites and turn on two-factor authentication.”

So no breach at Apple, but an admission that account information may have been obtained from other sources.

Cactus IT recommends you take the following action

Passwords: At the very least, you should review your current password for your Apple account to make sure it is secure and not used across multiple sites. Take a look at our previous Blog for help and advice with that.

Two-factor authentication: This is where you still use your secure Apple password, but have another layer of security to ensure that you are the only person with access to your account. Take a look at this article from Apple for instructions on setting that up.