Has Malware Made a Home in Your Router?

Hackers and cybercriminals, like most people, tend to gravitate towards high-reward activities. In this case, that means that focus is turning to creating malware that attacks the router, potentially infecting the users that leverage it to connect wirelessly to the Internet. Researchers at Kaspersky Lab recently discovered an example of such a malware, so today, we will review this threat and how to best protect your network.

Slingshot

This threat, codenamed Slingshot, targets MikroTik routers and utilizes a multi-layer attack to spy on the PCs connected to the router. By replacing a library file with a malicious alternative that subsequently downloads other pieces of the malware, Slingshot is able to bypass security solutions unscathed. It then launches a two-pronged attack, one leveraging low-level kernel code to give an intruder carte blanche access to a system, the second managing the file system and preserving the malware – allowing it to continue.

If this sounds impressive, it is – not only does this attack access additional code from an encrypted virtual file system, it does so without crashing its host. This quality and complexity led the security experts at Kaspersky Lab to conclude that this attack was state-sponsored. Based on reports, this malware can collect just about any data that it wants to from its target, from keystrokes to passwords to screenshots to network traffic.

According to MicroTik, their routing firmware has received a patch for this vulnerability, but it is still unknown if routers from other manufacturers are affected. If they have, Slingshot could suddenly become a much larger issue than it already is.

Other Router Malware

Of course, Slingshot isn’t the only issue that affects router security. The fail-safes and security measures baked into routers have been historically unreliable. This can largely be attributed to manufacturers building numerous products with no comprehensive strategy concerning their security and keeping it up-to-date. However, this doesn’t mean that the user is off the hook, either. It is up to them to actually update the router’s firmware, not something that is necessarily their first, second, or even twenty-third thought. Furthermore, the updating process can often be challenging, as well as time-consuming.

Hackers will often change the DNS server setting on a router in order to attack a network. Rather than directing you to the secure website you are trying to navigate to, the altered DNS will instead send you to a phishing site. Since these sites are often convincingly created and designed to fool their targets, you may not realize you are being victimized until it has already happened.

In addition to attacks like these, hackers will also often use methods like barraging their targets with ads or infiltrating them via drive-by download. Some attacks leverage cross-site request forgery, where a hacker will develop a rogue piece of JavaScript that will attempt to load a router’s web-admin page to alter the router’s settings.

How to Mitigate Damage to You

If you suspect that you are the target of a router-based attack, your first step should be to confirm that something is wrong. While there are assorted ways to accomplish this, the most effective is to check if your DNS server has been changed. To check, you’ll need to access your router’s web-based setup page, and from there, the Internet connection screen. If your DNS setting is ‘automatic,’ you should be okay. However, if it says “manual,” with custom DNS servers entered, you may have a problem.

In order to mitigate damage in the case of compromise, you’ll need to make sure that your router matches the specifications set by the manufacturer. To do this, make sure you:

• Promptly install firmware updates: Keeping your router’s firmware up-to-date will assist you in keeping your router secure.
• Disable remote access: By disabling the capacity for your router to be accessed remotely, you prevent the chance of someone changing the settings without your knowledge.
• Disable UPnP: While there is definitely some convenience to be had with the assistance of plug and play capabilities, UPnP could lead to your router becoming infected, as it is predisposed to trust any requests it receives.
• Change your access credentials: A simple means of upping your security is to change your access credentials away from the router defaults.

If you want to know more about your cybersecurity, the professionals at Net Activity are there here to help you keep your network and infrastructure safe. Call us at 216-503-5150.
Source - http://www.netactivity.us/blog/malware-router/

Learn More about VoIP Architecture & Call Components

A lot has been written about the features and benefits of VoIP services. So, in this blog, we would concentrate on understanding the architecture and components of Voice over Internet Protocol (VoIP) services. We would consider the major components along with their individual functional characteristics.
The 4 major VoIP components include:

1. Signaling Gateway Controller
2. Media Gateway
3. Media Server
4. Application Server

SIGNALING GATEWAY CONTROLLER
The signaling gateway controller (SGC) is a known as ‘called agent’ due to its call control function and is popularly referred to as a ‘Media Gateway Controller’ because of media gateway control function included in the system. The SGC entity is the heart of VoIP platform and performs multiple roles out of which connecting the PSTN world with the IP world is its main function. Some of the main characteristics of SGC component are:

1. Supporting signaling system 7 (SS7) protocol stack
2. Supporting voice call control protocols such as H.323 or SIP
3. Supporting media control protocols such as Megaco (H.248) or MGCP
4. Generating detail call records
5. Providing bandwidth management control using admission control mechanisms
6. Supporting bandwidth policing mechanisms
7. Allocating media connections

MEDIA GATEWAY
The transmission of voice packets is performed by the media gateway by using RTP transmission protocol. The media gateway performs extra functions such as packetization when it’s used in a converged IP/PSTN network. It requires using IP trunks on one side and TDM trunks from the other. Some functions of the media gateway can be listed as below:

1. Supporting MEGACO or MGCP
2. Transmitting voice data using RTP
3. Supporting E1/T1 Trunks
4. Supporting various compression algorithms
5. Managing digital signal processing (DSP) resources

MEDIA SERVER
The role of media server comes into the picture when additional features such as video conferencing or voicemail is needed. It also assists when announcements or special tones need to be transmitted. Media server performs the following functions:

1. Voice activated dialing
2. Voicemail function
3. Transmitting customized call progress tones or special service announcements
4. Transmitting voicemail to email
5. Supporting Interactive Voice Response (IVR)

APPLICATION SERVER
Application Server takes the responsibility to provide value-added services to the IP network. The server provisions both – customer specific and global services. Moreover, session specifications and call characteristics are also influenced by the application server. Below are its main functions:

1. Offering basic services like call forwarding, call waiting, call transfer, etc.
2. Supporting private dialing plans
3. Generating call detail records (CDR)
4. Free Phone service

Once you opt for VoIP phone services, it is important to decide on a reliable VoIP service provider who can assist you with business-specific requirements and provide cost-effective services to your business. The Net Activity team is well-versed and well-equipped to serve your organization with a functional VoIP system. Please visit http://www.netactivity.us/services/voip-business-phone-services to know the details or contact Harry Bhatia at 888-545-5346.
Source - http://www.netactivity.us/blog/learn-more-about-voip-architecture-call-components/
 

Is Switching to a Third Party Hardware Maintenance Provider a Good Idea?

IT managers usually face the fiscal pressure of reducing costs while improving operational efficiency. One of the major costs involves repairing and replacing system hardware components. Strategies that help in extending legacy hardware life cycles are gaining popularity. They allow organizations to continue using the hardware for a longer duration and thereby minimize the cost of IT. While it’s difficult to maintain a balance between legacy and contemporary hardware, this complex environment invites major challenges, this complex environment is important to maximize the value of data center systems.

All of these strategies that aim at extending hardware life cycles focus on having alternative hardware maintenance plans. A major problem here is relying too much on the OEMs (original equipment manufacturers). They undoubtedly offer best-of-the-class experience; however depending solely on the OEMs would leave the hardware uncovered once the end-of-service-life date arrives. Moreover, the extended warranties are way too expensive. A better solution would be to hire the services of third party providers. Let’s see how…

Reduced Costs

Cash is often a huge concern and bottom line for IT managers while aligning operations and business priorities. Getting Dell, HP, EMC support from third party IT Managed Service providers seems to be more budget-friendly.

Simplified Approach

While concerning with OEMs for managing extended warranties of the hardware of your data centers is difficult. It leaves the IT managers confused with many points of contact and complexity that eventually increases the gap. A third-party provider possess the capability to handle multiple device types at a time ensuring that the IT managers focus on their core tasks rather than communicating with many points of contact at the OEMs.

Flexibility

OEMs have their support models. However, they concentrate more on their business’ core competency – selling hardware. Maintenance is the secondary goal and they often have rigid maintenance plans while they strive to excel in their primary goals i.e. the operational sales. IT managed service providers promote support activities as their core competency and therefore can adapt easily to different client demands. IT managers can be more comfortable working with these third-party providers.

Value Addition

A third-party IT maintenance provider offers reliable plans at the best market value. A partnership with them also gives IT managers the access to refurbished parts, making component purchasing decisions, migrating data, and help them move hardware between facilities.

Although hardware maintenance may not seem to be the game changer or revenue generator for businesses, it helps IT manager greatly to simplify operations. Net Activity, Inc. is an IT Managed Service provider in Cleveland that conforms to the latest technological advancements while delivering best-in-class service to its clients around Ohio. Please contact Harry Bhatia at 888-545-5346 to discuss further or visit our website http://www.netactivity.us/it-managed-services.html for more information.

Why Your IT Needs a Disaster Recovery Plan

We often hear in the news costly business disasters due to infected IT and mostly the losses are too big to overcome. Most of the time the IT disaster is harmful to an extent that data cannot be recovered and so, it is very important to have a disaster recovery plan. 

Although planning for the unexpected can be difficult, it shields you when a natural or man-made disaster happens. It’s unpredictable as to how likely your organization is prone to cyber-attacks, it is vital for every organization must take IT disaster recovery and prevention as its primary objective. Here’s why: 

HARDWARE IS BOUND TO FAIL 

While IT hardware is built with the most secure practices and using tough components, there are doorways to peep in. Internet connections are a profound source of these kinds of interventions and disaster recovery plan is the only way to save the priceless data from being corrupted. A more sensible option is to have your data regularly backed-up by outsourcing your IT infrastructure to a Disaster Recovery service provider rather than building your own data center. 

 

TO ERR IS HUMAN
Much like machines, humans also are not perfect. So, a disaster recovery system is essential that will keep log files by creating online backups and letting you restore files easily.

CUSTOMERS EXPECT PERFECT, ON-TIME DELIVERY
Customers have an advantage today as there are many options available in the market. If you can’t deliver on time, your competitor will. So, being prepared with a disaster recovery plan is always a good idea. You cannot complain about your anomalies to customers.

LOSING CUSTOMERS IS DEVASTATINGLY EXPENSIVE
It is widely known that retaining a customer is comparatively cheaper than re-acquisition of an old customer after an IT disaster. Customers maybe disgruntled when they learn that the organization they rely upon does not have enough security to secure their data. So, it is recommended to have a plan to detect defects long before they cause lasting damage to your business.

Net Activity, Inc. understands IT loopholes better and serves their best to shield you with proven disaster recovery plans and online backup systems. We are a company that has been providing IT Managed Services across the country since 2002 and ensure that your IT infrastructure remains safe and healthy.  Contact Net Activity today at 216-503-5150 to set up a Disaster Recovery Plan.

Source - http://www.netactivity.us/blog/why-your-it-needs-a-disaster-recovery-plan/

US Government’s Revelations Against North Korea Cyber Attacks

Recently, the FBI and The Department of Homeland Security (DHS) issued alerts to warn people of two types of malicious software or malware that the North Korean hackers are using to attack telecom, media, aviation, and finance industries. One of the malwares is known as FALLCHILL and has been in use since 2016. It facilitates hackers to get access of and monitor infected computers remotely. The malware spreads when users accidentally download it by visiting infected websites. The DHS and FBI also mentioned that FALLCHILL uses multiple layers of ‘proxy malware’ to conceal its origin and makes it even more difficult to trace the hackers.

Another type of malware introduced by the North Korean hackers, named VOLGMER uses a spear phishing technique to infect computers. It sends a legitimate-looking email with a link that spreads the virus when clicked on. The US authorities say that North Korean computer hackers have been using this malware since 2013.

According to the DHS and FBI identified both the above mentioned malwares to be in association with HIDDEN COBRA, a term used by the US government to refer to the “suspicious & malicious cyber activity by the North Korean government.” In the recent years, North Korea has been linked to a few of the most high-profile, destructive cyber attacks that includes a $101 million theft from Bangladesh’s Central Bank in the year 2016, an attack on movie studio – Sony Pictures in 2014 and several disruptions to its neighbor South Korea’s systems. These hackers also have been accused of being the mind behind Wannacry Ransomware attack in May 2017 that caused a terrible loss to hundreds and thousands of computers across the world.

The North Korean cyber attacks have been making headlines for quite some time. However, the countries that are capable of doing so are constantly tracking, watching and spying on the capabilities of other countries. They usually attack the countries that fall beyond its immediate borders with cyber intrusions or missiles.

Net Activity, Inc. is protecting businesses of such kind of malware attacks since 2002 and has proven the competence of its IT Managed Services at the time of cyber attacks. Secure your network and hardware system before a malware takes its control. Contact Net Activity today at 216-503-5150 to learn how to protect your business from these malicious attacks.

Source - http://www.netactivity.us/blog/us-governments-revelations-against-north-korea-cyber-attacks/

Hybrid Cloud - Definition, Benefits, & Limitations

Though cloud computing is not a new concept, it has its own set of complexities and people often try to overlook them ending up in choosing a cloud server that does not suit their specific business purpose. Since hybrid cloud is still a mystery for many, here is a brief understanding of what hybrid cloud is and how it helps businesses.

What is Hybrid Cloud? 

As the name suggests, hybrid cloud is a combination of public cloud server and a private cloud platform. Both these cloud infrastructures operate independent of each other and communicate using a technology that permits the portability of applications and data over an encrypted connection. The point of focus here is the public and private clouds work independently so that the business can extract the ability to leverage resources using a public cloud service and store privileged data on a private cloud server. This arrangement is very beneficial as there’s minimal exposure of data that ensures protection of sensitive data.

What are the benefits? 

One of the major benefits of hybrid cloud computing is utilization of a private infrastructure that enhances latency and access time when compared to public cloud servers. The volleying of threats among service providers and the halting of Net Neutrality, it’s not unacceptable that businesses rely on a single source. This is where switching to Hybrid Cloud servers is a game changer. Apart from securing your data, the hybrid cloud computing model provides a computational on-premise infrastructure that manages average workload for organizations while retaining the public cloud servers for fail over circumstances.

What are the limitations? 

Besides all the advantages hybrid cloud provides, it exhibits its own set of limitations and certain privacy/security issues. The network used to transfer information can be sometimes subjected to third-party interference. Data transfer is a critical operation that is very sensitive as it takes place across a network. Another point of thought is the price factor. There are many organizations that have a thin budget and as a result can’t afford the hybrid cloud solution. The upfront costs of acquiring the private servers are substantially high and are a deciding point for those who can otherwise opt for public cloud servers.

At Net Activity, Inc. we provide public, private, and hybrid cloud computing solutions to organizations. Please visit us at http://www.netactivity.us/services/cloud-computing-services to know more about our cloud services or call us at 888-545-5346.

Source - http://www.netactivity.us/blog/hybrid-cloud-definition-benefits-limitations/

Is Ransomware a Threat to Enterprise Back-ups?

Recently, in May 2017 a ransomware named WannaCry was the matter of discussion among many organizations. The considerable damage WannaCry made to some of the corporate giants was constantly in the news and organizations were horrified due to the extensive loss in data. However, interestingly it didn’t take much time for the organizations to recover the lost data back from back-ups. Although this is a good thing, it may be an alarming situation if the enterprises are slowly adapting to ransomware, it is surely going to target advanced backup strategies.

How could ransomware target system backups?

When the user attempts to hold data located at the target for ransom, it can be difficult for the target to restore it from the backup. Most of the home users and municipal corporations don’t invest heavily on data backup and recovery systems and rely on the basic, built-in protection for their computers, laptops, and servers. This basic system, known as Windows Volume Shadow Copy is present in the editions since Server 2003 and XP and stores pictures of the files on an endpoint. As it is commonly used by home users as well as small businesses, the ransomware such as WannaCry have tools to delete it.

Ransomware like Locky, WannaCry, Cryptolocker, and CryptXXX are capable of deleting the volume shadow copies with the help of strings in command line. This is probably the reason why some ransomware variants failed to make much profit as most enterprises use more robust protections than just shadow copies. WannaCry hit enterprises rather than attacking small businesses or home users and as a result global companies with thousands of employees fell victim to its attack. Within an enterprise, data backup adoption is at extremely high levels while cloud backup and recovery comprise a high percentage of cloud-based investments. Companies have the best potential to overcome a ransomware attack by restoring from backup.

Conclusively, with a malware like WannaCry, it’s proven by the ransomware authors they can attack enterprises. However, they don’t have a persistent mechanism. Additionally, the enterprise backups are too robust to cause much damage as they are capable of retrieving data from backups within a day at most. Although the enterprise backup systems are sufficiently secured, there’s something really to worry about as hackers intelligently innovate ways to overcome these technical obstacles. So, companies must be prepared with the possibility of ransomware attacking their backups for encryption or deletion.

Visit http://www.netactivity.us/wannacry-ransomware-latest-hack-explained-and-prevention-tips for more details about how Net Activity, Inc. is helping organizations stay protected from the malicious malware attacks.

Source - http://www.netactivity.us/blog/is-ransomware-a-threat-to-enterprise-back-ups/