Contact Info

Welcome to Euclid Networks’ Tech-Tips Blog : Please navigate using the categories on the right sidebar.

Scam Mail & E-Mails – License Scheme Targeting Corporation and LLC Owners

Many of Euclid Networks’ clients approach us, regularly asking for feedback on the validity of e-mails and mails they have received. Most typically, scammers have targeted a business owner, or senior partner – and are attempting to gain access to the company’s computer network.

In some cases, the attack is not targeted directly at the servers or network itself – but rather the employees themselves in an attempt to bypass all security measures that have been put into place. These attempts often appeal to authority – either by impersonating senior members of staff – or by appearing as credible communications from outside vendors or service providers.

The most recent attempt we’ve seen along these lines is a scam being run in states nationwide, where a sender impersonates a state’s department of revenue / licensing office – example below.

The above document shows a scam being run in Hawaii, but in Atlanta, Fulton County, and Georgia as well, similar schemes have been set up.

On the document we were asked about, an entity calling itself “C.P.F.S , 4279 Roswell Rd. NE – #208-339, Atlanta, GA 30342” requested payment on a “2020 – Annual Registration Instruction Form” for Georgia LLCs.

How to Spot Misleading Communications

The key indicator that a solicitation is not a valid request can be found in the fine print. By law, the soliciting company (the company that sends out these mailings) must include some variation of the following disclaimers:“SOLICITING COMPANY is not a government agency and does not represent a government agency.”

“SOLICITING COMPANY is not a government agency and does not have a contract with any government agency to provide this service.”

“SOLICITING COMPANY is not a government agency and is not affiliated with the Secretary of State or any other government agency.”

In this case, it’s relatively easy to spot – but in other cases, where businesses and their IT systems have been targeted by more malicious actors, the consequences can be more dire! Having a trusted technology partner on your side can help prevent targeted attacks – and when your business comes under attack, you’ll have someone in your corner to help fight back.

If you have been a victim of a mailing like the one we highlighted today, we strongly encourage you to report these misleading solicitations to the Secretary of State or Attorney General of the state where your business is registered. Many of these offices have been cracking down on those entities sending out fraudulent mailings, enforcing heavy fines and even taking legal action.

Also contact the Secretary of State or Attorney General if you have remitted payment in response to a solicitation that you suspect was fraudulent. You may be able to have your money refunded.

For more information and to contact the Georgia Secretary of State, you can visit :

https://sos.ga.gov/index.php/corporations/kemp_warns_businesses_about_scam_mail


Subdomain and Domain forwarding not working properly with GoDaddy and Sonicwall Firewall

Godaddy ​Domain and Subdomain Forwarding times out without forwarding, unexpectedly, when using a Sonicwall Firewall.

Domain Forwarding is typically used to redirect a user to a different website when they type in a URL in a browser. In this case, the forwarding will time out – with either a browser 404 error – or a CONNECTION_TIMED_OUT message. DNS resolution will work properly – subdomain.domain.com for example will return the correct A record, pointing to Godaddy’s IP addresses.

The domain redirect may work sporadically on some phones or computers where traffic is not directly passing through a Sonicwall firewall.

The reason for the failed domain forwarding is that by default the Sonicwall enables TCP Packet Sequence Randomization which causes Godaddy’s Domain Forwarding service to break. When doing packet analysis in Wireshark, we saw TCP ACK connections out of sequence and dropped connections.

To fix this issue:

  1. Login into the IP address of the Sonicwall firewall.
  2. Go to http://{firewall.ip.address}/diag.html – You will get a warning about Advanced Settings
  3. Click on Internal Settings.
  4. Untick the box: “Enable TCP sequence number randomization”
  5. Scroll up and click Accept.
  6. Click Close.
  7. Reboot the firewall.

Verify you can now access a Domain forwarded address.  Note that servers behind the firewall will be slightly more vulnerable to host identification by disabling this TCP Sequence Randomization. But in this case, it would be a fairly targetted attack, so the overall risk is low.


How to keep your children safe online?

Summer is here and your kids are home for long stretches of time. Here are our tips on keeping your home and children safe online.

Our number 1 tip is talk to your children! Communication is essential in maintaining a safe environment.
  1. Have a conversation with your kids: warn them about malware, dangerous websites, and sex offenders. Let your kids know you’re looking out for them, speak honestly with them, and listen. After all, if it’s just you talking, it’s not a conversation. It’s a lecture. And no one likes a lecture.
  2. Keep your computer in a common area of the house: it’s more difficult for sex offenders and online bullies to harass your child when you can see what your child is up to. So make sure your kids aren’t going to bed with their laptops and phones. Keep internet time in the common areas.
  3. Know which other computers your children are using: your children most likely have access to computers at school or their friends’ houses. Ask them where they go online, and talk to their friends’ parents about how they supervise their own kids’ internet use.
  4. Remind your children, “Don’t talk to strangers — or meet them”: Remind your children that people often lie about their age, and online predators often pretend to be children. Emphasize that your children should never reveal personal information like their name, address, phone number, school name, or even their friends’ names. Knowing any of this could help an online predator find your kid in real life. And under no circumstances should your child ever meet up with someone they met online without your permission. If you do agree to a meeting, go with your child and meet in a public place.
  5. Make internet time family time: You watch movies together. Why not browse the web together? Making it a family event can be fun. You’ll learn more about your kids’ interests, and can guide them to websites that are more appropriate to their age.
  6. Know your children’s passwords: If you’ve got a younger kid, create an account for them in your own name to avoid exposing your kid’s name — and so you’ll have the password. But please respect the age limitations on accounts. If a site says you should be 18 to sign up, then maybe your child should wait. Whatever your choice, though, make sure you get their passwords and warn them that you’ll be checking their accounts from time to time to make sure everything’s kosher. (Spying on your kids’ accounts without their knowledge could weaken their trust in you.)
  7. Watch for changes in your children’s behavior: Being secretive about what they do online, withdrawing from the family, and other personality changes could be signs that an online sex offender is preying on your kid. So keep an eye out for any behavioral changes.
  8. Pay attention to any gifts anyone gives your children: Sexual predators may send physical letters, photos, or gifts to children to seduce them. Stay alert, and ask your kids about any new toys they bring home.
  9. Check your children’s browsing history: Open your child’s web browser and look for “History” to see a list of websites they’ve been to. Also check the recycle bin to see if any files have been deleted. You may be surprised.
  10. Set rules — and stick to them: As a parent, it’s your job to limit your kids’ screen time, set boundaries for inappropriate content, and make sure your children stick to them. Talk to your internet service provider about filters you can use to block pornographic or violent websites, or invest in a Wi-Fi router with parental controls.
Searching and using the internet together is a great way to teach your children about navigating the multilayered online world.

Here’s What We Know About WannaCry / WannaCrypt / Wcry Ransomware

Over the weekend, businesses, institutions, and individuals in 12+ countries have fallen victim to a ransomware program known as “WannaCrypt”, or a variant thereof. For those unaware, WannaCry is fast-spreading form of malware that remotely targets nearby computers running on unpatched or unsupported versions of Windows.

Once infected, computers with this malware being encrypting all the user files they can find on the network, displaying a red ransom note (below) demanding $300 for a decryption key, with the cost increasing as time goes on.

From a technical perspective, the malware spreads via SMB – that is the Server Message Block protocol – typically used by Windows machines to communicate with file systems over a network.

Microsoft released a fix for the exploits (MS17-010, used as a part of its March “Patch Tuesday” release), but unpatched Windows systems remain vulnerable. If you are certain your PCs were updated after March 28th, you should be safe – if you’re unsure and would like to schedule an assessment, please contact us today!

 

Euclid Network’s Partner Update

For current partners of Euclid Networks, our proactive monitoring and maintenance software ensures all computers on service plans have critical Microsoft patches regularly reviewed, whitelisted by our partner NOC, and deployed to our client’s machines. We strongly believe in a proactive approach to IT Support, and ensuring software is up to date on business systems is our top priority.

Due to the seriousness of this particular outbreak, we are also manually reviewing our partner’s machines to ensure Microsoft security bulletin MS17-010 has been implemented across the board.

Additionally, our Antivirus partner, Webroot, has announced they have deployed preventative measures for this ransomware – and our partners using Dell Sonicwall Firewalls with Comprehensive Gateway Security Suite licenses should rest assured they have another layer of protection, with Sonicwall having discovered this malware and its variants as of mid-April.

 

Your Mitigation Strategies for Ransomware : Backup

In today’s technology environment, having good preventative measures in place is only the first step to having a comprehensive disaster plan in place.

Ideally, you want to have a 3-2-1 backup strategy in place. This means having at least 3 total copies of your data, 2 of which are local but on different physical devices (such as external storage drives) and 1 of which is offsite – preferably cloud based, with versioning capabilities.

If you don’t have a backup strategy in place, or want to re-evaluate your current plan, please contact Euclid Networks for a consultation!

If you’re unsure of how to assess your current needs, just consider your ability to recover from the following scenarios:

  1. All your files become corrupted (or encrypted) and replicated to your backup devices before anyone realizes.
  2. You have backup on one machine or server which is protected, but envision other devices that can communicate with your machine, and how they might be affected by the spread of malware.
  3. Envision a scenario where all your physical devices have been stolen, or your home or business is subject to fire or flood.

Resilience against all of the above scenarios is not difficult, but it takes careful planning, and continually reassessing your technology environment!

Save


Page 2 of 6123...Last