A Huntress Labs Security Case Study :
Huntress has been hunting malicious actors across 50,000+ user accounts for 1,500+ small businesses enrolled in their Managed Detection and Response (MDR) for Microsoft 365 product.
This is a repost from Huntress Lab’s Security Blog, where they outline three recent cases, and how MDR was able to protect their partner’s accounts. Euclid Networks will begin offering MDR / Microsoft 365 tenant protection in the near future – Contact us today to learn more!
Microsoft announced recently that Windows 10’s End-of-Life date is set for October 14th, 2025. As a business owner, the practical impacts of this announcement can be difficult to sort out – but not to worry – Euclid Networks is here to help you sort it out!
October 14th, 2025 will will mark just over 10 years since Microsoft’s Windows 10 operating system was first introduced – we know, we know – we can’t believe it has been that long either. With the recent announcement of Windows 11 however, it’s important to get ahead of the game when planning your long term IT budget, and equipment upgrade paths.
The majority of our clients have moved on to Windows 10 for their OS, and are covered by our proactive patching and updating service – but for those who still haven’t, now is the time to make the switch. As Windows 10 and Windows 11 share the same “DNA”, upgrading from 10 to 11 promises to be much simpler than an upgrade from – for example, Windows 7, or Win XP.
Win 10 End-of-Life : What it means for your business
Once Windows 10 reaches its end-of-life, the operating system will no longer receive important security updates, or new features via patches. As it will have reached the end of its cycle, 3rd party software vendors will also begin phasing out their support for the operating system, meaning new versions of those programs will default to Windows 11 as their recommended platform.
As an IT support provider, we can’t stress enough how important keeping current on security updates is, for the protection of your business’ data, and overall network. The #1 avenue for malware and ransomware attacks is through outdated software. Outdated software can potentially cost your business tens, or hundreds of thousands of dollars in remediation and lost revenue.
Ransomware in 2020 : At a glance (source : Nationwide)
» The average enterprise ransom payment is $111,605.
» 205,280 organizations were affected by ransomware attacks in 2019.
» The average cost for victims of ransomware attacks to recover more than doubled in the final quarter of 2019. According to a new report from Coveware, a typical total now stands at $84,116. That’s a little over double the previous figure of $41,198.
Windows 11 : What’s New?
Start Menu : Windows 11 has a new, simplified Start menu. Live tiles are gone, replaced with a list of app icons and recent files. Documents you edit in Office apps on other devices—even devices that aren’t running Windows—will appear as recent files here, too, thanks to Microsoft 365. Don’t have Microsoft 365 yet? We can help – contact us today!
Multi-App & Multi-Monitor Support : Windows 11 also features “Snap Groups”, which helps organize your windows, as you multi-task. Selecting a single taskbar icon will now pull up a group of snapped apps. Also, when using Windows 11 on a tablet, windows that are side-by-side will automatically stack on top of each other when you change the device’s orientation.
Multiple monitors support is improving also, with a “new docking and undocking experience.” When you unplug a monitor, the windows on the monitor will minimize themselves rather than getting in the way. When you reconnect the monitor, Windows will automatically restore the windows to their original positions on that monitor.
Widgets and MS Teams on the Taskbar
Tighter integration with Microsoft 365 and Redmond’s cloud offerings, means integrations with its services like Microsoft Teams and Onedrive will be built directly into the Windows 11 task-bar. We’ve seen iterations of this pop up in the latest Windows 10 updates, but as MS moves forward, expect the benefits of using Microsoft’s cloud offerings for your business to increase!
& More!
Details are forthcoming, but stay tuned – Microsoft has planned to begin rolling out Windows 11 as soon as this fall – expect to begin seeing it on new devices soon.
About Euclid Networks
Euclid Networks is an IT support provider that brings a fresh, proactive approach to your business computing needs. We serve a wide variety of Atlanta area businesses, including Legal Firms, Healthcare Providers, Non-Profits, and Professional Services Providers.
Our experience in the technology industry and dedication to personalized service sets us apart. We’re real people, who care about tech support.
Atlanta – did you know, World Backup Day is March 31st?
Nerdy, we know – but according to a leading backup company, only 15% of organizations back up data multiple times a day. Depending on your organization’s data security requirements, this could be a problem. How much is losing 4 hours of company-wide productivity worth to your business? 4 days? 4 weeks? What is more, most businesses don’t have a documented disaster recovery process in place, which can lead to catastrophic results in the event of a system crash or failure.
Why back up?
For companies that rely on their digital work product – such as attorneys, marketing professionals, and other service providers – keeping your organization’s data safeguarded is essential. If you have a storage issue, backing up information can be the difference between staying in business and closing for many, such as those in regulated industries, or where information is essential to business operations.
Cyberthreats are another big reason to keep your data backed up – with malware and ransomware threats on the rise in 2021 and beyond. If your organization is hit with an attack, it can relieve some of the burden if an additional copy is available of your stolen information.
Backup 101 – What is “good” backup practice?
It is important to discuss the pros and cons of different backup frequencies and retention policies – including the total cost, how often you will need access to the backup of your data (restores), and how frequent your backups should be. For some data-reliant companies, backing up multiple times a day makes sense, as you are harboring highly sensitive information that would cause major problems for your business and clients if you lost access. Other organizations with less sensitive information may only need to backup once a day or week, especially if they do not have compliance regulations they need to follow like those in legal, healthcare, and financial markets.
Euclid’s recommendation? Follow the 3-2-1 rule.
For our IT and Tech Support partners, we always recommend following the 3-2-1 rule for essential data protection, a best practices or guideline for safeguarding data.
The idea of the 3-2-1 rule of data protection is to eliminate single points of failure – it is not a failproof policy or complete guarantee – but helps mitigate a large swath of potential data pitfalls.
How Euclid can help!
Contact us today for a cost-effective review of your current backup practices, and for our expertise with cloud and offsite backup. The “1” of the 3-2-1 rule can be difficult to implement, especially for small and medium sized businesses, but we’re here to help. And for larger organizations, our solutions cover both workstations and servers – including more complex SQL database and state-aware backups!
We’ve seen on over a dozen machines today, Microsoft Outlook (Office 365 continual update version) crashes, with 0xc0000005 errors logged in the event log.
The full text of this error is below.
Faulting application name: OUTLOOK.EXE, version: 16.0.13001.20266, time stamp: 0x5ef262ee
Faulting module name: mso98win32client.dll, version: 0.0.0.0, time stamp: 0x5ef2aa2d
Exception code: 0xc0000005
Fault offset: 0x000474b2
Faulting process id: 0x4cf0
Faulting application start time: 0x01d65ac9b0e13874
Faulting application path: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Faulting module path: C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso98win32client.dll
Report Id: 908e152f-636f-4f5a-9717-48a5576b3ccd
Faulting package full name:
Faulting package-relative application ID: Microsoft had acknowledged this crash and documented a resulting fix on Twitter, and on the Office 365 Support portal :
Title: Users experiencing Outlook connection issues and crashes
User Impact: Users may experience crashes or may be unable to access Exchange Online via Outlook.
More info: Our analysis indicates that Outlook on the web and mobile clients are unaffected. Users may be able to leverage those protocols as an alternative means to access email and service features while we remediate this problem.
Current status: Our initial review of the available data indicates that recently deployed updates are the likely source of the problem. We're performing an analysis of all recent service updates to isolate the underlying cause of the problem and to determine the most expedient means to restore service.
Scope of impact: This issue may potentially affect any of your users attempting to use Outlook.
The immediate fix for this is to roll back Microsoft Office versions, which can be done by opening a command line as Administrator and typing : cd "\Program Files\Common Files\microsoft shared\ClickToRun"
officec2rclient.exe /update user updatetoversion=16.0.12527.20880
After rolling back versions, Outlook should open and function as normal!
If you’re in need of a proactive, IT Support company in the Atlanta area, don’t hesitate to contact us today!
As we onboard any new IT support partner, one of our security and network assessment tasks is to validate a client’s server and disaster recovery environment.
As part of this assessment, we often find a customer will have a single point of failure with their active directory environment – most small businesses don’t have the resources to afford multiple servers, and often times previous systems administrators will have not had the foresight to follow best practices regarding building server resiliency.
One example of a point of failure with a single-server environment that we see all too often is DNS. In many cases, the Primary Domain Controller (PDC) will serve as the sole internal DNS provider. Meaning, if a power outage occurs, or if a PDC goes down for any reason, the entire office will “lose” internet connectivity – often a costly outage until technical help can arrive!
Many of these clients do, however, have secondary “server”-like devices – NAS units, Linux machines, et cetera. While using these as a “backup” DNS provider is not a best practice, we aim to provide the best tech support we can while utilizing resources a client already has in place – thus saving them money!
In the following, we outline steps to convert a Synology NAS device into a backup DNS server for an Active Directory (Windows Server 2019) environment.
1. Install DNS Package on Synology NAS – straightforward, by opening Package Manager.
2. Set up a “Slave Zone” – Within Synology’s DNS manager, create a slave zone, set domain type to Forward Lookup Zone, and enter your PDC’s DNS information.
3. Set up DNS Resolution and forwarding on the NAS – In the below, we have enabled the resolution service, and also forwarders. In our lab, we actually do have a backup local DNS server (192.168.1.8 here), but also forward on DNS requests to Google (8.8.8.8/8.8.6.6) to allow for internet connectivity during PDC downtime.
4. Configure DNS Forwarding on PDC – On your server, open DNS, select your AD’s forward lookup zone, open properties.
4.1 Under Zone Transfers, ensure Allow Zone Transfers is enabled, to servers listed in the DNS Tab.
4.2 Under Notify – Ensure the same setting is enabled.
4.3 Add your Slave Name Server to the list of configured name servers. Important – ensure your server validates, with a green check once its FQDN is added.
5. Verify DNS records and Zone Transfer has completed – On the Synology DNS Manager, under ‘Zones’, select ‘Edit’ and open ‘Resource Record’ you should find propagated records.
Optional but recommended – repeat steps 2-5 for the Reverse Lookup Zone (EG, 1.168.192.in-addr.arpa) and _msdcs.yourlocal.domain. You *do* have a reverse lookup zone configured, don’t you? =)
6. Add your New DNS Server to DHCP – Don’t forget to configure your DHCP leases to include your new backup DNS server!
7. Test out DNS resolution – Finally, test your new server to ensure it’s resolving external domain names correctly, and test a failure of your PDC by taking it offline. Success!
If this writeup has been helpful to you, please share your comments below. And as always, if you’re looking for proactive managed IT service in Atlanta, Euclid is here to help!
Godaddy Domain and Subdomain Forwarding times out without forwarding, unexpectedly, when using a Sonicwall Firewall.
Domain Forwarding is typically used to redirect a user to a different website when they type in a URL in a browser. In this case, the forwarding will time out – with either a browser 404 error – or a CONNECTION_TIMED_OUT message. DNS resolution will work properly – subdomain.domain.com for example will return the correct A record, pointing to Godaddy’s IP addresses.
The domain redirect may work sporadically on some phones or computers where traffic is not directly passing through a Sonicwall firewall.
The reason for the failed domain forwarding is that by default the Sonicwall enables TCP Packet Sequence Randomization which causes Godaddy’s Domain Forwarding service to break. When doing packet analysis in Wireshark, we saw TCP ACK connections out of sequence and dropped connections.
To fix this issue:
Verify you can now access a Domain forwarded address. Note that servers behind the firewall will be slightly more vulnerable to host identification by disabling this TCP Sequence Randomization. But in this case, it would be a fairly targetted attack, so the overall risk is low.
Summer is here and your kids are home for long stretches of time. Here are our tips on keeping your home and children safe online.
Over the weekend, businesses, institutions, and individuals in 12+ countries have fallen victim to a ransomware program known as “WannaCrypt”, or a variant thereof. For those unaware, WannaCry is fast-spreading form of malware that remotely targets nearby computers running on unpatched or unsupported versions of Windows.
Once infected, computers with this malware being encrypting all the user files they can find on the network, displaying a red ransom note (below) demanding $300 for a decryption key, with the cost increasing as time goes on.
From a technical perspective, the malware spreads via SMB – that is the Server Message Block protocol – typically used by Windows machines to communicate with file systems over a network.
Microsoft released a fix for the exploits (MS17-010, used as a part of its March “Patch Tuesday” release), but unpatched Windows systems remain vulnerable. If you are certain your PCs were updated after March 28th, you should be safe – if you’re unsure and would like to schedule an assessment, please contact us today!
For current partners of Euclid Networks, our proactive monitoring and maintenance software ensures all computers on service plans have critical Microsoft patches regularly reviewed, whitelisted by our partner NOC, and deployed to our client’s machines. We strongly believe in a proactive approach to IT Support, and ensuring software is up to date on business systems is our top priority.
Due to the seriousness of this particular outbreak, we are also manually reviewing our partner’s machines to ensure Microsoft security bulletin MS17-010 has been implemented across the board.
Additionally, our Antivirus partner, Webroot, has announced they have deployed preventative measures for this ransomware – and our partners using Dell Sonicwall Firewalls with Comprehensive Gateway Security Suite licenses should rest assured they have another layer of protection, with Sonicwall having discovered this malware and its variants as of mid-April.
In today’s technology environment, having good preventative measures in place is only the first step to having a comprehensive disaster plan in place.
Ideally, you want to have a 3-2-1 backup strategy in place. This means having at least 3 total copies of your data, 2 of which are local but on different physical devices (such as external storage drives) and 1 of which is offsite – preferably cloud based, with versioning capabilities.
If you don’t have a backup strategy in place, or want to re-evaluate your current plan, please contact Euclid Networks for a consultation!
If you’re unsure of how to assess your current needs, just consider your ability to recover from the following scenarios:
Resilience against all of the above scenarios is not difficult, but it takes careful planning, and continually reassessing your technology environment!
If you own a legal practice, design firm, or other small business and have a decent grasp of technology, you might be tempted to “go it alone” – and handle the technical side of your business yourself. As a business owner, it’s only natural to try and do so – after all, you’re great at what you do! But, don’t think that your ability to solve problems and get things done is enough to keep your computer systems running in all cases – many technological problems can be complex and require a trained professional to solve.
At some point, a network glitch, virus or software issue will threaten to bring your entire business to a halt, costing you what you thought you’d save – or even more – by going it alone. Even a simple problem can require hours of troubleshooting and shift your focus away from other important business tasks, possibly leading to unplanned downtime and unnecessary expenses.
To keep your applications, network, servers, computers and other technology running, it’s worth considering contracting an IT provider. If you don’t have the money to hire a full time IT manager to work on staff, an outside provider can just as aptly handle the day-to-day management of your small business’ technological needs. Euclid Network’s Managed IT Support Plans do just this! A competent IT provider can offer deployment, maintenance and proactive IT management assistance, and will be there when you need solutions for simple but important questions and problems – all for a reasonable fee.
In many cases, an IT provider can help manage your technology better than you – a busy small business owner with many areas to supervise – can. The provider will minimize irksome tech issues that slow productivity and increase costs, and will look for ways to maximize your technological tools so that you can get the most for your IT spend, increase productivity, and help your business grow.
If you’re ready for a new technology partner for your Atlanta based business, give Euclid Networks a call – helping solve your tech problems is our forte!
