Updates for MAC including recent Zero Day – Are you caught up?

updates for macOS Sierra

It’s December; let’s not forget about the MAC community and the recent updates available for the MAC OS.

Since the release of macOS Sierra 10.12.1, Security Update 2016-002 El Capitan, and Security Update 2016-006 Yosemite on the 24th of October 2016, there have been a number of updates to both Apple and 3rd-party products.

Here are some highlights to consider and possible updates you may want to verify you have.

November 30th – Zero Day Critical update CVE-2016-9079 for a use-after-free vulnerability in SVG Animation in Mozilla Firefox, Firefox ESR, and Thunderbird allowing attackers to execute arbitrary malicious code on a target machine.

Although there have only been documented active exploits on computers running Windows, the vulnerability is present in the Mac OS X version of the browser.

November 29th – Update CVE-2016-4780 for a null pointer de-reference issue in macOS Sierra 10.12 Thunderbolt allowing applications to execute arbitrary code with kernel privileges. This update includes improved input validation.

November 27th – 2 Updates for macOS Sierra 10.12:

  • AppleMobileFileIntegrity had a validation issue where a signed executable could substitute code with the same team ID. Update CVE-2016-7584 added additional validation.

  • FontParser had a buffer overflow in the handling of font files where a maliciously crafted font file could lead to arbitrary code execution. Update CVE-2016-4688 added improved bounds checking.

November 14th – Update CVE-2016-7580 for an issue in macOS Sierra 10.12 Mail where a malicious website could cause a denial of service. This update includes improved URL handling.

November 8th – Critical update APSB16-37 for Adobe Flash Player.  This update contains 9 different CVEs to address a vulnerability that could allow malicious native code to execute without a user being aware.

 

Cybersecurity in 2016: Predictions from Elsewhere

Cybersecurity(Own)(4)One of the best things about this time of year is the spate of predictions that accompany the season. Herewith, a look at some of the more interesting security-related predictions from various IT and security industry observers.

Forrester Research “is one of the most influential research and advisory firms in the world”—according to the company’s website. Hard to argue. On Nov. 30, 2015, Health Data Management published “5 Cyber Security Predictions for 2016,” a summary of predictions from Forrester. Here’s what Forrester predicts, according to that article.

  • We’ll see ransomware for a medical device or wearable
  • The U.S. Government will experience another significant breach
  • Security and risk pros will increase spending on prevention by five to 10 Percent
  • Defense contractors will fail to woo private industry with “military grade” security
  • HR departments will offer identity and credit protection as an employee benefit

On Dec. 15, 2015, Network World published “A Few Cybersecurity Predictions for 2016,” an article by Jon Oltsik, principal analyst at Enterprise Strategy Group (ESG). ESG is a firm with “a 360o perspective” and “remarkably detailed, nuanced views of technologies, industries, and markets”—according to the company’s website. Herewith, a summary of Mr. Oltsik’s predictions from that article.

  • Greater focus on cyber supply chain security
  • The consumerization of authentication
  • Cyber insurance continues to boom
  • A rise in ransomware

A wide range of predictions can be found in “The 2016 Websense Cybersecurity Predictions Report.” The report is produced by Raytheon|Websense Security Labs, part of a joint venture that combines Websense with Raytheon Cyber Products. The venture “brings together researchers, engineers and thought leaders from around the world to discover, investigate, report and – ultimately – protect our customers from sophisticated, evasive and evolving Web- and email-based threats,” its website says. The predictions from its report appear below.

  • The U.S. elections cycle will drive significant themed attacks
  • Mobile wallets and new payment technologies will introduce additional opportunities for credit card theft and fraud
  • The addition of the gTLD [generic top-level domains] system will provide new opportunities for attackers
  • Cybersecurity insurers will create a more definitive actuarial model of risk – changing how security is defined and implemented
  • DTP [data theft protection] adoption will dramatically increase in more mainstream companies
  • Forgotten ongoing maintenance will become a major problem for defenders [of IT security] as maintenance costs rise, manageability falls and manpower is limited
  • The Internet Of Things will help (and hurt) us all
  • Societal views of privacy will evolve, with great impact to defenders

Perhaps some of the most interesting predictions for 2016 and beyond can be found in “McAfee Labs Report 2016 Threats Predictions.” McAfee Labs, now part of Intel Security, “is one of the world’s leading sources for threat research, threat intelligence, and cybersecurity thought leadership,” according to the report’s introduction. The report begins with a five-year look into the future, created by 21 of Intel Security’s thought leaders. Here’s a summary of what they predict for the next five years.

  • The cyberattack surface will continue to grow, thanks to continuing explosive growth in users, devices, connections, data and network traffic
  • Attacks and defenses will continue and increase a shift in focus, away from systems and applications and toward firmware and chips themselves
  • Attacks will continue to become more and more difficult to detect
  • Virtualization will present more and different cybersecurity threats and opportunities, especially as network function virtualization (NFV) grows in popularity
  • New device types, including wearables and those connected to the Internet of Things (IoT), will challenge security efforts, and cyber threats will continue to evolve
  • IoT security standards will evolve and improve
  • The growing value of personal data will lead to more sophisticated thieves and markets, and more security and privacy legislation.
  • The security industry will fight back, with new and evolving tools including behavioral analytics, shared threat intelligence, cloud-integrated security and more automated detection and correction.

The range of these predictions and the common elements that link many of them provide valuable guidance and validation to any of you who are seeking to improve security at your enterprise. And of course, we at Shavlik have our own predictions to add to the mix, as well as a review of how well we did with our end-of-2014 predictions. You can download these here. We hope you’ll find all of these predictions, from Shavlik and elsewhere, helpful and inspirational. Here’s to a happy, productive, profitable and secure 2016 for you and your enterprise.

Shavlik’s 12 Beers of Christmas 2015 Edition

12-Beers-of-Xmas

Happy holiday’s everyone! Last year, we did our first 12 Beers of Christmas blog post where the team gave some recommendations of their favorite beers. This is a tradition that actually started from an eight-year practice of doing a beer exchange in our office instead of cookies or Secret Santa. So for all you beer fans out there, here is the 2015 edition of the Shavlik 12 Beers of Christmas. Enjoy!

Randy, Manager, Software Engineering
Mark, Software Engineer
Beer recommendation: Surly Todd – The Axe Man
Style: IPA
ABV: 7.2%
IBU: 100
Description: Todd – The Axe Man is a recipe created by Amager Bryghus in Denmark. The recipe was created for Todd Haug of Surly Brewing. A potent IPA loaded with fresh American aroma hops on a base of rich Golden Promise malt, Surly’s signature malt. Randy says that if you like IPAs, this one is a no brainer. Mark finds it a perfect substitute for Pliny the Elder, which is hard to come by in Minnesota.

So Todd – The Axe Man quickly became an office wide favorite, but since this is supposed to be the “12 beers of Christmas” and not the “1 beer that 12 people liked this Christmas”, I have asked the rest of the team to go down to their next picks.

Matt, Software Engineer
Beer recommendation: Toppling Goliath Pseudo Sue
Style: American Pale Ale
ABV: 7%
IBU: 50
Description: Due to the lack of availability of Pliny, and the rise in popularity of Todd – The Axe Man and by such its growing lack of availability, Matt finds Pseudo Sue the next best thing. This single hop ale showcases the Citra hop. Named for the largest T-rex fossil ever discovered, she roars with ferocious aromas of grapefruit, citrus, mango and evergreen. Delicate in body with a mild bite in the finish.

Brent, Software Engineer
Beer recommendation: Greenbush Unicorn Killer (He would have picked Todd, but Randy and Mark had already beat him to it.)
Style: Spice Beer\Pumpkin Ale
ABV: 7.4%
Description: While Brent is not normally a fan of spice beer, hey says this one is perfectly balanced. Notes of caramel, bread, cinnamon, and clove make this heavier version of the seasonal pumpkin ale a good one.

Travis, Product Support Engineer
Beer recommendation: McMenamins Hammerhead Ale
Style: American Pale Ale
ABV: 6%
Description: Travis is part of our support org out of Salt Lake City. This rich chestnut colored gem is a model of harmony between hops and malted barley. Hammerhead’s signature Cascade hop nose and intense hopped flavor blend nicely with the caramel tones from the crystal malt.

Geoffrey, Technical Support Engineer
Beer recommendation: Wasatch Brewing Ghostrider
Style: White IPA
ABV: 6%
Description: Also with our Salt Lake City team, Geoffrey recommends this as a “gateway” to the wide world of IPAs.  It is smooth and flavorful and light and perfect for any meal pairing. Plus, it goes to show that Utahn’s can make good beer. In the three years I have been with LANDESK, I have seen quite a change in SLC. The beer scene has improved greatly and Wasatch is one of the big contributors to that improvement.

Brian, QA Engineer
Beer recommendation: Dogfish Head 120 Minute IPA (not to be confused with 120 Minute Pineapple)
Style: Imperial IPA
ABV: 18%
IBU: 120 (That is a ton of hops)
Description: Now Brian is in QA, so that should be noted here. Quality Assurance is approving this beer. He says “it’s like getting voluntarily smacked in the face with a bag of hops.” Too extreme to be called beer? Brewed to a colossal 45°P, boiled for a full two hours while being continually hopped with high alpha American hops, dry-hopped every day in the fermenter for a month, and aged for a month on whole leaf hops, 120 Minute IPA is by far the strongest IPA ever brewed. And at 21% ABV and 120 IBU’s, you can see why we are calling this the Holy Grail for Hopheads.

Nick, Software Engineer
Beer recommendation: Hacker-Pschorr Oktoberfest Märzen
Style: Oktoberfest/ Märzen
ABV: 5.8%
Description: This is a decedent of the original Märzen style beer. Bavarian barley slow roasted, caramelized to a rich, red amber color combined with the purest spring waters from the Alps, exclusive yeast and the finest Hallertau hops.

Neil, Territory Sales Manager
Beer recommendation: Andechser Bergbock Hell
Style: Heller Bock
ABV: 7%
Description: From one of our Sales reps across the pond.  He says this was a staple when he lived in Germany.  He also recommends the Dunkel from Andechser.  Aromatic and mild.

Tyler, Software Engineer
Beer recommendation: New Glarus Scream
Style: Imperial IPA
ABV: 9%
IBU: 85
Description: Scream boasts an inspired 85 IBUs that reverberate cleanly though this IIPA. New Glarus Brewery grown estate hops join other Wisconsin grown hops to dominate this brew from Kettle Boil to Dry Hopping. You hold a deceptively seductive Original Gravity of 20.9 degrees Plato following the always 100% naturally bottle conditioned fermentation. Luscious Wisconsin grown and malted barley along with English Maris Otter malt is the bold heart of this lustful sensory enchantment. Surrender is inevitable so enjoy today.

Ben, Territory Sales Representative
Beer recommendation: Heritage American Expedition
Style: Wheat Ale
ABV: 4.5%
IBU: 10
Description: a light bodied American wheat ale. Bathed in farmers honey and spiced with ginger, it will give any traveler the fortitude and perseverance to carry on.

Bob, Channel Account Manager
Beer recommendation: Southern Tier 2xStout
Style: Sweet Stout
ABV: 7.5%
Description: Double Milk Stout
“2 varieties of hops & 3 types of malts”
Milk stout, also called ‘cream’ or ‘sweet’ stout, is a stout containing lactose, a sugar derived from milk. Because lactose is unfermentable by beer yeast, it adds sweetness and body to the finished beer. Milk stouts have been claimed to be nutritious, and were marketed as such in the early 1900s with claims that would make the FDA wince. One ad read, “Ideal for nursing mothers, for the healthy, for the invalid, and for the worker.” Surely! Of course, we couldn’t stop at a traditional milk stout. Ours is a double, an addition to our 2X line, and at 7.5% abv is every bit as delicious as it sounds. To your health!

Byron, Systems Administrator
Beer recommendation: Left Hand Milk Stout Nitro
Style: Sweet Stout
ABV: 6%
Description: This English style of beer, also known as Sweet Stout or Cream Stout, first appeared in London in the late 1800’s. The early brewers touted the health benefits of the milk sugar in this beer which today relates mainly to the increased amount of calories (no real health benefits…sorry). The milk sugar adds a well-rounded sweetness to this dark beer and makes it an outstanding, year ‘round stout.

And because I don’t want to be left out you get a bonus 13th Beer of Christmas!

Chris, Product Manager
Beer recommendation: Samuel Smiths Yorkshire Stingo
Style: English Strong Ale
ABV: 8%
Description: I found this in London at a pub called the Chandos.  Since then I found this is distributed in the US which is AWESOME! Bottle conditioned only. Some of the oak casks at Samuel Smith’s date back more than a century with the individual oak staves being replaced by the Old Brewery coopers over the years. Gradually the casks soak in more & more of the character of the ale fermented in stone Yorkshire squares. Yorkshire Stingo is aged for at least a year, matured in these well-used oak casks in the brewery’s underground cellars deriving fruit, raisin, treacle toffee, Christmas pudding and slight oaky flavors, before being further naturally conditioned in bottle.

Whatever holiday you may be celebrating, may it be filled with joy, family, great food, and great beer.

From all of us at Shavlik, have a happy holiday season!

Why you should #fearthetoaster!

Back to work after a long holiday weekend! I thought I would start the week off with a recap of LANDESK Interchange 2015. The show was great! The very first keynote showed off some of the new workspaces which bring together LANDESK Systems Management and Service Desk features for the user that will make life easier. The ability to use your phone to take an image of on-screen errors and have a solution presented to you, without having to contact IT directly, was pretty cool. The new security workspace was also very interesting to see, but the highlight of the keynotes for me was on day two and three.

The keynote on day two focused on Security. Rob Juncker, Tom Davis, and Steve Morton talked about how more devices are being connected to the internet every day. The Internet of Things is bringing us more innovative life experiences than ever, but with this more connected world we have larger concerns. Self driving cars, internet connected toasters, voice activated TVs (which vendor admit are spying on you), and much more are getting connected every day. Rob then scared everyone by talking about that internet connected toaster and how it may be used as an attack to potentially burn down a house. Scary realization.

The final day of the event, we had a guest keynote speaker, Marc Goodman, author of Future Crimes. Marc hit on all the topics from they keynote the day before and really opened some eyes. Marc talked about the exponential growth of technology and the proliferation of internet connected devices. And while really cool things may come of these trends, ultimately, it is leading us to a world where crime knows no borders, no boundaries, and becomes less and less personal. A good example of this is the hacking ring which reportedly has stolen up to $1 billion from banks globally. These are not street thugs walking into banks with masks on, but cybercriminals with the skills to target more than 100 banks in 30 countries.

Marc talked about the risks the future brings if we are not diligent about security. Risks like exploiting vulnerabilities in a car and he even went as far as to share this photo in reference to the previous day’s keynote conversations around toasters #fearthetoaster.

killertoaster

 

While no toaster exploits have occurred yet, the message was clear. In a future where more of our world will be connected, more of that world will be exposed to risks. Marc’s message was about awareness. We can do great things if we work together. If companies do their part in securing the customer and personal data they collect, and if the new innovators creating the next connected device do so with security in mind, we can mitigate these risks.

Check out Marc’s Update Protocol on his website and his book Future Crimes.  There are some tips here that will help you protect yourself and your company.

Happy National Beer Day!

For those of you who are followers of our team, you know that we here at Shavlik enjoy a good beer. Today we are going to go off topic and focus on National Beer Day. I have been working on a house project that is nearly complete, but didn’t make it in time for National Beer Day. I am changing over from bottling my own home brew to kegging. I have almost everything ready. Even got the first beer I plan to keg already started (Belgian Tripel). The kegerator itself is, unfortunately, on back order until end of April. **Sigh**

Kegerator

Beyond Patch: Shavlik Protect Anti-Virus

Having effective patch management and anti-virus practices are two of the most basic building blocks of network security.

However, this often requires separate software solutions that come with separate agents and most importantly, separate costs. With Shavlik Protect’s antivirus, you can bring together what all too often is separate:  patch and A/V.

Shavlik’s anti-virus solution provides:

  • Access to patch and antivirus capabilities as well as reporting from a single console
  • A single-agent for managing patch, anti-virus, and anti-spyware policies
  • The ThreatTrack Security VIPRE engine

Check out this video where Shavlik Product Evangelist John Rush walks you through the anti-virus capabilities within Shavlik Protect. For more information, please contact us at sales@shavlik.com.

Did you know … ?

Did you know?

Did you know?

Here it is my turn to contribute to the Shavlik blog, and I am stricken with “bloggers’ block.” As I try to think of insightful things to say, (those who know me know I rarely say insightful things), nothing comes to mind but questions.

So in the spirit of acceptance of things that can’t be changed, let’s just go with the questions gig.

Did you know…?

  • Shavlik is hosting two webinars this week. “Getting Started with Shavlik Patch” will help new or trial users of Shavlik Patch get up and running and optimize their third-party patching process within SCCM. “Simplified Third-Party Patching for Microsoft System Center” will explain how Shavlik can help you select and deploy third-party patches all from within SCCM. Getting Started with Shavlik Patch
    Wednesday, June 18, 2014 10:00am CDT
    Register Now

Shavlik Technical Support from Start to Finish

We recently caught up with the Shavlik technical support team to learn more about its role in solving customer issues with Shavlik products and services. The Backline Support team, which includes Chase Norton, Adam Gindt, and Charles Winning, has built a strong support staff as well as a lively online community of Shavlik users, who help each other through peer-to-peer questions and use cases.

Q: Can you tell us more about how you help customers find the support they need?

Technically Speaking – The Shavlik Technical Sales Team

We recently caught up with the Shavlik technical sales team to learn more about its role in helping customers make better connections with the Shavlik products and services they are considering or are already using every day. The team, which includes John Rush, Clifton Slater, Ryan Worlten, and Guido Adriaansens, has the customer covered no matter where they are in the world. As you will see, this is a unique gathering of talent. The team even includes a former customer that believed so strongly in Shavlik that they came on board!

Q: Can you tell us more about how you help customers learn about Shavlik?

A: Sure, through our sales team we help customers connect with any learning they might need to help them make a decision about purchasing a product or even brushing up on things they may need to know to help them get the most out of Shavlik products.

Q: Do customers call you or are they put in touch with you?

A: We generally support the sales team. The sales team has a pretty good pulse on our customers. Our sales representatives talk to the customer and find out more about their pain points and what they need to learn. From that initial information we consult both sales team and the customer to recommend the best learning tools to address the issue.

Q: What types of tools do you have at your disposal?

A: The learning opportunities we help build for the client include just about anything the customer could need to help inform them in the sales decision. We walk customers through demonstrations, provide on-site demos, lunch and learn sessions, meet and greets, webinars and online product demos.

Q: What have you learned from your vantage point?

A: We have learned that patch is still puzzling for customers and this is really not a surprise. They are reading about security catastrophes every day and their organizations are working hard to put the right processes in place. They are being asked to do more with less and they face a multitude of moving parts like people leaving, changes within their organizations and a growing list of things to manage.

Q: Are there any common themes you are seeing?

A: We often see customers’ eyes opened to the seriousness of 3rd party patching threats and we are seeing a real growth in questions surrounding the patching of virtual machines.

Q: Any advice for customers?

A: Become a student of security. Don’t just leave it as a task to check off. Shavlik makes things easy so that you can keep up on the latest things you need to learn.

Q: Tell us a little about yourselves:

Meet Guido Adriaansens:

Guido Adriaansens, Systems Engineer

Guido Adriaansens, Systems Engineer

Guido is a Systems Engineer for Shavlik products covering EMEA and located in Amsterdam, The Netherlands but can regularly be found in our UK based office. Apart from his (obvious) interest in IT, Guido enjoys sailing, playing squash, and coaching his daughter’s field hockey team.

 

 

 

Meet Clifton Slater:

Clifton Slater

Clifton Slater, Sales Engineer

Clifton is a Sales Engineer for Shavlik, specializing in the Shavlik suite of products, located in central New Jersey. Clifton is an avid reader of Sci-Fi and Fantasy and a die-hard Pittsburgh Steelers fan, (originally hailing from Pittsburgh).

 

 

 

Meet Ryan Worlton:

Ryan Worlton, Sales Engineer

Ryan Worlton, Sales Engineer

Ryan is a Sales Engineer for the Shavlik products, serving the Western region of the US. In his personal time, Ryan loves to be in the outdoors, this spring and summer he plans on spending about 30 days (and nights) in the Utah back country.

 

 

 

Meet John Rush:

John Rush, Systems Engineer

John Rush, Systems Engineer

John is a Systems Engineer at Shavlik located in St. Paul, Minnesota. John participated in a webinar covering SCCM, see it here.

Protecting my Mom – New Generation of Attacks Threaten us All

Most days I sit comfortably at my desk behind multiple layers of defenses keeping myself and my machine from harm. I sip my coffee and don’t even think about defending threats from myself, instead most of my energy is focused on how do we push forward in our industry against those armies of darkness that seek to compromise our privacy, security and exploit information for their own cause. This week, was different. In three different cases, I found myself at the center of the attack. It was humbling, and at the same time reminded me of how much work we have to get done.

What scares me the most is the unsuspecting prey that countless hackers stalk?  I’m knowledgeable about what and how hackers try to exploit victims. But I worry about my friends and family members that don’t have that same savvy knowledge. I think about my Mom, using the internet for her banking and the occasional check of Facebook… little does she know she’s in the epicenter of the attacks.

So this Blog is the first of a series of three chronicling my last week. I want to share with you three attacks that happened to me in the hopes that it gives you a flavor for where attacks are coming from nowadays. No longer is it the rogue link to install software or the email bomb that just annoys you.  It’s a whole new world where callers, innocent internet checks, and group emails all lead towards exposure.

MONDAY:  Attack 1 – “Windows Service Center”

Last Thursday, I ended up getting home a bit early from a week of travel.  It was about 4:00 p.m. in the afternoon and the house phone rang. It was just me and my kids at home. My kids range in age from seven to eleven and in most cases, it would have been them to answer the phone, but I happened to be there. I grabbed the phone, looked at the number and saw it was a originating from New York. With family on the East coast, I didn’t think twice about grabbing the phone. After five seconds with no one speaking, I should have just hung up, but I stuck this one out. Then it happened… the attempted hack started.

Access DeniedThe caller identified himself and began, “Hello this is XXXXXX from the Windows Service Center.”  Intrigued, I decided to let him continue. “We have detected you have a computer virus on your machine and we’re here to help fix it.” At this point, my hack-o-meter instantly was pegged and I knew this was a scam, but for fun, I decided to let this play out. I asked, “how do you know I have a virus?”  He responded, “because we have systems that detect these sort of things.”  I asked, “how do you know it is my machine?” He retorted, “because we in America spy on our citizens.”  I had to laugh at this one, to use that approach was fascinating, and more curiously, based on background noise, I firmly believe this call was not originating in the United States. Again, I pushed a little bit harder, “I have two machines in my house, which one is it?”  He then responded, “I’m sure it is all of them, so we’ll fix them both.

If memory serves me right, I was cutting some tops off of strawberry’s at this point in the kitchen and he asked me to go over to my computer. I told him I was in front of my computer at this point even though I was still cutting up strawberry’s. He started off by asking me to go to my control panel in Windows and told me that my Windows Firewall wasn’t active. WOW! I thought to myself, this is an impressive scam!  Sure enough he successfully told me what to click (if I actually was in front of the computer) to navigate to my windows firewall and then told me the instruction to disable it because “bad software had taken it over.” Pretending I did, we continued. I asked him, “Are we done now?”  To which he responded that he’d need access to my machine to make sure. I told him that I didn’t know how to do that and he asked me to go to some website by an IP address. Of course, at this point he began to see through my ruse. I told him I couldn’t get there but asked him what was there and he told me it was something “like a WebEx or online meeting” where he could control my machine.

He pushed really hard to get me there, but after a few more questions from me he started to get VERY mad. Not to mention I had moved onto rinsing some peppers and the water running was likely giving me away too. He told me, “You could be arrested if you don’t eradicate this virus” and even played off the emotional heart-strings, “you are exposing your family to harm.”  Then he crossed a line that I’ve never seen before, “I’m not asking you to go here, I’m telling you that you must” as his voice took on a threatening tone.

At this point, I told him that I needed to speak with a supervisor to validate this was the right thing to do. A man got on the line, didn’t identify himself and when I asked where they were and what company they worked for, you could tell I now was the one trying to go after them.  After I told them how shallow it was to attack innocent people like this, he blurted out a few expletives and mumbled some other inappropriate comments before hanging up.

If I had played his game, I have no doubt that the website I would have gone to likely would have been a way for them to remote control into my computer and more than likely it would have been used to download some Malware onto my machine. Things like key-loggers to capture my every password, my access, and even troll around my machine for some good documents that I might have. No doubt, my machine would have gone from a well-protected one to one that was riddled with Malware with a firewall turned off. All scary realizations for me.

…But could this have turned out differently?

What’s more scary though is I still play this story out with the “what-if” scenarios. What if my son had answered the phone? What if my wife had answered the call? Would they have played along or have gotten off the phone before damage was done? If they had played along, would the call have ended so innocently that they’d not have shared what happened with me? Could they have used my home machines (which don’t have valuable data) as a conduit to my work one, which definitely is more sensitive? The caller had the skills to make themselves sound believable, and the pressure-cooker capabilities of a time-share salesperson. They were well skilled to have seen this be a success.

On the heels of this event, I did everything I could to trace this attack back. It turns out the NY phone number was masked and it was originating from an exchange in India. The IP address website I was asked to access was from China. The call-back information was obviously invalid and I didn’t take the charade far enough to get more data to track them Typing on computerdown. Hindsight being 20/20, I wish I had spun up one of my Malware Virtual Machines to access their website and see what else they did or at least trace the traffic from that event back to a more authoritative location so I could snoop back at them. More than likely they were using the computer of their previous victim, so that likely would have led nowhere, but nonetheless, I came up short on sleuthing this one.

Beyond the attack on me, I went online and began to search for the keywords from this conversation, “Windows Service Center” and a few others. It turns out there were more than a few dozen of these attacks reported, each recounted a story like mine, and in many cases, the victims acknowledged they were successfully exploited as part of this attack.

The Moral of Part One

What’s the moral of this story?  There is no safe phone call and there is no innocent phone call. Unfortunately, it won’t take you long to go online and search and find other scams like this. Just this week we heard of the IRS phone scam defrauding millions from people impersonating the IRS. Some tips for all of us (and my mom) on this one:

  1. If someone calls, unfortunately, don’t trust them and make sure you validate their identity.
  2. Watch for key signs that the call is illegitimate. Ask yourself, does the caller ID number make sense? If it is “Unknown” really question it. If it is from outside of your home country, question it as well.
  3. If they are legitimate, they should be fine with you calling them back. Ask for their number and extension and ring them to validate you have a good number for them. At the same time however, if they give you an out of country number, DON’T CALL IT. This is a different type of scam…
  4. Never put yourself at risk doing something you know is wrong. Your firewall is there for a reason. We write patch-management software for a reason, never let someone ask you to take it down.
  5. If someone asks you to do something suspicious like go to an unverified website… don’t do it.
  6. Never… EVER… let them pressure you with commands or threats to do something you don’t want to.
  7. Call the authorities and email us. This activity is illegal and is a cybercrime. By you reporting it, people like me find out about it and then we go after these criminals.
  8. When in doubt, call/email me before you do anything… and I’m not just talking about emails from my mom… I’ll take emails from anyone on subjects like this.

I wish there was a switch on the wall that I could flip for us all to turn off the darkness.  Unfortunately, there isn’t. In the interim though, we’re here to make it safe for us all as best as we can. Be safe everyone.