TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

10 Most Important CyberAttacks Of The Last Decade

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

The only way to keep history from repeating itself is to learn from the mistakes of the past. The following is a list of the most significant cyberyattacks from the last decade, as compiled by TechTarget:

Yahoo – 2013
With the unfortunate legacy of being the largest breach in the history of the internet, all three billion Yahoo accounts were compromised. The organization took 3 years to notify the public of the breach and that every account’s name, email address, password, birthdate, phone numbers, and security answers had been sold on the dark web.

Equifax – 2017
Probably the most damaging attack occurred just 3 years ago with the hack of Equifax. The hackers were successful in gaining access to 143 million Equifax customers and information vital to the lives of all. [Read more…] about 10 Most Important CyberAttacks Of The Last Decade

Microsoft Starts Forcing November 2019 Update On Users

Jason Cooley is Support Services Manager for Tech Experts.

The Windows 10 November 2019 update (also known as Version 1909) is live and many users have moved to Microsoft’s latest feature update.

As an IT professional here at Tech Experts, it seems like these feature updates happen one right after another.

Although this is not the case as Microsoft only releases feature updates twice a year, the issues we encounter during each feature update’s life cycle make it seem that way. The only notable updates between these feature updates are ones that may fix an issue, which may or may not have been caused by the last feature update.

So what are updates like for someone who is not one of the Tech Experts?

As a user, you may or may not notice updates a lot more frequently, but those are smaller updates and may not fix anything at all. There are regular security updates made during each cycle, updates to Microsoft applications, important system files, drivers, and numerous other things.

The larger ‘feature updates’, while not intending to do so, are the most likely to cause system issues. Many users who are more tech savvy avoid installing these until they are certain it is stable. In some cases, users will try to avoid installing them at all.

Many people live under the “if it isn’t broke, don’t fix it” mentality. Minus security updates, I can see a strong case for this line of thinking.

For years, many users (myself included) could selectively manage their updates. I could avoid installing many updates and keep installing only security updates.

While there is still some ability to manage updates in Windows 10, it is also more limited. One way Windows 10 has made managing updates easier for everyday users is by having the option to pause updates altogether. There is even an option specifically allowing you to stop those feature updates, which is great if your system is running well and you don’t want to cause any issues.

There are also times where you may have a specific piece of software that is not compatible with the newest feature update and you need to avoid software incompatibility. That is when you are probably most grateful for the pause feature updates option.

Well, the time has come for Microsoft to go against your choices and decide that it knows what is best for you!

The November 2019 update is being pushed out to users, whether you want it or not. While it sounds deceitful, there is – as always with Microsoft – more to it.

Users who are currently on Version 1809, which is now two versions behind, are being pushed to the November update. There are new security updates for Version 1909, and they cannot be applied to 1809.

Microsoft is taking this precaution to make sure users stay protected. In the past, Microsoft typically reserved forced rollouts for Windows Home version, but these forced updates will also apply to all computers running Windows 10 Professional.

If you are on Version 1809 and want to avoid being updated to 1909, you may be able to delay the process by manually moving to Version 1903 instead. Just remember, Microsoft is prioritizing your security, not comfort.

Why Is Ryuk The Most Dangerous Ransomware?

Ryuk is one of the most prevalent ransomware variants in the threat landscape, with infections doubling from the second to the third quarter in 2019.

Ransomware infections continue to increase in tandem with overall impact and monetary demands.

Furthermore, Ryuk’s ability to delete shadow copies and backups makes Ryuk extremely costly and almost impossible to remediate.

For instance, Ryuk operators demanded nearly $600,000 from one government agency after successfully encrypting nearly all files on the network.

Ryuk uses encryption to block access to a system, device, or file until a ransom is paid. It is often dropped on a system by other malware (e.g., TrickBot) or delivered by cyber threat actors (CTAs) after gaining access to the system through compromising Remote Desktop Services.

Once on a system, CTAs deploy Ryuk through the network using PowerShell, PsExec, or Group Policy, with aim to infect as many systems as possible. The number of infected systems depends upon how the malware is deployed as well as the CTA’s access and privileges.

This may be a local subnet, the list of computers in active directory, or the entire organization depending on the variability and process specific nature of spreading the malware.

Once the malware is pushed out to the network, it targets backups and begins the encryption process.

Researchers have observed an increase in Emotet or TrickBot infections leading to a Ryuk infection.

For example, TrickBot disabled the organization’s endpoint antivirus application and spread throughout the network, infecting hundreds of endpoints and multiple servers.

Since TrickBot is a banking trojan, it likely harvested and exfiltrated financial and other sensitive information prior to deploying Ryuk.

Once Ryuk is deployed network-wide, the CTAs encrypted the organization’s data and backups, and left ransom notes on the machines.

Ryuk ransom notes once contained a message and a ransom amount, but have since evolved over time.

Throughout most of 2019, the ransom note did not list a ransom amount and only contained a message and email address. However, now Ryuk ransom notes are very simplistic, with no price or message, only containing an email address, the ransomware’s name, and the statement “balance of shadow universe.”

The CTAs demands payment via Bitcoin cryptocurrency and direct victims to deposit the ransom into specific Bitcoin wallets.

The ransom demand is typically between $100,000-$600,000, which as of 12/19/19 is 14-84 Bitcoins. Notably the ransom demand is determined by the organizations’ assessed ability to pay and the sensitivity of the data affected.

It is highly likely the CTAs account for characteristics like industry, solvency, subscription to cyber insurance, and network saturation when calculating ransom demands. Furthermore, the CTAs have been known to negotiate with victims and adjust the initial ransom amount.

Ryuk’s main infection method is to be dropped on a system by other malware. The file will have a five-letter random name that is usually generated by the srand1 and GetTickCount2 functions.

Persistence
Once executed, the main payload attempts to stop antivirus related processes and services. It uses a preconfigured list to kill more than 40 specific processes and 180 services with taskkill and net stop commands.

This preconfigured list includes antivirus processes, databases, backups, and document editing software. Additionally, the main payload establishes persistence in the registry and injects malicious payloads into several running processes.

To increase persistence, Ryuk makes changes to the registry allowing it to run the payload every time the user logs on.

Ryuk’s anti-recovery techniques are more extensive and sophisticated than most types of ransomware, making recovery almost impossible without restoring from clean external offline backups.

Ryuk’s process injection allows the malware to gain access to the volume shadow service and delete all shadow copies, including those used by third-party applications.

Encryption
Ryuk uses unbreakable RSA and AES encryption algorithms with three keys. The CTAs use a private global RSA key as their base encryption model. The second RSA key is delivered to the system via the main payload and is encrypted with the CTA’s private global RSA key.

Once the malware is ready for encryption, the final key is created in their three-key encryption model.

Ryuk scans the infected systems and encrypts almost every file, directory, drive, network share, and network resource.

Ryuk attempts to encrypt all mounted network drives. As long as the drives are not CD-ROM types, the files will be encrypted.

Finally, once the malware is finished with the encryption process, it will create the ransom note, “RyukReadMe.txt”, placing it in every folder on the system.

What Are The Advantages Of Office 2019?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

As an IT service company, we get asked this question almost every day. Now that it’s available, everyone wants to know what Office 2019 is all about. Office 2019 provides a subset of features that Microsoft has been adding to Office 365 over the past three years.

Office 2019 is a local version of Office software, rather than cloud-based. It’s a perpetual release, meaning that you purchase the product once and own it forever instead of paying for a subscription or subscriptions to use it.

Who Will Benefit From Using Office 2019?

Although anyone can purchase Office 2019, this version has been designed for business users. It comes with volume licensing and is best for companies that don’t want to use the cloud-based version of Office. You can also install the Office 2019 app on all your mobile devices, where you’ll have access to its basic features. [Read more…] about What Are The Advantages Of Office 2019?

Microsoft Contractors Listening To Recordings Made Via Skype Or Cortana

Jason Cooley is Support Services Manager for Tech Experts.

For years, Skype has been a big part of computer users’ experiences regardless of operating system. Whether voice calls, messaging, or video, Skype has a huge share of the user pool. Many Android users use Skype for video chatting in lieu of Apple’s popular Facetime app. It’s also popular among those contacting relatives or friends around the globe.

Skype even introduced an auto translate feature last year. The feature allows for translation between languages in (nearly) real time. Skype has made connecting with people easier than ever, no matter where they are from or their language.

Skype’s translate feature has been praised and for good reason. It is quite impressive that there is an application capable of translating so quickly, allowing people that don’t speak the same language to have a nearly flawless conversation. Of course, with software capable of such amazing things, it’s guaranteed that improvements will constantly be in the works so that it can reach its full potential.

Skype’s translator FAQ does state that calls are collected for data analysis, but that’s vague and may not raise any alarms.

What if I told you that some of those calls were being recorded? Not only that, but they are also being listened to in some cases.

With Skype, the data discovered shows that MOST of the Skype recordings gathered and reviewed are recordings using the translator. Again – that is MOST, not all. These calls contained all kinds of personal information: relationships being discussed, intimate conversations, arguments, you name it.

Skype claims that the information was gathered and listened to only to help improve the product. However, the problem will always go back to the fact that this information was not disclosed.

In fact, many people would say Skype was dishonest in the way that the privacy information was portrayed. Microsoft, who owns Skype, of course states that they only collected voice recordings with customer permission. Micro­soft also ensures that the data is treated as confidential information, but humans are still listening to personal conversations. The confidentiality of that seems suspect.

Then there is Cortana, Windows’ built-in digital assistance. Cortana can search for you, using voice commands. Much like more well-publicized assistants (such as Amazon’s Alexa), Cortana can help you by pulling up search results, maps, or other information you may need. Of course, Cortana also can remember some of your information for you.

So let’s think about Cortana being used in the real world. Asking Cortana about that embarrassing rash? Punching in your home address? Someone might be listening to that too.

The stance on the Skype calls (even though not ALL calls listened to were made with translator) is that Microsoft is collecting data for the purpose of improving its translator feature – so what about Cortana? Is listening to a person’s voice searches really improving any sort of programming?

Possibly, but that sort of testing could be done without the use of private recordings.

Five Benefits Of Virtualization For Small Businesses

Virtualization offers real and attainable multi-faceted advantages for small businesses. Here are some tangible benefits:

Low operating costs

A growing number of businesses are using virtualization because the technology helps reduce costs drastically.

For instance, server virtualization eliminates the need to have physical servers, which are typically costly to run and maintain. In addition, instead of purchasing separate licenses for each server, you would only purchase one license and host additional servers at no extra cost (some limitations and exceptions may apply). With fewer physical servers, you also save money on power bills, maintenance fees and data center office space and fees.

Increased efficiency

Server virtualization makes more efficient use of computing resources; it becomes possible to increase the utilization of your servers from 15 to 80 percent, eliminating the need for extra servers.

You essentially consolidate multiple physical servers onto one machine running a number of virtual servers. As such, you would cut your capital expenses.

Improved business continuity

Server hardware failure is the most common cause of data center failure. In a virtual server, live migration is a feature that helps maintain business continuity by eliminating downtime.

Faster deployment

Virtual devices allow faster installations of new server applications and/or routers as well as to switch software services, since you don’t have to order equipment.

Instead, all you need to do is configure a new virtual machine, router, switch or storage drive using your special virtualization management software tool. The process typically involves copying an image, significantly reducing setup, configuration and recovery times.

Improved disaster recovery

Backing up virtual infrastructure normally entails making copies of virtual machine file images – an easier process than working with different physical servers.

In addition, hosting virtual infrastructure doesn’t require much equipment, so companies can buy multiple servers and house them in different locations. This makes backups redundant and disaster recovery quick for higher uptime.

Administrators can seamlessly move live virtual machines between physical server hosts without turning them off and without downtime.

Tax Benefits You Should Reap Before The Year Ends

There are important tax benefits you can only gain by acting before December runs out. Preparing for taxes at the end of the year also puts you ahead of the game, eliminating the last-minute scramble to decipher receipts and new forms, so you can be calm and collected when tax season actually hits.

Perhaps the most important tax benefit small businesses should be aware of is that purchases like IT hardware or computer software that is purchased off the shelf are tax-deductible. Such capital purchases, however, must be dealt with before the new year, or they can no longer be used on your tax return. New special provisions dictate the cost of such equipment must be deducted within the year they were put into service, so you can’t afford to wait until the fiscal year ends and miss the narrow window for this tax benefit opportunity.

Small businesses should also be aware that many tax benefits are dependent on whether your activities are profitable or not. This is because the amount you can deduct for technological purchases changes according to your business’ total taxable income.

Be sure to reference Section 179 rules if you are showing a profit and Section 168 rules if you are in the red. You may even choose to consider if it is in your business’ best interest to be profitable at all, and adjust your inner workings to reflect your best tax advantage.

When making deductions for tech hardware and software purchased this year, make sure your record keeping is first rate. Keep all paper¬work that identifies the equipment, receipt for purchase, and anything that can point to when you actually put the equipment into service.

If necessary, you can then provide copies of that paperwork to the tax agency in the event that there is a question about your deduction. Before filing, if there is any doubt about whether a particular purchase is eligible for a tax deduction, consult with your tax adviser to be sure the necessary points have been met.

What’s The Best Way To Scan Old Prints And Negatives?

If you have old prints and you would like to share them with your family and friends you can choose from the alternatives listed below:

Flatbed Scanners
A flatbed photo scanner is a great option if you have a large number of photos rather than negatives. Your budget will pretty much determine the quality of those pictures if your intent is to print large-size photos.

However, if you intend to share those with family and friends over your social network sites, you may be ok with a low-cost scanner. Remember that scanning is time consuming, you will have to feed each individual print into the scanner and process the image, which might take weeks depending on how large your collection is.

Negative Scanner
If you would like to scan negatives only, you may be interested in acquiring a negative scanner. Negative scanners are meant to convert film into digital images in the most dedicated way possible. It will not only generate more accurate scans of your negatives, their software will speed up the process. Some scanners offer the comfortable feature of batch scanning, automating
the scanning of multiple 35mm films in a row, in as little as one minute.

Scanning Services
If you find that scanning your photos or films is very time consuming, you may want to try scanning
services that will do the work for you. These services are becoming quite popular. This can be a cost-effective solution for small jobs but may get expensive for larger jobs with higher quality requirements. It is best to research several options.

How To Protect Your Business From Phishing And Spearphishing

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

One of the best ways to protect your business against these types of attacks is by educating your employees on the methods these criminals exploit to gain access to your employees and your sensitive information. But beyond that, there are some methods you can use in conjunction with education to help protect your business.

Pre-delivery
Using filters can help prevent malicious emails from reaching your employees’ inbox and is effective for preventing indiscriminate attacks but not targeted ones.

More useful, however, are solutions that not only filter emails before reaching the inbox but incorporating virus scanners, real-time intent analysis, reputation checks, URL checkers, and other assessments before any email reaching your employee. We have an offering that can help you prevent an attack before it even starts. [Read more…] about How To Protect Your Business From Phishing And Spearphishing

Windows Core OS: The Future of Windows

Jason Cooley is Support Services Manager for Tech Experts.

Microsoft Windows has been the leading PC OS for as long as I can remember. There have been many different versions through the years.

There have been favorites like Windows 3.1, XP, and Windows 7 – and less well-received versions, like ME (Millennium Edition) and Vista.

Windows tried a new approach with Windows 8, something they envisioned would take over mobile device platforms, and designed an OS that would be similar across many devices.

This never truly came to be as Windows 8 was generally not well received, and the mobile version wasn’t exactly a hit either.

Enter Windows 10. While there are problems from a technical standpoint, Windows 10 (as it currently stands) is a pretty user-friendly OS and continues to make improvements and security enhancements with the user in mind. Windows 10 spans many devices.

Smart TVs, cell phones, laptops, desktops, tablets, Microsoft’s Xbox One, and so many other devices have a version of Windows 10.

I stress the fact that these devices have a version of Windows 10 for a reason. These operating systems look and function very similarly, but each is a uniquely programmed version of Windows 10. Essentially, each device type has a custom operating system developed to look and run like Windows 10.

These operating systems are fine-tuned for the type of device they are running on. You wouldn’t have a great experience using Windows 10 for desktops on a cell phone. It would be much too resource-intensive and create a real battery use issue.

So what is Windows Core OS?

Windows Core OS is a new project underway by Microsoft. Windows Core OS would create a base version of Windows that could be installed on any type of device. This is great for users and developers alike.

While it will be a long time before Core OS is available, Microsoft is already using it for testing their new Hololens and other devices they’re currently showcasing. It is also a huge part of the development for operating systems that will thrive on foldable devices and mobile devices with more than one screen.

Currently, when a new type of device comes out, like a foldable screen phone, an all-new version of Windows 10 is written specifically for the phone.

It’s programmed from the ground up and works around the device specifications and limitations to create the closest thing to a normal Windows 10 experience as possible.

While many users who use Windows 10 on multiple platforms may not notice many differences, each version requires a lot of work and each device gets a lot of attention.

Windows Core OS would change everything. Microsoft is developing Core OS to be buildable and scalable.

It would allow for a base version of Windows that would run on any device.

Whenever devices are launched with new capabilities, features can be added instead of creating an entirely new operating system. This lightweight operating system will be used on every kind of device you could think of in the not too distant future and – sooner than you think – it will also be running on a lot of devices that you probably couldn’t dream of.