Category Archives: Security

Loading
loading..

Top 6 Ransomware Defense Strategies

June 5, 2018
Web Admin
, , ,
No Comments

TOP 6 RANSOMWARE DEFENSE STRATEGIES

  1. Train your Users and Test their Knowledge
    Since ransomware infections often come through links and attachments inside emails, or from a website
    or web application, train your users how to recognize phishing attacks and suspicious links and
    attachments. Training is only part of the story. Admins must also make sure to regularly test their users
    with simulated phishing attacks to ensure that your users have been properly conditioned to resist these
    attacks.
  2. Monitor your Network
    Diligently monitor your network by analyzing your logs, clearing out alerts, and processing potential
    threat feeds. If the infection is detected quickly and the workstation is disabled immediately, you can
    recover the data within 24 hours, and often in as quickly as five minutes. Organizations should constantly
    update the operating system and other software on their systems with the latest patches. Unpatched
    vulnerabilities in operating systems and software are a common entry point for malware.
  3. Maintain Robust Backup and Disaster Recovery
    The ultimate safety net for ransomware defense is a robust data protection and disaster recovery
    solution. Implement a backup strategy that fully supports organizations with multiple types of data, files,
    and systems to protect. Not all solutions are created equal, but enterprise-grade backup and disaster
    recovery solutions preserve a complete version history, which is crucial to being able to recover from any
    attack. 
  4. Commercial Grade Anti-Virus Protection
    The best way to steer clear of viruses and malware is to use an industry-leading anti-virus software
    solution. There are many types out there, and they don’t have to break the bank, but having a superior
    level of defense will go a long way. On your anti-virus software, enable the auto update, auto-protect, and
    personal firewall features to ensure you always have protection in the background that is continually
    updated.
  5. Lock Down Suspicious Email Attachments
    Organizations may also want to install advanced email spam filtering which will block email messages
    with attachments from suspicious sources. Admins can filter executable attachments in emails based on
    the file extensions (e.g., block emails sent with “.EXE” attachments). Admins should also disable macros
    embedded within attachments and re-enable the display to full file extensions which makes it way easier
    to spot suspicious files
  6. Have an Incident Response Plan
    How you’ve prepared will determine how quickly you are able to restore your company’s data and get
    systems functioning again. This starts with a well-designed plan that is understood by the entire team.
    Practice executing the plan to ensure you are able to get systems back online in the expected timeframe.
    The practice will also give your team the confidence to perform flawlessly when the need arises.

We have seen many examples of companies that have been infected by Ransomware and some that have lost all of their data, and a few that have been able to recover.  Those that recovered were lucky enough to have had a unattached backup copy somewhere.  It was a stale backup and 6 months old, but it was something.  A better answer to it would have been to adhered to the 6 defense strategies.

If you are in need of help getting your strategies in line, please give us a call at 702.430.1849.  You can also contact us by clicking here!

people clapping

Malwarebytes Gartner Visionary

February 12, 2018
Web Admin
, , ,
No Comments

Malwarebytes recognized by Gartner as Visionary

Congrats to our Partner and friend Malwarebytes for being recognized by Gartner as a visionary in the world of antivirus and malware protection.  We of course, have known about the vision for many many years and really appreciate the protection that that vision provides our clients.  We work hand and hand on a daily basis to bring the very best of antivirus and malware protection to our client.  Malwarebytes is a major part of our arsenal.

DOWNLOAD OFFICIAL REPORT

 

40 percent

Traditional Antivirus Fails 40%

October 26, 2017
Web Admin
No Comments

New Research

Research provided to us by our partner and leading next-gen cybersecurity expert Malwarebytes, tells us that traditional AV vendors are missing the 40 percent of the time.  The detection’s seen on 10 million PCs, servers, and other devices, had one of the 4 top AV vendors software installed.  These statistic should be alarming to all of us.

The statistics from the study show us that relying solely on traditional vendors and methods of protecting your company’s network environment are not enough.  Malwarebytes endpoint protection is a premier expert at identifying, detecting, and re-mediating network devices from corporate networks.  It uses the latest in advanced heuristic and signature-less techniques to prevent damage before it occurs.

Partnering with the leading experts and consultants in the world is what Covered Data brings to the table when you talk with us about your solution needs.  In the world of cyber-security, our hands down choice is Malwarebytes.  Contact us to have a free no commitment discussion about this post or other security and networking requirements.

We look forward to hearing from you.

Scott
CEO, Managing Partner
702.430.1849
scott@covereddata.com

security image

End Point vs. Cloud Firewall

August 4, 2017
Web Admin
, ,
No Comments

Why Choose a Endpoint Server based Firewall

As users of the WordPress platform for running your web server, you are fully aware that your choice’s are numerous, with some better than others.  This is also the case when trying to decide what type of firewall to protect our assets with.  For the most part, your choices fall into two categories; 1.  Server Based (endpoint) (Wordfence, All In One WP Security&Firewall) 2. Cloud based (Cloud Fare)

Both have some attractive features, but the Covered Data recommendation is that you seriously consider the use of a server based endpoint firewall such as Wordfence.  This version runs directly on your server and is directly protecting your website.  So, whether or not the Bad Guy is attacking the IP address or the domain name, you have protection.  With a cloud based system your attacker doesn’t have to attack the name (http://www.mywebsite.com), but can just attack the actual IP address that this name is assigned to or your server address on the internet.  This is an inherent flaw in the cloud based systems.

There are many other features of the wordfence firewall, such as deep integration with user level permissions, integration with .htaccess files, etc.  The interface is easy, and in its default install does a wonderful job of providing protection of your websites.  The more advanced features can get confusing, but in some cases are a huge benefit.  Using the advanced features is something that you can contact Covered Data about.  We can setup, monitor, and manage that part of the firewall for you at incredibly low monthly rates (no contract).

We have been involved in installing wordpress sites, wordpress firewalls, and recovering websites, for many years and would love to work for you.  Give us a call.

 

Malwarebytes Partnership Announcement

July 28, 2017
Web Admin
, , ,
No Comments

Malwarebytes Partnership Silver Partner logo

 

Covered Data is proud to announce that we are officially partnered with Malwarebytes, the leader in endpoint security protection.  We have used the Malwarebytes software for many years and are ecstatic at the opportunity to work with the experts at Malwarebytes.com in a larger way.  Our engineers and trained sales staff are at your disposable to help you design and implement the Malwarebytes multi-layer approach to security.  With the new release of Malwarebytes Endpoint Protection, you can finally within one install and one management console, cover 7 critical layers to security.
Contact us for a free trial.

[embedyt] https://www.youtube.com/watch?v=x5nNUXjRQro[/embedyt]

For more in depth description of the End Point Protection watch this video.

cyber security image

Fireball Adware – How to protect yourself

June 2, 2017
Web Admin
, , ,
No Comments

Malware Protection

The latest adware and malware on the market is what looks like a Chinese product called “Fireball” and has infected about 250 million browsers or 20 percent of the corporate networks around the world.  Several computer security companies have classified the infection as malware, but according to a Chinese digital marketing firm it is a research tool.

The danger is that it is exposing a great deal of your privacy information along with installing other unwanted plugins to your browsers.  It is all in an effort to boost advertising payments for the companies involved in releasing it.  For you, it is a dangerous software and allows others to gather information about you without you knowing.

From an overall security aspect, it is really dangerous and you or your IT department should find a way to protect you from it.  One very strong and prominent, but easy tool is from a company called Malwarebytes.  They have been around a long time and cleared millions of infected computers of malware.  We use them exclusively here at Covered Data.  If you are interested in a free trial of the latest release, please let us know.  We will send you a download link and the 30 day keys, with only a follow email from us about your thoughts on it.

Stay safe.

sb

Your Name (required)

logo light

Malwarebytes 3.0 Defeats Ransomware

May 12, 2017
Web Admin
, ,
No Comments

Malwarebytes 3.0

We are sure you have heard about the latest Ransomware attacks that hit a record number of computers and servers, across a wide number of industries in Europe.  Rest assured, there were several in the United States as well.  Also, we expect that there will be more across the country, and many that we never hear about.

malwarebytes dark logoAre your PCs and Servers, mobile devices, and critical platforms protected?  It is critical to safety to take the necessary steps to secure your technology environment.  We are advising all of our clients that the first thing they need to do is make sure your computers are running Premium version of Malwarebytes 3.0.  The premium version of Mawarebytes easily defeats the recent attack that has taken over 90 thousand hospitals, hotels, point of sale systems, and more.

It does this by using the latest forensic and modern effective scan engine, software algorithms, and updated signature files on the market.  malwarebytes 3.0 went live with a completely new rewrite that was release to the public 6 months ago.  It uses the latest in computers security and incorporates the best of the best computer security from the ground up.

Contact us for a free trial of Malwarebytes 3.0.  Hands down the best malware protection software on the market. 

under attack image

WordPress – Covered Data repel attacks

January 17, 2017
Web Admin
, ,
No Comments

Covered Data recently came under attack from sources across the internet and we wanted to share our experience.

The concentrated and focused attacked started on January 11th 2017 at 9:21:46 pm local time. The attack and search for vulnerabilities continued for just about 2 hours, ending shortly after 11:07:33 pm local.

Covered Data partners with the best web application firewall (WAF) known in the industry and our partner software is currently protecting millions of WordPress websites world wide.

To help address the wider concerns about internet attacks we are offering a free update service and vulnerability assessment to anyone.  We will update your site for free and provide recommendations for any further issues we might find that need to be addressed.  For those not based on WordPress, we will address your vulnerabilities and provide assistance in updating your software and make recommendation that should help you repel future attacks.  For those based on a WordPress infrastructure, we will update core files and plugins and share solutions that have protected our sites.

Are you protected?

We have included screen shots of the alerts we received during our attack.  We do this to collaborate and share our experience.  Our ultimate goal is protecting as many sites as we can.  If your organization is using a WordPress, contact us about this free service. This free update service will go a long way to your site being protected and you being able to sleep again.

Contact us.  We will help.

Sincerely,

Scott A. Barbour, CEO

The below information is a snapshot of a much longer attempt by the attackers to penetrate our sites.

We successfully repelled 100% of the attacks thanks.

attack 1 attack 2 attack 4 attack 5 attack 6 attack 7

 

 

cd alert picture

Username Harvesting WP 4.7

December 12, 2016
Web Admin
, , ,
No Comments

We received a security alert this morning from our Web Application Firewall provider that addresses a vulnerability in WordPress that if exploited about will reveal the username and admin usernames on the system.

SUMMARY:

With the release of WordPress 4.7 a vulnerability now exists that all users should take immediate action to remediate.  While the update to 4.7 is a good thing and fixes several existing security issue, it also adds the REST API functionality to WordPress.  Again, this is a good thing, but does create a hackers ability to do the following:

http://example.com/wp-json/wp/v2/users

This will list all users that have published a post. It includes that user’s userid, username, gravatar hash and website URL.  This functionality either needs to be turned off completely or it is our recommendation, configure the firewall to prevent anonymous access and maintain the desired functionality of a the REST API.  Obviously this isn’t information that you want a hacker to have access to as it is half the battle with gaining unauthorized access.

REMEDIAL ACTIONS:

Our security team is recommending that all users upgraded to 4.7 and have our premium version of our WAF installed and configured immediately.  This will prevent hackers from using this functionality and gaining unauthorized access to your systems.

TO BE CLEAR:  All WordPress websites that are updated to the current version are vulnerable to this attack unless steps are taken.  Please contact us for a solution that will protect your site and increase your overall security profile.

Scott Barbour – Covered Data Founder/CEO

Layout mode
Predefined Skins
Patterns Background
Images Background