Charles Wright

A Step Forward in Ending Robocalls

The US House of Representatives recently passed a bill aiming to end robocalls. The “Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act,” or TRACED Act would add some provisions to what the FCC is doing now to prevent this increasing nuisance to Americans. The most notable provision is the addition of authentication software to provide a more effective caller-ID. Telecommunication service providers will be required to add this software to their systems if the bill becomes law.

Some voice service providers are already takings steps to block and alert customers to fraudulent calls on their own. AT&T customers may have noticed recently calls coming through labeled “Fraud Risk” and “Telemarketer.” The company is also blocking calls completely that are known to coming from a scam source. All four major wireless carriers provide some sort of call blocking feature. Some are free, while others come with an additional fee.

Americans received 5.7 billion robocalls in October, a new record reported by YouMail. The new all-time record shows robocalls are still a increasing problem.

Tips for avoiding Robocalls:

Don’t answer calls from unknown or blocked numbers.

Scammers can choose from a list of phone numbers to be displayed when they call you using VoIP, so many robocalls will appear as if they are coming from your local area code.

If you answer a robocall by mistake, do not answer “yes” or push any numbers when asked to. This lets the scammer know your number is real, and then can sell your number to other scammers.

Never give any personal information, bank account, social security number, passwords, or other identifying information to a call you receive.

If the caller says they are from a company you do business with like your bank, hang up and call that business back from the information you have from them.

To block legitimate telemarketer calls, register for the National Do Not Call list. This will not stop scammers, but reputable companies selling products adhere to this list.

Quanexus IT Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business, Telephone Systems

Hackers Demand $14M in Healthcare Industry Ransomware Attack

A Wisconsin based IT company, Virtual Care Provider Inc., was attacked by ransomware affecting the data of 110 nursing homes nationwide. The hackers encrypted cloud data of patient records, putting some facilities in danger of closing.

The computers were infected with Ryuk malware, a particularly nasty ransomware that has been seen by government organizations and other high valued targets this year. Hackers demanded large amounts of Bitcoin to return the data. These hackers usually get into the system with phishing campaigns, convincing a user to click on a link in an email or enter a user name and password on a fake website.

This attack compromised virtually all of the nursing facilities’ data including internet access, billing, payroll, phones, email, and access to client records. Some facilities are not able to order drugs for patients, others are not able to bill Medicaid, still others are not able to pay their employees. If data is not recovered soon, some nursing facilities will have to close as a result of the attack.

The IT company responsible for the data may also go out of business. They are saying publicly that they cannot pay the $14 million demanded by the criminals.

There is a pattern forming as healthcare facilities get attacked more regularly. A hospital in France was hit by ransomware that knocked its computer systems offline, causing “very long delays in care” and forcing staff to resort to pen and paper. In September a small clinic in California announced it would close by the end of the year, because it was not able to recover from a ransomware attack.

Companies are often compromised for months or even years before the criminals can figure out what data is critical, and what they should encrypt for a ransom. In this case it appears Virtual Care Provider Inc. was infected by the malware numerous times over the past year and did not catch the intrusion.

What this means for your business:

Many of these attacks start with a phishing campaign. Continue to educate users on what they should and should not click on while on a work computer. Users are your first line of defense against attacks.

Companies outsource their IT services because of the complexity and ever-changing nature of the industry. If you outsource your IT services, research the company thoroughly before making a decision. In this case it appears the attack could have been prevented by the IT company if it would have been caught.

Quanexus is the only IT Services business in Southwest Ohio to achieve the CompTIA Security Trustmark+ Certification. Earning a Security Trustmark+ badge means we have demonstrated a commitment and adherence to IT industry best practices.

At Quanexus we secure data using a layered security approach. We call it our Q-Stack. Click HERE to watch a video of Jack explaining the Q-Stack.

Quanexus IT Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Physical Security, Small Business, Virtualization, Wireless

The Next Generation of Phishing, Laser Phishing

Criminals are changing the way they use phishing campaigns, targeting upper management and CEOs. Microsoft is warning users of an increase in “laser phishing”, or “spear phishing” attacks. Microsoft data shows traffic associated with phishing campaigns doubled year over year in September.

A spear phishing attack targets a specific person. This person receives messages from someone they purportedly know or are familiar with. Typically, the email will look like it is coming from this person’s boss or someone even higher up in the company they are working for. A spear phishing attack takes much more time and effort on the part of the criminal to find out everything they can about the person they are attacking. Criminals are using social media to find out things this person is interested in, place of employment, friends, and travel.

This is a big change from phishing attacks we are used to seeing. A normal phishing attack sends out a more generic email to many users often trying to get them to click on a link in an email, or enter a username and password, like your Amazon account information for instance. We talked about this example in our Social Engineering video you can see HERE.

There have been reports of employees in the financial department of a company receiving emails from the CFO or CEO telling them to transfer money to a specific account for an urgent deal they are making. This new form of phishing cost US businesses over a billion dollars in 2018.

What this means for your business:

Educate your users on this new form of phishing. Public facing users are more susceptible like HR recruiters, customer service, and even some admin roles. Your users can be your biggest asset against attacks, or your biggest liability.

Be aware of what personal information you have on social media. Is there anything on there you wouldn’t want a potential scammer to see? Double check your privacy settings and make sure they are set to a level you are comfortable with.

Use smart passwords and two-factor authentication where possible. Don’t use the same password over and over. There are secure password managers that can help manage passwords and keep accounts secure. Microsoft found that using two-factor authentication blocks 99.9% of automated attacks.

Keep your systems patched and updated. When software companies find tactics being used by criminals, they update the software to block some of these attacks. If you are not updating your systems on a regular basis, you are leaving yourself open to known hacking methods.

Do not click links in emails. If there is any question the email could be fake, go straight to the source instead of clicking the link.

Quanexus IT Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Physical Security, Recent Posts, Small Business

Microsoft Experienced Two Large Outages Last Week

Microsoft 365 users experienced outages across the U.S., Australia and Asia Tuesday evening. Microsoft released an update Tuesday that knocked out Microsoft Teams, Exchange Online, SharePoint Online, Yammer, and Skype for Business for a couple of hours. They reverted the update fixing the problem, but then appear to have released the update again Thursday and created similar issues.

On Thursday the website Down Detector started seeing Microsoft outages around 8:30 am. Users were not able to access SharePoint Online and OneDrive for business all day in some cases. Microsoft says they pushed a network update that inadvertently took these tools offline for users. They were able to fix the problem, but not until 1 am Friday morning, leaving some users without business tools all day Thursday.

What does this mean for your business?

It’s important to have a quality backup system in place like we talk about in our Q-Stack. The goal of every backup is to make sure you can access your data. Computers can experience hardware or software issues. These issues can occur locally, or remotely like we see here with the Microsoft outage. Our job at Quanexus is to create backup solutions with the minimum downtime possible, so you can get back to business as usual. Every backup solution is custom fit to our customer’s need and price point. Contact us today if you have questions about your current backup solution and what you could do to improve it.

Quanexus Computer IT Support Services in Dayton and Cincinnati, Ohio

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Physical Security, Recent Posts