A significant increase in suspected internet connection scams has occurred as of late, with NBN Co. receiving over 100 calls a day from members of the public about such scams. NBN Co. is currently in the process of rolling out the $50 billion network.
Calls to NBN’s contact centre have reached 9500 over the last three months, representing a significant increase from 6700 between October 2018 and March 2019. This comes as a sizable portion of the network is being completed ahead of the 2020 ETA. Driving awareness to combat these attacks, NBN Co’s chief security officer addressed the cause for concern by having this to say: “As we close in on the end of the network build, scammers are increasing their efforts to take advantage of the NBN brand as a way to steal people’s personal or financial details and using increasingly sophisticated ways to convince people of their legitimacy”.
What You Need to Know
NBN Co will never make unsolicited calls to seek access to your computer, threaten disconnection, or request personal details
This public awareness campaign will involve NBN Co’s community engagement team, hosting a series of information sessions to help Australians discern, avoid and report scammers. The ACCC has previously warned of social engineering attacks where scammers impersonate NBN Co in calls offering to connect them to the NBN for a low price. In some of these cases, impersonators have tricked users into giving remote access to their computers so that they could steal personal information, install malware and demand payment to fix alleged problems. If you run into someone calling you about the NBN remember this: “As NBN Co is a wholesaler, we will never contact residents or businesses to sell phone or internet services”.
Moreover, NBN Co will never make unsolicited calls or door knock for the purposes of seeking access to a person’s computer, threaten them with disconnection, or request personal details. Despite increasing public awareness, Australians are expected to lose a record amount to scams this year, with the ACCC estimating that projected losses for 2019 will surpass $500 million (an unprecedented figure).”Many people are confident they would never fall for a scam but often it’s this sense of confidence that scammers target,” the ACCC Deputy Chair Delia Rickard states. “People need to update their idea of what a scam is so that we are less vulnerable.”
The ACCC reports that investment scams were among the most sophisticated and convincing, with nearly half of the reported cases this year resulting in financial loss. Particularly, cryptocurrency investment scams are a serious cause for concern, with net losses reaching almost $15 million between January and July this year. This represents a significant increase from $6.1 million lost to the same type of scams last year.
You can report any suspected scams you come across here.
4g Failovers for Network Reliability IT Support Brisbane
When is Network Reliability Important?
For many businesses it is highly important that their internet connection remains online with as few interruptions as possible. These businesses include those who perform most of their business activities online and where these activities must be performed in a timely manner. These are not the only businesses who may require reliability, and if you are wondering whether your business is one of these, simply ask yourself the following question. Are you often frustrated with internet outages and do they impact your work? If so, yours is indeed one of these businesses.
Such network reliability depends on reliable hardware (such as routers) as well as internet connections and service providers. Unfortunately, all service providers have the occasional outage, but luckily network hardware can be used to ‘hedge your bets’ as it were. Using a router with Failover capabilities can improve the availability of your business’s network connection.
High Availability Network Setup
A WAN failover (sometimes termed a 4g failover) is suitable for use when a business has one or more networks which require as little interruption as possible. This feature is available with Network Setup from Key Technologies.
A business may have both a primary and secondary internet connection. This generally uses one traditional copper line or NBN service and a secondary 3g or 4g dongle as a failover, though just about any second internet connection can be used. This secondary (failover) connection comes into use when the first goes down. For example, a business could have a prepaid 4g modem with no ongoing costs plugged into the router on standby mode. Thus, if the primary link goes down the router is triggered to bring up the backup connection. This can take up to 10 seconds, so there may be a brief interruption, but far less than what could alternatively occur. If you would like even less downtime than this, then you may want to ask us about WAN load-balancing routers.
Additionally, with Multi-WAN routers, you can choose when you want to activate the backup or failover service. An example of these options is shown below. You may failover when either:
Any selected WANs are disconnected.
All WAN’s selected are disconnected.
Need Help Setting Up a Reliable Network
Our IT support staff are able to set up networks with high availability, integrity and confidentiality.
Keeping your phone safe online
IT support Brisbane
A vast abundance of information can be found on our phones. Specifically, they hold an inordinate amount of information about ourselves and the way we live our lives. From banking information, location data, eating and shopping habits, correspondence and, with the emergence of smartwear, even our heart rates are accessible on our phones. Some have even compared them to houses based on the detailed information they contain about us. A 2002 study actually found that when people were shown the rooms of other people who they had never met, they could accurately guess the personality traits of that person (all except neuroticism at least).
It begs the question of what a person may figure out about us if they were given access to our phones. For many of us the thought of this may be as scary, if not more so, than that of a stranger seeing the insides of our houses. This is somewhat unsurprising, based on the seemingly endless slew of news headlines highlighting the prevalence of cybercriminals taking peoples’ private information from phones, computers and cloud storage. It is a pretty clear message really, BE SCARED OF WHAT YOUR PHONE COULD DO, but maybe it should be about what your phone could be made to do. Afterall, smartphone safety would probably be a pretty confusing phrase in a world without hackers. This begs the question, how do you make sure your phone isn’t being made to do something you don’t want it to do?
Well firstly, you’ll never be able to make ‘sure’ of this. Any type of computer is made to be somehow accessible, and people are bound to misuse that access in some way. It’s like driving a car, or owning a house; sometimes cars crash, even when driven by the best drivers, and sometimes houses get broken into, despite having good security. Likewise, there is always a small possibility that your phone will be hacked, or data will be stolen. The trick is to minimise that likelihood, and if a piece of information is too sensitive, don’t keep it on your phone. Luckily, our IT support team have provided some pointers on how to keep your phone safe online. The following 5 pointers could save you a lot of trouble down the road, enjoy:
Smartphone Safety Tips from KeyTech IT Support Brisbane
Adjust your privacy and security settings, or at the very least look at and try to remember them. These settings control what “permisions” apps have on your phone, and what information they have access to. Think of this like the doors inside your house, if you have someone inside like a tradie doing renovations, you’re likely to close any doors that lead into rooms you don’t trust them in. You would, however, leave open the doors they need open in order to complete the work you want them to do.
Set your apps to update over Wi-Fi automatically. Apps that are not up to date become more of a risk, the longer they are not updated. Yes, we all get fed up with updates from time to time, but many times app developers will update their app when a security vulnerability is found so that people on the latest version are safe. There is no protection for old versions of software. It’s like changing your locks if your keys and wallet get lost or stolen. You wouldn’t feel safe if someone out there knew where you lived and how to get in, and it really should not be any different with a smartphone.
Whenever the app or service allows it, try to use 2 factor or multi-factor authentication. Basically, this stops people getting into your account by having them enter a code that displays on your phone or having a notification show up on your phone that asks you to verify the log in request. On mobile apps, it is more likely that the verification will be a text message with a code you can then enter into the app. Thus verifying that your it is your phone (or a phone with your phone number) signing in. This is like having a lock and an alarm with a code at the entrance to your house. You not only have to know something (the password or alarm), you need to have something (the key or phone) in order to gain access, and those notifications to verify requests, like alarms, can tip you off that your password could be at risk.
Fun fact, other multi-factor authentication systems can actually go further than this. Some using such features as the pattern of your iris (the colored part of the eye) or facial structure to add a further step of verification. Thus, to access the account, you’d have to know something, have something and be something, making security breaches highly unlikely.
All of our online apps and accounts require passwords, but we all forget these from time to time. We’ve all had to reset a password, generally by sending a link to our email. Just make sure you use a strong password for this email. It should be unique (different from your other passwords), seemingly random (not using easily guessable components like your place of birth, birthday, favourite pet or another well known personal detail), and relatively long (although it is just as good to make it more random and involving special characters, as long as it has around 10 characters minimum).
We’re all human, and naturally we have fallible memories. So if you want to avoid constantly having to reset passwords (and if you’re like me, realising what the old password was because that’s what you tried to set the new one as), using a password manager might be for you. Do bare in mind however that your password manager holds the proverbial “keys to the kingdom” and should be protected accordingly. That means, a long seemingly random password, and 2 factor authentication are good ideas for this. One helpful password manager service that allows 2 factor authentication and helps you create a strong password is called LastPass. I would reccomend it to those who have trouble remembering all their passwords.
IT Support Brisbane: Latest Windows 10 Update Lets You Do More
A lot of the time, from the end-user perspective, windows updates can be a bit of a hassle. Taking time out of your busy schedule to change… something. A lot of the time, however, the computer seems pretty much the same as it was before. Well, this time is a little different if you know what to look for. Here’s an overview from the Key Technologies Brisbane IT support team.
Paste from Cloud Clipboard
Personally, I’ve been waiting for this one for a while. The cloud clipboard allows you to copy and paste text and images between computers. To set it up:
Go to System > Clipboard
Turn on both Clipboard history and Sync across devices
Press CTRL + V to test out the paste
Use emojis from the keyboard
Your favourite emojis from smartphones and social media are moving more and more into the mainstream. In line with this Windows has imported them into their latest Windows 10 release. This makes friendly emails and informal documents a little more fun to write! Simply press Windows + . to use them.
Autosave files as you edit them!
Go to OneDrive > More > Settings. On the AutoSave tab, select Update folders and specify which folders you’d like to automatically sync.
Use the Microsoft UI on Android
If you install the Microsoft Launcher from Google Play, you can have a cool Microsoft style homescreen for your phone.
Customize the mouse pointer
You can now make your pointer bigger or change the colour. Access Windows Settings > Ease of Access > Cursor & pointer.
Make text and other things bigger
Change the text size by going to Settings > Ease of Access > display.
Snip images and take screenshots
The old screenshot keyboard shortcut (Windows + Shift + S) now allows you to snip and copy images and text to the clipboard.
The new-look light theme allows you to switch between colours. Switch to dark mode to make your apps stand out. Go to Settings > Personalisation > Colours to select your colour mode.
Remove pre-installed apps
Reduce the bloat of your system by removing unused apps such as 3D Viewer, Calculator, Groove Music, Mail, Calendar, Movies & TV, Paint 3D, Snip & Sketch, Sticky Notes, and Voice Recorder. To uninstall go to Settings > Apps.
Now you have even more control over updates with the ability to pause for up to seven days. To delay updates, go to Settings > Update & Security.
Microsoft has patched a remote code execution vulnerability in it’s Remote Desktop Services (CVE-2019-0708). This vulnerability can be exploited remotely, does not require authentication and can be used to run malicious code on the victim’s computer.
“A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.“
The advisory includes fixes for Windows 7 and Windows 2008 (see here) which are included in Microsoft’s patch on Tuesday. Additional patches were released for Windows XP and 2003. A further analysis of the patch has been provided by Sophos.
The flaw is considered high risk and ‘wormable’, meaning it can be used to develop self-replicating malware.
Millions of networks have the RDP protocol exposed to the internet so that their machines can be remotely managed. Sometimes this is purposeful, but sometimes it is the result of an oversight or mistake. In both cases, such networks are vulnerable if the machines are not updated.
Due to the vast number of potential targets and the potential for spreading, we suggest that you expect the patch to be reverse engineered by hackers to make ‘worm’ malware. Thus, you should definitely patch ASAP. For more fixes, jump to what can I do?
Because of the potential impact this can have, Microsoft has released patches for systems outside their mainstream support. Since the end of life for Microsoft XP and 2003, Microsoft has released a number of patches to mitigate the most serious vulnerabilities. This is one of them… Another notable case was during the WannaCry ransomware attacks of 2017.
WannaCry was a ransomware attack that affected a huge number of organisations, perhaps most notably the NHS in England. It exploited a flaw in the SMB (Windows Share) protocol and was largely so successful due to the slow rate at which users adopt patches on their systems. You can read more about these attacks in the following articles: Protecting your business from ransomware attacks, and WannaCry Worm causing mayhem.
What to do:
First off, UPDATE! If you can’t update for some reason, you can use these workarounds, or call us to enable them:
1. Enable Network Level Authentication:
This forces a user to authenticate before RDP is exposed to the attacker. Not all affected systems support NLA.
2. Turn of RDP
If RDP isn’t running, the vulnerability can’t be exploited. As obvious as this seems, some organisations are unable to work without RDP, and some are running it without realising it.
3. Block TCP port 3389
Blocking port 3389 (and any other ports you’ve assigned to RDP) at the perimeter will prevent an attack from entering your network but can’t stop an attack from originating inside your network.
IT Support Brisbane | 3 Common Technology Problems and the keys to solving them
It’s no surprise to most of us that small businesses struggle to maintain their IT infrastructure. Though some problems really do require expert intervention to solve, there are some that can be dealt with internally, but rarely do. The following are some of the problems and how to solve them.
Problem 1: Inconsistent or weak email security
Did you know that 92.4% of malware is delivered by email? Not only is it a common vector of attack, but it’s also a successful one too. The same report shows that 30% of those studied open phishing emails, 12% even click the malicious links.
There are two main contributing factors to this issue. As hackers know, email is a very effective way to gain access to your company resources, and many employees aren’t aware of the dangers that posed by email or the precautions that should be taken to mitigate them.
Use 2-factor authentication: This is the easiest measure to take. 2-factor authentication hardens your accounts beyond the usual username and password. It works by having users verify their identity in two ways: something they know (e.g. a username and password) and also something they have (generally a smartphone app). This security method has proven invaluable in preventing hacking attacks (e.g. brute-force attacks). Unfortunately, a recent study found that 2FA is not commonly adopted by businesses. There are many different 2FA options out there, generally you will be provided with a backup method like an SMS, phone call, alternate email, and recovery codes to mitigate the risk of losing your device. This risk seems to be the main reason, along with marginally more effort being put into logging in that holds people back from adopting this, however, you can set up alternate methods so you’re protected, even if you lose your device.
Train emplayees in email best practices: A good starting point might be to show employess this article along with the basics of recognising phishing attacks. However, as the attacks get more sophisticated, so should your employees defences. Monthly memos about phishing attacks can be helpful in making sure your employees are aware of recent attacks and best practices.
Problem 2: Poor IT Vendor Management
According to a Tech Republic Survey, most companies report spending more time managing their IT vendors than two yars ago. This is driven largely by a growing interest in cloud computing, SaaS, and cybersecurity services. IT vendor management is imperetive to enabling you to deliver positive outcomes in IT related fields and control those services.
Secure Administrator Privileges: Administrator accounts can be very useful for performing important tasks on a computer network. They can also be very dangerous to give out unnecessarily on a high value network like a company intranet. If regular staff have access to administrator accounts and privileges, they (and your company) are doubly vulnerable to hacking tactics like Social Engineering.