Encryption

End of Road for McAfee Email Security SolutionsAs many McAfee security products slide into end-of-life, we take a look at how it could affect end-users, MSPs and resellers.

Forgive us for being forward, here, but if you didn’t read our last post on the McAfee security products that have entered, or are entering, end-of-life (EOL), you probably need to.

Just to recap, many McAfee EOL products simply don’t have a like-for-like migration path, according to McAfee’s own EOL support pages. In fact, many of them apparently don’t have a migration path at all, and those that do have a distinctly oblique one, involving renamed products and (presumably more expensive) updates.

So if you’re a McAfee end-user, are you worried? If you’re a McAfee MSP or reseller, should you be worried, too?

Worry is never helpful – so here are the plain facts about the McAfee EOL products and how their withdrawal will ultimately affect end-users, MSPs and resellers alike.

Which McAfee products does this EOL problem affect?

Since Intel’s acquisition of McAfee in 2011, there has been a concerted focus on EOL-ing those products that are not core to Intel’s strategy, and so the complete list is a long one.

But three that we think will grab most end-users’ and partners’ attention are:

  • Email Gateway
  • Enterprise Mobility Management
  • Endpoint Encryption

What will this mean for end-users and partners?

Bluntly, whether you’re an end-user or a security partner, EOL means what it says on the tin, or at least in the McAfee end-of-life policy; support for the software product simply stops (“Support contracts cannot extend beyond the end-of-life date”).

Support, of course, includes patches – a critical weapon in the struggle to keep security software updated against new or emerging threats – and so a security product kept in service beyond its EOL date is likely to rapidly become no kind of security product at all.

Map the McAfee products that are going / have gone EOL to the current risk profile of the cyber threat universe and the picture looks even more alarming.

  • McAfee is EOL-ing Email Gateway, yet… malware analysis in this publication shows email-borne malware hit 705 million quarantined messages from just one security vendor in just one month of 2015 alone!
  • McAfee is EOL-ing Enterprise Mobility Management, a solution that enables IT teams and security providers to keep large-scale official and unofficial mobile use in large businesses secure - yet McAfee also admits that the unique mobile malware samples collected in its own laboratories increased 72% from Q3 to Q4 in 2015!
  • McAfee is EOL-ing Endpoint Encryption, yet… the loss or breach of customer data from a mislaid or stolen device that this kind of technology can prevent is about to become a source of huge financial risk to businesses because of the draconian provisions of the forthcoming GDPR legislation!

In short, McAfee are pulling the plug exactly where the bad guys are starting to focus most attention – and that can only end badly for end-users and partners alike.

 But MSPs and resellers can get custom support, right?

Don’t you bet on it. Although custom support, beyond the EOL date, is theoretically available, it’s on McAfee’s say-so – reseller, MSP, end-user or whoever else you are. As they state in their policy, it is “an exception”, not the rule.

Clearly, it also costs. Not only that, it requires an existing current and continuous support contract to be in place, provides only limited content updates, for a limited time period, and with specific terms and conditions.

(Oh, and it never covers hardware of any kind, even if you bought the original solution on a hardware platform).

Does all this infuse the need to migrate to other solutions with a certain sense of urgency?

What happens next?

But knowing you have to migrate is little use if you don’t have any help as to where you might migrate to.

In the last blog in this series, we’ll be exploring some of the other security vendors’ offerings, and discussing whether they’re a good fit for partners and end-users looking to leave McAfee’s EOL products behind.

Keep watching!

security-banner

Our top security updates in the news and on the web this week

1.10 tips to avoid Cyber Monday scams

Shoppers familiar with the Cyber Monday circus know they’re stepping into the lion’s den. The Internet has always been a lawless place. First posted on Malwarebytes.

For the original post and further information click here

2. More POS malware, just in time for Christmas

Threat researchers are warning of two pieces of point of sales malware that have gone largely undetected during years of retail wrecking and now appear likely to earn VXers a haul over the coming festive break. First posted on The Register.

For the original post and further information click here

3. Some simple security advice for computer and smartphone users

Demonstrated how easy it can be to compromise users computers and 'steal' very personal video and photos, here's some really simple advice to help prevent this happening. First posted on Pen Test partners.

For the original post and further information click here

4. CryptoWall Updates, New Families of Ransomware Found

The ransomware threat isn't just growing—it's expanding as well. There has been a recent surge of reports on updates for existing crypto-ransomware variants. First posted on Trend Micro.

For the original post and further information click here

ransomware-update

5. Blast from the Past: Blackhole Exploit Kit Resurfaces in Live Attacks

The year is 2015 and a threat actor is using the defunct Blackhole exploit kit in active drive-by download campaigns via compromised websites. First posted on Malwarebytes.

For the original post and further information click here

6. Another Day, Another HMRC Tax Phish…

We could all do with a bit of a tax refund right before the festive season, and wouldn’t you know it. First posted on Malwarebytes.

For the original post and further information click here

7. Diving into Linux. Encoder’s predecessor: a tale of blind reverse engineering 

Linux.Encoder.1 has earned a reputation as the worlds first Ransomware family tailored for Linux platforms. First posted on Bitdefender Labs.

For the original post and further information click here

If you have any security news that you would like to see on our blog please send it to us at bluesolutions, please include the link from the original article in the email.

AppRiver logo largerversion

Infosecurity Europe will take place on 2nd June 2015 and we’d like you to join us for our short Email Security and Migrations Workshop, on the same day, at Hilton London Olympia, (near Infosecurity – London Olympia) from 11.30am to 3.30 pm. Can’t attend the whole event? That’s ok, you can drop-in to the Workshop at a time suitable for you, where we’ll also provide you with lunch. At the event, you’ll be able to:

  • Have a hands-on demo of email encryption, file sharing, tracking and DLP technology and how it can be applied to solve daily problems for organisations.
  • Try Hosted Exchange and Office 365 migration with BitTitan.
  • See how email archiving works with Global Relay.

You’ll also meet AppRiver product specialists, who will answer any questions about keeping businesses secure and how to provide added value solutions to your customers and increasing their satisfaction levels. The Blue Solutions team will be available to discuss pricing and the contact details of our team. We’re also going to enter all attendees into our prize draw to win an iPad, so we hope you’ll take this opportunity to win the prize! As the event will be by invitation only, please follow this link to register your interest and then we’ll send you an invite at a later stage. We hope to see you at our event.

Yes reserve my space

Cryptolocker Banner

This important notification is being released by Trend Micro for AWARENESS of the Ransomware Cryptolocker family. The main purpose of this Threat Awareness is to provide complete information about the threat and communicate the recommended solutions and best practices so that customers can apply them and avoid being affected or contain the threat from spreading further. If similar infections are being experienced in your respective regions, please contact your support engineer.

Threat brief

We are experiencing a resurgence of the malware family named Cryptolocker (and others variant). This is a crypto-ransomware variant which has the capability to encrypt files. It uses many technics (HTTPS, P2P, TOR…) to mask its command-and-control (C&C) communications. Usually, this attack is delivered thought spear-phishing method as an email attachment. Upon execution, it connects to several URLs to download the crypto-ransomware. It displays a ransom message. Users must pay the ransom before the set deadline is done. Otherwise, all the files will permanently remain encrypted. But beware, ransom payment is no guarantee that the original files will be restored!

Notable Variant
•  A particular variant, TROJ_CRYPCTB.XX , offers users the option of decrypting 5 files for free—as proof that decryption is possible.
•  Users are also given 96 hours, instead of 72 hours, to pay the ransom fee.
•  The displayed ransom message has options for four languages, namely, English, Italian, German and Dutch.
•  In some case, infection could occur through embedded URL over email or compromised web site with drive-by download technics.
Ransomware Image

How to protect from CRYPTOLOCKER attack ?
•  Use Reputation for real-time protection using cloud automatic sharing system (Smart Protection Network)

◦  Email Reputation to block malicious and suspicious email.
◦ Web Reputation to block compromised websites, newly C&C remote hosts and other disease vectors.
◦  File Reputation through SmartScan technology for real-time security updates on your solutions.

• Leverage sandbox, emulation and heuristic integration in current Trend Micro product with Custom Defense approach

◦ Automatic execution of suspicious content on innovative dynamic engines
◦ Native & easy deployment to existing Trend Micro solutions (OffiScan, IMSva, IWSva, ScanMail…)
◦ Empower Deep Discovery approach to detect over network any cryptolocker attack, ransomware, 0-day, targeted attack and any others unkown malware/variant

• Apply Best Practices on your Trend Micro solutions
Block potentially dangerous file over email (exe, scr, cab filetype…)
◾IMSva : http://esupport.trendmicro.com/solution/en-us/1099617.aspx
◾WFBS & ScanMail : http://esupport.trendmicro.com/solution/en-us/1099619.aspx

◦Tune Endpoint security solutions with Trend Micro recommendations
Malware : http://esupport.trendmicro.com/solution/en-us/1054115.aspx
◾Ransomware : http://esupport.trendmicro.com/solution/en-us/1099423.aspx
http://esupport.trendmicro.com/solution/en-us/1101715.aspx

•Education to end-user is key to pro-active defense:
◦ Always check who the email sender is.
◦ Double-check the content of the message.
◦ Refrain from clicking links in email.
◦ Backup important data.

• Coming soon into OfficeScan 11 Service Pack 1 !!! Anti-Cryptolocker feature to protect your personal file against encryption or malware action. Beta will start in few weeks. Contact your support engineer for more information.

How te remediate if Cryptolocker infection is running ?
• Détection and removal tool for Cryptolocker :

Threat Cleaner for GOZ and CryptoLocker (32-bit and 64-bit)
• Most of the time, encrypted personal file are lost even if user pays the ransom. Backup restore is the best solution to retrieve original and unmodified personal files.
• For Windows users, in case of system backup & restore features were active, lost files could be restored based on last automatic backup :

http://windows.microsoft.com/en-us/windows7/previous-versions-of-files-frequently-asked-questions

If you have any queries about Trend Micro Solutions and the Ransomware Cryptolocker family, call our support team on 0118 9898 245.

AppRiver logo largerversion

Article published on the AppRiver Blog

Google continues to phase out Postini services in favor of the Google Apps platform.  Consequently, we continue to receive requests to migrate Postini filtering accounts to SecureTide by AppRiver.  In this post, we will discuss the process through which your Postini mailboxes and settings can be easily migrated to SecureTide.

To export all mailbox senders lists (approved and blocked), as well as the associated settings, you will need to follow some simple steps both to retrieve the data and to prepare it for our  Support team will assist you during the migration to SecureTide.  After the data is in place, we’ll help you change your MX records to redirect your mail through our data centers.  Once the process is complete, your domains, mailboxes, approved senders and blacklists will be available through the Customer Portal and your spam and malware will be captured in our quarantine areas.

To export Postini mailboxes and settings, follow these simple steps:

1.  Export Mailboxes and Aliases

Exporting the complete set of data is a two-step process that produces two separate source files.  The first file to be exported contains mailboxes along with their aliases:

  • In the Postini interface, go to Orgs and Users > Orgs.
  • Click on the domain you wish to export. (For this example, we will use domain.com as shown in Figure 1.

Figure 1.  Select Domain

  • In Organization Management, note the Organization ID number located in the Settings section (see Figure 2).

 

Figure 2.  Note the Organization ID Number

 

  • Select the Batch link at the top of the page, enter the following command into the Manual Input field (see Figure 3), using the Organization ID number noted previously as the value for targetOrg and complete the on-screen instructions:

listusers ALL, targetOrg=1000012345, childorgs=1, fields=PRIMARY_ADD|ADDRESS, aliases=1, sort=primary_add:nd

Figure 3.  Export Aliases from Postini using the Batch Command

  • Select the batch results, copy and paste the data and save as a text file called domain.com_alias.txt.

2.  Export Approved/Blocked Senders Lists

Continue as follows to export all associated Approved/Blocked Senders Lists:

  • Go to Orgs and Users > Users.
  • Choose the top Account-level org from the Choose Org list.
  • Click the Download Users/Settings link as shown in Figure 4.

Figure 4.  Export Approved/Blocked Senders List

  • Select the Batch results, copy and paste the data from the popup window and save the data as a text file called domain.com_Users_Settings.txt.
  • The exported data will contain such information as the # address, user_id, junkmail_filter to set email filtering active, category filtering levels, virus scanning settings, approved_senders, approved_recipients, blocked_senders, as well as other available inbox settings (see Figure 5).

Postini Exported Settings Shown

3.  Provide data to AppRiver for Migration

Now that you have all data exported into two separate files, send both files to support@bluesolutions.co.uk.  Our support team will import your data to our platform and provide a walkthrough on AppRiver’s SecureTide service.

Call our sales team on 0118 9898 222 for more information about AppRiver secure email messaging solutions.

 

bluesolutions_logo-colour

Article published in IT Channel Expert with Jonatan Bucko, Blue Solutions Product Manager

From software installation and set-up to managing networks, MSPs/IT service providers often have never-ending to-do lists. While problem solving for clients, they need to find answers to their own questions to help them run their businesses.

So what are the pitfalls for MSPs/IT service providers and how do you deal with them? In this article, I’ve outlined some of the difficulties they face and how they can be managed:

Finding the right solutions for your clients

If you type ‘MSP/IT service provider’ into Google, you’ll find never ending pages for back-up, security, cloud solutions etc. Before you commit to buying any new services, do some research on the industry. For example, industry trends, current customers’ peak network and server usage times. Think about your clients’ requirements, are their businesses growing? Is there a particular IT issue that’s caused a problem that you can help with? Don’t forget that speaking to your industry peers can also help; the insight you can gather from speaking to others at forums and conferences can keep you informed and ensure you provide solutions that clients want.

Running multiple networks with stretched resources

Running multiple clients networks creates a lot of opportunities but also means an MSP/IT service provider’s time and resources are stretched. Juggling tasks, responding to queries and keeping customers happy can make your days longer than they need to be.  MSPs/IT service providers should take a look at where they can use solutions that will make this ‘juggling act’ easier, while providing greater value to any clients.

For example automation tools can reduce the time spent on certain tasks, reduce costs and increase efficiency. Also, with a back-up and disaster recovery solution, MSPs/IT service providers can show customers they are efficient in the way they can pre-empt issues (e.g. being aware of a server running out of space before it affects a client’s business operations).

Increasing efficiency

Following on from my previous point – reducing costs and improving efficiency is key to maintaining a thriving business.

One of the tools available to help MSPs/IT service providers with this are IT systems monitoring & management platforms, which remove time-intensive and repetitive support tasks. These solutions become a necessity as you scale your business and its service delivery model.

Whilst many will provide out-of-the box automation of common IT tasks, in some cases creating an automation policy (script) may be required to address a particular time-hog. It is important that the platform allows for comprehensive scripts to be created, through an interface that exposes the functionality to even the novice users, making it easy for them to build policies that will automate repeatable work.

The scripting engine must be intelligent enough requiring minimal user input, yet working in harmony with the platform’s many facets such as monitoring, ticketing and time entry functionalities. Ultimately it doesn’t matter if the newly created policy is going to run on two machines or 2,000, it must do the exact same thing in the same amount of time in every single occurrence.

Once the repeatable tasks have been automated, a review schedule should be created to periodically assess and improve the service delivery as it evolves and the business will reap the benefits.

It could be summarised that a business can scale only as much as its individual processes do.

I’ve heard this comment from a business owner: “The main component is the consistency of approach not necessarily the back-end technology. The platform must enable you to create repeatable, improvable and scalable, automated processes, which can potentially deliver unlimited value at marginal cost”.

Managing costs and making a profit

Constant changes to technology and customer requirements means MSPs/IT service providers are always trying to manage costs and maintain profits. Many of them are finding a way to do this by joining MSP partner programs.

Joining these programs gives MSPs/IT service providers a business model that fits how they work. When looking for a program some other points to consider – will the program help you to manage billing your clients or which tools are available to help you run your business efficiently? Above all, will joining the program grow your business?

Staying on top of industry information

So, while MSPs/IT service providers are busy running their businesses, where do they find the time to stay up-to-date on the latest products and industry news? To be honest this isn’t always possible. So looking out for vendor materials that cover different industry topics can save you a lot of time and keep you on top of everything. Make use of free e-books, webinars, videos, online demos and white labelled content (that you can brand). This will save you the time and trouble of trying to create your own content, as well as helping to answer clients’ queries.

Let’s not forget about the admin!

A lot of us have never liked doing admin – and this won’t change! But it’s something that MSPs/IT service providers need to manage well to avoid payment delays and ‘slowing’ their businesses down. For example, think about your invoicing – what date do you plan to do this? Will the vendor’s processes align with yours? Dull I know but it has to be done.

As you can see from these examples, with some planning and using available resources, MSPs/IT service providers can manage these pitfalls while building profitable businesses.

Contact our sales and product specialists today on 0118 9898 222 to help you find the right solutions for your MSP business.

 

AppRiver logo largerversion

 

 

 

Article contributed by AppRiver

A common question that's often discussed when migrating customers to AppRiver Secure Hosted Exchange or Office 365, is understanding the differences between public folders and shared mailboxes and when to use each one. If that wasn’t creating enough confusion, site mailboxes were recently introduced to combine SharePoint’s resource sharing features with emails and conversations processed by Exchange. So this post will explain in a simple manner the differences between each option and when each can best be used to meet each requirement.

Public Folders
Public folders are designed for shared access and provide an easy and effective way to collect, organize, and share information with other people in your workgroup or organization. Public folders can also be used as an archiving method for distribution groups. When you mail-enable a public folder and add it as a member of the distribution group, email sent to the group is automatically added to the public folder for later reference. Main features are:

  • Public folders are stored in Exchange.
  • Public folders work well for enterprises with older versions of Office still deployed as well as brand new deployment.
  • Documents stored in Exchange don’t have the benefits of SharePoint document libraries (e.g. workflows, version control, metadata, etc.) and aren’t visible within SharePoint.
  • A common option used with public folders is to set an email account that will rout all incoming traffic to a public folder for a shared access.

Note: Office 365 has increased the limit on the number of public folders available to 250,000 folders.

Shared Mailboxes
Shared mailboxes make it easy for a specific group of people to monitor and send email from a common account, like public email addresses, such as sales@appriver.com or info@appriver.com. When a person in the group replies to a message sent to the shared mailbox, the email appears to be from the shared mailbox, not from the individual user. Shared mailboxes are a great way to handle customer email queries because several people in your organization can share the responsibility of monitoring the mailbox and responding to queries. Your customer queries get quicker answers, and related emails are all stored in one mailbox. Main features are:

  • Shared mailboxes provide a generic email address that can be used to send emails to a team.
  • Access to shared mailboxes is set under Exchange permissions.
  • Allows multiple users within an organization to monitor and reply to an email.
  • Reply email address is the shared mailbox address.

Site Mailboxes
A site mailbox can be used from a SharePoint team site to store and organize team email. It can also be used from Outlook 2013 (included with Office 365 ProPlus or Office Professional Plus) for team email, and as a way to quickly store attachments and retrieve documents from the team site. Main features are:

  • Emails are stored in Exchange.
  • Site mailbox is an app that you add to your SharePoint site.
  • It’s important to pick the right naming since once you have created a site mailbox, you can’t change its email address.
  • Invoking the site mailbox is done by cc’ing the email address of the site mailbox.
  • You can add folders from your site mailbox to your outlook favorites so that it is directly visible in Outlook.
  • When viewing a site mailbox from outlook, both email and documents are visible.
  • You can add documents by attaching them to an email message.
  • Security is driven by SharePoint team site permissions.
  • Integrates with Outlook and can be also accessed through the Office 365 web app.

Still have questions about your mailboxes? Contact our sales team on 0118 9898 222 for help with finding a solution to manage your mailboxes securely.

CompTia Banner

We joined industry leaders and professionals at the CompTia EMEA Conference on 5th and 6th November. This event gave our team a good opportunity to meet with our current and new Resellers and other industry professionals.

Throughout the day, our team were busy talking to MSPs and Resellers about the best technology to run their businesses, covering I.T. automation, disaster recovery, anti-spam and malware solutions.

Nicola and Janet CompTiaThe event was also a great opportunity for us to join two of our vendors at their stands - StorageCraft, a data backup and disaster recovery vendor and AppRiver, provider of email messaging and Web security solutions. Our Product Manager, Nicola Boswell is pictured left with Janet O'Sullivan, StorageCraft Marketing Manager. We also met with Western Digital, who will be joining our portfolio to enable us to provide end-to-end solutions for Resellers.

We'll tell you more about that soon...

Our Sales Manager, Emma Wale, who attended the two day event commented “being at CompTia puts us among our industry peers and shows we are committed to providing the best service and leading solutions for MSPs and Resellers”.

If you missed our team at CompTia, you can contact us on 0118 9898 222 and speak to our product specialists or visit our website.

AppRiver logo largerversion

Article by Troy Gill, AppRiver

Over the past several days we have been seeing several malicious email campaigns posing as legitimate communication from Amazon. The first campaign is posing as messages from the amazon.co.uk with the subject line reading: Your Amazon Order Has Dispatched (#3digits-7digits-7digits). These messages purport to be order shipment notifications. These messages began hitting the AppRiver filters on 31/10/14 and have been coming in consistently ever since. So far we have quarantined just over 600,000 of these messages.

Each message contains a Word document (MD5: a75e196e6c0cabc145f4cdc3177e66ec) that contains a malicious macro. In most instances users should at a slightly lower risk with this infection vector, since macros are not enabled by default in more recent versions of Word.  The macro (if allowed to execute)leads to the install of a Trojan dropper. The malware currently creates a process named SUVCKSGZTGK.exe on the victims machine. Eventually this leads to the install of key-logging malware designed to harvest banking login credentials, email credentials and social media credentials. As we commonly see with this these types of campaigns, the payload can be changed out by the malware distributors so this dropper could pull down some other form of malware in the future.

Here is a look at the message:

Malicious Amazon message1

 

In a separate email blast, another group is distributing malicious emails posing as Amazon order confirmation emails. These emails are coming is at a slightly slower clip than the former campaign mentioned but we have quarantined nearly 160,000 of these message over the past few days. They appear from amazon.com with the subject reading: Your order on Amazon.com.

These email have a bit more of a legitimate look as they utilize actual graphics taken from Amazon. Instead of a malicious attachment, these messages utilize links to compromised wordpress sites. Clicking these links will launchthe download of a .scr file  named: invoice1104.pdf[dot]scr. Which should be a huge red flag to most users as the .scr file extension is used almost exclusively for malware infection these days. The .scr file(MD5: 09cb12d7cd0228360cd097baeaaa6552) is in fact a Trojan dropper that will lead to the install of more malware once it has infected the host. Once again, from here, the sky is the limit for the malware distributors since they can now download and install remote files of their choosing.

Here is a look at the message and prompt :

Malicious Amazon message2

 

Malicious Amazon3

 

 

 

 

This is a very popular time of the year for these types of scams with so many people in shopping mode in preparation for the holidays. With many people expecting purchase confirmations and shipping confirmations with much more frequency, it increases the likelihood that people will far for this scam.

Be extra cautious this holiday shopping season and if you are suspicious of unauthorized activity on your Amazon account, never follow any links in an email, go directly to the website and check your account from there.

 

A small business owner named Pete needs a complete security solution that protects everyone on his staff when they email, browse, and share using their Macs, PCs, or mobile devices.

Pete discovers Trend Micro™ Worry-Free™ Business Security -  Watch the video below to find out more about this easy-to-use solution that provides complete user protection for all his employees:

Want to know more about Trend Micro products? Contact our product specialists on 0118 9898 222