Antivirus

Over the last week we have seen an increase in the amount of companies receiving emails containing Zepto Ransomware, a file encrypting virus based on the infamous Locky cryptoware.
Most of the emails have been carefully crafted to ensnare the victims using social engineering techniques, typically greeting the recipient by first name and asking them to open an attachment which they had requested.
zepto image
The attachment will typically be either a .zip extension or .docm extension and once opened will run a malicious JavaScript which then encrypts all files on the users machine with the .zepto extension

To try and combat the infection, we offer the following advice
1. To protect against JavaScript attachments, tell Explorer to open .JS files with Notepad.
2. To protect against VBA malware, tell Office not to allow macros in documents from the internet.
3. Ensure your AntiMalware program is upto date
4. Ensure your users are careful with email attachments and only open the ones they are sure they have requested
5. If possible set email filtering to quarantine all .zip and .docm files

Anti-Malware’s Like Your Winter Clothes: Layered Is Better!

Outdoors magazines, sports coaches, your mother – they all teach you that at this time of year, when the cold snap bites, layers of clothing are far more effective against the cold than one monstrous overcoat. Nobody pretends the cold’s not going to find its way into a fold or two, but after that, other folds stop it.

Seems like common sense, doesn’t it? Yet when it comes to anti-malware and the like, too many vendors (and partners!) still favour the overcoat – one big protective mantle that, once compromised, is a single point of chilly failure.

So for you, and your customers, the question is this: where can you get access to the kind of layered anti-malware solutions that don’t let you down like an overcoat, and how can you be sure they’ll deliver on the promise?

What are these anti-malware layers – and what benefit do they deliver?

Layered security’s central philosophy is that no one solution can cover every base. (Wikipedia describes this neatly here). You need layers of solutions, as well as layers of protection within those solutions.

Take one of the most vicious breeds of malware, for example – zero-day exploits, like the ones that placed millions of Android Chrome users at risk. These target vulnerabilities in newly-released browser and application software, often using these undefended pathways to deliver ransomware payloads.

To fight these threats effectively, each vulnerable program – it could be an Office app, a PDF reader, a media player, or anything else – needs its own dedicated protection.

But this kind of exploitation protection isn’t necessarily focused on threat profiles like viruses, Trojans, worms, rootkits, adware and spyware, so an additional anti-malware layer is needed.

And, critically, malware detection is not the same as malware removal – which, again, is a layer in itself.

Put all these items of “protective clothing” together, of course, and you have a multi-layered solution, something like this one, that covers all the critical malware and exploit vulnerabilities.

That chill wind might find its way in here and there, but it’s not going to hit skin.

Anti-malware’s layers within layers

Drilling down into these solutions, we find that there, too, layers are the key to trapping the threat, wherever it comes from and whatever form it takes.

So for example, an anti-malware solution might have four distinct layers:

  • Application hardening, to make outdated or unpatched applications less susceptible to attack
  • Operating System security, to stop exploit shellcode executing
  • Malicious memory protection, to prevent the execution of payloads
  • Application behaviour protection, for specific applications like Word, PowerPoint and others

 In short, there’s a trigger to raise a red flag on all the hot buttons that malicious code typically tries to press!

“Is layered anti-malware really that effective? Not convinced…”

At this point, if I were your mother I’d be telling you to come inside and get some hot soup. As it is, I’m going to tell you to come in from the cold and smell the coffee.

The effectiveness of layered anti-malware is documented fact, not hearsay. Here are some recent threat-busting stats from the layered anti-malware landscape:

  • It was a layered malware removal technology that recently earnt the only perfect score in tests by the internationally respected laboratory AV-TEST.
  • It was a layered malware tool that removed over five billion separate varieties of malware in 2014 alone.
  • It was a layered malware removal technology that, according to OPSWAT, who release periodic studies on security vendors’ market share, is the most popular security product installed by users.
  • Layered anti-malware technology is hot property, ranking 186th in Deloitte’s 2015 Technology Fast 500 nominations.

So what’s stopping you from (if you’re a partner) offering these solutions profitably to your customers, and (if you’re an end-user organisation) deciding to take the partners up on their offer?

Layered anti-malware as revenue multiplier!

The short answer is “nothing.”

Firstly, distribution businesses like mine (and others) already make these solutions available to partners, and not just in conventional subscription-based agreements.

The MSP model, for example, gives partners a powerful differentiator in their portfolio. This is primarily because it enables partners and their customers to pay only for what they use, but it also makes aggregated billing possible, reducing customer acquisition costs and so supporting the growth of the partners’ business.

Secondly – and this is where layers take on a dimension that’s probably a lot more interesting to you than it is to your mother – layered anti-malware not only gives partners the opportunity to combine (and charge for) multiple solutions, as we’ve already seen, it can also work with the customer’s existing security solutions and need not automatically displace them.

In short, every layer’s a revenue stream in itself, but any other security solutions you have already sold to your customers can stay in place too – so the revenue opportunity is multiplied!

So, that’s a whole load of stuff I bet you (and your mother) didn’t know about the similarity between what you wear and what you sell.

Either way, it’s going to make you look good.

Brian-A-Jackson1

On a weekly basis there are now articles regarding a big brand company which has been hacked, these usually relate to what data has been lost, how they are notifying those affected and what they are going to be doing to prevent this from happening again.

So how do you prevent it from happening in the first place?

From experience I can see that if a hacker wants to get details from somewhere they will take the easiest target, the ‘Low Hanging Fruit’ as they say, in ensuring your company has some basic security principles in place can help mitigate this.

So how do you ensure you are not the ‘Low Hanging Fruit’

Simple measures can be taken within your environment to help secure it. As a basic level you should be meeting the following guide - CyberEssentials Requirements

This sets out some advice regarding Firewalls, User access control, Passwords, Malware protection and Patch management.

Once you have met the standards given within this document you should be looking to increase the security standards within your organisation. The most effective we have found is the use of education, once educated your staff will be able to react to the threats quicker and reduce the risks to your company.

McAfee Security

It’s getting to that time of year when thoughts turn to peace and goodwill, and we look to reward those who have worked hard and the customers who have stayed loyal.

Which is why the big bag of coal that McAfee has dropped in your Christmas stocking this year is an especially nasty surprise. For you and your customers alike.

McAfee – the situation

Here’s the Christmas story, McAfee-style.

Firstly, you buy MX Logic to strengthen your digital security portfolio. Then, you get bought by Intel. Then Intel drops your name. Then Intel says that it’s working on a comprehensive new security package, and promptly puts McAfee’s SaaS email security into end-of-life.

It’s the gift that keeps on giving. Because although the announcement was originally reported at the end of October, we’ve since learnt that many other security offerings (like Nuvotera, Spam Soap, Spambrella, etc.) were white-labelling McAfee’s service, so end-of-life becomes a potentially huge issue for all of them – and the end-users they serve.


“What does this mean for me and for my customers?”

In January 2016, Intel Security will stop selling McAfee SaaS Endpoint and SaaS Email Protection and Archiving, with the majority of subscriptions and support ending in 2017.  As this table shows, some limited support will continue for certain subscriptions until 2021.

Now, Christmas hangovers don’t usually come this early in the month, but rest assured that the decision to discontinue McAfee SaaS products represents one ho-ho-ho-hell of a headache for partners.

They must now identify new solutions and then go through entire deployment and provisioning processes all over again - just so their customers can keep the endpoint and email security that they’ve previously enjoyed.

They have to factor in the time it takes to learn new technology and user interfaces (this includes both internal and customer training), how pricing models will be affected, and what support they need to give and receive.


A frenetic festive season for McAfee users

Needless to say, all this is a massive annoyance to end-user customers, too.

Apart from all the usual pain associated with sudden business and technology platform change, across potentially hundreds or thousands of users, email security often gives rise to complex requirements around archiving - as explained in guides like this one – through which Intel has now successfully driven a sleigh and reindeers.

While customers’ email archiving will continue until their subscriptions’ expiry dates, new emails will no longer be archived after the subscription has expired.

Additionally, customers will only have six months to import their archived emails into their new platform, and any emails that have not been moved at that point will be permanently deleted.


What should partners do next?

If there’s a cheering undertone to this seasonal lament, it’s this: SaaS is an enduringly and increasingly popular delivery model for email, security, and archiving, and is not going away anytime soon.

Add to this the fact that there are other vendors that can provide similar security solutions, and my advice to partners seeking new solutions providers boils down to these basic points:

  • Security pedigree: How long has the solution provider been in business?  Are they security-focused (i.e. how much of their business does security represent? Do they seem distracted by other revenue streams?)
  • Reputation: Who do they partner with (e.g. software distributors) and what level of respect do those partners have in the security space? What do their partners say about them publicly? Will they let you speak with partner references privately? If not, why not?
  • Support: Can you access live customer support whenever needed, provided by employees of that company? If the support expertise is coming from somewhere else, is that support provider trained and qualified? Where’s the proof (certification)?
  • Commitment to the Channel: Does the vendor offer good margins, friendly terms, competitive pricing? Do they have proven relationships with distributors and other partners who can add value through automated management tools, MSP options, dedicated account managers?

Wanting to move quickly to transition your customers to viable alternatives, don’t end up choosing alternative vendors who aren’t truly viable.

(That would be turkeys voting for Christmas.)


“So where do I point my McAfee customers now?”

As a specialist security software distributor who’s been working with some of the world’s biggest security names for over 15 years - and some very agile newer ones, too - I’m ideally placed to consider the choices that your customers can make.

I’m not going to tell you that any one vendor is now the definitive star on the top of the Christmas tree. (Intel has hastily named Proofpoint as a quick fix for McAfee customers, and to me it smacks of expediency, rather than suitability).

But consider this: if a security vendor’s business was born in the cloud, and has been established almost as long as my own, I regard it as being worth a look.

If it offers 24/7 support, is capable of securing much more than just email, and has innovative pricing plans that means savings can be passed on to the end-users, it’s worth a look.

If it protects more than 8.5 million mailboxes for over 47,000 corporate clients worldwide, but is still prepared to give you and your customers a free trial to try it out for yourselves, it’s worth a look.

So do you want to keep the present under wraps until Christmas? Or do you want to be the one to bear early gifts to all those desperate McAfee customers? It’s your call, but ripping off the paper is as easy as this.

And the Three Wise Men? That’ll be the first three partners who click on the link above…

Malwarebytes Image

Originally published on the Malwarebytes Security Blog

May 6 marked the 15 year anniversary of the infamous ILOVEYOU (Love Letter) email virus. The virus is regarded as the first major virus spread by email.

ILOVEYOU reportedly infected tens of millions of computers worldwide, and cost billions of dollars in damage.

Once a machine was infected with ILOVEYOU, the virus scanned the Windows Address Book and subsequently sent copies of itself to every contact within the list. Using the public’s lack of email security to its advantage, the virus was able to masquerade as a legitimate attachment sent by a known acquaintance.

This simple social engineering tactic allowed the virus to propagate world-wide quickly and efficiently.

In the years since ILOVEYOU, we’ve all learned lots regarding email security and ‘best practices’ to use when downloading attachments. There have been numerous articles, write-ups, warnings, and suggestions advising users to be wary when opening attachments that come via email – even when from a trusted source.

Despite more than a decade and a half of these warnings, email is still a primary vector for the installation of malicious software.

The M3AAWG Email Metrics Report, released Q2 of 2014, indicates that over a three-month tracking period, a whopping 987 billion “abusive” emails were identified as being successfully delivered.

While this pales in comparison to the other 9+ trillion emails blocked by the mail providers, this number demonstrates just how successful  a vector email is for malicious actors to use to compromise their victims.

While the M3AAWG report doesn’t distinguish between emails with malicious attachments and other types of abusive emails such as phishing emails, it’s reasonable to assume that at least a significant percentage of the abusive emails did indeed contain a malicious attachment.

As indicated by the report, the vast majority of these messages are blocked by large email providers such as Microsoft and Google, but despite the best efforts of these companies, many messages still find their way through the filters.  Here is an example of a malicious email I received to my personal email account just the other day.

MalSpam1

The success of these malware campaigns relies in numbers. With an estimated 205 billion emails sent each day, it seems to be a herculean, if not almost impossible task to prevent each and every malicious email from being delivered.

We would all be quite peeved if that important document from our boss wasn’t delivered to our email box, or if that emergency change in insurance wasn’t received from HR.

The big email providers know this, so they are forced to tread lightly when determining if an attachment is malicious or not. The problem is malicious actors know this too.  So for them, it’s just a numbers game.

If one address gets blocked, use another. If one message is blocked, send one more – better yet, send a million more. And there in-lies the issue that we in the security field face when it comes to preventing you from seeing (and in the case of malware – blocking) this sort of garbage all together.

A small portion of over-all attempted deliveries and an even smaller percentage of successful installs is all that’s needed to claim success.

Malware authors utilise a dizzying array of tools, services, and botnets to facilitate delivery of malicious email. Email addresses are spoofed. The subject and body can be dynamically generated using unique information to help provide a sense of legitimacy to the email. Most attachments are randomized both in name and MD5’s to thwart detection.

Geo-location is used to send emails to users of a particular region, city, or post code. And the subject matter of emails constantly changes to play into the fears, desires, and dreams of every potential person.

MalSpam2

Attachments are not limited to .zips either. Attachments have been seen to arrive in .exe format (although rare with large email providers), .scr, .pdf, .com, .js, or a variety of others. Here we can see how some attachments attempt to appear legitimate.  Take notice of the large spaces between filenames and the .exe extension on a few of the attachments.

MalSpam3

Remember, it only takes a small portion of sent emails, and an even smaller percentage of those to be clicked, in order for a malware author to claim a particular spam-run successful.

The reality is, these people wouldn’t use email as an attack vector if it didn’t work – but it does.

The only reason it does is because a small percentage of us still click such attachments thinking there may be some legitimacy to the content.

Despite 15 years of warnings, billions of dollars in damages, and countless attacks attributed to email, we have yet to learn the dangers of downloading unsolicited attachments.

So for the sake of humanity (a bit dire, I know) please quit clicking attachments from people you don’t know, or from contacts where the content appears suspicious.

If there is a question if the email is legitimate, contact the sender and inquire.

If you didn’t order anything online, don’t click the Word document advising you of your recent purchase.

If you haven’t done so already, configure Windows to always show file extensions. That way, if you do download and extract a malicious attachment, you can hopefully see if any trickery is being played with spaces between the visible filename and the extension.

And most importantly, educate someone you know who would never read this (or any) security blog as to hopefully help them from succumbing to the ever-changing tactics of malware spam.

Blue Solutions is now a distributor for Malwarebytes- read the press release here. Call our team on 0118 9898 222 and they'll help with any questions or arrange a free trial.

 

bluesolutions_logo-colour

Article published in IT Channel Expert with Jonatan Bucko, Blue Solutions Product Manager

From software installation and set-up to managing networks, MSPs/IT service providers often have never-ending to-do lists. While problem solving for clients, they need to find answers to their own questions to help them run their businesses.

So what are the pitfalls for MSPs/IT service providers and how do you deal with them? In this article, I’ve outlined some of the difficulties they face and how they can be managed:

Finding the right solutions for your clients

If you type ‘MSP/IT service provider’ into Google, you’ll find never ending pages for back-up, security, cloud solutions etc. Before you commit to buying any new services, do some research on the industry. For example, industry trends, current customers’ peak network and server usage times. Think about your clients’ requirements, are their businesses growing? Is there a particular IT issue that’s caused a problem that you can help with? Don’t forget that speaking to your industry peers can also help; the insight you can gather from speaking to others at forums and conferences can keep you informed and ensure you provide solutions that clients want.

Running multiple networks with stretched resources

Running multiple clients networks creates a lot of opportunities but also means an MSP/IT service provider’s time and resources are stretched. Juggling tasks, responding to queries and keeping customers happy can make your days longer than they need to be.  MSPs/IT service providers should take a look at where they can use solutions that will make this ‘juggling act’ easier, while providing greater value to any clients.

For example automation tools can reduce the time spent on certain tasks, reduce costs and increase efficiency. Also, with a back-up and disaster recovery solution, MSPs/IT service providers can show customers they are efficient in the way they can pre-empt issues (e.g. being aware of a server running out of space before it affects a client’s business operations).

Increasing efficiency

Following on from my previous point – reducing costs and improving efficiency is key to maintaining a thriving business.

One of the tools available to help MSPs/IT service providers with this are IT systems monitoring & management platforms, which remove time-intensive and repetitive support tasks. These solutions become a necessity as you scale your business and its service delivery model.

Whilst many will provide out-of-the box automation of common IT tasks, in some cases creating an automation policy (script) may be required to address a particular time-hog. It is important that the platform allows for comprehensive scripts to be created, through an interface that exposes the functionality to even the novice users, making it easy for them to build policies that will automate repeatable work.

The scripting engine must be intelligent enough requiring minimal user input, yet working in harmony with the platform’s many facets such as monitoring, ticketing and time entry functionalities. Ultimately it doesn’t matter if the newly created policy is going to run on two machines or 2,000, it must do the exact same thing in the same amount of time in every single occurrence.

Once the repeatable tasks have been automated, a review schedule should be created to periodically assess and improve the service delivery as it evolves and the business will reap the benefits.

It could be summarised that a business can scale only as much as its individual processes do.

I’ve heard this comment from a business owner: “The main component is the consistency of approach not necessarily the back-end technology. The platform must enable you to create repeatable, improvable and scalable, automated processes, which can potentially deliver unlimited value at marginal cost”.

Managing costs and making a profit

Constant changes to technology and customer requirements means MSPs/IT service providers are always trying to manage costs and maintain profits. Many of them are finding a way to do this by joining MSP partner programs.

Joining these programs gives MSPs/IT service providers a business model that fits how they work. When looking for a program some other points to consider – will the program help you to manage billing your clients or which tools are available to help you run your business efficiently? Above all, will joining the program grow your business?

Staying on top of industry information

So, while MSPs/IT service providers are busy running their businesses, where do they find the time to stay up-to-date on the latest products and industry news? To be honest this isn’t always possible. So looking out for vendor materials that cover different industry topics can save you a lot of time and keep you on top of everything. Make use of free e-books, webinars, videos, online demos and white labelled content (that you can brand). This will save you the time and trouble of trying to create your own content, as well as helping to answer clients’ queries.

Let’s not forget about the admin!

A lot of us have never liked doing admin – and this won’t change! But it’s something that MSPs/IT service providers need to manage well to avoid payment delays and ‘slowing’ their businesses down. For example, think about your invoicing – what date do you plan to do this? Will the vendor’s processes align with yours? Dull I know but it has to be done.

As you can see from these examples, with some planning and using available resources, MSPs/IT service providers can manage these pitfalls while building profitable businesses.

Contact our sales and product specialists today on 0118 9898 222 to help you find the right solutions for your MSP business.

 

CompTia Banner

We joined industry leaders and professionals at the CompTia EMEA Conference on 5th and 6th November. This event gave our team a good opportunity to meet with our current and new Resellers and other industry professionals.

Throughout the day, our team were busy talking to MSPs and Resellers about the best technology to run their businesses, covering I.T. automation, disaster recovery, anti-spam and malware solutions.

Nicola and Janet CompTiaThe event was also a great opportunity for us to join two of our vendors at their stands - StorageCraft, a data backup and disaster recovery vendor and AppRiver, provider of email messaging and Web security solutions. Our Product Manager, Nicola Boswell is pictured left with Janet O'Sullivan, StorageCraft Marketing Manager. We also met with Western Digital, who will be joining our portfolio to enable us to provide end-to-end solutions for Resellers.

We'll tell you more about that soon...

Our Sales Manager, Emma Wale, who attended the two day event commented “being at CompTia puts us among our industry peers and shows we are committed to providing the best service and leading solutions for MSPs and Resellers”.

If you missed our team at CompTia, you can contact us on 0118 9898 222 and speak to our product specialists or visit our website.

bluesolutions_logo-colour

It's been a busy time at Blue Solutions and we wanted to keep you up-to-date with some of our changes, especially when it's good news for our MSPs and Resellers.

We've recently welcomed a new team member

We've expanded our technical team and Deane Mallinson, our new Sales Engineer joined us in September. Deane's wide ranging role will be to focus on the support function offered by Blue Solutions.

With 20 years' experience, in the I.T. industry ranging from first line support to management, Dean PictureDeane will be managing our internal, external, pre and post sales support helpdesk, while mentoring our team.

As Deane's qualifications include MCSE, MCSP, KLCT, KLCSA and GCT, he is well equipped to ensure our customers get the support they deserve.

As part of our continued commitment to supporting and investing in I.T. graduates,  Chris Kudzin has joined Deane's team as our I.T. apprentice.

 

Other changes

Emma at Blue SolutionsEmma Wale (pictured left), a long-standing member of the Blue Solutions Team was recently promoted to being our Sales Manager. With extensive experience in the I.T. and software channel distribution industries, Emma's main focus will be to manage sales growth and overall profitability for Blue Solutions.

While continuing to work as the main contact for DataFortress, the online backup solution (powered by Attix5), she will support and develop our sales and product specialists on a daily basis.

What's happening with our other team members?

Our product  and sales specialists roles have changed too.  Our sales team (pictured below) will be available to manage your orders and help with any queries on a daily basis.

Blue Solutions Team Updated

We also now have a team of vendor specialists, who are available to help you develop your business, with solutions for the channel. You can view our key vendors at our website.

Why have we made these changes? As parts of our business have moved into the managed services sector, we have restructured our sales team to ensure we continue to provide the best service for all of our customers. Your contacts are:

nicola-ImageNicola Boswell (pictured left) is our Specialist for AppRiver and StorageCraft

 

 

 

Sharon Pace has been appointed as our Blue Solutions Key Account Manager and Tom Mangion is our Trend Micro Renewals Specialist.

If you need any questions about our vendor products, please contact out sales team on 0118 9898 222.