Category Archives: News

Latest internal news from Lincoln IT Solutions Ltd

How not to fall Hook, Line and Sinker, to Email Phishing attacks

Email Phishing is when attackers send scam emails (or text messages) that contain links to malicious websites. These links can be obviously dangerous, such as a link that may transfer the user to a fake PayPal website, but it is clear that the URL is not directing the user to the real website, or the scammer may try using something called a Homograph Attack. These attacks take advantage of the similarities between the appearance of letters in different fonts or for example using a 0 (Zero) instead of an O (Capital O) to trick the user into believing they have accessed the real site. The websites may contain malware (such as ransomware) which can sabotage systems and organisations. Or they might be designed to trick users into revealing sensitive information (such as passwords), or transferring money.

Phishing emails can hit an organisation of any size and type. You might get caught up in a mass campaign (where emails are sent indiscriminately to millions of inboxes), or it could be the first step in a targeted attack against your company, or a specific employee. In these targeted campaigns, the attacker uses information about your employees or company to make their messages even more persuasive and realistic. This is usually referred to as spear phishing.

Given the risks posed to both the user as an individual and to the company of which that user belongs, it is always best to develop safe habits when clicking on links sent via email. Some of these habits can include, checking the senders full email address, as some phishing attacks involve attackers posing as people you may know but the full address will reveal an unfamiliar email address. Other attacks can involve attackers gaining access to a user’s mailbox outside (or inside) the organisation and sending links to all contacts. With this kind of attack the best practice is to check with the sender that they meant to send the link via another method (e.g. phone, text, in person) if the email was not expected.  

As Phishing Attacks become more common and attackers learn to use new methods, it is more important than ever to keep up to date with Cyber Security. That’s why here, at Lincoln IT, we have solutions available to help educate your users on some of the more sneaky methods attackers may use, and help them put into practice “safe clicking” to stop attackers in their step.

To arrange a free consultation of your Cyber Security strategy or your entire IT Infrastructure, please contact us via 01522 282120 or support@lincolnitsolutions.co.uk

PrintNightmare – Critical Server Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

Microsoft have released information regarding a critical server vulnerability that is caused by the Print Spooler service. As of yet, there is no patch available and there is known working code in the wild that can exploit it.

If exploited, a remote user could gain full control of a domain controller and customer network causing untold havoc and financial damage.

There are a few ways to mitigate this vulnerability which we have already put in place for our clients.

First, if your server does not need to be running the print spooler service, then disable it immediately! This can be done via services.msc

Second, lock down the c:\windows\system32\spool\drivers folder and subfolders. This will prevent a remote user from exploiting this vulnerability. Here is the powershell code to do this:

$Path = “C:\Windows\System32\spool\drivers”

$Acl = (Get-Item $Path).GetAccessControl(‘Access’)

$Ar = New-Object System.Security.AccessControl.FileSystemAccessRule(“System”, “Modify”, “ContainerInherit, ObjectInherit”, “None”, “Deny”)

$Acl.AddAccessRule($Ar)

Set-Acl $Path $Acl

This code will add SYSTEM as a DENY permission to the c:\windows\system32\spool\drivers folder and subfolders.

Stay safe!

Cyber Crime / Identify Theft / E-mail Hacking

Identify theft is on the rise, and the most modern way of doing this is via your e-mail account. What used to be a simple but efficient tool for you to send messages is now the hub of your life especially when it comes to your personal information. What happens if you forget your bank account password? A reset e-mail gets sent to your inbox for verification. What happes when you forget your Amazon password? A reset e-mail gets sent to your inbox for verification. So what if someone had access to your inbox and could also request these password resets on your behalf? And then delete any trace of them doing so? The results are scary to think about.

In the business world, many companies have been a target of e-mail phishing scams which entice a user to a fake website where they enter their Office 365 username and password. At this point, the hackers have full access to your e-mail account, your life and potentially your whole business. More recently sophisticated scammers have been taking this a step further. They have waited and analysed your e-mail traffic to find out all the details of how your business runs, in particular, who is the Managing Director and who is the Finance Director. They then carefully wait until the Managing Director is away on holiday and send an e-mail pretending to be him directly to the Fianance Director asking for an immediate transfer of money to a particular bank account. Unfortunately, many businesses have fallen for this scam.

How can you protect yourself and your business from this kind of attack?

Imagine you locked your house door but that other people had access to your key. It would be easy for them to break in and take your belongings. If you had MFA (Multi-Factor Authentication) or 2FA (2-Factor Authentication) on your house, it would be like someone trying to open your front door with a key but in order to turn the handle a text message gets sent to your mobile phone or secure app on your phone asking permission first. This extra layer of security is vital in protecting your valuable data.

Office 365 allows you to configure MFA or 2FA on your e-mail accounts. Once activated, you will be prompted to setup the second layer of authentication either by receving a text message, phone call or via a secure app.

If you have been the target of one of the scams or would like assistance in setting up MFA / 2FA on your Office 365 accounts, please contact us on 01522 282120 or via info@lincolnitsolutions.co.uk

Latest Ransomware/Cryptolocker Virus Attacks

You may have heard about the ever increasing Ransomware/Cryptolocker virus attacks that have been causing damage to individuals and businesses.  Once the virus is on your machine, it will encrypt all of your files (including any network drive files) and then demand a ransom to retrieve your files back.  In most cases, even if the ransom is paid you will still not get your files back.  The only way to retrieve them is to rely on your backup system.

There are two main methods that this virus can infect your machine/network.

1. Spam e-mail with an infected attachment or hyperlink

2. Browsing an infected website

We would urge all of our clients to use extra caution when receiving e-mails with attachments or links, even if they appear to come from a legitimate source or from someone you know.  If you’re not expecting an e-mail attachment, please do not open it!  If you’re unsure, then contact the person who sent you the attachment first before opening it, just to be on the safe side.  A lot of these e-mails pretend to come from legitimate companies such as HMRC.

Make sure that your anti-virus program is up-to-date.  But please be aware that no anti-virus program can offer you 100% protection against these types of attacks.  This is why extra vigilance is required.

We hope that this problem never affects you or your business but if it does, don’t hesitate to contact us.

We’re Expanding! – Nottinghamshire

We are currently expanding our on-site service area to cover not just Lincolnshire, but also Nottinghamshire and the surrounding areas, Newark, Mansfield, Grantham and Sleaford.

If you are based in one of those areas, please contact us to see how Lincoln IT Solutions can help your business.

www.lincolnitsolutions.co.uk | 01522 282120