PC Pitstop sends out a monthly newsletter to update visitors about PC trends and what’s going on at the site. Each issue contains helpful computer tips. To subscribe, complete this form and you will receive a confirmation email. In the email body please click on the link Confirm Your Subscription to complete the process. You can rest assure we will never share your email address with others, see our privacy policy.

To get the most out of the site we strongly suggest creating an account with us. Be sure to check the box to indicate you want to get the newsletter. Below you’ll find an archive of the newsletters we’ve sent out in the past.

    Missouri Regional Medical Facility Diverts Patients Elsewhere, Post Ransomware Attack

    Missouri's Cass Regional Medical Facility Falls Victim to Cyber Attack

    Cass Regional Medical Center, located in Kansas City, Missouri was infected with ransomware on July 9, 2018.  Health IT Security reported the organization responded with their emergency response efforts within 30 minutes of suspected infiltration.  The facility's IT department is continuing work to restore the networks.  At this time, Cass Regional is sending trauma and stroke patients elsewhere to receive medical care.  Other medical needs can still be met at Cass Regional Medical Center. The undisclosed ransomware variant has impacted the organization's internal communications systems, as well as the electronic medical records.  Although, at this time, there is no evidence personal information was breached from the medical center's records. Cass Regional Medical Center CEO Chris Lang states,
    “Our primary focus continues to be on our patients, and meeting our mission to provide health care services to our community.  We are deploying every resource available to us to resolve this situation quickly so we can resume normal operations.”

    Other Ransomware Attacks

    For a list of ransomware attacks that have already taken place in 2018, you may click here. We have also created a map, see below, of the ransomware attacks that have taken place in the U.S.

    Major Breach Impacts 340 Million American Customers and Businesses

    Breach Releases Personal Details for Millions of U.S. Citizens and Businesses

    Have you ever heard of Exactis?  According to their website, the company states, "Exactis is a leading compiler and aggregator of premium business and consumer data".  They go on to tout "With over 3.5 billion records (updated monthly), our universal data warehouse is one of the largest and most respected in the digital and direct marketing industry".  That is a ton of data.  One would assume they have some serious security in place to keep that information safe.  But, we all know how bad it is to assume... According to a researcher, Vinny Troia, that was certainly not the case.  While researching the lack of security of ElasticSearch, another database, he found Exactis was actually leaving business and consumer personal data available to online users, without any form of firewall.   The 340 million exposed records included business and consumer names, email addresses, physical addresses, personal likes and dislikes, names of any children, as well as their ages, and more.  Although, it is important to note, social security numbers were not listed.  Even without having socials posted, if this information was obtained by hackers, they could certainly create false profiles or targeted social engineering attacks. After being notified of the breach, Exactis worked to resolve the security gap.  As of today, the information is no longer available for public viewing.  Although, that does not mean damage hasn't already been done.  It remains unclear if the information was found by a malicious third-party.  However, Troia states it would not have been difficult to find.

    Next Steps

    From a consumer perspective, it is important to do the following:
    • Keep an eye out for sketchy emails or messaging in social media platforms.  Businesses have begun advertising more in messaging on social media sites -- which means hackers will be replicating this.  Keep an eye out for anything that is too good to be true, and if you're ever in question -- DO NOT CLICK!
    • Although identity theft is unlikely with this information, it is still important to monitor your credit card and bank statements.  If you find anything questionable, notify your banking institution immediately.
    • If you haven't done so already, you are encouraged to invest in an identity theft protection plan.  Often times these are incredibly affordable, and offer family protection.  Meaning, you can ensure your information remains secure, as well as your family members.

    Have a Digital Wallet? Better Check Your Address!!

    July 03, 2018 by Kayla Elliott in Newsletter,tips

    New Malware Variant Alters Digital Wallet Addresses

    It seems like, since the Bitcoin boom, there has been a higher growth of digital wallets or the wallets where crypto-currency is stored.  Now, with the spike in mining crypto-currency, digital wallets need to be increasingly secure.  Unfortunately, they are not very user-friendly.  Often times, in order to use them, users need to input their digital wallet address, which consists of a crazy long sequence of numbers and letters.  Something no one will ever remember and is a pain to input.  Therefore, users have opted to copy and paste their address into these wallets.  Sounds fine and dandy, until a hacker learns this and exploits it.  Which is exactly what happened.  According to Bitcoinist, a new malicious variant has been released that targets the digital wallet data stored on the operating system's clipboard and replaces the recipient's digital wallet address with that of the hacker. This method of malware has been incredibly effective for a few reasons.  First, those infected usually do not know until it is too late.  Also, since the wallet address is a long series of meaningless numbers and letters, most people don't know them.  Meaning, if they've been changed -- they likely wouldn't know.  To date, sources have confirmed malware of this sort has been monitoring over 2.3 million digital wallet addresses.

    So, how do you stay protected?

    First, it is important you double check the addresses within your digital wallet, to confirm they are indeed correct.  Second, keep all of your third-party applications and operating systems updated.  Lastly - if you are using PC Matic, you will not need to worry about this form of malware.  It initiates using a DLL file, but in order to execute, it runs the following executable rundll32.exe.  Since this is not a known-trusted program, it will be blocked.  Meaning, your digital wallet remains secure.

    New Hampshire City Spends $156k to Restore Computers

    July 03, 2018 by Kayla Elliott in Newsletter

    Portsmouth New Hampshire Recovers From Malware Infection, For the Small Price of $156,000

    After a nasty virus infection, beginning in March of 2018, the city of Portsmouth, New Hampshire is beginning to recover.  The virus determined to be an Emotet Trojan horse began sending out fraudulent emails stamped with the addresses of city officials and other legitimate accounts in an attempt to solicit money. At this time, the exact method of malicious execution has not been released.  However, the Emotet virus is getting more and more sophisticated.  The most popular method has been to insert malicious resources and URL links in emails.  These are often disguised as PDF attachments or invoices, from a "trusted" sender.  This means the hackers are portraying themselves as trusted senders, in hopes it will increase the likelihood of the user clicking on their malicious link. Almost four months after the infection took place, the city reported systems are running as they should.  Although, this came with a hefty bill.  Deputy City Manager for the Portsmouth filed an insurance claim because of how much damage the virus did to city systems, $156,000 to be exact.

    Preventing Future Attacks

    According to Appauls, in an effort to be proactive, city officials are monitoring the network to prevent other forms of malware from spreading.  But is that it?  We sure hope not. To effectively thwart these kinds of malware attacks, it is important for businesses, even home users, do the following:
    • Update, update, update.  Keep all of your third-party applications and operating systems updated.  Yes, it takes time.  Yes, it may be inconvenient.  But, these updates patch known vulnerabilities in the programs.  If you fail to update, you're failing to patch security holes hackers are aware of.
    • Implement application whitelisting.  We've said it before, and we will say it again -- whitelisting is the best malware prevention tool available.  A whitelist approach will only allow known-trusted programs to execute.  Therefore, even if someone clicks on the malicious link in the email, the malicious executable cannot execute, while using a whitelist solution.
    • Disable Macros.  Often times malicious executables hidden in documents require Macros to be enabled.  By disabling this feature, these forms of malware cannot execute.
    • Review Admin rights. When an endpoint gets infected with malware, and the user has admin rights, it can spread throughout the network in the blink of an eye.  Determining who has admin rights, and why will help determine if they need to keep those credentials.  If they don't need them, it would be best practice to remove these rights to mitigate the threat of malware spreading.
    • Cyber security training. If users do not know what to look out for, they'll click on anything.  Teaching them about current cyber security threats, what they look like, their attack methods and potential damage caused by them will help users understand not only the magnitude of the problem but also identify red flags to be on the lookout for.

    IRS Takes Major Hit in Cyber Security Audit

    Rushed Remediation Leads to Major Issues for IRS

    In 2015 the IRS experienced a major security breach, potentially impacting 350,000 taxpayers.  The breach was a direct correlation to the lack of controls the Internal Revenue Service (IRS) had in place for taxpayers to use its "Get Transcripts" option.  This option allowed taxpayers to obtain their previous years' tax documentation; however, due to the lack of authentication needed, hackers were able to get taxpayer data rather effortlessly. Once this vulnerability was brought to the attention of the IRS, they disabled the "Get Transcripts" feature.  Authorities also moved the "Get Transcripts" logs, including taxpayers’ personal information, to the agency’s Cybersecurity Data Warehouse (CSDW).  The issue with this move lies in a few different areas.  First, the proper authority official was never notified of the move, according to Nextgov.  Which creates, more issues, considering the CSDW was not designed for the protection of personally identifiable information.  Therefore, for the last three years, the 350,000 taxpayers who were originally impacted by this security breach, may have continued to be vulnerable.  Tough pill to swallow if you're one of those impacted. So who's fault is it?  Sounds pretty self-explanatory -- the IRS employees.  Hasty decisions were made, and someone should be held accountable for those decisions.  But, that is not how the IRS sees it.

    Agree to Disagree?

    The aftermath of the breach, could have been handled far better.  Instead of rushing to remediate the problem, which led to an unauthorized party moving thousands of log files to a data warehouse that lacked proper protection to keep these files, proper controls should be established.  The audit of the CSDW left the IRS with four recommendations from the audit team.  According to the audit report, those recommendations include:
    1. Ensure that employees are held accountable for not following established change management policies and procedures and completing requirements as quickly as practicable, thus putting PII at risk of exposure to unauthorized access.
    2. Ensure that all CSDW security documentation, including but not limited to the risk assessment and system security plans, are updated and completed as required by Federal and agency policies and procedures.
    3. The Chief Information Officer should ensure that automated controls and processes to capture and monitor the activities of all IRS personnel with access to transactional audit logs containing taxpayer data in the CSDW are implemented.
    4. The Chief Information Officer should ensure that a complete and accurate inventory of systems that transfer transactional audit logs containing taxpayer data to the CSDW is maintained.
    All of which seem legitimate.  However, the IRS only fully agreed with two of these recommendations.  Check out the IRS management responses in the full audit report, here.

    Computer Froze Mid-Update? Here's How To Fix It

    June 26, 2018 by Kayla Elliott in Newsletter,tips

    Stop Everything You're Doing -- Windows is Updating...

    Is it just me, or does Windows update at the most inopportune times?!  It seems like that is the exact moment I need to use my PC, shut down the device, or I'm in a hurry to get the day going.  But then I get thrown into a "wait on Windows update" loop. As annoying as the timing may be, these updates are important for the device.  Therefore, as the user, we are stuck waiting for the process to wrap up.  Although, there may be times that we cannot do this.  For instance, business travelers cannot exactly leave their computers on to update while flying, and there are certainly times these updates end up freezing the device.  What do you do then? While the update screen is showing, users do not have access to power down their computer.  The only way to kill the power to the device is to do a hard-shutdown.  This means, manually holding down the power button for a few seconds until the machine shuts down. But wait, the update often will specifically state "Do not shut down the device".  Yes, yes it does.  However, if the device needs to be powered off for safety reasons, or because it is frozen, you don't have any other option. So, you've shut down the computer, mid-update.  Now what?  According to testing completed by How To Geek, what you see next will depend on how far the update got.  If the update did not yet begin, the user will be able to log back into their computer and will get a notification that the update was not completed.  Now, if the update started, any updates made prior to the shutdown will be reversed to the previous version.  The user will then be able to log in and will be notified the update was unable to complete. During the testing completed by How To Geek, there were no negative effects of doing a hard-shutdown mid-update.  Although, that is not to say all devices will react the same.  If the update is not frozen, and the user can wait out the update, they most certainly should.  However, if the device freezes mid-update, a hard-shutdown is the only option.  Users are encouraged to maintain timely backups of the files on their computers to avoid any irreversible damage.

    The Deep Dive Into Application Whitelisting

    Application Whitelisting - What is it?

    Before we dive too deep into the concept of whitelisting, readers must understand what application whitelisting is.  In addition, understand how it differs from alternative cyber security methods.  First, application whitelisting is a proactive approach to cyber security.  A security solution that employs application whitelisting will only allow known trusted programs to run.  The alternative, blacklisting, allows all unknown files to run unless they've already been proven to be malicious.  The issue with the blacklist is, malware variants are morphing by the minute, making them "unknown" files.  These unknown files will execute on any device employing a blacklist as its primary method of malware detection.  Meanwhile, any device using a whitelisting agent will block these files from running, until proven safe.

    A Deeper Dive

    The whitelist offers increased security for all data on devices utilizing this proactive methodology.  Meaning, malware attacks, including ransomware, are far less likely to successfully execute.  Leading industry analysts from Gartner and Forrester have agreed, application whitelisting is the best way to mitigate today's cyber security threats.  Although, there are a few downfalls. Mario DeBoer, an analyst at Gartner, recently told me he does not encourage anyone to change their security solution unless they state they want something different.  When asked why he simply said, it is too much work.  Needless to say, this caught me off guard.  Too much work?  Maintaining a less than effective security infrastructure because enhancing it would be "too much work" is not only laughable but does the company a major disservice.  To be clear, uninstalling an existing solution and deploying a new one could be time-consuming for the IT staff.  However, finding a security solution that offers assistance with the installation and deployment process would help mitigate not only the cost associated with switching but the time invested by the company's staff to make the change. There is also the risk of "false positives".  A false positive is when the whitelist blocks an unknown file or program from running when it is not malicious.  The number of false positives a user experiences varies based on the whitelist used by their security vendor, and the type of programs and files they're running on their devices.  The concept of false positives has been a barrier for larger businesses and school districts to integrate a whitelist approach.  Due to the number of files and programs running on a daily basis, the management of false positives is perceived to outweigh the benefits of increased security.

    But does it really?

    Many application whitelisting programs allow the users to locally whitelist a program or file, almost immediately.  Jon Amato, an analyst for Gartner stated the ideal turnaround time for a false positive should be less than 15 minutes.  This is certainly attainable.  So, the question remains, does the minor and infrequent inconvenience of false positives outweigh the benefits of increased security measures? Consider the alternative.  The unknown file is allowed to execute and leads to the encryption of systems and files.  This leaves the organization inoperable, or at a minimum -- going back to pen and paper mode.  The cost of downtime, remediation overtime pay, third-party investigators to assess damages, reputation damage, loss of productivity, and inability to conduct day to day operations could be detrimental. So again, the question remains, does the minor and infrequent inconvenience of false positives outweigh the benefits of increased security measures?  You tell me.

    The Water Can't Get Any Hotter for Kaspersky...

    European Union (EU) Votes to Ban Kaspersky Labs Products

    On May 25, 2018, European Parliment released the Report on Cyber Defense.  In this report, specifically item #76 (see excerpt below), it specifically states Kaspersky Labs has been confirmed as malicious.
    76.  Calls on the EU to perform a comprehensive review of software, IT and communications equipment and infrastructure used in the institutions in order to exclude potentially dangerous programmes and devices, and to ban the ones that have been confirmed as malicious, such as Kaspersky Lab;
    As a result, the EU has voted to ban Kaspersky Labs products.  This ban led to an abrupt halt in the relationship between the security company and Europol, an EU law enforcement agency.  In retaliation, the security vendor is no longer working with Europol's No More Ransomware campaign. Company CEO, Eugene Kaspersky is blaming the media for the spreading of untrue statements.  To be fair, no one has released any evidence confirming the malicious nature of Kaspersky Labs.  However, one would certainly think there is some sort of confirmation prior to three different countries banning the security software vendor.

    Is Kaspersky Crumbling?  Here’s the Timeline

    • May, 2017 – Marco Rubio asks Senate Intelligence Committee if they would be willing to use Kaspersky on their devices — overwhelming consensus was “No”.
    • July, 2017 – Legislation worked towards banning Kaspersky products on military devices
    • July, 2017 – Russians Communication Minister made threats against American software and hardware companies, if legislation banning Kaspersky were to pass
    • August, 2017 – U.S. Government urges the private sector to remove Kaspersky Labs products
    • August, 2017 – U.S. Government confirms ties between Kaspersky Labs and Russian Intelligence
    • September, 2017 – U.S. major electronics retailers, including Best Buy and Office Depot, drop Kaspersky products from their shelves
    • September, 2017 – West Virginia University drops Kaspersky as their security provider
    • September, 2017 – U.S. government ordered federal agencies to remove Kaspersky products on all devices
    • October, 2017 – Allegations were reported the Kremlin used Kaspersky security products to obtain confidential NSA data
    • October, 2017 – Reports claim Israel warned the U.S. of Kaspersky after hacking its network
    • December, 2017 – Kaspersky files a lawsuit against the U.S. regarding the congressional ban of Kaspersky products.
    • March, 2018 – Department of Justice moves to dismiss the Kaspersky lawsuit
    • April, 2018 – Twitter bans Kaspersky ads from its social media platform
    • April, 2018 – U.S. considers sanctioning Kaspersky products
    • May, 2018 – Dutch Government ceases use of Kaspersky Labs products to avoid digital espionage
    • May, 2018 – Kaspersky announced it would be moving key business features out of Russia, relocating to Switzerland
    • May, 2018 – Judge dismisses Kaspersky’s filings to overturn U.S. ban
    • June, 2018 - EU votes to ban Kaspersky products from Europol

    82 total views, 1 views today

    (Visited 4 times, 1 visits today)

    About The Pit Crew

    PC Pitstop's Pit Crew is committed to providing you with the information you need to keep your PC safe and running like new.

Leave a Reply

Your email address will not be published. Required fields are marked *