Tag: Security

Are you able to spot phishing emails?

Phishing is an attack concept where an attacker usually contacts a victim pretending to be from a trustworthy source to get information that they shouldn’t have gotten if they used their real identity.
When an attacker targets specific individuals or groups within an organization the phishing method is called spear phishing. According to Symantec ISTR report volume 23 from 2018, the majority of organized security breaches used spear phishing as the infection vector.

One of the reasons why these attacks are so effective and commonly used is because the attack is built to exploit people’s feelings. It will also require less effort to write a mail and pretend to be from a supplier and trick a victim into clicking on a link or open an attachment instead of putting in the time and effort to find a way through a firewall or other security solution. Usually malware is being spread with these emails in form of malicious links or malicious attachment. When the user clicks on the link or opens the attachment the malicious code will be executed in the victim’s system.

This has been a common problem for years now and many users are aware that you shouldn’t open files from unknown sources but are you equally careful when clicking on links? If you find the description interesting, you will most likely just click on the link without actually reading the domain name before and that is another weakness an attacker can exploit.

Example on link-manipulation
Let’s say that you work for the company xyz and that your website is ‘xyz.com’. An attacker could then create a malicious website with a similar name, for example ‘secure-xyz.com’ or use a legit domain but with a redirect to a malicious site.

  • http://www.secure-xyz.com
  • http://www.xyz.com/amp/http://www.badsite.com

They could also encode the URL to make it harder to read or shorten it

  • http://www.xyz.com%2Fexit.asp%3FURL%3Dhttp%3A%2F%2Fwww.badsite.com
  • https://bit.ly/2TZB50k

Generally, you should keep attention to links that you think look weird and if you are not sure where the link leads to you shouldn’t visit it. It is better to be safe than sorry and today there are great tools available online where you can scan for malicious content and one of them is

To use it you just enter a URL and press enter. Multiple anti malware-engines will then scan the URL.

And for this test we can see that no engines detected our URL ‘https://www.xenit.se’ as malicious.

This and similar tools are great but the best way to reduce the risk of becoming a victim to this kind of attacks is to arrange awareness training for all employees regularly. Below you will find a link to a quiz where you will put your ability to identify phishing emails to test. You will inspect some emails and then you have to decide if you think it is malicious or not and afterwards you will get a good explanation on why or why not it is malicious.

Link to quiz:
https://phishingquiz.withgoogle.com/

Were you able to identify all phishing mails? Please leave a comment with your result or if you want to discuss phishing further.

 



Mapped network printers unavailable due to SMB1 being obsolete

INTRODUCTION

As we all might be familiar with, printers are one of those little peculiar matters within IT. Implementing these in an IT-environment is self-explanatory oftentimes, but when they do not cooperate the issue itself can stem from one single obscure root cause, if not a string of these having to be checked upon.

Recently, I encountered a particular printer issue which I found interesting enough to share. The root cause here, in summary, was due to the network protocol SMB1 (Server Message Block) being obsolete in recent Windows releases.



Windows Server 2019 Preview is now available

It’s finally here – the preview of Windows Server 2019!

Windows has release the first preview of the completely new Windows Server 2019. In this article I will summarize the main news and tell you a little about them. The final version of Windows Server 2019 are planned to be released in the second half of the calendar year 2018.

 

Hybrid cloud scenarios

  • Windows Server 2019 will come with the previously announced Project Honolulu (which is a modern server management interface). This will help you to more easily integrate Azure services (like Azure Backup, Azure File Sync disaster recovery) so you can use these services in a more convenient way.

Security

  • Shielded VMs was first introduced in Windows Server 2016 and was only available for Windows Server. In Windows Server 2019, support are added for Shielded VMs for Linux. VMConnect will be improved for troubleshooting of Shielded VMs for both Windows Server and Linux. Another new feature is called Encrypted Networks which will let admins encrypt network segments to protect the network layer between servers. Microsoft is also embedding Windows Defender Advanced Threat Protection (ATP) feature in the operating system which provides preventative protection, detects attacks and zero-day exploits.

Application Platform

  • Microsofts Goal is to reduce the Server Core base container image to a third if its current size of 5 GB. That will reduce the download time for an image by up to 72 % which will be a significant performance boost. Also, in Windows Server 2019 the choices available when it comes to orchestrating Windows Server container deployments are event better. Another new feature is the ability to run Linux containers side-by-side with Windows containers on a Windows Server.

Hyper-converged infrastructure (HCI)

  • Windows Server 2019 are adding adding scale, performance and reliability to HCI environments. With Project Honolulu (mentioned above) you will have the ability to manage HCI deployments which are a great new feature. This will help you simplify the management and day-to-day activities on HCI environments.

 

Read more about the preview here.

(if you want to compare this release with the previous release of Windows Server 2016, read this article)