Continued widespread dictionary / brute force attacks

CTC NEWS, Industry News
Over the past two weeks, we have seen a significant spike in the number of brute force attacks against SSL VPN endpoints and VPN web portals. Initially, the traffic was coming from several hundred IP Addresses but we were pretty quickly able to distill it down to about 47 netblocks from two geographic areas (Russian Federation and China). All of the login attempts were failing and in the initial set of login attempts the usernames were varied and included admin, administrator, vpnuser, sslvpn, backup, user, sales and others. This most recent set of attempts though were for admin and administrator and, after distilling the data down we saw a new pattern emerge. A very small number of the attempts are now coming from domestic IP Addresses and, specifically, some of…
Read More

Widespread brute force / dictionary attacks overnight

Industry News, Tech news
We received notifications from literally every Internet facing firewall that we have deployed as well as a number of honeypot devices for failed login attempts from an IP Address 45.134.144.200. This IP Address is in the same network (45.134.144.0/24) that we've seen similar traffic from in the past and we have no indication of any legitimate traffic to or from that network in the past 12 months. If you manage one or more networks with Internet connectivity, it may be worth looking into this network range to see if there has been any traffic (or successful logins). For our MyIT clients, we had already blocked a few specific IP Addresses based on similar traffic in the past but are now updating all of our managed firewalls to block the entire…
Read More

July 2022 News & Updates

CTC NEWS, Industry News, Monthly Newsletters, Tech news
Accepting Applications - We are considering adding a new member to the team and are accepting applications for a Tier 2 Support Position. If you know someone that's got a passion for good customer service, a solid technical pedigree and is looking to work with some of the greatest customers on the planet, definitely send them to our online application here.Macros Now Default Enabled - Microsoft reverses course on it's decision to turn off macros by default on untrusted documents. Not a lot of details on why other than "because some people said so" but network admins, systems admins and security admins are left scratching their heads on this one.More Zero Day Vulnerabilities - Microsoft is patching multiple privilege escalation vulnerabilities across it's fleet that, combined with something like a…
Read More

June 2022 News & Updates

CTC NEWS, Industry News, Monthly Newsletters, Tech news
Multiple Zero Day Vulnerabilities - Additional details below in the Microsoft Section but there were technically three critical vulnerabilities this month, one in NFS, one in Hyper-V and one in the Microsoft Diagnostic Tool. Microsoft is (finally) retiring Internet Explorer (IE) - A side impact of this is that Intuit Quickbooks, which has long used (required) the Internet Explorer web browser, now has it's own custom browser. Windows 11 is Here - Microsoft is wasting no time getting it's new flagship desktop operating system Windows 11 rolled out to (often) unsuspecting Windows 10 users. If you find yourself the recipient of an unexpected / involuntary upgrade to Windows 11, How-To Geek has put together an excellent article on downgrading back to Windows 10.The MyIT Program is proving to be a…
Read More

April 2022 News and Updates

CTC NEWS, Industry News, Monthly Newsletters, Tech news
Windows 11 is Here - Microsoft is wasting no time getting it's new flagship desktop operating system Windows 11 rolled out to (often) unsuspecting Windows 10 users. If you find yourself the recipient of an unexpected / involuntary upgrade to Windows 11, How-To Geek has put together an excellent article on downgrading back to Windows 10.Firewall as a Service - We are currently exploring an option to offer what we are calling a "Firewall as a Service" for commercial clients. This would effectively be a way to "rent" a managed firewall for a fixed monthly cost. There would be a nominal install cost as well as a monthly recurring cost to manage the firewall but no term agreement and the customer would not have to purchase the firewall. If you…
Read More

March 2022 News & Updates

CTC NEWS, Industry News, Monthly Newsletters, Tech news
Now Hiring - We are currently looking to hire a Senior Support Specialist to join our team. This is a full time, permanent position and hours are generally Monday through Friday, 8:00am until 5:00pm ET. If you or someone you know would be a good fit for the position, there's an online application available here.Spike in network based attacks - I reported in late February (here) that we were seeing a spike in attack traffic from IP Addresses registered to Russian and Chinese organizations. We were seeing those attacks across multiple ISPs (Comcast, Charter, AT&T, etc.) and nationwide. The initial attacks seemed focused on brute force attacks against VPN portals. The volume of the attacks has slowed significantly and the targets seem to have widened (we're still seeing brute force…
Read More

Sharp rise in traffic to / from Russian and Chinese IP Addresses

CTC NEWS, Industry News, Tech news
One of the services that's included in all of our MyIT plans is a weekly review of the clients firewall logs. This tends to be a win / win for us and the customer because it gives the customer an additional layer of security for their environment and it gives us a very broad view of the threat landscape across a large geographic area and 20+ verticals ranging from construction to manufacturing to finance and entertainment. In most cases, there's a "low rumble" of generic threat traffic across the fleet and maybe a few stand-outs here and there. This week though, we have seen a significant spike in traffic from and to IP Addresses in Russia and China. Much of it has been from appliances like NVR / DVR devices,…
Read More

February 2022 News & Updates

CTC NEWS, Industry News, Monthly Newsletters, Tech news
Firewall as a Service - We are currently exploring an option to offer what we are calling a "Firewall as a Service" for commercial clients. This would effectively be a way to "rent" a managed firewall for a fixed monthly cost. There would be a nominal install cost as well as a monthly recurring cost to manage the firewall but no term agreement and the customer would not have to purchase the firewall. If you are interested in the Firewall as a Service program and / or would like information, let us know.Windows 11 is Here - Microsoft is wasting no time getting it's new flagship desktop operating system Windows 11 rolled out to (often) unsuspecting Windows 10 users. If you find yourself the recipient of an unexpected / involuntary…
Read More

AppRiver outage impacting email for some customers

Industry News, Tech news
We just received an email from AppRiver notifying us of an issue at one of the AppRiver Datacenters impacting email for some customers. I've posted a link to the status page from AppRiver below and we'll post any additional updates that we get that may not be on the status page on this post. 1234ET - At this time, it looks like mail flow has resumed and should be good to go. https://status.appriver.com/incidents/h7p8dq7gqx77
Read More

January 2022 News & Updates

CTC NEWS, Industry News, Monthly Newsletters, Tech news
Windows 11 is Here - Microsoft is wasting no time getting it's new flagship desktop operating system Windows 11 rolled out to (often) unsuspecting Windows 10 users. If you find yourself the recipient of an unexpected / involuntary upgrade to Windows 11, How-To Geek has put together an excellent article on downgrading back to Windows 10.The MyIT Program is proving to be a huge win for clients who are signing up for or renewing their Ransomware / Cyber Insurance plans. The MyIT Program is designed to address those important (but, sometimes, not as urgent) issues that seem to go undone until there's a problem (like testing your backup before a ransomware attack). In many cases, the regular maintenance items addressed by the MyIT Silver program address all of these (and…
Read More