Press Releases

Sinu Blog: Playing with Sand

  • Thursday

    Protecting yourself from GhostShell and other cyberattacks  

    An infamous hacker group,Team GhostShell, has made a recent comeback, claiming it successfully hacked over 300 websites in 24 hours and has posted over 13,000 users' personal details online. 

    Team GhostShell is using its Twitter feed to link to lists that include a number of database information dumps, including database and server details from a variety of victims sites, ranging from educational institutions in Australia to Korean music services. Some of the files appear to have leaked sensitive information including names, email addresses, physical addresses, Skype names, phone numbers, and dates of birth.

    GhostShell was mainly active in 2012, claiming responsibility for a series of high profile strikes on the world’s top 100 universities that year. The attacks saw the GhostShell group post 120,000 students' information online. In December of that same year, the group dumped 1.6 million accounts and records from numerous US government departments including ESA, NASA, Pentagon, Federal Reserve, and the FBI.

    Business Insider reports that if the current GhostShell group’s claims are true, the end number of victims will likely range in the millions according to estimates by Symantec researchers.

    Symantec also reports that while some of the data dumps appear to show passwords which are salted and hashed (a code used to disguise the password), others are stored in plain text. And yes, the much-mocked, but still apparently oft-used password "123456" can be found on this list!

    While it will take time to know the full impact of the GhostShell hack, there are several best practices provided by Symantec that can be implemented immediately to help protect from GhostShell and other cyber-attacks:

    • Always use strong passwords and never reuse them across other websites. That way, if one of your passwords does get breached, at least you won’t have to worry about other accounts being accessed with the same password. (See Sinu blog, How Secure is your Password, for more info.) 
    • Enable two-factor authentication on websites that provide it. (See Sinu blog, Two-factor authentication 'no longer optional' for more info.) 
    • Keep systems patched and up-to-date. (Sinu already does this as part of our all-inclusive subscription service.)

    To help determine the risk of attacks such as from GhostShell to your own website, ask the company who is hosting your website if they are aware of these recent cyberattacks and how vulnerable they are to such breaches. Ask them what steps they have taken to address their exposure. If you don't get clear answers and/or they do not take responsibility, your website may be vulnerable.

    Contact Sinu for more information about how you can reduce your risk and keep your organization's data safe from cyberattacks.


    Understanding DNS to Keep Your Data Safe

    There's been an increased focus on the importance of DNS security in the media recently: The Federal Reserve Bank of St. Louis was breached using a vulnerability in DNS last month, and a few years ago, several media companies, including the New York Times and Washington Post, went offline because of similar types of attacks.

    So what is DNS and why is it important to small business?

    DNS stands for "Domain Name System" and it is a mechanism to make the Internet a more human-friendly place. The Domain Name System was originally invented to support the growth of email communications on the ARPANET (developed under the U.S. Advanced Research Projects Agency–ARPA).

    The ARPANET launched on August 30, 1969, at UCLA, as the first wide area network. A network connection was added to the Stanford Research Institute later that year. By the end of 1972 there were 24 sites on the ARPANET, including the Department of Defense, the National Science Foundation, NASA, and the Federal Reserve Board.

    In 1983, a military-only network called MILNET split off from the ARPANET; this military network later become part of the Department of Defense’s Defense Data Network. The National Science Foundation managed the non-military network that evolved into the public Internet we know today.

    DNS is a system that ties alphabetical names to the numerical IP addresses that allow computers to “talk” to other. Alphabetic host names were introduced on the ARPANET shortly after its creation to make it more user-friendly because alphabetic names are much easier for people to remember than numeric addresses.

    A key element of the DNS standard is a worldwide collection of DNS servers designed to be distributed and non-centralized in order to support a free and open source Internet. With no central location for all DNS servers, communications can continue even if a server was disrupted by an attack. Similarly, no one single company or government could shut of the Internet. It is a democratized system that has survived over 30 years, in spite of the incredible technological advances that have taken place during that time.

    When you enter a domain name (e.g., your computer will find your nearest DNS server and ask it what the correct IP address is for that name. DNS will return the IP address and your computer can then communicate with the relevant machine.

    A domain name registrar, like GoDaddy, is the service that assigns these names with IP addresses for the end user, such as when you get a URL for a website. The DNS server serving your domain – known as the authoritative name server, holds the requisite IP address information.



    Many cyber attacks involving DNS knock the authoritative name server out of action and disrupt the ability to resolve the IP address. An inability to resolve an IP address will cause Internet software to fail and the affected domain is rendered inaccessible, including the capability to send and receive emails. This is why Internet service providers and hosting companies routinely deploy multiple DNS servers.

    Historically, DNS hacks like the ones involving the St. Louis Fed and New York Times have been committed by sophisticated cybercriminals with large resources. While they do not typically target small businesses, there are precautions that can be taken to help avoid the risk of these types of attacks.

    It is important for business owners to know who maintains the authoritative DNS server for their company’s domain. Many domain name resellers will host the DNS as a value-added service at no additional charge, as do practically all web hosts when you sign up with them. Often, businesses count on their web developers to handle this detail, but business owners should own their domain outright and have all the credentials. Businesses may want to consider paying for DNS services from companies that offer added security and protection. Verisign or OpenDNS, for example, provide detection and filtering software to prevent against harmful content and malware.




    Preparing your business for Windows 10

    Microsoft is preparing to launch the Windows 10 operating system for PCs in July, with phones to receive the upgrade later this year. Here’s what you can expect from Windows 10 and how to prepare for the upgrade.

    Photo from 10 will be the most aggressive release of Windows for Microsoft, and the first major release under Microsoft’s new CEO, Satya Nadella, as Microsoft continues efforts to retire Windows 7 (which is nearly 10 years old), and after the lukewarm reception for Windows 8 three years ago.

    The company has kept most details of the release quiet. Windows 10 pricing information hasn’t been officially published, however, it is reported that at least the first year will be free for upgrading from Windows 7 and 8, and it will be free for Office 365 subscribers.

    A few features of Windows 10: 

    • Microsoft will offer one-click upgrades to everyone who is running older versions of Windows, promising to be the easiest upgrade of any version of Windows
    • Anything that is ‘certified’ to run on Windows 7 will run on Windows 10
    • Windows 10 is the leanest Windows ever released and technically it is faster than Windows 8 and much faster than Windows 7
    • Microsoft will have a unified store for phones and desktop to buy a single ‘app’ that runs on both platforms, beating Apple on this front

    So what can your business do to prepare for Windows 10? 

    1. Review your hardware replacement plan

    Sinu recommends that a 36-month roadmap be in place for office machine replacements and that this be the center of any discussion around plans to upgrade to Windows 10. If Windows 10 is more quickly adopted than anticipated, then this plan would be accelerated. 

    We caution our customers that there are costs and risks to upgrading to Windows 10 on old equipment and, more importantly, any equipment that is out of warranty brings risk to your business and should be a priority in your hardware replacement plan.

    Sinu can assist with creating a replacement plan using Business Intelligence reporting available to all its customers through the Sinu portal. For instance, the “My Computer Replacement Plan” report parses your hardware inventory and looks at the warranty expiration date, ship date, Operating System version and memory to make a recommendation about the machine: Retain, Replace or Update. (See Sinu blog on replacement plans.)

    2. Know your business solutions and whether they are ready for Windows 10

    You should have an inventory of all the business solutions your company relies on. When considering upgrading to Windows 10, review your hardware replacement plan along with each business solution to make sure it will run on Windows 10 without issue. This often means contacting each vendor to ask how your version of that business solution will work with Windows 10, and you may be encouraged by these vendors to upgrade to their newest version for maximum security and performance. Reviewing each business solution for Windows 10 compatibility is needed before a plan to Windows 10 can be put together. Sinu can help with all these steps, and strongly encourages you to let us assist you with any hardware or software upgrades.

    3. Windows for home users

    For employees using Windows at home, consider giving them a heads up that Windows 10 is coming in late July and that their home machines might receive an offer for free upgrade. Encourage them to do a backup before trying to upgrade. (While no company should make concrete recommendations on how someone should handle their personal IT, backup is a generally accepted practice.)

    4. Consider training

    Almost everybody resists changes to the systems they are accustomed to, but does a change in software cause prolonged loss of productivity with your employees and/or have they been uncomfortable with previous Windows software changes?  If so, your team might need some training in Windows and, more specifically, Windows 10. Sinu can help you gain in-person, over the web, or self-help training in these areas so that your team knows what to expect, can open the programs they need, and is more comfortable with Windows 10 before it is installed on their computer.

    The bottom line is that technology solutions will continue to evolve and before adopting new technologies we recommend an inventory of your current solutions and careful planning for any upgrades. Sinu is here with the tools and expertise to help plan and implement those transitions to ensure your employees are productive and your data is safe.