Ransomware impacting QNAP devices

A few weeks ago, a client of mine contacted me stating that their QNAP NAS had been attacked by a ransomware virus. The only saving grace was that they had taken a backup to an external USB drive a week earlier. Now to gain access to the QNAP NAS and reset the device, I took it to my office, put the device on a isolated network created by a standalone router, to prevent by office systems from potentially being impacted. Once I was in the device, I factory reset the device, clearing all the contents. Then I ensured I downloaded the latest Firmware for the NAS from QNAP. (This was not being done prior to the Ransomware attack.)

https://www.securityweek.com/qnap-says-recently-patched-flaw-exploited-qlocker-ransomware-attacks

Once the latest firmware was installed, I updated all the apps requiring updates as a result of the firmware update within the NAS to their latest versions. I recreated the same configuration (Logins, folders etc) that existed prior to the reset.

I then restored the data backed up on the USB drive back to the NAS and returned the device back to the client site. Since the settings were the same as before, all computers onsite connected as before.

I cannot stress enough the importance of backups. You can be attacked at any time, so ensure your backups are up to date. If they are not automated, the odds are on that the backups won’t be done regularly. Have multiple backups as even a backup drive can fail. Once the backup is complete, disconnect it from the NAS so as to prevent an infection from spreading to the backup device. Keep multiple backups. Some automated (Always connected device) and some manual (Temp connected device)

Add 2FA – Two Factor Authentication on your facebook profile

Many people have had their Facebook website hacked and a fake profile created which then sends out friend requests to your Facebook friends. Within Facebook , navigate to Settings and Privacy, and then click on Security and Login. On the right hand panel, scroll down to the section on Two-Factor Authentication. Here you can choose to use the authentication app or get a SMS 6 digit code sent to your mobile number when an attempt is made to login to your account from an unrecognized device. Add one of these options to better secure your account.

Fake IT Support Calls

In recent weeks I received 3 calls from clients who had received calls or popup warning  from either Microsoft, Telstra or other “Fake companies”.  These calls or fake popups indicated that their systems were compromised and that they could fix the issue if remote access was permitted.  One such company was Smart365.

Smart 365, told the client to remove their useless “Trend Micro” antivirus and let them replace it with another.  This new antivirus was installed and was registered to a 3rd party “Bruce Smith” which was not my clients name.  For the software and 2 years non-existent support they were charged $450.  The computer had a number of other issues so it was decided that the best way forward was to backup all the data and then either rebuild the Windows 7 laptop (6 years old) or replace the laptop with a new Windows 10 model.  The later was chosen.

All emails were recovered as were documents, photos, favorites(Bookmarks).  Programs like Office 2010, Trend Micro reinstalled and configured.  Printer reconnected and tested OK.

Once this was done a backup system was implemented using 3 backup drives.  1 Offsite to be used for the two home computers and one dedicated for each for the two computers.  The offsite to be run as required perhaps monthly (MANUALLY) and the others are either scheduled as daily or weekly backup jobs.

A second customer received a call purporting to be from Telstra.  They asked if they had a credit card.   When they answered “No”, they then asked to process a payment via internet banking and they obtained remote access to the computer.  This customer was an elderly gentleman who I imagine was too trusting.  They then proceeded to withdraw funds out of his bank account.  I had to visit and give his computer a scan and the all clear before the bank would allow further online transactions.

A third customer was presented with a pop up warning that the computer was compromised and to call the number on the screen.  Here they were asked for online bank details which were not available so they then asked for a credit card.  This was provided and $250 Dollars was taken.  I removed all remote access software and scanned computer for other malware or possibly unwanted programs (PUP’s)

From the Microsoft Blog Website:

Helping consumers fight back
Our Customer Support Services team is leading efforts to help impacted customers. If someone claiming to be from Microsoft tech support, or affiliated with Microsoft, calls you:

• Do not purchase any software or services.
• Ask if there is a fee or subscription associated with the “service.” If there is, hang up.
• Never give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer.
• Take the caller’s information down and immediately report it to your local authorities.
• Never provide your credit card or financial information to someone claiming to be from Microsoft tech support.

Discussion on Scammers

My father in law took a call from “Telstra”.  He said, “who is Telstra, I have not heard of them?”  They then said they were an internet company.  He said, “Internet?, is that like a fishing net?”  At this point they hung up, frustrated I am sure.

Please be very careful.  They are becoming more sophisticated with their methods of luring you in.

 

 

Dealing With Tel-Co’s

A few weeks ago, I was called into a business who’s owner was complaining about network issues and a few other issues.  OK so I went around to do an audit of the setup and make a recommendation.  The first thing I noticed was that the Modem which was being used (Provided by the Tel-co) was very old. It was using the B and G WiFi Radio Spectrum/protocol 802.11.  For those in the know, the current Spectrum is AC.  Between G and AC there was N.  The Modem was capable of a 54Mbit/s speed on the G protocol. A number of devices in the business could see the WiFi SSID or Signal Name but could not connect even though they knew the password.  So we decided, at the very least to upgrade the modem.

The new modem arrived a week later shipped to client by the Tel-Co.  I did request they send out a current Modem which hopefully would also be a Dual band AC Modem. (2.4ghz and 5 ghz)  No such luck, a single band modem was sent.  Anyway, I configured the modem then all the devices in the business could connect, however, there were constant dropouts of the service and the line rate reported in the modem was very low.  8000 kbps.  I called Tech Support and spoke with a very aggressive engineer.  Eventually, after doing Isolation tests etc, we finally got the line rate up to 11999kbps and the connection was no longer dropping out. This took an hour.  So far so good.

One Day later, business is not getting phone calls in on the same line that the modem was on.  I was then called and spent the better part of my day trying to understand what the issue was.  When talking to my client and Tech support on a conference call, they said that for the phone issue to be fixed, the business had to switch to the NBN.  Really?  I asked, when the NBN was initially available in the area, and I was told that I had to speak with customer service, but that would be a 45 minute wait.  They offered to call me back in an hour to prevent me from having to wait on the phone.  No Problem!!

An hour later, no call received.  2 Hours later, no call received.  I went online to have a online chat with support.  This is how that went.  I was chatting with Harper K

You • 02:53 PM Harper, can you tell me when “The Shop Address”, Double Bay 2028 had the NBN available from.

Harper K • 02:53 PM Sure

Harper K • 02:53 PM Allow me a minute here

You • 02:54 PM ok

Harper K • 02:54 PM I see that NBN is serviceable at “The Shop Address” DOUBLE BAY NSW 2028

You • 02:55 PM I know that it is now available, but how long ago was it available. I know we have around 18 months to make the switch, so how much longer before time runs out? (The 18 months)

Harper K • 02:56 PM There is no time limit it will be available full time

You • 02:57 PM Everywhere I look, I am told that you have to make the switch within 18 months of the NBN being available.
Harper K • 02:58 PM Let me check
Harper K • 03:02 PM Sorry we can not assure that before itself Sometimes it will available sometimes it might lost, we don’t have option to check that here
You • 03:04 PM For the above address, what is the latest that we can make the switch to the NBN before we are cut off
Harper K 3:05PM  The NBN is available at the above address.You 3:06PM I currently have ADSL2+ at the address and I know that the NBN is available also, but from when was it available?

Harper K 3:07PM  The NBN is available at the above address.

You 3:07PM  What date did the NBN become available?

Harper K 3:08PM  The NBN is available at the above address.

ARE YOU KIDDING ME!!!!!

You 3:09PM.  Do you understand what I am asking you?  Don’t tell me it is available. Tell me when is was first available.

Harper K: 3:10PM.  An email was sent to the customer when the NBN became available.

You 3:11PM  When was the email sent?
Harper K 3:12PM  When the NBN became available at the above address.

Right now I felt I was in the twilight zone

You 3:13PM Can you tell me when that was, so I know how long before current services (ADSL) are cut off.

Harper K 3:15PM  Wait a Moment

Harper K 3:17PM  Be right with you

Harper K 3:19PM  1 Minute please

You 3:20PM I’m waiting.  This is a long minute.

Harper K 3:21PM  90 days from when the email went out.

At the same time I am calling the customer who has looked through their emails and cant find any related to the NBN.

You 3:22PM So I don’t know when this email was received, if it was received at all, no followup emails were sent, so possibly the deadline has arrived and we don’t know about it.

At this point I gave up.  Beaten and bruised.

So I called Customer service again.  This time I explained the situation to level 1 support or level zero.  They passed me onto a higher level support.  After explaining the situation again, I was then asked for the customer name and date of birth which I provided, but now for the first time, I also need to provide a 4 digit Pin????  No other time do I need a pin.  Called customer.  They don’t have a pin.  DEAD END!!!  Won’t speak to me.

The next day, phone service is back but now no internet.  WHAT THE!!!  Have they fixed the phone but broken the internet.  What progress…NOT!!.  DSL LIGHT ON MODEM KEEPS FLASHING.

iOS 11 for iPhone, iPad etc

The iOS update has been developed for a number of devices.  From the apple website, here is a list of devices that support this software update and information about the update.

There have been 2 additional updates since the initial release.  11.0.1 and 11.0.2

iPhone

• iPhone X
• iPhone 8
• iPhone 8 Plus
• iPhone 7
• iPhone 7 Plus
• iPhone 6s
• iPhone 6s Plus
• iPhone 6
• iPhone 6 Plus
• iPhone SE
• iPhone 5s

iPad

• 12.9-inch iPad Pro
  (2nd generation)
• 12.9-inch iPad Pro
  (1st generation)
• 10.5-inch iPad Pro
• 9.7-inch iPad Pro
• iPad Air 2
• iPad Air
• iPad
  (5th generation)
• iPad mini 4
• iPad mini 3
• iPad mini 2

iPod

• iPod touch
  (6th generation)

I would go a step further and check the actual model number of the rear of the device to truly know if it can accept the update.  I went to do an update for a customer who had an iPad Air 2.  Looking within the iPad’s Setting -> General -> About section, I looked up the  Model number. This will be a letter A followed by 4 numbers.  E.g  Current iPad Pro 12.9″ is a A1670 or A1671.

Using this model number, the device appeared to be compatible, but when I checked using the Model on the rear of the device, it became apparent that the furthest the device could go was 10.3.3

What was in each of the releases.

11.0

App Store

• All-new App Store designed for discovering great apps and games everyday
• New Today tab helps you discover new apps and games with stories, how-to guides, and more
• New Games tab to find new games and see what’s most popular with top game charts
• Dedicated Apps tab with top picks, dedicated app charts, and app categories
• App pages include more video previews, Editors’ Choice badges, easier access to user ratings, and information about in-app purchases

 

Siri

• New Siri voice is more natural and expressive
• Translate English words and phrases into Chinese, French, German, Italian or Spanish (beta)
• Siri suggestions based on your usage of Safari, News, Mail, and Messages
• Works with notes apps to create to-do lists, notes and reminders
• Works with banking apps for account transfer and balances
• Works with apps that display QR codes
• Hindi and Shanghainese dictation

 

Camera

• Portrait mode now supports optical image stabilization, HDR and True Tone flash
• Photos and videos will take up half the space with the new HEIF and HEVC image and video formats
• Redesigned set of nine filters optimized for natural skin tones
• Automatically identify and scan QR codes

 

Photos

• Loop, Bounce, and Long Exposure Live Photo effects
• Mute, trim, or choose a new key photo for Live Photos
• Memory Movies automatically adapt content for portrait and landscape orientation
• More than a dozen new memory types including pets, babies, weddings, and sporting events
• People album is more accurate and stays up to date across devices with iCloud Photo Library
• Animated GIF support

 

Maps

• Indoor maps for major airports and shopping centers
• Lane guidance and speed limit information with Turn-by-turn directions
• One-handed zoom with double tap and swipe
• Interact with Flyover by moving your device

 

Do Not Disturb while Driving

• Automatically silences notifications while driving and keeps iPhone silent and display off
• Optional iMessage auto reply to alert selected contacts that you’re driving

 

New features designed for iPad

• An all new Dock provides quick access to your favorite and recently used apps and can even be shown on top of active apps
  • Dock resizes so you can add all of your favorite apps
  • Recently used and Continuity apps are available on the right
• Enhanced Slide Over and Split View
  • Apps can be easily started in Slide Over and Split View from the Dock
  • Slide Over and background apps now run simultaneously
  • Apps in Slide Over and Split View can now be placed on the left side of the screen
• Drag and drop
  • Move text, images, and files between apps on iPad
  • Multi-Touch to move multiple items at the same time
  • Spring-loading to move content between apps
• Markup
  • Markup works across documents, PDFs, webpages, photos and more
  • Instant markup anything in iOS – just place Apple Pencil on what you want to mark
  • Create a PDF and markup anything that can be printed
• Notes
  • Instantly create a new note by tapping on Lock Screen with Apple Pencil
  • Inline drawing available by simply placing Apple Pencil in body of a note
  • Search handwritten text
  • Document scanner autocorrects for skewing and uses image filters to remove shadows
  • Table support to organize and display information
  • Pin important notes to the top of the list
• Files
  • All-new Files app to browse, search and organize files
  • Works with iCloud Drive and 3rd party cloud file providers
  • Recents view for quick access to recently used files across all apps and cloud services
  • Create folders and sort files by name, date, size and tags

 

QuickType

• Flick down on letter keys to enter numbers, symbols and punctuation marks on iPad
• One-handed keyboard support on iPhone
• New keyboards for Armenian, Azerbaijani, Belarusian, Georgian, Irish, Kannada, Malayalam, Maori, Odia, Swahili, and Welsh
• English input on the 10-key Pinyin keyboard
• English input on the Japanese Romaji keyboard

 

HomeKit

• New accessory types including AirPlay 2 speakers, sprinklers and faucets
• Expanded occupancy, time and accessory based triggers
• QR code and tap to pair accessory setup support

 

Augmented Reality

• Augmented reality technologies that apps from the App Store can use to deliver content on top of real-world scenes for interactive gaming, immersive shopping experiences, industrial design and more

 

Machine Learning

• Core machine learning technologies that apps from the App Store can use to deliver intelligent features with machine learning data processed on device for high performance and user privacy

 

Other features and improvements

• Control Center redesign brings all controls on one page
• Control Center custom controls including accessibility, guided access, magnifier, text size, screen recording and Wallet
• Apple Music now helps you discover music with friends. Create a profile so friends can listen to playlists you’ve shared and see the music you listen to most
• Apple News now includes Top Stories picked just for you, recommendations from Siri, the best videos of the day in Today View, and great stories selected by our editors in the new Spotlight tab
• Apple Podcasts has an all-new design. Use Listen Now to easily play new episodes or continue where you left off. Shows can now also contain seasons, trailers and bonus episodes.
• Automatic Setup signs you in to iCloud, Keychain, iTunes, App Store, iMessage, and FaceTime with your Apple ID
• Automatic Setup restores device settings including language, region, network, keyboard preferences, places you frequently visit, how you talk to Siri, home and health data
• Easily share access to your Wi-Fi networks
• Storage optimization notifications and free up space in Settings for apps like Photos, Messages, and more
• Emergency SOS calls emergency services based on your current location and automatically notifies emergency contacts, shares your location, and displays your Medical ID
• FaceTime lets you capture Live Photos from the other person’s Mac or iPhone camera
• Easily check Flight status in Spotlight and Safari
• Definitions, conversions and math support in Safari
• Russian and English bilingual dictionary
• Portuguese and English bilingual dictionary
• Arabic system font support

 

Accessibility

• VoiceOver descriptions support for images
• VoiceOver tables and lists support in PDFs
• Type to Siri support for basic search queries
• Spoken and braille caption support for videos
• Dynamic Type increases text and app UI to larger sizes
• Redesigned Invert Colors make media content easier to view
• Highlight Colors improvements in Speak Selection and Speak Screen
• Switch Control typing can scan and type whole words at a time

11.0.1

Includes bug fixes and improvements for your iPhone or iPad.

11.0.2

Includes bug fixes and improvements for your iPhone or iPad. This update:

• Fixes an issue where crackling sounds may occur during calls for a small number of iPhone 8 and 8 Plus devices
• Addresses an issue that could cause some photos to become hidden
• Fixes an issue where attachments in S/MIME encrypted emails would not open

Personally, I use the do not disturb while driving feature which activates automatically when I am in a car.  You can also have it only activate if connected to your car Bluetooth.

If I am not driving but still in a car, I can deactivate the feature.  Messages  that are received when this is active, automatically receive a reply  “I’m driving with Do Not Disturb While Driving turned on.  I’ll see your message when I arrive at my destination” and “(I’m not receiving notifications. If this is urgent, reply “urgent” to send a notification through with your original message,)”  The first part of the message you can customize in the Do not Disturb section of the phone settings.

 

Apple IOS 10.3.1 Update

Released only 7 days after the 10.3 update.

Make sure you backup your device before performing any update “Just in case” something goes wrong.  You have a recovery point to go back to.

Apple has released the 10.3.1 update for IOS devices.  Iphone 5 and later, iPad 4th generation and later and iPod 6th Gen and later

From the Apple Support Website:

Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip

Description: A stack buffer overflow was addressed through improved input validation.

CVE-2017-6975: Gal Beniamini of Google Project Zero

10.3.2 is already being tested by apple.

Telstra Business- Digital Office Technology (DOT) Department – New Modem Request

Wow. what a drama this has been.  Last week Tuesday the 17th of January 2017, I went to a customer who has a DOT ADSL service to his home.  I was delivering a new laptop for him.  I expected to be able to connect to his Telstra Netgear modem via WiFi.  Well I saw the SSID (signal Name) and new the password and tried connecting.  NO LUCK.  I tried connecting to the modem using my iPhone, again no luck.

Rebooted modem a few times, still no luck.

All the setup work on the laptop pre-delivery was done in my office via WiFi, so I knew the laptop WiFi worked.  I could connect the laptop to my iPhone using my personal hotspot.

I removed all security from the modem WiFi to see if would connect.  No connection permitted.  I simplified the security password.  Again no luck.

At this point the felt that the modem was the issue, so I called Telstra support 132000 to get some advice on what to do.  They suggested everything that I had already tried.

Well after 45minutes to an hour, after speaking initially with Tech support and then to billing to get a new modem ordered, they asked that I stay on the line to make sure that the Modem order was correct and that it would go through.  $20/month for 24 months for the new 7610 Modem, or $480 one off payment.

3-5 business days I am told  OK!!  I get sent a callback link/SMS to my phone from billing, should I need to contact them directly.  These links can only be used once.

I then arranged to return this week (today) to install the newly ordered modem.  Surely this would be enough time.

I received a call from my customer yesterday 23-1-2017 to say that the modem had still not arrived, so I used my call back link to get in touch with Telstra again.  I spoke again to billing, who informed me that the order was rejected by the warehouse because it was incomplete.  They bounced the request back to billing who failed to respond to the return email.  So nothing was ordered.

“NOT HAPPY JAN”

I was then told last night that they are so sorry, and would put through an urgent request to get the modem out ASAP and look to compensate my client for their stuff up.  I was told by the current billing contact to contact her directly using the link she would send me.  I got one of these SMS message last week, so I foolishly though I would receive it again.  My bad.  I hung up before receiving the SMS.  I got no message at all.

Today I called again, but this time was forced to call the 132000 number again, no shortcuts via a SMS link.

After a lengthy wait I again got through to billing who since I did not connect with them using a SMS link, needed to speak to my customer to get authorization.  That was a drama to get again.  I was not onsite this time.

When they managed to get authorization again from my client, they tell me that the order was not place last night.  WHY NOT!!  I am spewing at this point.

Again they said they will place the order and again it will take around 5 days to process and get shipped.  I was sent a one time link SMS, from billing but was also asked, “do you want to stay on the line while we process the order or shall we call you back?”.  HMMM!!  Each time I get asked to stay and wait on the line for 2-3 minutes the clock actually shows more like 20-20 minutes.

I said she could call me back rather than me wait for her call.  I have other work to do.

Well 45 minutes now as I am writing this, and still no call back.  4:45pm now.  Finished call at around 4pm.

Where has customer service gone.  Overseas I expect.

Telstra Bigpond email change

If you have a Bigpond email account, you might be impacted by a recent change that has been rolled out.  

If you stop getting emails suddenly, (Late July 2016) then you may be part of a group who’s mailboxes with Telstra require a change to the mail server settings from where you access your email from a Mobile Device, Outlook or similar mail software.

Let me know if this has happened to you.

Telstra Outages

Yesterday I went to a client who had another outage from their cable service provider.  Telstra.  A great deal of their work is done online and when the service is running, the speed is great.  This weeks outage started  28 July and was reported to be down until Thursday evening 4 August 2016!!

Currently reporting to be back around 7pm.  See image below for the 2030 post code.

How can a businesses continue to operate with this happening on a regular basis.

They have resorted to using a Telstra wifi dongle which both their office computers can connect to.  This is a very expensive way of remaining connected to the Internet to do business.  $50 for 5 gig for 365 days. This also impacts the rest of the family.  School homework done via the Internet, submitting homework, doing research and of course all the must have social media activity (Facebook, Instagram, snapchat, Twitter, whatsapp, email etc etc etc.)

Chasing Telstra is a very frustrating activity and most often does not result in a timely solution.  You just have to wait for them to take action while in the interim rack up huge costs and stress!!

All if not most roads lead to Telstra so you don’t have many choices.  Some ISP’s have great support while others have better speed.  What do you choose?

Exeter I am told have great customer service but iinet have better speed. Internode used to be top of the pile for customer service but much to my dismay, this is no longer the case.  

I used to be with internode for over 9 years and had no issues.  Support was great.  When I relocated 5 years ago, I was forced to change my ISP. I went with TPG.  Yes not always the greatest, but good enough.  Unlimited download plan, bundled with my home phone and unlimited cams to landlines and mobiles for $69.99.  My speed on a good day is around 11-13mbps which is ok.

Tell me what you are experiencing at the moment and who your internet service is through.

Internet Speed

Is your internet Speed not fast enough? 

Everyone complaining in the home or office?  You can get an indication of your speed by going to http://www.speedtest.net website where you can Test your internet download and upload speed.  Once the website comes up, click the Begin Test button.

The image above shows a relatively slow internet speed for ADSL2+  How do you interpret the numbers?

The Ping number must be a low as possible. This represents how long in milliseconds it takes for a signal to leave your computer and then return.  The quicker the better.(Low Ping is shorter time)

The Download Mbps.  This must be as high as possible.  Depending on the service you are signed up with ADSL or Cable, these numbers will vary greatly.  These numbers may change from one minute to the next depending on a number of things.

• There could be a line fault
• There could be a faulty modem
• The modem may require a “Power Cycle” – Turn off wait 30 seconds and then turn on again
• Congestion on the line at the moment of the test
• Are you testing via a WiFi connection or are you connected with a cable.

Internet speed is not always determined by your connection speed, but also by the computers/Servers you are connecting to and their speed.  If they are very slow or congested, then you will be impacted by this.

The Upload Mbps is normally slower (0.85 Mbps) than the download unless you have a upmarket plan which provides high upload connectivity.  Uploads are things like sending emails or uploading files or using services like Dropbox, Google Drive, One Drive etc.  When uploading occurs this will also impact the download speed, so if you have a lot of data to upload, try do it out of normal working hours as this will impact the regular use of the internet.

ADSL2+ theoretical top download speed is 20 Mbps and the best I have seen is around 17.8

Standard Cable Services can get around 35 Mbps download and around 2-2.5Mbps upload.  This is obtainable from Telstra or Optus and they provide the modems.

Elite Cable services from both Telstra and Optus offer a higher speed service which gets close to the 100 Mbps speed.

If your speed appears to be slower than what you would expect or has noticeably slowed down, then I would suggest contacting your ISP and asking them if there is something that they can do to address the speed issue.  Sometimes if you are on a old plan or setup, then you can get a speed boost by them changing settings on their end.