Blueloop 20th Birthday

bl logo 20 large

Blueloop 20th Birthday


world


On 27th April 2000 Blueloop Limited was incorporated by Jon Gerdes, Managing Director; Tony Haines, Technical Director; and Robin Barker, Finance Director. Initially the business operated from converted barns in North Perrott, Nr Crewkerne and later relocated to our current Datacentre in Yeovil.

 

Blueloop’s service offering includes IT Consultancy & Infrastructure, Software, Networks and Cyber Security. Blueloop provides support to businesses in the South West and beyond. The IT support offered is tailored to the specific business requirements of each organisation. Some may have an existing IT team or person on-site and simply need an additional pair of hands for project work or during busy holiday periods. For some other organisations, Blueloop provides a complete managed, cost effective IT service allowing the business to concentrate on their own core services. Blueloop can be flexible positioning a service to match the business need.

 

The team grew rapidly in the first 5 years employing eight staff. The business has expanded during the last twenty years and in April 2013 purchased Blueloop House in Yeovil and established a fully-fledged Datacentre. From here Blueloop can provide the faster internet services that businesses require today as well as providing resilience and a Disaster Recovery suite for customers.

 

Blueloop are delighted to be celebrating twenty years of trading this month, currently employing 22 staff. Some of the team are based in Swindon and London but the large proportion of the team are in the South West looking after local businesses. Blueloop have also helped support many local and UK charities over the years including local youth football teams, the ambulance services, local hospices, BBC Children in Need and Great Ormond Street.

 

“Blueloop has made great progress in our first 20 years” comments Robin Barker, Financial Director. “It’s not easy building a business and we are very proud of what has been achieved. There have been many hurdles to cross not least of which we find ourselves in the midst of perhaps our biggest challenge, but we are determined to prevail and build upon our strong foundations and look forward to a bright future and another enjoyable 20 years servicing the needs of our customers and their IT requirements.”

 

Technology has changed significantly in the last 20 years. In 2000 the internet was still a new concept. Getting online involved using dial up which was normally used for school or work purposes and certainly not for entertainment or connecting with people. Families had to visit Blockbusters to hire a movie or TV show ensuring it was returned timely to avoid the late fees. Now if you want to watch something, you can reach it on demand anywhere through the growing number of streaming services.

 

Today there are more than 4 billion people who have access to the internet. The workplace has never been quite so competitive, yet flexible and accommodating and the dynamics have changed immeasurably. While email is still primarily used for business communications, video chat, instant messaging, internet telephony, are all part of our daily regime.

 

Tony Haines, Technical Director on behalf of the Board, wanted to “Thank the staff for all their hard work and to all our customers who have contributed during our 20 years”.

 

So, what happens in the future?

Increasing demands for a more automated workplace are starting to show. Business leaders must investigate how the use of AI, smart software and robots can drive efficiencies and advance new solutions. The push for competitive advantage and high performing staff will encourage the creation of shared AI tools and personalised portfolio apps, and smart technology to raise the bar for extreme digital dexterity.

 

“The future of digital for Blueloop and everyone in the next 20 years is going to be very exciting. Despite the current crisis we will be there to see and drive it”, remarked Jon Gerdes, Managing Director.

 

Insecure Remote Working

Insecure Remote Working


Due to recent developments regarding the Coronavirus, employees are increasingly working remotely. Organisations in this situation should consider the cyber security implications of increased remote working.

Below are some considerations on staying secure whilst working remotely.

Advice

Phishing
Phishing/Spear phishing/Business Email Compromise remains a huge threat to organisations. Ensure that staff remain vigilant and educated when it comes to spotting suspicious emails. Remember, if you're in doubt over whether any correspondence is genuine, pick up the phone and call that person to check (don't use the number provided in the suspicious email though). 

For staff in smaller organisations, further advice can be found via the National Cyber Security Centre's Small Business Guide entry:
https://www.ncsc.gov.uk/collection/small-business-guide/avoiding-phishing-attacks

For larger organisations see the NCSC guide:
https://www.ncsc.gov.uk/guidance/phishing

Strong passwords and '2FA'
All of your accounts and devices should have strong, unique passwords set. Two-Factor authentication (2FA) is a second piece of evidence you provide to prove it's definitely you logging in (this is usually a generated code sent to your device). A strong, unique password and 2FA makes it much more difficult to compromise your account. If you use Office 365, then it's incredibly important that the above steps are taken. 

Further advice on strong passwords/2FA can be found on the NCSC's site at https://www.ncsc.gov.uk/collection/small-business-guide/using-passwords-protect-your-data 

Home routers
Make sure that you have changed the default admin password to your router to one that is strong and unique (see above advice). This will help prevent attackers from hacking your home network and intercepting sensitive communications.

VPNs
If available to your company, using a Virtual Private Network (VPN) is one way of communicating more securely over the public facing internet. Make sure that all staff are aware of why and how they should make use of them.

If you're looking to use a VPN, do your research and choose a reputable provider from an official source. 

Tethering
If you aren't confident about using a Wi-Fi point, you can instead tether your device to one which has a 3G/4G connection (e.g. laptop tethers to phone). This is typically more secure than using an untrusted Wi-Fi hotspot.

Watch out for fake login pages/URL spoofing
When working remotely, you may have access certain services through your browser. When logging in, check the URL in the address bar to ensure that you're on the correct page, and everything operates as it should do. For added peace of mind, you can bookmark important sites and only visit those sites via that bookmark.


Use approved file sharing services
Only use the software that your company would typically use to communicate and share files. Refrain from using your personal email or 3rd party workaround services unless you have checked that it's fine to do so. If you're asked by your company to download additional software, make sure that you're downloading from the official source. 

Updates
Ensure that all operating systems and software (not just security specific software) receives updates. Updates contain vital security patches which will protect you against cyber attacks.

Physical security
Removing work equipment from the work environment results in risk, including theft/loss/damage of devices and documents. Ensure that everyone is reminded of the need to keep devices secure and protected, and how to do so. This may include keeping devices locked away when not in use, use of privacy screens, checking that devices are password protected/encrypted, and generally being aware of your surroundings.

Communication is important
Security should be integrated not just with technical solutions but in all aspects of the business - this includes relevant communications. Any internal releases on changes to work procedures e.g. bulletins/ company blogs should emphasise the importance of security responsibilities. If it is relevant, this is a good approach to take with external communications to partner companies, supply chains, and customers.

Reporting
If you have been a victim of a cyber crime, please report it to Action Fraud, which is the UK's national cyber crime reporting portal. You can report through phone (0300 123 2040) or on their website at https://www.actionfraud.police.uk

Reporting helps build intelligence for law enforcement, which can aid investigations as well as informational campaigns to prevent others from becoming victims.

Action Fraud operate a 24/7 live cyber reporting line for organisations! Further details at https://www.actionfraud.police.uk/campaign/24-7-live-cyber-reporting-for-businesses

Cyber Security And Coronavirus

Coronavirus: cyber security considerations

There have recently been reported cyber crime incidents related to Coronavirus. Also, given that some organisations are choosing to take certain precautions, we believe it's warranted to discuss a few potential cyber security considerations around some of those precautions.

Below we discuss some cyber threats, both reported and potential, related to COVID-19.

Increase in themed phishing attempts

Since February 2020, the National Fraud Intelligence Bureau (NFIB) has identified 21 reports of fraud where Coronavirus was mentioned, with victim losses totaling over £800k. NFIB have also received multiple reports about coronavirus-themed phishing emails attempting to trick people into opening malicious attachments or revealing sensitive personal and financial information.

One common tactic used by fraudsters is to contact potential victims over email purporting to be from research organisation’s affiliated with the Centers for Disease Control and Prevention (CDC) and the World Health Organisation (WHO).

They claim to be able to provide the recipient with a list of coronavirus infected people in their area. In order to access this information, the victim needs to click on a link, which leads to a malicious website, or is asked to make a payment in Bitcoin.

Reporting numbers are expected to rise as the virus continues to spread across the world.

It's important that employees are aware that attackers are attempting to exploit people's concern around the virus. To ensure that your organisation is employing all of the necessary steps it can do to reduce the impact of phishing, see the NCSC guide at https://www.ncsc.gov.uk/guidance/phishing

Remote Working

Increasingly some organisations are encouraging employees to work remotely, so if applicable it may be worth starting those conversations now (if they haven't already) about reinforcing security advice around remote working.

Below are a few security resources/considerations around flexible/remote working:

Communications

It's important that security is integrated with not only technical solutions but the communications being sent internally and externally. Where possible, any releases/bulletins/company blogs should mention the need to stay aware of security responsibilities.

Secure connections

Employees should be reminded about connecting to work resources securely. Communications should cover things like how to use Wi-Fi securely, tethering devices, which file-sharing services are permitted and how, use of corporate VPNs etc.

If you are likely to be affected by an uptake in remote working, consider reviewing your organisation's resources, policies, and procedures to see that the relevant aspects are fit for purpose, and that they are clearly communicated to all staff members.

Physical security

Removing work equipment from the work environment results in risk, including theft/loss of devices and damage. Ensure that employees are aware of the need to keep devices secure and protected for extended periods of time. 

Remote Desktop Protocol (RDP)
RDP vulnerabilities are being commonly exploited in a large number of cases, so ensure that you are doing everything you can to secure against associated threats. This includes reviewing port security, access controls, defending against brute force attacks through strong authentication. More guidance can be found via NCSC at https://www.ncsc.gov.uk/section/advice-guidance/all-topics

Reporting
If you have been a victim of a cyber crime, please report the incident to Action Fraud. For live incidents, you can make use of Action Fraud's 24/7 reporting function through phone at 0300 123 2040. More information can be found at https://www.actionfraud.police.uk/campaign/24-7-live-cyber-reporting-for-businesses

Reporting is incredibly important, as it helps build intelligence for law enforcement which is vital to investigations, as well as informational campaigns.

Malware And Ransomware Attacks

Malware and ransomware attacks


Malware is malicious software, which - if able to run - can cause harm in many ways.


Malware, such as ransomware, has unfortunately become commonplace for organisations in recent years. If malware has found its way on to your networks, then it can:

- Cause devices to become locked or unusable
- Steal, delete or encrypt data
- Take control of your devices to attack other organisations
- 'Mine' cryptocurrency
- Use services that may cost you money (e.g. premium rate phone calls)

All of the above can be damaging to varying degrees, and although it's ideal to prevent it from getting to that stage in the first place, that's not always possible. We mention a lot of protective advice in these newsletters, but for this issue, we're going to talk about the steps to take if your organisation is already infected with malware.

Steps to take if your organisation is already infected with malware

Disconnect Devices
Immediately disconnect any infected computers, laptops or tablets from all network connections, whether wired, wireless or mobile phone based.

Consider disabling network connections
In very serious cases, turning off your Wi-Fi and disabling any core network connections might be necessary.

Resetting credentials
Credentials include passwords (especially for administrators), but first verify that you're not locking yourself out of systems that are needed for recovery.

Safely wipe infected devices and reinstall the operating system
It's important that devices are definitely 'clean' before they are restored and put back into use.

Restoring from backups
Hopefully(!) you will have adequate backups in place to restore from. Before you use them however, as above you need to be very confident that the backup is clean also.


Use a clean network 
Connect devices to a clean network in order to download, install and update the operating system and all other software.

Install, update and run antivirus software

Reconnect to your network

Monitoring and scanning
Monitor network traffic and run antivirus scans to identify if any infection remains.

Note on ransomware
Files encrypted by most ransomware have no way of being decrypted by anyone other than the attacker. Don't waste your time or money on services that promise to do it. In some cases, security professionals have produced tools that can decrypt files due to weaknesses in the malware, but take precautions before running unknown tools on your devices.

Reporting
If you have been a victim of an incident involving malware, please report it to Action Fraud, which is the UK's national cyber crime reporting portal. You can report through phone (0300 123 2040) or on their website at https://www.actionfraud.police.uk

Reporting helps build intelligence for law enforcement, which can aid investigations as well as informational campaigns to prevent others from becoming victims.

Remember, Action Fraud operate a 24/7 live cyber reporting line for organisations! Further details at https://www.actionfraud.police.uk/campaign/24-7-live-cyber-reporting-for-businesses

'Trickbot' Banking Trojan

'Trickbot' Banking Trojan
Attacks designed to access online accounts, including bank accounts, in order to obtain personally identifiable information (PII).

A 'trojan' is a type of malware or virus disguised as legitimate software, that is used to hack into the victim's computer. Trickbot infections can be very damaging, as the malware can download new capabilities on to a victim's device without any interaction from the victim. Aside from the theft of PII as described above, these capabilities can allow attackers to gather detailed information about networks, and spread. In some cases, Trickbot is used to infiltrate a network, and once inside it's used to deploy other malware such as ransomware. 

Trickbot targets victims with well-crafted phishing emails, designed to appear as though sent from trusted commercial or government brands. These emails often contain attachments (or link to attachments) which victims are instructed to open, leading to their machine being exploited.

Advice

Spotting the signs of a possible Trickbot infection
Victims of Trickbot have observed a number of malicious activities, including:
  • Unauthorised access attempts to online accounts.
  • Successful, fraudulent bank transfer activity.
  • Unauthorised changes to their network infrastructure.
Protecting business and personal banking facilities (including where employees have accessed personal banking from work devices)
  • Consider changing passwords and memorable information for corporate, business, or personal internet banking facilities accessed from the infected network.
  • Review bank and credit card statements for suspicious activity, and report any findings to your bank.
  • Advise any employees who have accessed online banking facilities from the affected network to do likewise.
Antivirus
  • Running a full scan on all devices using up-to-date antivirus software, such as Windows Defender should detect and remove Trickbot infections.
  • Keep your antivirus up to date, and consider using a cloud-backed antivirus product that can benefit from intelligence which larger scale operations bring. Ensure that antivirus software is capable of scanning 'Microsoft Office macros' (these are often exploited in Trickbot attacks).
Keep up to date
  • Use the latest supported versions of operating systems and software, and apply security patches promptly.
Back up your data
  • Make sure you regularly back up your important data. These backups should not be connected to your network, or they'll be at risk of infection, just like any other device.
  • It's a good idea to test your backups to make they work too!
Multi-factor authentication (MFA)
  • Also known as 2-factor authentication (2FA), this involves supplying either an additional one-time code, or use of biometrics to further secure the login process. Most online services and accounts provide a 2FA/MFA option, so enable this wherever you can.
  • In general, authenticator apps are more secure than using SMS tokens, but if that's the only option available then it's better than nothing.
Security Monitoring
  • It pays to have some sort of monitoring in place so you have the data needed to detect and analyse network intrusions.
  • The more accurate information you have, the quicker you'll be able to recover from cyber incidents.
  • This will also reassure your customers, suppliers, investors and regulators that you've taken all measure necessary to protect your data and systems.
Network Segregation
Network segregation involves separating critical networks from less sensitive networks. You may not be responsible for implementing this, but it's a good concept to be aware for your organisation. 

Whitelisting apps
Instead of listing all the potential bad stuff you don't want to use (which is a lot nowadays!), it's simpler to create a short list of trusted applications and processes that are authorised to run. This is essentially what whitelisting is.

Reporting
You need to report cyber crime to Action Fraud, which is the UK's national cyber crime reporting portal. You can report through phone (0300 123 2040) or on their website at  https://www.actionfraud.police.uk

Reporting helps build intelligence for law enforcement, which can aid investigations as well as informational campaigns to prevent others from becoming victims.

Remember, Action Fraud operate a 24/7 live cyber reporting line for organisations! Further details at  https://www.actionfraud.police.uk/campaign/24-7-live-cyber-reporting-for-businesses

This advice is taken from the NCSC's Trickbot advisory on their website at https://www.ncsc.gov.uk/news/trickbot-advisory

Cyber Intelligence Report

CYBER INTELLIGENCE REPORT

NCSC Advisory: Trickbot

The National Cyber Security Centre has released guidance on how organisations can protect their networks from the 'Trickbot' banking trojan. Trickbot is an established banking trojan used in cyber attacks against businesses and individuals in the UK and overseas. Trickbot attacks are designed to access online accounts, including bank accounts, in order to obtain personally identifiable information (PII). In some cases, Trickbot is used to infiltrate a network, and then used to deploy other malware including ransomware and post-exploitation toolkits.

Read the advisory at https://www.ncsc.gov.uk/news/trickbot-advisory

Ransomware Roundup

Below we take a quick look at prevalent and emerging ransomware variants in the UK according to Action Fraud reports, along with some protective advice.

Dharma

Delivery Method: Phishing email/RDP
Typical Ransom Demand: Changes on how fast the victim gets in touch with suspects but usually around 1 BTC
Online Decryptor Keys: No

Once encrypted, two files are placed on the victim's desktop - "FILES ENCRYPTED.txt" and "INFO.hta". These contain the suspect email as well as instructions on how to purchase Bitcoins.

The ransomware uses asymmetrical encryption, generating both a public and private key during the encryption process (the public to encrypt the files and then the private key to decrypt them). 

There are currently no tools able to decrypt Dharma, with the remaining solutions being paying the ransom (not advised) or restoring files from a backup/system restore.

NFIB have observed a case of a victim paying a ransom demand of 5 Bitcoin (roughly £25,000) but not receiving a decryption key.

STOP

Delivery Method: Phishing email
Typical Ransom Demand: Between USD 300-600
Online Decryptor Keys: No

Once infected the ransomware encrypts victims' devices with AES and RSA-1024 encryption algorithms. It places a file on the victim's desktop called "!!!YourDataRestore!!!.txt".

It was previously seen usin the ".DJVU" extension however it now uses the original ".STOP" file extension.

The ransomware demands between $300-$600 and leaves two email addresses and a Bitmessage address for victims to get in touch with to get their files back.

There is currently no tool available to decrypt the data once it has been encrypted, therefore the only way of getting this back is to restore everything from a backup.

Cr1pt0r

Delivery Method: RDP
Typical Ransom Demand: Changes on how fast the victim gets in touch with suspects, reports have seen demands up to USD 1200
Online Decryptor Keys: No

Cr1pt0r is a ransomware targeting NAS (Network-attached storage) equipment exposed to the internet. 

It has been seen targeting vulnerabilities in old firmware. D-Link DNS-320 NAS models. 

Originally built to target Linux systems it can be modified to infect Windows devices.

Once infected the malware places two plain text files on the desktop. One text file is the ransom note called "_FILES_ENCRYPTED_README.txt" which gives information to the victim regarding how to pay the ransom and what the victim will get in return which is the file decryption key. The other text file is called "_cr1ptt0r_support.txt" and it stores the address of the website in the tor network. 

No specific extension is added to the locked files but what is added is an end of file marker "_Cr1ptT0r_"

There is currently limited open source information surrounding the ransomware at the moment but this could change as the ransomware becomes more prevalent. 

Points to consider:

Phishing

Ensure that your organisation is employing all of the necessary steps it can do to reduce the impact of phishing (NCSC guide at https://www.ncsc.gov.uk/guidance/phishing). Get creative with internal awareness campaigns and awareness sessions/training (e.g. use screenshots of phishing emails the company has received). Seek buy-in from senior management and from other departments within your company, and make use of the resources which are out there from organisations we often cite (e.g. NCSC, ActionFraud, CyberAware, Take Five, Europol, CPNI).


Backups
Create regular backups of your important files to an external hard drive, memory stick or online storage provider. It's important that backups are not left connected to your computer as ransomware infections can spread to those as well. As we always say, check that you have backups, check what's on those backups, and check that they actually work!

Updates
Always install updates as soon as is reasonably possible to do so. Make sure that all of your architecture (operating systems, applications, web frameworks, software packages etc. across all devices and services) consistently receive updates. 

Remote Desktop Protocol (RDP)
RDP vulnerabilities are being commonly exploited, so ensure that you are doing everything you can to secure against associated threats. This includes reviewing port security, access controls, defending against brute force attacks through strong authentication, or disabling RDP altogether if not needed. Other guidance can be found via https://www.ncsc.gov.uk/section/advice-guidance/all-topics

Should I pay the ransom?
The nationally recommended guidance is that victims of ransomware should not pay the ransom. This is for a number of reasons:
> There is no guarantee you will receive your data back.
> If criminals know that you have paid out previously, you may be at risk of being targeted again.
> Ransom payments fund criminality, and if criminals consistently receive funds then they will continue to employ those successful tactics.

Reporting
If you have been a victim of ransomware, please report the incident to Action Fraud. Typically, ransomware  attacks will be live incidents, so if this is the case you can make use of Action Fraud's 24/7 reporting function through phone at 0300 123 2040. More information can be found at https://www.actionfraud.police.uk/campaign/24-7-live-cyber-reporting-for-businesses

Reporting helps build intelligence for law enforcement which is vital to investigations, as well as informational campaigns. 

When reporting, it is hugely helpful to capture as much evidence as possible, including images of splash screens, linked email addresses, or linked Bitcoin/cryptocurrency wallets.

By using this website you agree to our use of cookies to enhance your experience. I understand

Windows 7 EOL

On January 14th 2020 Windows 7 and Windows Server 2008 (inc.variants) reached End of Life and will no longer have release updates or security patches provided by Microsoft.

These systems will still work after this date, but your business may be exposed to emerging threats of new viruses and malicious attacks.

Please don’t hesitate to contact either Julie or Darryn on 01460271055 to discuss your concerns.