IT Insights Trends

Network monitoring

Network monitoring is the process of continuously tracking the performance, health, and security of a network infrastructure. By monitoring traffic, devices, and services in real-time, businesses can proactively identify potential issues, optimize performance, and ensure seamless connectivity. Our network monitoring solutions provide visibility and control, helping you stay ahead of potential disruptions and maintain a reliable, secure network environment.

Help Desk / End-user support

Help Desk and End-User Support services ensure your team stays productive by providing fast, reliable assistance for technical issues. Whether it’s troubleshooting software, resolving hardware problems, or guiding users through common tasks, our expert support team is available to solve issues quickly, minimizing downtime and maximizing efficiency. We’re here to keep your operations running smoothly and your users happy.

On-site / Consulting support

On-site and Consulting Support offers hands-on assistance to address complex technical challenges directly at your location. Our experts work closely with your team to analyze, recommend, and implement tailored solutions that align with your business needs. Whether you need system upgrades, network design, or troubleshooting, our on-site support ensures your technology runs optimally and efficiently.

Vendor Management

Vendor Management services help you streamline relationships with third-party providers, ensuring that your business receives the best value and service. We handle everything from selecting and negotiating with vendors to monitoring performance and managing contracts. Our goal is to optimize vendor partnerships, reduce risks, and ensure seamless integration with your operations, so you can focus on what matters most—your business.

Cloud Solutions

Cloud Solutions empower your business with flexible, scalable, and secure computing resources. From cloud storage and data management to custom applications and infrastructure, we provide tailored solutions that help streamline operations, enhance collaboration, and reduce costs. Transitioning to the cloud with us means increased efficiency and future-proofing your business in a fast-evolving digital world.

Technology Consulting

Technology Consulting helps businesses harness the power of technology to drive growth, improve efficiency, and stay competitive. Our expert consultants work closely with you to assess your needs, recommend innovative solutions, and guide the implementation of tech strategies that align with your goals. Whether optimizing existing systems or exploring new technologies, we provide the insights and support you need to succeed in the digital age.

samsamWe keep abreast of the latest cyber attacks and here’s one that we’re seeing a lot of coverage on we think you should know about–SamSam.

From the United States Computer Emergency Readiness Team (US-CERT) Report:

The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A.

Specifically, this product shares analysis of vulnerabilities that cyber actors exploited to deploy this ransomware. In addition, this report provides recommendations for prevention and mitigation.

The SamSam actors targeted multiple industries, including some within critical infrastructure. Victims were located predominately in the United States, but also internationally. Network-wide infections against organizations are far more likely to garner large ransom payments than infections of individual systems. Organizations that provide essential functions have a critical need to resume operations quickly and are more likely to pay larger ransoms.

The actors exploit Windows servers to gain persistent access to a victim’s network and infect all reachable hosts. According to reporting from victims in early 2016, cyber actors used the JexBoss Exploit Kit to access vulnerable JBoss applications. Since mid-2016, FBI analysis of victims’ machines indicates that cyber actors use Remote Desktop Protocol (RDP) to gain persistent access to victims’ networks. Typically, actors either use brute force attacks or stolen login credentials. Detecting RDP intrusions can be challenging because the malware enters through an approved access point.

After gaining access to a particular network, the SamSam actors escalate privileges for administrator rights, drop malware onto the server, and run an executable file, all without victims’ action or authorization. While many ransomware campaigns rely on a victim completing an action, such as opening an email or visiting a compromised website, RDP allows cyber actors to infect victims with minimal detection.

Analysis of tools found on victims’ networks indicated that successful cyber actors purchased several of the stolen RDP credentials from known darknet marketplaces. FBI analysis of victims’ access logs revealed that the SamSam actors can infect a network within hours of purchasing the credentials. While remediating infected systems, several victims found suspicious activity on their networks unrelated to SamSam. This activity is a possible indicator that the victims’ credentials were stolen, sold on the darknet, and used for other illegal activity.

SamSam actors leave ransom notes on encrypted computers. These instructions direct victims to establish contact through a Tor hidden service site. After paying the ransom in Bitcoin and establishing contact, victims usually receive links to download cryptographic keys and tools to decrypt their network.

Read the full report on technical specifications here

Ransomware attacks are not going away. You need to be prepared to defend and react.

Great Lakes Computer offers a range of data security services to help you prevent attack, mitigate risk, and remediate malware in the event you are a victim. Call us today to talk to our experts on how we can protect you.

Learn about SOCaaS