Archive for July, 2022

How To Configure PPPoE Bypass On The Bell HH4000 Hardware

Posted in Tips with tags on July 31, 2022 by itnerd

Since I got Bell Fibe 1.5 Gbps service installed, I’ve got a few questions about how I set up PPPoE bypass so that I can use my own router. I planned on doing a write up about that after I work out the speed issues that I had with my ASUS hardware, but since enough people asked about this I am doing this today.

First, let me explain why I want to use my own router rather the Bell HH4000 router, which stands for “Whole Home 4000”. I never, ever use the ISP supplied gear as that’s a way for the ISP to lock you in as it makes it difficult to switch providers. Because doing so would require you to basically tear down your network and rebuild it every time you switch. On top of that, ISP’s don’t have the best track record in terms of making their gear secure. Meanwhile most router companies spend more time and effort to make their gear secure. As long as you choose your vendor carefully, using a third party router is better from a security standpoint. Plus if you change ISP’s, at best it’s unplug one cable from the ISP’s hardware and plug the new ISP’s hardware in if you switch. At worst you have to do that and a bit of configuration on both the ISP’s hardware and your hardware. In the case of Bell, it’s the latter.

Now Bell’s HH4000 comes with the ability to do what’s called PPPoE bypass. In short, you type your PPPoE credentials into your router, and it passes them to the HH4000. Then assuming that they are correct, the HH4000 gives the router an external IP address and you’re good to go. It’s clean and simple and mostly works. I’ll explain the mostly part in a moment. But here’s all I had to do. Starting with the cabling:

  • Connect A CAT 5e or CAT 6 cable from HH4000 10Gbps Port which is the silver one on the right hand side on the back of the HH4000 to the WAN Port on the router

On the HH4000 side, I had to log into it and do some setup there:

  • Go to 192.168.2.1 and be prepared to type in your HH4000 password
  • Go to ‘Manage my Wi-Fi’ and do the following:
    • Change “Whole Home Wi-Fi” to OFF.
    • Under “Primary Wi-Fi network” click on “Advanced settings”.
    • Uncheck “Keep a common network name (SSID) and password for both 2.4 and 5 Ghz bands.”
    • Turn OFF the 2.4GHz network but leave the 5.0GHz on so that you can get back into the HH4000 if you need to.
    • Turn off Guest Network
    • Click “Save”
  • Click on “Advanced Tools and Settings”
  • Turn off UPnP, DLN and SIP ALG
  • Click “Save”

Next you have to log into your router and in the WAN section, set it up for PPPoE. How to do that varies by brand. But I will use my ASUS router as an example:

As you can see here, under “WAN Connection Type”, I have PPPoE selected. And under “Account Settings” I have my PPPoE username which starts with “b1” and password. Those have been redacted for security reasons. If you don’t have your “b1” PPPoE username and password, you can either get them from the Bell technician who does your install, or from the MyBell portal. You should also set up your PPPoE connection to connect automatically (in my case that’s the “Disconnect after time of inactivity” option) and make sure that PPP authentication is set to “auto”.

Once you do that, you should be able to connect to Bell’s network. If you get an WAN address that isn’t 192.168.2.xxx, then you’re good to go.

Here’s where I explain the “mostly” part. One thing that I noticed right away is that my upstream speed is way lower than the 1.06 Gbps that my connection is capable of. At the moment I am getting just over half that speed. And that’s likely because of how ASUS implements PPPoE. I say that because if I use DHCP to connect to the router, I get all the speed that I am paying for. Now some of you will say why don’t I use DHCP? That creates what’s called a double NAT which can play havoc with applications. If you really want to get into the weeds, you can read this but here’s what you need to know:

In a typical home network, you are allotted a single public IP address by your ISP, and this address gets issued to your router when you plug it into the ISP-provided gateway device (e.g. a cable or DSL modem). The router’s Wide Area Network (WAN) port gets the public IP address, and PCs and other devices that are connected to LAN ports (or via Wi-Fi) become part of a private network, usually in the 192.168.x.x address range. NAT manages the connectivity between the public Internet and your private network, and either UPnP or manual port forwarding ensures that incoming connections from the Internet (i.e. remote access requests) find their way through NAT to the appropriate private network PC or other device.

By contrast, when NAT is being performed not just on your router but also on another device that’s connected in front of it, you’ve got double NAT. In this case, the public/private network boundary doesn’t exist on your router — it’s on the other device, which means that both the WAN and LAN sides of your router are private networks. The upshot of this is that any UPnP and/or port forwarding you enable on your router is for naught, because incoming remote access requests never make it that far — they arrive at the public IP address on the other device, where they’re promptly discarded.

Thus a double NAT is not optimal. Now to be fair to ASUS, they are likely not the only ones with a poor PPPoE implementation in their routers. I am just pointing the finger at ASUS as that’s the router that I have and I have clearly proven that it is at fault. Which is why I have opened a support ticket with ASUS to get them to address this as in the age of 1 Gbps or faster Internet connections, having a router do what I am describing isn’t acceptable. Thus the vendor of said router should be held accountable.

Now some of you will point out that another option other than to use PPPoE passthrough is to use Bell’s “Advanced DMZ” function along with DHCP. From what I can tell from experimenting with it, it moves your router into the HH4000’s DMZ or demilitarized zone where it can give the the device, in this case my router an external IP address. And this does work as it gives my router the full speed the I am paying for. But based on my research, Bell doesn’t implement this very well as many have reported that a router that sits in the DMZ can often lose Internet connectivity every day or two which is not good to say the least. Thus this option is likely one that you should avoid. Though I may try it for giggles just to find out if the instability of this option that has been noted by others is something that I see.

Now what would be better is if Bell much like Rogers implemented a proper bridge mode. That’s a mode where the device shuts off all routing functions and basically becomes a modem that served up an external IP address to the router. But Bell wants you using their gear for everything and I guess that by not having a proper bridge mode, they force the less technical down that path and lock them into using their service.

If you have any questions about any of this, please let me know in the comments. Or if you have a 100% reliable method to bypass the HH4000, I would love to hear from you as well.

UPDATE: I did some more experimentation with the “Advanced DMZ” functionality built into the HH4000. My conclusion is that it isn’t very stable based on the fact that it broke HomeKit support and VPN connections from my network to another network would not work at all or very well. Thus I would avoid this option entirely.

UPDATE #2: There is an alternate way of doing this that appears to be stable for me and might work for you. Details are available here.

The Move From Rogers To Bell Is Almost Complete…. Here’s What Happened

Posted in Commentary with tags on July 30, 2022 by itnerd

Readers of this blog will recall that since the nationwide Rogers outage in early July and one additional outage after that, my wife and I lost all faith in Rogers ability to provide a reliable Internet product. Thus we decided to make the move to Bell. Which to be frank isn’t a company that has the best customer service, but as I’ve said previously, they have an Internet offering that destroys anything that Rogers currently offers. On top of that, they appear to be far more reliable than Rogers at the moment. Thus my wife and I made the switch. And just to get you up to speed, you can read about the ordering process which was a bit of a mess here and here.

Now on Tuesday which was two days before the install, I got a call from Bell claiming that Rogers would not port my number across to Bell. I found that difficult to believe as by law if they get a number porting request, they have to honour it. And when I pointed that out the Bell rep, the rep assured me that she would resubmit the request and get it done. Though the rep also said that I would have to call into Rogers to cancel Internet and TV as Bell couldn’t do that for me. I was fine with that and ended the call.

Total time invested: 2 Minutes.

Ninety minutes later Bell calls again. This time they wanted to explain to me that if I wanted my home phone service to stay working in the event of a blackout, I needed to buy a UPS. I told the agent that I was aware of that as I had read this article on the Bell website. That’s when the Bell rep pivoted to trying to upsell me to TV, mobile phone service, and home monitoring. And the rep was hyper aggressive. I blew the rep off and ended the call.

Total time invested: 6 Minutes.

This illustrates how aggressive Bell are in terms of getting all your services. Thus you have to survive that if you want their services. It also means that you will get more of this upselling the longer you are with Bell.

In any case, we fast forward to Thursday which was install day. My wife and I spent the day before clearing out the area next to the place where the fiber cable enters my condo. Here’s a picture of it:

This outlet is next to the door to my balcony, and this is where Bell ran the fiber cable about 5 or 6 years ago when they put fiber runs into every unit in the building as the were rolling out Fibe Internet. Bell ran individual fibre cables up the side of the building and into each unit. But they didn’t terminate the cable. I am guessing that they just wanted the cables in every unit so that all a tech had to do is light it up if you wanted Bell services. You can also see the Rogers cable jack next to it.

The install window was scheduled for 8AM to noon and everything should take two hours. The tech arrived at 9AM and was done by 10AM. And the first thing that he had to do is to terminate the cable.

The tech ran the cable from the box to this box. Then the tech plugged in a fiber patch cable into this box. I would have liked to see the Bell tech have everything self contained in the box that was in the previous picture.

Now the fiber patch cable went to this:

This is Bell’s new Whole Home 4000. This is the piece of gear that drives your telephone service, provides WiFi and TV. On the back it has a 10Gbps Ethernet port so that you can get fast speeds from Bell’s services. My plan was to use PPPoE passthrough to connect to this via my ASUS ZenWiFi AX XT8 mesh router as I never, ever use my ISP’s gear to power my home network. What PPPoE passthrough means that I use my PPPoE credentials on the ASUS mesh router to connect to the Bell network. Essentially passing through the Bell hardware to connect to the Bell network. I am doing this because unlike Rogers modems, Bell modems do not have a proper bridge mode which sucks for those of us who want to use our own gear. This requires you to get your PPPoE login information from the Bell tech, which he was all too happy to hand over. But if you can’t get it from your installer, you can get it via your MyBell account. If you’re interested in the technical details about how I set this up, I’ll be covering that in a separate article.

Once I did that, this is the speed I was getting from the Bell hardware:

Since I was paying for 1.5 Gbps down and 940 Mbps up, I was getting more than I pay for. However, this wasn’t what I getting from the ASUS XT8:

Now PPPoE does have some overhead, thus I was aware I would lose some speed by using PPPoE passthrough as a lot of consumer routers don’t do a good job of handling high speed PPPoE connections. But only getting just under 400 Mbps was pretty bad. I did some checking inside my router settings and found that I had QoS turned on. That can seriously mess with the speeds that you get. I turned that off and I got this:

This is better, but the upstream isn’t where I want it to be. I did some Internet searches and discovered that this seems to be an issue with ASUS routers where they can’t go much above 500 Mbps when using PPPoE. So I reported this to ASUS and provided my router configuration and logs to them so that they can investigate and tell me what if anything I can do to fix this. Or ASUS just fixes this in the form of a firmware update. But even with these speeds, the upstream speed is about 16 times faster than what I was getting with Rogers. So it is still a win. But I want more. One thing that I will point out are the ping times and the jitter. The ping time is insanely low. It’s one fifth of what I was getting with Rogers. That means that for gaming, Zoom or Teams calls, my wife and I will get great performance. In terms of jitter, which is a measurement of the variation or inconsistency of your ping speed, or put another way how consistent your ping speed is, it’s insanely low as well. Far lower than what I was getting with Rogers. Which again means great performance for gaming, Zoom, or Teams calls.

The only downer on this whole experience was the fact that I can’t use the FibeTV app which if you look at my story about the ordering process was slipped in. Apparently I have to wait until I get a Bell account number to activate that according to the two Bell reps that I spoke to. And that may take until late next week to happen. That really seems dumb and Bell really should do something about that. But I will report back on that when I get that working.

The last thing that I will cover is cancelling Rogers. To my surprise, they didn’t put up much of a fight. And they sent us a Canada Post return label to allow us to return our Rogers hardware. It was all very civilized and a total non-event.

I’ll continue to keep you posted in terms of my progress with Bell including getting my first bill to see if they do anything shady, and getting the FibeTV app working. Stay tuned for that.

Spring Activator x TELUS Pollinator Fund Launch Women-led Impact Investor Challenge

Posted in Commentary with tags on July 29, 2022 by itnerd

The TELUS Pollinator Fund will be back with Spring Activator to launch their first Women-led Impact INvestor Challenge. This will help support the growth of women running impact-focused businesses and also support new investors in the venture space.

Early-stage women-led startups across Canada, and new investors or those interested in impact investing can apply. Details can be found in this blog post here: https://spring.is/news/spring-activator-launches-women-led-impact-investor-challenge/

Happy System Administrator Appreciation Day 

Posted in Commentary with tags , , on July 29, 2022 by itnerd

 Today is System Administrator Appreciation Day which is now in its 23rd year.

As you may already know, this holiday comes at a time when according to prevailing news reports such as that from CNBC, layoffs have hit a record low, voluntary departures (aka, the Great Resignation or the Big Quit) persist, and the job openings rate continues to soar. Such trends are serving to fortify employee leverage, as employers strive to attract new employees, as well as retain their current workforce, with higher pay, enhanced benefits and other concrete demonstrations of appreciation.

In recognition of this day, I have some thoughts from Don Boxley, CEO and Co-Founder of DH2i (www.dh2i.com), Surya Varanasi, CTO of StorCentric (www.storcentric.com), and Brian Dunagan, Vice President of Engineering, Retrospect, a StorCentric Company (www.retrospect.com): 

Don Boxley, CEO and Co-Founder, DH2i

“There are numerous reasons to appreciate your System Administrator (SysAdmin). For instance, one of the most challenging aspects about working with technology is oftentimes not so much the technology itself, but rather the relationship between the technology and the people who use it. It is our SysAdmins who are invariably responsible for making sure that employees can use technology in an efficient, productive and safe manner.

This could certainly be seen during the start of the pandemic, when people were first sent home virtually overnight to work. Many organizations were forced to depend upon their virtual private networks (VPNs) for network access and security and then learned the hard way that VPNs were not up to the task. Savvy SysAdmins however recognized that VPNs simply were not designed or intended for the way we work today. They saw that external and internal bad actors could and were exploiting inherent vulnerabilities in VPNs. Instead, forward-looking SysAdmins saw there was an answer to the VPN dilemma. It was and still is an innovative and highly reliable approach to networking connectivity – the Software Defined Perimeter (SDP). This approach enables organizations to build a secure software-defined perimeter and use Zero Trust Network Access (ZTNA) tunnels to seamlessly connect all applications, servers, IoT devices, and users behind any symmetric network address translation (NAT) to any full cone NAT: without having to reconfigure networks or set up complicated and problematic VPNs. With SDP, SysAdmins can ensure safe, fast and easy network and data access.

This is of course just one example of countless reasons to appreciate your System Administrator.

Bottomline, our SysAdmins play a vital role in ensuring our workforce can leverage technology to help our organizations succeed at the agile and accelerated pace business now demands. So, why don’t you show your SysAdmin deserved acknowledgement on System Administrator Appreciation Day, and even better yet – all year long!”

Surya Varanasi, CTO, StorCentric:

“I have long maintained that demonstrating employee appreciation is not only the right thing to do, but a fundamental cornerstone in creating and maintaining competitive advantage. This has never been truer than it is today, in the face of trends like the ‘great resignation’ and as competition for talent continues to escalate across virtually every job market. Prevailing research backs this up – according to the Pew Research Center, among the top three reasons that U.S. workers left a job in 2021 was “felt disrespected at work.” 

System Administrator Appreciation Day provides an ideal opportunity to recognize one of your organization’s greatest assets – its SysAdmins, who are also likely responsible in large part for your organization’s other greatest asset – your data. This responsibility is no easy task, especially given the current global cybercrime climate. Approximately 37% of global organizations said they were the victim of some form of ransomware attack in 2021, according to IDC’s “2021 Ransomware Study.” Likewise, the FBI’s Internet Crime Complaint Center reported 2,084 ransomware complaints from January to July 31, 2021. This is a 62% year-over-year increase.  

However, smart SysAdmins already know that by deploying an advanced Unbreakable Backup solution they can protect their organization’s data via an immutable, object-locked format which then takes it a step further by storing the admin keys in another location entirely for added protection. Other key capabilities SysAdmins use to their advantage are policy-driven data integrity checks that can scrub the data for faults, and auto-heals without any user intervention. In addition, with dual controllers and RAID-based protection SysAdmins can enjoy high availability protection that can provide data access in the event of component failure. Recovery of data is also faster because RAID-protected disk arrays are able to read faster than they can write. With an Unbreakable Backup solution that encompasses these capabilities, SysAdmins can ease their worry about their ability to recover — and redirect their time and attention to activities that more directly impact bottom-line objectives. And consequently, reinforce their immeasurable value to their organization.”

Brian Dunagan, Vice President of Engineering, Retrospect, a StorCentric Company:

“System Administrator Appreciation Day reminds us how important it is to show appreciation for one of our organizations’ most strategic and valuable assets – the SysAdmin. This is especially true today, given the increasing challenges most SysAdmins need to address on a daily basis.

One such issue most SysAdmins are having to deal with is cyberattacks. Ransomware and other malware continues to hamper businesses and government agencies around the world, locking them out of their operational workflows and then demanding exorbitant payments (after which unfortunately, data is oftentimes never unblocked and/or returned). With the advent of RaaS (Ransomware as a Service), these attacks are becoming even more commonplace, targeting an ever-expanding segment of organizations. It is often the SysAdmin that must enlist the tools necessary to mount a defense, as well as detect early signs of intrusion. And, they need to be able to recover quickly and affordably, should they experience a successful attack. Of course the truth is that today, it is not really a question of if an organization will be successfully breached, but more realistically simply a question of when, making this SysAdmin responsibility all the more crucial. When the SysAdmin is at their best, all of this service is taking place rather transparently, which is why System Administrator Appreciation Day is so important.

Creating a culture of appreciation can take time. So, while System Administrator Appreciation Day officially comes once a year, why not start today, commit to the process and recognize and reward your SysAdmins (as well as the rest of your invaluable workforce) on a regular basis!”

TELUS Investing $10 Million In Leduc This Year   

Posted in Commentary with tags on July 28, 2022 by itnerd

TELUS has announced a $10 million investment across the City of Leduc in 2022 as part of its $17 billion investment in operations, network infrastructure, and spectrum across the province now through 2026, creating 8,500 new jobs for Albertans and connecting more families and businesses to TELUS’ world-leading 5G and TELUS PureFibre networks. 

Earlier this year, TELUS announced it is using the power of its Smart Hub technology and  award-winning 5G network to bring rural Canadians in B.C. and Alberta home Internet speeds up to 100 Mbps. Residents in Leduc were among the first in the country to access these ultrafast home Internet speeds, which is up to four times faster than speeds currently available through a 4G network. With these faster 5G Internet speeds, customers in Leduc can simultaneously stream their favourite shows, game, surf the web, make video calls, and work or learn remotely.

TELUS’ commitment to Alberta extends well beyond investments in operations and infrastructure. Since 2000, TELUS, its team members and retirees have provided over $198 million in cash, in-kind contributions, time and programs and volunteered 3.2 million hours to charities and community organizations located in Alberta.

Across Alberta, TELUS’ significant investment of $17 billion now through 2026 also includes:

  • Creating new jobs to support Alberta’s growing economy Hiring 8,500 Albertans with a focus on construction, engineering, and emerging technologies at TELUS and through its vast partner ecosystem now through 2026.
  • Connecting nearly 1 million homes in Alberta TELUS will connect hundreds of thousands more homes and businesses across Alberta including in Airdrie, Calgary, Edmonton, Leduc, Lloydminster, Spruce Grove, and St. Albert. PureFibre is Alberta’s only 100 per cent pure fibre-to-the-home network and currently reaches nearly 1 million homes and businesses across the province. The symmetrical upload and download Internet speeds and nearly infinite bandwidth enabled only by PureFibre means everyone can work, stream, game, or make video calls at the same time. 
  • Delivering 5G to Remote Communities With the rollout of 3.5 GHz spectrum additions later this year, Albertans will have access to TELUS’ 5G network delivering an ultrafast and reliable wireless connection. Albertans living in some rural and remote communities are also some of the first in the country to access home Internet speeds of 100 Mbps through TELUS’ 5G fixed wireless network, using the capabilities of 5G to provide a powerful alternative to a wired Internet connection.
    • TELUS’ global-leading wireless network was rated the fastest mobile network for the eighth consecutive time by UK-based Opensignal, while also earning the title of North America’s Fastest Mobile Network and being named Canada’s Fastest Mobile Network by Seattle-based Ookla® for the ninth consecutive time.
  • 5G Core and Multi-Access Edge Computing TELUS will introduce its 5G standalone network this year and bring multi-access edge computing (MEC) capabilities that will further advance IoT and industry solutions that will enable important innovations for businesses and sectors, including health, agriculture, energy, transportation, and manufacturing.
    • Our network and crucial investments will support the digitization of the economy, and our transition to a sustainable future, including through optimisation of energy consumption at home, reduction of food waste or intelligent transport systems that result in fewer emissions.
  • Contributing to a greener Alberta and planet  As a global leader in sustainability, TELUS’ network infrastructure and investments are helping us transition to a sustainable future through the digitization of the economy, including optimizing energy consumption at home and reducing food waste through its TELUS Agriculture solutions. 
    • The 2021 Sustainability Report outlines TELUS’ environmental, social, and governance strategy and priorities which includes the ambitious goal to use 100 per cent renewable energy by 2025. Moreover, TELUS’ world-leading wireless and wireline networks enable significant carbon avoidance by providing the networks required for TELUS team members and millions of Albertans to work remotely and avoid commuting; access education, healthcare, and social connections virtually; and enable other businesses to take their workforce virtual leading to less energy consumption in office buildings and fewer commuters on the road. 
    • To date, TELUS has planted more than 800,000 trees and by the time its millionth tree is planted later this year, it will have planted the equivalent of 20,000 acres of forest, which is nearly the size of Red Deer. 
  • Supporting Alberta’s Agriculture Industry TELUS Agriculture is investing in integrated data management software, helping to scale animal health technology to deliver valuable insights and enable a more sustainable, responsive food supply chain. With a comprehensive portfolio of grower and advisor solutions, TELUS Agriculture is helping to improve both productivity and profitability for farmers in Alberta, notably with field-specific nutrient management programs aimed at increasing fertilizer efficiency and maximizing yield potential.

Since 2000 through 2021, TELUS has invested $220 billion nationally in network infrastructure, operations and spectrum, including more than $60 billion in Alberta over the past century. The investments announced in this media release are consistent with TELUS’ capital expenditure guidance for 2021, released in the fourth quarter of 2020 earnings release dated February 11, 2021.

Guest Post: Phone Heating Up This Summer? It Could Be Caused By More Than Hot Weather

Posted in Commentary with tags on July 28, 2022 by itnerd

By Hank Schless, Senior Manager of Security Solutions at Lookout

Has your phone been acting strangely? Maybe you’ve noticed mysterious apps, or your battery is draining  quicker than usual. While these activities don’t always mean your phone is at risk,  they could be important signs that your device is compromised leaving your personal data at risk.

Lookout, the leader in delivering integrated Security, Privacy, and Identity Theft Protection solutions, has gathered the most common signs that your phone compromised : 

  • Overheating Phone
    It’s possible that threat actors may be transferring a lot of your data to their remote server from your device, making your cell phone overloaded with work.
  • Random Apps Downloaded
    Hackers can be responsible for installing apps that spy and monitor your activity – check and remove every app that seems suspicious or unfamiliar.
  • Lagging Performance 
    Malware creeped onto your phone by hackers could very well slow down your processor – ensuring dropped calls, undelivered texts, crashing and freezing. 
  • Consistent Intrusive Pop-Ups
    An unusual amount of pop-up ads, home screen updates or bookmarks to unknown websites could be a sign of an adware infection. Steer clear! 
  • Weak Battery Performance
    Unwanted apps installed on your phone can hijack your phone’s resources and drain your battery quickly.

To be proactive about your security and protection, download the https://protection.lookout.com/ app for all of your devices.

New Attack Uses APT Group Techniques, Mirrors Legit Landing Pages For Convincing Credential Harvesting

Posted in Commentary with tags on July 28, 2022 by itnerd

Avanan has published its newest research, discovering threat actors using ever-changing obfuscation methods, previously seen in attacks led by the APT group SPAM-EGY to mirror images of an organization’s landing page and fool users into handing over their credentials. 

This attack presents users with a typical looking password expiration reminder email. By clicking on the provided URL, victims are directed to a fake page that mirrors the actual company website displaying identical images of the organization’s login page that users are accustomed to seeing. 

 Jeremy Fuchs, Cybersecurity Research Analyst at Avanan Had this to say:

The information the attackers are after is primarily credentials–usernames and passwords. They are after them because they are incredibly valuable. Passwords are keys to the kingdom. They can open up financial documents, personnel files, employee records; they can lead to bank accounts and medical records. By stealing credentials, the attackers have a whole bevy of information at their finger-tips

We’ve seen this off and on for about two years and it’s quite simple. One of the groups that does this, SPAM-EGY, claims “10,000% access to the inbox.” In that regard, they’re doing quite well.

Like with most phishing attacks, there are some telltale signs. It’s important to remind employees to take two seconds and do two quick things–look at the sender address and the URL of the page. The sender address is often amiss; that’s clue one that something is off. The URL will also likely be off; that’s clue two. Infusing that into everything employees do is critical.

Phishers take what works and amplify it. If something works, they’ll keep at it. Given that many of these attacks are available as downloadable “kits”, the barrier to entry is far lower. That means we’ll see a continued proliferation of these types of attacks, only spread by various groups, both APT and non-APT alike.

You can read the full report here.

Get Ready For Roku Originals WEIRD: The Al Yankovic Story

Posted in Commentary with tags on July 27, 2022 by itnerd

Get ready for WEIRD! I wanted to put the premiere of WEIRD: The Al Yankovic Story in your calendar. The Roku Channel original will be premiering on the platform on November 4, 2022.

The film stars Daniel Radcliffe in the titular role of “Weird Al” Yankovic, check out the film’s teaser trailer here ahead of its fall release:

IBM Comes Out With A Report On The Cost of a Data Breach

Posted in Commentary with tags on July 27, 2022 by itnerd

IBM has released the annual ‘Cost of a Data Breach’ report, conducted by Ponemon Institute, which found that the cost of a data breach in 2022 totaled $4.35 Million, an increase of 2.6% since last year’s total of $4.24 Million.

Sanjay Raja, VP of Product, Gurucul had this comment:

     “The follow-up attack effect, as described, is a significant problem as the playbooks and solutions provided to security operations teams are overly broad and lack the necessary context and response actions for proper remediation. For example, shutting down a user or application or adding a firewall block rule or quarantining a network segment to negate an attack is not a sustainable remediation step to protect an organization on an ongoing basis. It starts with a proper threat detection, investigation and response solution. Current SIEMs and XDR solutions lack the variety of data, telemetry and combined analytics to not only identify an attack campaign and even detect variants on previously successful attacks, but also provide the necessary context, accuracy and validation of the attack to build both a precise and complete response that can be trusted. This is an even greater challenge when current solutions cannot handle complex hybrid multi-cloud architectures leading to significant blind spots and false positives at the very start of the security analyst journey.”

What’s worse than the economic cost is the repetitional damage that can happen. And that’s a dollar amount that you can’t calculate. Thus companies need to make sure that they don’t become the next headline.

Guest Post: Linux malware on a rise reaching all-time high in H1 2022

Posted in Commentary with tags on July 27, 2022 by itnerd

Until recently, cybercriminals have largely ignored Linux compared to other more popular operating systems. However, the new data shows that cyber attack trends are shifting.

According to the data presented by the Atlas VPN team, based on AV-ATLAS statistics, the number of new Linux malware reached record highs in the first half of 2022, as nearly 1.7 million samples were discovered. Compared to the same period last year, new Linux malware numbers soared by close to 650%. 

If we look at the new Linux malware sample numbers quarter by quarter, in the first quarter of this year, they dropped by 2%, from 872,165 in Q4 2021 to 854,688 in Q1 2022. Moving on to the second quarter, the malware samples decreased again, this time by 2.5% to 833,059. 

Yet the cumulative number of new Linux malware samples in H1 2022 was 31% higher than the number of such samples in the whole year of 2021. In fact, the first half of this year alone saw more new Linux malware samples than any other year since 2008.

New Windows malware still leads the way 

Although Linux was the only operating system that saw growth in new malware samples in the first half of this year, Windows had the most significant number of new malware applications overall. In total, 41.4 million newly-programmed Windows malware samples were identified in H1 2022. 

Although Linux holds only 1% of the operating system market share, it occupies the second spot on the list with 1.7 million malware samples in H1 2022.

Meanwhile, the most popular operating system, Android, had 716,201 newly developed malware samples in H1 2022, followed by macOS with 4,922.

All in all, while Linux is not as popular among computer users as other operating systems, it runs the back-end systems of many networks, making attacks on Linux highly lucrative. As Linux adoption rises, so will attacks against it.

To read the full article, head over to: https://atlasvpn.com/blog/linux-malware-on-a-rise-reaching-all-time-high-in-h1-2022