Posts

Nodersok: How Can You Protect Your Enterprise From Malware Threats?

By Slava Gorelik – Founder and VP R&D


Malware threats to data

Hackers are getting more ingenious by the day with fileless invisible malware types that escape detection. Nodersok is the latest in the line, but it is only one amongst many. Top 10 malware infections in 2019 included Emotet, Wannacry, ZeuS, Dridex, and Kovter. How can an organization secure itself against such: malware threats to data?

What is Nodersok?

In September 2019,  researchers from Microsoft’s Advanced Threat Protection (ATP) team discovered a fileless multi-stage infection, node.js based malware. They dubbed it Nodersok. Fileless threats pose a different level of  Malware threats to datachallenge compared to file-based ones and need advanced techniques to manage prevention. Nodersok uses valid tools and ensures nothing malicious is written to the disk. The malice resides in-memory. The entire Nodersok campaign runs in four stages, finally disabling the Windows Defender Antivirus and turning the machine into a proxy. Nodersok has affected a range of industry sectors with a particular fondness for the education sector.

How prevalent are malware attacks?

Different though they are, these forms of malware show certain common aspects:

  • Microsoft Office is a favorite
  • Email is the primary attack vector
  • Over 60% of the attacks target the small business category. 

How do you protect your organization and data from them?

Malware protection in Office 365

New call-to-action

If your enterprise has moved to Office 365, you have taken a step in the right direction. Office 365 comes with built-in protection that prevents the introduction of malware into Office 365 via a client or from an Office 365 server.  Exchange online ensures that all emails travel through the Exchange Online Protector (EOP) which scans and quarantines in real-time.

Microsoft also offers Advanced Threat Protection (ATP) with an email filtering service that provides additional protection against phishing. Similar protection exists for Sharepoint Online and OneDrive for Business as well.  With all the defense in place, malware threats to data still do materialize and while there is no consistent globally agreed way to track and report a cost per infection, in 2018, in the US alone the average cost per breach was $7.9 million.

Data loss from threats like malware are an established reality and enterprises both big and small cannot afford to take the risk. For malware to infest your organization, all it takes is one wrong click, one crafty phishing attack, one infected flash drive. Office 365 cannot protect you from data loss/corruption due to such attacks at your end. This is why third-party SaaS backup is so critical to protecting your organization’s data.

How can SaaS backup protect against Malware threats to data?

The damages of malware threats to an organization include data corruption, data loss, identity theft, and security/network breaches. The repercussions of such an attack go far beyond financial loss; they can decimate a company’s reputation and customer base, which has taken years to build, in a few hours. When struck with a malware attack, the best way to minimize its damage is to ensure business continuity with quick disaster recovery.

Central to that is having a reliable backup and recovery solution. SaaS backup of Office 365 can enable you to easily and quickly recover an accurate copy of your data and can completely blunt the malware attack. Office 365 does come with native solutions like Recycle Bin, however, they offer limited-timespan restores and recovery can be cumbersome. 

How can CloudAlly help?

CloudAlly pioneered cloud backup way back in 2011. Resultantly we have nurtured a mature suite of robust SaaS backup solutions for Office 365 Backup, Sharepoint and OneDrive.  We were also ranked #1 by Newsweek by over 10,000 IT Pros.

We offer a full-featured 15-day free trial which you can activate and start backing up your data in minutes and are very highly rated and recommended by our users. We also offer considerable discounts for educational institutions, non-profit organizations, and as a part of our partner program. Contact us and we will be happy to have an expert guide you.

Multi-Factor Authentication (MFA) Is the New Office 365 Mandate – Does Your CSP Support It?

Office 365 MFA

By Monty Sagal – Director of Channel Enablement & Compliance

Office 365 MFAOffice 365 comes with top-of-the-line security built into its entire suite. However, it cannot protect you from SaaS data loss from your end. These include some of the most common causes of data loss due to human error, malicious intent, sync errors, and malware. Microsoft has mandated certain security requirements from its Cloud Solution Provider (CSP) program partners to minimize the risk of Office 365 data loss. Most organizations typically liaise with more than a few CSPs, so it’s essential that you check that they comply with Office 365 security requirements.  Hence: Office 365 MFA, is the topic of our blog post.

This article is about:

New Office 365’s CSP Security Mandates

The year-on-year increase in the number and inventiveness of malware, phishing, and ransomware attacks has made cybersecurity a top priority for organizations worldwide. Repercussions of malware attacks are exponentially compounded on the cloud – as breaches can cascade from one SaaS app to another. In view of that, Microsoft has added two requirements from CSPs:

  • Mandatory Multi-Factor Authentication (MFA): All user accounts in the partner tenant must enable MFA to be able to“transact in the Cloud Solution Provider through Partner Center or via APIs”.
  • Adoption of the Secure Application Model framework: All partners integrating with the Partner Center API must “adopt the Secure Application Model framework for any app + user auth model applications”. 

New call-to-action

 Why does MFA matter?

The reason why MFA is the gold standard for secure app authentication (which is why Microsoft is mandating Office 365 MFA), is because it eliminates the risk of breaches due to weak passwords. 

If you think your strong password policy suffices, know that it can be easily broken into by most of the common types of malware attacks such as phishing, credential stuffing, keystroke logging. This is because they use credential interception, database breaches, and/or network scanning to steal the exact password, making its perceived “strength” immaterial.

Compromised credentials are the major cause of data breaches, and by bypassing them, MFA has demonstrated success in blocking 99.9% of breaches. The reason behind it is its use of a combination of password, security token, and possibly even biometric verification to authenticate users.

Why you should check that your CSP supports MFA

While Microsoft has mandated MFA, it is worth checking that your CSP supports it. Incidents like the data breach at PCM which gave hackers access to the Office 365 credentials of the company’s clients highlighted how one breached vendor app means your data is at risk too. A partner’s breach is as good (rather bad) as your organization being breached.

We at CloudAlly give the utmost importance to our customer’s data protection. Long before Microsoft’s mandate, we implemented MFA for our Office 365 cloud backup solution, as we believe it to be the most secure method of app authentication. Furthermore, CloudAlly supports the Secure Application Model, with OAuth permission-based access. CloudAlly also comes with ISO 27001 Certification and is compliant with GDPR, and HIPAA. So you can be sure that your Office 365 data is securely backed up with us. 

Try our full-featured 14 Day Free Trial and trust your data protection with a stringently secure partner. Because security is just not worth compromising.  Click Here to read more about our Office 365 Backup.

How Can You Recover a Deleted SharePoint Site?

Recover a deleted SharePoint site

Your team has created an elegant SharePoint Team Site for your intranet – it is the mainstay of your company. And then someone mistakenly hits delete or the site gets corrupted. Or worse still, an entire Site Collection gets erroneously deleted by another admin. As the Office 365 or Sharepoint administrator, it would be up to you to recover them. We thought we’d help out with a step-wise list of instructions to: recover a deleted Sharepoint site, along with best practices for Office 365 data recovery. 

This article includes:

Steps to recover a deleted SharePoint site

Note, that we’re assuming that you as the Office 365 or SharePoint administrator have the required permissions. If not, check with your technical support.

Consider you have a SharePoint site for the ‘CRM Development’ project team and it is located at https://ppmdev.sharepoint.com/crm/

Recover a deleted SharePoint site


Oops! The site has been accidentally deleted, and you will receive a 404 error when you try to access the site. 

404 error on access

Perform the following steps to restore the deleted site.

Step 1: Go to Site Settings

  1. Go to the root site collection of the deleted site. The link in our example is https://ppmdev.sharepoint.com/  (without subsite link ‘crm’). 
  2. Log in as a user with the site collection admin permissions
  3. In the top navigation panel click Settings and then select Site settings on the dropdown menu

Go to Sharepoint's Site Settings

Step 2: Go to the Second-Stage Recycle Bin

Click Recycle bin under Site Collection Administration section

Go to Sharepoint's Second-Stage Recycle Bin

The recycle bin might be empty. Click Second-stage recycle bin at the bottom of the page

Second-stage recycle bin

Step 3: Restore your deleted site

Select the site you want to restore and then click Restore

Select the site you want to restore

The restored site will disappear from the list after the restoring process is completed

Restored Sharepoint site removed from the Bin

To verify that the site has been successfully restored, go to the site’s source link https://ppmdev.sharepoint.com/crm/.

Sharepoint Site successfully restored

For additional information, read more from the Microsoft help center

New call-to-action

Limitations to Restoring Sites from SharePoint Recycle Bin

Here’s the caveat, and it’s an important one. Deleted sites are stored only for a maximum of 90 days. After the 90 day period, the deleted sites are automatically and permanently deleted.

Moreover, the Site Collection Recycle Bin has a quota on the amount of data that can be stored in the bin. If the quota is exceeded, then the oldest items, including deleted sites, will be automatically and permanently deleted.

SharePoint Recovery Best Practices

Native options such as restoring sites from SharePoint Recycle Bin have time-based and size-based limitations. As the administrator, when faced with the stress of a deleted site or site collection, what if you found that it could not be retrieved because the Recycle Bin got purged or three months have elapsed. Understand that such built-in solutions are meant as a bandaid measure and not as a robust recovery solution. 

Additionally, SaaS solutions cannot protect your from data loss at your end, due to human error or malicious intent, malware attacks, or sync errors. With one in three organizations having experienced SaaS data loss, you need a dependable backup and recovery solution to quickly get your lost data back – accurately and from any point-in-time.

CloudAlly’s SharePoint backup solution, comprehensively backs up SharePoint Online Team Site (and all sub-sites), Public Site (and all sub-sites), private Site Collections and OneDrive for Business Sites. What’s more, it stores the backup indefinitely and in Amazon’s highly reliable data centers. CloudAlly makes recovery a breeze with provisions for non-destructive restores both at the granular item-level or of the complete site.  Learn More.

Contact us to see how CloudAlly can smoothen your SharePoint recovery.

How Can You Safeguard Against Data Loss in Office 365?

Office 365 Data Loss

It is a myth that Microsoft will protect you from data loss in Office 365. Microsoft is incrementally ensuring a reliable service, but the data within your Office 365 tenant is your responsibility. However, it cannot protect you from Office 365 data loss at your end – due to malware, human error or malicious intent.

This article contains:

YOU have the onus of protecting Office 365 data

As per Compliance Laws

As per governance laws like the GDPR, HiPAA, SOX, and many others, protecting your customer’s data is a responsibility that is shared between the controller (your organization) and the processor (third-party service providers like SaaS platforms). Moreover, in the event of a data breach or data loss, “shared accountability” and “joint liability” is mandated.

Need another reason? Compliance laws also insist on the organization having “the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident”. What that means, is that they mandate that you have a solution or capability to accurately backup and restore data.

As per your Cloud Service Provider

Office 365 Data LossMicrosoft provides a highly reliable service with Office 365, but they themselves recommend backup in their service agreement, “We strive to keep the Services up and running; however, all online services suffer occasional disruptions and outages, and Microsoft is not liable for any disruption or loss you may suffer as a result. In the event of an outage, you may not be able to retrieve Your Content or Data that you’ve stored. We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services” 

Do not be mistaken – your data in Office 365 is your responsibility!

Ways data loss occurs in Office 365

Human Error: Office 365  has not yet reached the maturity where it can decipher intent when all the rules of the service are followed. We are talking about accidental deletions of data by parties with no ill-intent – plain human error. According to Aberdeen Group, research shows that 70% of all data loss is accidental.

Malware: Then there are malicious actors such as hackers, ransomware, and malware that can cause massive data loss. While there is so much you can do to fully prevent these attacks, these do happen and you need countermeasures.

And don’t forget about the disgruntled employee causing data loss by malicious intent!

New call-to-action

Office 365 outages do happen

Service in the cloud means 99.9% uptime. In the first few months of 2019 alone, Office 365 has suffered two major outages. The second outage dated 28th January 2019 was a massive two-day outage

Another Microsoft outage caused data loss where Microsoft deleted several Transparent Data Encryption (TDE) databases in Azure, holding live customer information. 

We are talking no email access, no customer emails, no spreadsheets, no presentations – Basically bringing your enterprise to a halt. Can you quantify the financial loss in having your data unavailable or lost for that long? 

What about native Office 365 archives

Office 365 offers short preset retention periods for deleted emails and deleted items in OneDrive. However, they hold data only for a limited period of time, do not backup regularly (your data will be outdated), and restoring data from may be cumbersome. Such options are more of an archival mechanism than a true backup and restore solution.

So how do you safeguard against Office 365 data loss?

So now that you know that your data in Office 365 needs dependable protection against data loss, what should you do? Select a 

Cloudally provides a safe (ISO 27001 certified, GDPR, and HIPAA compliant), secure (Amazon S3 Secure Storage and AES-256 Encryption) and flexible cloud backup solutions for Office365, Sharepoint and OneDrive, We were also ranked #1 under best business tool category by Newsweek by over 10,000 IT Pros. We offer a full-featured 15-day free trial which you can activate and start backing up your data in minutes and are very highly rated and recommended by our users.

Contact us to have an expert guide you as you navigate the waters of data protection to achieve a reliable and secure enterprise.

Do you really need to backup office 365?

How to Ensure Business Continuity When Microsoft Backup Fails!

The importance of being earnest with the need for 3rd party backup!

One of Microsoft Windows 10’s most effective built-in backup features used to be its Registry backups. Though the Microsoft backup commands Do you really need to backup office 365?were still running and allegedly being performed successfully, the actual Registry backups had in fact no longer been created – for over a year. So, do you really need to backup office 365?

After numerous complaints, Microsoft explained what was happening, but such a long gap between Registry backups certainly caused problems for companies. This kind of issue demonstrates the importance of creating third-party backups, even if your operating system promises to provide recovery options.  Backup for online business solutions is also required because of the lack of restore possibilities beyond the built-in data retention periods, in solutions such as Office 365, G Suite, etc.

LINK


What this article is about: 

  • Microsoft’s Registry Backups
  • History of Problems with Windows 10
  • Registry Backup Work-Around in Windows 10
  • Using CloudAlly’s Backup for Business

New call-to-action
Microsoft’s Registry Backups 

In June of 2019, Ghacks picked up on the fact that Microsoft was no longer creating Registry backups. While it seemed like these backups were being created as usual, only registry hives, not files, were actually appearing in the RegBack folder.

This meant, of course, that users weren’t able to restore their Registries back to an earlier state by using one of these backups.

Microsoft didn’t address this issue for nearly a year, and when they did, Forbes’ Consumer Tech writer Gordon Kelly calls their delayed response “worrying on multiple levels.”

It turns out that Windows 10 hadn’t been creating Registry backups for nearly a year. However, the tech giant didn’t dub this failure to make backups a bug or a glitch but instead called it a change “by design.”

An explanation (belatedly) issued by Microsoft reads:

“Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder… 

This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point.”

 What’s particularly shocking about this change is that users were led to believe that their Registry backups were still running as usual. After all, in the Registry backup folder, backups were still being added, though the actual file size of these phantom files was only 0 KB.

Kelly explains why Microsoft’s surprisingly-late explanation of this change is so problematic:

“Backing up a registry is a crucial last line of defense for many businesses and everyday users. Should a Windows System Restore point fail, barring the use of third-party software, the registry backup is all you have.” 

History of Problems with Windows 10 

When Windows 10 1803 was released in April 2018, users started complaining about the Registry backup issue in Microsoft’s Feedback Hub. However, nobody responded to their complaints or offered a solution to their problem.

Kelly dubs what Microsoft was doing here a “deception,” though it’s difficult to understand why the company might have wanted to make such a change without letting its user know about it. A backup registry usually takes up 50 to 100 MB on a disk, and if administrators wanted to free up this space, it seems they could have made the choice to turn off registry backups on their own.

While it’s unclear why Microsoft might have made this change – and then left users in the dark about it for more than a year – in April 2019, the company did promise to offer its users more transparency and honesty. However, as the company didn’t issue an explanation about what had been going on with Registry backup until two months after that, it remains to be seen if the company will live up to its promise.

With problems like these, it’s perhaps no surprise that so many users are resisting the move to Windows 10, instead hanging on to Windows 7 as long as they can.

Registry Backup Work-Around in Windows 10 

 Though Microsoft automatically disabled Registry backups, the company also gave administrators a workaround that allows them to re-enable this backup using by changing the Registry key’s value. Here’s how to do it:

  1.  First, type regedit.exe into the start menu and open the Registry Editor.
  2. Next, open the Configuration Manager using the key. HKLM\System\CurrentControlSet\Control\Session Manager\Configuration Manager\
  3. From there, right click on the Configuration Manager and choose New > Dword (32-bit) Value. Call it EnablePeriodicBackup.
  4. After your backup has been created, double-click it to set its value to 1.
  5. Restart the computer.
  6. When Windows reboots, it will start backing up the Registry to the RegBack folder again and will use RegIdleBackup task to start performing regular backups again.

Do you really need to backup office 365?

CAPTION: From Microsoft 

Obviously, though, since Microsoft turned off this functionality, it doesn’t recommend this method for restoring corrupt registry hives. Instead, it suggests using a system restore point for this type of restoration.

Further, setting a Registry backup at this point is too little, too late for many users. Any user that wanted to restore the Registry to before Microsoft’s announcement in June 2019 – backups they believed they had – are out of luck, unless they were backing up their files with a third-party platform in the first place.

Using CloudAlly’s Backup for Business – on cloud solutions.

Business who wish to maintain business continuity, and be able to restore from any point in time with an unlimited retention period, for  solutions such as Microsoft Office 365 online, need to backup with 3rd party providers.

In turn, CloudAlly offers the security to know that your data will be recoverable.  CloudAlly backs up your data daily and allows for unlimited archiving. What’s more, you can use granular restore for single lost files or you can restore a mailbox or calendar, without losing updated information.