Security breach! How to prevent your G Suite domain from getting hijacked

Legacy security solutions are no longer as effective against todays clever hacking methods, and on-premise hardware can often lack sufficient scale and performance to protect internet connected application infrastructures as they grow. As more organizations move their operations online, they need a cloud-based security solution that can defend their domain, email, valuable data, and in some instances, brand image.

Lately we have witnessed increasingly clever phishing attempts in our customer base. Some of these attempts are so sneaky you'd need to do a double or triple take to notice it as a red flag. Take for example a long time customer of ours who was sent an email with an almost identical domain name (only one letter was different). The email came from the actual domain name, meaning that the hacker had invested the time and money to purchase and configure the domain with the intent to hijack the real customer domain. Luckily our customer realized it was a malicious email and immediately deleted it and reported the domain to Google.

G Suite's cloud based security protocols are top notch. Google recently added a new security feature in Gmail to warn users when responding to emails sent from an external domain and not someone in their contacts. This feature increases awareness against forged email messages, impersonation, as well as common user-error when sending mail to incorrect addresses.

When a user clicks 'reply' in Gmail, Google scans the recipient list, including addresses in CC to verify the risk level. If a recipient is external to the user’s organization, not present in their Contacts or not someone the user interacts with regularly, the warning is displayed automatically. This is a subtle, yet powerful, way to keep your users vigilant.

A valuable step to take to prevent a hijacking is to create a rule in Gmail to bounce emails from domains that have close spellings. Here's how:

1. Login to your G Suite Admin account.
2. Go to Apps ---> G Suite ---> Mail ---> Advanced Settings
3. Under the Spam Section, Blocked Senders ---> Configure
4. Enter a (very) short description for the summary of what's being blocked
5. Use an existing list or create a new list for the addresses that are going to be rejected (you can choose single or multiple domains and single or multiple email addresses.)
6. Optional; you can edit the rejection notice that the sender will receive in the blocked bounce-back (leaving it blank will use the default).
7. "Bypass this setting for messages received from addresses or domains within these approved senders lists." - this option can be ignored (defaults to being checked off, but does not matter unless a list is created or used in this section).  This option also serves the purpose of allowing exceptions that can still send (eg. malicious.ca is blocked, but hacker@malicious.ca is allowed, or malicious.ca is blocked, but hackers.malicious.ca is allowed to bypass).

As long as we live in a world of technology, attackers will always look for ways to target us. As the internet evolves, the methods and techniques used by these attackers evolve along with it. It's important to understand that vulnerabilities do exist and the best way to avoid a compromised system is to set preemptive measures like the ones G Suite offers. The challenge with web security lies in that very changing nature. True cloud solutions offer the latest and most secure methods to provide the utmost protection for your online assets.

To learn more about cloud security and G Suite, contact Interlock IT today!

No more forged emails! - SPF and DKIM

Secure email is vital to any organization. If you have ever received email from your employee or a company you do business with, but it's actually really from a malicious/unknown source, then you've seen first hand how easy it is to forge emails. Our previous blog post covered how users can prevent important email from landing in their spam folder. This post covers a common question we get from our customer base; why does sent email end up in the recipient's spam folder or isn't delivered at all?

Every recipient is unique and has different spam filtering settings for messages being received. Typically, recipient servers don't provide information about spam filtering to the sender of an email simply because it makes the recipient vulnerable by giving too much information to actual spammers who could then potentially get around the filters. This is where SPF and DKIM authentication come into play. Authentication legitimizes the source of the email to prove it isn't forged and is a thorough way of ensuring your email is delivered to the person you are sending to.

A sender policy framework (SPF) record is a type of DNS (domain name server) record that identifies which mail servers are permitted to send email on behalf of your domain. SPF records are used to prevent spammers from sending email on your behalf. It essentially asks, "is this email coming from an authorized mail server?" If it isn't, the email is likely to be spam.

A DomainKeys identified mail (DKIM) record simply adds a digital signature to emails your organization sends. The email recipient servers check if the signatures match and if so, the email hasn't been tampered with and is from a legitimate sender. Fundamentally, the DKIM check verifies that the message is signed and associated with the correct domain.

Having both SPF and DKIM records in place can greatly reduce the potential of spam email appearing to be sent from your domain and also improves email deliverability. An easy way to check if your domain's SPF and DKIM records are in compliance with Google's recommendation is by going here: https://toolbox.googleapps.com/apps/checkmx/check.

The interlockit.com SPF address declares that Google Apps, Freshbooks, Sendgrid, and MailChimp are all authorized to send email on behalf of our domain. 

Our team at InterlockIT has assisted many hundreds of companies and organizations update and correct their DNS records resulting in very happy customers. Be sure to contact us today to prevent email forgery for good!

The world's most-used Android app may surprise you

You'd expect to see apps such as Twitter, Facebook, and WhatsApp on top of the most used lists for Android, but this isn't the case. According to app analytics tracking firm Drawbridge, the most used app of Q4 2015 was Clean Master by Cheetah Mobile, a Chinese mobile internet company. Clean Master is an app management platform that promises to "improve your device's performance by cleaning junk files, optimizing device memory, providing complete protections against viruses and managing the apps you installed."

The company targets their app directly at the low level of tech know-how of the average consumer. Plain and simple, most users just want their device to perform fast! Without understanding what the application really does, they see a promising illusion of a 'speedier and cleaner' device. It's hard to blame consumers when the appeal is so great and the marketing and design is done exceptionally well.

Apps like Clean Master may have once been useful but Android has progressed far enough that they are now obsolete, unnecessary, and can be harmful. The Android operating system has it's own native handler for assigning RAM to apps and making sure that all of it is being used in the most optimal way. In fact, Android purposely tries to keep apps loaded into RAM for better performance. Remember, RAM is fast, so on mobile devices every bit of speed is crucial for a good user experience. Therefore, keeping apps in RAM is actually a good thing!

Not only does Android handle RAM assignment, but it also keeps track of background apps, automatically closing or hibernating them so that there isn't a noticeable performance hit for leaving apps loaded in RAM.

App killers, memory boosters, performance enhancers and the like, all claim that freeing up your memory will speed up your device. With current versions of Android, this simply isn't true and actually does quite the opposite. Task killer apps kill other apps which use resources to process. When the operating system restarts those tasks, or other apps to fill the memory again, this takes even more resources. The task killer app kills again and the process repeats itself continuously. Essentially, these apps reduce performance and decrease battery life by restarting apps again and again. It's important to understand that dormant apps on your device don't consume any additional resources (for example, CPU time and battery life) in the first place. Additionally, apps like Clean Master barrage your device with unnecessary notifications, like how a certain app is stealing x-amount of RAM and how another app is violating privacy (without any proof), which often hurt productivity and can be quite distracting and annoying for the user.

Beware of apps that claim to instantly 'breathe new life' into your device. Android's RAM and cache management systems are rock solid. Because these task killer apps clear out even the essential processes of the operating system, restarting them is a big drain on system resources. Whatever speed increase the user feels is purely imaginary which makes this probably the best example of a placebo effect in the Android world. Be sure to check out the Lifehacker article to learn more about task killer apps and alternative ways to increase the performance of your device. For expert advice on technology and Google related assistance, be sure to contact our InterlockIT support team!

The future of malware - Google Apps protects you

In the last few weeks, a relatively new "ransomware" package has been making its way through the world's computer systems, spreading via email. The email messages where the malware lives appear to come from legitimate sources (banks, accountants, and more) but are really just highly sophisticated phishing messages.

Of course, your best course of action if you aren't expecting a message to have an attachment is always to not open that attachment and instead call the sender directly to verify it. While Google has very, very good spam and phishing detection, it's not perfect, and the last line of defense is you.

The message you'll see once your files are encrypted.

The malware, called CryptoLocker, works by scanning your computer and any network shares for a huge variety of files, including Office documents, pictures, PDFs, and Outlook PST files, among others, and then encrypting them with a nigh-unbreakable 2048-bit RSA encryption key. Once the encryption process is complete, you'll be presented with the message above, demanding a $300 payout to unlock your files and warning you that attempting to remove the software will immediately destroy the private key stored on the remote server.

According to a number of posters on a month-old reddit thread detailing the malware, paying the $300 ransom does work and you will be provided with a key that will decrypt all your files.

The advantage of Google Apps

But it would be much easier to simply not have to worry about this kind of thing at all, wouldn't it? Thankfully, Google Apps protects you from this kind of attack by blocking the sending or receiving of any and all .exe files, even those contained in archived zip files. The best defense is, as always, staying vigilant, but it's nice to know that you don't have to worry about opening any suspicious .exe files, since Google stops them from ever getting to you.

Can your current email system do that? If it can't, it might be time to consider switching to one that allows you to focus on the important things and not worry about whether or not every message you receive contains a hidden malware payload.