With today’s massive ransomware outbreak, here are a few reminders of how to avoid becoming a victim.

RansomwareAs I was coaxing myself awake this morning with my usual jolt of strong coffee, I checked my favorite news sites & was informed of yet another ransomware attack. This one, which is believed to have originated from Ukraine, was first thought to be a variation of last year’s Petya ransomware outbreak, but upon further investigation, it appears that today’s malware is a new type – a worm that some computer experts are referring to as “NotPetya“. This attack demands a smaller ransom (in comparison to other attacks) of approximately $300, and then begins to serve its primary purpose – to wipe files on the computer. According to researchers at Symantec, this attack used the same National Security Agency hacking tool, Eternal Blue, that was used in the WannaCry outbreak, as well as two other methods to spread the attack. According to information provided by this article on CNN, if you’ve installed all of the latest Windows patches, you should be safe from this particular strain of malware, however, by no means is this a reason to be complacent. Administrators and end users must still be mindful of safety precautions.

Due to the proliferation of Malware as a Service (MaaS), just about anyone with the desire and the funds can initiate a malware attack, making new & emerging threats a real concern for the foreseeable future. This presents a good opportunity to review best practices for avoiding ransomware – for end users, and for administrators via the tools available in MDaemon and SecurityGateway.

How can end users protect themselves from ransomware?

End users should be aware of the following 18 email safety tips, which originally appeared in this post.

  • Change your password often.
  • Use strong passwords. Never use a password that contains “password” or “letmein”.
  • Use a different password for each of your accounts. If you use the same password for your bank account as you do for your email account, you become much more vulnerable to data theft.
  • Don’t open an attachment unless you know who it is from & are expecting it. Many of today’s social engineering tactics rely on the ability to trick users into opening attachments.
  • Be cautious about email messages that instruct you to enable macros before downloading Word or Excel attachments. This article provides a good overview of why you should not enable macros in Microsoft Word.
  • Use anti-virus software on your local machine, and make sure it’s kept up-to-date with the latest virus definitions.
  • If you receive an attachment from someone you don’t know, don’t open it. Delete it immediately.
  • Learn how to recognize phishing
    – Messages that contain threats to shut your account down
    – Requests for personal information such as passwords or Social Security numbers
    – Words like “Urgent” – false sense of urgency
    – Forged email addresses
    – Poor writing or bad grammar
  • Hover your mouse over links before you click on them to see if the URL looks legitimate.
  • Instead of clicking on links, open a new browser and manually type in the address.
  • Don’t give your email address to sites you don’t trust.
  • Don’t post your email address to public websites or forums. Spammers often scan these sites for email addresses.
  • Don’t click the “Unsubscribe” link in a spam email. It would only let the spammer know your address is legitimate, which could lead to you receiving more spam.
  • Understand that reputable businesses will never ask for personal information via email.
  • Don’t send personal information in an email message.
  • Don’t reply to spam. Be aware that if you reply to a spam email, your reply most-likely will not go back to the original spammer because the FROM header in the spam message will most-likely be forged.
  • Don’t share passwords.
  • Be sure to log out.

How can administrators protect their systems from ransomware?

The battle against ransomware cannot be fought by users alone. Administrators must also take steps to lock down their email infrastructure. These best practices will help protect your network and users.

Best Practices for MDaemon Administrators

  1. Enable account hijack detection. This feature will automatically disable an account if a designated number of messages are sent from it via an authenticated session in a given period of time. When the account is disabled, the administrator receives a notification so that corrective action can be taken. Instructions for configuring account hijack detection can be found in this knowledge base article.
  2. Enable dynamic screening. Dynamic screening is a feature that blocks future connections from a connecting server or client based on its behavior.  Instructions for configuring dynamic screening can be found here.
  3. Configure the IP Shield. The IP Shielding feature allows administrators to assign an IP address (or IP address range) to email messages from a given domain. Messages claiming to come from a specific domain must originate from one of the approved IP addresses. Exceptions can be made for users connecting from outside of the network who are using SMTP authentication.  Click here for instructions.
  4. Require SMTP Authentication. This helps ensure that the user authenticates with a valid username and password. Instructions can be found here.
  5. Use DKIM & SPF to detect spoofing. DKIM uses a private/public key pair to authenticate a message. When an incoming message is signed with DKIM, a DNS record lookup is performed on the domain taken from the signature and the private key taken from the signature is compared with the public key in the domain’s DNS records. SPF uses a DNS record that lists hosts that are allowed to send mail on behalf of a domain.
  6. Enable DMARC & configure your DMARC record. DMARC (Domain-Based Message Authentication, Reporting & Conformance) allows domain owners to instruct receiving servers on how to handle messages claiming to come from their domain that did not pass DKIM and SPF lookups.  Learn more here.
  7. Ensure that all connections (SMTP, POP, IMAP), are using SSL. SSL (Secure Sockets Layer) is a method for  encrypting the connection between a client and server, as well as between to servers. Learn more here.
  8. Have a backup strategy. If by chance malware still manages to infect your network, your last resort is to have a reliable backup strategy. Ideally, you should have your systems backed up off-site and, for added safety, secondary backup data should be saved to media that is not connected to the network.

More information on these settings can be found in the following guide on best practices for protecting your users:

Email Server Settings – Best Practices

Best practices for SecurityGateway administrators

SecurityGateway provides an extra layer of anti-spam, anti-spoofing and anti-malware security, in addition to your mail server’s built-in security settings. These best practices will help keep ransomware and other malicious content from reaching your mail server. Each item includes a link with more information.

  1. Require strong passwords.
  2. Query a user verification source to ensure that users are valid.
  3. Require SMTP authentication to prevent unauthorized account access.
  4. Prevent unauthorized mail relaying.
  5. Protect your domain with IP Shielding.
  6. Require SSL encrypted connections.
  7. Configure backscatter protection.
  8. Don’t whitelist local addresses. If a spam messages was spoofed with one of your local addresses, this could allow the spam message to bypass various security features. This why it is recommended that no local addresses be added to your whitelist.
  9. Enable spam & virus Outbreak Protection.

These steps are discussed in more detail in the following guide:

SecurityGateway – Settings to Protect Your Mail Server

Of course, no system is 100% fool-proof, which is why user education is so important. Remember – your network and email infrastructure are only as secure as their weakest link. It is the responsibility of all parties involved – administrators and end users, to help ensure a secure messaging and collaboration environment.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Is spam being sent out from a local machine on your network? Follow these steps to track down a spambot.

Has this happened to you? Let’s say you’re the MDaemon administrator for your company, and you’ve noticed that somewhere, somehow, spam messages are being sent from within your network. Perhaps one of your PCs has been compromised. What do you do? Here are some tips to help you track the issue down.

First, make sure you have the option “Authentication is always required when mail is from local accounts” enabled (Security | Security Settings | SMTP Authentication). Also enable “Credentials used must match those of the return-path address” and “Credentials used must match those of the From header address.” Then, make sure “…unless message is sent to a local account” is unchecked to prevent intra-domain spam (between local domain users).

SMTP Authentication in MDaemeon
Make sure the appropriate boxes are checked to require SMTP authentication

Next, find out if the spam messages are coming in from an authenticated session. To do this, locate one of the spam messages & open it up in Notepad to view its headers (or you can open it in Queue & Statistics Manager). Does the message have an X-Authenticated-Sender header? It will look something like this:

X-Authenticated-Sender: SpammerUser@example.com

If this header is present, then that is the user who authenticated to send the message. The first thing you should do in this case is to change the account’s password via the Accounts menu in MDaemon. Even if the spamming is going through the user’s mail client, until you give the user the new password and they update their mail client the authentication credentials will be rejected and the spamming will be temporarily stopped.

In newer versions of MDaemon, we’ve added Account Hijack Detection, which will automatically disable an account if it sends a specified number of outbound messages via an authenticated session in a given period of time. We recommend enabling this feature. In MDaemon, it’s located under Security | Security Settings | Screening | Hijack Detection.

Account Hijack Detection
Account Hijack Detection

The next step is to look at the Received headers. Find the one where the message was received by your server. Here is an example of what this header would look like:

Received from computer1 (computer1@example.com (192.198.1.121) by example.com (MDaemon PRO v17) with ESMTP id md50000000001.msg for <UserWhoWasSpammed@example.com >, Fri, 13 Sep 2016 21:00:00 -0800

Find the connecting IP (192.198.1.121) in the above example. This is the machine that is sending out spam. Locate that machine to deal directly with the spambot on that machine.

If the message wasn’t authenticated or wasn’t sent from your local network, locate the Message-ID header and copy that value.

Message-ID: <123.xyx.someone@example.net>

Then open the MDaemon SMTP-IN log that covers the time when that message was received by MDaemon (based on the timestamp in the received header) and search for that Message-ID in the log (in the 250 response line when the message is accepted):

Thu 2016-09-12 20:00:00: –> 250 Ok, message saved <Message-ID: <123.xyx.someone@example.net>>

Look at the rest of transaction and see why the message was accepted/not rejected – spam score, DNSBLs, etc.

Also, if your external domain is listed in the Trusted Hosts list (Security | Security Settings | Trusted Hosts), try removing it from this list.

Check back often for more tips & tricks!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

New Feature: Email Health Check for Optimal Security Settings

Our latest version of MDaemon, MDaemon 17, comes packed with lots of new features for administrators and end users, including new password security, support for Let’sEncrypt, DropBox integration, message scheduling, and much more. Today, I’d like to demonstrate MDaemon’s new Health Check utility. With this handy new tool, administrators no longer have to go through each feature to verify that it’s configured for optimal security. This new tool will analyze all security-related settings, display each setting’s current value, its recommended value, and where that feature is located in the MDaemon interface. This tool offers administrators the flexibility to change all settings to their recommended value at the same time, or to select and change individual settings. In this tutorial video, I demonstrate how to use the new Health Check utility.

Need additional help? More guidance on the MDaemon Health Check utility can be found in this knowledge base article.

If you haven’t yet upgraded to MDaemon 17, check out the release notes and our previous blog post to see what you’re missing!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Are you doing enough to protect your email privacy?

Email PrivacyFor many of us, email has become our primary method of communication in both our business and personal lives. An email address, however, is often used for many more purposes than simply sending electronic messages. Many of us use our email address to log into social networking sites, utility and credit card sites, banking sites, and much more.

Your email account is often the gateway to your personal life, and thus, is a valuable target for hackers. John McAfee said, “Email accounts are the fundamental identifying elements of the internet. The assumption is that if a person has access to an email account then that is the real person. Yet these accounts are the easiest elements of the digital world to hack into.” According to a recent ZDNet study, with a single phishing email, about 45% of all recipients submitted their full login credentials. Another study by Intel found that 97% of all computer users could not identify all 10 out of 10 phishing emails.

Hackers have a variety of tools at their disposal, from sophisticated spear-phishing to malicious documents to social engineering tricks, so are you doing enough to protect your email privacy?

Follow these 8 best practices to help ensure that your email communications are kept private.

Use strong passwords

A strong password that is not easily guessed should contain a combination of upper and lower-case letters, numbers, and symbols. Never use a password that can be easily guessed, and never use any of the passwords listed on the “most popular and therefore worst” passwords list. MDaemon includes tools that allow administrators to enforce strong password policies. See this blog post for more information.

Spammers know that many people use the same password across multiple sites and services. Therefore, you should be using a different password for each site.

Never click on suspicious links

Spammers have gotten very creative at making spam email messages look legitimate, using HTML and images that, when clicked, lead to fake websites designed to collect your personal information or to deliver malware, including keyloggers designed to capture everything you type, and ransomware, therefore, never click on links in an email message unless you’re absolutely sure you have verified and trust the sender.

Many phishing messages contain images such as logos that look legitimate, but, when clicked, lead to malicious sites. If you hover your mouse over a link, you can often see the destination URL, which often does not match the word or image associated with it.

If you see an “unsubscribe” link, don’t click on it! This would only serve to let the spammer know your address is valid and, more importantly, these links are easily forged and could lead to malware infections.

If you are prompted to click on a link that appears to point to a legitimate site that you know and trust, it is better to manually type the URL into your browser than to click on a link that has not been verified.

Never reply to spam or unsolicited email messages

Spam can be a very annoying nuisance, so as humans, we may let our emotions get the best of us and reply to a spam message with “Please take me off your email list” or “Quit spamming me!” There are two problems with replying to spam. First, many spam messages come from forged addresses, so the spammer is unlikely to receive your message. Second, replying can let the spammer know your address is legitimate, which may lead to even more spam.

Don’t post your email address in blog posts, online comments, or social media

Scammers often scrub social media sites for email address that they can exploit, so if you must post an email address to one of these sites, mask the address by adding spaces or spelling out (at) instead of using the @ symbol.

Use Encryption

Email messages, by default, are transmitted in plain-text. This can potentially open them up to interception by a nefarious third-party. While SSL & TLS are used to encrypt the connection between mail clients and mail servers, it is good practice to encrypt the email message itself. Encryption protects sensitive data by converting plain-text to cipher text. This cipher text can only be decrypted using the proper private encryption key.

MDaemon has options for encrypting connections using SSL & TLS, as well as server-side and client-side encryption options using Virtru and OpenPGP. A couple of months ago, I wrote a blog post about these options. Click here to read about MDaemon’s encryption options.

Use Two-Factor Authentication

Passwords alone are often not enough to protect your data against increasingly sophisticated attacks. With two-factor authentication, users must provide a password and a unique verification code that is obtained via a client that supports Google Authenticator (available in the Google Play store). This blog post contains more information on how to use two-factor authentication with MDaemon and WorldClient.

Know the risks of using public Wi-Fi

Public Wi-Fi provides a convenient way to access the internet while on the go, but if you’re not careful, it may come at a great price. Unsecured Wi-Fi hotspots are prime targets for hackers, who are often able to position themselves between you and the internet connection, allowing them to intercept every bit of information you transmit. Hackers can also use unsecured Wi-Fi hotspots to distribute malware. If you have file sharing enabled, you are especially vulnerable.  To reduce risk, make sure any Wi-Fi hotspot you connect to is secured and from a reputable source that you trust. If you must connect to a public hotspot, it is good practice to use a VPN to ensure that transmitted data is encrypted.

Lock your computer when away from your desk

This may sound like a given, but an unattended computer that has not been locked allows anyone access to your information.  You might not consider this a big issue if you work for a small business, but if you work in an industry with privacy regulations, such as health care or financial institutions, or if you store sensitive company information such as revenue or other confidential information, leaving your computer unlocked could have serious consequences, including loss of job, damaged company reputation, or even legal problems.

Conclusion

Whether your primary interest is protecting company information or your own personal data, email privacy is everyone’s responsibility, and often, the weakest point of entry into a treasure trove of sensitive data is a negligent or uninformed user. Don’t let that user be you. Use these tips to stay ahead of the bad guys!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

For Security & Privacy – Easy Email & Attachment Encryption with Virtru

Recently, I created a video and blog post about Virtru Email Encryption for MDaemon, to demonstrate its features, benefits, and ease of use. Following along with its ease of use, I’ve created the following animation to show you just how easy Virtru is to use. Simply enable Virtru support in WorldClient (MDaemon’s webmail client), enable the Virtru features by clicking on the small “V” button within the email compose window, and then click on “Send Encrypted.” It really is that simple!

Virtru Email and Attachment Encryption
It’s easy to encrypt email and attachments using Virtru

For a more thorough overview of Virtru’s features, please see this blog post, or click here to visit our main Virtru page.

Virtru (email and attachment encryption) is included with the MDaemon Messaging Server. Virtru Pro features include Message Revoke, Disable Forwarding, Set Message Expiration, and automatic encryption. Click here if you’d like to purchase Virtru Pro.

Want to learn more about the encryption features offered by MDaemon? Then click here to learn more!

Protect your business from unauthorized access to your important and confidential email messages. Download your free trial of MDaemon today!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Keeping Email Private with Virtru Client-Side Encryption

Have you ever created an account on a website that you wouldn’t want others to know about, or made travel arrangements, purchased personal items, or set a doctor’s appointment online? If so, then it’s possible that sensitive information about you has been transmitted via email. If any of these situations apply to you, or if you just don’t want anyone to see the cat photos you sent as an email attachment to your neighbor, then you should be encrypting your email. If you send personal or financial information, it’s best to assume that at any given time, someone out there is trying to gain access to that information.

Many small businesses think data breaches only happen to large companies, however, no company is too small to protect itself from outside threats. In fact, many hackers know that smaller companies might be a bit more lax in their security practices, and thus target them more aggressively. This is why email security and encryption are so important.

Virtru recently wrote a blog titled “Four Enterprise Security Statistics that Might Scare You Straight.” Here are some interesting statistics cited in the article:

  • 87% of Senior Managers Upload Business Files to a Personal Email or Cloud Account
  • Email Malware Creation is up 26% Year Over Year, with 317 Million New Pieces of Malware Created in 2014
  • Hackers Targeted 5 out of 6 Large Companies Using Email Attacks Last Year — an Annual Increase of 40%
  • Cybercrime has a 1,425% ROI

So with the above statistics in mind, do we even need to ask why we need encryption? If these reasons aren’t convincing enough, consider these:

  • Firewalls, antivirus, and anti-spyware may provide good protection, but they may not be enough. If one of the above is breached, encryption helps keep data safe.
  • Encryption can help shield businesses and users from government surveillance or other unauthorized access.
  • When you need to send sensitive data, encryption helps keep this data away from unauthorized viewers.
  • Encryption helps companies stay in compliance with HIPAA, CJIS, FERPA, and other government regulations.
  • Encryption helps keep sensitive data out of the hands of criminals and competitors.
  • Encryption helps companies preserve data integrity and privacy policies.

Client-side vs. Server-Side Encryption

Now that we’ve discussed why encryption is important, let’s discuss Virtru and its benefits.

First, we need to make a distinction between client-side and server-side encryption. With client-side encryption, email messages and attachments are encrypted by the sending mail client, and remain encrypted until an authorized recipient opens the message. With server-side encryption, messages and attachments are encrypted on the mail server with no user interaction. MDaemon users can use Virtru to encrypt messages on the client, and MDaemon administrators can use PGP to encrypt messages as they pass through the mail server. In this blog post, we’re going to focus on the client-side Virtru encryption features. If you’d like to learn more about MDaemon’s server-side encryption options using OpenPGP, then check out this blog post & video.

What is Virtru?

Virtru is an easy to use email encryption service that lets you protect private information while using your existing email service.  Encryption converts plain text into gibberish (cipher text) that is unreadable to all except the intended recipient. Virtru offers end-to-end encryption, ensuring that only authorized parties can decrypt your content.

When you send messages with Virtru, your emails and files are locked using strong encryption. Only you and your recipients can decrypt your messages. Separation of content and encryption gives you an extra level of privacy.

Why use Virtru?

Virtru was designed for user privacy and ease of use. Virtru never has access to your passwords and does not store any of your email content on their servers; only the encryption keys. Virtru helps users avoid headaches by managing their encryption keys for them.

Users have two versions of Virtru to choose from. The free version provides encryption and decryption of email and attachments. The Pro version provides the same encryption and decryption features, plus the ability to set message expiration dates, revoke emails, and disable forwarding.

Want to learn more about Virtru? Then  check out the video below for a demonstration, or visit the Virtru page on our website. You can also try out Virtru’s features by downloading your free trial of MDaemon.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Server-side Encryption, Decryption & Key Management with OpenPGP

Whether you work in health care, finance, government, or any other field that requires the storage of data, there’s always someone out there who would love to gain access to your confidential records. Don’t let the bad guys steal your data. Protect it with server-side encryption. Our latest release of MDaemon supports OpenPGP, which allows MDaemon to perform encryption, decryption, and key management tasks. Learn how to enable OpenPGP support in MDaemon, and how to send encrypted mail in our latest video.

Click here to learn more about MDaemon’s email encryption features, or click here to download your free trial of MDaemon and see for yourself how easy it is to use!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Are You Receiving Replies to Messages you Never Sent?

Image "Return to Sender"

Have you ever logged into your email to find tons of bounce-back messages (out-of-office replies, NDR messages, invalid recipient messages) in response to messages you never sent? For many users, their first thought is that they need to change their email password. However, changing your email password will not prevent this. Why? Because what you are receiving is known as backscatter, and has nothing to do with your email account being hacked.

Spammers often forge the return-path in their outbound messages to cover up their true identity. If the forged address in these spam messages was your address, then you are likely to receive the bounce-back messages and auto-responders in response to these messages.

So how do you prevent this? MDaemon includes Backscatter Protection. Backscatter Protection works by adding a special key to the return-path of all outbound mail. When MDaemon receives an out-of-office reply or non-delivery message, it looks for that special key. If the key is missing, then we know the bounce-back message is not legitimate and can be discarded.

When Backscatter Protection is disabled, the return-path of a message looks like this:
X-Return-Path: frank.thomas@example.com

When Backscatter Protection is enabled, an extra series of characters beginning with prvs= is added to the return path – like this:
X-Return-Path: prvs=163898ff65=frank.thomas@example.com

It is this extra series of characters that the Backscatter Protection feature looks for in bounce-back messages.

Check out the following video to learn more about Backscatter Protection and how to enable it in MDaemon. If you have questions, please feel free to leave us a comment & let us know!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Critical MDaemon Update Available

Recently Alt-N discovered a vulnerability in the content filter of MDaemon and MDaemon Private Cloud that could potentially expose the server to malicious attack. The Alt-N development team has built and tested a patch to correct the potential vulnerability.

Click here for more information, and to download the patch to fix this vulnerability.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

SecurityPlus Webinar Added to YouTube

SecurityPlus provides antivirus and anti-spam services for MDaemon. It scans all inbound and outbound mail traffic for spam, viruses, malware, phishing attempts, and other types of malicious activity to catch potential threats before they have had a chance to infiltrate your network. To learn more about SecurityPlus, including how to configure it & how to identify SecurityPlus activity in your MDaemon log files, check out the following recorded webinar.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •