As our business continues to focus on providing white labeled Tier 3 IT support services, RMM as a service, and co-managed IT services this blog will be highlighting tips for Synology resource monitoring. We have developed best practices for alerting on a Synology device for resources like CPU, Memory, and Disk Usage. When these Synology resource monitoring alerts are consistently triggered it show that the device is over utilized or if they remain triggered for long periods of time then it shows there is an issue on the device itself. We also setup weekly Storage Reports to get an accurate view of the changes and growth going on with client storage.
Setup Notifications
Make sure that Notifications are setup on the Synology first
Open Control Panel
Click on Notifications
Check enable email notifications
Choose Service Provider
Login to Gmail or use Custom SMTP server for Office 365 as the sender
Change Subject to indicate name of device
Add recipient email (Best to use one that ties into a PSA or RMM)
Click Apply
Send a Test Email
Setup Synology Resource Monitoring
Open Resource Monitor app
Click on Performance Alarm to the left
Click on Rules tab
Click Create
Create the following Rules one by one
Volume Critical
Select which volume [create multiple rules if more than one volume]
Select Disk I/O utilization
Greater than 90%
Level Critical
Volume Warning
Select which volume [create multiple rules if more than one volume]
Select Disk I/O utilization
Greater than 75%
Level Warning
System Memory Critical
Memory Usage
Greater than 90%
Level Critical
System Memory Warning
Memory Usage
Greater than 75%
Level Warning
System CPU Critical
CPU Usage
Greater than 90%
Level Critical
System CPU Warning
CPU Usage
Greater than 75%
Level Warning
Click Settings and check box to Enable usage history then click Save
Setup Storage Reports
Open Storage Analyzer
Select new location
Create new shared folder named Log Files – hide from network
Go back to Storage Analyzer and select new folder
Set volume usage data to be collected Daily at 2am
Create report task
Send to email (Best to use one that ties into a PSA)
Generate reports at Monday 4am
Keep 60 reports then click Next
Select report items
Volume Usage
Shared Folders
Potential Duplicate Files
Large Files
Least Recently Modified Files then click Next
Analyze all folders then click Next
Leave duplicate file defaults then click Next
Click Done
Close App
Once this is setup you will start getting email alerts sent to you or better yet your PSA / RMM for ticket creation and review.
If your company is a MSP or wants to become one and automation just seems out of reach, then contact us to run your RMM for you.
This is the eighth in a series about the concept of Zero Trust, which means in the IT sense that you trust nothing and always verify everything surrounding and connected to your network. Today’s discussion will be on Application Whitelisting.
Application Whitelisting
Application Whitelisting is a process of determining which software programs the company absolutely needs to do business, marking them as safe, and blocking any other program that tries to run on company computers. This methodology has the distinct advantage of blocking almost all forms of malware on computers. Pairing this with a good next-gen antivirus creates an impenetrable wall against malware threats. It also prevents users from accidentally or intentionally running something that should not be on company computers. Here are some questions to ask:
Do you know all software on your computers?
Do your users spend time on company computers listening to music?
Have any of your users ever downloaded software without asking?
Do you have a computer use policy? How is that enforced?
If your company is wanting to lock down what is running on company computers, then contact us for assistance.
Security researchers performed penetration testing on the networks of 45 various mid-sized companies and found that in real life scenarios 93% of those networks were able to be compromised to the point of business disruption. Here are the details:
The Target
The 45 companies were polled to determine what would be an unacceptable business interruption. They decided that the following met that criteria:
Disruption of production processes
Disruption of service delivery processes
Compromise of the digital identity of top management
Theft of funds
Theft of sensitive information
Fraud against users
These became the target for the penetration testers.
The Process
In order for the penetration tester to achieve their target, they followed the following process:
Breach the network perimeter – This was done by the use of compromised passwords found on the Dark Web and know vulnerabilities on devices that were directly connected to the internet
Obtain maximum privileges – In 100% of the networks, once an attacker was inside the network
Gaining access to key systems – With maximum privileges, the testers are able to gain access to other areas of the network including databases, executives computers, and production servers
Develop attacks on target systems – Once key systems are compromised the testers then figured out how to create the unacceptable business interruption. Although they could have created these interruptions, they only gathered proof that they could to present the data to the companies.
How to Defend
There are a couple main ways to defend against these kinds of attacks:
Security Controls / Segmentation – Creating least privileged access to key systems and segmenting the network will keep hackers from traversing the network once inside
Enhanced Network Monitoring – Modern cyber security tools watch activity and traffic on the network to find indicators of compromise. They pool this information into an attack history that can be used to remediate and further protect.
Your company is not as safe as you think, so contact us for free initial cybersecurity evaluation and risk report. .
There has been a recent trend for companies to “negotiate” with the criminal terrorists behind wave of ransomware attacks across the world by paying the ransom. In a recent study some alarming statistics have been released:
Current Ransomware Stats
If Ransom is Paid: The global findings also show that only 8% of organizations manage to get back all of their data after paying a ransom, with 29% getting back no more than half of their data.
Cost of Ransom: The average ransom paid was $170,404. While $3.2 million was the highest payment out of those surveyed, the most common payment was $10,000. Ten organizations paid ransoms of $1 million or more.
Who is Paying the Ransom: The number of organizations that paid the ransom increased from 26% in 2020 to 32% in 2021.
The Brighter Side: While the number of organizations that experienced a ransomware attack fell from 51% of respondents surveyed in 2020 to 37% in 2021, and fewer organizations suffered data encryption as the result of a significant attack (54% in 2021 compared to 73% in 2020).
What is Being Done
There are now organizations trying to create a common framework to address this threat. The Institute for Security and Technology has created a Ransomware Task Force. This task force has been working to develop this framework and has published some guidance. Even though this is just the foundation work, it is good to see that efforts are being made.
If your company is worried about the threat of ransomware, then contact us for assistance setting up a multiple layer approach to security.
Read a recent study on the origins of malicious software aka malware. Here are the highlights:
Current Malware Statistics
29% – Malware is previously unknown to security vendors due to the continued efforts of malware creators to hide the software or make it undetectable.
88% – Malware is delivered to people’s inboxes and some of it bypassing normal SPAM filters.
8.8 Days – Time before regular antivirus vendors have discovered the malware and added it to their lists for detection.
$50 – The cost of a pre-fabricated malware kit that can be bought currently on the dark web.
“The most common type of malicious attachments were: documents (Word – 31%), archive files (ZIP & RAR – 28%), spreadsheets (Excel – 19%) and executable files (EXE – 17%).”
What can be done?
A multi-tiered approach to security remains the best solution:
Moving from traditional antivirus to Enhanced Detection & Response (EDR) software to go beyond lists of know infections to behavior tracking of software
Moving from traditional SPAM filters to Email Advanced Threat Protection which scans each email and opens each attachment to see if there is any malicious activity cause by them
Moving from traditional router to a business class firewall with Intrusion Prevention System to monitor traffic for suspicious activity
Employee training is also key to keep your staff aware of immerging trends and threats
If your company is looking to enhance your network security posture, then contact us for assistance.
A company named Arctic Wolf, a leader in enterprise security operation centers, published a report that states that the number of corporate credentials with plaintext passwords on the dark web has increased by 429% since March.
There are also startling statistics on the increase in email phishing attempts and the use of unsecure public wireless connections. These numbers are like due to the Work From Home employees using their own insecure computers and cyber criminals trying to take advantage of the trend. It appears that security measures that are used in the office need to be extended to the Work From Home network as well.
If your company is currently or is going to have Work From Home users, then contact us for assistance.
There has been information released by a security research firm called Eclypsium that there is a vulnerability dubbed Boothole in Unified Extensible Firmware Interface (UEFI) Secure Boot that would allow an attacker to completely take over a workstation, laptop, or server and be nearly undetectable. All hardware vendors will have to send out updates in the near future to patch the UEFI code to secure it against this “BootHole” vulnerability. Due to the difficulty in designing and testing these types of updates it will be some time before they are released. We will keep you posted as to the release of these updates as they become available.
If your company is concerned about security, then contact us for assistance.
Many of our customers have been experiencing some of their users having Outlook crashing immediately after opening. We even had other tech companies call to find out how we were fixing it, so we investigated and found the following known issue from Microsoft:
Users experiencing Outlook connection issues and crashes EX218604, Exchange Online, Last updated: July 15, 2020 10:12 AM Start time: July 15, 2020 9:18 AM User impact: Users may experience crashes or may be unable to access Exchange Online via Outlook. Current status: Our initial review of the available data indicates that recently deployed updates are the likely source of the problem. We’re performing an analysis of all recent service updates to isolate the underlying cause of the problem and to determine the most expedient means to restore service.
We will be keeping our monthly clients up to date on this issue.
“Office workers across the UK are wasting 14 days per person each year — or 1.8 billion hours a year in total — because the technology they’re given isn’t good enough.” – BetaNews
Outdated Tech = Wasted Time
Slowness: When a computer is slow, so is the worker operating it. As a computer ages, like anything else, the parts inside wear down. Regular maintenance and replacement are the solution to increasing employee productivity.
Crashing: As computer crashes happen data is damaged or lost. This means work has to be re-done. Crashing can be a sign of software issues or hardware issues that require proper diagnosis. Once fixed employees can get back to business without interruptions.
Incompatibility: Out-dated software or hardware can cause what used to work perfectly to stop all together. Regular updates of all software and replacement of aging hardware is always the best policy. Helping employees stay on track with standard operating procedures makes work flow possible.
Security: Hackers are constantly working to find new ways of breaching security measures. Without current security solutions (firewall / DNS filtering / antivirus / SPAM filtering / password management ) and up-to-date systems, your network is a sitting duck. Network downtime due to a breach can be a business killer.
If your company is using out-of-date technology, then contact us for assistance.
“In a new stunning example of the scale and sophistication of online cybercrime, just before the holidays, DOJ charged two hackers with stealing hundreds of gigabytes of data—including sensitive intellectual property, confidential business data, and personal information from companies and government agencies around the world—as part of a multi-year cyber-espionage campaign that targeted managed service providers (MSPs) directly, bypassing the protections of client systems. This indictment is the latest example of the U.S. government’s use of the criminal justice system to crack down on state-sponsored economic espionage.
As alleged in the indictment, the hackers belong to what is believed to be an elite, Chinese government-sponsored group known within the cyber-security community as Advanced Persistent Threat 10 (APT10). The targets of the hacking campaign included companies in the aerospace, health care, biotechnology, finance, manufacturing, and oil and gas industries, as well as U.S. government agencies, such as NASA and the U.S. Department of Energy.”
The indictment alleges that APT10’s MSP Theft Campaign began in 2014 and involved three stages.
The hackers gained unauthorized access into the MSPs’ computers and installed malware allowing APT10 to remotely monitor the computers and steal login credentials.
The group then used these stolen credentials to move laterally into each MSP’s network and the networks of their clients, further spreading the malware infection.
APT10 identified data of interest on these compromised computers and created packages for exfiltration using encrypted archives, allowing the hackers to move the data from one system to another before ultimately transferring it to APT10’s computers.
This sort of breach calls into question the operating procedures of MSPs everywhere, their security practices, and moral compass. If IT support staff are not trained in best practice and cannot keep from being infected via websites or emails, then what business do they have managing larger network systems with sensitive data.
If you are unsure of your MSPs practices and would prefer a company with transparency, then contact us for assistance.
