Think You’re Too Small to Be Targeted? Think Again!

By | Uncategorized | No Comments

I got an interesting email this morning. It was “from” one of the owners of Xiologix – but the return address was a bit odd: “ofceo@comcast.net” As this unfolded, it became obvious that this was a classic “spear phishing” attack. I’ll run you through the email exchange for entertainment purposes, and then talk about the lessons to be learned here. The original message was short and sweet:

Are you free right now? I’ll need you to run a task ASAP.
P.S.: I’m currently in a meeting right now, just reply back. Is that okay with you?
Thanks
Sent from my iPad

There were several things about this email that made my antennae go up. First, I didn’t recognize the return email address. Even if this was being sent from a personal iPad, I would expect it to come from a xiologix.com email address. Second, I’m in Seattle, and corporate HQ is in Tualatin, OR. There are lots of other people in the Tualatin office who would probably be asked to “run a task” before I would. And the wording just didn’t sound like the person who purportedly sent it to me. Now, it was also possible that this was an internal phishing test initiated by our own techs – which is something we do from time to time (and you should too – we partner with a company called KnowBe4, and we can hook you up). So I forwarded the email to the supposed sender’s legitimate Xiologix email address, and to our CTO, and asked whether (1) she had actually sent it, and (2) whether our CTO was trying to liven up our Monday morning with a phishing test. No to both questions. So, what the heck? I decided to play along, and sent the following reply to the original message:

Sure – what’s up?

In a few minutes, I got another email:

I’m currently in a meeting right now and I want to gift out some Gift Cards to some clients today ASAP. I want you to make arrangements to get the gift cards. Is that okay with you?

P.S.: I’m currently in a meeting right now, just reply back. Is that okay with you?
Thanks
Sent from my iPad

Aha. Now money is involved. And notice the use of “I’m currently in a meeting right now” as an obvious attempt to discourage me from calling to check on the legitimacy of the messages. Let’s see how far we can run this:

Sure. How can I help?

And the reply again:

I need 20 PHYSICAL Apple iTunes gift cards of $100 face value. That’s $100 x 20 = $2,000.

Note: $100 x 20 qty of Apple iTunes Gift Cards are needed. Once you get the physical cards, you should gently scratch-off silver lining at the back for the pin codes, lay them all out in batches, then snap a photo and email the clear picture to me via email before leaving the store right away. Make sure you email them to me before leaving the store. Is that okay with you?

P.S.: I’m currently in a meeting right now, just reply back. Is that okay with you?
Thanks
Sent from my iPad

Yep, nothing suspicious at all about that, is there? Let’s push it a little:

I’m on my way into the office now. I can either drop them by your office, or just leave them at the front desk. Will that work?

Well, apparently not:

No, I want them via email.I want you to gently scratch-off silver lining at the back for the pin codes, lay them all out in batches, then snap a photo and email the clear picture to me via email. Is that okay with you?
Thanks
Sent from my iPad

Interestingly enough, the “from” email on this one was different – “off.ceo1@comcast.net” – and apparently she’s now out of her meeting. So…

They won’t accept the company credit card – they want cash only for the gift cards. Looks like you’re out of your meeting – can you have someone cut a check for me? I’ll be happy to run it down to the store and pick up the gift cards.

Apparently that’s not going to work…

You may go to Apple store and try. Is that okay with you?
Thanks
Sent from my iPad
 
I did. They insist on cash only. How would you like to proceed?
 
Okay, you can pay with your cash. You’ll obviously be reimbursed,is that okay with you?
Thanks
Sent from my iPad

Well, geez, that’s mighty kind of you to let me front this with $2,000 of my own cash, but…

I’m sorry, but I don’t have an extra $2,000 at the moment to front this. I’ll be at the office in 5 minutes, we can talk then.

But these folks just don’t want to let it go:

Can you buy $500 card?
Sent from my iPad

They obviously think I’m pretty stupid, and the feeling is mutual. Bear in mind that I’ve already told them that I would be in the office in 5 minutes, and that was about a half hour ago. But let’s try to milk it a bit longer:

You want one $500 card or five $100 cards? And which email address do you want me to send to – ofceo@ or off.ceo1@?

So I’ve just told them that I’ve noticed that they’ve used two different email addresses to communicate with me. You’d think that this might imply that I’m getting suspicious, but they’re not prepared to give up yet. They went back to the original from address, and added “(Send it here)” to the subject line.

I want $100×5 = $500. Lay them out, then snap a photo and email the clear picture to me via email before leaving the store.
Sent from my iPad

I won’t bore you with the rest of the exchange. At this point, I just want to see how long I can successfully jerk them around, and whether maybe, just maybe, I can get a mailing address of some kind to send the “gift cards” to. And when I finally run this as far as I can, I plan to email them a link to this blog post, as a “thank you” for helping me demonstrate what a spear phishing attack looks like.

So…what should we learn from this?

  • This was a targeted attack (which is what distinguishes “spear phishing” from ordinary “phishing” emails that are blasted out to thousands of recipients). Someone did enough research on Xiologix to identify which individual within our organization was likely to have the authority to make a request like this, and used that individual’s name to specifically target me.
  • Consider that Xiologix is not a large company. We have roughly 20 employees. You might think that we would be too small for someone to go to that much trouble to target us. You’d be wrong.
  • The amount they requested ($2,000) was not an unreasonable amount for a company our size. Trying to scam us for $50K would have been an obvious overreach. Again, you might think that it’s not worth the trouble to only score $2,000 – let alone the $500 that I negotiated down to. But if they can actually score a half dozen times a month, it adds up to a reasonable payday – particularly if this is originating somewhere offshore where there is a favorable exchange rate for U.S. dollars.
  • These guys didn’t care whose money they took. Company credit card? Fine – even if it ended up costing me my job when my employer found out how stupid I had been. My own money? That’s fine too. Can’t afford $2,000? How about $500? They’ll take whatever I’m dumb enough to give them.
  • You are not exempt from attacks like this! Your organization is not too big or too small to be targeted. Whether you know it or not, you probably have already been targeted. If you haven’t been, you will be.

It is axiomatic that the “weakest link in the security chain” is the end user. Those of us who are IT professionals may live and breathe this security stuff, but your users don’t. They’re just busy trying to get their jobs done. And one end user who clicks on the wrong link, or responds incorrectly to a phishing attempt like this one, can circumvent all of the expensive technological security solutions you’ve put in place. It’s important to educate your users – using a method that they will actually retain – and then test their knowledge from time to time. We’d be happy to help with that.

Application Infrastructure Dependency Map

Why People are Talking about Uila

By | Cloud Computing, Virtualization | No Comments

Uila LogoUila (pronounced wee-la) with its application-centric infrastructure monitoring and analytics identifies performance bottlenecks for business-critical services and plans workload migration strategies for private and hybrid cloud environments. Uila provides service dependency mapping, full stack correlation with one-click root cause analysis and patented deep packet inspection technology that understands over 3,000 application protocols for transactional meta data analysis. Businesses use Uila to align themselves with their IT operations team and cut time to resolution from days to minutes, keep their application at peak performance at all time and ensure end-user satisfaction to the fullest.

Like all successful software, Uila was developed to solve a market problem.  Data center architecture has evolved dramatically in recent years, enabling it to effectively run large-scale, distributed, multi-tier applications across public, private and hybrid cloud environments. To support and ultimately ensure delivery of business-critical applications and services, a distinct architecture has emerged. This complex structure involves dynamic resource sharing over a hyperconverged compute, storage and network physical infrastructure, all supported by a layer of virtualization technologies. The new, integrated approach to data center architecture offers tremendous operational and business advantages to organizations whose success is dependent upon reliable application service delivery. However, data center monitoring solutions and technology developments have not kept pace with this new wave in data center architecture. Current tools have reinforced the established silos that separate applications, virtual infrastructure, and physical infrastructure as well as the supporting IT teams within the data center. As a result, data center teams have no inter-silo visibility and are unable to efficiently connect the dots between infrastructure and application performance.  As organizations migrate to the hybrid cloud, they need to maintain their business continuity and reduce their risks involved as part of the migration with zero-downtime.

Uila has a transformational vision that addresses this problem and helps align business and IT operations goals in a single product with application visibility and correlated network, compute and storage insights.  Uila’s full stack visibility (application performance monitoring, infrastructure performance monitoring, network monitoring, storage monitoring) for virtualized data centers reduces troubleshooting time from days to minutes, enabling lean IT teams to get time back for more strategic projects. Uila helps identify blind spots in the infrastructure, and eliminate finger pointing between infrastructure and application teams with automated root cause and forensics.

Uila helps organizations strategize hybrid cloud migrations and maintain business continuity with zero-downtime. Uila helps reduce business risks and allows IT teams to focus on business accelerations vs maintenance projects. With Uila’s agent-less pre-migration assessment you know your applications and interdependencies beforehand to eliminate incomplete migrations or unplanned rollbacks. You can also identify and eliminate your infrastructure debt. Uila requires no code customization for the applications being migrated and is application agnostic and non-disruptive. Post-migration, you can continue to use Uila’s intuitive full-stack monitoring capabilities for validating business continuity and ongoing monitoring

Uila is a unique solution. Only Uila provides:

  • application to infrastructure full stack visibility with correlated analytics at millisecond precision.
  • one-click automatic identification from application issues to infrastructure root cause.
  • application discovery, dependency mapping and transaction analysis without embedded agents.

Learn more about Uila and Start your free 30-day trial now (no credit card required)!

Xiologix Employee Completes 8-Day Wildnerness First Responder Certification

By | Xiologix in the Community | No Comments

Xiologix is proud to announce that one of our employees recently completed an 8-Day Wilderness First Responder Certification!

Senior Systems Engineer, James Pethigal, completed the 8-day certification course in Southern California this past week. As traditional first responder training typically takes place in domestic and urban settings, the wilderness training teaches participants effective methods when dealing with medical emergencies when 911 is not a viable option. These types of emergencies can include:

  • Prolonged patient care
  • Severe environments
  • improvised equipment

This is another example of how Xiologix employees care.   We are proud of our employees’ continued involvement in their local communities.

Congratulations James and thank you for your hard work and contribution to the well being of others!

Wilderness First Responder Certification

Christopher Kusek Earns vExpert Designation for 10th Consecutive Year!

By | Xiologix in the News | No Comments

Christopher Kusek vExpert

vExpert 2018!

We are proud to announce that Xiologix CTO, Christopher Kusek, has earned his vExpert designation for 2018.  Having recently co-authored his latest book: vSphere High Performance Cookbook, Christopher continues to be a very active member of and contributor to the vCommunity.

Read the formal award announcement.

Congratulations Christopher!

 

 

 

What Would a Mobile Workspace Look Like?

By | Cloud Computing, Mobility, Security | No Comments

Mobile Workspace

Well over a decade ago, at a Citrix conference, I saw an amazing video. It showed a team of people in geographically separate locations collaborating to solve a business problem, sharing access to applications and data in the process. It showed a business person leaving his office, and having his running applications seamlessly follow him to a mobile computing device in his car, then, when he got home, seamlessly follow him to the computer in his home office, all the while continuing the collaboration session with his teammates. At the time, none of this technology existed outside of developers’ imaginations (and whatever prototypes they might have been working on in their labs).

Today, not only does the technology exist, it is relatively commonplace. Telecommuters access data and applications with performance that is every bit equal to that of their colleagues in the office. Engineers work on CAD drawings remotely with no loss of performance or graphic resolution. Radiologists can view a diagnostic image on an iPad from the sidelines of their child’s soccer game. Companies have discovered the cost savings available from Bring Your Own Device (BYOD) programs. And it all goes back to the basic vision that work is something that you do – it is not necessarily a place where you go. Read More

Xiologix Employee Completes Avalanche Rescue Course

By | Xiologix in the Community | No Comments

Xiologix is proud to announce that one of our employees recently completed an Avalanche Rescue Course!

Senior Systems Engineer, Abe Covello, completed the Companion Rescue course up at Mt. Hood which included structured rescue scenarios in:

  • Companion rescue
  • Scene assessment
  • Beacon use
  • Probing
  • Recovery of victims not wearing beacons
  • Common mistakes in avalanche rescue
  • Single and multiple beacon search techniques
  • First aid and emergency response in avalanche rescues

This is another example of how Xiologix employees care.   We are proud of our employees’ continued involvement in their local communities.

Still Running Citrix XenApp v6.5? The Clock Is Ticking

By | Cloud Computing, Virtualization | No Comments

citrix xenapp deadlineCitrix XenApp v6.5 hit EOL June 30, 2018

Citrix XenApp v6.5 was a great, stable product release. XenApp v6.5 on Windows Server 2008R2 has been the workhorse for lots of organizations for a long time. But it’s time to move on. If you’re still running XenApp v6.5 you need to know a few things. First, it hit “End of Maintenance” a month ago (December 31, 2017). That means there will be no more product upgrades or updates released, and that means that it will be a security risk to continue running it, and that risk will increase every day. Second, it will hit “End of Life” on June 30, 2018, and that’s not very far away. At that point, you will be pretty much on your own. There may still be some support information available in the support forums or documentation library, but that information will no longer be updated. And there will be no product support from Citrix, unless you’re willing to pay a lot of money for it. So what are your options? Read More

How E-Rate is Connecting Students to the Internet

By | K-12, Wireless | No Comments

E-Rate Survey

Extreme Networks conducted a survey of K-12 IT Managers and Educators seeking to learn about their knowledge and use of E-rate.  Not surprisingly, the survey found that lack of awareness is the biggest reason that school districts did not take advantage of the E-rate program. Take a look at Extreme Network’s Infographic detailing how E-Rate is being used. Questions?  Learn more about how Xiologix can help you to make the most of your E-rate dollars! Read More

Christopher Kusek named as a Cisco Champion 2018!

By | Xiologix in the News | No Comments

ciscochampionCK18Christopher Kusek is honored to be named as a 2018 Cisco Champion! 

Xiologix’ CTO Christopher Kusek was notified on January 19, 2018 that he had been selected as a 2018 Cisco Champion.

Cisco Champions is a global group of highly influential IT technical experts who enjoy sharing their knowledge, expertise, and thoughts across the social web and with Cisco. The Cisco Champions program encompasses people with interests across Cisco’s technology portfolio, including Data Center, IoT, Enterprise Networks, Collaboration, and Security.

This is Christopher’s 3rd consecutive year to hold this honor.

 
WordPress Appliance - Powered by TurnKey Linux