Computer Central Feb 2022 Wrap Up

 

Hello all we just wanted to post a little update on what we were busy doing during the Month of February. We started the month by notifying one of our long-time partners that their Security Certificate for their Mail server was up for renewal, so we can get the renewal done in advance to prevent them from having any downtime. So, we began to go through the process and GoDaddy made it difficult to renew, so we had to speak to someone, and they started playing with their certificate for their website. I explained that the certificate that is up for renewal was the other one, but he could not see it on the account because it renews within 72 hours. So, they made us purchase a new certificate and reconfigure that. So, at this point we install the certificate on the mail server and test everything and the new certificate was now active. Case closed, right? Wrong, two days later we noticed that their website stopped working. We worked with their web designer on the issue. GoDaddy told them that there is a conflict because there are two SSL certificates on the account. I let him know that did not sound correct, since this account had been setup that way for the last 10 years that we have supported this prominent electrician based out of Wildwood, FL. Either way they removed that certificate and tried issuing the other to the website now. I let everyone know we would monitor this over the next few days (anticipating this change would disrupt mail flow). I received a text message from the owner of the company early Saturday morning, letting me know that their email was not working. So, I logged into their server and saw that the Security certificate was in a revoked status with a timestamp of when GoDaddy made changes again. At this point, I called into GoDaddy and re-purchased the certificate that their tech support team suggested removing that caused this issue and had to reconfigure it for their website. Afterwards, we monitored the situation for the next 5 days and confirmed that everything was still functioning properly.

 

Around mid-February, one Monday morning we had a local prominent attorney’s office that we work with often contact us letting us know that their email has been down since Saturday. Due to the sense of urgency for this issue we instantly called them and established a remote support session to identify the issue. Our initial thought was there was a credit card that renewed recently, that needs an update with the company that hosts their website and email (It was not us, that is one of the benefits of working with a local Microsoft 365 vendor like Computer Central). Upon attempting to login all the passwords that they had on file were no longer working. So, we initiated a password reset request. Once we did that and logged into the account, we could see lots of suspicious activity and records that wre changed in their DNS file. At this point we knew that the problem was that this account had become compromised by having someone who gained access to the email address on file with this host. So, at this point we needed our client to change his password immediately and log out of all active email sessions. Once he secured the email account, we changed the GoDaddy password again, and then configured Multi-Factor Authentication on the account to ensure that the account remains secure. Side Note: Multifactor Authentication is a secondary authentication method that prevents someone from accessing your account. These methods can be text message or an authenticator app that you install on your mobile device or password manager (Our preferred Password Manager Keeper Security available through Computer Central has this feature)

At this point we changed the mail records back to point back to Microsoft 365 so that mail would begin to flow properly. Then we removed all the rogue DNS Zone file entries. Then we changed the pin on the account. We then went through every page of the account and discovered that the attacker that facilitated this cyber-attack was able to list the domains in the GoDaddy account for sale. This attack originated from Denmark according to the activity logs at GoDaddy. We removed the listings and informed the client to enable multifactor authentication on all their email accounts to prevent attacks like this in the future. We did verify that the attacker did send out emails as the attorney at this law office. We advised them to change everyone’s email password in the company.

 

Another issue, a local service company in Wildwood, FL was that they had about half of the computers in their company that were unable to print. So, we logged into one of the problem machines and discovered that it was severely outdated. So, we brought this workstation and another crucial workstation back up to compliance. After doing so these workstations were able to print. This indicates these computers were vulnerable to the PrintNightmare vulnerability in Windows 10. So, we did an audit and discovered they have seventeen computers that are out of compliance (This opens them up to be a backdoor for cyber attackers to gain access to the network and wreak havoc). So, we provided them with an estimate and emphasized the importance of getting these computers back into a compliant state. If this client were a Managed Partner, they would have received these updates upon their release. Also, the labor to bring them into compliance is part of their Managed Partner Agreement.

 

Obviously, we worked on more than three clients in February, but these were our most interesting issues that we assisted with in February. Remember if you need help with something that is over your head from a tech standpoint, reach out to our team. We have assisted with Corporate Officers leaving companies and making that transition a smooth process for our partners and clients. Signing off, we will be back with another wrap up soon. Stay safe out there.