Hackers Breached US Local Government by Exploiting Fortinet Bugs

FBI Ransomware Alert

As of May 2021, state-sponsored hackers have compromised the webserver of a U.S. municipal government after hacking into a Fortinet appliance.  The Federal Bureau of Investigation (FBI) states that after gaining access to the organization’s server, the hackers moved laterally through the network and created a new domain controller, server, and workstation user accounts to mimic the existing ones.

Not the First Warning:

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) had warned in April 2021 of hacking groups that had gained access to Fortinet appliances by exploiting FortiOS vulnerabilities.  Once they breach a vulnerable server, they will use them in future attacks targeting networks across critical infrastructure sectors.  Hackers will use exploitation techniques such as spear phishing to infiltrate organization networks to prepare follow-up attacks.

Impact:

The size of the attack is unknown; however, the impact on the local government and personal information could have been much higher. Cyber-attacks are preventable if you have strong security and know the best practices for them.

At CREG Systems, we believe that cybersecurity is a shared concern. In other words, we all play a part in keeping our networks safe. Organizations, their leaders, users, and the solutions provider all work together to manage your cybersecurity.

Multi-Layered Security:

We recommend a multi-layered approach to your network and data security. A multi-layered security approach uses several security measures to protect essential information. The numerous “levels” of security make it difficult for hackers to get through every barrier.

We offer cybersecurity services to businesses that support the education of employees and lessen cybersecurity dangers.

Mitigate the Risk of a Cyber Attack:

Detect Mitigate Prevent

CREG Systems ensures that the data you share and store is secure and protected, which pledges efficient operation and credibility to your organization. Our certified and highly-trained staff will meet your needs and plan a security system roll-out strategy that best fits your goals.

  • Hardware & Software
    • Keep your data safe by using the most up-to-date security software and hardware.  Make sure you are secured through NEXTGEN firewalls, use sandboxing for extra protection, and ensure you have a defense at the gate.
  • Multi-level Protection
    • From your desktop to the firewall, each device in your organization should have segmented and multi-layered protection. Usually, you can stop a data breach before it threatens your vital information.
  • Insider threats
    • While many organizations have multi-layer security systems and data protection in place, there could still be other risks to consider. Former employees can be a threat to your cybersecurity.  Be sure to remove any access they may have and their data as soon as they leave the organization.  Be sure to teach employees about the importance of security and have regular testing to ensure your data is secure.
  • Good Cyber Habits
    • Be sure to keep your information backed up but, never keep your backups online.  Be sure to keep your systems updated and double-check apps to determine if they are corrupt or not. Limit access privileges and use two-factor authentication.  Preventing cyber threats is better than curing them.

Our staff are trained and certified as Certified Information Security System Professional (CISSP), Certified Ethical Hacker, and Certified Wireless Network Administrator and holds CompTIA A+, CompTIA Network+, CompTIA Security+, Windows Server, and Microsoft Exchange certificates. In conclusion, our staff is the best equipped to deliver you the best cybersecurity in the North Country.

CREG Managed Security Services

5 Steps You Should Take Today to Minimize Your Data Loss Due to Ransomware

FBI Ransomware Alert

You’re concerned about getting ransomware as everyone should be, but you don’t know what you can do to minimize your risks. Follow these five steps to reduce the chances of your data being hijacked and falling victim to ransomware.

  1. Make regular backups.
    This is Ransomware Defense 101. The scammers want to restrict access to your data, but if you have a recent backup copy of it, you’re one step ahead of them. Organize your vital data so that it is stored in a secure location, and regularly back it all up. – You can back up your data to an external USB drive, or have it backed up to the cloud (we recommend doing both!) How often you back up your data should be based on how often your files are updated. Daily user? Backup daily!
  1. Keep your computer updated.
    Whatever platform you’re using, desktop, tablet, or smartphone, stay up-to-date with your operating system updates and security patches. Did you disable Windows Update? Switch it back on, and make sure you’re running the latest version. *Note – Windows 7 stopped receiving critical updates in January 2020. It’s imperative that you upgrade your operating system to Windows 10 to ensure you’re receiving the latest updates and security releases.
Windows 10 Security Updates
  1. Spot suspicious files, enable file extensions.
    One way of combating ransomware (and other malware) is to use your eyes. Many malicious tools have multiple file extensions (such as, for example; .PDF .EXE) which immediately identifies them as dangerous if you know what you’re looking for. By enabling file extensions in Windows, you can spot and delete them (or let your anti-virus software destroy them).
How to Enable File Extensions
  1. Email Filtering and Hyper Vigilance.
    Most desktop email clients automatically scan incoming messages for malware and viruses that are attached, but hackers are constantly trying new methods to deliver their malicious files to your PC. As a general rule, you should never open an email or an email attachment from someone you don’t know or recognize. To avoid filters, hackers will send you a link that will lead you to a site that will automatically start the download of a malicious file. It’s best to avoid clicking on any links that are received through email, even if the link looks legitimate. Hackers will often change one letter within a domain address, which will lead you to a malicious site. Stay Hyper Vigilant!
Carefully Scrutinize Your Emails
  1. Employ a Firewall and Internet Security Suite.
    As with all data security challenges, the best protection you’ll get from ransomware is with a competent internet security suite and an up-to-date firewall. There are many options available for your network and internet security. Give us a call if you’d like to learn more about our recommendations.
ESET Antivirus and Endpoint Protection

CREG Systems deploys a myriad of tools to help protect our partners and mitigate their risks or malware and ransomware. Call us today to learn more about how we can help secure your network and keep your data out of the hands of cyber-criminals.

CREG Managed Security Services

The Benefits of using a Managed IT Service Provider (MSP)

Using a managed IT service provider (MSP) is often an appealing option for a company looking to outsource the support of their entire IT infrastructure. 

Maintaining modern IT systems requires a specific and high-leveled knowledge base, which you can tap into by utilizing an MSP. As a bonus, managed IT services also provide solutions to some of the problems accompanying in-house IT services.

IT Support

There are many benefits to an MSP.

Managed IT services are a great option for small- or medium-sized companies looking for redundancy, knowledge and cost savings when it comes to addressing their IT needs.

Managed IT services monitor and manage your IT network remotely. An MSP can detect problems and solve issues before they cause disruption, give you insight into your IT system, and address technology needs as they arise.

There are four primary benefits of using managed IT services:

  1. Managed services offer redundancy.
  2. MSP engineers are knowledgeable.
  3. Managed services are cost-effective.
  4. Managed services are easy to find.

By touching on each of the above topics, we’ll give you an idea of what to expect with managed IT services. However, if you’re looking for a longer, more in-depth explanation of managed IT services, contact us for a personalized discussion.

1. Managed services offer redundancy.

The top benefit of choosing an MSP versus an in-house IT department is it provides redundancy.

With a managed service provider, you’ll have access to a technician ready to address your IT problems 24/7/365. 

In the world of managed services, redundancy means there are additional resources so you never go without service.

Like any other employee, an in-house IT technician takes sick days, vacations, or personal days. Often, IT issues aren’t resolved until that person returns to the office. Your assigned MSP technician will still have days he or she is out of the office, but redundancy ensures there is still a technician to address your problems.

Redundancy also prevents your IT technician from being overwhelmed by the requests that piled up while he or she was gone. With an MSP, you have a pool of resources at your disposal to keep your IT systems running smoothly.

This is also true for augmented managed IT services where an MSP supports your existing IT team. Your in-house IT folks can rely on the MSP to stay on top of requests when he or she is gone. 

With an MSP responsible for all your IT needs, the technicians support each other.

2. MSP technicians are knowledgeable.

To ensure an in-house IT team can address all levels of problems your IT system may encounter, you’d have to hire an extremely skilled employee. Some of the things your technician will have to know:

  • Windows and/or Mac operating systems
  • Network troubleshooting and set up
  • Virus and malware removal
  • Antivirus installation
  • Voice and email set up and troubleshooting
  • Writing and troubleshooting script
  • Troubleshooting and configuring web applications
  • IT stack set-up, configuration, and migrations
  • Network and security solutions
  • Routing protocols
  • Configuring hardware platforms

The majority of items on the list requires the knowledge of tier 1 or 2 (entry-level) technicians. The more complex components, like network and security solutions, routing protocols, and configuring hardware platforms, require a more experienced technician to address them. Those components of IT services are less common, though.

In other words, small- and medium-sized companies with in-house IT have to pay for more resources than they’ll need most of the time. They need the depth of expertise available for the instances when they’ll need to handle some of the more finicky components of your technology stack.

An MSP hires technicians with expertise in specific IT disciplines. This means they should have a representative with an answer to any problem you have.

3. Managed services are cost-effective.

For the amount of expertise you receive with managed IT services, you’ll have significant cost savings. Most managed IT service plans cost as much as the salary and benefits of a tier-1 or tier-2 engineer. 

Hiring an IT technician with the knowledge most companies need easily starts in the $100,000 to $150,000 range.

This doesn’t include the cost of benefits.

According to the US Department of Labor, the average employer pays around $24,000 per employee for paid leave, bonuses, overtime, insurance, retirement, and other legally required benefits.

Most small- and medium-sized businesses are hard-pressed to find a surplus in their budget of $125,000 or more for one employee.

With an MSP, you’ll pay less and get more. Your expense will cover continual service and provide you access to every skillset you need. 

The cost of managed IT services is complex. As a guide, you can expect to pay $500 per site for an audit and around $85 per user per month. You’ll also need to purchase a firewall for each site, if you don’t already a supported one in place. 

A year of managed IT services typically costs between $12,500 and $118,500, depending on your size and needs. The high end of the cost for managed services is still less than the low end of a salary and benefits for a qualified in-house technician.

4. MSPs do the recruitment for you

If the cost isn’t prohibitive in your IT plan, you might find yourself hindered when it comes to recruitment. To find someone with the mastery of the skills you’ll need in an in-house IT employee, you’re going to have to search far and wide to fill the position. 

Recruitment also costs more money, and the elusiveness of the right candidate can draw out the recruitment process and rack up a large bill. 

Without having to spend any additional money, a reliable MSP will assign you an technician who is a good match for your company. He or she will work closely with you, get to know your unique problems, what programs you rely on, and your company individually.

Even though you won’t choose the technician from the pool of candidates, you’ll still end up with an expert best suited for your company’s needs.

Not only does an MSP, like CREG Systems, provide the most for your money, but we’re also easy to find. 

Efficiency Quality Speed Cost
Increased Efficiency, Top Notch Quality, Increased Speed, Lower Costs

Where to Start

You could draft a job description for a highly skilled and knowledgeable IT technician, pay to post it online, and spend time (and money) on the recruiting process to ultimately end up with an expensive line item in your budget. 

However, if the process of hiring your own in-house technician sounds difficult and expensive, choosing an MSP provides a better, simpler option. 

If you’d like to learn more about how an MSP solution might be right for you and your business, contact us today for an in-depth discussion about your specific needs. (315)788-0000


CREG Systems donates and installs phone system upgrade for local mission.

Communication is key to providing much needed community support.


Watertown NY, February 13, 2021 – If you’ve placed a call into the Watertown Urban Mission or Impossible Dream thrift store recently, you may have noticed the new automated attendant greeting and simplified routing options that are making it easier to connect ‘North Country’ residents to the help and support they need during the pandemic.

CREG Systems has supported the Urban Mission’s phones, alarms, and cameras for the better part of the last 20 years. CREG recently donated and installed an upgrade to the mission’s Nortel phone system, allowing them to take advantage of new features such as remote worker/mobility integration,
built-in multi-level auto attendant, instant messaging, voicemail to email integration, and easy system/user administration. This has allowed the mission’s staff to be dynamic, adapt to changing COVID guidelines, and keep all lines of communication open with the community it supports.

“We at CREG Systems have always believed in the Urban Mission’s vision and recognize how important their work is for the community. Communication is vital during this global pandemic as people are relying on community organizations for help now more than ever,” said CREG Systems President, Jason Wendt. Lead installation technician, Jim Nichter also added “We’re excited to bring life back into the Mission’s phones. The new mobile and PC apps will let them answer their work phones no matter where they’re working from. If you need them, they’re just a call away.”

Watertown Urban Mission Executive Director, Dawn Cole had this to offer, “We truly appreciate our longstanding partnership with CREG Systems. This generous donation of a much-needed upgrade to our phone system has revolutionized our communications infrastructure, allowing us to be more responsive to our friends and neighbors in need.”

About CREG Systems Corp.

CREG Systems Corp has served Northern NY businesses in all areas of communication, security, cabling and technology since 1973.