Upgrade Notice: Login Service Enhancements and Monitoring Improvements
Over the weekend, we designed, tested, and implemented new architectural solutions to address recent issues with the central login service for ExchangeDefender products. Additionally, we identified and began resolving a critical alerting issue that had prevented our NOC from receiving timely notifications about service outages.
To expedite improvements, we deployed a web cluster originally planned for a later release. This new cluster introduces advanced high-availability features, including self-healing capabilities and integration with modern, distributed monitoring solutions to ensure consistent global accessibility.
Given the scope of this upgrade, we opted for a phased rollout using A/B testing to ensure service reliability. Over the past three days, we’ve gradually increased traffic to the new cluster, starting at 12%, while monitoring server and load balancer performance metrics. Currently, 20% of traffic is routed through the new cluster, with the remaining 80% handled by the legacy system. In the event of a failure in either cluster, the load balancer will dynamically shift all traffic to the active system, even if a customer was initially pinned to the affected cluster.
Performance Improvements
The initial results have been highly encouraging, with noticeable performance gains. We’ve observed a 5x improvement in P95 latency and a 3x improvement in P99 latency compared to the previous setup.
Next Steps
Next weekend, we plan to implement the final phase of this upgrade, introducing automated transitions between data centers to address any performance or reliability issues proactively.
Addressing Notification System Failures
During our investigation, we identified a failure point in our notification system. Alerts were being throttled or discarded by our SMS gateway, particularly during cascading outages triggered by login server downtime. We’ve since refreshed our monitoring solution with modern analytics tools and implemented multiple alerting pipelines to prevent future disruptions. While we continue to work with our SMS gateway provider to resolve filtering issues, these changes significantly improve our ability to detect and respond to service issues.
Thank You for Your Patience
We sincerely appreciate your understanding as we worked to diagnose and resolve these challenges. We recognize how frustrating the repeated service interruptions have been and want to assure you that we’ve been actively addressing these issues with a focus on long-term reliability and minimal disruption.
Thank you for your continued trust in ExchangeDefender.
What is Ransomware? The Price of Clickbait
What is Ransomware?
Ransomware is a type of Malware. It is a nasty computer virus that locks up your important files. Think of your files as your favorite photos, important documents, or work projects. When ransomware strikes, it scrambles these files, making them useless until you pay the hackers. It’s like a digital thief who kidnaps your data and demands a ransom to give it back.
The Allure of Malicious Links and Attachments
Let’s be real, we’re constantly bombarded with information. From social media to email, we’re exposed to a constant stream of links and attachments. While many of these are harmless, some can be incredibly dangerous.
Why do people click on malicious links and attachments?
- Curiosity: A well-crafted subject line or intriguing message can pique our interest, leading us to click without thinking.
- Sense of urgency: Cybercriminals often use tactics like “urgent action required” or “limited-time offer” to create a sense of urgency, prompting us to click impulsively.
- Trust in the sender: If the email appears to be from a trusted source, such as a friend, family member, or colleague, we may be more likely to let our guard down.
The Devastating Consequences
The consequences of clicking on a malicious link or attachment can be severe. Ransomware attacks can cripple businesses, government agencies, and individuals, leading to significant financial losses, data breaches, and reputational damage.
How to Protect Yourself
To protect yourself from ransomware attacks, it’s essential to practice good cyber hygiene. Here are some tips:
- Be cautious of unsolicited emails: Avoid opening emails from unknown senders or those with suspicious subject lines.
- Verify the sender: Double-check the sender’s email address and look for any typos or grammatical errors.
- Hover over links before clicking: This can help you identify malicious links that may redirect you to harmful websites.
- Use strong, unique passwords: A strong password can make it more difficult for cybercriminals to access your accounts.
- Keep your software up-to-date: Regularly update your operating system and software applications to patch vulnerabilities.
- Back up your data: Regularly back up your important files to an external hard drive or cloud storage service.
By following these simple tips, you can significantly reduce your risk of falling victim to a ransomware attack.
Remember, a single click can have devastating consequences.
Whaling: A Sophisticated Cyber Threat Targeting High-Profile Individuals
Whaling, a type of phishing attack, targets high-profile individuals within an organization, such as CEOs, CFOs, and other executives. These individuals are often referred to as “whales” due to their high-value status and the potential for significant financial gain or data breaches if compromised.
How does whaling differ from traditional phishing attacks?
While traditional phishing attacks cast a wide net, sending out generic emails to a large number of recipients, whaling attacks are highly targeted and meticulously crafted. Cybercriminals conduct extensive research on their victims, gathering information about their personal and professional lives to create highly convincing and personalized messages.
Key Characteristics of Whaling Attacks:
- Highly Personalized: Whaling emails are tailored to the specific recipient, often referencing their role, recent projects, or personal information.
- Urgent Tone: Whaling attacks often create a sense of urgency, urging the victim to take immediate action, such as transferring funds or sharing sensitive information.
- Spoofed Identities: Cybercriminals may spoof the email addresses of trusted individuals or organizations to increase credibility.
- Sophisticated Social Engineering Techniques: Whaling attacks employ sophisticated social engineering tactics to manipulate victims into compromising their security.
Example of a Whaling Attack
A cybercriminal might impersonate a company’s CEO and send an urgent email to the CFO, requesting an immediate wire transfer. The email could be crafted to appear legitimate, using the CEO’s email address and signature. If the CFO falls for the deception, they could unknowingly transfer a large sum of money to the attacker’s account.
Protecting Yourself and Your Organization
To protect against whaling attacks, organizations should implement robust security measures, including employee awareness training, strong password policies, multi-factor authentication, and email filtering solutions. Additionally, executives should be particularly cautious when receiving unexpected requests, especially those that involve financial transactions or sensitive information.
Protect your Microsoft 365 environment with ExchangeDefender security solutions. Try ExchangeDefender PRO for free today!
Spoofing vs. Phishing: Understanding the Differences
In today’s digital world, online security is more important than ever. Two common threats that can compromise your personal information and security are spoofing and phishing. While these terms may sound similar, they represent distinct types of cyberattacks. In this blog post, we’ll explore the differences between spoofing and phishing, how they work, and how you can protect yourself from falling victim to these scams.
Spoofing: It’s Not Who You Say You Are
Spoofing is like someone pretending to be someone else online. For example, a scammer might send you an email that looks like it’s from your bank, but it’s actually from them. They’re trying to trick you into thinking they’re someone you trust.
Phishing: A Fishing Expedition for Your Information
Phishing is a bit like a fishing expedition, but instead of catching fish, scammers are trying to catch your personal information. They might send you an email or text message that looks like it’s from a legitimate company, asking you to click on a link or download an attachment. If you do, you might end up giving away your personal information, like your passwords or credit card numbers.
The Key Differences
- While both spoofing and phishing involve deception, there are some key differences between them:
- Intent: Spoofing is often used to gain unauthorized access or launch other attacks, while phishing is primarily used to steal personal information.
- Techniques: Spoofing involves technical methods to disguise the sender’s identity, while phishing often relies on social engineering techniques to manipulate victims.
- Impact: Spoofing can have a variety of consequences, while phishing attacks are primarily used to steal personal information.
How to Protect Yourself
- Be skeptical. If you get an unexpected email, text, or phone call, be suspicious. Don’t click on links or open attachments unless you’re sure they’re from who they say they’re from.
- Check for typos and grammar mistakes. Scammers often make mistakes in their emails or texts.
- Never give out personal information. Don’t share your passwords, credit card numbers, or other sensitive information with anyone unless you’re absolutely sure they’re who they say they are.
By being aware of the difference between spoofing and phishing, and by following these tips, you can help protect yourself from becoming a victim of these scams.
Looking for Spoofing AND Phishing protection that’s affordable? Go for ExchangeDefender PRO!
Hack the Future: RSVP for the ExchangeDefender Hack-a-ton
We will, we will hack you!
Please join us for a special ExchangeDefender virtual event.
Friday, September 13th, 2024 – 1 PM EST
https://attendee.gotowebinar.com/register/3500231937112410199
You will be among the first to hear about our new line of business that we are currently building in public. See how you can get involved and profit from the platform we’re putting in our partner’s back pocket.
Remember that more than 90% of corporate security exploits start with a phishing email. We’ve done everything possible to keep those messages out of your Inbox and now have something new to announce.
See you next Friday 🙂
Insider Threats: A Growing Cybersecurity Challenge
Insider threats pose a significant risk to organizations of all sizes. These threats come from individuals within an organization who have authorized access to systems and data. They can range from unintentional mistakes to deliberate acts of sabotage.
Types of Insider Threats
- Malicious Acts: Deliberately stealing data, sabotaging systems, or causing damage.
- Negligence: Accidentally compromising security due to carelessness or lack of awareness.
- Espionage: Sharing sensitive information with unauthorized parties.
- Fraud: Using their position to gain financial advantage.
Why Insider Threats Are Dangerous
- Access to Sensitive Data: Insiders have legitimate access to critical systems and data, making them a significant threat.
- Difficult to Detect: Insider threats can often go undetected for extended periods, as they may mimic normal user behavior.
- Damage Potential: Insider threats can cause significant damage, including financial loss, reputational harm, and operational disruption.
How to Mitigate Insider Threats
- Strong Access Controls: Implement robust access controls to limit user privileges and prevent unauthorized access.
- Regular Security Awareness Training: Educate employees about the risks of insider threats and provide them with the tools to identify and report suspicious activity.
- Behavioral Analytics: Monitor user behavior for anomalies that may indicate malicious activity.
- Data Loss Prevention (DLP): Implement DLP solutions to prevent unauthorized data exfiltration.
- Incident Response Plan: Develop a comprehensive incident response plan to address security breaches effectively.
By understanding the risks posed by insider threats and implementing appropriate measures, organizations can significantly reduce their vulnerability to these attacks.
Defending Your Inbox: Combating Today’s Top IT Threats
The digital landscape is a battlefield, and your inbox is the front line. With cyber threats evolving at lightning speed, it’s crucial to equip your business with the right defenses. In this post, we’ll explore the most common IT challenges businesses face in 2024 and how ExchangeDefender can help you stay ahead.
The Modern IT Battleground
Today’s businesses navigate a complex IT environment fraught with challenges. Ransomware, phishing, and data breaches are constant threats, while the shift to remote work introduces new vulnerabilities. Simultaneously, organizations grapple with digital transformation initiatives, talent shortages, and the complexities of managing hybrid workforces.
ExchangeDefender: Your Shield Against Cyberattacks
At the heart of these challenges lies Email Security. As the primary attack vector for many cyber threats, protecting your inbox is paramount. ExchangeDefender offers a comprehensive solution to combat these threats:
- Ransomware Protection: Our advanced threat detection capabilities identify and block malicious emails before they reach your inbox, safeguarding your sensitive data.
- Phishing Defense: Our robust anti-phishing measures educate your employees and protect them from sophisticated phishing attacks.
- Data Loss Prevention (DLP): Prevent sensitive information from leaving your organization through email.
- Email Continuity: Ensure uninterrupted business operations with our email continuity solution, even in the face of email server outages.
Overcoming IT Challenges with ExchangeDefender
Beyond email security, ExchangeDefender can help you address other critical IT challenges:
- Hybrid Work: Our solution supports remote work environments, ensuring secure email access from anywhere.
- Cloud Migration: Seamlessly integrate ExchangeDefender with your cloud infrastructure for comprehensive protection.
- Cost Optimization: Reduce IT expenses by consolidating email security and archiving into a single platform.
By investing in a robust (affordable) email security solution like ExchangeDefender, you can significantly reduce your risk of falling victim to cyberattacks and build a stronger foundation for your business.
Are you ready to fortify your inbox against today’s threats? Message us to learn more about how ExchangeDefender can protect your organization.
#emailsecurity #cybersecurity #ransomware #phishing #datasecurity #exchangedefender
LiveArchive Cloud Considerations: It Works Everywhere!
Over the past month we’ve been holding LiveArchive Workshop Series with clients who want to get LiveArchive deployed and staff trained in under 1 hour. It’s going well and the question we get the most is: “Will it work on Azure/Linode/Oracle/___?!” Yes, it works with ALL public and private clouds because it’s built on top of open source technology standards that everyone offers. In order to deploy LiveArchive you’d follow the same principles and steps outlined in our Cloud Backend Setup at Amazon AWS, Microsoft Azure, Oracle Cloud, Google Cloud (even if you host it yourself on your own network/hardware). All public clouds offer containerized services and the Docker containers that make up LiveArchive are mariadb:latest, minio/minio:latest, and exchangedefender/livearchive-webmail:latest.
Navigating IT Politics
Now that you know ExchangeDefender LiveArchive works on all the popular cloud providers, it’s time to pick one. Here are 3 things to keep in mind:
1) Your choice will typically be controlled by the clients existing infrastructure and vendor policies – if they are an all Microsoft shop you’ll likely be deploying LiveArchive on Microsoft Azure. Regardless of your choice of cloud vendor, you will still get the same LiveArchive performance and keep in mind that full source code for the entire stack is available here: https://github.com/exchangedefender/livearchive-webmail. Having access to the code gives you the ability to optimize, customize, and future-proof your setup.
2) You will need access to DNS. In order to deploy LiveArchive you will need to create a CNAME for the LiveArchive UI which is required in order to request an SSL certificate.
3) You will need to allow several network policies on your choice of public or private cloud. Specifically, you will need to allow tcp ports 80/443 for the web services and you will need to allow tcp ports 9000/3306 to our LiveArchive network so that we can store your messages and message metadata. Cost is also an important criteria for many organizations so we recommend researching cloud cost calculators
This way you can see who will give you the best bang for the buck currently vs. over time as your organization grows. If you’re trying to keep the costs to a minimum your best option is going to keep minio and MariaDB services self-hosted or on semi-dedicated/VPS/colo deployment and to only put the LiveArchive Web UI in the cloud.
We look forward to seeing you in our workshops, and keep in mind you can get it going in under 10 minutes just by following these steps!
5 Reasons Why You Need Live Archive Email Backup
In the fast-paced world of business, safeguarding your critical communication is non-negotiable. That’s where Live Archive Email Backup steps in, offering a comprehensive solution to address the evolving challenges businesses face today.
1. Security at the Forefront
Value the security of your business data with Live Archive. Safeguard your critical communication from potential threats, ensuring the integrity of your business information is maintained at all times.
2. Fortify Against Ransomware
In the battle against crypto-locking threats, Live Archive becomes your shield. Protect your email backups, ensuring your data remains accessible even in the face of a compromise. It’s the ultimate defense strategy for your digital assets.
3. Long-Term Email Preservation
Ensure the continuity of your business with Live Archive’s long-term email preservation. Back up and archive email data for extended periods, meeting regulatory and business continuity requirements seamlessly.
4. Budget-Friendly IT Solutions
Navigate the complex IT landscape with ease by choosing Live Archive—a cost-effective email backup solution. It provides robust protection without straining your IT budget, making security accessible to businesses of all sizes.
5. Storage Flexibility for Your Needs
Your data, your choice. Live Archive offers storage flexibility, allowing you to store your critical information on the cloud, on-premises, or both. Tailor your backup strategy to suit your business needs effortlessly.
Live Archive Email Backup is the key to unlocking peace of mind in your business operations. Prioritize security, accessibility, and longevity—choose Live Archive for a reliable and comprehensive email backup solution. Your data deserves nothing less.
ExchangeDefender Supernet
Last month we announced a major upgrade and expansion of our network to better serve our clients in a more challenging cybersecurity world. I’m sure you’ve seen many stories in the news about cyber attacks and how some groups and nations are expected to attack our critical infrastructure.
We can assure you that those threats are real and are ongoing in a very focused fashion. In order to prepare for a more massive attack, we’ve had to rely on some BGP routing magic to make ExchangeDefender far more resilient.
Make sure you allow inbound SMTP traffic from ExchangeDefender’s 65.99.255.0/24 (255.255.255.0) range.
This range has been in use by ExchangeDefender since 2003 so if you’ve followed our deployment guide correctly you should be all set. If you’ve chosen to deploy ExchangeDefender differently and have other scanning/security active on that range, you might see email delivery delays and failures. Easy fix, just add the whole class C.
What is happening under the hood is that all of our different data centers are routing traffic via the same 65.99.255.x range. Even if half of our data centers disappear due to a telecom or power event, we will be able to continue email delivery.
As you’ve seen over the past year, we’ve focused on Inbox, LiveArchive, and upcoming Replay features to improve security and reliability. Like you, we wake up every day to another Exchange/Gmail event/issue/policy/fubar and nobody likes losing email or the ability to communicate. This is why having ExchangeDefender around your email infrastructure is critical if email is critical to your organization. The new supernet has been routing messages for over a month with no issue and on Wednesday, May 15th we will make it available for everyone.