Security Round Up March 2019

Security Round Up March 2019

Biggest Treats:


A new phishing campaign to steal login credentials from businesses is specifically targeting senior executives.

A fake email claiming to be from a company CEO discusses the rescheduling of a board meeting, but the email’s link leads users to a page resembling a Doodle poll which can steal Office 365 credentials. Researchers at GreatHorn first discovered the campaign.


A server that was used to store recordings of phone calls made to a Swedish “healthcare hotline” has reportedly been found exposed online without password protection.  The service provided medical advice via a national health service telephone line.

170,000 hours of calls containing highly personal information were reportedly stored on an open web server without any encryption or authentication. The server contained recordings of conversations going back to 2013.

In the News:


Russia is considering a plan to temporarily disconnect from the Internet to gauge how the country’s cyber defences would fare in the face of foreign aggression. The experiment comes as lawmakers assess the Digital Economy National Program, draft legislation that was submitted to Russia’s parliament last year, according to the RBK news agency.

The draft legislation would require Internet providers to make sure they can operate if foreign countries attempted to isolate the Russian Internet. The bill was introduced after the White House published its 2018 National Security Strategy, which attributed cyber attacks on the United States to Russia, China, Iran and North Korea.


Thousands of websites are being hit by cyber-thieves who implant code to scoop up payment card numbers.
Security giant Symantec found more than 4,800 websites were being hit by Form-Jacking attacks every month.
“Cyber-criminals are continuing to find new ways to make money, and when they do, they pile in.” – Orla Cox, director of Symantec’s security response unit.

Multiple Sources

“There’s no silver bullet solution with cyber security, a layered defense is the only viable defense”
– James Scott, Senior Fellow, Institute for Critical Infrastructure Technology

February 2019 Cyber Attacks Statistics

  • Form-Jacking attacks have skyrocketed, with an average of 4,800 websites compromised each month.
  • Supply chains remained a soft target with attacks ballooning by 78%.
  • 41% of companies have over 1,000 sensitive files open to everyone

Windows 7 Support End Jan 2020

Windows 10

Windows 7 extended support ends January 14th 2020 which means from that date onwards Microsoft will stop fixing security problems in Windows 7 operating systems. Devices with Windows 7 will still function and can still be activated, but future exploits and security vulnerabilities will not be fixed, leaving those devices insecure.
Microsoft will also discontinue technical support for the operating system on windows support. This means that incidents like the WannaCry attack, that targeted non-patched XP machines in 2017 disrupting services, such as the NHS will be much more likely on Windows 7 machines.


3 Core Security Principles Your Company Should Follow3 Core Security Principles Your Company Should Follow

  • Establish your Security Baseline – Password Policies, Minimum Access Policies, Conditional Access Policies, Data Protection Policies, etc.
  • Patch Software with Security Patches as soon as they become available.
  • Utilise a good anti-virus, preferably with a ‘Default Deny’ posture to unknown applications – to counter Zero-Day threats.

What separates Small Businesses from Large Enterprises when it comes to IT?

It’s not a trick question, in fact, the tools that most businesses use are the same regardless of size. All modern organisations require some computers, they require an email service, they require anti-virus, they require data storage and all organisations, regardless of their size, require someone with adequate knowledge to deliver their ICT infrastructure.
Typically, smaller organisations outsource their ICT requirements to an external contractor, who has limited knowledge around enterprise solutions and resorts to providing a minimum cost solution, using budget tools, that provides little or no protection to the ICT infrastructure. Most of these providers entice customers with ‘low’ monthly fee’s, but these are typically incorrect and change on a monthly basis.  As a result, unless these providers come from a background in delivering high-end solutions they simply won’t have the knowledge, experience or contacts available to deliver an effective solution.

“Investing once in technology is not enough , continuous investment is required to maintain the security and efficiencies of your systems. If you ’re not keeping your systems up to date and secure, your putting your business and its data at risk “



Curatrix Technologies, as a Microsoft Cloud Service Provider, recommends Microsoft 365 Enterprise for all organisations conscious about the security of their data. By using Microsoft 365 Enterprise, you gain access to:

Office 365 E3
*Providing Enterprise Email and Document Storage
*Security and Compliance centre offering 1 click auditing

Windows 10 Enterprise

Microsoft Intune
*Providing Conditional Access to your data to trusted users and devices

Azure Information Protection
*To categorise, encrypt and protect document access

Microsoft Advanced Threat Analytics and Device Guard
*First line Anti Virus

Unrivalled Features

What is Trident UC?
Trident is Curatrix flagship fully hosted and managed High Definition (HD) IP telephony service (VoIP). Our Trident platform is run on BT’s highly resilient and secure next-generation network and provides the functionality of a high-end telephone system but with no physical on-site switch.
To connect to Trident, you simply require a reliable voice quality internet connection. We believe that call quality is paramount, which is the reason why we offer dedicated voice over Broadband and Ethernet circuits.
For those businesses with multiple sites, we provide Ethernet circuits to ensure maximum call quality securely linked by our Virtual Private Networks (VPNs). Importantly, Trident call traffic bypasses the public internet entirely, ensuring the absolute quality of service for your customers.

Who would benefit from Trident UC?
Trident is suitable for businesses of any size with single or multiple sites. We can scale from the very small single office to multisite networks or indeed large corporate headquarters, providing seamless, reliable, predictable and hassle-free levels of communication functionality.

What are the inclusive features of Trident UC?
Unlimited free on-net calls and 5000 minutes of calls to UK 01/02/03* numbers and UK mobile
Networks: Advanced hunt group, Voice messaging with voicemail to email, Unlimited levels of auto-attendant, UC Business mobile application to include IM&P and video
Calling: Go Integrator Lite for Skype for Business, Self Service Portal, 24/7 network monitoring, Service Assurance Portal, End-to-end service

What are the enhanced features of Trident?
Latest Functionality – MeetMe Conferencing, Flexible number portability – retain your office numbers, Call Centre ACD, Call recording with 6 months’ storage (or more), Full integration with CRM – Go Integrator DB, In-depth call analytics, the Latest range of Yealink and Polycom handsets

Curatrix is proud of our product range and our customer service SLA, trust pilot and google reviews speak for themselves. We are proud to have supported many charities and members of the Hampshire Chamber of Commerce and will continue to do so as committed members of the Hampshire Chamber Professionals Forum.

For help or advice on any of these matters:

Call or email Curatix Technologies on +44 (0)33 3241 2226, email [email protected]


About the Author