What You Need to Know About CMMC 2.0

Are you CMMC Compliant?

Now more than ever, it is becoming more and more important to start improving your cybersecurity posture. From a business standpoint, so much of what you do is web-based. This leaves you open to the threats that accompany the web. 

However, you can be proactive and prepared with a strong cybersecurity plan. CMMC 2.0 is just one of those solutions. Are you compliant with CMMC

It just might be time to get on board with cybersecurity for your business. It’s not just for the Department of Defense but for any commercial market that contracts with them. 

Keep reading to learn everything that you need to know about CMMC 2.0.

 

What is CMMC?

CMMC stands for Cybersecurity Maturity Model Certification. Version 2.0 is simply the latest revision of that program. 

CMMC is a compliance requirement based around NIST 800-171. It’s an assessment program geared explicitly toward cybersecurity with the Department of Defense and contractual providers in mind. 

The requirement to be compliant is fairly new, and while CMMC 2.0 has already been released, it will not be  a requirement for some time still. Ultimately, the design for compliance is to proactively keep data secure and mitigate multiple threats through review. 

Here are some of the features of the requirements. 

  • Employ professional and ethical standards that are geared to gain and maintain the trust of the public
  • Improve accountability for DoD requirements without excessive barriers. 
  • Enhance cyber security by mitigating threats and recognizing new threats as well. 
  • Protect sensitive data of DoD personnel
  • Collaborate to improve cybersecurity and proactively work against it while growing resilience

The real problem is that while CMMC was enacted in 2018, a massive number of contractors and businesses remain out of compliance. 

Businesses are required to obtain third-party assessments and audits at this point, and even with the CMMC program, many of those businesses will still have to obtain a third-party assessment. Even though one of the program’s high points is to help eliminate that need. 

There are five different levels of CMMC.

 

CMMC Levels

CMMC is offered in tiers that consist of 5 different levels. The levels depend on the amount of security that might be required or the data at stake and in so, the expectations do change for each level. 

Each level has a certain number of controls within the level, and they build on each other. For example, Level 1 has 17 controls. Level 4 has 156 controls, and it also includes the controls from levels 1, 2, and 3. 

Here is a basic overview of the levels, according to Fed Tech Magazine:

  1. Level 1 is designed to safeguard federal contractual information
  2. Level 2 is designed to be a stepping stone for cybersecurity from Level 1 in the progression towards controlled unclassified data
  3. Level 3 is designed to protect CUI specifically (controlled unclassified information)
  4. Level 4 is designed to build on Level 3, protecting CUI and reducing advanced threats
  5. Level 5 is the highest level and builds on each level to protect CUI and fight advanced persistent threats against security

Level 1 is basic practice, and level 5 is fully optimized behavior regarding cybersecurity and taking steps to protect CUI.

 

Who Needs CMMC?

The field of those who have to comply with CMMC 2.0 is vast. This program is geared towards the Department of Defense cybersecurity, which means it is far-reaching. Not only does this mean the direct Department of Defense and the military forces that are part of the DoD but it also refers to any company that does business with the DoD. 

This list is massive, and includes thousands of companies. However, it isn’t only large corporations that must be in compliance. Companies of all sizes will need CMMC 2.0 and need to navigate the rules that are put out and then act to bring themselves into compliance. 

This isn’t specific to an industry. It is any corporation or business that does business or contracts with the Department of Defense. If you consider all of the branches and the myriad of suppliers they must have, you probably are still estimating low on the number of businesses. In fact, the estimate is that when CMMC 2.0 is officially rolled out, more than 40,000 contractors will need third-party assessments. They estimate that at least 220,000 businesses total are involved with the DoD in some way.

 

Why Was CMMC 2.0 Created?

Many wonder why CMMC 2.0 would be necessary when CMMC already existed and wasn’t even in full force yet. 

CMMC was put into place in 2018, yet many businesses were still out of compliance. The program was set to be reviewed in 2021 as they started placing CMMC into contracts. However, they quickly found that implementing CMMC could be extremely costly and time-consuming as it currently stood. 

They specifically were concerned for the small businesses that would be affected by the requirements and how they would implement and maintain a high level as required. The original CMMC was not scaled and did not take different business practices into consideration. 

This need to recognize different levels and change the rules and practices led to creating CMMC 2.0. Once that was realized, they put everything on hold while they ironed out the details of CMMC 2.0, determined how to implement it, and then created the rules for it. 

Right now, businesses that contract with the Department of Defense have a head’s up and a basic understanding of the rules, but the final requirements are yet to come.

 

What are the Main Changes Between CMMC and CMMC 2.0?

There are quite a few changes from CMMC to CMMC 2.0, but the biggest change is how different levels are handled and their requirements. 

For example, some businesses will be able to self-attest to their cybersecurity practices, depending on the data they use or have access to. If their data is not specific to national security, they will be allowed to self-attest. This would be your Level 1 and maybe some Level 2 businesses. 

Some of these businesses do work with or for the DoD, but they don’t handle any sensitive data, so their requirements don’t need to be near as stringent. Ultimately, Level 1 businesses will be able to self-attest by having a senior executive sign off that they are in compliance with cybersecurity standards. 

The hope is that regulating the tiers and what is required of each tier will reduce the burden of requirements all around. The higher the tier, the more sensitive their data is, and the more stringent their requirements will be with the changes implemented by CMMC 2.0. 

As we mentioned earlier, this change will potentially reduce the number of contractors that have to be thoroughly reviewed by the DoD from the entire 220,000+ businesses to 40,000 that will require a third-party assessment.

 

As the levels move up, fewer businesses fall into the tiers. About 80,000 businesses fall into Level 2, but not all require external assessments. Level 3 businesses only include about 500. They will be audited by DoD themselves.

The changes from CMMC to include all businesses and CMMC 2.0 to create the different tiers reduces the burden for the Department of Defense and a significant number of businesses that they work with. 

Small and medium businesses that do not deal with critical data will not have to follow the same challenging standards as level 3-5 businesses, which have the most sensitive data at their fingertips. 

Some of the other specific changes are not fully known yet as they continue to determine the rules that will be enforced with CMMC 2.0. However, this review covers the most anticipated differences expected from the change. 

CMMC 2.0 also has a waiver opportunity in some cases. It is a limited waiver, but CMMC did not allow for any kind of waiver.

 

When Will CMMC 2.0 Be a Requirement??

CMMC 2.0 has quite a way to go still. The Department of Defense has already set the expectation that 2023 is the anticipated timeline for CMMC 2.0 being a requirement. Since they decided to change gears on their approach, they’ve halted the implementation and put requiring CMMC compliance on hold until they have finalized the new rules of 2.0. 

They have acknowledged that it will take time to come up with rules and specifics. You can view the basics of the ruling and the categorization of the levels that will be implemented. However, patience will be required to find out all of the details. 

When they do present the final rules, they will also provide a hard deadline for compliance. Right now, the statement is that they will allow 180 days for businesses to comply. 

The Deputy Assistant Secretary of Defense for Industrial Policy, Jesse Salazar, quotes: “My hope is that no company in the defense industrial base or in the broader commercial market is waiting for DoD contractual requirements to begin its cyber readiness process. We are encouraging all companies to start improving their cybersecurity.”

Rather than wait until those final rules are enforced, a business could go ahead and start planning to accommodate cybersecurity and figuring out their steps. If you wait until the last minute to begin preparing, you will more than likely run into issues getting things established and won’t be compliant when you need to be.

 

When Will Waivers Be Allowed?

While the exact specifics of the waivers might not yet be 100% known, the understanding is that the waivers will be allowed primarily on an as-needed basis. 

The waiver is a limited waiver for certification requirements. It will be a temporary waiver granted when a case is mission-critical. The understanding is that they will be granted on a case-by-case basis and won’t just be handed out freely. They will require approval from senior leadership personnel at DoD. 

The rules are still being planned, just like the other rules related to CMMC 2.0. Those guidelines and details will be established along with all of the other guidelines businesses are patiently waiting for more details on. 

 

In Closing

Cybersecurity is no joke. With increased cyber use for just about any business interaction, the Department of Defense recognizes the need to take action and acknowledges that not all of their associated contractors have the same design and should be subject to the same rules. 

This is what has led us to CMMC 2.0. As the time draws closer to the establishment, we will see more details released. Until that time, businesses can start planning for the future of CMMC 2.0.

Find out how Edge Networks can help your company become CMMC compliant by visiting our website. We take care of your compliance so you can focus on running your business.

Pegasus Spyware: The Zero-Click Spyware Infecting Smartphones

Pegasus Spyware: The Basics

Back in June, it was discovered that Pegasus Spyware, specifically developed to track criminals and terrorists, made its way to more than 50,000 phone numbers, some of which included heads of state governments, presidents, and prime ministers. Because this spyware was discovered on the devices of the world’s elite, everyday smartphone users are left wondering if this spyware is lurking within their devices and if it is, how they can detect it and remove it. Below, we’ll dive into Pegasus Spyware, helping you determine your risk and what you can do if you’ve been infected. 

Spyware is something that the world has known about since 1995, introduced as an interchangeable word to refer to adware and malware. It wasn’t until the turn of the century that spyware started to evolve, becoming one of the most dangerous threats on the web. In 2021, spyware has become a whole new beast, especially as the global use of electronics, specifically cell phones, is on the rise. 

 

What is Pegasus Spyware?

Pegasus is advanced spyware created by Israel’s renowned technology firm, NSO Group. Specifically designed to target smartphones, Pegasus doesn’t discriminate, creating a risk for all devices within the platform trifecta Android, iOS, and Blackberry.

Like other types of spyware, Pegasus is designed to gain access to devices. While other traditional spyware is mainly acquired via mobile vulnerabilities, Pegasus is installable on devices via apps like WhatsApp, leaving no traces behind. Other spyware usually requires the installation of a malicious app (primarily via jailbreaking and rooting) or the click of a malicious link that led to the installation of spyware on the device.

Pegasus is so powerful because it requires the user to do nothing, taking advantage of a known vulnerability in apps like iMessage. Once embedded into a device, Pegasus spyware can access all apps, including those with access to real-time details like cameras and microphones. It’s not easily detectable and can linger in devices long enough to collect sensitive information.

 

Who might be vulnerable to it?

According to statements from the NSO Group, the only entities with access to Pegasus software are “the military, law enforcement, and intelligence agencies from countries with good human rights records.” Though their intentions might be good, that didn’t keep some countries from restricting use, including the United States and France.

Those that may be more vulnerable are activists, journalists, businesspeople, known criminals, government leaders and anyone connected to them that is suspected of a crime. Currently, NSO Group is not releasing clients, so it’s unclear whether or not those that are vulnerable or targeted are regulated.

Because of these spyware discoveries, Pegasus spyware is starting to get a negative reputation across the globe, with many world leaders concerned with their privacy and national security. Apple is among the first platforms to sue NGO groups, though others are expected to follow suit. When notified about the lawsuit and the implications they were facing, NGO Group did not admit to any wrongdoing and claimed that their product nor procedure were not breaking any law. In fact, they pointed out their strong suit, claiming “authorities combat criminals and terrorists who take advantage of encryption technology to avoid detection.”

 

How does it infiltrate a phone?

Pegasus spyware is more sophisticated than other types of spyware, able to infect devices without user interaction. Pegasus works by targeting zero-day vulnerabilities, which are vulnerabilities that cybersecurity experts are not yet familiar with. The attack is considered zero-click and typically infects smartphones with vulnerable apps.

Recently, Apple discovered that the spyware was targeting iOS messenger because of a vulnerability not yet patched. Because there is no user involvement required and no noticeable changes to infected devices, it can be difficult to detect. At the moment, there doesn’t seem to be a tool to directly detect Pegasus spyware, though there are ways to understand risk.

Assessment of risk is perhaps the most aggressive measure against Pegasus spyware, though users can do other things to detect its presence on their device.

 

How can someone detect Pegasus Spyware?

There is some good news for those who have a smartphone and are worried about the presence of spyware. Though 50,000 numbers have been listed as infected, it is not just an ordinary list of people. Those 50,000 were linked to several government officials, political activists, journalists, and those involved in their country’s politics.

That means that most smartphone users are excluded, though that doesn’t make most feel at ease. Spyware of any kind can infect devices, which is why it’s helpful to know how to detect it. Due to Pegasus spyware’s sophistication, it’s not detectable with just any antivirus, leaving users to seek other detection methods.

One popular method of detection that works on all devices is Amnesty International Mobile Verification Toolkit.

This toolkit is compatible with Linux and macOS, searching the device for unknown items that could represent a malware infection. Because news of this spyware is novel, it’s not yet set up to work 100%. While it will not detect Pegasus spyware directly, it alerts smartphone users of “indicators of compromise,” showing an infection on the device. 

Though Amnesty International’s toolkit seems promising, cybercriminals are always trying to stay one step ahead in their methods of defeat. Word of a recent campaign to trick users looking for a way to protect their devices hit newsstands in early October, with a group of cybercriminals disguising themselves as Amnesty International. For those looking for a way to detect Pegasus spyware on their device, Amnesty International is a safe bet. However, they should only inquire about information from the actual website and avoid clicking any unknown third-party links.

An additional option for iOS users that shows promise for detecting Pegasus spyware is Apple’s very own iMazing. This optional scan was created to scan devices to provide evidence of spyware. Installing it on devices is simple and comes with a guided process that takes about 30 minutes. iMazing will scan each app on the device and check for malicious content, creating a detailed report that users can access to find out whether or not they have items on their device that require attention. 

 

How can it affect security?

Spyware is different from other types of attacks in that it turns the cell phone into a surveillance device. The longer that spyware is left on a device, the more information it can gather and the more harm it can potentially cause. A few of the most common security implications due to Pegasus software include copying and sending private messages, recording phone calls, and collecting photos both taken on the device and received from messages and apps.

Pegasus can even gain access to users’ microphones and cameras, spying on users without their knowledge. Because of this powerful ability, users with Pegasus spyware installed on their device could have someone monitoring their phone calls and starting the device’s camera without their knowledge, falling victim to severe implications if any wrongdoing is suspected.

For most smartphone users, access to such information will not be lead to criminal action, though it could cause issues with loved ones or professionally. However, because Pegasus targets criminals, world leaders, and other important figures across the globe, some captured information could lead to further investigations.

Apart from the ability to monitor those who might cause harm, Pegasus spyware could create danger if the information is passed into the wrong hands. National and international security could be in harm’s way, and other sensitive details could result in increased criminal activity. Companies too could face implications if collected information falls into the wrong hands, with others able to predict their next move.

Because of these serious security implications that companies are taking action, including global giants like Amazon. They, like others, are making moves to restrict and even shut down services linked to Pegasus spyware. Though companies are taking action on their own, cybersecurity experts are closely monitoring for increased malicious activity and attempting to stop further infections of Pegasus spyware until proper regulations can be put in place.

 

Can Pegasus Spyware be removed from a device?

Because this spyware is new, sophisticated, and not very well understood, there is not currently a removal solution. These zero-day vulnerabilities created with help from knowledgeable cybercriminals are very difficult to patch until developers find a solution to mitigate them. Even though it’s not removable at the moment, there are some ways that those who are at risk for Pegasus spyware (and any other spyware) can protect themselves.

One of the most effective defenses is active and frequent monitoring of devices, including regular scans to detect suspicious activity. The more active users are running scans and monitoring all activity, the better they will be at detecting spyware and stopping it before it can infect devices and escape without being noticed. In addition to a plan to scan and monitor, users can take other precautions, a few of which we’ll mention below.

 

Securing your Device

Since smartphones are targeted by Pegasus spyware, users should first secure their devices. There are several ways that users can do this, including keeping their devices updated with the latest version, updating all apps when necessary, and getting on a monitoring and scanning schedule.

Frequent monitoring is recommended, with regular users running scans at least once a week. This should ensure that there is no new suspicious activity or installations that could indicate a security breach.

 

Securing your Data

In addition to protecting devices, it is recommended that companies protect their data. Data is one of the most valuable targets online, with data breaches reaching all-time highs in 2020 and expected to continue to increase in 2021 and 2022. Smartphone users are encouraged to protect their data by managing their permissions in all apps (especially those with access to sensitive details) and ensuring that all passwords are up to date and secure.

Mobile phones often ask for permissions to access apps and other connected devices, which could lead to an additional vulnerability. If there is sensitive information on any device connected to a smartphone, users are encouraged to avoid permitting access to prevent further complications and risks.

 

Securing your Network

It’s not just about securing mobile devices but also the network to which they are connected. In 2021, most areas feature free wi-fi, though users don’t always consider risks. Public network attacks are on the rise as more and more smartphone users demand access to wi-fi on the go.

There are several ways users can protect themselves and their network, including utilizing advanced security suits that protect each layer. Frequent monitoring of networks and scanning for unknown connections and devices is one place to start, helping users identify understand if something needs their attention.

It’s not just necessary to protect from known attacks but also to have the capability to protect and prevent zero-day attacks too. These days, users are encouraged to use antivirus and other security tools that can help isolate and patch attacks with help from automation.

 

Pegasus spyware protection

Because Pegasus spyware is linked to two apps, it’s recommended that users take steps to disable each of them if possible. The two most common attacks have been with WhatsApp and iMessage, both of which can be disabled by users.

Pegasus is different than other spyware and can infect systems without user interaction, so at this time, there is not a specific fix. For now, it’s recommended to keep internet access secure, limit others’ access to devices, get on a scanning schedule to check for vulnerabilities, stay up to date on the latest iPhone and Android news, and update when necessary to prevent access.

Are you concerned about the cybersecurity of your company? Edge Networks can help! If you’d like to find out how your company is performing and isolate weaknesses in your cyber defenses, schedule a call with us .

Edge Networks Recognized as One of the Best Managed IT Service Providers in Vancouver

The Recognition

At Edge Networks, we work hard to provide our customers with an exceptional user experience. We provide Managed IT Solutions including server, network, and cloud management, cybersecurity, employee onboarding, and many other services. Because we are a people-centric company, our focus is on ensuring that IT issues are resolved quickly and that every client is happy with every interaction. We are thrilled to say that recently our incredible user experience and stellar reputation has led us to be recognized by Expertise.com as one of the Best Managed IT Service Providers in Vancouver

 

The Selection Process

Each month, Expertise.com reviews the top service professionals in over 200 industries across the U.S. They research more than 60,000 businesses in the hopes that they can help customers find the best-qualified customers for their needs. According to their website, “Our research process is always evolving to keep up with industry changes, so we’re confident that when we say a provider is one of the best, it is.” 

Expertise.com has recently graded the Managed IT providers in Vancouver on a list of variables, including availability, qualifications, reputation, experience, and professionalism. We are very proud that, after their extensive research and review, they recognized our incredible user experience. “We are humbled by this acknowledgment and grateful for our fantastic team who make this a reality,” says Edge Networks Founder and CEO, Mark Tishenko.

Our success is not limited to Expertise.com. Edge Networks has also been recognized by UpcityClutch, and TheManifest with other local B2B companies as one of the top Cybersecurity providers in this area. It is always an honor to be recognized for the work we do to keep our clients happy.

 

We look forward to continuing to impress all of our incredible clients and providing the best service the Portland/Vancouver area has to offer. 

Are you looking for Managed IT or Cybersecurity services for your company? Let’s get in contact to discuss your needs today!

Understanding PrintNightmare: a Print Spooler Vulnerability

PrintNightmare: Understand and Overcome

In June of 2021, Microsoft issued a warning entitled “Windows Print Spooler Remote Code Execution Vulnerability.” This vulnerability, known as PrintNightmare, leaves the print spooler open for a hacker to attack by allowing anyone to remotely install a printer ‘driver’ with the ability to execute malicious code and take complete control of a PC. The attacker could access data, create new accounts, and destroy users’ accessibility to their devices.

This is an ongoing issue. While there has been a security update from Microsoft addressing this vulnerability, it is not perfect, and many devices are still at risk. We will discuss ways to mitigate the problem and keep devices safe from this vulnerability. By following the steps in this post, you will be better equipped to handle these attacks and reduce the probability of becoming the next victim.

 

What is the Print Spooler?

The print spooler service is a software program that manages any print jobs that need to be sent to a printer server. In many cases, Microsoft relies on this program for the organization and control of its devices. It is an essential program for anyone needing to print, and it keeps the print jobs organized and in order. While the print spooler is a practical and often necessary tool, it can also be dangerous if it falls into the wrong hands.

Some of the most basic functions of a print spooler include:

  • Managing the files that are in the process of printing on the device
  • Monitoring the files that are in the process of printing on the device
  • Keeping everything in order and organized as the items print

Most Microsoft machines have the print spooler system automatically enabled, and many do not think twice about it when activating their device for the first time. After all, when hackers are not attempting to break into it, it can be a very beneficial (and often necessary) tool.

Since its original release, there have been few maintenance updates on the print spooler. It was this lack of improvement that could have left it vulnerable to hackers and attackers. However, in July 2021, Microsoft issued a security update addressing this vulnerability. They are recommending that users install these updates immediately. After all, you do not want to be the next company with a data security breach.

 

Understanding the PrintNightmare Vulnerability

The PrintNightmare vulnerability first appeared in a June 2021 release by two research teams. It was so named because of the versatile nature of this weakness across a variety of different products. Recently, the PrintNightmare shifted from ‘low’ severity to ‘critical’ severity. Users need to be aware of this as it grows worse.

To fully understand this vulnerability, it is important to be familiar with the print spooler and how attackers can use it to their advantage. This issue is a critical flaw that may need to be handled in-house while Microsoft works towards finding a permanent solution for all users. Otherwise, the system could be taken over by hackers. 

 

What Are the Vulnerabilities in the System?

Two central vulnerabilities lie inside of the print spooler system. Each serves as a different attack point for a hacker trying to find a way into vulnerable devices. It is critical to understand each of them so that you know the weak points that they target.

The core vulnerabilities include:

  • Local privilege escalation, ensuring that a hacker who gets into a computer with low privilege can elevate to an admin level on the device
  • Remote code execution, which can allow the systems to be weaponized either locally or by using a domain controller

These vulnerabilities can offer power to the attackers that allow them to take over many systems at once. 

 

How Can Hackers Use This to Their Advantage?

It can be a little bit difficult to understand what hackers can do with access to a print spooler. This device’s only job is to manage printing items and does not seem like it would be very threatening. It is a program that many people overlook, yet hackers can pose a massive threat if they gain access to this software.

This threat includes:

  • Hackers gaining access to sensitive information
  • Manipulating private and personal data to their advantage
  • Installing malicious programs onto the device

These are just a few of the things that can happen if an attacker gains control of a system through the print spooler. It can be a massive invasion of privacy.

 

How to Mitigate PrintNightmare

Since the security update addressing this issue was released in July 2021, the best practice for mitigating the problem of PrintNightmare is to install this update. However, this update may not completely eliminate the threat of PrintNightmare. Some systems are not able to install the update, and it can cause issues with some printing devices. Because this update is not perfect, there are other options that can reduce the threat, depending on the devices operating system.

Option 1: Disable the print spooler service on your device.

Taking this action will stop hackers from being able to access the print spooler, and therefore stop them from being able to access data. However, this action would also disable to ability to print completely.

 

Option 2: Disable the option for print spooler to accept client connections.

Taking this action will prevent remote printing operations, which will remove the attack vector. This means that remote printing will no longer be possible (though printing locally to a directly attached device would still be possible).

These workarounds are not ideal, because the print service will not be able to be used in the way it was intended, if at all. However, the alternative could be losing access to the device altogether due to an extensive attack. Again, the best practice would still be to install Microsoft’s security update addressing this issue. However, because this isn’t an option on all devices, we will go over how to implement these workarounds.

 

Disable the Print Spooler on Windows 10 Home Edition

If unable to install the security update, the print spooler on every single vulnerable item in the workspace can be disabled. Any device that has a print spooler can be hacked into and potentially pushed into other devices. Follow each of these steps carefully so that you don’t have to start over again.

Once all of the items are prepared, you should enact the following steps:

  • Open the Start Menu
  • Type ‘PowerShell’
  • Pick ‘Run as Administrator’
  • When asked if you want to allow the app to make changes to the device, answer yes
  • Type ‘Stop-Service-Name Spooler – Force’ and push enter
  • Type ‘Set-Service-Name Spooler -StartupType Disabled’ and push enter. This will keep the spooler from starting up again when the computer is rebooted.

This sequence should disable the print spooler on devices containing the Windows 10 Home Version and a few other varieties. If you have the Windows 10 Pro or the Enterprise edition, there are a different set of steps to follow to disable the print spooler. 

 

Disable the Print Spooler on Windows 10 Pro and Enterprise Edition

If you have Windows 10 Pro or the Enterprise edition, the print spooler will need to be disabled using the group policy editor. This method only works for those two systems.

To disable the print spooler, you will need to:

  • Open the run box by using ‘Win + R’
  • Type gpedit.msc
  • Press enter
  • Wait for the Local Policy Editor to open
  • Type ‘Computer Configuration > Administrative Templates > Printers
  • Click ‘Allow print spooler to accept client connections’
  • Click ‘Disabled’
  • Press ‘Apply’ and ‘OK’

These steps should effectively disable the print spooler on the printer and other devices that operate under these programs. If it doesn’t work, double-check that you have followed all the instructions completely. 

 

Can You Enable the Print Spooler If Needed?

Enabling the print spooler again might become necessary if a print job is required. This action might seem intimidating, as it could potentially reopen the systems to hackers. However, enabling it for a short period of time should be relatively low risk. 

 

Enabling for Windows 10 Home Edition

To enable the print spooler again after it has been disabled, there are a few steps that can be followed. On the device:

  • Open the Start Menu
  • Type in ‘PowerShell’
  • Pick the option ‘Run as Administrator’
  • When asked if you want to allow the app to make changes to the device, answer yes
  • Type ‘Set-Service-Name Spooler-Startup Type Automatic’ then hit enter
  • Then type ‘Start-Service-Name Spooler’ then hit enter

This sequence should enable the print spooler again. If the security update has already been installed, this can remain enabled. If it was disabled temporarily for the ability to print, it can be disabled as soon as the printing process is finished to ensure the device is protected. 

 

Enabling for Windows 10 Pro and Enterprise Edition

Just like with disabling the print spooler, a group policy editor is needed to enable the print spooler on Windows 10 Pro and Enterprise Edition. This specification is critical to note, as this will not work for other versions.

To re-enable the print spooler on these devices, these steps should be followed:

  • Open the run box using ‘Win + R’
  • Type gpedit.msc
  • Hit enter
  • Type ‘Computer Configuration > Administrative Templates > Printers
  • Click to allow the print spooler to accept client connections
  • Pick ‘Not Configured’
  • Press ‘Apply’ and then ‘OK’

This process should successfully enable the print spooler on these devices. As with the other method, this can remained enabled if the security update has already been installed. If not, it can be disabled until the next time it is necessary to print.

 

Will this security update completely eliminate the PrintNightmare problem?

As previously mentioned, the best practice for reducing the PrintNightmare issue is to install the security update. However, the update is not flawless. There is a long way to go until PrintNightmare is completely eliminated.

The July Emergency update:

  • Only worked on a few select devices, leaving the others just as vulnerable as before
  • Caused issues for users attempting to print to various printers
  • Affected receipt and label printers that connected with USB

This update has its flaws, which can affect any Microsoft device. Future patches in development will likely be able to fix the issues that the current update has. Hopefully, this comes in the next few months. Until then, users that are still vulnerable should disable the print spooler for the safest results.

This is just one of many ways that your company can be targeted and data can be lost. If you’re looking to be more proactive in your cybersecurity, we’ve created an outline of five critical components your incident response plan should have. Read more about it below.

 

Moving Past PrintNightmare

The PrintNightmare situation is a wake-up call for those unaware of how vulnerable the print spooler can be. Hackers can easily lock themselves into the system and change data belonging to the user. They can then make use of the device remotely or through a computer elsewhere.

This is dangerous for users who are not aware of this problem. With the knowledge you read here, you should understand how to mitigate the issue until the issue is completely resolved. If you’re unsure of whether or not your network is secure, take our free, self-guided IT Security Risk Assessment, or contact us today for a free, 30-minute consultation.

For all you Star Wars fan out there – this is a meme summary of the seriousness of the attack.

 

Centennial School District Compromised by Ransomware

On the News: Edge Networks Discusses the Centennial School District Cyber Attack

Recently, KATU News went on air to talk about a ransomware attack at Centennial School District in Multnomah County, Oregon, and asked Edge Networks’ Founder and CEO, Mark Tishenko, to share his thoughts. Mark warned that ransomware attacks are a growing threat, and anyone can be at risk. If you are the target of a ransomware attack, having a ransomware incident response plan is critical to recovery. When ransomware hits your business and you feel panicked, an incident response plan will give you a roadmap. 

Watch the news clip and read the article by KATU News here.
 

The Jump to Digital Learning

March 2020 was a time when many students across the United States learned they’d be getting an extra week or two of Spring Break. Excitement was the primary emotion as students prepared for their extended break, but no one foresaw what followed – COVID-19 sweeping the nation (and the world), forcing schools to shut down. The result? Digital learning. 

The jump to digital learning was quick and led to many problems rising to the surface, like a lack of accessibility to devices and internet connection from home and teachers having little time to restructure their curriculums and adapt to new technologies alongside their students. In fact, Statista Research Department found that there was a 1,087% increase in Education app downloads solely between March 2nd-16th, 2020, a figure that’s hard to envision. 

Additionally, Business of Apps found that over 90,000 schools across the United States used Zoom as their primary virtual learning platform at the height of the pandemic, which is a lot of unexpected usage for a single app. In April 2020 , news broke out that hackers had stolen over half a million passwords from Zoom. Sure, a password may not seem like a big deal, but a 2019 Google / Harris Poll study found that only 35% of people use a different password for every account, meaning 65% of people reuse the same password for multiple or all accounts. This means that it’s likely the majority of those stolen Zoom passwords were attached to other accounts, which puts more sensitive data at risk.

Click here to download a Password Best Practices E-Book!

The thought of an app as heavily used and popular as Zoom being the target of an attack should raise concern. With people all across the nation moving to online learning, and the rapid increase of unfamiliar technologies and time spent online, many were left confused, burnt out, and more vulnerable than ever. 

An empty classroom

 

The Centennial School District Cyberattack

In late April 2021 , the Centennial School District of Multnomah County, Oregon was the target of a ransomware attack and decided to shut schools down for a week. You might think shutting schools down for a week because of ransomware is an overreaction, but cybercrime shouldn’t be taken lightheartedly.

It was confirmed that the attackers stole, encrypted, and published data from the systems to the dark web, putting the sensitive information of the district’s faculty, staff, and over 6,000 students at risk. 

Since the attack, Centennial School District officials were able to bring some systems back online but were ultimately tasked with shifting their learning resources to paper packets to replace the digital technology temporarily. 

Let’s Back it Up – What’s the Deal with Ransomware?

Ransomware is an ever-evolving type of malware (malicious software) that encrypts important files and systems, holding them “hostage” until a ransom payment is made. Hackers will often threaten to destroy, leak, or sell the stolen data to receive their payment, which can range from a few hundred dollars to a few million.
 
In July 2020, a U.S. travel management firm, CWT, was attacked by hackers that demanded $10 million. The hackers argued that the price would be much lower than lawsuit expenses and reputation loss by leaking information, but the ransom was negotiated down to $4.3 million, still an extremely significant loss.
 
However, ransomware’s perils extend beyond financial loss. According to the Sophos State of Ransomware 2021 research, the percentage of businesses choosing to pay a ransom has climbed to 32% in 2021, up from 26% last year. Only 8% of those who paid the ransom received all of their data returned, while nearly a third, 29%, could not recover more than half of the encrypted data. In short, paying a ransom doesn’t guarantee a safe return of your data, which is why we recommend regular backups.
 
 
 
 
 
 
 
 

 

Where Do We Go From Here?

Though it may seem unlikely, the truth is: anyone with a device that holds important data and access to the internet is at risk of a ransomware attack, not just large organizations. The ransomware attack at CWT or the attack on Zoom may seem far in the distance, but local attacks happen too, like the one within the Centennial School District. These attacks, though unfortunate, offer crucial reminders for people to review their cybersecurity health. 

When asked how to best mitigate against ransomware, CEO and Founder of Edge Networks, Mark Tishenko, shared that network hygiene, vulnerability management, and backup and disaster recovery are essential and that trusting your SaaS or cloud provider just isn’t enough anymore. Additionally, employee awareness training is paramount to preventing ransomware.

 

Taking Steps in the Right Direction

Cyberattacks are constantly evolving, and it’s essential to implement preventative practices and build up a solid defense against them. If you are unsure where to go from here, we recommend taking our free, self-guided IT risk assessment to discover your vulnerabilities and receive tips on how to improve your cybersecurity, or  schedule a call with us for a free 30-minute consultation. 

Staying educated on ransomware trends can also help you stay one step ahead of cybercriminals. 

Edge Networks Is Ranked A Top Oregon IT and Business Service Provider

Clutch.co top IT service award

Since 2006, Edge Networks has been providing all-things IT to our clients in order to help them be more productive and profitable. Our focus on staying ahead of IT trends and making our clients happy has caught the attention of Clutch.co. Recently, they recognized Edge Networks as one of the top IT services firms in Oregon! 

The Edge Networks team is happy to be receiving a Clutch Leaders Award:

“We are thrilled to be named a Clutch Leader,” said Edge Networks Founder and CEO, Mark Tishenko. “Big thanks to our amazing clients and partners who make this happen.”

Clutch is a B2B site that rates and reviews agencies across a variety of industries. The team helps connect businesses with the best suited service provider to solve their firm’s challenges. Based on their unique method, they rank hundreds of companies by evaluating their client feedback, market presence, and work portfolio. Our Clutch profile is #1 in their Leaders Matrix out of the top 15 Portland IT and business service providers:

 

clutch leaders matrix

 

Our success is not limited to Clutch. Rather, it extends to their sister sites: Visual Objects and The Manifest. Visual Objects publishes the creative and visual work of B2B companies so that prospective clients may view previous projects. Similarly, The Manifest aids potential buyers by sharing how-to guides and industry reports. Like Clutch, we are ranked on The Manifest with other leading B2B agencies.

All the teammates at Edge Networks are happy to receive this recognition. We would like to thank our clients for taking the time to thoroughly review our services with the team at Clutch. We look forward to the future as we continue to help our clients optimize their IT capabilities! 

Want to work happy? Let us know .