How Revotech Resolved a Malware Threat for Canuel Caterers
Canuel Caterers was started 27 years ago by two entrepreneurial brothers with the ambitions of starting up a company that would rival other large, multi-national food service providers in Canada. Canuel has 45+ school accounts combined in the Lower Mainland and the Interior of British Columbia in addition to multiple corporate accounts. Supported by a strong management, sales and operational team, they offer a variety of styles of service for lunch service in these facilities, including meal programs for schools. In addition to on-site concession, vending, and customized coffee programs, Canuel also provides onsite catering for groups of 10 to 1500 customers.
The Issue
Canuel Caterers is using an accounting system that produces electronic invoices and automatically emails their customers daily. Unbeknownst to anyone, there was an obfuscated JavaScript file residing in the AP clerk’s PC that was designed to download additional malware and/or adware. This script was injecting a malware URL into client facing invoices as they were being sent off. When the receiver opened the invoice, it would try to download the malicious software onto that recipient’s device. The script residing on the PC was not causing any damage to their computer or network and therefore never detectable by any anti-virus software.
How it was discovered
As part of its security umbrella, Revotech uses a product called Huntress. Huntress provides an underlying layer of detection and response that goes beyond any anti-virus and uses real humans to analyze patterns and behaviors. Huntress detected and reviewed the payload and determined the risk. They alerted Revotech through our PSA integration which created a ticket for further investigation. This was discovered through automation with daily scanning from the huntress agent.
Solution
In addition to reporting back to Revotech, Huntress also provided the exact details and location of the script files. Revotech’s engineers investigated the issue and used command line instruction to remove the script and registry keys from the system and task scheduler trigger on the PC.
Results
The PC was no longer injecting these URLs into invoices that downloaded malware onto the receivers PC. These invoices and the company Emails were no longer getting blocked by their customer’s email filtering tools or, and more importantly, not potentially causing any damage to their customers’ systems.
Is That A Business Continuity Plan In Your Pocket Or A Bunch Of Jargon?
Technology is full of difficult jargon. To further complicate things, certain terms are often used in a different context between one publication or service provider and the next. An example of this is the usage of backup, disaster recovery, and business continuity. These terms are commonly used interchangeably, often resulting in confusion. In an effort to alleviate some of this confusion, let’s describe each physical process. You will see an overlay among all three, although they are each different processes.
Backup – In IT lingo, the most basic description of backup is the act of copying data, as in files or programs, from its original location to another. The purpose of this is to ensure that the original files or programs are retrievable in the event of any accidental deletion, hardware or software failure, or any other type of tampering, corruption and theft.
It’s important to remember that the term “backup” refers to data only and doesn’t apply to the physical machines, devices, or systems themselves. If there were a system failure, disk crash, or an onsite physical disaster, all systems would still have to be replaced, rebuilt, and properly configured before the backed-up data could be loaded onto them.
Disaster Recovery – Backups are a single, albeit crucial, component of any disaster recovery plan. Disaster recovery refers to the complete recovery of your physical systems, applications, and data in the event of a physical disaster like a fire; hurricane or tornado; flood ; earthquake ; act of terror or theft.
A disaster recovery plan uses pre-determined parameters to define an acceptable recovery period. From there, the most satisfactory recovery point is chosen to get your business up and running with minimal data loss and interruption.
Business Continuity – Although backup and disaster recovery processes make sure that a business can recover its systems and data within a reasonable time, there is still the chance of downtime from a few hours to many days. The point of a business continuity plan is to give businesses continuous access to their technology and data, no matter what. Zero or minimal downtime is the goal.
Critical business data can be backed up with configurable snapshots that are instantly virtualized. This allows files, folders and data to be turned on and restored in seconds. Bare metal restores of hardware, where an image of one machine is overlaid onto a different machine, is also utilized along with cloud replication for instant off-site virtualization.
Many businesses also keep redundant systems and storage at a different physical location than their main site as part of their business continuity process. They may also outline procedures for staff to work remotely off-site. Some businesses or organizations may go as far as to have printed contact lists and other critical data stored off-site to keep their business moving if a disaster wipes out power and their ability to access anything electronically.
This should clarify the differences between backup, disaster recovery, and business continuity solutions. Choosing what works best for your business will come down to your current IT infrastructure, your budget and how much downtime you can reasonably accept.
Managed Service Providers – or MSPs – are often recommended as a cost effective IT solution for small businesses. For a minimal monthly fee, MSPs provide a reasonably priced solution to the complex technology pains of small businesses. Here’s a look at the various benefits an MSP can offer your business…
Freed-Up Resources and a Renewed Emphasis on Core Business – Both business owners and internal IT staff would much rather focus on revenue enhancing tasks like product development or the creation of cutting-edge applications/services. This is one reason routine monitoring and maintenance tasks are often neglected by an internal IT person or team, which always proves to be detrimental much later.
Often misportrayed as a “threat” to an internal IT person or staff, MSPs can instead relieve internal staff of mundane network operations maintenance, repetitious monitoring of server and storage infrastructure, and day-to-day operations and help desk duties.
A True Partner Sharing Risks And Responsibilities – The goal of an MSP is to deliver on contracted services, measure, report, analyze and optimize IT service operations, and truly become an irreplaceable catalyst for business growth. Managed Service Providers not only assume leadership roles, they enable risk reduction, enhance efficiency and change the culture by introducing internal IT operations to new technologies and processes.
Access to Expertise, Best Practices and World-Class Tools and Technologies – MSPs have experience with a variety of businesses and organizations. Managed Service Providers can keep your business relevant and on track with continually evolving technology, support, and productivity demands. Let’s face it, no small or medium sized business can afford to fall behind with technology trends in today’s business world.
The Benefit of a Full-Time Fully Staffed IT Department at a Fraction of the Cost – Most small business owners live and die by proactive management. They just haven’t had the budget, resources or access to on-demand expertise to be proactive with information technology management. A Managed Service Provider gives business owners and overwhelmed internal IT staff affordable computer and server support, remote monitoring of critical network components like servers and firewalls, data backup and disaster recovery, network security, custom software solutions, and technology evaluation and planning.
Managed Service Providers can decrease the overall IT support costs by as much as 30% to 50%. Rather than being stressed about technology, business owners can instead get back to focusing on growing their business. All while enjoying the benefits of highly-trained IT experts boosting their network’s reliability and performance.