Microsoft Discovers Malicious Email Attack From NOBELIUM

Microsoft Discovers Malicious Email Attack From NOBELIUM

Microsoft Discovers Malicious Email Attack from NOBELIUM

Early this year, the Microsoft threat intelligence center began tracking a sophisticated and malicious email phishing campaign targeting many individual users and businesses. The perpetrator, NOBELIUM, has gotten better and better at sidestepping any obstacles presented to them. The results of this have shown compromised data across many platforms.


What is Microsoft Threat Intelligence Center? (MSTIC)

Microsoft Threat Intelligence Center, or MSTIC, serves to catch security threats early and keep ahead of them to protect users. In the wake of recent attacks, MSTIC has been dedicated to ramping up safety and response for its users and sharing their insights and knowledge on cybersecurity with the industry at large.


Email Phishing Attacks

A phishing email (or text) serves to trick users into giving out sensitive information. These emails will often look like a message from a company you trust, asking you to verify some billing information or alerting you of suspicious activity on your account. Not only does this result in bank account access, social security numbers, and other important information getting into the wrong hands, but it can also harm the reputations of the companies that scammers are impersonating.

The FTC recommends a few different measures to protect your information. Downloading and frequently updating security software on your computer is an essential first step. You should also update your phone frequently, ensuring that it has the most recent patches and security updates.

Multi-factor authentication is a great way to protect your accounts from anyone attempting to reset your password from their location. And backing up your data to an external source, like a cloud or personal hard drive, will keep your essential files safe even if your personal computer is compromised.


NOBELIUM Explained



NOBELIUM is known to go after places like government organizations, the military, think tanks, and telecommunications, veiling itself as a US development organization. Their sophisticated tactics have resulted in many businesses and individual users dealing with possible compromised information. Their unique tooling and infrastructure, designed to target specific accounts, has resulted in their attacks staying undetected longer.



While NOBELIUM’s phishing attempts began in September 2020, the organization’s tactics ramped up in January 2021, after they learned from their initial campaign. They likely learned from Microsoft’s responses and tweaked their approach to get around any attempts to thwart them.

An experimentation phase resulted in NOBELIUM evolving its phishing campaigns, resulting in more successful deliveries of malicious emails to recipients. This attempt led to an escalation of efforts through April and May of 2021, resulting in a significant payload from Dropbox, a cloud storage platform. 

On May 25, NOBELIUM ramped up its attacks using Constant Contact’s legitimate mass email platform to target 3,000 individual accounts. The lion’s share of the malicious messages was blocked, but some of the earlier recipients were left vulnerable.


How To Protect Yourself From Phishing Scams 

Though these recent attacks are sophisticated and scary, there are still ways you can protect yourself from emails scams. This PGH blog on digital risk provides some excellent solutions.

Look out for:

  1. Generic greetings or content that could apply to many people. (ex. “Dear sir”)
  2. An email address with an odd letter or number in the domain name
  3. Urgency or demands. Any email that flashes “you’ve won!” in large letters or threatens to share your personal information with someone else is not to be trusted.
  4. Poor grammar or strange phrasing. These may serve the purpose of getting past spam filters.


  1. All links. Hover over them to be sure that the URL matches the destination that the link is promising.
  2. If the website is secure. All secure website URLs begin with “https://”
  3. For suspicious attachments. Do not open any attachment associated with an email that is giving you pause already.
The Future of Remote Work and Technology After Covid-19

The Future of Remote Work and Technology After Covid-19

In the midst of the COVID-19 pandemic, working remotely has become the new normal for many Americans. A wealth of technology has been developed and improved to increase working from home productivity and to ensure employees have the resources they need to do their jobs from home. And many aren’t feeling ready to return just yet. The pandemic is still infecting hundreds a day and many have fallen into a comfortable routine working from home.

Working From Home Productivity in 2020

In many cases, people have felt that working from home made them into more productive employees. In a survey taken of over 2,500 respondents, 51% felt that they have been more productive in a work from home environment than they had been in an office environment. 

This is pretty astounding considering all of the added stressors that come with working from home as well as the pandemic. Finding suitable childcare while schools were closed caused complications for parents, the blurry lines between work and home could make concentrating difficult, and not everyone has a home environment suited for an office. Despite all this, productivity increased.

Some of these stressors will naturally dissipate as the pandemic gets under control. Schools and daycares opening back up will mean parents will have somewhere to send their children during the work day. And quiet work spaces like libraries and cafes will be open again for public use. This will help increase work from home productivity further.

    How Technology Has Allowed People to Work From Home

    Covid-19 would look very different if we didn’t have ample tech available to us to do our jobs from home. Without the conveniences of mobile devices and the cloud, working from home would be simply inaccessible for many people. These technologies have no doubt saved lives and jobs.

    Communication Applications

    At the center of these useful technologies are communication applications like Zoom, Microsoft Teams, and Slack which provide a plethora of benefits to employees at large.  These applications and those alike are not new to the work space however businesses have been leaning more heavily on them than ever before.  They allow employees to have interaction with one another through virtual face-to-face meetings, communicate quickly and efficiently through threads, all without the risks of being in the same space. Thus reducing e-mail inbox clutter, encouraging group discussion, and saving time and resources, especially if attending a meeting requires a commute.

    Cloud Computing

    Once removed from the office, the need to securely access files and resources became a concern for businesses that did not have a remote work plan in place. Adoption of cloud computing and AI (artificial intelligence) has increased throughout the lockdown because of this. The cloud offers businesses the ability to be extremely flexible and resilient within their infrastructure. AI offered within the cloud provides solutions to business needing more creative options to meet demands; such as intelligent chatbots, digital payments, BOPIS (buy online, pickup in store), telehealth appointments, and interactive education classrooms.

    Focus on Compliance and Trust

    It’s important to note that these applications, though convenient, come with risks. Data security should be a paramount concern for businesses looking to adopt or continue remote options for their employees. The pandemic accelerated compliance and security issues due to the rapid implementation of cloud-based services.

    Businesses should closely examine their own infrastructure to determine what is important to them, what they need to protect, and how educated their employees are for security. It is essential to develop a technology roadmap that includes security awareness training and security policies. Additional investments will likely need to be made in identity and access management securities in order to protect employees and business data from cyber-attacks, however not every step will cost money, but each step will save you money by decreasing the chance of a successful attack.

    Benefits of Working From Home

    While remote work offers flexibility and freedom for employees, it also has its benefits for employers and businesses, including opportunities to cut costs and generally happier, more productive employees.

    Benefits for the Employee

    Employees working from home have seen a whole host of benefits. Their schedules can be more flexible, which means that scheduling appointments or shifting work hours to accommodate personal matters are much easier. Parents with children can be there when they get home from school and are more available to participate in their sports and activities.

    Employees who work from home can make the space theirs in many cases, increasing their comfort level and, in turn, their productivity. And remote employees often have better mental health, as it is easier to maintain a good work-life balance. And, without a commute, employees spend less time and money on transportation.

    Benefits for the Employer 

    Happy employees are productive employees, and working from home increases job satisfaction among a team. Businesses lose billions of dollars a year to work place distractions, with an in-office employee taking multiple short breaks where-as a remote employee tends to take longer breaks, which have shown to increase focus and productivity.   One study has shown remote employees worked 1.4 days more each month compared to in-office productivity, which equated to three additional weeks of work a year, with no difference in the quality of work being produced.

    Businesses can save money on space, too since a partial or remote team mean less space and resources need to be provided, and location is not prohibitive. A business can hire the top talent regardless of where they live.

    Preparing for the Future of Remote Work  

    Although there are numerous benefits to working remotely, businesses will still need to set some ground rules when moving to a remote option for their employees. Implementing security policies which address who has access and to what, which devices are allowed to connect to the network, enabling multi-factor authentication, and how to recognize cybercriminal tactics is vital. We cannot stress enough the importance of having an educated  staff to be successful at securely working remote.


    Viruses on iPhones – Here’s What You Need to Know

    Viruses on iPhones – Here’s What You Need to Know

    Apple may be known for their seemingly ironclad data protection measures and regular security updates, but that doesn’t mean your iPhone is completely safe from viruses. While it is a rare occurrence for an iPhone to become infected, certain practices can leave you vulnerable. But, luckily, there are ways to get rid of the problem.


    Can iPhones Get Viruses?

    Jailbreaking, which involves bypassing security restrictions on your iPhone in order to gain more control over the operating system, has a lot of appeal. This allows a user to get apps that aren’t included in the app store, customize a greater range of functions and generally have more freedom on the device. 

    However, this leaves your iPhone significantly less secure and opens the door for malware and viruses to take root. And though jailbreaking gives the user the ability to download third party apps, this also means they haven’t been through Apple’s rigorous vetting process which ensures they aren’t malicious.

    And just as opening an infected e-mail can compromise your laptop or desktop, the same goes for opening one on your iPhone.


    How to Detect a Virus on Your iPhone

    There are several signs to watch out for that could clue you in on a virus that is lurking on your iPhone. The usability of your device might take a noticeable dip, resulting in symptoms like overheating, reduced battery life or frequent app crashing. An increase of pop-ups on your web browser could also be a sign of an unwanted intruder.

    Users should always be on the lookout for dramatic changes in their data usage or a big spike in their phone bill. This could be a sign that the phone is running malicious programs in the background without the user’s knowledge.


    How to Get Rid of a Virus on Your iPhone

    If you suspect your iPhone is infected with a virus, there are steps you can take to alleviate the problem.

    First, check for unfamiliar apps or programs on your iPhone and delete anything that raises suspicion. You should also consider deleting any apps you might have downloaded around the time the virus took hold. 

    Delete your browsing data on Safari, especially if you’ve noticed pop-ups or adware while using the app. To do this, go to Settings > Safari > Clear history and website data.

    Next, try a simple restart of your phone. If this doesn’t yield any results, you can restore your phone from an earlier back-up. It might take going back a few back-ups to find one that does not include the virus or malware.

    If your phone still appears to be infected after this, you can restore the device to factory settings. To do this, go to settings > general > reset > erase all content and settings.


    How to Protect Your iPhone from Viruses

    There are many simple measures you can take to protect your device from viruses.

    1. Keep everything updated. This includes both your operating system and your apps. While constant updates can be annoying, each one contains important patches and increased security measures that ensure your data is as protected as possible.
    2. Don’t jailbreak your phone. While this modification is tempting, the risks involved make this practice not worth it. 
    3. Be choosy with your apps. Aside from avoiding apps that are not on the official app store, you should also check out user reviews before downloading a new app. You can even take it a step further and read up on the developer that created the app. You’ll find this information in the app description in the app store.
    4. Avoid suspicious links and emails. If you’re worried about it, don’t click it!
    5. Be mindful of public WiFi. While you can’t avoid using public networks altogether, you can protect your data by avoiding things like online shopping or accessing sensitive information (like bank accounts) while on one. 
    6. Download an antivirus app. If you want to take out the guesswork in virus protection, you can always download a trusted antivirus software to give you peace of mind.

    Why it’s Important to Keep Your iPhone Virus Free

    Most of us carry lots of important information and data on our phones. We store passwords, access bank accounts and exchange messages and phone conversations all day long. A virus could compromise not only your privacy, but also your financial and personal security. Just as we take precautions to keep our home safe and secure, we should take precautions to keep our data and information protected.

    Proactive Cyber Security Measures

    Proactive Cyber Security Measures

    Jeramy Kopacko, security consultant and solutions architect at Sophos, weighs in on proactive cyber security strategies that businesses can leverage in 2021 to combat evolving threats.


    It’s only March and we’re already seeing major cyber security breaches and vulnerabilities greet us in 2021. SolarWinds has led the headlines with a breach that has now impacted almost 100 private sectors and 9 federal agencies, according to Deputy National Security Advisor Anne Neuberger in a recent White House Press Brief.

    In the most recent joint hearing, SolarWinds has shifted to scapegoating a recent intern for leaving the password ‘solarwinds123’ on a file server that had been exposed to the internet—previously warned by an independent security researcher.

    This is not to dump on SolarWinds but rather than use the event to explain how we can use this to improve your operations. Let’s use the metaphor for cybersecurity with the phrase “firefighting.”

    When a home catches fire, you dial 911 and seek your local fire department to relinquish the flames. Just the same as when you encounter a breach, you dial your MSP to respond to the event. But why wait until something happens?

    Around the interior of a home, smoke detectors alert you of potential danger—where there’s smoke, there’s fire. So how do we find “smoke” in your environment?


    Principle of Least Privilege

    Start by auditing domain admin or local admin accounts and reviewing what permissions they need to do their role. Limiting the power of these accounts can go a long way in minimizing the impact of a breach.

    • Public Facing Email Accounts
    • Identity Sync Services
    • Backup Services
    • Line of Business Service Accounts

    A Microsoft employee Steve Syfuh wrote this blog on how to use managed service accounts in place for your traditional service admin accounts.

    This goes to IT Professionals as well. Your email account should not have super admin credentials. Plan as if your account will be compromised. MFA is a tool—not a silver bullet.


    Password Auditing

    It’s no secret that the IT space is a highly competitive field. In fact, the average tenure of an employee is around three years. How do you handle this turnover? Do they just “blame the intern?”

    You can find reports from major vendors like Verizon and LastPass that passwords are consistently reused and recycled. Start by using tools, both free and paid, to audit what passwords are used across your systems.

    Benefits include:

    • Expose any reused passwords
    • Provide metrics on how easily they can be cracked
    • Check active passwords against leaked databases


    Account Auditing

    If you are using out of the box domain policies in your environment, then you are not currently taking advantage of invaluable logs for your organization. A quick search on “Auditing User Accounts in Active Directory” will provide countless tutorials.

    If you have a SIEM or (shameless plug) are using Sophos Intercept-X with EDR, you can quickly audit your systems with a few clicks for the following event IDs:

    • Event ID 4720: a new account created
    • Event ID 4722: a user account was enabled
    • Event ID 4740: a user account was locked
    • Event ID 4725: a user account was disabled
    • Event ID 4726: a user account was deleted
    • Event ID 4738: a user account was changed
    • Event ID 4781: a user account name was changed
    • Event ID 4625: an account failed to log on
      • There are several failed login types

    By monitoring and routinely looking at these events, this can give you an early indication that a hack is being attempted or has been successful.


    Apply these tactics to your existing processes and increase the chance of catching the smoke before it turns to flame. Simple security strategies can save you countless hours and dollars.

    Hyperautomation, RPA and Intelligent Automation: How Automation is Changing How We Do Business

    Hyperautomation, RPA and Intelligent Automation: How Automation is Changing How We Do Business

    Since technology made its way into our homes and businesses more than 30 years ago, it’s changed how we communicate, work, and process information. First it was the typewriter, then the first computers were introduced, cell phones changed how quickly we could connect, and now we’re seeing technology predict human operations and take over the tasks that were once too dangerous for humans or took up too much valuable time.

    Over the next several years, businesses will need to adapt to changes in technology as features like AI, RPA, and Hyperautomation become mainstay. Now is a critical period of transition for businesses as we begin to consider an attainable rollout process for these new systems.

    According to a June 2019 study, “How Robots Change the Work,” by global advisory firm Oxford Economics, “The number of robots in use worldwide multiplied threefold over the past two decades, to 2.25 million. Trends suggest the global stock of robots will multiply even faster in the next 20 years, reaching as many as 20 million by 2030.”

    Chain retailers have long past adopted using these technologically advanced features to improve how they track consumers, generate revenue, and streamline business processes. Now is the time for other businesses and industries to hop on the AI, Hyperautomation, and RPA bandwagon.

    Since the global pandemic has put a significant strain on efficient workflows and processes, the need for approachable business automation has skyrocketed. The market shift has required businesses to adapt to a digital workplace, maintain productive operations, and embrace advancing technologies. Take the time to understand the different methods of modern day business automation now because it is only going to advance from here.


    IA vs. RPA vs. Hyperautomation


    In the tech industry, there are three different forms of automation on the rise, including Hyperautomation, RPA (robotic process automation), and

     Intelligent Automation. Intelligent automation (IA) focuses on the automation of thinking processes, RPA on mimicking human action, and Hyperautomation in its most basic form is a combination of the two.

    The three main forms of automation are all intertwined with one another, but reach different respective goals. All automation works toward creating more efficiency, but depending on the form, the level of human input required, and the actions it performs will determine what automation is necessary. Each form will change most companies’ goals from bartering over who can offer the best price, to who can deliver products and services the fastest.

    Some of these business process automations may already be in play at your business. Consider the employee onboarding software you use, purchase order requests you file, how you process your payroll, and more. These are common ways most businesses have started to automate their processes, but they could be doing more. 

    Consider the data analysis tasks your employees perform, how your finance department pays and processes invoices, and how your procurement team orders new products or equipment. The goal of implementing automation processes is to use technology for these repeatable, day-to-day tasks and reallocate your employees’ time elsewhere to further improve business efficiency.


    What is Intelligent Automation (IA)?


    Intelligent Automation is a combination of Robotic Process Automation (RPA) and artificial intelligence (AI) technologies, which together empowers rapid end-to-end business process automation and accelerates digital transformation. According to Automation Anywhere, Intelligent Automation, “spans the entire automation journey—discovery, automation, optimization—automating any front- or back-office business process, and orchestrating work across combined human-bot teams.”

    Industries that can benefit most from IA are BPOs, financial services, healthcare, insurance, life sciences, manufacturing, public sector, and telecommunications.


    The key benefits of Intelligent Automation are: 

    • An enhanced customer experience
    • Fewer errors and exceptions
    • Strengthened cybersecurity 
    • Enhanced compliance
    • Automated business processes 
    • Reduced operational obstacles 
    • Organized complex data

    In today’s enterprise, unstructured information represents 80% of all business data. The rise of  IA presents a more streamlined approach to optimizing processes, workflows, and automation paths. To benefit from Intelligent Automation, it is critical to share all unstructured information. This includes human chat conversation, audio, and video. Without this, IA will not be able to make true automation possible.

    We anticipate a rise in need for IA this year as many businesses maintain a digital workforce and need to optimize their digital workflow transformation.


    What is Robotic Process Automation (RPA)?

    RPA, or robotic process automation, is a buzz term that’s here to stay. Contrary to what it’s name sounds like, it’s not made of mechanical robots walking (or wheeling) around in place of human line workers. Instead, RPA is made up of software robots mimicking repeatable and mundane human tasks on a device.

    There are two main forms of RPA: Assisted and Unassisted. Assisted RPA has human employees and software bots working hand-in-hand. An example of Assisted RPA is where the robot is deployed via the server to an employee’s workstation. The employee accesses it from a desktop menu and has control over where and when it is used.

    On the other hand, Unassisted RPA software bots are decentralized on a manual server, allowing manual control. The actions that these software robots can take are the tasks that often take human employees away from their more important core work. Some of these tasks include simple actions such as copying and pasting data, logging into applications, moving files and folders, making calculations, reading and writing to databases, and more.

    Currently in advancement is the next step after Unassisted RPA, which is Autonomous RPA and Cognitive RPA. The ideal situation for Unassisted RPA is to automate and scale processes to support the bottom line and eliminate workflow inefficiencies. On the other hand, Cognitive RPA is less tactical and more strategic. Cognitive RPA uses Machine Learning and Natural Language Processing to process unstructured data and aid in the automation of tasks that require judgement.


    What is Hyperautomation?


    In the most simple terms, Hyperautomation automates mundane, repetitive tasks. The term itself first appeared in October 2019, making it a new but impactful trend in 2020. The combination of a set of digital technologies such as AI, machine learning (ML), and RPA make up the base of what Hyperautomation is. It differs from other automation processes by regarding humans as an essential component of what makes it work.

    While RPA largely aims to mimic human tasks and actions, Hyperautomation brings the advancement of human action and human thought (AI) together to create a technology that can do it all in order to give human workers freedom from some of their smaller or more dangerous tasks. This advanced form of business automation has a goal to complete tasks and processes faster, benefiting the business’ production and profit.

    The benefits of Hyperautomation include: 

    • Accelerating Complex Work – provides a quick way to get every employee engaged in transforming the business by automating complex work that relies on input from all.
    • Deploying Digital Workers – can take on repetitive tasks to change how employees work. By creating a digital workforce, businesses can create a digital form of shared knowledge the workers can use to discover new processes, analyze data, and create new automation opportunities.


    How Advancements in Automation are Changing How We Do Business


    As Automation continues to advance, you should expect to see a more efficient and expedited version of end-to-end business process automation, stronger customer service, and more time for human employees to work on things that require deeper thinking. Mundane and repeatable tasks that typically diverge people from completing their important core work will be given to the software bots that can complete them efficiently.

    Business goals will also likely change, and begin to focus on efficiency and speed of delivery rather than determining the best price in the market. With the help of AI and ML, business processes will be learned in a matter of minutes, and then optimized for efficiency by the software.

    Product delivery processes that once took weeks are now completed within a day, or even hours. Amazon has already taken advantage of automating their processes from the beginning to the end of the supply chain, allowing them to deliver products within the same day. This will become a norm as more companies invest in IA, RPA, and Hyperautomation. 

    Ali Raza, founder and CEO of ThroughPut noted, “The takeaway for automation strategy is not when to automate, but where to automate. The first step involves streamlining processes and bringing them into control, at which point they’re easier to scale.” 

    Not every job and task needs to be automated, as some areas of work can only be done by humans, but it’s important for businesses to take a look at their different teams and silos and determine which areas are holding them back by not being automated. Asking those questions will get your company to its optimal potential.


    Want to become more efficient? Contact PGH Networks today.

    Moving to the Cloud

    Moving to the Cloud

    The concept of cloud computing has been around since the 1960s, when computer bureaus would allow companies to rent time on a mainframe, rather than have to buy one themselves, but the term cloud computing only originated recently: during the early 2000s. Since then, cloud computing has only gained popularity as organizations realized that the technology offered a vast number of services for a low charge. According to Gartner, global spending on cloud services will reach $260 billion this year (up from $219.6 billion).


    What is Cloud Computing?


    Cloud computing is an internet-based service that allows individuals to access services that were traditionally only available via download online.  For example, Google Docs allows users to create and edit documents online, share these documents with collaborators so they can see adjustments in real-time, and access documents from any computer instead of just the computer the document was created on. This is only one example of cloud computing, and the technology is available for a variety of on-demand computing services, from applications to storage, typically on a pay-as-you-go basis.

    Cloud computing allows companies to rent access to services that previously would have required them to own their own computing infrastructure or data centers from a cloud service provider. This technology offers many benefits to companies, particularly in terms of scalability.


    Benefit of Cloud Computing


    Cloud computing offers organizations a number of advantages, from increasing efficiency to minimizing capital expenditure. Here are the top three reasons why you should consider taking your organization to the cloud:


    Cloud computing is ideal for the remote workforce, offering a level of flexibility that traditional IT infrastructure cannot. Not only does the pay-as-you-go nature of the cloud make it ideal for businesses to scale capacity up or down as needed, it makes it easy for teams to collaborate from anywhere at any time. 


    According to Salesforce data, 51% of employees have found that emerging technologies like cloud computing save both time and effort once integrated. Not only does this create streamlined content for improved collaboration, it means that your employees can access data at times most convenient for them.


    Cloud computing technologies allow businesses to avoid the high costs of hardware. With subscription-based models that make it easy to pay for what your organization needs, cloud computing providers make setting up and managing an IT infrastructure easy and affordable. 


    Risks of Cloud Computing


    While there are significant advantages to moving your organization onto the cloud, it is important to understand the risks associated with cloud computing to fully protect your organization against cyber threats. 

    Cloud environments experience the same threats as traditional data centers; however, unlike traditional data centers, organizations that operate in the cloud accept some of the responsibility for mitigating the risks associated with software vulnerabilities. For instance, organizations need to perform monitoring and analysis of information about applications, services, data, and users.

    Is your organization considering the switch to cloud computing? Learn more about the services and technology PGH Networks can provide. Reach out to us today: contact us today.