REvil has struck again. What can we do? Design for explicit access.

At a glance… 

  • Kaseya VSA is used by IT organizations and many Managed Service Providers (MSPs) to track IT assets and to deliver software installations and patches to a network of endpoint nodes.  
  • Over the 4th of July weekend, a ransomware attack perpetrated by the REvil gang and its affiliates was delivered through the Kaseya VSA remote management software.  
  • Each Windows node on the network runs a Kaseya agent, which is responsible for downloading and installing patches and software packages from the VSA server. It is common practice for an MSP to use a single VSA server to manage all of the MSP’s client networks, meaning that one compromised VSA server can create a downstream impact on hundreds of individual businesses. 
  • 1,500 businesses may be effected. 

The fascinating anatomy of the hack 

REvil’s successful hack began with an SQL injection attack against the VSA server. The attacked VSA servers were exposed to the Internet, presumably to allow for remote access to the VSA server by an MSP’s employees. An SQL injection attack was crafted by the hackers to (a) bypass authentication, (b) upload a file, and (c) inject a command to distribute a malicious software patch. This software patch was then dutifully downloaded by Kaseya agents installed on Windows endpoints attached to the compromised VSA server. The technical details of how this was accomplished are explained quite clearly in this article by Sophos

The hack itself is fascinating from a technical perspective in multiple ways. First, an authentication bypass renders an entire stack of security technology (authentication providers and MFA) entirely irrelevant. There is no password guessing or credential stealing involved in this attack. Second, the MSP model where client networks are intermingled in a single VSA instance is inherently dangerous in that a single compromised server (whether it be a via a 0-day exploit or a more traditional stolen credential) can spread malicious software across many disparate organizations, geographies, and networks. Third, it is perturbing that a piece of software like the VSA server was directly exposed to the Internet. The lack of any intervening, independent authentication (e.g., a VPN or IIS authentication using certificates or Kerberos) places an inordinate amount of trust in the security architecture of a single piece of software (the VSA server). 

In general, the best way to mitigate hacks of all varieties is to apply a few principles: 

  1. Keep independent networks as separate as possible, and always require authentication to move between them. 
  1. Authenticate users and devices in layers that rely on disparate software stacks. Software is built by humans, and humans make mistakes that cause security vulnerabilities. Using independent software stacks to layer together multiple forms of authentication ensures that a hacker has to find multiple, independent mistakes that are exploitable in conjunction. 
  1. Because there is still no perfect way to prevent endpoint attacks from happening, effective endpoint protection is essential. The Kaseya exploit relied on anti-virus exceptions on the endpoint to allow a malicious file to be downloaded, decoded into an executable, and run via a shell command. This malicious executable then executed a side loading attack to actually launch the encryption process. Effective anomaly detection could have shut down the encrypting process before it got too far, and an alternative approach to using an anti-virus exception would have stopped the attack when it tried to execute the downloaded executable. 

A collective reconsideration of how we protect networks and endpoints is overdue 

This latest attack from REvil confirms the obvious – the business of ransomware is here to stay. Whether it is REvil, a spinoff from REvil, or an entirely new organization that is inspired by REvil’s success, a collective reconsideration of how we protect networks and endpoints is overdue. It has become standard practice to disable security software in order to enable functionality, rather than demanding the opposite – that software declare its intended behaviors in order to enable security software to detect anomalous behavior. 

A system of specific access vs. access to the entire network 

Our LINK system is architected with this last principle in mind. Rather than assume that all mobile devices need access to the company network (e.g., via VPN), LINK assumes that only a small number of applications and data repositories should be mobilized. To configure LINK, IT specifies exactly what intranet applications, email servers, and file repositories (Document Management Systems, One Drive, SMB shares, etc.) should be accessible from a mobile device, and this specification is role-based so that IT can take a pessimistic approach to mobile access (i.e., you can’t access anything unless permission is explicitly granted to you). LINK also uses multiple, independent layers of authentication – SSL certificates to authenticate the device, then traditional password-based authentication if the SSL authentication succeeds. Finally, each LINK installation acts as its own certificate authority for the purposes of SSL authentication. Hence, stealing a certificate for one installation does not grant access to any other installations. 

As we expand LINK beyond mobile, our goal is to promote a different approach to endpoint computing. This approach starts with the idea that users, applications and data need to be integrated explicitly, rather than implicitly. This creates a work environment that is easily encapsulated, encrypted, and protected with limited entry points and exit points to move data in and out of this environment. While no approach is perfect, the more explicit we are about how users, applications, and data interact, the better chance we have to stop the ransomware business before it expands any further. 

-Seth Hallem, CEO & Co-founder, Mobile Helix

Productivity Boost: Compare Word Files in the LINK App

Did you know that in our LINK App you can compare Word files?

  • Compare two files
  • Compare two versions of a file
  • Compare an attachment in email to a file in DMS

Watch this 16 second video to view comparing two versions of a file in iManage Work in the LINK App.

LINK has the compareDocs engine from DocsCorp built-in for high fidelity comparison results within the LINK secure container.

LINK is integrated with iManage Work®, NetDocuments DMS, OpenText eDocs, and Outlook email. In a single app, compare your files, then email or check-in to DMS.

Watch this video to see full workflows using in-app comparison and using the Word app for editing.

If have any questions, write to us at: contact at mobilehelix dot com. We’d be happy to answer your questions.

-Maureen

Word App Editing Just Got Easier for Lawyers with LINK

We have developed several editing workflows using the Word app over the years. Our newest one is the easiest one which we have seen anywhere. This is in part because our LINK app securely integrates your Document Management System and Email with the Word app. Therefore, you can choose to edit a file from DMS or an email attachment and it will open directly in Word.

Take a look at our 2 minute, 44 second video to see this workflow.

Here’s what you don’t have to do in our workflow:

  1. No need to copy the file in the Word app. LINK encrypts the file and moves it to Word.
  2. No need to save the file as .docx in the Word file. LINK converts .doc to .docx for you.
  3. No need to delete the file from the Word app after editing. LINK deletes it.

This video shows how straightforward it is to edit from LINK with the Word app.

LINK is integrated with iManage Work® 10, on-prem and in the Cloud; NetDocuments DMS; OneDrive; Network File Shares; and OpenText eDocs is in development. LINK is also integrated with Microsoft Exchange, therefore, you have your Outlook Email, Contacts, Calendar, Tasks, and Notes within the LINK App.

If your attorneys are looking for a simple way to edit files in DMS or in Outlook email with the Word app, email me. We are happy to show you a demo of this workflow.

-Maureen

contact @ mobilehelix dot com

Annotation Just Got Easier – New LINK App Release

Attorneys have always loved the annotation in LINK because anytime you open a file in LINK, annotation is immediately on the same screen. Whether the file is in DMS or another file share, or whether it’s an attachment to email, it just takes a tap to bring up the annotation menu. Annotate, then tap to email or upload to DMS or a file share.

You can even save your signature and initials in LINK so that you can sign a file with a couple of taps on the annotation menu.

In our new release you’ll see:

  1. Improved location of the annotation menu
  2. New features, including page display settings and grid view
  3. Enhanced layout of the annotation tools, for clearer discoverability
  4. A lighter interface.

We’ve gotten wonderful feedback on these improvements. Thank you!

You can get a quick look at the new UI in this 17 second video:

LINK App Annotation in 17 Seconds

To see LINK’s annotation in a full workflow, watch this video.

You will see how to use LINK’s split screen, then how to annotate a PDF, and email it.

If it looks simple, that’s because it really is. If you would like to see a demo via Zoom, write to me at: contact at mobilehelix dot com.

-Maureen

LINK App: New – List All Files

Here is another fantastic feature request from a LINK user.

Sometimes you need a list of every file in a folder or even in a Workspace in iManage Work or NetDocuments DMS. Search may not help as you don’t know exactly what you are looking for. Now in LINK you can create the list, annotate it, then Air Print, email, import to iManage or NetDocuments, or save in LINK to My Files.

To create the list, tap the ellipsis icon to the right of any folder or Workspace. Tap “List All Files.”

The list is displayed.

To annotate, tap the Paper & Pencil icon and mark away.

After annotating, you can use the icons in the lower right to Air Print, email, import to iManage, or save in LINK to My Files. Or, tap the X in the upper left to get a succinct menu with options to import, email, or save to My Files.

Don’t you love it? 🙂

-Maureen

LINK App: Send-and-File to DMS

We are receiving more and more requests to Send-and-File to iManage and NetDocuments. Our LINK app has done this for years.

Filing email to DMS is becoming important from a governance perspective. Not only do law firms want emails to be accessible in DMS with the Matter. But some law firms want to reduce the risk of years of email in Outlook. One of our law firm customers deletes all email at the 90-day mark. Truly. Another firm archives all email after 90 days. Retrieving email from the archive is possible but time-consuming. Therefore, filing to DMS becomes more attractive to attorneys.

Even without such law firm email policies, filing email to the Matter is increasing. The key is that is filing to DMS needs to be easy.

But Send-and-File on mobile devices is rare. It requires a tight integration of DMS and Email, as well as comprehensive security to protect confidential client data. LINK provides both the easy workflow and the security. Draft the email, tap Send, then tap a Recommended, Recent, or DMS folder to file.

LINK has predictive filing, too. LINK learns where you file a certain correspondent’s email and will show you Recommended, Recent, and DMS folders. In many cases you can file to one of these folders with a single tap.

New in LINK, the attorney can now go to the LINK email settings to turn Send-and-File on or off by default. The attorney can also toggle Send-and-File off and on, per individual email by tapping the envelope icon in draft email. When the envelope is green, Send-and-File is on.

Send and File Setting in LINK

Watch this brief video to see all of LINK’s Send-and-File features.

If you have questions, just write to us at: contact at mobilehelix.com. We’re ready to help you.

Learn more about LINK’s encryption, authentication, and secure container in this 5-minute video: LINK’s Security and Data Protection.

-Maureen

LINK App: Add to Favorites & My Matters

New in LINK and by popular demand, you can now:

  1. Add a workspace, folder, or file to Favorites
  2. Add a a workspace to My Matters
My Matters & Favorites Image

Just tap the ellipsis menu to the right of the workspace, folder, or file name.

This 36 second video shows how quick it is to do so.

If you have questions, email us at: contact @ mobilehelix dot com.

-Maureen

Register for our ILTA Webinar on July 20th: Paperless? It’s Easy with the LINK App

Mobile Helix Sponsors iManage ConnectLive Virtual 2020

We are very happy to be a sponsor of iManage’s first virtual ConnectLive. Join us from the comfort of your own home. 🙂

ConnectLive Virtual is free to iManage customers, unlimited people from your company. But you must register in advance here.

ConnectLive Social image

Our LINK encrypted app includes full access to iManage Work®. With LINK, attorneys and professional staff can easily work with document-centric workflows on smartphones and tablets.

At ConnectLive we will be showing our new custom workflows, including paperless pre-bills. Talk to us to see how you can use features like LINK’s in-app annotation and integration of Work and email to automate tasks.

Here is an example of what can be done in the LINK secure container app:
– Receive an email with an attachment.
– Compare the attachment to a file in iManage Work.
– Annotate the redlined version.
– Email the annotated document.
– If desired, also check the annotated document into DMS

LINK provides:
– In-app annotation
– In-app comparison
– High fidelity document viewer
– Email (Exchange Web Services)
– Integration with the Office apps for editing

With in-app email:
– Open NRLs.
– Use predictive filing to Work or Outlook folders.
– Import attachments to Work.
– Email files as original format, NRLs, or PDF.

Of course, we love going to Chicago, but we are looking forward this new experience.

-Maureen

A Decade in Legal Tech – 5 Surprises – UPDATE

Travel back in time to 2010. What was appended to your hand back then? A BlackBerry?  Perhaps the least anticipated change in legal is the decline in usage – to nearly zero – of the BlackBerry smartphone. I was rarely separated from my CrackBerry. It changed everything. Always connected. 

Here’s my take on five changes in legal tech in the last decade.  One caveat, I work mainly with documents, email, mobility, and security. Therefore, I see just a sliver of legal tech. You surely have seen others.

BlackBerry and iPhone 11 Smart Phones

1. BlackBerry ⬇️…iPhone #1

In 2011, 40% of attorneys responding to the ABA Tech Survey used BlackBerries. 

UPDATE:

The ABA 2019 Technology Survey shows the iOS usage has reached a record high of 79.2%. Android has slipped to 18.4%.

Image from iPhoneJD.com

Here are the ABA 2018 Technology Survey data on smartphone usage by lawyers:

  • iOS – 68%
  • Android – 25%
  • BlackBerry – 2%
  • Windows – 1%
  • None – 5%

Continue reading

Mobile Document Review with the LINK Viewer

For easy and secure document review, we have integrated our own document viewer in our LINK app. When you tap on a document name in LINK, it automatically opens in the LINK document viewer. LINK renders all documents as a PDF for high fidelity to the original. If there are Tracked Changes or redlines in the document, they are rendered as well. Or, you can elect to accept them and view a clean copy of the document.

Continue reading