|
|
[CNS Logon] |
|
RE: SECURITY ADVISORY - RDP Attack Directed at our Network
Please be advised CNS is currently fending off a cyber-attack attempting intrusion into our hosted servers. This is to alert you to the issue and ask you to help us protect your VM by installing security updates and re-randomizing the RDP port in your VM as soon as possible. This advisory also contains information on how to determine if your VM is or has been under attack.
Systems Affected
- All Windows servers & desktops
Details
CNS is currently fending off a sophisticated cyber-attack attempting intrusion into hosted Windows servers & desktops. We believe the attackers are executing a vulnerability in unpatched subscriber servers to obtain the randomized RDP port number and user names. After obtaining the randomized RDP port number and user names, the attackers are then conducting brute force attacks against subscriber VM's.
While strong passwords are probably sufficient to avoid intrusion, the attack itself can quickly drain resources from the targeted VM as it works to authenticate and deny hundreds of login attempts by attacking robots. This starves subscriber applications of resources and will result in poor performance. These attacks are difficult to detect because they are conducted in an encrypted session where automated processes can not see them and also they can attempt hundreds of logins in a single connection.
We believe a DoS against our NY datacenter earlier this week was an attempt to divert attention. This was unsuccessful because of already deployed intrusion prevention systems and the DoS was also quickly mitigated. We are aware of only one subscriber VM that has been compromised. It was protected with a very weak password and without two-factor authentication installed. A review of the system found it was being used to commit online fraud. Please - do not use weak passwords and consider installing free two-factor authentication. Systems that have been patched regularly are unlikely to be affected. We will keep you up to date with any important information, which will be sent as it develops.
Please do not hesitate to contact CNS Support with any questions or concerns.
Impact:
A remote, unauthorized attacker could drain a VM of resources necessary for applications to run. They might also gain entry and take complete control. How to determine if you have been impacted:
Check windows event->security logs for numerous failed login attempts.
Solution: We recommend ALL SUBSCRIBERS install pending Microsoft updates AND run the CNS RDP Port Randomizer in your VM as soon as possible. A reboot will be required. After running the RDP Port Randomizer, please download a new RDP shortcut from the CNS Control panel. Simply click "My Products & Services"->"View Details" next to the VM subscription. Scroll down to the RDP Shortcut Creator to create and download your RDP shortcut. STEPS:
1) Install all pending Windows updates. Reboot as required and check for updates again until there are no more to install. 2) From inside the VM (DO NOT RUN ON YOUR COMPUTER), download and run the RRDP Port Randomizer from the CNS Helpdesk. Your VM will reboot after pressing "Go". 3) Login to the CNS Control Panel and download a new RDP shortcut. This will replace your current RDP shortcut.
For added protection, consider adding two-factor authentication.. CNS provides free two-factor authentication to all subscribers. Please contact CNS Support if you require assistance.
How to Install Windows Updates:
Windows 2008 subscribers will see a blue server with a yellow arrow circling it. Double click to begin the install process and follow the prompts.
Windows 2012 subscribers should click start->control panel->System and security->Check for updates
A reboot will be required to complete the update. Be sure to confirm all updates are installed by checking again after reboot.
Please do not hesitate to open a support ticket if you require assistance.
What we are doing to protect CNS subscribers:
We are sending you this alert so that you can secure your VM as soon as possible. We have developed new capabilities to better monitor this activity and will continue to perfect them as we analyze this attack. We have developed and deployed numerous countermeasures with synchronous capabilities to neutralize attacking computers. We are working with law enforcement to apprehend the attacker(s).
Getting Help:
Thank you for choosing Commercial Network Services. Please let us know if you have any questions or concerns. We are always here to help you. We maintain a ticketing system in order to effectively address and track your support issues. Please login to your Client Area and click "Help Desk" near the top, then click "Submit a Ticket" to send a new support request to our technicians.
NOTE: This message has been digitally signed. For your security, ALL electronic mail sent by CNS is digitally signed. If your eMail client is S/MIME compliant then you will see a digital certificate in the email message. This certificate proves the email was sent to you by CNS. If your email client is not S/MIME compliant, then you will find an attachment smime, which can be safely ignored. |
Read more »
|
|
|
[CNS Login] |
|
RE: CNS SUBSCRIBER UPDATE - December 2017
|
[TOP]
10GB More Disk Space:
Good news for CNS VPS Subscribers! Windows continues to grow in size and so does the software Trader’s use. This has resulted in less space to work with in a new VPS. As a result, we have increased the included disk size in all CNS VPS’s by 10GB! Please contact our helpdesk by support ticket, telephone or live chat to claim your additional 10GB of disk space. This will require a brief shutdown of your VM and any checkpoints will be destroyed in the process. Don’t worry, we can create a new one for you while we are at it. For a full review of everything included in your service plan, please click to review our Trader's service plans. |
|
[TOP]
New Special Offers:
We have added new special offers for both VPS and VPN subscriptions. They include:
VPS:
Refer a friend to CNS VPS & receive a $15 credit for you AND them. NO LIMIT!
Two full years of CNS VPS service for the cost of only 18 months.o:p>
Competitive upgrade discount – switch from any provider and receive a one-time bill credit.
VPN:
Refer a friend to CNS VPN & receive a free month for you AND them. NO LIMIT!
SOFTWARE:
One year of CNS Autoboot for $36. Autoboot is also included in our Trader’s VPS
For full details on all our special offers, please review this page.
|
|
[TOP]
Cleanup of Inactive Sponsoring Brokers & Some New Ones:
We have removed inactive brokers from our list of brokers who will pay for your CNS VPS. These brokers were either not responding to subscriber requests or simply not using the program. We will continue to keep the list current so you can receive a fast response for VPS sponsorship. Is your broker sponsoring a CNS VPS? Find out here. If they are listed then please contact our helpdesk and ask to be added to their program - jst provide us the coupon code listed. If your broker is not listed then please ask them to join our VPS Bundling program! It’s quick and easy to join.
|
|
[TOP]
MANY New ON NET and IX Peer Brokers:
CNS now peers with more than 1200 other networks worldwide - more than any other competitor. These peerings provide our subscribers with better routes than Internet transit and improves end-to-end redundancy and quality of service. The CNS network is now one of the most connected IPv4 and IPv6 networks on the Internet. We have also setup additional low latency ON NET private peering with more networks CNS subscribers connect to. ON NET is a direct connection - a cross connect - in a datacenter, connecting two networks together.
Such a highly connected network also improves your remote desktop QoS because it provides better connectivity not only between your VM and your broker, but also between you and the VM.
For a better review of ON NET Brokers, please take a look at the CNS Latency Chart. We have listed on the chart both ON NET and IX Peers. An IX Peer is another network that connects to ours over a peering fabric. Both are excellent quality connections because they avoid congested Internet transit completely.
Our latency chart is an ongoing work in progress. We add and edit listings as they are discovered by CNS Support. For the most current and complete listing, feel free to use our real time Looking Glass to test connectivity to any network on demand. Need help running a test? Please ask - we are happy to help.
Both provide an excellent quality circuit: -and- |
|
|
|
[TOP]
FREE VPN included in all VPS Subscriptions:
Earlier this year we began offering Anonymous VPN service to help with the decreasing privacy afforded to Internet users worldwide. We have been giving VPS users VPN access for quite some time in response to support tickets, usually to help them get around Internet congestion by leveraging our highly connected network.
The CNS network is one of the most connected on the entire Internet. This means most of our traffic doesn’t even touch (often congested) Internet transit circuits and instead transits private peering routes. Some traders don’t necessarily need very low latency and so they trade from home or office, but often experience disconnects because of poor quality ISP transit circuits. A CNS VPN is an excellent solution to this problem because our network peers with many ISP's *and* brokers.
All CNS VPS subscribers can now receive a free VPN subscription. To receive a free VPN subscription, please use the coupon code “FREEVPN” on a monthly anonymous VPN plan or ask for it at our helpdesk. Setup takes just a few minutes.
|
|
[TOP]
Is your VM secured by two-factor Authentication?:
New dangerous threats are constantly appearing on the Internet and specifically targeting the online trading community. This makes it that much more important for all traders and trader services to employ stronger authentication than the traditional user name and password. Traditional user name and passwords are commonly compromised by malicious software, or from hacked web sites in which the victim has used the same password. Hacked email accounts are also a common source of further compromise.
CNS Two-Factor Authentication (2FA) is a system where two different factors are used to authenticate a system login. Using two factors as opposed to one delivers a higher level of security when authenticating your login. The CNS 2FA solution combines something you have - your mobile device (phone or tablet) - with something you know - your control panel or VPS password. This can be compared to using an ATM card to withdrawal funds where you are required to have both the card and the PIN to complete a transaction, though in that example your ATM PIN may rarely change and the 2FA PIN is changing every 30 seconds.
The 2FA software installed in your mobile device displays a changing code, which only needs to be added to the end of the password at VPS login. This avoids the need to wait for a SMS delivery. For subscribers without a modern iOS, Android, or Windows mobile device- SMS codes are still supported.
2FA renders key loggers ineffective because the PIN code changes every 30 seconds- for token generated PINs and 5 minutes- for PINs sent by SMS (can only be used one time). A stolen password is only 1/2 the information needed to login - the attacker must also have your mobile device in their hand to read the PIN code and enter it. Brute force hacks are out of the question.
All that is needed is a software application installed in your mobile device to display the codes. There are already three that we know of which will work: Google Authenticator, Authy and OTP Authenticator |
CNS 2FA is compatible with Google Authenticator, Authy and OTP Authenticator. |
|
|
We strongly recommend this free service to all subscribers. To date, CNS has not seen a single 2FA protected VPS hacked. 2FA also protects CNS Client Area logins, which is very important because it prevents someone from accessing your CNS account and disabling 2FA.
CNS Two-Factor Authentication (2FA) is compatible with any hosted Windows server. It is available free with every CNS VPS subscription, and is also available by subscription for Windows servers off the CNS network.
How to install 2FA:span>
Installing CNS 2FA is detailed in the CNS Two-factor Authentication How-to Guide.
Please - open a support ticket if you require assistance. We will be happy to assist you in securing your VPS. Please login to your Client Area and click "Help Desk" near the top, then click "Submit a Ticket" to send a new support ticket to our technicians.
|
|
[TOP]
Emergency SMS Support:
CNS maintains an SMS gateway to our Help Desk for your use during a power failure or other emergency in your area. SMS is ideal because it does not use jammed voice lines, will continue to try getting messages thru and also uses very little battery compared to voice. Please save these numbers in your mobile device now so you will have them later if needed. Upon receipt, CNS will acknowledge your message and interact through SMS to assist you. For faster service, please include your email address in the message.
In the UK: +44 1872 672038r>All other regions, worldwide, including the USA: +1 858 633-8999
Our helpdesk can also be reached via telephone at any of the numbers below:
San Diego, CA: +1 (619) 225-7882 Los Angeles, CA: +1 (213) 769-1787 New York, NY: +1 (646) 930-7435 London, UK: +44 (1753) 260678
Our online helpdesk is typically the best way to receive technical support that may require investigation or work completed on our part to resolve. To reach the Help Desk, please login to the control panel and then click "Help Desk" at the top. You will find a link "My tickets" to create a new ticket. If you do not see this link, please log out and then back in. Our helpdesk is staffed 24 hours a day, every day of the year. Response times are typically very quick.
|
|
[TOP]
CNS Remote Admin 1.0.17:
CNS Remote Admin is a free tool for use by Commercial Network Services subscribers to manage Windows virtual servers and desktops. Just some of the features in CNS Remote Admin are: view logged on users, running processes, events, download/upload files, and even control CNS Autoboot. Recommended for all CNS virtual server & desktop subscribers.BR> CNS Remote Admin is a great way to monitor the health of your VM's operating system.
Changes desktop version of CNSRemoteAdmin 1.0.17:
- Replaced old 2FA support with new CNS2FA.
- Reworked internal engine for tabs and network connection. Now all operations are working faster, especially File Manager and Event Viewer.
- Fixed navigate up in File Manager, now navigating to upper folder instead of root of drive C:
- Fixed error when trying to navigate to folder, which was just renamed in File Manager.
- Fixed issue with error showing remote screenshot in some cases (In Windows 2008 and Windows 2012). After reboot in Windows 2003 it is required to make logon to Windows with using Remote Desktop before using screenshot feature.
- Fixed progress bar in File Manager when copy/open files.
- Added support of rad files where line by line means: remote ip, login, password, and optionally 2fa. To open it, call app with passing full path to rad file as first argument.
Changes in mobile version of CNSRemoteAdmin 1.0.17:
- Replaced old 2FA support with new CNS2FA.
- Added feature to sort columns in Process View.
- Added basic touch to zoom and double-tap to full screen feature in remote screenshot viewer.
- Fixed issue with error showing remote screenshot in some cases.
Getting CNS Remote Admin::
Download for Windows PC
To get CNS Remote Admin for your iOS or Android device, search the playstore/appstore for "CNS Remote Admin". |
|
|
|
|
|
|
[TOP]]
Happy Holidays!:
Thank you for your support over the past several years. It has been our pleasure to host your platforms. Have a great and long holiday and a happy new year. We look forward to working with you in 2018. |
|
[TOP]
Getting Help:
Thank you for choosing Commercial Network Services. Please let us know if you have any questions or concerns. We are always here to help you. We maintain a ticketing system in order to effectively address and track your support issues. Please login to your Client Area and click "Help Desk" near the top, then click "Submit a Ticket" to send a new support request to our technicians.
NOTE: This message has been digitally signed. For your security, ALL electronic mail sent by CNS is digitally signed. If your eMail client is S/MIME compliant then you will see a digital certificate in the email message. This certificate proves the email was sent to you by CNS. If your email client is not S/MIME compliant, then you will find an attachment smime, which can be safely ignored.
CAN-SPAM: You have received this message because you have a CNS account and this message contains information that may affect your services. If you no longer wish to receive these types of messages from us then please login to your CNS Client area and click "my details" at the top. Then, check the box to unsubscribe at the bottom and save. -thank you |
Read more »
|