Microsoft 0-Day Exploits

On Tuesday 12th April (US time) Microsoft had identified a security breach within their Microsoft Office Suites.  Microsoft has acted quickly and have rolled out a batch of updates that plug the security holes. This type of attack is known as zero-day exploits and are often attempted by hackers before or on the day that updated are released to the public. The hacker attempts to install malware on fully patched computers. It does so by exploiting a vulnerability in most or all versions of Microsoft Word. Zero-day attacks are a severe threat.

The security of our customer’s networks is our top priority. We have acted quickly; the Microsoft updates have been applied last night.

You may have been prompted by Microsoft to update this morning, please ignore this message and restart your device. If in doubt, please save your work and restart your device.

Our spam filter was also updated to detect these vulnerabilities within the email to stop these threats at the border.

If you have any questions, please email support.

Reference: CVE-2017-0210

Copper Services are an Endangered Species

Most businesses will by now be aware of the fibre roll out and hopefully, are now using UFB fibre Internet. However, what many do not realise, is that, as fibre rollout is completed in an area, traditional copper services which support stuff like phone lines and ADSL/VDSL Internet connections will eventually be decommissioned.

Read about the pending copper cut off here.

“…Chorus would have the option of withdrawing service and removing the copper network according to its own timeframes…”

What does this mean for you? Well, most importantly, if you are a small business and not using fibre connectivity already, it’s time to make the change. Fibre connectivity is much faster and more stable than copper connections and will help facilitate better connectivity for cloud-based services such as Microsoft Office 365 and Layer3 solutions like Filecloud (NZ-based file sharing and management platform), Cloud Office remote desktop server and VoIP (Internet-based phone systems).

Secondly, with fibre in place, it would be a very good idea to review your phone system. Analogue phone lines are expensive compared to VoIP services and offer far fewer features and benefits. And with the possible pending removal of the copper network, they are an endangered species. Switching to a VoIP system will allow your business to get the most out of its fibre Internet, cut costs or at least implement a brand new, feature-rich system on a cost-neutral basis. VoIP will also open up possibilities for your business to aggregate services (like having 3 offices share a pool VoIP ‘lines’) and be connected to your phone system from anywhere.

If you have an alarm/security system connected over a phone line, you’ll also need to contact your security provider to talk about getting you switched over to an fibre-based alarm option. This is usually a relatively easy and low cost migration. If you are being told otherwise, have a look around at new options.

Finally, think of fibre as a tether to the cloud. With fibre in place, you will have a fast, direct link to the world of cloud services. Microsoft Office 365 is a cloud-based option for your office applications (email, Word, Excel, etc). Xero is a very popular cloud-based accounting system. And services like Filecloud and Cloud Office will enable your team to access company data from anywhere. Migrating to the cloud will also fit into a prudent DR solution with your data safely backed up and accessible from anywhere.

If you would like any help reviewing your Internet services and looking at cloud options to improve your business efficiency, give us a buzz and our in-house business Internet and VoIP expert, Daniel Bohan, will be happy to have that discussion.

LAYER3 Security Alert – WannaCry Ransomware Virus

Simply having an antivirus subscription is no longer enough to protect your organisation from today’s threat landscape.

On Friday, May 12, a global cyber-attack was launched using a ransomware program called WannaCry. It is estimated so far that almost 250,000 machines have been infected in 150 countries, which according to Europol, makes it an attack on an unprecedented scale. That number is sure to grow as the attack continues to spread and more impact is reported. It is imperative that all businesses take immediate steps to ensure the integrity of their network and data – this is a very real and very imminent threat.

WannaCry highlights the true menace of ransomware, virus and malware attacks on businesses and the extreme importance of having robust, managed security systems in place.

About Ransomware

Ransomware is a particular breed of malware that carries out what is called a ‘cryptoviral extortion attack’. In simple terms, what this means is that the software, once it has found a way into your network, will generally encrypt the files or the entire hard drives of the targeted machines or lock you out of the operating system altogether.

It will then display an image with instructions on the ‘ransom’. This is the amount demanded by the perpetrator to release your files. Payments are required in BTC because this crypto-currency is untraceable. There is also usually a time limit given to comply, after which the price will either go up, or the data will be lost forever.

Ransomware can find its way onto your network through a variety of means, but most commonly by ‘phishing’, a tactic that induces the victim to click on a link in a malicious email or on a malicious website. Once that magic button is pushed, the program gets to work, worming through your files, scanning for any other machines connected to yours, encrypting them all as it goes.

More on WannaCry

Like most ransomware attacks, WannaCry spreads through phishing emails, but what makes this attack so dangerous, is that it exploits a vulnerability in Microsoft and uses a backdoor tool developed by the US National Security Agency (NSA). Once a machine is infected, it will scan and propagate to all other computers and servers on your network. All infected machines are encrypted, files are locked, and a message appears demanding a ransom be paid or the victims will lose their data.

The tools used to launch the Wannacry attack were leaked from a group within the NSA and work by exploiting a vulnerability in Microsoft’s Server Message Block (SMB) protocol. When the leak became known, Microsoft released a critical advisory and security patch. However, many systems did not implement that patch due to a variety of reasons such as compatibility restraints, negligence, other risk factors or just a lack of proper management and awareness. Any machines without the patch that came into contact with WannaCry were likely infected.

While the amount demanded is relatively low ($300 at the first level), the impact of WannaCry so far has been massive. The National Health Service (NHS) in England and Scotland had up to 70,000 devices hit and some NHS facilities NHS services had to re-direct ambulances and turn away non-critical cases. Other examples of large enterprises hit hard include Telefónica in Spain, Nissan Motor Manufacturing, FedEx, Renault, Deutsche Bahn railway in Germany, etc. In New Zealand information is limited so far, but one known victim so far is Lyttleton Port in Christchurch.

The Layer3 Response

Notifications on the WannaCry event came flying in via our security devices and security vendors. We quickly established that this attack was exploiting a bug in Microsoft Windows. Although all Layer3 managed services and security customers had already been patched for this exploit, our team still went through a process of verifying this patch implementation across all customer networks and our own in-house cloud infrastructure.

These checks were completed by Saturday evening with no issues encountered. Our firewalls, antivirus, and mail filtering tools were all updated as soon as the threat became known. To date our main cloud infrastructure has seen around 5,000 attempts to broadly attack our networks. We have only received a small number of emails which have been blocked through our Mail Filtering system.

What can you do to protect your business?

The days of purchasing an annual antivirus (AV) subscription – or worse, not even doing that – are long gone. Low-end antivirus tools operate by blocking threats from a list of definitions, which means that they can only stop a virus that is already known about.

When something new like WannaCry breaks out, as they do all the time, definition-based AV tools are worse than useless. At the absolute very least, you must use an AV tool that operates based on ‘behaviour’ – they identify suspicious behavior from a program and shut it down. Layer3, for example, uses BitDefender in our managed security stack. BitDefender is consistently in the top 2 ranked AV tools in the world and stopped WannaCry out of the box.

Antivirus just isn’t enough though to protect the integrity and continuity of your vital business infrastructure.

Here is a list of some important components to ensure the best possible protection for your network:

Security Gateway – a next generation firewall that guards against external attacks, fully managed and monitored by Layer3.

Managed Antivirus – Layer3’s best of breed, fully monitored antivirus service learns and watches behavioral patterns on a system which can predict malicious activity.

Managed Patching – Automated management of patching to ensure critical security and performance updates are consistently installed on all machines. Included on most Layer3 Managed Services plans.

DNS Protection – Building on from the Security Gateway product, if an attack gets through, Layer3 DNS Protection will among other features, stop the virus from ‘calling home.’

Replication and Recovery – Cloud Shadow from Layer3 will completely replicate your infrastructure offsite and allow you instant recovery in the event your servers fail or are compromised – even to an online virtual server.

Managed IT – IT security can be complex and multi-faceted. A comprehensive IT managed services plan from Layer3 will help guide your organisation safely through the many pitfalls and hazards that can plague any business in this world evolving technology and very real cyber threats. A feature-rich managed service should be the cornerstone of every organisations IT strategy.

Security Consultation

To talk about improving your security and/or IT management, contact Daniel Bohan at Layer3 on 0508 LAYER3 (0508 529373) or

Backup; A Thing of the Past

If you are talking about backup, you’re living in the past.

The North Canterbury 7.8m earthquake on the 14th of November, 2016 was very reminiscent of the Christchurch earthquake of 2011.

Businesses in the South Island have been forced to close, with those in Kaikoura majorly affected, some irreparably so. Wellington did not escape either, of course. To date, over 50 tenancies in Wellington have been closed, which represents an astonishing 11% of the CBD.

On top of the November quake, Wellington was further hit with punishing rains and flooding in the subsequent days which severely inhibited accessibility in a number of areas and shut businesses down as staff were unable to get work.

Layer3 operates from two datacenters in Wellington and Auckland. Over the last four years, we have progressively moved the majority of our customers into some form of cloud computing, most notably, our Cloud Office platform which is hosted across that two datacenter environment. Cloud Office is what we call VDI, or Virtual Desktop Infrastructure. It allows you, the customer, to access your desktop, files, and applications from wherever you are. So on the Monday morning after the earthquake, while it was all hands on deck for Layer3, it was very refreshing to see no tickets in our queue, and all services up and running.

Many of our customers were affected in Wellington, of course,  with quite a few locked out of their buildings for 2-3 days. However, all of them were able to resume operations and work from home with full desktop services, as well as IP telephony services provided by our CloudPBX service.

So the days of having a backup, whether in the cloud or on – *gasp* – rotating portable hard drives is gone. When disaster strikes, your business needs to be able to function with little or no interruption. In light of this, businesses need to ask themselves a few poignant questions now. What good will the data in your backup system do for you if your business cannot operate in any productive manner to even make use of that data? What good is your new PABX system if no one can get into the building to answer the phones? How many days can your business survive without being operational?

Business continuity is key. Not backup. Build systems that allow you to work through a disaster, not ones that just let you hopefully reload some files after one.

For more information on how Layer3 can help you improve your IT continuity, give us a call at 0508 LAYER3.

LinkedIn data breach – Act now!

Back in June 2012, LinkedIn was hacked by Russian hackers who stole approximately 6.5 million usernames and passwords. At least that is what was reported at the time.

However, in May 2016 it was ‘discovered’ that a further 100 million email address and passwords had been taken in the attack. This reveals what was a bad security incident to actually be a really, really bad security incident.

At the time of the original lesser breach notification, the 6.5 million compromised LinkedIn users were prompted to change their passwords, and within a few months, the incident was largely forgotten. Fast forward about four years, and this breach seems to be coming back to immediate. significance. The further 100 million compromised accounts had their passwords invalidated by LinkedIn if they had not been changed since the 2012 breach.

Since the beginning of June, Layer3 has started observing issues with TeamViewer, a popular tool for remotely accessing devices such as servers. It seems that TeamViewer accounts were being compromised. When the issue was finally publicly addressed, TeamViewer has stated that this is due to LinkedIn’s hacked information becoming public.

Then, last night, that database of 100 million accounts was made public, published online. Anyone can get a copy of it with passwords in plain text. The implications of this are massive. Even if an affected user has since changed his/her LinkedIn password.

In a world with tons of logins required for a multitude of sites and services used daily, weekly, monthly or just occasionally, it is common practice for many users to simply recycle a memorable password over and over again across the board. However, when one of those sites is breached, as LinkedIn was, just getting what might seem like pretty harmless information – your email address and password for that site – can in fact, provide hackers all they need to break into every other account you have. For example, if your email account is compromised, hackers can then reset passwords to other services you may have. Password resets will be sent to your compromised email account, allowing the hackers to compromise these services as well. Imagine having a bunch of individually locked doors but using the same lock and key on all them. If some is able to get a copy of that one key, they just unlock every door with ease.

Since the release of the LinkedIn database last night, I have had multiple attempts to access internet accounts associated with my LinkedIn login credentials. Luckily, I had changed my password using long pass phrases some time ago.

What do you need to do now? We highly recommend that you change your password for all internet services, using something like pass phrases. Make sure that the password is different for every service. It might be a bit of pain, but it definitely will be less of a pain than trying to undo whatever trouble hackers are able to cause by accessing your accounts. Even if you have changed your LinkedIn password since 2012, it is possible that you may have used that old password other sites and services, so let this be your prompt to do a password refresh across the board.

If you have trouble remembering these passwords, there are services out there that store your passwords in a secure database, such as LastPass.

To see if you email address and password have been compromised, check

The State of Windows 10 – April 2016

To upgrade now, or to upgrade now? That is the question

No – you didn’t read that wrong. This, of course, refers to that famous quote which deals with a fundamental question about the human ‘operating system’. As far as your computer’s operating system, Microsoft is trying to take away the question and make it a given.

In late 2015, I was still advising our customers to refrain from upgrading to Windows 10 until at least early 2016. I still stick to this advice and extend that timeframe out.

Windows 10 started off its life as Windows reborn… it came out with a start menu. As you probably know, with the Windows 8 launch, there was much talk – and anger – at the removal of the start menu.

Personally, I thought dumping the start window was the right move, and the new system actually worked better. The problem, though, which has always been an issue for Microsoft, was the way they went about informing customers on how to use the new Windows without a start menu. By that, I mean they virtually didn’t advise anyone at all. This left Windows 8 in a very confused state. Was Windows 8 a tablet operating system? A desktop operating system? Or something else?

Windows 8.1 fixed this. If you can remember Windows 98, you might remember some of the issues it had from its release. So a year later, Microsoft put out Windows 98 SE (Second Edition) to fix things. Well, they did the same thing for Windows 8 with Windows 8.1 to fix the main issues with Windows 8 and including the old trusty start menu. Fast forward to 2015 and we have Windows 10, which is essentially a mix of Windows 8 and 8.1, supposedly perfected. However, that’s not quite the case.

Now, Microsoft has recently changed the way Windows 10 is being pushed out to Windows 7 and 8 computers

Before the end of 2015, Windows 10 was originally just marked as an optional update within Windows Update, and so was not automatically installed by the current operating system. Microsoft has changed this, though, and Windows 10 is now marked as a recommended update. This means that most computers will install this update without telling you as part of its automatic updates.

This poses a problem for business customers. By default, administrators and IT support companies like Layer3 can block this update. Indeed, we can still do this. However, Microsoft re-releases the patch which upgrades computers to Windows 10 every month, which overwrites our rules and inhibits the administrator’s ability to manage the update process.

Why is this an issue?

Besides the fundamental problem of having Microsoft forcing you to do what it thinks is best for you, this is a practical issue because Windows 10 still has many flaws. From sleep and hibernation issues on laptops and tablets to dual monitors not working, application incompatibility, and of course, driver issues, Windows 10 clearly has some leaks to plug. On top of that, some of the recent Windows Updates have even been recalled, almost on a monthly basis.

To be fair, some major issues were fixed early February 2016, but many remain. So when you add all that up, it doesn’t equate for network administrators to blindly take every Windows update that comes down the pipe.

What you should do (or not do)

The free Windows upgrade expires on the 28th of July, 2016. While this puts a bit of urgency into the upgrade discussion, in my opinion, Microsoft will extend that deadline.

The majority of Layer3’s desktop support tickets raised are related to upgrades to Windows 10 and issues that have come about from doing this. So as of now, we still advise customers not to upgrade to Windows 10 unless you really, really have to. We will review this again next month, but for now, sit tight.

If you have any questions surrounding the upgrade to Windows 10, please don’t hesitate to contact us.

Cryptolocker ‘Locky’ – The Layer3 Defence

It’s that time again. Time for another round of Cryptolockers.

This time ‘Locky’.

If you don’t already know, a Cryptolocker is a virus which infects your computer through social engineering such as a fake invoice through email, or an email asking you to visit a suspect website.

Cryptolockers were initially very hard to combat. Many antivirus vendors have failed to pick up new variants of Cryptolockers. This detection issue is because of the way traditional Antivirus software works.

Most antivirus software over the last decade works on definition files. These definition files are usually released on a daily basis for most home user Antivirus software, and on an hourly basis for Business users. The problem with this approach is they are defined to a set of virus-like patterns within the definition file. If something new comes along, the Antivirus software will not detect it unless the Antivirus software has other capabilities such as behavioral analysis.

Locky is usually distributed by an email attachment, usually an invoice. This invoice, when opened will ask you to enable Macros. This is how the virus executes malicious code on your computer. The reason this Cryptolocker is a problem is that:

  • It encrypts all files (documents/media) on your computer
  • It encrypts all files on mapped network drives
  • it encrypts all files on unmapped network drives

The biggest problem is that it encrypts files on unmapped network drives. This means that the Locky virus scans the network for network shares inwhich it can access and infect, even if the user is not actually using them.

For customers on a Layer3 agreement, you will be protected by our Managed Antivirus solution, which is installed on your workstations, laptops, and servers. This Antivirus contains advanced scanning features such as behavioral analysis which detects behavior on the computer which is not normal behavior. Behavior analysis helps greatly in detecting Cryptolocker viruses.

Many customers also have our Premium Spam Filtering and Umbrella Web Filtering services which mitigate the risk. If you don’t have these services, please get in touch.

Be assured, if you are a Layer3 customer on Managed Services Agreement, you will be protected from this latest Cryptolocker.

If you do have any concerns, please email our support staff at

Microsoft Office 365/Azure Price Increases

You may not be aware, but Microsoft’s online services are increasing in price from the 1st of April 2016. Specifically, in the New Zealand market, prices of Office 365 and Azure services are to rise by 22% across the board.

Microsoft periodically assesses the impact of its pricing to ensure there is a reasonable alignment with the needs its customers, partners, and the marketplace, and may make changes in response to its assessment and feedback. As part of our regular business practices in light of the rapid evolution of cloud services and evolving local market dynamics, Microsoft will adjust prices for cloud services in New Zealand to more closely align with the marketplace.

As part of their regular business practices in light of the rapid evolution of cloud services and evolving local market dynamics, Microsoft will adjust prices for cloud services in New Zealand to more closely align with the marketplace.

What products are impacted by the price change?

  • Office365
  • Microsoft Azure
  • CRM-Online
  • Enterprise Mobility Suite
  • Microsoft Intune and other enterprise Online Services are included in this price change.

Customers that are currently billed by Layer3 will not be affected until their current term is up for renewal.

If you are not billed by Layer3 for Microsoft Cloud services, you can change to Layer3 in March to receive the old pricing which will be locked in for a year. Changing is easy, and only takes about 10 minutes.

For more information, or to change, please email contact Layer3.

Basic Computer Troubleshooting Tips

When your computer suddenly stops working it is frustrating, to say the least! Would you know what to do if your screen goes blank? Or cannot hear any sound from your speakers? Whenever you have a problem with your computer, do not panic!

There are many basic troubleshooting techniques you can use to fix issues like this and get you back up in running quickly.  You may think I’am stating the obvious, but the below checks can often be overlooked.

Always check the cables

Simple, I know, but often we forget to check all cables are plugged in securely. If you are having trouble with a specific piece of computer hardware, such as your monitor or keyboard, an easy first step is to check all related cables to make sure they are properly connected. Too often a monitor cable or USB device has come loose.

Restarting the computer

When all else fails, one of the best things to try is to restart the computer. Restarting can resolve a lot of basic issues you may experience with your device, especially with unresponsive software.  For example, the Windows blue screen of death is usually caused by a low-level error and can be fixed when you restart because the problem code can start over again.

Essentially, when you restart your device, you are clearing off the current state of your software and starting over again.

My famous line is: it is amazing what a restart it can do!

My Wi-Fi keeps disconnecting

Spotty wireless connections can be a challenge. Is it your computer? Your router? Your ISP? Try a few things before calling your Internet service provider.

  1. Firstly, check to see that your computer is within the range of your wireless router. Weak signals mean weak connections.
  2. Make sure your PC’s wireless card has the latest drivers. Try letting Windows troubleshoot for you by right-clicking the Wi-Fi icon in the taskbar and selecting Troubleshoot problems.


Downloads are taking forever is very handy when you are having connectivity problems. Run a speed test to see what your download and upload speeds are, ideally they should be at least 50 percent of your Internet service provider’s advertised speeds, with a ping under 100 milliseconds. A download speed of over 30 Mbps and upload speed for at least 10 Mbps is recommended.


My machine keeps restarting

Hardware problems are hard to diagnose and solve. First, confirm that you are not just getting the latest wave of Windows updates, which can automatically restart your computer during installation. Then work on updating all of your critical system drivers. Your graphics card, motherboard, and network card drivers are crucial.

It can be hard to pinpoint as sometimes it can be viruses; sometimes it can be adware. Sometimes it can be overheating. And sometimes it can be something as simple as making sure your video card is updated.

Is your computer making weird noises? If you are lucky, all you’ll need to do is give the machine a thorough cleaning. Modern computers have safeguards that shut down the system if a component is overheating, which can be the cause of frequent restarts when you are running resource-intensive programs or video games.

Pop-up ads are appearing on my desktop

If you are not running your Web browser and are still getting pop-up ads on your desktop, you’ve most likely installed adware, a program that displays unwanted ads. The majority of time adware is up to no good. Getting rid of adware is not easy.

Avoid downloading programs that offer to speed up your PC or clean up your registry. Instead, use a trustworthy adware scanner like the free version of Malwarebytes’ Anti-Malware tool.

Running a full scan with credible antivirus software such as Malwarebytes is your first step. Just make sure to disable your standard antivirus software before running it.

Depending on the situation, if all else fails, there is always the nuclear option: a complete system reinstall. It might take a long time, but it is the only guaranteed way to remove adware or spyware. Remember to back up all important business file, cannot stress this enough. If any nasty virus gets installed on your machine and hold you to random, which in this day and age happens far too often to many businesses, having a backup in place, ideally online backup you can get back up quickly.

My printer won’t print

Let us assume that your printer’s drivers are up-to-date and that it has enough paper and ink or toner to print. Try turning the printer off and on. Unplug the printer and plug it back in. Check your printer’s print queue by looking for the printer icon in the system tray and double-clicking it. The print queue shows you the status of each job as well as the general status of your printer.


Ensure that ‘Use Printer Offline is not checked. Sometimes, printing while your printer is turned off can cause Windows to set your printer to work offline, and that can stall jobs sent later.

 I can’t open email attachments

If you have ever encountered an attachment that you could not open, it was probably because you did not have the software necessary to view the file.

The usual suspect is the .pdf file, for which you can download a free PDF reader. If your problem involves a different file format, a quick search on the attachment’s file extension (the three letters after the period in the filename) should tell you what type of program you need. If the attachment lacks a file extension (which might happen if it was renamed), adding it back should set things right.

My program isn’t working on my new PC

Following the recommendation from PC repair company in West Palm Beach, it is better to make sure that the software you are trying to run is compatible with your operating system. Older software might not function on new operating systems such as Windows 8 and 10, and an app created for Mac OS X definitely won’t run on your Windows PC. A 32-bit program might run on your 64-bit operating system, but it does not work the other way around.

Of course, we are here to help and are only a phone or email away. For support phone 0508 LAYER3 [529373] or

Westpac Hutt Valley Chamber Awards 2014

Hayden Kirk was awarded 2014 Young Business Person of the year at the Westpac Hutt Valley Chamber of Commerce Business Awards.

At an early age, Hayden always knew he wanted to be his own boss. In January 2005, with just a hundred and fifty dollars in his pocket, Hayden established Mobile. PC, now known as Layer3.

Hayden started off fixing home PC’s back in 2005. Today, the business offers a global service with Virtual Office, Filecloud and Host Exchange. In January 2015, Layer3 turned ten years old.

Hayden certainly has the X factor. He does not just think about it; he acts upon it.

Huge thank you to our customers. Many of you have supported Hayden right from the start.