Antivirus is Dead. Long live EDR!

Antivirus is Dead. Long live EDR!

News Security Uncategorized

Computer security is a constant battle with an ever changing landscape. Protection strategies that were top of the line are now no longer effective. This is now true of Antivirus software. In the past many organization’s only type of security was Antivirus and a firewall. However, new malware and ransomware techniques in use by the bad guys render Antivirus ineffective, and worse, provide a false sense of security. This is where a new technology called Endpoint Detection & Response (EDR) comes in. You may also see the terms MDR or XDR which are types of EDR deployments and/or feature sets.

Why Antivirus Can’t Protect You Anymore.

So why do we need EDR exactly? To understand the answer you first need to know how standard Antivirus software works.  The oversimplified version is that when a program is run or downloaded the AV software will scan it to see if it is a known threat, such as a virus or malware. If the scan sees something it recognizes it will delete or quarantine the file. If you look closely at that process you may see the two big problem already.

  • What if the threat was not previously known?

If the Antivirus does not recognize the threat then it allows it to run. That is not good. These types of threats can be new viruses, malware that has been obfuscated, or threats leveraging zero-day exploits (new, unpatched, security bugs in software such as Windows, MacOS, Adobe, Office, Zoom, etc.).

  • What if the threat does not a use a malicious file to infect the machine?   

If there is nothing to scan then, you guessed it, it runs (still not good). These are known as Fileless attacks and may also be referred to as Living off the Land (LOTL). This is a fairly new and evolving threat methodology and can be executed in various ways. Examples include Memory-only threats (Duqu worm), Windows registry resident malware (Poweliks), Powershell / Macro based tools (exploit kits), and various other technical methods I will not go into (DLL injection, DotNetToJScript technique, Reflective loading, etc.).

As you might have guessed, once malware gets past the Antivirus software it’s game over. Your computers, data, and network are now open to attack.

Detecting & Stopping Unknown Threats

EDR fills the gaps in Antivirus’s blind spots and then some. While Antivirus just scans for known threats, EDR also looks for malicious behaviors in applications and running processes utilizing a technique known as Machine Learning (a type of Artificial Intelligence). It does not need to know if a program is a threat, but acting in a threatening manner.  In this way it works based on how real world threats are determined. Police don’t keep a list of known offenders in their pocket, but identify the bad guys based on what they are doing and how they are acting.

Assume You Will Not Prevent All Attacks

When you get a new car you know it is just a matter of time before someone scratches it. You can park all the way in the back lot and you will still have someone dent it. Computer security should be thought of in the same manner. It is not a matter of if you will be breached, but when. Antivirus products are useless once an attack successfully executes but EDR has the ability to detect an active infection, kill it, and more importantly, reverse any changes made to the system. Not only does this limit the damage being done, it also saves an enormous amount of time on the IT side as computers no longer need to be brought offline to perform an erase and full reinstall of the computer and applications. In addition many EDR products can automatically disconnect an infected device from the network to help limit the spread of worms, ransomware, and hackers trying to move through your network.

Only Wireguided Includes the Worlds #1 EDR with it’s Managed Services

Wireguided makes the security of our clients our #1 priority (as well as great customer service!). We are constantly evaluating new security solutions and evaluating new threats so our customers are always protected. With this in mind we are now including the worlds #1 EDR / XDR software with our  Managed Services Plan, SentinelOne Singularity XDR. No other MSP offers this level of protection to their customers. If you would like to know more about EDR and how Wireguided can help your organization please click here to contact us.

Microsoft 365 Phishing Examples

Microsoft 365 Phishing Examples

Office 365 Security

[UPDATED: 4/6/2022]

The bad guys have been targeting Microsoft 365 users lately with multiple phishing attacks. Below is a sample of what to be on the lookout for. I would recommend sending this article to your employees to improve security awareness.

Red flags

  • From” email address inside the < > is not a Microsoft address. Even if it does show a Microsoft address it could be spoofed.
  • It’s addressed to a generic person such as “Client” and not the recipient by name.
  • It doesn’t look polished as you would expect an email from Microsoft to be.
  • Sent with High Importance.
  • It contains an attachment. Microsoft will never send you an email with an attachment.
  • Involves a threat of data loss or loss of access.
  • English may not be proper.
  • If you move your mouse on top of a link in the email without clicking in Outlook it will show where the link really goes (to the attacker’s web site).

I have highlighted these red flags in the samples below.

Sample Microsoft 365 Phishing Emails






Securing Your Accounts

Securing Your Accounts


Your password is the first line of defense preventing hackers from accessing your data. While 2FA and passphrases are the new recommendations (see below) here are rules you should always follow when creating a password.

  • 12 character minimum
  • Combination of letters, numbers, upper/lower case, special characters
  • Do NOT incorporate in your password any information that can be gathered about you via social media. This includes:
    • Names of family members or pets
    • Street address
    • Favorite movies, cars, destinations, etc.
    • Any part of your name
    • Social security numbers or other sensitive info
    • Phone numbers
    • Schools and Universities
    • Sports teams
    • Birthdates
  • Do NOT use any of these common passwords

Goodbye Passwords, Hello Passphrases!

Technology is readily available that can crack many passwords even if they seem hard or are hard to remember. A passphrase looks to kill two birds with one stone and create a secure password that you will not forget. In a nutshell a passphrase is 3-4 words put together (16+ characters) that are memorable but would take a computer years to crack. See the below comic to get the idea.

Creating a passphrase
Image source: xkcd














Two Factor Authentication (2FA / MFA)

The best line of defense is to enable 2FA on all your accounts. 2FA is the system where you are asked for a one-time code from either a text message, code generating app, or dedicated security hardware. With 2FA even if your password is leaked your account will still be secure from all but the most dedicated hackers. Microsoft studies have shown enabling 2FA cuts down on security breaches 90%. Each website has its own method for enabling 2FA so please check your account settings page for more information. Some services such as Apple accounts have it enabled by default.

Links to the most popular 2FA authenticator apps are below (and can be used with any website). These are not needed if you receive your 2FA code via text message.

Is Your Email Hacked?

Is Your Email Hacked?

Cloud Office 365 Security

Office 365 has become a big target for hackers due to it being used by thousands of businesses. We have seen an increase over the past few years of Man-in-the-Middle (MitM) attack attempts on our clients. In these types of security breaches the bad guys monitor hacked accounts (sometimes for months) looking for an opportunity to impersonate the real account user. Examples of the devastating outcomes of such attacks can be found HERE, HERE, HERE, and HERE

If you have Office 365 you can use the below steps to do a quick check to see if you have any of the common signs of a MitM attack. Other email services will have similar menu options.

Remember, it is always good practice to change your password at regular intervals throughout the year. Just make sure your password is secure.

Check Your Account

Go to and sign in with your Office 365 credentials.

Step 1 – Click on the gear icon in upper right.

Step 2 – Click on the gear icon in upper right and then View all Outlook settings.

Step 3 – Select Mail

Step 4 – Select Rules. If you see any rules that you did not set up notify your IT department. A common rule that hackers use are moving items from your inbox to other folders such as Archive, Trash, and Junk. If you make any changes make sure to save them.

Step 5 – Select Forwarding. If you see mail going to an unknown email address that is a good sign your account has been compromised. If you make any changes make sure to save them.

Every attack profile is different and even if your account looks good always assume the treat is there. Your IT department can help minimize the risk through a combination of user training, Office 365 settings, and standard security software. Wireguided is always here to assist your organization in all matters of security. Our services include anti-phishing training, incident response, disaster recovery, and security infrastructure design.


Phishing – Now even worse

Phishing – Now even worse

Education Security

Phishing is when hackers send emails to you posing as someone else to try and get you to click on a malicious link or attachment. As we have shown you before these spoofed emails can usually be easily spotted if you look at the full ‘From’ address. In most cases, unless the hacker has breached a trusted account, the email address will be an unknown account and only the display name will be modified to try to trick you. You can see what this looks like below.

Advanced Phishing Attacks

We are now seeing an increase in the next level of phishing where the hacker can create a ‘From’ address that looks 100% legit without having to hack the account of the company they are impersonating. You would have no way of identifying it as a fake email unless you examined the delivery information (which, unless you have an IT background, you will have no idea how to). An example of this more advanced threat is below:

Determining Real from Fake

As you can see this phishing email looks like it came from Chase Bank. The display name and email address check out. The only way an average user could see that this is a phishing attack is to hover their mouse over the ‘Download’ link in Outlook, without clicking, to see where it really goes it (Hint: it’s not Chase Bank). You will also see that the account numbers and other details do not match your real information.

As we have said many times. Employee security education is a key tool in protecting you and your business. If you would like to speak to Wireguided about our security training, both onsite and via webinar, please Contact Us.


Was My Facebook Info Hacked?

Was My Facebook Info Hacked?


Recently Facebook suffered a data breach that exposed the private information of around 50 million users. While no passwords were stolen the information taken could be used in future phishing campaigns and identify theft. Click the picture below and scroll to the bottom of the page to see if your account was one of the ones affected (You may be prompted to sign into Facebook if not already signed in).





Has My Website been Hacked?

Has My Website been Hacked?

Security Uncategorized

One of the latest trends for the bad guys is to hack into your website, not to steal your information, but to infect visitors with drive by malware or to display spam messages on your web pages. Most of the time the company is not even aware that they have been compromised which can lead to infected clients, bad publicity, and maybe even legal action.

The good news is that there are free site scanner out there that can do a pretty good job of detecting the most common types of  website malware.  Click the links below to scan your site. You can ignore any messages that they have to purchase their products (the sites are free for a reason). I recommend running both.

Website Malware Scanners

Sucuri SiteCheck

This scanner does a pretty good job locating malware infected pages. If you manage a WordPress site you can install their Sucuri plug-in which does a local scan and recommends ways to secure your site.

Quttera Website Malware Scanner

This site goes a little deeper and will find things Sucuri sometimes misses.

Now what?

Many website infection can be removed either by automated tools or by going to each page on your site, opening the page editor intext mode, and deleting the code inserted (usually at the bottom of each page).

If you do detect an infection and need assistance in not only cleaning up your site but securing it from future attacks please contact Wireguided to help. Thank you.





Have I been Hacked?

Have I been Hacked?


With all the hacking of websites (and the exposure of private user information) going on we thought it would be a good idea to post some links where you can type in your email address and see if your accounts have been exposed. If you do find yourself on this list please make sure to change your password.


For the non-nerds out there, ‘Pwned’ implies domination or humiliation of a rival, used primarily in the Internet-based video game culture to taunt an opponent who has just been soundly defeated (e.g., “You just got pwned!”). (Thank you Wikipedia)


 продвижение сайта в сети интернетпроверить сайт на позициикалькулятор каркасного домаMassage Moscow escortслепое зондирование печени в домашних условияхFRAPPE MOI

Why to migrate from Windows XP in One Chart

Why to migrate from Windows XP in One Chart

Security Windows

As we have mentioned before Microsoft’s end of life for Windows XP is approaching quickly (April 2014). After that time no more support or security updates will be available for the 12 year old operating system. Hackers are not wasting anytime though.

Here is the Reason to Migrate *Now*

The below chart shows the infection rate of different Windows operating systems. It shows that the infection rate of Windows XP is double that of Windows 7 and six times the rate of Windows 8. If your PCs are running Windows XP you’re asking for trouble. In business, trouble equals loss of income and/or productivity. After April 2014 it may also mean loss of industry security compliance standings (e.g., MA 201 CMR 17) which means possible legal issues if something does happen.

Source: Microsoft Intelligence Report, vol 15
Source: Microsoft Intelligence Report, vol 15

What should my business be doing?

If you have not already started the migration process you (or your IT department) need to start taking the following steps:

  1. Contact vendors to make sure any business critical applications that are on XP systems now are compatible with Windows 7. Upgrading may be necessary. Don’t forget to test software compatibility before rolling out new systems to everyone.
  2. Determine how many new systems you will need to purchase (you cannot upgrade from XP to anything. Systems running XP are generally at their end of life anyway). You should budget around $550 per new PC (no monitor) to estimate upgrade costs.
  3. Make sure you have access to installation media, download locations, and licenses so you can install your software on any new system.

Other things to consider

If you will be replacing a significant portion of your hardware you may want to consider looking at other aspects of your infrastructure

  1.  The Cloud – Is now a good time to move to the cloud (e.g., backups, email, antivirus, etc.). It may make fiscal sense to do this instead of having to purchase new software licenses. Microsoft Office365 has been excellent for hosted email. Symantec Endpoint Protection SBE 2013 is equally good with anti-malware.
  2. Virtualize – Instead of new PCs maybe virtual workstations should be considered if you have 20+ computers and/or a large remote employee base.
  3. Outsource IT – We might just be a *little* biased on this one but if your IT support consists just of a desktop support person they may not have the skills or manpower to implement new technologies or large upgrades. Outside expertise may cost less then possible downtime.

Like anything else planning is key. If you would like help or just need some free advice please give us a call or shoot us an email.


Ditch Internet Explorer Now

Ditch Internet Explorer Now

Internet Security

Do you click on a blue ‘e’ to surf the web? If so, now is the time to move on to another browser for many reasons. The most critical is the security of your PC (and your business).


Microsoft’s Internet Explorer comes with Windows so most individuals and businesses use it as their way to access the Internet. The problem is that it’s riddled with security holes, prone to poor performance, and the latest versions are incompatible with some websites. With the advent of new web technologies such as HTML 5 and much better alternatives there is no reason anyone should be using Internet Explorer any more.

Did I mention it’s a huge security risk?no_ie

A month ago a new exploit was released into the wild that takes advantage of yet another security bug in Internet Explorer. Microsoft will not have an automatic fix for this until Oct 8th. This new bug is being used right now to install malware on computers around the world. While no browser is 100% secure, most of the other ones would act more quickly to fix such a serious issue. Also, most bad guys will write exploits for Internet Explorer as it is the most popular browser in most places.

What are my options?

The good news is that there are many other browsers to choose from. Most Mac users use Safari. Other popular ones are Google Chrome and Firefox. Our recommendation is Google Chrome. It is fast and reliable. It also offers many features not found in Internet Explorer such as syncing of bookmarks and history across all your devices. This makes it the perfect choice if you have an Android based phone or tablet. It also has many free apps that connect your data between devices and makes life a lot easier. Two of our favorites are Chrome to Phone and Google Keep

I run a business. What can I do at work?

If your in charge of managing multiple computers at work going to each one to install Chrome can be a chore. Luckily many free tools exist which can remove the Internet Explorer icon from the desktop and remotely install your new browser of choice. If you would like more information on these tools please contact us via email or phone.

-Timвзломать почтовый ящик mail ruчто такое интернет маркетингвзять деньги в долг в нижнем новгородеcasino online gratis tragamonedashigh class dubai escortsucretsiz casino oyunlar?siteтур май 2015бокс для девушек в москвечто вз¤ть с собой на килиманджарозаповедник нгоронгоробыстрый кредит курскиспани¤ туры май 2015срочно нужны деньги гомельтанзани¤ прививкисафари танзани¤ африкасрочно нужны деньги в долг в минскеhalloween parties caricaturistаксессуары для ванной комнаты и туалета фотокипр с любовью подбор путевкааутятницыанализ продвижения сайтазавод посуды спбвзойти на бештауvfcnfgfnbzspeck case macbook pro 17 inch