Tag Archives: data

5 things you need to know about ransomware, the scary malware that locks away data

Posted on March 23, 2016 | 1 comment
869cbb32-a1c0-47d3-8364-6a4e39983484-large

Over the past few years millions of PCs from around the world have been locked or had their files encrypted by malicious programs designed to extort money from users. Collectively known as ransomware, these malicious applications have become a real scourge for consumers, businesses and even government institutions. Unfortunately, there’s no end in sight, so here’s what you should know.

It’s not just your PC that’s at risk

Most ransomware programs target computers running Windows, as it’s the most popular operating system. However, ransomware applications for Android have also been around for a while and recently, several variants that infect Linux servers have been discovered.

Security researchers have also shown that ransomware programs can be easily created for Mac OS X and even for smart TVs, so these and others devices are likely to be targeted in the future, especially as the competition for victims increases among ransomware creators.

Law enforcement actions are few and far between

There have been some successful collaborations between law enforcement and private security companies to disrupt ransomware campaigns in the past. The most prominent case was Operation Tovar, which took over the Gameover ZeuS botnet in 2014 and recovered the encryption keys for CryptoLocker, a notorious ransomware program distributed by the botnet.

In most cases, however, law enforcement agencies are powerless in the face of ransomware, especially the variants that hide their command-and-control servers on the Tor anonymity network. This is reflected in the multiple cases of government agencies, police departments and hospitals that were affected by ransomware and decided to pay criminals to recover their files. An FBI official admitted at an event in October that in many cases the agency advises victims to pay the ransom if they don’t have backups and there are no other alternatives.

Back up, back up, back up

Many users back up their sensitive data, but do it to an external hard drive that’s always connected to their computer or to a network share. That’s a mistake, because when a ransomware program infects a computer, it enumerates all accessible drives and network shares, so it will encrypt the files hosted in those locations too.

The best practice is to use what some people call the 3-2-1 rule: at least three copies of the data, stored in two different formats, with at least one of the copies stored off-site or offline.

You might get lucky, but don’t count on it

Sometimes ransomware creators make mistakes in implementing their encryption algorithms, resulting in vulnerabilities that allow the recovery of the files without paying the ransom. There have been several cases where security companies were able to create free decryption tools for particular versions of ransomware programs. These are temporary solutions though, as most ransomware developers will quickly fix their errors and push out new versions.

There are other situations where security researchers take control of command-and-control servers used by the ransomware authors and make the decryption keys available to users for free. Unfortunately these cases are even rarer than vulnerabilities in the ransomware programs themselves.

Most security vendors discourage paying the ransom, because there’s no guarantee that the attackers will provide the decryption key and because it ultimately encourages them.

If you decide to hold your ground, keep a copy of the affected files as you never know what might happen in the future. However, if those files are critical to your business and their recovery is time sensitive, there’s little you can do other than pay up and hope that the criminals keep their word.

Prevention is best

Ransomware programs get distributed in a variety of ways, most commonly through malicious email attachments, Word documents with macro code and Web-based exploits launched from compromised websites or malicious advertisements. Many are also installed by other malware programs.

As such, following the most common security best practices is critical. Always keep the software on your computer up to date, especially the OS, browser and browser plug-ins like Flash Player, Adobe Reader, Java and Silverlight. Never enable the execution of macros in documents, unless you have verified their senders and have confirmed with them that the documents should contain such code. Carefully scrutinize emails, especially those that contain attachments, regardless of who appears to have sent them. Finally, perform your day-to day activities from a limited user account, not from an administrative one, and run an up-to-date antivirus program.

1 Comment

Posted in Cyber Security, Encryption, Security

Tagged , ,

New Cyber Security Ideas for 2016

Posted on March 11, 2016 | Leave a comment

2016_Data

In the last 5 years, almost all businesses, big or small, have realized just how vulnerable they are to cyber-attacks. The astonishingly increasing number of attacks each year trouble corporate heads so much that they spend hours on end discussing their company’s cyber security system. The IT professionals and Chief Information Security Officers (CISOs) are even more troubled, for they keep seeing their efforts foiled by hackers.

The number of big corporations targeted in 2015 only goes to show that no one is completely safe. Wherever you look, there is an Ashley Madison data breach case or a Home Depot or JP Morgan Chase case story from the past year that will make you realize just how precarious security structures are. To help corporations beef up their security better in 2016, we discuss some new ideas.

  1. Being aware of the data stored

It is quite astonishing how many big firms do not have any idea what huge chunks of data in their systems are about. Technologies like the Internet of Things have a lot to contribute to this, but company data should be handled better. One must at least know what is stored in their systems. That would provide them an idea as to what data is of the most priority and what needs to be protected most against threats.

  1. Focus on protecting data

The most infamous cases of 2015 related to data breaches of global services and corporations. Yet, corporations think that beefing up their firewalls and security perimeters is the answer to such attacks. They couldn’t be less accurate. Attacks like these go to show that protecting your data is the main priority. Encrypting different clusters of data with secure mechanisms is vital to prevent data from being compromised easily should unauthorized personnel make it into corporate network.

  1. Address the Mobile threat

Many corporations use the idea of Bring Your Own Device, allowing employees to use their personal device in the workplace. It is always safe to assume that most employees do not take the necessary security measures for their mobile devices. This invariably puts corporate data on such devices at great risk. IT admins need to have better control over such devices. They need not have more control, but better control.

  1. Spread awareness

It is never a bad time to spread awareness among employees, however small or high ranking they are, about the different threats they face. Ignorance should never be doubted or disregarded, for it is always present around you. Interacting with employees regularly about the different threats present and sharing ideas about improving security are good practises.

  1. Take insider threat seriously

You might shell out millions of dollars trying to protect your network from outside threats only to be undone by one of your employees clicking on a wrong link and compromising some sensitive data on his or her system. Hackers regularly send malicious emails to many employees in a firm in hopes that one of them falls for it, and they quite frequently do. Encourage your employees to be more vigilant, for such emails can quite easily be spotted.

Conclusion

We saw in this article how some new ideas can aid companies in improving their security against attacks from hackers. These are just some suggestions, which can definitely be improved upon post further study and research into the matter.

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Security, Technology

Tagged , , ,

Six Strategies for Achieving Connected Security

Posted on March 4, 2016 | 3 comments

7838.security.png-550x0

A Holistic Approach is Critical for Securing Your Network

But a holistic approach is probably most critical when it comes to securing your network. Just when you think you have your network secured, there is always another threat — from outside or from inside. These threats have many names: spear phishing, botnets, zero-day threats, distributed denial-of-service (DDoS) attacks, insider threats and former employees. They are determined to exploit disconnected security — security tools, processes, user profiles and information that are separated in silos, leaving dangerous gaps in between.

The increasing complexity of IT environments only increases these gaps, providing attackers with many new opportunities to exploit. Consider the number of operating systems you are now slated to secure and the number of BYO devices that are a normal part of your organization’s operation, from smartphones and tablets to network-connected devices such as printers, scanners and kiosks. Yet BYOD is still in its infancy — just 24 percent of organizations say that BYOD is widely used and supported. And the Internet of Things (IoT) promises complexity on a scale that’s difficult to fathom, with analysts predicting that 6.4 billion connected things will be in use worldwide in 2016, and that the number will swell to 20.8 billion by 2020.

There’s no turning back. Your users want the mobility and flexibility BYOD provides, and your organization needs to remain agile and attractive to both current and prospective talent. But neither can you ignore the security threats that continue to grow in both number and sophistication.

6 Strategies for Achieving Connected Security

By abolishing technology tunnel vision and adopting a holistic, connected approach to security, you can embrace BYOD and new technologies while also protecting your IT network and systems from attackers. Here are the six key strategies:

  1. Discover and inventory all devices — Establish a complete and accurate inventory of all connected devices and keep it current with IT asset management software. You can’t secure what you don’t know about.
  2. Keep software up to date — Make sure that you are patching your operating systems and applications regularly. Using the latest versions of software is the starting point for eliminating vulnerabilities. Gartner, Inc., reports that nearly a third (30 percent) of system weaknesses can be resolved through patch management.
  3. Maintain antivirus software on all endpoints — Antivirus software was once considered the only line of defense against attackers. Although today you need other strategies as well, it’s still imperative that current antivirus software be in force on all of your managed systems.
  4. Deploy a modern firewall — Next-generation firewalls are no longer just for larger organizations. They offer critical new technologies that provide added protection and peace of mind, and they can be both affordable and easy to manage for organizations of any size.
  5. Conduct regular IT security audits and vulnerability assessments — With OVAL and SCAP scanning, you can get ahead of the curve in finding and remediating security holes in your IT endpoints.
  6. Encrypt your data — Security from the data level to the cloud is today’s mantra. Start with endpoint data encryption, which provides a solid defense against data loss from lost or stolen devices.

3 Comments

Posted in Cyber Security, Encryption, Hacking, Network, Security

Tagged , , , , ,

PCI DSS 3.2 slated for early 2016

Posted on February 23, 2016 | 3 comments
100815500x188pciimage_883995

To accommodate updated migration dates to a more secure version of TSL and other factors in the payment industry, the PCI Security Standards Council will release PCI DSS version 3.2 in the spring

PCI DSS version 3.2, scheduled for release in the first half of 2016, likely March or April, will address  the current threat landscape as well as “trending attacks causing compromises” detailed in current breach forensics reports, PCI Security Standards Council Chief Technology Officer (CTO) Troy Leach said in a blog post Q&A.

“With this in mind, for 3.2 we are evaluating additional multi-factor authentication for administrators within a Cardholder Data Environment (CDE); incorporating some of the Designated Entities Supplemental Validation (DESV) criteria for service providers; clarifying masking criteria for primary account numbers (PAN) when displayed,” Leach said.

New versions of PCI DSS are typically released in the fall, but the council moved 3.2’s debut up, in part, to “address the revised migration dates away from SSL/early TLS,” Leach said. In a December bulletin, the council extended the deadline to June 30, 2018 for organizations to complete migration from Secure Socket Layer and Transport Layer Security 1.0 to a secure TLS iteration.

An early release also acknowledges PCI DSS‘s status as a “mature standard” that doesn’t need significant updates any longer. “Moving forward, you can likely expect incremental modifications to address the threat landscape versus wholesale updates to the standard,” he said.

Leach also noted that a spring release “with long sunrise dates” gives organizations time to do the business case for their security investments in the drastically changing payment acceptance market “from advancements in mobile payments to EMV chip rollout in the United States, to adoption of other forms of dynamic data and authentication.” An earlier release “allows us more time to dedicate to security priorities for those specific payment channels in the future,” he explained.

Additionally, the organization will release changes to PA-DSS a month after PCI DSS 3.2 is unveiled.

As is customary, the council will retire version PCI DSS 3.1 three months after it releases version 3.2.

3 Comments

Posted in PCI, Security, Technology

Tagged , ,

Google CEO Sides With Apple And Tim Cook, Opposes FBI’s Demand For iPhone Backdoor

Posted on February 18, 2016 | 4 comments

apple-googleGoogle’s CEO Sundar Pichai has joined a number of other high profile individuals in expressing his opinions on FBI’s request for Apple to provide backdoor access to an iPhone 5c that forms part of the San Bernardino shooting case. A federal judge has ruled that Apple must indeed assist law enforcement in granting access to a seized iPhone 5c that belonged to one of the shooters accused of killing 14 individuals in California. Commenting on the situation via the use of social media, Sundar Pichai called it a “troubling precedent”.

If you weren’t privy to the whole situation, then it’s probably worth noting that Apple’s CEO Tim Cook almost instantly responded to the ruling with a public and open message to Apple’s customers. In addition to providing a little insight into the ruling and how it came about, Cook also took the opportunity to inform the customers that Apple would be contesting the ruling, claiming that the FBI essentially wants Apple’s engineers to create a new version of iOS that comes with the ability to circumvent very specific security features (read: backdoor access). Cook clearly doesn’t want to have to build in a backdoor to the iPhone or iPad.



Google’s CEO didn’t instantly get involved in the situation, but has since posted a series of tweets which show that he sides with Tim Cook and Apple as a whole. Most notably, Pichai’s five tweets on the predicament claimed Apple’s acceptance of the ruling, if that was indeed the company’s stance, “could compromise a user’s privacy”. He also stated publicly that acceptance of a ruling to provide access to data based on valid legal order is “wholly different than requiring companies to enable hacking of customer devices & data”. It’s difficult to disagree with those views.

Of course, not everyone weighing in with an option on the San Bernardino iPhone situation is fully accepting of Apple’s stance on the ruling. Republic candidate, and general worldwide laughing stock, Donald Trump, predictably doesn’t agree with Tim Cook’s decision to resist the order, stating that he agrees “100 percent with the courts” and calling Apple “Who do they think they are?”.

We’re pretty sure that the public backing of a fellow CEO in the position of Pichai carries a whole lot more importance than the negativity of Mr. Trump.

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the Web.

4 Comments

Posted in Encryption, Forensic, Hacking, Hacks, Law Enforcement, Security, Technology

Tagged , , , ,