Network Security
Far too often, news of data breaches is accompanied by details of the failures in network security that allowed a hacker access to confidential data. Many of these failure are avoidable with adequate precautions such as a spam email filter and mechanism for controlling access to the Internet.
Almost as many breaches in network security can be attributed to poor employee training. Password sharing, unauthorized downloads and poor online security practices can result in hackers gaining easy access to a network and extracting confidential data at will.
It has been well chronicled that hackers will bypass organizations with strong network security and turn their attention to fish that are easier to catch. Make sure your organization does not get caught in the net – implement appropriate web filters and educate your employees on the importance of network security.
by G Hunt |
July 30, 2022 |
Internet Security News, Network Security, Security Awareness Training
Most people are aware of the importance of cybersecurity and the need to take care when opening emails, browsing the internet or downloading apps on their mobile phones. If you ask anyone whether they are knowledgeable about cybersecurity and if they can recognize a malicious website or email, there’s a high chance that they will say yes. A recent survey conducted by AT&T on 2,000 U.S. adults confirms that. 70% of the respondents to the survey said they were knowledgeable about cybersecurity, two-thirds of people said they know how hackers gain access to sensitive information on devices, and 69% of people said they were able to recognize suspicious websites at a glance. However, despite being aware of the importance of cybersecurity, cybersecurity best practices are not always followed. People take considerable risks with email and the Internet, and the survey suggests that the confidence in the ability to recognize scams, malicious websites, and suspicious emails is misplaced. While most people claim to be able to recognize a suspicious website, only 45% of respondents said they knew those sites carried a risk of identity theft. 46% of respondents were unaware of the difference between active and passive cybersecurity threats. Passive cybersecurity threats are those where a threat actor simply monitors communications and gathers sensitive information, whereas an active attack involves some action or modification of communications. An example of a passive attack is a malicious actor eavesdropping on a connection to a website via an evil twin Wi-Fi access point. An example of an active attack would be a malware attack. The average person lands on 6.5 malicious websites or suspicious social media accounts every day and in many cases, those sites are accessed deliberately. Suspicious websites include those that start with HTTP rather than HTTPS, which means the connection between the web browser and the website is not encrypted. Suspicious sites include those with lots of pop-ups, or unverified sites and social media accounts. 39% of respondents said they accessed suspicious streaming websites to view major sporting events, 37% would download files from...
by G Hunt |
June 30, 2022 |
Cybersecurity Advice, Cybersecurity News, Internet Security News, Network Security
Ransomware gangs gain initial access to business networks using a variety of techniques, with phishing one of the most common methods of gaining initial access to business networks. Phishing is used to obtain credentials, especially for cloud-based services and applications. Phishing emails are often used to deliver malware loaders. Once installed, the malware loader drops malicious payloads which ultimately results in a network-wide ransomware attack. A relatively new malware loader – Bumblebee – is now gaining popularity with ransomware gangs and is known to be used by some of the highest profile ransomware operations. According to Symantec, Bumblebee Loader is known to be used by Conti, Quantum, and Mountlocker, and possibly others, and has fast become the ransomware delivery vehicle of choice. The BumbleBee loader is primarily delivered via phishing emails and is used to create a backdoor in victims’ networks, allowing the attacker to take control of devices and execute commands. Bumblebee has been observed delivering the Cobalt Strike attack framework, which is used for lateral movement within networks. Once a sufficiently high number of devices and systems have been compromised, the BumbleBee loader drops the ransomware payload. After sensitive data has been exfiltrated from the victim’s systems, the file encryption process is initiated. According to Symantec, the Bumblebee loader has replaced several other malware variants that have proven popular with ransomware gangs in the past, such as the TrickBot Trojan and BazarLoader. The replacement of those malware variants with Bumblebee the loader appears to have been pre-planned. If the Bumblebee loader is detected on any device, rapid action should be taken as it is likely that the malware could lead to a ransomware attack. The Growing Threat of Ransomware Attacks Ransomware attacks on businesses increased significantly in 2021. The Federal Bureau of Investigation (FBI) reported in its 2021 Internet Crime Report that the FBI Internet Crime Complaint Center (IC3) received 2,084 reports of ransomware attacks between January 1 and July 31, 2021, which represents a 62% increase year-over-year. The 2021...
by G Hunt |
April 30, 2022 |
Network Security, Security Awareness Training
Technical defenses need to be implemented to protect against cyber threats, but it is also important to provide security training to the workforce. Security awareness training involves teaching users how to identify and avoid cyber threats, and training users to follow the security best practices that are necessary for protecting devices, networks, and data. When businesses analyze security incidents, they often find that the threat could have easily been identified and avoided. A ransomware attack, for example, could have been prevented had an employee recognized the phishing email that gave the attackers the credentials they needed to access the network. Employees are commonly thought of as a weak link in the security chain, but employees can actually be security assets. Through training, they can become important sensors that help to protect the company. Security awareness training is necessary for all members of the workforce, from the CEO down. Security awareness training needs to be provided to all individuals when they join the company, and then periodically thereafter. 20% of businesses provide security awareness training once a year or less, but something so important needs to be provided more frequently as employees cannot be expected to retain all of the information from a single, annual training session and then apply that information to real-life situations continuously throughout the year. Many businesses need to change their thinking on security awareness training from it being a checkbox item that needs to be completed for compliance or to take out cyber insurance. Effective training is required, and that means it needs to be provided continuously. If you don’t exercise, your muscles will become weak. The same applies to security awareness training. Classroom or computer-based training should be provided, which should be augmented with presentations, quizzes, infographics, and videos. Regular refresher training sessions should be provided in bite-sized chunks that are easy to take on board and remember. The aim of security awareness training is to create a security culture where everyone knows to be constantly alert. Businesses need to develop...
by G Hunt |
February 23, 2022 |
Network Security, Web Filtering
Software can be expensive, which is why many people choose to download pirated software. Naturally, downloading pirated software is illegal, but many people think there is little chance of getting caught especially if they do not use their own computer to download the software. Most people have access to a computer at work and that is a common place where pirated software is downloaded, both for home use and also for using unauthorized software at work. Employees at small- to medium-sized businesses may struggle to get authorization to purchase certain software due to the high license cost, even though the use of that software may make employees’ jobs easier. It is not uncommon for employees to go behind their employer’s back and simply download a pirated version of the software they want. The Business Software Alliance conducted a study that suggested 39% of software on computers is unlicensed, and another study suggested 3 in 10 employees use software at work that their employers do not know about. Not all of these ‘shadow IT’ tools will be pirated, as many are available for free, but this is a concern. Free software may only be free for consumer use. Business use often requires a paid license, and if a license is not purchased businesses are exposed to legal risk. Any software that is installed without the knowledge of the IT department will mean patches for the software to fix known vulnerabilities may not be installed – that would be the responsibility of individual users, not the IT department. Vulnerabilities could remain unaddressed that could potentially be exploited by threat actors to gain access to the user’s device or provide a foothold for a more extensive compromise. There is also a risk of malware being introduced. This is especially risky with pirated software, which is often bundled with adware, spyware, potentially unwanted programs (PUPs), and malware, which are either included with the software or are installed via software cracks and product activators. Software cracks and product activators are well-known for installing malware. KMSPico is a software piracy tool that used for activating all features of Windows and Microsoft Office...
by G Hunt |
August 18, 2021 |
Internet Security News, Network Security, Web Filtering
To those unfamiliar with DNS filtering, it is a form of web filtering that is used to filter out unwanted and undesirable web content, whether that is webpages containing objectionable material such as pornographic images or cyber threats such as websites used for phishing or malware distribution. The Domain Name System (DNS) is what makes it possible for websites to have easy-to-remember domain names. A domain name, such as google.com, is easy for people to remember, but no use to a computer, which requires an IP address to find that resource on a remote server. The DNS is used to convert a domain name into its corresponding IP address, and DNS filtering is web filtering that takes place at the DNS lookup stage of a web request before a connection is made to the server hosting the web content. DNS Filtering Myths DNS filtering has several advantages over standard web filtering. Filtering occurs before any content is downloaded, which is better for speed and security. With DNS filtering, there is next to no latency – page load speeds are unaffected. Many businesses fail to appreciate the importance of DNS filtering, after all, what is the point of blocking malware and ransomware threats on the Internet when antivirus software is installed on all end points? While AV software is effective at blocking known malware threats, it will not block new threats that have not been seen before, as the signatures of those malware variants are not in the virus definition lists of AV software. New variants of old malware versions are constantly being released to bypass signature-based AV defenses, so additional protection is needed. DNS filters can block these threats based on the reputation of IP addresses and will block downloads of file types associated with malware. DNS filtering also improves defenses against phishing attacks, which all too commonly result in costly data breaches. Phishers are constantly devising new methods to get their emails into inboxes and trick end users into clicking on links and disclosing their credentials. Spam filters will block most of these messages but not all, and security awareness training only goes so far. A web filter will block...
by G Hunt |
July 30, 2021 |
Internet Security News, Network Security
Ransomware gangs have been feeling the heat following the DarkSide ransomware attack on Colonial Pipeline in May that forced the company to shut down its fuel pipeline serving the U.S. East Coast for a week. Any attack on critical infrastructure is likely to draw a response from the U.S. government, so it is no surprise that ransomware gangs faced a great deal of scrutiny after the attack. The DarkSide group shut down following the attack, and several other ransomware gangs went quiet. DoppelPaymer was one of the gangs that appeared to be laying low. Around a week after the Colonial Pipeline attack the group went quiet and no further updates were posted on the group’s data leak site after May 6, 2021. It is not uncommon for ransomware operations to go quiet for a few weeks, but they usually return. In many cases, the threat group reappears with a tweaked ransomware variant that is used under a new name, as has happened with DoppelPaymer. DoppelPaymer attacks often start with a phishing email with links or attachments that install other malware variants, which in turn deliver the ransomware payload. Prior to the Emotet botnet being shut down, that banking Trojan was used to deliver DoppelPaymer, as well as Dridex. Security researchers investigating a new ransomware-as-a-service operation called Grief (PayorGrief) that appeared in June identified striking similarities between Grief and DoppelPaymer, leading them to the conclusion that they are one and the same. A sample of the malware was found that dates back to May 17, indicating the group had only stopped attacks for a very short period of time. Grief and DoppelPaymer both have the same encrypted file format and are both distributed in phishing emails via the Dridex botnet, with one of the analyzed Grief samples also found to link to the old DoppelPaymer portal, although the samples identified since point to a separate Grief RaaS portal. Analyses of the code and the leak site also revealed further similarities such as the use of identical encryption algorithms and matching General Data Protection Regulation (GDPR) warnings for non-paying victims about GDPR penalties. The group appears to have been quite...
by G Hunt |
June 28, 2021 |
Cybersecurity Advice, Internet Security News, Network Security, Web Filtering
Ransomware is now one of the biggest threats faced by businesses. When hackers gain access to business networks, it is now common for large quantities of data to be stolen prior to file encryption. Ransomware gangs know all too well that businesses with good backup policies will be able to restore their encrypted data from backups, but they will need to pay the ransom in order to prevent the release or sale of the stolen data. Even when files can be recovered from backups, many businesses feel they have no alternative other than paying the ransom to ensure stolen data are deleted. Data from Coveware indicates 70% of ransomware attacks now involve data theft. Ransomware attacks are incredibly costly, even if the ransom is not paid. Universal Health Services Inc. in the United States suffered a Ryuk ransomware attack in September 2020 and the health system choose not to pay the ransom. Add up the recovery costs which included data restoration, cybersecurity consultants, notification letters to patients, and the loss of many services during the remediation process, and the cost of the attack rose to $67 million. While expensive, that high cost is just a fraction of the cost of the recent Conti ransomware attack on Ireland’s Health Service Executive. The May 2021 ransomware attack caused massive disruption to healthcare services in Ireland. Without access to patient records, patient safety was put at risk, non-urgent appointments had to be cancelled, and there were major delays getting test results. A few days after issuing a ransom demand of €20 million, the Conti ransomware gang gave the HSE the decryption tools free of charge. Even with the valid tools to decrypt data, recovery has been slow and incredibly costly. It has been around a month since the tools were provided to decrypt files, but many systems are still inaccessible. HSE Chief executive Paul Reid said it is likely to take months before all systems are brought back online. Simply eradicating the attacker from the network and recovering encrypted data is only part of the story. IT systems need to be upgraded, security greatly improved, and a security operation center needs to be set up to monitor the...
by G Hunt |
March 18, 2021 |
Cybersecurity Advice, Network Security, Web Filtering
What is Network Segmentation? Network segmentation is the act of dividing a computer network into smaller physical or logical components. Two devices on the same network segment can then talk directly to each other. For communication to happen between segments, the traffic must flow through a router or firewall. This passage allows for traffic to be inspected and security policies to be applied. Network segmentation is one of the mitigation strategies in terms of protecting against data breaches and multiple types of cyber security threats. In a segmented network, device groups have the connectivity required for legitimate business use only. The ability of ransomware to spread is greatly restricted. However all too often organizations operate an unsegmented network. Network segmentation can also help to boost performance. With fewer hosts on each subnet, local traffic is minimized. It can also improve monitoring capabilities and helps IT teams identify suspicious behavior. If you follow network segmentation best practices and set up firewall security zones you can improve security and keep your internal network isolated and protected from web-based attacks. Looking to get enterprise-grade protection from malware and phishing? Sign up for a free WebTitan demo today. Book Free Demo Network Segmentation Benefits There are many benefits to be gained from network segmentation, of which security is one of the most important. Having a totally flat and open network is a major risk. Network segmentation improves security by limiting access to resources to specific groups of individuals within the organization and makes unauthorized access more difficult. In the event of a system compromise, an attacker or unauthorized individual would only have access to resources on the same subnet. If access to certain databases in the data center must be given to a third party, by segmenting the network you can easily limit the resources that can be accessed, it also provides greater security against internal threats. Network Segmentation Best Practices Most businesses have a well-defined network structure that includes a secure internal network zone and an external untrusted...
by G Hunt |
January 30, 2021 |
Cybersecurity Advice, Internet Security News, Network Security, Web Filtering
DNS filtering – or Domain Name System filtering to give it its full title – is a technique of blocking access to certain websites, webpages, and IP addresses. The DNS is what allows easy to remember domain names to be used – such as Wikipedia.com – rather than typing in very difficult to remember IP addresses – such as 198.35.26.96. The DNS maps IP addresses to domain names to allow computers to find web resources. When a domain is purchased from a domain register and that domain is hosted, it is assigned a unique IP address that allows the site to be located. When you attempt to access a website, a DNS query will be performed. Your DNS server will look up the IP address of the domain/webpage, which will allow your browser to make a connection to the web server where the website is hosted. The webpage will then be loaded. The actual process involves several different steps, but it is completed in a fraction of a second. So how does DNS Web Filtering Work? With DNS filtering in place, rather than the DNS server returning the IP address if the website exists, the request will be subjected to certain controls. DNS blocking occurs if a particular webpage or IP address is known to be malicious. The DNS filter will use blacklists of known malicious websites, previous crawls of new websites and web pages, or web content will be assessed in real time if the web page or website has not previously been crawled and categorized. If the website trying to be accessed is determined to be malicious or otherwise violates pre-defined policies, instead of the user being connected to the website, the browser will be directed to a local IP address that displays a block page explaining why the site cannot be accessed. This control could be applied at the router level, via your ISP, or by a web filtering service provider. In the case of the latter, the user – a business for instance – would point their DNS to the service provider. That service provider maintains a blacklist of malicious webpages/IP addresses and access to those sites is prevented. Since the service provider will also categorize webpages, the DNS filter can also be used to block access to certain categories of...
by G Hunt |
January 25, 2021 |
Cybersecurity Advice, Internet Security News, Network Security
COVID-19 presented many new opportunities for cybercriminals, many of which have proven to be highly successful. In the early days of the pandemic, when it became clear that the new coronavirus was spreading beyond the borders of China and concern about the virus grew, cybercriminals switched from their normal phishing campaigns and started adopting COVID-19 lures. Phishing campaigns were conducting offering advice about the virus, potential cures, and advice as people craved information that was in short supply. Fake COVID-19 tracking apps and websites were set that collected sensitive information or installed malware, and PPE shortages saw fake shops set up offering non-existent supplies. Then there were fake charities, disinformation campaigns, and phishing scams related to job retention schemes, self-employment income support, government coronavirus loans, and fake tax rebates. The move to remote working due to the pandemic saw hackers targeting vulnerabilities in remote working solutions such as VPNs and throughout 2020, ransomware gangs have been extremely active, especially in Q3 and Q4, 2020 when attacks soared. As we move into 2021, cybercriminals are likely to continue to exploit the pandemic to steal credentials, access sensitive data, and spread malware and ransomware, so it is important for businesses not to let their guard drop and to continue to ensure that they have appropriate protections in place to block threats. The Cyber Threat Landscape in 2021 The high level of ransomware attacks in the last quarter of 2020 is likely to continue in 2021. There are no signs that cybercriminals will reduce attacks, as they are still proving to be profitable. The healthcare industry is likely to continue to be targeted, with cyberattacks on pharmaceutical and clinical research firms also extremely likely. Now that COVID-19 vaccines have been approved and are starting to be rolled out, cybercriminals have yet another opportunity. The vaccine rollout is likely to take many months and it could well be the autumn or later before most people receive the vaccine. Cybercriminals have already adopted COVID-19 vaccine lures to obtain sensitive information and spread...
by G Hunt |
December 31, 2020 |
Cybersecurity News, Network Security
The K-12 education sector has long been a target for cybercriminals, but this year has seen the sector targeted more aggressively by threat actors. 2020 has seem a major increase in attacks involving ransomware and malware, phishing incidents have risen, as have network compromises and distributed denial-of-service (DDoS) attacks. This December, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a warning to the education sector after the massive increase in cyberattacks was identified. Data from the Multi-State Information Sharing and Analysis Center (MS-ISAC) shows a substantial increase in ransomware attacks on K-12 schools. In August and September 2020, 57% of all reported ransomware attacks occurred at K-12 schools, compared to just 28% from the year to July. Ransomware attacks renders essential systems and data inaccessible which can cause serious disruption to learning, especially at a time when many schools have transitioned to distance learning. K-12 schools often have little choice other than paying the ransom, and many do. Figures from the Department of Education show that between 2016 and 2017, 60% of schools attacked with ransomware paid the ransom to recover their data. A recent Department of Education alert to K12 schools called for a collective effort to ensure that all data is regularly backed up and advised schools not to pay the ransom demands if attacked. The DoE wants to send a message to ransomware gangs that attacks on the education sector are not financially viable. Similar tactics have been used in ransomware attacks on K-12 schools that have been used to attack business and industry targets. Access to networks is gained, the attackers move laterally to identify data of interest, and exfiltrate that data prior to encrypting files. The attackers threaten to publish or sell sensitive student and employee data if the ransom is not paid. Several ransomware gangs have stepped up attacks on K-12 schools, including REvil, Nefilim, Ryuk, and AKO. The Maze ransomware operation, which has now been shut down, has also conducted several attacks on K-12...
by G Hunt |
November 30, 2020 |
Cybersecurity Advice, Network Security
The importance of choosing strong and unique passwords for every account you create has been highlighted by a recent data breach at the music streaming service Spotify. Security researchers identified a database that had been exposed on the Internet which contained the usernames and password combinations of around 300 million individuals. It is unclear where the database came from, although it is likely that it had been amalgamated from data leaks from several major data breaches of online platforms. Interestingly, within the 300 million-record database was a field stating whether the username/password could be successfully used to login to a Spotify account. According to the researchers, an estimated 300,000 to 350,000 Spotify accounts had been breached. This breach clearly demonstrates how a data breach at one company can provide the usernames and passwords to gain access to accounts at another. When a username/password is obtained in a cyberattack, it can be used to try to access other accounts that share the same username. A username is often an email address. People may have more than one email address, but there is usually one that is used across most platforms. There is nothing wrong with that of course, but there is a problem with using the same password with that email address on multiple online platforms. If there is a breach at one platform, the password can be used to access many other accounts. In this example, up to 350,000 Spotify users had reused their password on more than one platform. The Spotify breach victims may well have had several other accounts breached if they used their password on other platforms too. The credentials to the breached Spotify accounts could easily be sold to anyone who wanted a cheap Premium Spotify account. There have been many reports of passwords being changed to block the real account holder out of their account. The accounts also contain personal information that could be used in further attacks, such as to make convincing phishing emails to obtain the information necessary for identity theft and other types of fraud. Trying 300 million username and password combinations is a time-consuming process, but that...
by G Hunt |
August 31, 2020 |
Internet Privacy, Network Security
Cloud web filtering software is now an important cybersecurity measure used by businesses of all sizes, but what exactly is it and why is it important? In this post we will explain exactly what cloud web filtering is, what it is used for, and why most businesses need to use it. What is Cloud Web Filtering? Cloud web filtering is a software-as-a-service (SaaS) solution that acts as a semi-permeable barrier between an individual and the Internet. For much of the time, users will not know this solution is in place, as there is no noticeable delay when browsing the Internet. Websites can be accessed as if the solution was not in place. Cloud web filtering software is only noticed by a user when they attempt to visit a website that violates their organization’s acceptable internet use policy. When a request is made to access a website that falls into a category that an employer does not permit – pornography for example – rather than connect to the website, the user will be directed to a local block page and will discover that particular website cannot be accessed due to a content policy violation. Cloud web filtering software acts as a form of internet content control which is used to reduce productivity losses due to personal Internet use, prevent HR issues, and reduce legal liability, but a cloud web filter it is not just used for restricting access to NSFW websites. It also has an important security function. Why is Cloud Web Filtering Important? The Internet can be a dangerous place. There are many threats lurking online that could compromise a business’s systems and lead to a costly data breach or catastrophic data loss. Malware and ransomware are often downloaded from websites, even from legitimate sites that hackers have been able to compromise. A visit to one of those malicious sites by an employee could easily result in a malware infection, and once installed on one device it could easily spread across the network. Phishing is also a major risk for businesses. Phishing forms are loaded onto websites to harvest sensitive data such as login credentials to Office 365. Links to these sites are often sent to business email accounts. A web filter acts as...
by G Hunt |
June 15, 2020 |
Network Security
The operators of NetWalker ransomware have been aggressively targeting healthcare organizations and more recently attacks have increased on universities conducting research into COVID-19. NetWalker ransomware first appeared in the middle of 2019 and has been primarily been used in targeted attacks on enterprises, with the operators deploying their ransomware manually after first gaining access to a victim’s network. As is the case with several other manual ransomware operators, prior to the encryption of data reconnaissance is performed, the attackers move laterally to compromise as many networked devices as possible, and sensitive data is exfiltrated. After the ransomware is deployed, the attackers threaten to publish the stolen data in an attempt to spur victims into paying the ransom rather than attempting to recover files from backups. The business model of the NetWalker ransomware gang has recently changed and their ransomware is now being offered under the ransomware-as-a-service model, although the gang is only partnering with hackers that are experienced at attacking enterprises. This selective partnering is vastly different to many RaaS operations, which prioritize quantity over quality. The attack methods used to gain access to networks also differs from the typical brute force tactics typically used by Russian ransomware operators. The operators of NetWalker ransomware have been extremely active during the COVID-19 pandemic. In addition to attacks on hospitals, medical billing companies have been attacked, COVID-19 research organizations, educational software providers and, in the past few weeks, there has been a spate of attacks on universities. Michigan State University, Columbia College of Chicago and, most recently, University of California San Francisco have all been attacked. All three universities are involved in COVID-19 research. It is currently unclear whether an affiliate specializing in attacks on universities has been signed up or if universities involved in COVID-19 research have been specifically targeted. Healthcare organizations are an attractive target as they are heavily reliant on data to operate. If patient data is encrypted...
by G Hunt |
May 28, 2020 |
Network Security, Web Filtering
There are several common web filtering myths that have led businesses to believe that it is not worth their while implementing a web filtering solution. It is important to bust these myths as they are preventing businesses from adding an essential extra layer of security that can prevent downloads of malware, ransomware infections, and block phishing attacks. The failure to filter the internet is often a costly mistake. Once upon a time, having a firewall, antivirus solution, and spam filter would ensure your business was well protected, but the sophisticated nature of today’s cyber threats and the massive increase in cyberattacks has meant that these solutions alone are no longer sufficient to block cyber threats and prevent data breaches. The key to blocking these threats is to implement layered defenses. If the outer layer fails to block a threat, other layers exist to provide protection. A web filter should be one of those layers. Why Web Filtering is Now Essential Finding vulnerabilities and exploiting them is a difficult and labor-intensive way of attacking a business. Attacks on employees are much easier and require far less skill. All that is needed is a carefully written email to direct an employee to a malicious website and credentials can be easily harvested and malware downloaded. You don’t need to be a skilled hacker to conduct a phishing attack or set up a website for distributing malware. Email security solutions are great for blocking phishing attacks, but many malicious emails bypass email security defenses. Phishing emails usually have a web-based component and various tactics are used to hide malicious URLs in emails. A web filter provides protection against the web-based component of phishing attacks by providing time-of-click protection. When an attempt is made to visit a malicious website linked in an email, the web filter blocks that request. A web filter will also prevent users from visiting malicious website through web browsing and also block visits to malicious websites through malvertising redirects. Without a web filter in place, there is nothing to stop an employee from visiting a malicious website. Pervasive Web Filtering Myths...
by G Hunt |
May 20, 2020 |
Cybersecurity Advice, Network Security
There has been an increase in phishing attacks on remote workers using COVID-19 as a lure over the past few months. Multiple studies suggest the number of COVID-19 related phishing attacks have soared. The anti-phishing training company KnowBe4 placed the rise at about 600% in Q1, 2020, and that rise has continued in Q2. As was pointed out by Microsoft, the total number of phishing attacks has not increased by any major degree during the COVID-19 public health emergency, as cyber actors have finite capabilities for conducting attacks. What has happened is threat actors have abandoned their standard phishing campaigns and have repurposed their phishing infrastructure and are now using COVID-19 lures, and with good reason. People crave information about the 2019 Novel Coronavirus, SARS-CoV-2, and COVID-19. There is a thirst for knowledge about the virus, how it infects people, how to prevent infection, and how great the risk is of catching it. With little information available about this new virus, finding out more information required following the news from countries around the world that are involved in research. Unsolicited emails offing important information naturally had a high open rate, so it is no surprise that COVID-19 phishing attacks have increased. To control the spread of the virus, countries have gone into lockdown, so businesses have had to allow their employees to work from home. The increase in home workers happened very quickly, so businesses did not have the time to prepare properly and that meant new risks were introduced. It is therefore no surprise that there has been an increase in data breaches during the COVID-19 pandemic. Cybercriminals have taken advantage of lapses in security, insufficient staff training, and the vulnerabilities that are introduced when employees are forced to work in an environment that has not been set up remote working. IT teams have had to rapidly purchase new laptops to allow employees to work outside the office and there has not been time to properly secure those devices. VPN infrastructure was not sufficient to cope with the rapid increase in users. Home networks lack the security of corporate networks, and...
by G Hunt |
February 24, 2020 |
Internet Security News, Network Security
Phishing attacks are increasing and malware is a growing threat. A DNS filter adds an important level of protection to block these attacks. In this post we explain why. The Growing Threat from Malware and Phishing Attacks There are various methods used to deliver malware, but email remains one of the most common methods of distributing malware, either through malicious attachments or hyperlinks in emails that direct users to websites where malware is downloaded. The latter is a popular method of malware delivery as there is an increased chance that the hyperlink will not be detected as malicious by an email security solution. Various tactics are used to mask these URLs from email security solutions, such as adding the hyperlink to an attached file such as a PDF. The Emotet Trojan is one of the most prevalent threats and also one of the most dangerous. Emotet is primarily spread via email through a combination of attachments and malicious URLs. The Trojan is an information stealer capable of spreading across networks to infect other vulnerable devices. Removing the malware is problematic, as there are usually multiple devices infected. As soon as the malware is removed from one device, others on the network re-infect the cleaned machine. Emotet is also a malware downloader. Once all valuable information has been obtained post-infection, other malware variants such as the TrickBot Trojan and RYUK ransomware are downloaded. All devices infected with Emotet are added to the botnet. An analysis by the SpamHaus project revealed around 6,000 malicious URLs are emitted from infected devices, which act as compromise vectors. An advanced spam filter will ensure that the majority of malicious emails are blocked, but it is important not to totally rely on a spam filter alone to block email-based malware and phishing attacks. The key to a strong defense is to implement layered defenses. With overlapping layers of security, if one layer fails to block a threat, another is in place to provide protection. One of the most important additional protections against phishing attacks and email-based malware is a web filter. Why a Web Filter is so Important Phishing attacks have an...
by G Hunt |
May 7, 2019 |
Internet Security News, Network Security
A new version of WebTitan Cloud has been released by TitanHQ. WebTitan Cloud 4.12 offers existing and new customers the opportunity to set filtering controls by location, in addition to setting organization-wide policies and role and departmental policies via links to Active Directory/LDAP. The new feature will be especially useful to MSPs and companies with remote workers, satellite offices, bases in multiple locations, and operations in overseas countries. Organization-wide web filtering policies can be set to prevent users from accessing illegal web content and pornography, but oftentimes, the one size fits all approach does not work for web filtering. The new location filter helps solve this. MSPs can use this new feature to set web filtering controls for customers in different locations while businesses using WebTitan Cloud can easily set a range of different policies for all users from a specific location, whether those users are accessing the Internet on or off the network. There will naturally be times when policies need to be bypassed to enable specific tasks to be completed. Rather than making temporary changes to location or other policies, WebTitan Cloud uses cloud keys which allow policy-based controls to be temporarily bypassed. Accompanying the location-based controls are new reporting options which allow administrators to quickly access information about web views and blocked access attempts in real time. While reports can be useful, oftentimes information needs to be accessed quickly. To help administrators find the information they need, search functionality has been enhanced. Administrators can use the search filter on the history page to search by location name. For MSPs this allows a specific customer to be selected and for traffic information at a specific location to be quickly viewed in real time, without having to generate a report. Location-based when filtering policies can be set and viewed for all locations through the same user interface, giving administers full visibility into traffic and settings of all customers through a single pane of glass. It is hoped that these updates will make WebTitan even more useful for businesses and...
by G Hunt |
January 30, 2019 |
Network Security, Web Filtering
In this post we explore the key benefits of Internet content control for businesses and explain how the disadvantages can be minimized or eliminated. The Problems of Providing Unfettered Internet Access to Employees Providing employees with Internet access makes a great deal of sense. In order to work efficiently and effectively, employees need access to the wealth of information that is available online. Via the internet, businesses can interact with customers and vendors and provide them with important information. Information can easily be shared with colleagues rather than relying on email, and a wide range of online tools are available to improve productivity. The Internet is something of a double-edged sword. It offers the opportunity to improve productivity, but it also has potential to reduce productivity. A great deal of time is wasted online by employees – Often referred to as cyber slacking. The losses to cyber slacking can be considerable. If each employee spends an hour a day on personal Internet use, a company with 50 employees would lose 50 hours a day or 250 hours a week. That’s 13,000 hours a year lost to personal Internet use. Many employees waste much more time online than an hour a day, so the losses can be significantly higher. Personal Internet use can also result in legal problems for businesses. Businesses can be vicariously liable for illegal activities that take place on their network. Illegal file sharing for instance. Some online activities can also lead to the creation of a hostile work environment. Giving employees full access to the Internet also introduces security risks. As well as very beneficial websites there is no shortage of malicious web content. Phishing websites are used to steal login credentials. If credentials are stolen, hackers can gain access to the network undetected and steal data and install malware. Malware downloads are also common. The cost of mitigating cyberattacks is considerable and can be catastrophic for small to medium sized businesses. Common Internet Content Control Issues and How to Avoid Them The solution to these issues is to implement an Internet content control solution. By carefully...
by G Hunt |
December 12, 2018 |
Cybersecurity Advice, Network Security
In this post we explore the use of Internet filtering to improve employee productivity, including statistics from recent surveys that show how many companies are now choosing to control employee Internet access more carefully. Employee Productivity Falls on Black Friday and Cyber Monday The staffing firm Robert Half Technology recently conducted a survey on 2,500 chief information officers (CIOs) across 25 metropolitan areas in the United States and more than 1,000 U.S. officer workers over 18 years of age to determine how Black Friday and Cyber Monday affect employee productivity. The results of the survey provide an indication on what goes on throughout the year, but Black Friday and Cyber Monday were studied as they are the two busiest days for online shopping. The survey results show that three quarters of employees spent at least some of Cyber Monday shopping online on a work device. Four out of 10 workers said they spent more than an hour looking for bargains online on Cyber Monday while they were at work. 23% said they were expecting to spend even longer than that this year. 46% of workers said they would be online shopping on their work computers during their lunch hour and breaks, but 29% said they would be shopping throughout the day and would be keeping browser tabs open. 20% of workers said they would do online shopping at work in the morning. While policies on accessing pornography may have been made crystal clear, online shopping is something of a gray area. 31% of employees were not aware of their company’s stance on online shopping on work devices. 43% said their employers permit it and 26% said it is not permitted. The survey of CIOs shows 49% of companies allow online shopping within reason but that they monitor employee Internet use. 22% said they allow totally unrestricted Internet access while 29% have implemented solutions to block access to online shopping sites. In June 2018, Spiceworks published the results of a survey that showed 58% of organizations actively monitor employee Internet activity and 89% of organizations use Internet filters to block at least one category of Internet content. Most surveyed companies use Internet...
by G Hunt |
November 23, 2018 |
Cybersecurity Advice, Network Security
DNS web filtering for MSPs is an easy way to improve security for your clients, save them money, and boost your profits. This post explains the benefits of a DNS-level web filter for MSPs and their clients. DNS web filtering is a great way for MSPs to boost profits, save clients money, and better protect them from cyber threats. Web filtering is an essential cybersecurity measure that businesses of all sizes should be using as part of their arsenal against malware, ransomware, botnets and phishing attacks. However, many MSPs fail to include web filtering in their security offerings and consequently miss out on an important income stream: One that requires little effort and generates regular monthly revenue. What Are the Benefits of Web Filtering? There are two main benefits of web filtering: Enforcing Internet usage policies and improving cybersecurity. Employees need to be able to access the Internet for work purposes, but many employees spend a considerable percentage of their working day accessing websites that have no work purpose. Cyberslacking costs businesses dearly. Businesses that do not filter the Internet will be paying their employees to check personal mail, view YouTube videos, visit dating websites, and more. A web filter will help to curb these non-productive activities and will also prevent employees from accessing inappropriate or illegal web content which can prevent legal and compliance issues. A recent study by Spiceworks revealed the extent of the problem. 28% of employees at large companies (more than 1,000 employees) spend more than four hours a week on personal Internet use and the percentages increase to 45% for mid-sized businesses and 51% for small businesses. The difference in those figures reflects the fact that more large businesses have implemented web filters. 89% of large companies have implemented a web filter to curb or prevent personal Internet usage and, as a result, they benefit from an increase in productivity of the workforce. Web filtering is essential in terms of cybersecurity. The Spiceworks study revealed 90% of large companies use a web filter to block malware and ransomware infections. A web filter prevents...
by G Hunt |
July 26, 2018 |
Internet Security News, Network Security
A recent analysis of exploit kit activity by Trend Micro has shown that while exploit kit activity is at a fraction of what it was in 2016, the threat has not gone away. Links to malicious websites hosting exploit kits are still being distributed by spam email and malicious adverts are still being used to redirect web users to malicious websites hosting exploit kits. Most of the exploit kits that were in use in 2016 have all but disappeared – Angler, Nuclear, and Neutrino. There was a rise in Sundown activity in 2017, but activity has now stopped, and Disdain and Terror exploit kits have similarly disappeared. The demise of exploit kits as an attack vector has been attributed, in part, to the arrests of the operators of some of the most commonly used EKs such as Angler, although there have been fewer zero-day vulnerabilities to exploit. Many of the exploits used in exploit kits are for Flash vulnerabilities, and while use of Flash is declining, the creators of exploit kits are still attempting to exploit a handful of these Adobe Flash vulnerabilities. Many threat actors have switched to easier and less time-consuming ways of attacking businesses, but not all. While most exploit kits are operating at a low level, the Rig exploit kit is still in use and has recently been updated once again. Further, there has been a steady increase in Rig exploit kit activity since April. Rig is most commonly used in attacks in Japan, which account for 77% of Rig activity. The GrandSoft exploit kit is still active, although at a much lower level than Rig. This exploit kit was first seen in 2012 although activity all but disappeared until the fall of last year when it became active once again. Japan is also the country most targeted by the GrandSoft exploit kit (55% of activity), while the private exploit kit Magnitude is almost exclusively used in South Korea, which accounts for 99.5% of its activity. For the most part, exploit kits are being used to exploit vulnerabilities that should have been patched long ago, such as the use-after-free vulnerability in Microsoft Windows’ VBScript engine (CVE-2018-8174) which was identified in April 2017 and patched in May 2017. Internet...
by G Hunt |
June 26, 2017 |
Cybersecurity Advice, Network Security
Confidence in cyber response plans doesn’t appear to be lacking according to a new study conducted by Deloitte. However, that does not mean organizations are prepared for cyberattacks when they occur. The survey revealed that while confidence is high and IT professionals believe they are well prepared to deal with attacks, their cyber response plans may not be effective. The only way to determine whether cyber response plans will function as planned is to conduct regular tests. If plans are not tested, organizations will not be able to determine with any degree of certainty, if their plans will be effective. As the recent Ponemon Institute Cost of a Data Breach study confirmed, the ability to respond quickly to a data breach can reduce breach resolution costs considerably. For that to happen, a response plan must have been developed prior to the breach being experienced and that plan must be effective. The Deloitte study revealed that 76% of business executives were confident that in the event of a cyberattack they would be able to respond quickly and implement their cyberattack response policies. Yet, the study also revealed that 82% of respondents had not tested their response plans in the past year. They had also not documented their plans with business stakeholders in the past year. A lot can change in a year. New software solutions are implemented, configurations change as do personnel. Only regular testing will ensure that plans work and staff know their roles when an attack occurs. Cyberattack simulations are a useful tool to determine how attack response plans will work in practice. As is often the case, plans look great on paper but often fail when put in place. Running simulations every 6 months will help to ensure that a fast and effective response to a cyberattack is possible. However, the survey showed that only 46% of respondents conduct simulations twice a year or more frequently. A data breach can have dire consequences for a company. The study showed that many companies are most concerned about disruptions to business processes as a result of a cyberattack, although loss of trust and tarnishing of a brand should be of more concern. When a data...
by G Hunt |
January 31, 2017 |
Cybersecurity Advice, Network Security
Poor cybersecurity practices exist at many US organizations, which are allowing hackers and other cybercriminals to gain access to corporate networks, steal data, and install malware and ransomware. Businesses can implement highly sophisticated cybersecurity defenses, but even multi-million-dollar cybersecurity protections can be easily bypassed if poor cybersecurity practices persist. This month we have seen two reports issued that have highlighted one of the biggest flaws in cybersecurity defenses in US enterprises. Poor password hygiene. The purpose of passwords is to prevent unauthorized access to sensitive data, yet time and again we have seen data breaches occur because of end users’ poor choice of passwords and bad password practices. Earlier this month, SplashData released its annual report on the worst passwords of 2016. The report details the top 25 poorly chosen passwords. This year’s report showed that little had changed year on year. Americans are still very bad at choosing strong passwords. Top of this year’s list of the worst passwords of 2016 were two absolute howlers: 123456 and password. Number three and four were no better – 12345 and 12345678. Even number 25 on the list – password1 – would likely only delay a hacker by a few seconds. Another study also highlighted the extent to which Americans practice poor password hygiene. Pew Research asked 1,040 US adults about their password practices. 39% of respondents said they used the same passwords – or very similar passwords – for multiple online accounts, while 25% admitted to using very simple passwords because they were easier to remember. 56% of 18-29-year-old respondents said that they shared their passwords with other individuals, while 41% of all respondents said they shared passwords with family members. The results of this survey were supported by later research conducted by Telsign, who found a very blasé attitude to online security among U.S. citizens. Although 80% of respondents admitted to being concerned about online security (and half of those claimed to have had an online account hacked in the past year), 73% of respondents´ online accounts are guarded by duplicate passwords and...
by G Hunt |
December 30, 2016 |
Cybersecurity Advice, Network Security
Cybercriminals have embraced ransomware and have been increasingly targeting businesses, yet many business leaders are unsure how to prevent ransomware attacks. Consequently, the risk from ransomware is not being effectively managed, and that may prove costly. Ransomware is a form of malware that is capable of encrypting files on local machines, network drives, and servers. Any computer that is connected to the Internet can potentially be infected. Even without internet access, files may be encrypted if a computer is networked. The latest ransomware variants are capable of spreading laterally within a network and encrypting the data on hundreds of devices. Files required for critical business processes may be encrypted and made inaccessible. A successful attack can result in a company’s operations grinding to a halt. A healthcare ransomware attack can result in patients’ health information becoming inaccessible. An attack on a pharmaceutical company may result in files necessary for drug manufacture being locked, which could affect the quality of products. Lawyers offices may lose essential client information. Few businesses could continue to operate at their full potential during a ransomware attack. The loss of files can prove extremely expensive, far less than the cost of any ransom payment. Many companies therefore are left with little alternative but to pay the ransom demand. Ransom payments are actually made surprisingly frequently. According to a recent study conducted by IBM, 70% of businesses that experienced a ransomware infection ended up paying the attackers to supply the keys to unlock their data. Half of those businesses paid more than $20,000 while 20% paid more than $40,000. Even when the ransom is paid there is no guarantee that a viable key will be supplied to unlock the encryption. Files may therefore be lost forever. One healthcare organization in the United States recently discovered that files can all too easily be lost forever. Three months after ransomware was installed on one of its servers and critical patient health information was encrypted, Desert Care Family and Sports Medicine has still not been able to unlock the encryption nor...
by G Hunt |
October 31, 2016 |
Network Security, Web Filtering
Hardware-based web filtering appliances for schools have some advantages, but many K12 schools are saying goodbye to the appliances and are choosing a much more convenient and practical solution. In the United States, K12 schools are required to implement a web filtering solution to control access to the Internet in order to receive E-Rate discounts on Internet access. Even schools that do not participate in the E-rate program need to filter the Internet. Parents are pressuring schools into ensuring the Internet can be accessed safely in schools and want to receive assurances that their children can use the Internet without inadvertently – or deliberately – viewing inappropriate material such as pornography. Twenty four states have also introduced legislation covering children and Internet access in schools. Hardware-Based Web Filtering Appliances for Schools A hardware-based web filtering appliance for schools may appear to tick all the boxes. Hardware devices sit in front of an Internet gateway and filter Internet traffic. They prevent users from accessing websites that are deemed to be dangerous or inappropriate. While hardware-based web filtering appliances for schools can seem like an easy option, many schools are finding that is far from the case. Hardware-based web filtering appliances for schools are fine if there are just a handful of computers accessing the Internet in each classroom, but hardware solutions lack scalability. When the number of devices is increased, more appliances must be purchased. Hardware-based web filtering appliances place limitations on web traffic. When the number of devices simultaneously requiring access to the Interest increases, a bottleneck can occur. It doesn’t matter how much the Internet pipe to a school is increased with an ISP, if a 1GB web filtering appliance is used for example, that will be the limiting factor not a 5GB connection. There is likely to be latency, which can be considerable. One solution is to use multiple hardware devices. This will increase the capacity, although more devices mean an increased maintenance burden on IT departments. Multiple devices mean schools have to find the space to house the...
by G Hunt |
June 22, 2016 |
Cybersecurity News, Network Security
There have been a number of high-profile data breaches reported in recent weeks, now Citrix has announced its users have been impacted after receiving multiple reports of GoToMyPC password reuse attacks. An investigation into the attacks revealed that the account compromises were not the result of a Citrix data breach, but that the attacks had been made possible due to poor security practices of some of its users. Passwords Reset After Spate of GoToMyPC Password Reuse Attacks After discovering the GoToMyPC password reuse attacks, Citrix performed a password reset on all users’ accounts to reduce the risk of account compromises. When users next login to the remote desktop access service they will be required to set up a new password before being allowed to access the service. While Citrix has taken steps to protect its own users, simply changing passwords on GoToMyPC will not protect users who share passwords across multiple applications and web services. It is therefore important for users to login to all online accounts that have the same password set and to create new, unique passwords for each. Following the cyberattacks on LinkedIn, MySpace, and Tumblr, login credentials were openly sold on darknet marketplaces. Many individuals purchased the data and have been searching online platforms to find users that have accounts elsewhere. The same passwords are then tried to see if access can be gained. Shortly after these data dumps, numerous Twitter accounts were hacked, including those belonging to a number of high profile celebrities – Katy Perry, Mark Zuckerberg, Tenacious D, and Lana Del Rey for example. While the hacking of a Twitter account may only be an inconvenience for many victims, far more serious hacks have occurred. TeamViewer remote desktop connection software was targeted by attackers who had obtained data from the LinkedIn breach. Users’ accounts were accessed and the software leveraged to obtain access to users’ PayPal accounts and bank accounts, primarily using passwords saved in browsers. The victims had their bank and PayPal accounts emptied. Some individuals also reported that TeamViewer had been used to install ransomware on their...
by G Hunt |
June 17, 2016 |
Cybersecurity News, Network Security
Each year, the Ponemon Institute conducts an annual benchmark study on the cost of a data breach. The IBM-sponsored report reveals just how damaging data breaches can be to a company’s finances. Responding to a data breach costs companies millions of dollars, and each year the cost rises. Last year, the Cost of a Data Breach study placed the average cost at 3.79 million. This year, the average cost has risen to $4 million. The average cost per stolen record rose from $154 to $158 over the past 12 months. Average Cost of a Data Breach in the United States is $7.01 Million However, those figures are taken from the global data collected for the study. The costs incurred by U.S businesses are much higher. Take the figures for the United States alone, and the average cost is $7.01 million. Last year the average cost of a breach response in the United States was $6.53 million. Organizations in the United States can expect to pay costs of $221 per record, although organizations in the healthcare industry, financial, and life science sector can expect to pay far higher amounts. The cost of a data breach in the healthcare industry is a staggering $402 per record. The data also show that the average number of records exposed per incident also increased. In the United States, the total cost of a data breach rose by 7% over the space of a year, and by 2% per stolen or compromised record. The Ponemon Institute offers some suggestions why the overall cost of a data breach has increased by such a high degree. One of the main reasons is a substantial rise in indirect costs. When an organization suffers a security breach that exposes sensitive data such as credit card numbers, financial information, Social Security numbers, or medical records, consumers are increasingly taking their business elsewhere. The Ponemon Institute refers to this as the abnormal churn rate. Organizations Should Try to Reduce Churn Rate After a Data Breach One of the findings of the research is the higher the churn rate is following a data breach, the higher the cost of the breach will be. Companies that experienced an abnormal churn rate of lower than 1%, had to pay average breach costs of $5.4...
by G Hunt |
May 13, 2016 |
Cybersecurity Advice, Network Security
To reduce the risk of malware infections from websites you can avoid certain types of sites that are commonly used by cybercriminals to infect visitors. Sites containing pornography for instance, torrents sites, and online marketplaces selling illegal medication for example. However, while these sites are often compromised with malware or contain malicious code, they are far from the most common sites used by cybercriminals to infect visitors. The unfortunately reality is that browsing the Internet and only visiting what are perceived to be “safe sites” does not mean that you will not be exposed to maware, malicious code, and exploit kits. Hackers are increasingly compromising seemingly legitimate websites to redirect visitors to sites containing exploit kits that download malware and ransomware. Two CBS-affiliated news websites were recently discovered to be hosting malicious adverts that redirect visitors to sites containing the Angler Exploit Kit. MSN has been found to host malvertising in the past, as has Yahoo. A study conducted by anti-virus company Symantec revealed that three quarters of websites contain security vulnerabilities that could potentially be exploited to infect visitors with malware. High Profile Websites Compromised and Used to Deliver Ransomware to Visitors This week, two new websites were found to have been compromised and were used to infect visitors with malware. The celebrity gossip website PerezHilton.com may cause problems for celebrities, but this week it was also causing problems for its visitors. The site attracts millions of visitors, yet few would suspect that visiting the site placed them at risk of having their computer files locked with powerful file-encrypting ransomware. However, that is exactly what has been happening. Hackers compromised an iframe on the site and inserted malicious code which redirected visitors to a website containing the Angler Exploit Kit. Angler probes visitors’ browsers for security vulnerabilities and exploits them; silently download a payload of malware. In this case, the Angler Exploit Kit was used to push Bedep malware, which in turn silently downloaded CryptXXX ransomware onto the victims’...
by G Hunt |
April 5, 2016 |
Cybersecurity News, Network Security
2015 may have been the year of the healthcare data breach, but 2016 is fast becoming the year of ransomware with new strains such as Samas ransomware appearing at an alarming rate. Recently the Federal Bureau of Investigation reached out to U.S. businesses, seeking help to deal with the latest Samas ransomware threat. Samas Ransomware Being Used to Encrypt Networks Samas ransomware – also known as Samsa, Samsam, and MSIL – is different from many strains of ransomware that were used by cybercriminals last year. The new ransomware strain is being used to attack businesses rather than consumers. Last year, criminals were sending out ransomware randomly via spam email. Ransom demands of 0.5-1 Bitcoin were the norm, with consumers often willing to pay to recover their files, accounts, photographs, and other important data. However, businesses hold far more valuable data. If criminals are able to infect enterprise computers and encrypt important business files, higher ransom demands can be sent. In many cases those demands have been paid. In order to obtain large ransoms, cybercriminals need to infect networks rather than single computers. If an end user downloads ransomware onto their computer, and that ransomware has the capability to spread laterally and infect other systems, enterprises are more likely to pay to unlock the encryption. Even when viable backups exist, the complexity of some of the ransomware now being used makes paying the ransom an easier and lower cost option. Since some ransomware is capable of deleting backup files, the restoration of data may simply not be an option. Samas ransomware has been reported to delete Volume Shadow Copy Service (VSS) data. Access to Systems is Gained by Cybercriminals Weeks Before Samas Ransomware is Deployed The mode of action of Samas ransomware is different from other families of malicious file-encrypting software such as Locky, CryptoWall, and Cryptolocker. Attackers are exploiting a vulnerability in the JBoss enterprise application platform to compromise an external web server. This is achieved by using a security program called JexBoss. Once access to a server has been gained, attackers mask...
by G Hunt |
April 1, 2016 |
Cybersecurity News, Network Security
The FBI issued warnings last year over the rise in popularity of Bitcoin ransomware, and a few days ago the law enforcement agency reached out to companies requesting assistance to help it tackle the threat from the latest ransomware variants, just days before the malicious software was used on MedStar Health System. Over the last few weeks a number of healthcare institutions have reported being attacked with ransomware, and there is no telling how many companies have had corporate and customer data encrypted by attackers. Many do not like to advertise the fact they have been attacked. While attacks on individuals only result in relatively small ransoms being paid, the same cannot be said for companies. Ransom demands of tens of thousands of dollars are issued, and many companies feel they have little alternative but to pay the ransom demand in order to recover their data. Unfortunately for enterprises, the threat from Bitcoin ransomware is unlikely to go away any time soon. More cybercriminals are getting in on the act and attacks will continue as long as they prove to be profitable. The bad news is Bitcoin ransomware is very effective. Worse still, attacks require little technical skill and cost very little to pull off. Bitcoin Ransomware Kits Mean Little Skill is Required to Pull Off a Successful Attack According to a report in the Italian newspaper La Stampa, the cost of conducting a ransomware attack can be shockingly low and requires little in the way of skill. One reporter at the newspaper set out to discover just how easy it is to buy ransomware and conduct an attack. After visiting underground forums on the darknet, the researcher found a board where ransomware-as-a-service was being offered. One poster on a Russian forum was not only offering ransomware for sale, but made it exceptionally easy for would-be cybercriminals to conduct campaigns. The purchaser would be supplied with the ransomware, distribution tools to send out the malicious file-encrypting software via email and advertising networks, and this Bitcoin ransomware service could be bought for as little as $100. According to the article, the purchaser would be allowed to keep 85% of the...
by G Hunt |
March 31, 2016 |
Cybersecurity Advice, Network Security
There are a number of ways for managed service providers to increase cash flow and boost profits. Efficiency can be improved, staff productivity can be increased, better margins achieved, and new in-house products could be developed. Unfortunately, all of these are easier said than done. The main ways to increase profits by a significant amount is to attract new customers and increase the amount each existing client is spending. If only there was a secret ingredient that MSPs are missing that could help them help to win more business and get each client to spend more! The good news is that for many MSPs, there is such a product. Any MSP that has yet to include a web filtering service into their product portfolio could be missing out on substantial profits. Web Filtering – An Easy Way for MSPs to Increase Profits Filtering the Internet is now essential for many enterprises. In certain Industries it is mandatory for companies to filter the Internet. They need to ensure sensitive data are protected and risk is effectively managed. Networks must be protected from attacks by hackers and with an increasing number of web-borne threats, Internet usage policies alone are not sufficient to keep organizations protected. Those policies need to be enforced and a web filter is the natural choice. In some industries, education for example, it is mandatory for the Internet to be filtered. Minors must be prevented from accessing obscene website content or other material that could be harmful. Even when it is not mandatory to filter the Internet it is often desirable. Hotels, restaurants, transport networks, airports, cafes, and coffee shops are choosing to implement controls to ensure all users enjoy a safe browsing experience. In business, productivity losses from Internet abuse can be considerable. If every employee wasted an hour each day on personal Internet use, the losses to a medium-sized company would be substantial. Some studies suggest even more time is wasted by employees each day on non-work related Internet activities. Failure to filter the Internet can prove costly in many ways. For example, the accessing of adult content in the workplace can lead to the...
by G Hunt |
March 12, 2016 |
Internet Security News, Network Security
Effective enterprise patch management policies can greatly improve security posture and prevent cyberattacks; however, many enterprise IT staff are confused about patch management. A new survey conducted by Tripwire suggests that InfoSec staff often confuse patch management with vulnerability mitigation. The complexity of enterprise patch management also leaves many security professionals unsure about when patches should be applied and the impact of applying patches. The Complexity of Enterprise Patch Management Causes Problems for Many IT Security Professionals The Tripwire survey was conducted on 480 IT security professionals and asked questions about enterprise patch management policies at their organizations. The results show that IT staff are struggling to ensure that all systems are maintained in a fully patched state. 67% of respondents said that at least some of the time, they are unsure about which patches need to be applied to certain systems. The complexity of enterprise patch management is a problem. For instance, a patch may be issued to address Adobe Flash vulnerabilities, but it comes bundled with Google Chrome updates. It addresses Flash vulnerabilities in Chrome, where Adobe Flash is embedded, but does not address standalone installations or Flash vulnerabilities in other browsers. 86% of respondents said that issues such as this mean they find it difficult to understand the impact of a patch. It is all too easy for security vulnerabilities to remain after a patch has been applied. Patches are released that address multiple security vulnerabilities, but they do not address those vulnerabilities across all systems. The application of a patch will not necessarily remediate a security vulnerability entirely. According to Tripwire, ““The relationship between patches and vulnerabilities is far more complex than most people think.” There is also considerable confusion between patches and software upgrades. When it comes to addressing security vulnerabilities, a patch may address some, an upgrade may address others, and there is often some overlap. Because of this, organizations struggle to ensure that all software is properly patched and fully up to...
by G Hunt |
May 22, 2012 |
Network Security
Many employees want to use their personal devices in the workplace. Personally owned devices are usually faster than the desktops supplied by employers. Employees know how to use the operating system, they have the software they need already installed, and it allows them to be more flexible about when and where they work. These are all great benefits for employers. The power of new technology can be harnessed without expense, and productivity can increase. Some may believe technology vendors are the driving force behind BYOD. It is true that vendors have embraced the BYOD movement and are pushing for their new devices to be used in the workplace. However, it is employees that are really driving the movement. They want to use their own devices in the workplace as it makes their lives easier. Unfortunately for IT security professionals, keeping control of the devices is thought to be virtually impossible. The security risks introduced by personal tablets, Smartphones and laptops are numerous. BYOD is seen as a data security nightmare and a security breach just waiting to happen. But what are the risks introduced by the devices? Are they as problematic as security professionals believe? What are the problems with Bring Your Own Device (BYOD) programs? Many IT professionals dislike BYOD, but it is not only for data security reasons. Managing BYOD requires a considerable amount of planning and time. IT staff are usually pressed for time as it is, and that is without having to manage personally owned networked devices. Budget increases to manage BYOD are rarely sufficient and extra staff are often not employed to cope with the additional workload. Devices owned by employees must be allowed access to corporate networks. They are also used to store sensitive corporate data, yet those devices are taken outside the control of the company, used at home, taken to bars and are often lost or stolen. The devices can cause problems with compliance, especially in highly regulated industries. IT professionals must ensure data can be remotely erased, and protections are put in place to prevent the devices from being infected with malware. Another problem is how to make sure data...
