Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

Archives for March 2017

‘Insider Sabotage’ among Top 3 Threats CISOs Can’t yet Handle

by

These five steps can help your organizations limit the risks from disgruntled employees and user errors.

Although insider sabotage is among the top three security threats companies face, 35% of chief information security officers in the US still lack the best practices to handle it properly, according to a Bitdefender study.

Insider sabotage – whether by a former employee who still has network access and is bent on sabotage or a careless staff member who clicks on phishing links when using company devices, or even a contractor or associate – can be particularly devastating because it’s usually not detected until the damage is done.

As the bring-your-own-device (BYOD) to work trend becomes even more widespread, CISOs should conduct regular security trainings to make current employees vigilant toward cyber hacks and schemes. Did they receive a suspicious email? Then they shouldn’t click on any URL or download attachments. Because hackers can expertly impersonate company email addresses and templates, employees need to be trained about address typos that could signal a scam.

Increasing cloud adoption raises other concerns about cloud security for a growing number of companies that have lost proprietary data across a longer timeframe by disgruntled former or current employees, who should have to think twice about acting out against their employers.

If caught, those who deliberately harm a business may be in for some tedious prison time. A sysadmin from Baton Rouge, for example, was sentenced to 34 months in federal prison for causing substantial damage to his former employer, a Georgia-Pacific paper mill, by remotely accessing its computer systems and messing with commands. Obviously, access from all systems and networks associated with the company should have been revoked when the man was fired.

“To limit the risks of insider sabotage and user error, companies must establish strong policies and protocols, and restrict the ways employees use equipment and infrastructure or privileges inside the company network,” recommends Bogdan Botezatu, senior e-threat specialist at Bitdefender. “The IT department must create policies for proper use of the equipment, and ensure they are implemented.”

Here are five steps CISOs can take to avoid insider sabotage:

  1. Enforce a strict information security policy, and run regular training sessions with employees to prevent malware infection of company networks.
  2. Immediately revoke all access and suspend certificates for former employees to prevent them from leaving the company with backups and confidential data, or from making administrative changes before leaving the company.
  3. Keep a close eye on internal systems and processes, and set up notifications for any changes that should occur.
  4. Implement role-based access control to restrict access to unauthorized employees.
  5. Never rely solely on usernames and passwords to safeguard confidential company data. Instead, implement multiple authentication methods such as two-factor, two-person or even biometric authentication.

Ransomware Is A Repeat Offender: How To Protect Your Business

by

From Forbes – Ryan Barrett

If there is one major cybersecurity lesson we learned last year it was this: Ransomware is here, and it isn’t going away anytime soon.

Ransomware is a type of malware that severely restricts access to a computer, mobile device, or file until the demanded fee is paid by the victim. Often, it arrives in the form a phishing email or message and begins its foul work as soon as it reaches your system. Regardless, victims are presented with a hefty ransom to regain access or you can kiss it all goodbye.

The first option is unpleasant. The second is unrealistic. So many organizations wind up paying the ransom. But, consider the consequence of doing so. If an organization coughs up the money, it’s not only funding cybercrime, but it’s also sending a signal to cyber-criminals: “hey, we’ve got money, we’ve got important data, and our systems aren’t equipped to combat such an attack, so we’re willing to pay what is demanded to get access to our stuff.”

In addition, we’ve learned from the past that ransomware isn’t a one-time deal. Take, for example, a Kansas hospital that was extorted twice. After succumbing to the initial ransom, the attacker demanded a second payment to unlock all files. In another instance, a Michigan radio station suffered from being hit with ransomware twice in two weeks.

Ransomware halts your business, halts productivity and, potentially, sets your organization up for failure. And those who’ve been affected by ransomware stand a good chance of being re-infected this year. For this, you can thank the number of digital entry points in an organization that a cybercriminal can exploit.

 First on their list is email, the most common medium for ransomware and the easiest for cybercriminals to abuse. Even victims that take the necessary precautions to detect and remove suspicious files from their email – sometimes going so far as to undergo phishing detection training – are still at risk. This is because phishing attacks, which are messages that trick people into downloading or opening corrupted files, are difficult to detect by nature. If someone has been tricked once, they could very easily be tricked again.

Another tool called a “backdoor.” It’s just like it sounds: cybercriminals build backdoors into networks for prolonged spying and re-infection. A backdoor is a technique in which a system’s security mechanism is bypassed undetectably to access a computer or its data. This means a cybercriminal can re-infect a network if a company does not perfectly clean and remove malware from its devices. All the cybercriminal has to do is wait for the right opportunity. Ransomware variants that install backdoors for later use are uncommon now, but they do exist and cybercriminals are actively testing them.

Cybercriminals can also use backdoors to monitor a network for sensitive data, such as login information, financial records, product development roadmaps and more. This data can be either sold or used to inform a second ransomware attack, one reliant on a phishing email, to re-infect a previously compromised system.

Finally, thanks to the Bring Your Own Device (BYOD) movement where employees are using their own devices, they may inadvertently introduce malware into a company’s network. This can be a frighteningly easy thing to do, especially if the company in question lacks sophisticated data monitoring security solutions.

So how can companies fight against this threat of ransomware? Well, there are a few possibilities. First is to implement a comprehensive email security solution capable of detecting and isolating potentially dangerous phishing emails. Companies will need to look for solutions that take on a multi-layered security strategy, such as sandboxing, behavior-based antivirus and construct a business continuity plan in the event a ransomware attack is successful.

That last part it is particularly important. Business continuity plans are a normal part of operations, usually constructed around worst-case and natural disaster scenarios. Companies need to start preparing for cyberattacks and investing in two major areas: real-time file backups and employee education.

Real-time file backups can help organization maintain a “clean slate” of files free from ransomware. These clean files offer a “get out of ransomware free card” since all you have to do is merely restore a clean version of a file and access it on another device. This also has the added benefit of eliminating one of ransomware’s more damaging aspects: employee downtime. In fact, a study on ransomware found that 72 percent of employees were locked out of their files for at least two days.

Finally, take the time to educate and test your employees on the latest cybersecurity threats on the market today. That means investing in cybersecurity training that tests your employees on how to detect phishing attacks and how to respond to them.

 Ransomware’s rise can be attributed to two factors: the increased processing power found in our computers (which are now so powerful that they can encrypt their own files in a matter of hours, giving the user little chance of detecting it before its too late) and the appearance of  the best decentralized exchange with pseudo-anonymized (thus hard to track) payment systems like Bitcoin. The result is the sum of a dark formula: easy to use malware plus anonymized communications plus a massive halt to a busy workforce plus hard to trace currency equaling an easily-replicated and profitable cybercrime.

And it is profitable. In 2015, the FBI’s Internet Crime Complaint Center reported cybercriminals were able to extract $1.6 million in ransoms during 2015. In 2016, that figure was nearly $1 billion. How’d it grow so fast? Well, once cybercriminals began to realize ransomware’s power, they began asking for more in their ransoms. Today, the FBI reports cybercriminals can demand anywhere from $200 to $5,000 per user.

Cybercriminals are going to attack your business. You cannot control that. What your organization can control, however, is how prepared it is when it encounters an attack. Better preparation means your business suffers less downtime. It also means your employees maintain productivity even if the business is dealing with a threat like ransomware. And that’s the best defense against a second round of ransomware, not letting it hit you— again.

 

 

Report: 2016 saw 8.5 million mobile malware attacks, ransomware and IoT threats on the rise

by

Mobile malware attacks increased more than three times between 2015 and 2016, according to a new report from Kaspersky Lab. Here’s what you need to know.

From Tech Republic – Alison DeNisco

In 2016, the number of malicious installation packages hit more than 8.5 million—three times more than the year before, according to a report on mobile malware evolution from Kaspersky Lab, released on Tuesday. The firm registered nearly 40 million attacks by malicious mobile software over the course of the year as well.

Geographically speaking, the nations with the highest number of attacks were Bangladesh, Iran, Nepal, China, and Indonesia, the report stated.

The No. 1 malware threat of 2016? Trojans, which gained super-user privileges that allowed them to secretly install advertising applications and display ads on the infected device, and even buy apps on Google Play, the report found. And this trend shows no sign of slowing down.

The Trojans attacked Android devices via vulnerabilities that are patched in newer versions—however, most users do not update their phones in a timely manner, leaving them open to danger.

“Cybercriminals are taking advantage of the fact that most devices do not receive OS updates (or receive them late), and are thus vulnerable to old, well-known and readily available exploits,” the report stated.

Because this malware installs its modules in the system directory, it makes remedying the situation difficult, the report noted. “Some advertising Trojans are even able to infect the recovery image, making it impossible to solve the problem by restoring to factory settings,” it stated.

Kaspersky Lab also found installations of the modular trojan Backdoor.AndroidOS.Triada, which allowed hackers to alter text messages sent by other apps and steal money from the device owner.

Google Play remains a popular place for cybercriminals to find business: Kaspersky Lab detected about 50 new applications infected by Trojan.AndroidOS.Ztorg.am, the new modification of Trojan.AndroidOS.Ztorg.ad. And many of these apps were installed more than 100,000 times.

“Representatives of this class of malicious software have been repeatedly found in the official Google Play app store, for example, masquerading as a guide for Pokemon GO,” the report stated. “This particular app was downloaded over half a million times and was detected as Trojan.AndroidOS.Ztorg.ad.”

Ransomware attacks grew the most over 2016: Trojan-Ransom increased almost 6.5 times, now representing 4% of all malware installation packages. Kaspersky Lab detected 261,214 mobile ransomware Trojans in 2016. “This growth was caused by the active distribution of two families of mobile ransomware – Trojan-Ransom.AndroidOS.Fusob and Trojan-Ransom.AndroidOS.Congur,” according to the report. The criminals behind the Trojan usually demand between $100 to $200 to unlock a device, Kaspersky Lab noted.

Hackers also evolved their use of mobile banking Trojans over 2016, many of which learned how to bypass new Android security measures and continue stealing user information.

“This year, we will continue to closely monitor the development of mobile banking Trojans: the developers of this class of malware are the first to use new technologies and are always looking for ways to bypass security mechanisms implemented in the latest versions of mobile operating systems,” the report noted.

Internet of Things (IoT) devices are also a growing target for cybercriminals, with an “attack-the-router” Trojan Switcher targeting the Wi-Fi network that an infected device is connected to. “If the Trojan manages to guess the password to the router, it changes the DNS settings, implementing a DNS-hijacking attack,” the report stated.

The 3 big takeaways for TechRepublic readers

1. A new report from Kaspersky Lab found that the number of malicious installation packages hit more than 8.5 million in 2016, three times more than 2015.

2. Trojans were the No. 1 malware threat of 2016, due in part to cybercriminals attacking mobile devices that had not been updated.

3. Ransomware attacks and IoT attacks are increasingly common, the report found.