Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

Profile

Archives for June 2017

Don’t be Held Hostage by Ransomware – CFO Magazine

by

In this article from CFO Magazine, it is unfortunate that an attack such as the WannaCry/WanaCrypt0r has to occur to be the impetus of organizations and endusers alike to take security to the next level, but the five  steps are crucial.  You may not be immune, but you can reduce the chances of becoming a victim.

Kelly Bissell – June 6th, 2017

Five fundamental steps your company can follow to curb its chances of falling victim to a ransomware attack

If there’s a positive spin that can be placed on last month’s ransomware attacks, it’s that the topic of cybersecurity has finally emerged from the shadows and into the public eye. When 200,000 systems began to be infected across more than 150 countries on May 12, security became not just a matter for a few black-hat specialists and a wave of creative naming — from WannaCry to WanaCrypt0r and everything in between — it was suddenly everybody’s business.

Of course, businesses recognize they’re not immune from cyberattacks, and threat intelligence and law enforcement agencies have warned that such attacks can be expected to accelerate in frequency.  In short, ransomware is rampant. Often delivered via e-mail, ransomware, also known as cryptoware, it’s used to attack a company’s data by encrypting it until a ransom is paid to an unknown source — in some respects, the criminals who use it are the “stand and deliver” highwaymen of the modern age.

Any approach to handling ransomware must take into account that it triggers fast-moving situations and that there’s no guarantee that an approach that works for one organization will also work for another.  But here are five fundamental steps your company can take to curb its chances of its falling victim to a ransomware attack:

1.Adopt prevention programs. Most ransomware attacks start as a phishing attack. Prevention training and awareness programs can help employees recognize telltale signs of phishing scams and how to handle them. Guide your employees on how to recognize and avoid fraudulent e-mails or what to do in the event of a social engineering attack. Keep testing internally to prove the training is working.

2.Strengthen e-mail controls. Ransomware attacks are frequently delivered via e-mail. Strengthening e-mail controls can often prevent malicious e-mails from reaching employees. Make sure you have strong spam filters and authentication. Scan incoming and outgoing e-mails to detect threats and filter executable files. Consider a cloud-based e-mail analytics solution and how e-mail is configured and file extensions are displayed.

3.Improve CMDB. Companies need to be very diligent about building a complete configuration management data base (CMDB).  It may be surprising, but most companies do not know all the IT systems in their environment across all subsidiaries and business lines.  If you don’t know what you have, how can you protect it?

4.Insulate your infrastructure: Attackers are getting smarter, and it’s easier for unsuspecting employees to make mistakes by failing to recognize malicious e-mails. There’s a host of solutions here, from removing or limiting local workstation administration rights to seeking out the right configuration combinations (including virus scanners, firewalls, and so on).  Regular patches of operating systems and applications can foil known vulnerabilities: Microsoft patches related to this particular threat was one kind of measure that Accenture used back in March 2017 as part of our normal patching cycle.

5.Plan for continuity. Ransomware attacks are far from random — they are highly targeted and intentional, meaning that many can be averted via meticulous prevention. But even with the best defenses in place, successful attacks can occur. Having a strong business continuity plan for recovery — one that’s regularly reviewed, updated, and tested— makes it easier to avoid paying ransom. Recovery objectives must be aligned to the critical tasks within an acceptable timeframe. Workstations and file servers shouldn’t be constantly connected to backup devices. Further, the backup solution should store periodic snapshots rather than regular overwrites of previous backups, so that in the event of a successful attack, backups will not be encrypted.

SnoopWall Named one of the 10 Fastest Growing Security Companies for 2017

by

Silicon Review Recognizes SnoopWall as Rapidly Growing Breach Prevention Company

NASHUA, N.H., June 5, 2017 /PRNewswire/ — SnoopWall, Inc. (www.snoopwall.com), the world’s first breach prevention company, on the heels of being named as the Top Ranked Security company, three years in a row, by the CyberSecurity 500, has been named one of the 10 Fastest Growing Security Companies for 2017, by the prestigious Silicon Valley publication, The Silicon Review.

“We’re active throughout the globe in more than 32 countries, helping small to medium size enterprises (SME’s) defend against breaches in the most cost-effective way, through our trusted channel partners. It’s truly an exciting growth phase for SnoopWall,” said Mark Bermingham, Global Vice President of Worldwide Channels.

Online related article: http://thesiliconreview.com/magazines/securing-valuable-confidential-information-and-checking-on-cyber-threats-for-organizations-through-its-award-winning-patented-appliances-snoopwall/

“This award is given to a select group of tech companies each year based upon customer adoption and growth metrics. We’re pleased to include SnoopWall, a fast-growing breach prevention security company,” said Editorial Team of The Silicon Review.

“After keeping the pace of 300% growth rate, year over year, we’re thrilled to be named one of the 10 Fastest Growing Security Companies for 2017,” said Gary S. Miliefsky, CEO of SnoopWall, Inc. Miliefsky was also recently named to the Owler Top 100 High Tech CEOs of 2017 of more than 2,200 surveyed.

Have a question about SnoopWall – give us a call

Chinese ‘Fireball’ Malware Infects 20% of Global Corporate Networks

by

From Dark Reading – June 1, 2017 – Kelly Sheridan

The Fireball malware has infected over 250 million computers and is capable of executing code on all of them, raising potential for large-scale damage.

 A new cybercrime operation with roots in China has infected 250 million computers and 20% of corporate networks around the world.

The Fireball malware, operated by Beijing-based digital marketing agency Rafotech, was discovered by researchers at security software firm Check Point. It acts as a browser-hijacker but could become a fully functioning malware downloader under attackers’ control.

“It’s not technically more advanced than other malware,” says Maya Horowitz, threat intelligence group manager at Check Point. “But it is able to pull any other malware to the infected devices, so it has a maliciousness.”

The browser-hijacking malware typically spreads via two types of bundling: with other Rafotech products, or with freeware distributed online. Horowitz says users who download freeware unknowingly also get the malware, which could be dropped at a later stage.

Fireball manipulates the browser to change users’ search engines and home pages into a Rafotech search engine, and redirects all search results to Google, Yahoo, and more. The fake search engines contain tracking pixels, which give Fireball the power to collect personal data.

The greatest hit rates were in India (10.1%) and Brazil (9.6%). While the US was on the low end at 2.2%, it still witnessed 5.5 million hits. Corporate network infections were also greatest in India (43%) and Brazil (38%); the US represented 10.7% of business networks affected.

“We don’t know how it got to so many devices worldwide,” says Horowitz, adding how Fireball may have spread in ways that haven’t been discovered.

The scope is significant. While Rafotech is currently using Fireball for data collection and monetary gain, the malware provides a backdoor that can be exploited for further attacks. Once installed on a victim’s machine, Fireball can also execute code on that device to steal information or drop more malware.

“It doesn’t take much to imagine a scenario in which Rafotech decides to harvest sensitive information from all its infected machines, and sell this data to threat groups or business rivals,” Check Point explains in its report. Banking and credit card data, medical files, patents, and business plans could be exposed.

Horowitz also notes the potential for an attack to the extent of last year’s DDoS incident caused by the Mirai botnet. While that risk remains theoretic for now, the potential is there.

“In [Fireball’s] case, each infected machine was its own, and someday all these machines could get the command to do something,” she says. “Any risk you can think of; any code can run on these machines.”

Check Point’s analysis indicates Rafotech’s distribution methods appear to be illegitimate and don’t follow criteria that would legalize their actions. The malware and fake search engine lack indicators connecting them to Rafotech, cannot be uninstalled by the average user, and hide their true nature.

Sniffing out FireBall

Here’s how to determine if you’ve been hit with Fireball: Open your Web browser and check if your homepage was set by you, if you can modify it, if you can recognize and modify the default search engine, and if you installed all your browser extensions.

If the answer is “no” to any of those, it’s a sign you may have been hit with the malicious adware.

Bot-driven online ad fraud has been a major problem for advertisers, which have struggled with billions of dollars in loss. There is good news here, though: loss is on the decline this year, despite an overall increase in digital ad spending.

Infocyte Uncovering a Major Hidden Risk of GDPR Legislation

by

By Robert MacMillan – Infocyte

All companies in Europe today are focused on GDPR compliance. The smart ones are approaching the preparation for future compliance in a methodical and phased way, beginning with an assessment of the current data protection measures in place and identifying gaps or other threats to data security.

The legislation is incredibly hostile to business, yet it is a natural evolution of our changing society and the required balance that is constantly negotiated between industry and technology and their impact on people’s lives. What is alarming about the GDPR legislation, as it is written, are the hidden risks that will threaten companies that believe themselves compliant, but may unwittingly be missing the bar for compliance.

The new law is focused on corporate actions required after the discovery of a breach, but fails to adequately define what constitutes a ‘reasonable’ period of time to discover a breach. Enterprises that are relying on defensive technologies alone – whether traditional defenses like endpoint protection and whitelisting or more modern defenses like EDR and SI (Security Intelligence) analysis tools – will face problems.

The Impact for EU Businesses

The GDPR legislation defines a time frame, specifically 72 hours, following the discovery of a breach, to notify affected parties and authorities. That much is clear and defined. However, the timeframe to detect the breach remains undefined.

What constitutes a ‘reasonable timeframe’ to discover a breach?  With a lack of clear guidelines in the GDPR, the courts will likely decide. The issue is already working its way through courts of competent jurisdiction in the USA. In early 2016 a massive malware hack of fast casual dining chain ‘Noodles & Company’ impacted hundreds of thousands of customers’ financial data, the problem exacerbated by the fact the malware persisted for months undetected.

In the autumn of 2016 American financial institutions filed a class-action lawsuit against ‘Noodles & Company’, in part claiming that the company should be held liable due to negligence because they ‘let’ malware persist undetected for four months.

Allowing Breaches to Persist Opens Up Liability

European companies working to comply with GDPR, and believing themselves to be compliant – run the eventual risk of being found effectively non-compliant, if they allow a breach to persist for weeks, months or even years.

The GDPR, in its opening clauses specifically states (GDPR page 17 paragraph 87): “It should be ascertained whether all appropriate technological protection and organizational measures have been implemented to establish immediately whether a personal data breach has taken place…”

This language implies that as technology changes, enterprises have an obligation to modernize their discovery capabilities. This further compounds the risks inherent in lengthy gaps between breaches and the discovery of the breaches.

Modernize Your Security Posture with Infocyte HUNT™

The breach detection gap – or dwell time – is defined as the period of time between first execution of malware and its discovery. Infocyte HUNT helps enterprises manage and mitigate their risk exposure, the solution enables organizations to define and manage this gap.
Stated another way – Enterprises using Infocyte HUNT are able to determine and enforce HOW LONG malware is allowed to persist undiscovered after it breaches existing defenses. That time frame may be one week, one day, 12 hours or any period of time that an enterprise decides is appropriate.

Infocyte HUNT uses dissolvable agents that validate that each endpoint in an organization is ‘clean’ and malware free. HUNT uses volatile memory analysis, memory un-mapping techniques and more to collect the required information from each endpoint. HUNT then analyses the gathered data and delivers clear, easy to read reports that even junior IT administrators can work with to address potential breaches.

HUNT effectively delivers a solution that equips enterprises with the skill set of a highly specialized Forensic Analyst, executing the work in a fraction of the time and cost that a dedicated specialist would require.

Learn how to harness the power of Infocyte HUNT and get ahead of GDPR specifications: Download Now. Interested in a demo? Contact us .