Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

SnoopWall NetSHIELD Nano Wins Best Network Access Control (NAC) in the Cybersecurity Excellence Awards

by

SAN FRANCISCO, Feb. 14, 2017 /PRNewswire/ — SnoopWall, Inc, the global leader in Breach Prevention, today announced receiving the coveted Cybersecurity Excellence Award for its tiny, powerful, cost-efffective NetSHIELD Nano breach prevention appliance.

“We’re humbled and honored to receive this prestigious award from our peers in the cyber and information security space,” said Gary S. Miliefsky, CEO of SnoopWall, Inc. “When small to medium enterprises (SMEs) are looking for a cost effective way to prevent breaches on their intranet networks, they look towards SnoopWall. Our NetSHIELD Nano is an incredibly tiny, powerful and cost-effective breach prevention solution that any SME can afford.”

The Cybersecurity Excellence Award is a prestigious award that honors individuals, products and companies that demonstrate excellence, innovation and leadership in information security. This independent awards program is produced in cooperation with the Information Security Community on LinkedIn, tapping into the experience of more than 300,000+ cybersecurity professionals to recognize the world’s best cybersecurity products, individuals and organizations.

“Congratulations to SnoopWall for winning the 2017 Cybersecurity Excellence Award for Network Access Control (NAC) hardware with their tiny breach prevention Nano appliances,” said Holger Schulze, founder of the 350,000-member Information Security Community on LinkedIn which organizes the awards program. “With over 450 entries, the 2017 awards are highly competitive. All winners and finalists reflect the very best in leadership, excellence and innovation in today’s cybersecurity industry.”

Fitting within the palm of your hands, the patented NetSHIELD Nano is the world’s smallest network access control (NAC) and breach prevention intranet security appliance. This is a tiny, powerful, plug-in-and-protect solution that detects and blocks zero-day malware (0day), ransomware, remote access Trojans (RATs). In addition, in milliseconds it blocks rogue devices, manages the Bring Your Own Device (BYOD) dilemma and, with pinpoint accuracy, finds all vulnerabilities in trusted network assets/devices including on wired and wireless networks and all internet of things (IoT) devices. It has a complete standalone secure web-management interface, as well as support for all major switches, hubs, wireless devices and can send threat feeds to all SIEMs and SIMs over Syslog or SNMP traps plus email alerts. In addition, for larger organizations and MSSPs it can be completely managed remotely through the Command Center of the NetSHIELD Enterprise appliances.

About SnoopWall, Inc.

SnoopWall is the world’s first breach prevention security company delivering a suite of network, mobile and app security products as well as cloud-based services protecting all computing devices from prying eyes and new threats through patented counterveillance cloaking technology. SnoopWall secures mission critical and highly valuable confidential information behind firewalls with our award winning patented NetSHIELD appliances and with WinSHIELD on windows and MobileSHIELD on Google Android and Apple iOS mobile devices with next generation technology that detects and blocks all remote control, eavesdropping and spying. SnoopWall’s software products and hardware appliances are all proudly made in the U.S.A.

BitDefender Perspectives - Outsider Attacks Give Nightmares To CIOs, CEOs, CISOs

by

Cyberattacks via mobile devices, physical security and malware top the list of threats that US companies are not ready to handle, according to a recent Bitdefender study.

Outsider attacks give nightmares to US CIOs, according to a Bitdefender survey of 250 IT decision makers at US companies with more than 1,000 PCs. The survey notes that outsider attacks, data vulnerability and insider sabotage are the main threats companies aren’t ready to handle.

CIOs also know that cybercriminals can spend large amounts of time inside organizations without being detected; Advanced Persistent Threats (APTs) are often defined as threats designed to evade detection.

Accessing any type of data, whether stored in the private or public cloud, needs to be done via multiple authentication mechanisms, Bitdefender’s security specialists recommend. This should involve more than just usernames and passwords. For access to critical data, two-factor or biometric data offers additional control and authorization of qualified and accepted personnel. This is especially significant in organizations where access to critical and sensitive data is restricted, and only then under strict security protocols and advanced authentication mechanisms.

Image Source: Bitdefender

Insider sabotage is the third threat IT decision makers can’t yet handle
“To limit the risks of insider sabotage and user errors, companies must establish strong policies and protocols, and restrict the ways employees use equipment and infrastructure or privileges inside the company network,” recommends Bogdan Botezatu, Bitdefender’s senior e-threat specialist. “The IT department must create policies for proper usage of the equipment, and ensure they are implemented.”

In the past two years, companies witnessed a rise in security incidents and breaches, with a significant increase in documented APT type of attacks targeting top corporations or government entities (such as APT-28). This type of attack intends to exfiltrate sensitive data over a long period, or silently cripple industrial processes. In this context, concerns for security are rising to the top, with decisions taken at board level in most companies.

According to the Bitdefender survey of 250 IT decision makers at US companies with more than 1,000 PCs, IT decision makers, CISOs and CEOs are all concerned about security, not only because of the cost of a breach (unavailable resources and/or money lost), but also because their company’s reputation is at risk when customer data is lost or exposed to criminals. The more media coverage a security breach receives, the greater the complexity of the malware causing it. On top of this, migrating corporate information from traditional data centers to a cloud infrastructure has significantly increased companies’ attackable surface, bringing new threats and more worries regarding the safety of the data.

The demand for hybrid cloud, a mix of public cloud services and privately owned data centers, is estimated to be growing at a compound rate of 27% a year, outpacing overall IT market growth, according to researcher Markets and Markets. The company said it expects the hybrid cloud market to reach $85 billion in 2019, up from $25 billion in 2014. (Read the full white paper here.)

This survey was conducted in October 2016 by iSense Solutions for Bitdefender on 250 IT security purchase professionals (CIOs/CEOs/ CISOs – 26 percent, IT managers/directors – 56 percent, IT system administrators – 10 percent, IT support specialists – 5 percent, and others), from enterprises with 1,000+ PCs based in the United States of America.

Razvan, a security specialist at Bitdefender, is passionate about supporting SMEs in building communities and exchanging knowledge on entrepreneurship.

New Year’s Cyber Security Resolution

by

Welcome to 2017.

The comment that we have heard most often was thank god 2016 was over; for those involved in cyber security it was also a banner year for threats – a rapid increase in ransomware, a DDOS attack that was facilitated by IoT devices and the discovery of one of the largest cyber security breaches in history. With an election that the world watched having an aura of suspicion surrounding nefarious activities that could have decided the outcome, 2017 is shaping up to be a very interesting year.

In 2016 Security professionals had their job cut out for them. They attempted to stop the threats from breaching the perimeter, purchasing and implementing the latest in “next generation” technologies to satisfy a particular threat, such as ransomware – as opposed to looking holistically at the network in its totality. This piecemeal security implementation, while construed as defense in depth, can also lead to potential vulnerabilities within your network.

Knowledge is Power …. you cannot protect what you, as an organization, do not know that you have.

The best way to be ahead of the game is to be prepared for threats today, tomorrow and five year from now. In order to plan your strategy you need to know what you are protecting and from whom you are potentially protecting it from. Think of it like a football strategy – if you put the strategy in place without know your players or who you are playing against – you will ultimately loose .

Audit and Reporting

An internal cyber security threat assessment will provide an organization with valuable information about their network. The first step in the assessment is to generate a blue print of all of your organizations assets, with key information such as a device IP, host Name, MAC address and operating system.

Once the list is complete, an internal vulnerability assessment will provide the listing of assets that require urgent patches to harden against an attack.

Using the innovative Malware Detection system, the threat assessment will provide a detail of traffic that is communicating to known command and control servers ( C&C), websites that are outside corporate policy (such as those located in high risk countries), as well during your assessment it will block potential ransomware attacks such as CryptoLocker for Windows and Linux.Encoder.1 for Linux. If compliance is a requirement, complete the assessment for PCI, HIPAA, SOX or ISO 92001.

 

Vulnerability Assessment

The Cyber Threat Assessment is being offered by Symtrex using the SnoopWall NetShield Network Access Control. The SnoopWall Netshield is an IntraNet Security product, install for 45 days and run a comprehensive internal network evaluation, which will include asset detection, identify critical vulnerabilities, assist in hardening and managed your trusted assets, detect and block rogue/malicious devices, and audit and enforce compliance & regulatory requirements.

Contact us to find out more or to coorindate your Cyber Threat Assessment

Anti-Malware Is Necessary In The Data Center: 3 Examples

by

By Jeremiah Grossman - Dark Reading

Simply because data center endpoints don’t have the same threat profile as general desktops doesn’t mean they don’t need anti-malware software. Here’s why.

People often ask about the value of anti-malware software on data center endpoints such as Web servers, databases, file servers - the list goes on. This is a reasonable question because, with respect to malware, data center endpoints simply don’t have the same threat profile or business use-cases as general desktops, where users click on things all day, every day. Also, when endpoints don’t have all those pesky users, it would seem malware would have a much harder time getting onto data center endpoints. Yet, it happens all the time. How?

Before providing the best practices for a successful data center relocation, a security guidance is required. I would first like to share the most common attack patterns seen in the wild, and recommendations backed up by data. For this, I rummaged through the Verizon Data Breach Investigations Report (DBIR) 2016, which combines knowledge from more than 3,000 confirmed data breaches, and has a lot to say about malware usage.

The figure below, from the DBIR, presents an insightful attack pattern. What’s happening is, through a variety of extremely common techniques, such as phishing and others, a user’s desktop is compromised and infected with malware. While the data on this particular compromised endpoint may not be of high value, the malware is used to harvest static credentials (user names and passwords) just the same.

The next step in the breach is often to leverage the stolen credentials to pivot across the network, logging into point-of-sale systems, databases, Web servers, and file servers — where the real crown jewels are located — and infecting them with malware for command and control, and data exfiltration purposes. Since the threat actor is using valid credentials to access these data center endpoints, and not exploits, intrusion detection alarm bells are less likely to be triggered. So, in this case, if anti-malware software had been installed on these endpoints, that’s one more effective security control a threat actor would have had to bypass in order to obtain what they were after.

Another topic the Verizon DBIR discusses is “secondary motives.” For example, threat actors will compromise Web servers in the data center, often through exploiting SQL Injection or a PHP Remote File Include, and implant malware on the endpoint. The malware will typically have a couple of common purposes separate from data exfiltration.

One purpose is what’s referred to as a watering hole attack. The threat actor selects a certain website to compromise and serves up malware to a particular set of users - their primary targets - who are likely to visit the website. Another purpose is for the malware to launch spam campaigns or DDoS attacks on more primary targets.

Websites often have far more computing resources and bandwidth at their disposal than a typical user PC, which makes them attractive targets. Again, if sufficient anti-malware technology had been installed on Web servers, it would have made it that much harder for the bad guys to establish a foothold, even though they successfully exploited a vulnerability.

- Also read: Decommissioning An Outdated Server With Professional Help.

Count of Hashes by Lifespans in Seconds

Source Verizon DBIR

These examples show how important anti-malware software would have been in protecting against these unwarranted attacks. When reviewing common attack patterns, anti-malware software absolutely has value in the data center. With the introduction of new, signature-free next-generation approaches that use machine learning and dynamic behavior tracking, organizations can deploy this technology in a minimally invasive manner.

This is crucial to understand. As the Verizon DBIR also said, and the figure above illustrates, “99% of malware hashes are seen for only 58 seconds or less.” If we can disrupt the way adversaries generally conduct their operations, we can make the biggest impact in protecting our systems.

 

 

Avalanche (crimeware-as-a-service infrastructure)

by

US CERT - National Security Awareness System

TA16-336A: Avalanche (crimeware-as-a-service infrastructure)

12/01/2016 12:00 AM EST

Original release date: December 01, 2016

Systems Affected

Microsoft Windows

Overview

“Avalanche” refers to a large global network hosting infrastructure used by cyber criminals to conduct phishing and malware distribution campaigns and money mule schemes. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI), is releasing this Technical Alert to provide further information about Avalanche.

Description

Cyber criminals utilized Avalanche botnet infrastructure to host and distribute a variety of malware variants to victims, including the targeting of over 40 major financial institutions. Victims may have had their sensitive personal information stolen (e.g., user account credentials). Victims’ compromised systems may also have been used to conduct other malicious activity, such as launching denial-of-service (DoS) attacks or distributing malware variants to other victims’ computers.

In addition, Avalanche infrastructure was used to run money mule schemes where criminals recruited people to commit fraud involving transporting and laundering stolen money or merchandise.

Avalanche used fast-flux DNS, a technique to hide the criminal servers, behind a constantly changing network of compromised systems acting as proxies.

The following malware families were hosted on the infrastructure:

  • Windows-encryption Trojan horse (WVT) (aka Matsnu, Injector,Rannoh,Ransomlock.P)
  • URLzone (aka Bebloh)
  • Citadel
  • VM-ZeuS (aka KINS)
  • Bugat (aka Feodo, Geodo, Cridex, Dridex, Emotet)
  • newGOZ (aka GameOverZeuS)
  • Tinba (aka TinyBanker)
  • Nymaim/GozNym
  • Vawtrak (aka Neverquest)
  • Marcher
  • Pandabanker
  • Ranbyus
  • Smart App
  • TeslaCrypt
  • Trusteer App
  • Xswkit

Avalanche was also used as a fast flux botnet which provides communication infrastructure for other botnets, including the following:

  • TeslaCrypt
  • Nymaim
  • Corebot
  • GetTiny
  • Matsnu
  • Rovnix
  • Urlzone
  • QakBot (aka Qbot, PinkSlip Bot)

Impact

A system infected with Avalanche-associated malware may be subject to malicious activity including the theft of user credentials and other sensitive data, such as banking and credit card information. Some of the malware had the capability to encrypt user files and demand a ransom be paid by the victim to regain access to those files. In addition, the malware may have allowed criminals unauthorized remote access to the infected computer. Infected systems could have been used to conduct distributed denial-of-service (DDoS) attacks.

Solution

Users are advised to take the following actions to remediate malware infections associated with Avalanche:

  • Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. Even though parts of Avalanche are designed to evade detection, security companies are continuously updating their software to counter these advanced threats. Therefore, it is important to keep your anti-virus software up-to-date. If you suspect you may be a victim of an Avalanche malware, update your anti-virus software definitions and run a full-system scan. (See Understanding Anti-Virus Software for more information.)
  • Avoid clicking links in email – Attackers have become very skilled at making phishing emails look legitimate. Users should ensure the link is legitimate by typing the link into a new browser (see Avoiding Social Engineering and Phishing Attacks for more information).
  • Change your passwords – Your original passwords may have been compromised during the infection, so you should change them. (See Choosing and Protecting Passwords for more information.)
  • Keep your operating system and application software up-to-date – Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. You should enable automatic updates of the operating system if this option is available. (See Understanding Patches for more information.)
  • Use anti-malware tools – Using a legitimate program that identifies and removes malware can help eliminate an infection. Users can consider employing a remediation tool. A non-exhaustive list of examples is provided below. The U.S. Government does not endorse or support any particular product or vendor.