Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

Profile

ThreatList: Top 8 Threat Actors Targeting Canada in 2019

by

Bad actors are looking to hit financial and banking firms in Canada with geo-specific campaigns touting malware like Emotet, GandCrab and Ursnif.

Banking and financial services in Canada are being targeted in geo-specific attacks looking to spread varying forms of malware, according to researchers tracking thousands of malicious email campaigns between January 2019 to May 2019.

In particular, campaigns are typically launched by financially-motivated cybercriminals, but can also be orchestrated by national, state-sponsored threat actors (such as Advanced Persistent Threat or APT groups), said researchers with Proofpoint.

“In 2019, threats specific to Canadian interests, whether abusing Canadian brands, or affecting Canadian organizations through specific geo-targeting mean that defenders at Canadian companies must be cognizant of threats far more targeted than ‘North America,’” researchers said.

Click here for the complete article

Over 12,000 Business Websites Leveraged for Cybercrime

by

By Kelly Sheridan- Dark Reading – February 5, 2018

Attackers exploit trust in popular websites to launch phishing campaigns and spread malware.

 More than 12,300 websites in the business category were used to launch cyberattacks or deliver malware in 2017, making company sites riskier than gambling and shopping sites. Attackers are abusing people’s trust in popular sites to launch consistent and effective malware campaigns.

Forty-two percent of the top 100,000 websites ranked by Alexa are considered “risky,” according to Menlo Security’s State of the Web 2017. Researchers determined a website’s risk based on three criteria: use of vulnerable software, history of distributing malware or launching attacks, and the occurrence of a security breach within the 12 previous months.

A site was deemed risky if it met any one of these criteria. The largest category of risk was news and media sites, 49% of which met a risk factor, followed by entertainment and arts (45%), travel (41%), personal sites and blogs (40%), society (39%), and business and economy (39%), which includes company, association, industry group, financial data and serivces, and hosted business application sites.

Business and economy sites hosted more phishing sites, ran more vulnerable software, and experienced more security incidents than any other category in 2017, researchers found. The category was hit with 23,819 incidents in 2017; the next-highest was society sites at 12,669.

Background websites: Who are you talking to?

Menlo CTO Kowsik Guruswamy explains the risk of “background radiation,” which stems from the idea that much of cybercriminals’ damage happens behind the scenes. Each time someone visits a website, it contacts an average of 25 background sites for different demands: grabbing ads from an ad delivery network, for example, or videos from a content delivery server.

Any of these third-party sites could be compromised and pose risk to users. Most malware prevention tools, from antivirus products to behavioral modeling systems, are designed to focus on the intended domain and often don’t pick up on calls to background sites.

A major website like Bloomberg might have an IT team to update servers, Guruswamy says. However, when end users visit and are presented with videos and ads, the activity comes from other networks and may not necessarily be safe. The same applies to all major websites.

As software ages, risks grow

Many of today’s websites are participating in browsing sessions, and actively servicing ads, on software riddled with vulnerabilities, Guruswamy says.

“You have this really, really old software that’s full of holes that haven’t been patched and are waiting to be exploited,” he explains, pointing to the Equifax breach as an example of what threat actors can do if a website is running unpatched software.

Menlo analysts passively fingerprinted website software for both primary and background sites, and coordinated the documented vulnerabilities for each one. They found more than 51,000 business and economy websites are running vulnerable software.

The software supporting company websites is often old enough to have been compromised several times over the past few years. More than 32,000 websites analyzed run on Microsoft Internet Information Services (IIS) 7.5, which was released in 2009. Many sites use software that is no longer fully supported; for example, Microsoft’s IIS 5 Web server, which was released in 2000 and stopped receiving mainstream support in 2005.

Read full article ->

To find the best endpoint security tools, focus on these features

by

Finding the best endpoint security for your enterprise is a complex, ever-changing task. Learn what features tools offer now to protect endpoints touching the enterprise systems.

By Kevin Tolly – Tolly Group

When McAfee was formed in 1987 to sell the first commercial antivirus package, it set a baseline approach that has persisted to this day: Have a list of character strings that are unique to particular viruses and then scan files (and those files in memory) for the strings. Generally, if the scanner found one of the strings (the virus’s signature), it had very probably found a virus.

As other vendors emerged, they battled over their effectiveness at various aspects of this passive scanning approach. They focused on compiling the biggest, most comprehensive database of virus and malware signatures. The best endpoint security software available simply scanned for “bad” signatures every time a file was downloaded or opened. We use custom software development services so we know we’re getting the best software that we need for our business. Vendors would boast about having better research teams to catch more viruses.

A number of additional virus-hunting techniques were introduced over the years — heuristic scanning to deal with polymorphic viruses that purposefully avoided having consistently scannable signatures, allowing the software to run but cordoning off its requests to the operating system to watch for malicious behaviors, and the introduction of reputation-based ratings to score the likelihood that a given executable could be relied on to be safe. But the basic pattern held: A monolithic software package at the endpoint watched all the new files and called out known bad actors.

Recently, though, the enhancements have begun to overtake the core static scanning components of antivirus software. “Next-gen” endpoint security tools have emerged as a new product category with specific characteristics.

Real-time a defining trait of next-generation endpoint security

Signature files are static and threats are dynamic. At a certain point, it simply became impractical (if not impossible) to update signature files incessantly and instantaneously in an attempt to contend with zero-day threats. These are by definition threats that no virus collector has yet catalogued as of the moment they are launched.

So, if anything, “real-time” is the defining characteristic of the best endpoint security offerings in the next generation of tools. For many products, this means jettisoning the endpoint-resident signature file altogether and using different means to ferret out viruses and malware.

Analysis replaces signature matching

In next-gen tools, the best endpoint security offerings replace signature matching with analysis (in real-time, of course). Different products, naturally, will analyze different aspects and attributes to determine if a piece of code represents a threat to the endpoint.

Some of the analysis techniques have evolved from traditional endpoint products. For example, reputation analysis has been in use for a number of years. This technique generally involves searching a database containing lists of known “bad actor” IP addresses and websites that have been confirmed to be sources of malware.

For some traditional vendors, moving to next-gen tools means taking various techniques that they have developed over the years within their traditional product line and integrating to provide a more effective solution.

Many security products will evaluate multiple attributes of a piece of code. Each piece of information would be used to build a risk score that, ultimately, would help the tool determine whether the code should be blocked. One next-gen vendor claims to have developed over six million possible indicators of malware and uses that information to determine whether a given piece of code is malware.

Isolation aids analysis

Another variation of analysis involves simply letting the suspect code run on your system, to analyze what it does. If it tries do something bad, like erase files or make outbound network contact without authorization, then by definition it is malware and should be contained.

This approach, known generally as sandboxing, is not new. What is new is the implementation: One vendor leverages the high-performance virtualization features built into most PC hardware these days. That vendor creates a micro VM that can be termed a one-sample sandbox. The code is run, its behavior analyzed, a threat decision is made and the VM is discarded. Every sample gets its own fresh VM within which to run and be analyzed.

Even best endpoint security tools can’t do it all

In the realm of next-gen endpoint security, niche vendors are continually coming up with new takes on the issue. There are always new features being added. But it’s also important to understand what next-gen endpoint security is not. It is not a one-size-fits-all solution to your endpoint security woes. Nor is it a “me, too” list of vendors all doing the same thing. And, importantly it is not necessarily meant to be a total replacement for traditional endpoint security. It is simply a means to obtain the best endpoint security possible which is, in turn, a key element of an overall approach to keeping your systems secure.

 

Anti-malware is imperfect but still necessary. Here’s why

by

Sophos Blogs – Bill Brenner

Doctors sometimes make mistakes that harm the patient. Police often fail to protect and serve. When that happens, people rightly demand the failures be analyzed and fixed. But no one ever calls for the elimination of all doctors and police.

Why then, do some call for the end of antivirus and anti-malware when failures happen? It’s a question that has vexed us for a long time.

Researchers uncover vulnerabilities in security products on a regular basis. A recent example is Trend Micro, which faced scrutiny in January after researchers reported some 223 vulnerabilities across 11 of the vendor’s products. Tavis Ormandy, a prolific and gifted Google Project Zero researcher who most recently discovered Cloudbleed, regularly targets security products, including those produced by Sophos and such vendors as Kaspersky and Symantec.

Along the way, someone either declares it the end of antivirus, anti-malware, and endpoint protection, or calls for its demise. Last year, during another disclosure of Trend Micro vulnerabilities, security experts even declared antivirus a threat to security.

Can we all do better? Absolutely. Like all technology created since the dawn of time, antivirus sometimes falls short of its mission. As an industry, we need to continue to find weaknesses and fix them as quickly as possible.

Does doing better mean we set aside antivirus and anti-malware, just as some believe vaccines should be shelved? Hardly.

To help frame the issue, I sat down with Sophos CTO Joe Levy.

Iatrogenesis happens, followed by schadenfreude
“In responding to the occasional question about the claims of harm from endpoint security products, it occurred to me how strikingly similar such a belief system is to the anti-vaxxer movement. Both mean well, but unfortunately have the potential to do more harm than those they indict. Nonetheless, those who point out problems with antivirus make valid points,” Levy said. “All software has flaws.”

Levy offers two other observations:

  1. This is a case of yelling ‘iatrogenesis (harm caused by the healer) in a crowded theater. It is particularly sensational because of the irony, and in many cases, a source of schadenfreude (pleasure derived from the misfortune of others).
  2. The attack surface of security software is often enlarged by the level of privilege needed to operate efficiently (i.e. in the kernel) and to do the kind of work that it needs to (file/network interception, process termination, system cleanup, etc.)

Just as patients sometimes develop complications after surgery, security technology sometimes fails, creating unintended harm for the user, Levy said. When that happens, detractors love to swoop in and bludgeon the offender.

Levy noted that when medical care goes wrong, we don’t see the masses calling for the end of doctors and hospitals. In that situation, people may go to a lawyer that caters to medical malpractice cases (click here to learn more). Similarly, sometimes police make mistakes and do harm in the line of duty. When that happens there’s public outrage, but no one calls for the end of police.

Like modern medicine and law enforcement, the security industry has a very high obligation to protect their users from harm. That means not only demonstrating effectiveness against attacks targeting operating systems and applications but also against attacks targeting themselves. In light of this, prevalent security software, as well as healthcare and law enforcement software that stores large amounts of data, should be protected from malware attacks and cyberattacks.

But just as we still need hospitals and police officers, we still need those security tools, Levy said. While Microsoft continues to make great strides in the security of their operating systems and applications year over year, a look at the number of Microsoft vulnerabilities per year illustrates the continuing need for additional protections. Microsoft security holes between 2009 and 2016, as catalogued on the Common Vulnerabilities and Exposures (CVE) website, are as follows:

  • 2009: 74
  • 2010: 106
  • 2011: 103
  • 2012: 83
  • 2013: 106
  • 2014: 85
  • 2015: 135
  • 2016: 155

In five of the last eight years, Microsoft released more than 100 security bulletins in a 12-month period. The number of bulletins each year haven’t fallen below 75 since 2009. Antivirus remains the first line of defense when attackers work to exploit vulnerabilities in either software or the software’s human operators.

“We take our obligation to protect very seriously, and we make continuous investments in the tools and programs to improve the security of our products, from our SDLC (secure development lifecycle), to static/dynamic/runtime security tools, to our bug bounty program, to name a few,” Levy said. “We are genuinely grateful to those security researchers who practice responsible disclosure. All of us in the security industry, whether software vendors or researchers, seek to make information systems more secure.”

He added: “We should all take a sort of Hippocratic Oath to do no harm, and that means both holding ourselves to a higher standard for building secure software, as well as putting end users before glory or sensationalism. Failure at either is a form of negligence, but calls for extermination are silly and irresponsible. The focus should not be on kicking the other when they’re down, but on making each other better.”

SnoopWall NetSHIELD Nano Wins Best Network Access Control (NAC) in the Cybersecurity Excellence Awards

by

SAN FRANCISCO, Feb. 14, 2017 /PRNewswire/ — SnoopWall, Inc, the global leader in Breach Prevention, today announced receiving the coveted Cybersecurity Excellence Award for its tiny, powerful, cost-efffective NetSHIELD Nano breach prevention appliance.

“We’re humbled and honored to receive this prestigious award from our peers in the cyber and information security space,” said Gary S. Miliefsky, CEO of SnoopWall, Inc. “When small to medium enterprises (SMEs) are looking for a cost effective way to prevent breaches on their intranet networks, they look towards SnoopWall.  Our NetSHIELD Nano is an incredibly tiny, powerful and cost-effective breach prevention solution that any SME can afford.”

The Cybersecurity Excellence Award is a prestigious award that honors individuals, products and companies that demonstrate excellence, innovation and leadership in information security. This independent awards program is produced in cooperation with the Information Security Community on LinkedIn, tapping into the experience of more than 300,000+ cybersecurity professionals to recognize the world’s best cybersecurity products, individuals and organizations.

“Congratulations to SnoopWall for winning the 2017 Cybersecurity Excellence Award for Network Access Control (NAC) hardware with their tiny breach prevention Nano appliances,” said Holger Schulze, founder of the 350,000-member Information Security Community on LinkedIn which organizes the awards program. “With over 450 entries, the 2017 awards are highly competitive. All winners and finalists reflect the very best in leadership, excellence and innovation in today’s cybersecurity industry.”

Fitting within the palm of your hands, the patented NetSHIELD Nano is the world’s smallest network access control (NAC) and breach prevention intranet security appliance. This is a tiny, powerful, plug-in-and-protect solution that detects and blocks zero-day malware (0day), ransomware, remote access Trojans (RATs). In addition, in milliseconds it blocks rogue devices, manages the Bring Your Own Device (BYOD) dilemma and, with pinpoint accuracy, finds all vulnerabilities in trusted network assets/devices including on wired and wireless networks and all internet of things (IoT) devices. It has a complete standalone secure web-management interface, as well as support for all major switches, hubs, wireless devices and can send threat feeds to all SIEMs and SIMs over Syslog or SNMP traps plus email alerts. In addition, for larger organizations and MSSPs it can be completely managed remotely through the Command Center of the NetSHIELD Enterprise appliances.

About SnoopWall, Inc.

SnoopWall is the world’s first breach prevention security company delivering a suite of network, mobile and app security products as well as cloud-based services protecting all computing devices from prying eyes and new threats through patented counterveillance cloaking technology. SnoopWall secures mission critical and highly valuable confidential information behind firewalls with our award winning patented NetSHIELD appliances and with WinSHIELD on windows and MobileSHIELD on Google Android and Apple iOS mobile devices with next generation technology that detects and blocks all remote control, eavesdropping and spying. SnoopWall’s software products and hardware appliances are all proudly made in the U.S.A.