Bitdefender Archives - Page 5 of 5

The Next Generation of Ransomware Might Leak you Data, Not Destroy It

2016/11/21 by admin

Security experts warn of new types of malware that threaten to publish instead of encrypt valuable, confidential information.

Right when internet users have learned to be wary of malware that encrypts files and holds them for ransom, security experts are warning that digital extortionists are taking more aggressive steps to get paid.

“You’re seeing different techniques with the goal of improving the conversion rates of people actually paying,” says Jerome Segura, lead malware intelligence analyst at the security firm Malwarebytes.

Instead of simply encoding files so that users can’t access them, some blackmailers armed with a new kind of malware called doxware are threatening to leak potentially sensitive files to the public if a ransom isn’t paid, says Chris Ensey, COO of Dunbar Security Solutions.

“This is a very recent change in the tactics they’re using,” he says, noting that they’ve appeared only within the past few months.

Dunbar has yet to see malware make good on threats to leak data, and Ensey says that at least some variants appear to display fake progress bars purporting to show data transfers to attackers’ servers without actually uploading any files. Storing and leaking files is logistically more difficult than just encrypting them on victims’ own computers, experts say.

But Ensey predicts that by next year there will be actual data leaks attributed to ransomware, if only to motivate more attack victims to pay the ransom.

“I would not guess that we’re far off from public examples of that,” he says.

Previously, security experts advised companies and individual users to make regular backups of important files so they’d be ready to restore them if they were encrypted or damaged by malware. But that’s of less help if malware creators instead threaten to distribute information, potentially exposing companies to liability, or individual users to embarrassment or risk of identity fraud, he says.

“My thinking now is that organizations really have to focus on: How do we isolate sensitive or private information from places where ransomware tends to find itself?” he says. “You have to make it so it’s incredibly hard for that ransomware to touch or gain access to any kind of sensitive data through a standard channel.”

Preventing leaks by computers infected with malware is ultimately similar to protecting data against insider threats. That means that organizations shouldn’t simply have an unencrypted network drive with confidential materials like sensitive business plans or medical records, Ensey says.

Earlier versions of ransomware have already struck institutions with large troves of mission-critical, confidential information, such as hospitals, which could be motivation enough for entities to pay to keep patient records from falling into the wrong hands. But individual consumers represent the bulk of ransomware victims, according to a report released in April by the security firm Symantec. People could feel forced to pay to safeguard anything from financial and medical documents to explicit pictures, particularly if ransomware attacks on smartphones become more common.

“The variants that are out today are mostly Windows-based, so it’s desktop computing,” Ensey says. “If they can adapt it to mobile, I think then you might have an audience for this that would in fact pay the ransom.”

Ransomware creators have recently gotten more aggressive in other ways, too, according to Segura, sometimes actually permanently deleting files rather than leaving them encrypted if victims don’t quickly pay up. Some malware varieties have also focused their energies on particular classes of files likely to be of interest, such as spreadsheets, and future attackers may well use more sophisticated prices to determine how much ransom to charge.

“It’s a business decision. Like marketers, how do you [set] the price?” Segura says. “Finding the sweet spots where people are willing to pay is really important to the economics of the ransomware business.” That might mean charging more when it comes to victims with more apparent business documents or photos, or adjusting ransom amounts for targets in certain geographical regions.

Users looking to stay safe should maintain multiple backups to minimize the risks from disk-encrypting malware and keep sensitive information encrypted or off networked machines altogether. Once files are leaked, it can be difficult or impossible to remove them from the internet.

“If the information is published in some server that’s out of U.S. jurisdiction, for example, then having that information taken down is going to be very, very difficult,” Segura says. That applies equally to business data and sensitive personal files like texts and photos.

“If you think you don’t want your mother or grandmother to see that picture, think about putting it somewhere secure, because you don’t want it leaked,” he says.

Outsider attack, the main cyber threat US companies are not prepared for

2016/11/17 by admin

By Razvan Muresan, Bitdefender - Business Insights

The main cyber threats companies are not prepared for are: outsider attack (43%), data vulnerability (38%), insider sabotage (35%), user errors (35%), and phishing (35%), according to a Bitdefender survey on US IT decision makers.

Outsider attacks and data vulnerability pose a significant risk for all companies and represent the main threats that companies are unprepared to handle, and CIOs are aware that cybercriminals can spend large amounts of time inside organizations without being detected - APTs are often defined as designed to evade detection.

Cyber criminals also use tactics to draw attention away from what they are doing and where they have succeeded, while these cyberattacks impact business decisions, mergers/acquisitions and competitive positions, as recent reports confirmed.

“To limit the risks of insider sabotage and user errors, companies must establish strong policies and protocols and restrict the ways employees use equipment and infrastructure or privileges inside the company network,” Bitdefender’s Bogdan Botezatu, Senior e-Threat Specialist recommends. “The IT department must create policies for proper usage of the equipment, and ensure they are implemented.”

In the past two years, companies witnessed a rise in security incidents and breaches, with a significant increase in documented APT (Advance Persistent Threat) type of attacks targeting top corporations or government entities (such as APT-28). This type of attack is intended to exfiltrate sensitive data over a long period or silently cripple industrial processes. In this context, concerns for security are rising to the top levels, with decisions taken at the board level in most companies. Both IT decision makers and CEOs are concerned about security, not only because of the cost of a breach (unavailable resources and/or money lost), but also because the reputation of their companies is at risk when customer data is lost or exposed to criminals. As real cases have shown, the bigger the media coverage a security breach receives, the greater the complexity of the malware causing it. On top of this, migrating corporate information from traditional data centers to a cloud infrastructure has significantly increased companies’ attackable surface, bringing new threats and more worries to CIO offices regarding the safety of their data.

Read the full white paper here.

Methodology

This survey was conducted in October 2016 by iSense Solutions for Bitdefender on 250 IT security purchase professionals (CIOs/CEOs/ CISOs – 26 percent, IT managers/directors – 56 percent, IT system administrators – 10 percent, IT support specialists – 5 percent, and others), from enterprises with 1,000+ PCs based in the United States of America.

More than half of the organizations surveyed are from the IT hardware and software / electronic and electrical engineering industries, while 24 percent are from manufacturing, 6 percent from transportation, 4 percent are providers of telecommunication services, 4 percent are utility or public services companies, and the rest come from construction, retail, distribution, media or other industries.

Some 62 percent of the organizations surveyed have over 3,000 employees, 14 percent between 2,000 and 2,999, and 24 percent between 1,000 and 1,999.

Regarding IT infrastructure development in the organizations, 39 percent of the companies have 3,000+ computers, 21 percent between 2,000 and 2,999, and 40 percent between 1,000 and 1,999. The average proportion of employees working on computers in the organizations surveyed is 74 percent.

Geographically, a third of the organizations are in the West, 30 percent in the North-East, 28 percent in the South and 11 percent in the Mid-West.

Call centre agents warned about malicious email attachments from potential customers

2016/11/15 by admin

by Howard Solomon - IT World Canada

Contact centre agents should be warned about allowing alleged customers sending them email with attachments after a security vendor discovered a new wave of attacks against three customers including North American hospitality companies, attacks similar to ones from the Eastern European based Carbanak crime group

In a blog posted Monday, Trustwave said it came to that conclusion after investigating incidents.

In one instance an attacker called a customer contact line saying that they were unable to use the online reservation system so wanted to send their information to the agent by email attachment, said the report. The attachment was a malicious Word document that contained an encoded .VBS script capable of stealing system information, desktop screenshots, and to download additional malware. The malware replaced text in a Word document with that of its own, which to the agent looks like a request for information from the hotel for a corporate function.

The malicious VB Script will use macros to search for instances of Microsoft Word running on the system, if found, it will clear the existing text and replace it. “This malware was capable of stealing significant system and network information,” says Trustwave. “It was also used to download several other reconnaissance tools to map out the network.” Downloaded tools have included Nmap, FreeRDP, NCat, NPing, and others.

Beaconing messages are sent out to 179.43.133.34 via standard HTTP GET requests every five minutes, said Trustwave, to let a command and control server know a system has been compromised. “Using this simple methodology allows the beaconing to hide very well within standard corporate network traffic.” However, the report adds, its uniformity of structure also allows analysts to identify it relatively quickly as well.

If not stopped, however, the process downloads malware that executes a new iteration of svchost.exe and injects its malicious code into this running process. This hides the malware within the svchost.exe process. It then searches Kaspersky antivirus processes and terminates them if running on the victim system.

It then downloads kldconfig.exe, kldconfig.plug, and runmem.wi.exe, which Trustwave says are all well-known Carbanak malware tools. Variations of them were used in the banking intrusions in 2015. Additionally, the decrypted code references “anunak_config” which is the encrypted configuration file that it downloads from its control server. The Anunak crime group is generally believed to be synonymous with Carbanak.

“This malware is very multi-functional as it can enable remote desktop, steal local passwords, search user’s email, target IFOBS banking systems (which Carbanak used so effectively in recent banking attacks), or install completely different remote desktop programs, such as VNC or AMMYY … Finally, this malware, like so many others, is designed to target credit card data by scraping memory on Point-of-Sale systems., which is presumably the end goal.”

In short, “the attacker uses social engineering to gain their foothold in the victim network, downloads reconnaissance tools to scan the network and move laterally into the card holder data environment, and then infects systems able to process card transactions.”

“The persistence, professionalism, and pervasiveness of this campaign is at a level rarely seen by Trustwave.” says author Brian Hussey, the company’s director of global incident readiness and response. “The malware used is very multifaceted and still not caught by most (if any) antivirus engines. The social engineering is highly targeted, conducted via direct phone calls by threat actors with excellent English skills. The network reconnaissance and lateral movement is rapid and highly effective. Finally, the data exfiltration methodology is stealthy and efficient.”

Have a question on how to protect yourself - give us a call 866-431-8972.

The pitfalls of IoT devices and how to address them

2016/11/15 by admin

by Luana Pascu - Hot for Security, powered by Bitdefender

Many challenges affect IoT security, and the top issue is that no connected device can be secured 100 percent. What’s worse is that not much has actually improved since Former US Vice President Dick Cheney’s wireless pacemaker was disabled to prevent attempts on his life. That was nine years ago!

Recent DDoS attacks prove that 500,000 devices can be hacked in less than five minutes and turned into botnets, because they haven’t been, or can’t be, updated. Some researchers expect connected devices to reach 50 billion by 2020 while others forecast 20 billion by that date. One thing is clear; the number is growing to four devices per user, at least, and we haven’t seen the worst yet. What will happen when billions of connected devices, with old software, are turned into weapons to attack organizations, cities and even governments?

IoT security is right where we left it nine years ago, although the number of connected devices keeps on soaring. This issue is vital but manufacturers keep ignoring it, while users are as naïve as ever. The only winners in this are hackers, who take advantage of the many opportunities created by the lack of infrastructure to protect IoT and mobile devices. If you are having problems with IoT security check out these Internet of Things services.

We’re going through tremendous online transformation, yet the threats we’re dealing with are “beyond the devices used, as hackers will not only target your devices but all the data stored in the cloud,” Emmanuel Schalit, CEO of Dashlane, a password managing company, said in a panel talk at WebSummit last week about how to protect connected devices.

We already know users are a liability, but they also carry great responsibility. Even high-profile officials come up with the weakest passwords and reuse them for multiple accounts. Remember the Podesta email leak fiasco?

Most likely, password security is not the answer anymore. In fact, we need to get rid of them and find a way to secure IoT without involving humans because “consumers have a short memory on breaches,” said Rami Essaid, co-founder of Distil Networks. Instead of demanding better security, users expect dozens of fancy features which only increase security risks.

“Human authentication is not scalable because you can’t type passwords or download firmware updates every day for each device in your smart home,” explained Essaid.

IoT devices are entry points for hackers, but smart homes are not the only areas posing risks to our privacy and safety. Power grids, medical devices, water mains and smart meters collect critical data in real time and, if abused, the consequences could be crucial for entire city infrastructures. These devices need unique in-built security that stands the test of time, even 10 – 15 years from now, so vulnerabilities can’t turn them into backdoors to the cloud. Upgradeability may solve a problem or two, if properly focused on the future, to ensure security holes are detected as soon as possible instead of a year later, as is the case now.

Although governments have made some effort to come up with measures, chances of having unitary regulations for IoT are small, mostly because governments are at least five years behind when it comes to understanding technology and the industry, added Essaid. As we can’t rely completely on governments and manufacturers to fix this problem in the near future, educating users about the importance of online security is the most important step forward.

Bitdefender Adds Enhanced Anti-Exploit Technologies

2016/11/11 by admin

Enhanced Anti-Exploit provide extra layer of protection against world’s most pervasive types of attacks.

Bitdefender, the innovative security software solutions provider, today announced the addition of a new security feature in the GravityZone product line named Enhanced Anti-Exploit, while also complementing ransomware protection by integrating its ransomware vaccine tool directly in the products. The update is available immediately to existing customers in the latest version of products of the GravityZone line, both Cloud and on-premise.

Advanced persistent threats have not only multiplied over the past years, but also reached new levels of complexity. An attack such as the Monsoon APT which exploits a vulnerability while leaving little to no traces of malicious code, can now be stopped dead in its tracks.

“Advanced persistent threats have completely changed the security game, making it fundamentally more difficult for IT security teams to detect and remediate breaches in the company network,” said Harish Agastya, VP of Enterprise Solutions at Bitdefender. Our innovative take at detecting zero-day threats monitors interactions with specific software, making sure that any anomalous behavior is stopped before it inflicts any damage”.

Bitdefender’s new anti-exploit protection is designed to tackle evasive exploits to help reduce the APT attack surface and minimize the risk of being targeted. The new technology works by zooming in on potentially vulnerable software and running a structural analysis during key execution points. If an anomaly is detected, admins can choose to automatically block the execution or to simply be notified.

With this additional feature, advanced attacks are stopped before the payload actually reaches the client’s infrastructure, thus greatly increasing the costs of attacks for targeted threat actors, be them civilian entities or hostile governments. During the testing stage, the Enhanced Anti-Exploit technology was able to block all Flash Player exploits discovered during the past year, including zero-days.

In the first three months of 2016, spam email with file attachments, the primary vector for ransomware infections, increased by 50%, according to data from the Bitdefender Antispam Lab. To date there are roughly 2.6 million known unique samples of ransomware and the numbers keep growing, with DIY ransomware creation tools readily available.

In order to further enhance our protection against ransomware, we have also complemented our two existing anti-ransomware defense technologies – our engines which use advanced machine learning and the Advanced Threat Control feature– by integrating our ransomware vaccine previously available as a standalone tool directly into the GravityZone products.