Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

Sophos #1 in Exploit Protection

by

Sophos blocked 34 out of 35 exploits tested, while the next highest score was 22 out of 35.

Exploits are the techniques that attackers use to gain access and control of computers. Common bugs and vulnerabilities found in popular, legitimate software can be leveraged as exploits to steal data, hold files for ransom, perform reconnaissance, or simply to deploy malware.

Attackers rely on exploits the same way video game characters rely on their weapons toolkits: without them, it would be like going into battle unarmed. And despite being extremely popular for attackers, many defenses remain vulnerable to exploits, since the software often being exploited – Microsoft Office, Adobe Reader, and the like – is generally considered “safe” by security products.

This would seem to make exploit testing a no-brainer for vendor comparison services. The problem, however, is that due to the constantly evolving nature of software vulnerabilities, exploit-based attacks are some of the most difficult scenarios to test.

Fortunately, MRG Effitas managed to develop reliable and repeatable exploit testing scenarios and has recently released its “Exploit and Post-Exploit Protection Test” report. Commissioned by Sophos, this report compares the exploit-stopping abilities of nine different endpoint products.

As you can see in the chart below, Sophos far outperformed other vendors at stopping exploits: Level 1 means that the product blocked the exploit, and Level 2 means that the exploit was missed but the attack was stopped via other methods.

Sophos Exploit Protection

Sophos blocked 34 out of 35 exploits tested, while the next highest score was 22 out of 35. In fact, most vendors weren’t even able to stop half of the exploits that Sophos was able to stop.

This test was a follow-up to MRG’s previous report on malware protection. In that commissioned report, Sophos ranked #1 for both malware protection and potentially unwanted application (PUA) protection.

To summarize the test results from the two MRG Effitas reports:

  • Sophos ranks #1 in exploit prevention
  • Sophos ranks #1 in malware protection
  • Sophos ranks #1 in potentially unwanted application prevention

Contact us for more information on the Sophos Endpoint, or you can watch one of the on-demand webinars on Sophos discussing the deep learning in the Endpoint, CryptoJacking and more -

The Anatomy of a Hack

by

Sophos Cybersecurity Advisor James Lyne appeared on NBC recently, where he talked about the state of cybersecurity and what we can all do to protect ourselves and our information. It’s an important, realistic look at the state of our data, and what we can do to stay ahead of the bad guys.

Take a moment to scan the results of this survey of 2,700 industry pros to learn more about how to protect your business. - Survey Results

Learn more about protecting your business from Ransomware and other never-before-seen threats before they disrupt your business and impact your bottom line - Check out Sophos’ Whitepaper on Exploits Interrupted.

If you have questions on any of the Sophos Products or how to ensure your employees do not inadvertantly open an email with malicious content - contact us at [email protected], by phone 866-431-8972, or use the chat window.

 

KnowBe4 Adds ThinkHR Training Modules

by

KnowBe4’s scope of training materials expanded beyond security awareness to address HR concerns

KnowBe4, providers of the world’s largest security awareness training and simulated phishing platform, today announced that it has added new training modules from ThinkHR to its arsenal of training materials.

ThinkHR combines live human resources with innovative online technology to deliver trusted knowledge solutions that enable organizations to thrive. Their industry-leading HR knowledge products help their partners strengthen their client relationships and win more business. HR professionals use ThinkHR’s tools to be more effective in their roles, while business and risk ThinkHRmanagers leverage its industry-leading team of HR advisors for compliance and risk guidance. And, all employers benefit from their HR compliance tools while building a positive and productive workplace.

“We’re constantly looking for new and exciting ways to freshen up our training content modules,” said Stu Sjouwerman, CEO, KnowBe4. “ThinkHR brings KnowBe4 into an entirely new training arena for the company – the HR space. We’re pleased to be able to offer this new, innovative content to our customers.”

“We’re excited KnowBe4 selected our award-winning training content as the next big addition to their security platform,” said Doug Doyle, CMO at ThinkHR. “Well-trained employees are a company’s most powerful firewall. Our mutual commitment to combining the best of SaaS technology and human expertise is the basis for this valuable partnership.”

The content is centered around HR compliance issues such as FERPA, harassment training, physical security, and managerial training with most modules running between thirty and sixty minutes each. The training will be available in the KnowBe4 “Mod Store” for its Diamond Level customers.

 

Phishing Attack Bypasses Two-Factor Authentication

by

Hacker Kevin Mitnick demonstrates a phishing attack designed to abuse multi-factor authentication and take over targets’ accounts.

Kelly Sheridan - Dark Reading - May 10, 2018

Businesses and consumers around the world are encouraged to adopt two-factor authentication as a means of strengthening login security. But 2FA isn’t ironclad: attackers are finding ways to circumvent the common best practice. In this case, they use social engineering.

A new exploit, demonstrated by KnowBe4 chief hacking officer Kevin Mitnick, lets threat actors access target accounts with a phishing attack. The tool to do this was originally developed by white hat hacker Kuba Gretzky, who dubbed it evilginx and explains it in a technical blog post.

It starts with typosquatting, a practice in which hackers create malicious URLs designed to look similar to websites people know. Mitnick starts his demo by opening a fake email from LinkedIn and points out its origin is “llnked.com” - a misspelling people will likely overlook.

Those who fall for the trick and click the email’s malicious link are redirected to a login page where they enter their username, password, and eventually an authentication code sent to their mobile device. Meanwhile, the attacker can see a separate window where the victim’s username, password, and a different six-digit code are displayed.

“This is not the actual 6-digit code that was intercepted, because you can’t use the 6-digit code again,” Mitnick says in the demo. “What we were able to do was intercept the session cookie.”

With the session cookie, an attacker doesn’t need a username, password, or second-factor code to access your account. They can simply enter the session key into the browser and act as you. All they have to do is paste the stolen session cookie into Developer Tools and hit Refresh.

It’s not the first time 2FA has been hacked, says Stu Sjouwerman, founder and CEO at KnowBe4. “There are at least ten different ways to bypass two-factor authentication,” he explains in an interview with Dark Reading. “They’ve been known about but they aren’t necessarily well-published … most of them are flying under the radar.”

These types of exploits are usually presented as concepts at conferences like Black Hat. Mitnick’s demo puts code into context so people can see how it works. This can be used for any website but an attacker will need to tweak the code depending on how they want to use it.

To show how the exploit can make any site malicious, Sjouwerman sent me an email tailored to look like it came from Kelly Jackson Higgins, reporting a typo in an article of mine:

sample phishing email

When I clicked the link, I ultimately ended up on Dark Reading but was first redirected to a site owned by the “attacker” (Sjouwerman). In a real attack scenario, I could have ended up on a truly malicious webpage where the hacker could launch several different attacks and attempt to take over my machine. Sjouwerman sent a screenshot of what he saw while this happened:

KnowBe4 Domain Spoof Test

Event types go from processed, to deferred, to delivered, to opened.

“You need to be a fairly well-versed hacker to do this - to get it set up and have the code actually working,” he notes. This is a one-on-one attack and can’t be scaled to hit a large group of people at the same time. However, once the code works, the attack is fairly simply to pull off.

“You need to have user education and training, that’s a no-brainer, but you also have to conduct simulated phishing attacks,” Mitnick says in his demo.

Sjouwerman emphasizes the importance of putting employees through “new school” security awareness training, as opposed to the “death by PowerPoint” that many employees associate with this type of education. Instead of putting them through presentations, he recommends sending them phishing attacks and conducting online training in the browser.

Ransomware Attacks Double for Second Year in a Row

by

Dark Reading - Sara Peters - News

Outside attackers still the biggest problem - except in healthcare.

After doubling in 2016, the frequency of ransomware attacks doubled again in 2017, according to findings in the latest Verizon Data Breach Investigations Report (DBIR).

The 2018 DBIR is the 11th edition of the report, and includes data not only from forensic investigations conducted by Verizon, but also 67 contributing organizations. In total, the report covers analysis on over 53,000 incidents and 2,216 breaches from 65 countries.

Ransomware was found in 39% of the malware-related cases covered in the report. Dave Hylender, Verizon senior network analyst and co-author of the report, says he was “a bit surprised” at an explosion of that magnitude.

The type of targets is changing as well. “When we first started seeing [ransomware], it was smaller organizations, one desktop, one laptop,” says Hylender. “Now it’s more widespread and affecting critical systems,” including servers.

Further, attackers are using ransomware for more than collecting ransom payments. They’re also employing ransomware to distract, disrupt, or destroy - as part of a multi-pronged attacks or a ransomworm like NotPetya, for example.

“There are a lot of things that are going under the guise of ransomware,” says Hylender. He cites an example in which an attacker requested payment, but made it almost impossible for themselves to decrypt the data even if they receiveed the payment; the goal was definitely to disrupt or wipe data.

“I think [ransomware] is growing because it’s continuing to work, but that kind of attack is [also] one of the reasons it’s growing,” he says.

Read Full Article ->