Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

Protecting the endpoint – Advice from Pros Not the vendors

by

It is rare to come across an article that is full of timely, accurate information on how to protect the endpoint, not whitepapers from specific vendors on why their endpoint products are the best, or picking the threat du jour and how to stop.

In the document from Tech Target – “Put Endpoint Security in Capable Hands”, provides clear and concise steps, to protect the endpoints, supplementary defenses, as well as a discussion on Cloud based endpoint security. Written by three highly respected individuals – Eric Cole, Michael Cobb and Karen Scarfone, it is well worth the time to download and read.

Download the paper

 

BitDefender Perspectives - Outsider Attacks Give Nightmares To CIOs, CEOs, CISOs

by

Cyberattacks via mobile devices, physical security and malware top the list of threats that US companies are not ready to handle, according to a recent Bitdefender study.

Outsider attacks give nightmares to US CIOs, according to a Bitdefender survey of 250 IT decision makers at US companies with more than 1,000 PCs. The survey notes that outsider attacks, data vulnerability and insider sabotage are the main threats companies aren’t ready to handle.

CIOs also know that cybercriminals can spend large amounts of time inside organizations without being detected; Advanced Persistent Threats (APTs) are often defined as threats designed to evade detection.

Accessing any type of data, whether stored in the private or public cloud, needs to be done via multiple authentication mechanisms, Bitdefender’s security specialists recommend. This should involve more than just usernames and passwords. For access to critical data, two-factor or biometric data offers additional control and authorization of qualified and accepted personnel. This is especially significant in organizations where access to critical and sensitive data is restricted, and only then under strict security protocols and advanced authentication mechanisms.

Image Source: Bitdefender

Insider sabotage is the third threat IT decision makers can’t yet handle
“To limit the risks of insider sabotage and user errors, companies must establish strong policies and protocols, and restrict the ways employees use equipment and infrastructure or privileges inside the company network,” recommends Bogdan Botezatu, Bitdefender’s senior e-threat specialist. “The IT department must create policies for proper usage of the equipment, and ensure they are implemented.”

In the past two years, companies witnessed a rise in security incidents and breaches, with a significant increase in documented APT type of attacks targeting top corporations or government entities (such as APT-28). This type of attack intends to exfiltrate sensitive data over a long period, or silently cripple industrial processes. In this context, concerns for security are rising to the top, with decisions taken at board level in most companies.

According to the Bitdefender survey of 250 IT decision makers at US companies with more than 1,000 PCs, IT decision makers, CISOs and CEOs are all concerned about security, not only because of the cost of a breach (unavailable resources and/or money lost), but also because their company’s reputation is at risk when customer data is lost or exposed to criminals. The more media coverage a security breach receives, the greater the complexity of the malware causing it. On top of this, migrating corporate information from traditional data centers to a cloud infrastructure has significantly increased companies’ attackable surface, bringing new threats and more worries regarding the safety of the data.

The demand for hybrid cloud, a mix of public cloud services and privately owned data centers, is estimated to be growing at a compound rate of 27% a year, outpacing overall IT market growth, according to researcher Markets and Markets. The company said it expects the hybrid cloud market to reach $85 billion in 2019, up from $25 billion in 2014. (Read the full white paper here.)

This survey was conducted in October 2016 by iSense Solutions for Bitdefender on 250 IT security purchase professionals (CIOs/CEOs/ CISOs – 26 percent, IT managers/directors – 56 percent, IT system administrators – 10 percent, IT support specialists – 5 percent, and others), from enterprises with 1,000+ PCs based in the United States of America.

Razvan, a security specialist at Bitdefender, is passionate about supporting SMEs in building communities and exchanging knowledge on entrepreneurship.

4 Reasons Why You Should Take Ransomware Seriously

by

From Dark Reading - Dan Larson

The threats keep getting more sophisticated and the stakes keep getting higher. Is your organization ready to meet the challenge?

According to a recent ransomware report from the Institute for Critical Infrastructure Technology (ICIT), 2016 saw a wave of ransomware attacks that were increasingly sophisticated and stealthy. The FBI forecast that the haul from ransomware would reach a billion dollars last year, and it seems as if no industry is safe from being targeted. As ICIT reports, even critical infrastructure entities such as healthcare organizations have become prime targets, with hospitals in the US and Germany paying ransoms rather than risk their patients’ lives.

Why is this alarming increase occurring? ICIT argues that it’s due to the highly profitable nature of ransomware attacks coupled with inadequate enterprise defenses. Combined, these two factors are attracting a more advanced breed of cybercriminal who is motivated by the potential of a bigger payout, faster and more anonymous — and thus less risky — than the advanced persistent threat exploits often used to steal credit card numbers and other sensitive data.

Compounding these challenges is the fact that law enforcement agencies have not provided a unified response to the ransomware threat, in some cases advising victim organizations to pay the ransom to retrieve their data. At the same time, criminal hackers have developed ways to circumvent standard security measures such as sandboxing and intrusion prevention systems.

If that’s not enough to convince you, here are four more reasons to take ransomware seriously:

  1. Ransomware continues to evolve. Whether your organization is the victim of a ransomware exploit that encrypts files or a type that encrypts the master boot record and blocks access to an entire system, the standard solutions you have in place may not be enough to protect you. New variants of ransomware are continually being developed. They employ an array of techniques aimed at circumventing your security, including deleting Volume Shadow Copies, making it impossible to restore from backup files or avoiding detection by hiding in Microsoft macros or JavaScript files. The criminals who develop ransomware have become so sophisticated that many are offering ransomware as a service, widening the pool of potential victims.
  2. Standard security solutions may not protect you. Ransomware’s ability to quickly change and mutate utilizing polymorphic or fileless malware has exponentially increased opportunities for ransomware to find its way into your organization. Conventional endpoint protection that relies on signature-based detection isn’t up to the task of finding ransomware before it strikes. Adding solutions such as whitelisting, the ability to detect indicators of compromise, or machine learning can increase your protection, but in some cases will be unable to prevent an attack. And unlike malware infections that slowly exfiltrate your data so that postinfection detection may minimize loss, in the case of ransomware, prevention is often your only recourse. Once ransomware enters undetected, your data is immediately encrypted and inaccessible, or your systems are locked down.
  3. Compliance may be at stake. Most organizations retain sensitive data that is subject to regulatory legislation mandating its protection. When a breach happens and data is exposed, the victim organization must inform its customers and partners, and can incur substantial fines if regulations are affected. Ransomware attacks may not result in protected data being stolen, but organizations are still responsible for alerting all their constituents if an attack occurs. This can cause significant damage to an organization’s brand. As Dark Reading reports, the Federal Trade Commission (FTC) has come down hard on companies that fail to protect their customers’ data. FTC Chairperson Edith Ramirez recently suggested that a company’s failure to take action to prevent a ransomware attack could result in enforcement action — even if the company hasn’t been the victim of an attack.
  4. Data recovery can be complex and costly. The cost and complexity of recovering files after a ransomware attack are why many companies, particularly smaller organizations, choose to pay the ransom. Even with a comprehensive backup system, in today’s widely distributed organizations, files can be located across hundreds of devices. Though the attack may begin on one laptop, the ransomware could have access to other systems connected to the laptop, resulting in a costly drain on IT resources as they struggle to map and contain the damage. Even worse, if you’re the victim of a new ransomware variant that’s able to delete your backup files, recovery won’t be an option.

The Best Defense Against Ransomware
To combat the escalating level of ransomware sophistication, organizations need a multifaceted approach with complementary prevention and detection methods. One important method is to focus on indicators of attack (IoAs), a form of behavior-based detection that looks at the underlying actions taken by the threat rather than trying to pattern-match a new file to a signature. An IoA can prevent multiple variants and versions of ransomware families, including new ones not detectable by known signatures or features. Coupled with endpoint detection and response, machine learning, and proactive threat hunting by security experts, organizations can ensure that they have the prevention capabilities in place to alert teams of ransomware attempts before encryption can be initiated.

Anti-Malware Is Necessary In The Data Center: 3 Examples

by

By Jeremiah Grossman - Dark Reading

Simply because data center endpoints don’t have the same threat profile as general desktops doesn’t mean they don’t need anti-malware software. Here’s why.

People often ask about the value of anti-malware software on data center endpoints such as Web servers, databases, file servers - the list goes on. This is a reasonable question because, with respect to malware, data center endpoints simply don’t have the same threat profile or business use-cases as general desktops, where users click on things all day, every day. Also, when endpoints don’t have all those pesky users, it would seem malware would have a much harder time getting onto data center endpoints. Yet, it happens all the time. How?

Before providing the best practices for a successful data center relocation, a security guidance is required. I would first like to share the most common attack patterns seen in the wild, and recommendations backed up by data. For this, I rummaged through the Verizon Data Breach Investigations Report (DBIR) 2016, which combines knowledge from more than 3,000 confirmed data breaches, and has a lot to say about malware usage.

The figure below, from the DBIR, presents an insightful attack pattern. What’s happening is, through a variety of extremely common techniques, such as phishing and others, a user’s desktop is compromised and infected with malware. While the data on this particular compromised endpoint may not be of high value, the malware is used to harvest static credentials (user names and passwords) just the same.

The next step in the breach is often to leverage the stolen credentials to pivot across the network, logging into point-of-sale systems, databases, Web servers, and file servers — where the real crown jewels are located — and infecting them with malware for command and control, and data exfiltration purposes. Since the threat actor is using valid credentials to access these data center endpoints, and not exploits, intrusion detection alarm bells are less likely to be triggered. So, in this case, if anti-malware software had been installed on these endpoints, that’s one more effective security control a threat actor would have had to bypass in order to obtain what they were after.

Another topic the Verizon DBIR discusses is “secondary motives.” For example, threat actors will compromise Web servers in the data center, often through exploiting SQL Injection or a PHP Remote File Include, and implant malware on the endpoint. The malware will typically have a couple of common purposes separate from data exfiltration.

One purpose is what’s referred to as a watering hole attack. The threat actor selects a certain website to compromise and serves up malware to a particular set of users - their primary targets - who are likely to visit the website. Another purpose is for the malware to launch spam campaigns or DDoS attacks on more primary targets.

Websites often have far more computing resources and bandwidth at their disposal than a typical user PC, which makes them attractive targets. Again, if sufficient anti-malware technology had been installed on Web servers, it would have made it that much harder for the bad guys to establish a foothold, even though they successfully exploited a vulnerability.

- Also read: Decommissioning An Outdated Server With Professional Help.

Count of Hashes by Lifespans in Seconds

Source Verizon DBIR

These examples show how important anti-malware software would have been in protecting against these unwarranted attacks. When reviewing common attack patterns, anti-malware software absolutely has value in the data center. With the introduction of new, signature-free next-generation approaches that use machine learning and dynamic behavior tracking, organizations can deploy this technology in a minimally invasive manner.

This is crucial to understand. As the Verizon DBIR also said, and the figure above illustrates, “99% of malware hashes are seen for only 58 seconds or less.” If we can disrupt the way adversaries generally conduct their operations, we can make the biggest impact in protecting our systems.

 

 

Malware Most Common Smart Hospital Data Security Threat

by

By Elizabeth Snell - HealthIT Security

The European Union Agency for Network and Information Security reviewed top smart hospital data security threats, mitigation techniques, and good practices.

Malware is the most common type of potential attack scenario for smart hospitals that poses a data security threat, according to a recent study from the European Union Agency for Network and Information Security (ENISA).

Smart hospitals have become more prevalent as Internet of Things (IoT) components support core functions of a hospital, ENISA stated in its study.

Information security is a key issue for these organizations, and malicious actions, human errors, system and third-party failures, and natural phenomena should all be considered as a potential threat.

“The risks that result from these threats and corresponding vulnerabilities are typically mitigated by a combination of organisational and technical security measures taken by smart hospitals which comprise good practices,” the report’s authors wrote. “With respect to organisational measures, compliance with standards, staff training and awareness raising, a sound security organisation, and the use of guidelines and good practices are particularly relevant.”

ENISA investigated the current status of Smart Hospitals and related information security issues, focusing on deployments in the EU for the study.

Respondents included hospital representatives, industry representatives, and policy makers.

Along with malware, those surveyed said that device tampering, social engineering, denial of service attacks, and theft, were also top attack scenarios for smart hospitals.

Traditional hospitals may also be vulnerable to these types of attacks, researchers noted. However, the consequences can be much more severe in connected organizations.

“Protection becomes difficult because, with the high number of networked devices, many potential points of attack are emerging,” the report states. “The consequences become more severe because information systems and devices are more intensely connected within hospitals and across organisational boundaries.”

Respondents also rated threat categories according to their likelihood of occurrence on a scale from 1 (low likelihood) to 5 (high likelihood). Human errors were the most likely to occur, according to the survey, while a natural phenomena was given the lowest likelihood of taking place.

“With respect to human errors, user errors, non-compliance with policies and procedures and loss of hardware, for instance, were perceived as posing considerable risk to smart hospitals,” the researchers explained.

However, malicious actions, which include threats from malware, social engineering, hacking, denial of service and device tampering, were considered particularly critical for smart hospitals by a larger group of respondents than human errors.

Specifically, 77 percent of respondents said that malicious actions were a critical threat, while 70 percent said human errors were the top threat. Just over half of those surveyed - 53 percent - listed system failures as a critical threat.

ENISA recommended that hospitals establish effective enterprise governance for cybersecurity, and also provide specific IT security requirements for IoT components in the hospital. Conducting a risk assessment and vulnerability assessment were also recommended, which are required for US organizations under HIPAA regulations.

Industry representatives should perform the following measures to enhance smart hospital data security:

  • Incorporate security into existing quality assurance systems
  • Involve third parties (healthcare organisations) in testing activities
  • Consider applying medical device regulation to critical infrastructure components
  • Support the adaptation of information security standards to healthcare

Several of these recommendations are also already being considered for US-based healthcare organizations.

For example, the National Health Information Sharing and Analysis Center (NH-ISAC), the Medical Device Innovation, Safety and Security Consortium (MDISS), and the U.S. Food and Drug Administration (FDA) Center for Devices and Radiological Health (CDRH) recently signed a memorandum of understanding to help organizations identify, mitigate, and prevent medical device cybersecurity threats.

The Information Sharing and Analysis Organization Standards Organization (ISAO SO) also released several documents in October 2016 on cybersecurity information sharing guidance, which focused on cybersecurity risks, incidents, and best practices. In terms of healthcare cybersecurity information sharing, one document discussed privacy and security aspects of cybersecurity risk.

“At a minimum, privacy considerations should include the individual members of an organization, the privacy of any individuals whose data may be included in cyber threat indicators to the extent provided by law, and a full range of other constituencies, customers, and individuals,” the document stated. “To adequately protect privacy while accomplishing the goals of an ISAO, it is important for the ISAO to provide guidance to members, participants, and ISAO staff that will be helpful in striking a balance between allowable sharing of cyber threat information and protecting privacy.”