Malware Archives - Page 2 of 17

10 Cyber Security Threats to keep you awake at night

2017/04/06 by admin

Businesses have cause to celebrate the benefits of technology - but fear it as well - as cyber-security journalist Tom Reeve explains.

From word processing, accounting packages and emails to process automation, just in time shipping and online sales and marketing, the hardware and software that drives modern businesses have enabled massive jumps in productivity while driving down costs.

However, the very technology that enables your business – your entire IT infrastructure from the boardroom to the shop floor – may be hijacked by attackers to eat your organisation from within.
This goes beyond losing control of your Twitter account or the front page of your website being defaced – it is a battle for your data and your money.

You may consider cyber-security as an IT issue or something that falls under the remit of the audit committee, but IT is everywhere and organisations ignore cyber-security at their peril – just ask TalkTalk, Tesco Bank and Camelot, to name just a few.

In a series of articles I will look at who these attackers are, what they are looking for and how you and your board of directors can fight back against the hackers.

But first, let’s take a quick tour through 10 of the biggest threats facing organisations, large and small.

1. Network infiltration is the basis for many high-profile attacks, and it involves exploiting weaknesses in software, systems, hardware or staff to gain privileged access to servers and workstations. There are many ways to hack your network and cyber-security experts will tell you that it’s not a matter of if you get hacked – but when.

Once the attacker has gained entry to a trusted device on your network, then he’s spoilt for choice: steal the data on the computer, spy on the user to glean further usernames and passwords to other devices, lock the user out (see ransomware) or exploit weaknesses in the corporate network to force his way into other machines. Or he could harness the machine as part of a botnet, using it to send spam or attack computers outside your network.

Last year, it was revealed that Australian government systems, including a branch of the Defence Department, had been infiltrated repeatedly in the past five years, leading to the loss of plans for a geostationary satellite system among other things.

2. Ransomware is pretty much what it says on the tin, a new wrinkle on an attack that’s about as old as humanity itself. Ransomware is notable for being the one cyber-attack that goes out of its way to advertise itself. While other malicious software conceals itself, ransomware only hides for as long as it takes to encrypt your files. Then it launches a big banner proclaiming your new status as its victim.

Ransomware creators are noted for their excellent “customer” service. Their business model relies on teaching the victim how to do something that they probably haven’t done before: purchase bitcoins. They often include tutorials and even videos detailing each step.

Angela Sasse, professor of human-centred security at UCL, has interviewed victims about their experience of being attacked, and she says they often rave about how helpful the ransomers have been. However, this is to miss the point: by paying them, you are supporting their criminal business model and the advice from law enforcement, at least officially, is not to pay.

3. Trojan horses are a class of attack in which the harmful payload is hidden inside another ‘beneficial’ program, the most insidious examples of this being programs that claim to rid your computer of viruses or fix common configuration problems. Once downloaded, they will often ask for administrator rights on your device, be it a desktop, tablet or mobile phone.

Having enslaved your machine, a Trojan will typically open a connection to the internet and attempt to connect to a command and control server. Sometimes it will lie dormant, making it harder to detect and investigate the source of the attack. But when he’s ready, the attacker can download his choice of malware including keyloggers for sniffing passwords, botnet controllers to turn your machine into a DDoS robot and network intrusion tools to gain access to other machines.

Some Trojans have even been known to eliminate the competition by installing antivirus software and cleaning out other malware it finds on its host. Trojans are an effective and popular way to control computers, and even intelligence agencies have been known to employ them.

In the past year we have seen Trojans which bypass security on the Chrome browser, target customers of online Russian banks and even one designed to manipulate currency rates.

4. Phishing is an attack on your staff aimed at luring them into giving away passwords and other sensitive information. Dressed up as an email from a trustworthy source, it can appear to come from someone the person knows such as a friend or colleague or a bank or government agency.

Through training and vigilance, the incidence of successful phishing attacks can be reduced, but even so, the most savvy of users can fall for this attack if they aren’t paying attention.

Phishing attacks are usually sent to thousands of users at a time, but a more refined version of the attack, called spear-phishing, targets individuals. After carefully researching their victim, often using sources such as social media and publicly available corporate records, the attacker will write an email that sounds as if the the sender knows the recipient personally.

Phishing and spear-phishing were used to gain access to the email accounts of Democratic Party officials in the US ahead of the presidential election, and is also the most common type of malicious email that most people receive. Learning to spot them is one of the most effective skills you can learn for online survival.

5. Whaling is considered a variation of phishing even though it doesn’t contain any malware. Instead, it seeks to deceive the recipient into believing that it was written by a trusted figure – such as the company boss or a supplier – with instructions for wiring money.

In one well-known case, Ubiquiti, a manufacturer of network devices, was scammed out of $46.7 million (£37 million) by “an outside entity targeting the Company’s finance department. This fraud resulted in transfers of funds aggregating $46.7 million held by a Company subsidiary incorporated in Hong Kong to other overseas accounts held by third parties,” according to an SEC filing.

And slightly closer to home, last year, two European manufacturers – Leoni AG and FACC – lost €40 million each in separate whaling attacks. In the case of FACC, the CEO and CFO were both sacked.

6. Supply chain attacks come from trusted suppliers who have privileged access to your corporate network. Organisations often trust their suppliers with sensitive information and access to their internal organisation while forgetting that suppliers don’t always have perfect control over their own IT networks.

In one well-known case in 2013, Target Stores in America was compromised by an HVAC service provider which had access to the retailer’s internal networks through a purchase order management system. Attackers gained access to Target through the HVAC supplier and then waited several months, until the Black Friday shopping weekend, to launch a massive attack against thousands of point-of-sale terminals, stealing details on 110 million people.

7. Zero-day vulnerabilities are a class unto themselves. All software packages are thought to have vulnerabilities, and responsible developers patch them as quickly as they can once they become aware of them. Responsible disclosure is a process whereby security researchers inform companies of the problem and give them the opportunity to patch the problem before it is announced to the wider computing community.

However, malicious researchers, sometimes called black hats, don’t disclose vulnerabilities when they discover them because hidden vulnerabilities are valuable. Zero-days – so-called because developers have zero days to respond to them – are traded by criminal groups and even nation states for up to half a million dollars in some cases.

However, most organisations don’t need to worry about zero-days for the simple reason that they only retain their value for as long as they remain unknown. The more a zero-day is used, the more likely it is to be discovered. Organisations need only ask themselves, are we worth a zero-day attack? If not, move on – there are enough other things to worry about.

8. Vulnerable equipment and software is less about deliberate attacks and more about manufacturers’ sloppy security practices. In the rush to get a product to market, or keep costs as low as possible, security often takes a backseat.

When acquiring new hardware or software, ask yourself if you can trust the supplier. A little research on the internet can reveal whether the manufacturer has been cited in many security research reports.

Even brand names are not immune. It was recently revealed that Honeywell SCADA controllers – network-connected devices for controlling industrial processes – contained insecure password data and were also vulnerable to “path traversal” attacks. And CISCO regularly publishes security alerts alongside software updates, detailing vulnerabilities that it has discovered and fixed.

9. BYOD are those personal devices that staff use to connect to your network. Whether it’s a mobile phone or a tablet, every time you allow a member of staff to connect their device to your network, you are shaking hands with a computer of unspecified pedigree and unknown hygiene.

Consider why you are allowing these mobile devices to access your network, and if it is just to allow them to use the Wi-Fi, consider setting up an isolated network for this purpose.

10. Denial of service is an attack that can bring your website or cloud services grinding to a halt. A common attack method, known as distributed denial of service (DDoS), typically employs a botnet of thousands of compromised computers to flood a victim’s server with packets of useless information.

The target becomes bogged down in the sheer number of requests it is forced to handle in attacks lasting minutes or days, slowing and sometimes crashing the device.

In a new wrinkle on this tried and tested attack, attackers are using the Mirai malware to take over internet-connected CCTV cameras and digital video recorders and launching the biggest DDoS attacks ever seen. Last year, Twitter, Spotify, Netflix, Amazon and Reddit were among the many websites taken offline for several hours by an attack on the Dyn DNS service which appears to have been enabled, at least in part, by a Mirai botnet.

So there you have it – ten cyber-threats facing your organisation.

To find the best endpoint security tools, focus on these features

2017/03/15 by admin

Finding the best endpoint security for your enterprise is a complex, ever-changing task. Learn what features tools offer now to protect endpoints touching the enterprise systems.

By Kevin Tolly - Tolly Group

When McAfee was formed in 1987 to sell the first commercial antivirus package, it set a baseline approach that has persisted to this day: Have a list of character strings that are unique to particular viruses and then scan files (and those files in memory) for the strings. Generally, if the scanner found one of the strings (the virus’s signature), it had very probably found a virus.

As other vendors emerged, they battled over their effectiveness at various aspects of this passive scanning approach. They focused on compiling the biggest, most comprehensive database of virus and malware signatures. The best endpoint security software available simply scanned for “bad” signatures every time a file was downloaded or opened. We use custom software development services so we know we’re getting the best software that we need for our business. Vendors would boast about having better research teams to catch more viruses.

A number of additional virus-hunting techniques were introduced over the years — heuristic scanning to deal with polymorphic viruses that purposefully avoided having consistently scannable signatures, allowing the software to run but cordoning off its requests to the operating system to watch for malicious behaviors, and the introduction of reputation-based ratings to score the likelihood that a given executable could be relied on to be safe. But the basic pattern held: A monolithic software package at the endpoint watched all the new files and called out known bad actors.

Recently, though, the enhancements have begun to overtake the core static scanning components of antivirus software. “Next-gen” endpoint security tools have emerged as a new product category with specific characteristics.

Real-time a defining trait of next-generation endpoint security

Signature files are static and threats are dynamic. At a certain point, it simply became impractical (if not impossible) to update signature files incessantly and instantaneously in an attempt to contend with zero-day threats. These are by definition threats that no virus collector has yet catalogued as of the moment they are launched.

So, if anything, “real-time” is the defining characteristic of the best endpoint security offerings in the next generation of tools. For many products, this means jettisoning the endpoint-resident signature file altogether and using different means to ferret out viruses and malware.

Analysis replaces signature matching

In next-gen tools, the best endpoint security offerings replace signature matching with analysis (in real-time, of course). Different products, naturally, will analyze different aspects and attributes to determine if a piece of code represents a threat to the endpoint.

Some of the analysis techniques have evolved from traditional endpoint products. For example, reputation analysis has been in use for a number of years. This technique generally involves searching a database containing lists of known “bad actor” IP addresses and websites that have been confirmed to be sources of malware.

For some traditional vendors, moving to next-gen tools means taking various techniques that they have developed over the years within their traditional product line and integrating to provide a more effective solution.

Many security products will evaluate multiple attributes of a piece of code. Each piece of information would be used to build a risk score that, ultimately, would help the tool determine whether the code should be blocked. One next-gen vendor claims to have developed over six million possible indicators of malware and uses that information to determine whether a given piece of code is malware.

Isolation aids analysis

Another variation of analysis involves simply letting the suspect code run on your system, to analyze what it does. If it tries do something bad, like erase files or make outbound network contact without authorization, then by definition it is malware and should be contained.

This approach, known generally as sandboxing, is not new. What is new is the implementation: One vendor leverages the high-performance virtualization features built into most PC hardware these days. That vendor creates a micro VM that can be termed a one-sample sandbox. The code is run, its behavior analyzed, a threat decision is made and the VM is discarded. Every sample gets its own fresh VM within which to run and be analyzed.

Even best endpoint security tools can’t do it all

In the realm of next-gen endpoint security, niche vendors are continually coming up with new takes on the issue. There are always new features being added. But it’s also important to understand what next-gen endpoint security is not. It is not a one-size-fits-all solution to your endpoint security woes. Nor is it a “me, too” list of vendors all doing the same thing. And, importantly it is not necessarily meant to be a total replacement for traditional endpoint security. It is simply a means to obtain the best endpoint security possible which is, in turn, a key element of an overall approach to keeping your systems secure.

Anti-malware is imperfect but still necessary. Here’s why

2017/03/07 by admin

Sophos Blogs - Bill Brenner

Doctors sometimes make mistakes that harm the patient. Police often fail to protect and serve. When that happens, people rightly demand the failures be analyzed and fixed. But no one ever calls for the elimination of all doctors and police.

Why then, do some call for the end of antivirus and anti-malware when failures happen? It’s a question that has vexed us for a long time.

Researchers uncover vulnerabilities in security products on a regular basis. A recent example is Trend Micro, which faced scrutiny in January after researchers reported some 223 vulnerabilities across 11 of the vendor’s products. Tavis Ormandy, a prolific and gifted Google Project Zero researcher who most recently discovered Cloudbleed, regularly targets security products, including those produced by Sophos and such vendors as Kaspersky and Symantec.

Along the way, someone either declares it the end of antivirus, anti-malware and endpoint protection, or calls for its demise. Last year, during another disclosure of Trend Micro vulnerabilities, security experts even declared antivirus a threat to security.

Can we all do better? Absolutely. Like all technology created since the dawn of time, antivirus sometimes falls short of its mission. As an industry, we need to continue to find weaknesses and fix them as quickly as possible.

Does doing better mean we set aside antivirus and anti-malware, just as some believe vaccines should be shelved? Hardly.

To help frame the issue, I sat down with Sophos CTO Joe Levy.

Iatrogenesis happens, followed by schadenfreude
“In responding to the occasional question about the claims of harm from endpoint security products, it occurred to me how strikingly similar such a belief system is to the anti-vaxxer movement. Both mean well, but unfortunately have the potential to do more harm than those they indict. Nonetheless, those who point out problems with antivirus make valid points,” Levy said. “All software has flaws.”

Levy offers two other observations:

This is a case of yelling ‘iatrogenesis’ (harm caused by the healer) in a crowded theater. It is particularly sensational because of the irony, and in many cases, a source of schadenfreude (pleasure derived from the misfortune of others).
The attack surface of security software is often enlarged by the level of privilege needed to operate efficiently (i.e. in the kernel) and to do the kind of work that it needs to (file/network interception, process termination, system cleanup, etc.)

Just as patients sometimes develop complications after surgery, security technology sometimes fails, creating unintended harm for the user, Levy said. When that happens, detractors love to swoop in and bludgeon the offender.

Levy noted that when medical care goes wrong, we don’t see the masses calling for the end of doctors and hospitals. Sometimes police make mistakes and do harm in the line of duty. When that happens there’s public outrage, but no one calls for the end of police.

Like modern medicine and law enforcement, the security industry has a very high obligation to protect their users from harm. That means not only demonstrating effectiveness against attacks targeting operating systems and applications, but also against attacks targeting themselves. Despite this awareness, prevalent security software, like all other software with a large enough install base, is still sometimes found to be far from ironclad.

But just as we still need hospitals and police officers, we still need those security tools, Levy said. While Microsoft continues to make great strides in the security of their operating systems and applications year over year, a look at the number of Microsoft vulnerabilities per year illustrates the continuing need for additional protections. Microsoft security holes between 2009 and 2016, as catalogued on the Common Vulnerabilities and Exposures (CVE) website, are as follows:

2009: 74
2010: 106
2011: 103
2012: 83
2013: 106
2014: 85
2015: 135
2016: 155

In five of the last eight years, Microsoft released more than 100 security bulletins in a 12-month period. The number of bulletins each year haven’t fallen below 75 since 2009. Antivirus remains the first line of defense when attackers work to exploit vulnerabilities in either software or the software’s human operators.

“We take our obligation to protect very seriously, and we make continuous investments in the tools and programs to improve the security of our products, from our SDLC (secure development lifecycle), to static/dynamic/runtime security tools, to our bug bounty program, to name a few,” Levy said. “We are genuinely grateful to those security researchers who practice responsible disclosure. All of us in the security industry, whether software vendors or researchers, seek to make information systems more secure.”

He added: “We should all take a sort of Hippocratic Oath to do no harm, and that means both holding ourselves to a higher standard for building secure software, as well as putting end users before glory or sensationalism. Failure at either is a form of negligence, but calls for extermination are silly and irresponsible. The focus should not be on kicking the other when they’re down, but on making each other better.”

Report: 2016 saw 8.5 million mobile malware attacks, ransomware and IoT threats on the rise

2017/03/01 by admin

Mobile malware attacks increased more than three times between 2015 and 2016, according to a new report from Kaspersky Lab. Here’s what you need to know.

From Tech Republic - Alison DeNisco

In 2016, the number of malicious installation packages hit more than 8.5 million—three times more than the year before, according to a report on mobile malware evolution from Kaspersky Lab, released on Tuesday. The firm registered nearly 40 million attacks by malicious mobile software over the course of the year as well.

Geographically speaking, the nations with the highest number of attacks were Bangladesh, Iran, Nepal, China, and Indonesia, the report stated.

The No. 1 malware threat of 2016? Trojans, which gained super-user privileges that allowed them to secretly install advertising applications and display ads on the infected device, and even buy apps on Google Play, the report found. And this trend shows no sign of slowing down.

The Trojans attacked Android devices via vulnerabilities that are patched in newer versions—however, most users do not update their phones in a timely manner, leaving them open to danger.

“Cybercriminals are taking advantage of the fact that most devices do not receive OS updates (or receive them late), and are thus vulnerable to old, well-known and readily available exploits,” the report stated.

Because this malware installs its modules in the system directory, it makes remedying the situation difficult, the report noted. “Some advertising Trojans are even able to infect the recovery image, making it impossible to solve the problem by restoring to factory settings,” it stated.

Kaspersky Lab also found installations of the modular trojan Backdoor.AndroidOS.Triada, which allowed hackers to alter text messages sent by other apps and steal money from the device owner.

Google Play remains a popular place for cybercriminals to find business: Kaspersky Lab detected about 50 new applications infected by Trojan.AndroidOS.Ztorg.am, the new modification of Trojan.AndroidOS.Ztorg.ad. And many of these apps were installed more than 100,000 times.

“Representatives of this class of malicious software have been repeatedly found in the official Google Play app store, for example, masquerading as a guide for Pokemon GO,” the report stated. “This particular app was downloaded over half a million times and was detected as Trojan.AndroidOS.Ztorg.ad.”

Ransomware attacks grew the most over 2016: Trojan-Ransom increased almost 6.5 times, now representing 4% of all malware installation packages. Kaspersky Lab detected 261,214 mobile ransomware Trojans in 2016. “This growth was caused by the active distribution of two families of mobile ransomware - Trojan-Ransom.AndroidOS.Fusob and Trojan-Ransom.AndroidOS.Congur,” according to the report. The criminals behind the Trojan usually demand between $100 to $200 to unlock a device, Kaspersky Lab noted.

Hackers also evolved their use of mobile banking Trojans over 2016, many of which learned how to bypass new Android security measures and continue stealing user information.

“This year, we will continue to closely monitor the development of mobile banking Trojans: the developers of this class of malware are the first to use new technologies and are always looking for ways to bypass security mechanisms implemented in the latest versions of mobile operating systems,” the report noted.

Internet of Things (IoT) devices are also a growing target for cybercriminals, with an “attack-the-router” Trojan Switcher targeting the Wi-Fi network that an infected device is connected to. “If the Trojan manages to guess the password to the router, it changes the DNS settings, implementing a DNS-hijacking attack,” the report stated.

The 3 big takeaways for TechRepublic readers

1. A new report from Kaspersky Lab found that the number of malicious installation packages hit more than 8.5 million in 2016, three times more than 2015.

2. Trojans were the No. 1 malware threat of 2016, due in part to cybercriminals attacking mobile devices that had not been updated.

3. Ransomware attacks and IoT attacks are increasingly common, the report found.

SnoopWall NetSHIELD Nano Wins Best Network Access Control (NAC) in the Cybersecurity Excellence Awards

2017/02/14 by admin

SAN FRANCISCO, Feb. 14, 2017 /PRNewswire/ — SnoopWall, Inc, the global leader in Breach Prevention, today announced receiving the coveted Cybersecurity Excellence Award for its tiny, powerful, cost-efffective NetSHIELD Nano breach prevention appliance.

“We’re humbled and honored to receive this prestigious award from our peers in the cyber and information security space,” said Gary S. Miliefsky, CEO of SnoopWall, Inc. “When small to medium enterprises (SMEs) are looking for a cost effective way to prevent breaches on their intranet networks, they look towards SnoopWall. Our NetSHIELD Nano is an incredibly tiny, powerful and cost-effective breach prevention solution that any SME can afford.”

The Cybersecurity Excellence Award is a prestigious award that honors individuals, products and companies that demonstrate excellence, innovation and leadership in information security. This independent awards program is produced in cooperation with the Information Security Community on LinkedIn, tapping into the experience of more than 300,000+ cybersecurity professionals to recognize the world’s best cybersecurity products, individuals and organizations.

“Congratulations to SnoopWall for winning the 2017 Cybersecurity Excellence Award for Network Access Control (NAC) hardware with their tiny breach prevention Nano appliances,” said Holger Schulze, founder of the 350,000-member Information Security Community on LinkedIn which organizes the awards program. “With over 450 entries, the 2017 awards are highly competitive. All winners and finalists reflect the very best in leadership, excellence and innovation in today’s cybersecurity industry.”

Fitting within the palm of your hands, the patented NetSHIELD Nano is the world’s smallest network access control (NAC) and breach prevention intranet security appliance. This is a tiny, powerful, plug-in-and-protect solution that detects and blocks zero-day malware (0day), ransomware, remote access Trojans (RATs). In addition, in milliseconds it blocks rogue devices, manages the Bring Your Own Device (BYOD) dilemma and, with pinpoint accuracy, finds all vulnerabilities in trusted network assets/devices including on wired and wireless networks and all internet of things (IoT) devices. It has a complete standalone secure web-management interface, as well as support for all major switches, hubs, wireless devices and can send threat feeds to all SIEMs and SIMs over Syslog or SNMP traps plus email alerts. In addition, for larger organizations and MSSPs it can be completely managed remotely through the Command Center of the NetSHIELD Enterprise appliances.

About SnoopWall, Inc.

SnoopWall is the world’s first breach prevention security company delivering a suite of network, mobile and app security products as well as cloud-based services protecting all computing devices from prying eyes and new threats through patented counterveillance cloaking technology. SnoopWall secures mission critical and highly valuable confidential information behind firewalls with our award winning patented NetSHIELD appliances and with WinSHIELD on windows and MobileSHIELD on Google Android and Apple iOS mobile devices with next generation technology that detects and blocks all remote control, eavesdropping and spying. SnoopWall’s software products and hardware appliances are all proudly made in the U.S.A.