Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin
  • Home
  • Profile
    • Contact Us
    • Security News
    • White Papers
  • Services
    • Compliance Regulations
      • PCI DSS Suite of Products
      • HIPAA/Hitech
      • SOX – Sarbanes Oxley
      • DCID 6/3/NISPOM Chapter 8/JAFAN DoD
      • NERC/FERC
    • Industry Consulting and Implementation
      • Banking and Financial
      • Energy/Utilities
      • Healthcare
      • Retail/Hospitality
    • Security Assessment
  • Security Solutions
    • Sophos
    • Endpoint Security Solutions
      • Bitdefender Business Solutions
      • Sophos Endpoint Protection
    • Forensic Solution – Threat Hunter
    • Network Access Control
      • NetShield
        • NetShield
    • NGFW – UTM – Perimeter Security
      • Sophos Network Protection
    • Security Awareness Training
      • KnowBe4 – Security Awareness Training
      • Sophos Phish Threat
  • White Papers
    • Sophos Webinar Series
  • Security News
    • Blog
    • Sophos Webinar Series
  • Free Security Tools

Ransomware Raises the Bar Again

2016/10/11 by admin

From Dark Reading – Kelly Jackson Higgins

The infamous form of attack now ranks as the top threat to financial services, but preparedness can pay off for victims.

Ransomware just got even more real: it’s now the number one attack vector in the financial services sector, which traditionally has been considered a model industry for best security practices.

Some 55% of financial services firms recently surveyed by SANS report ransomware as the top attack threat, followed by phishing (50%), which previously held the top spot. More than 32% of financial firms say they’ve lost anywhere from $100,000 to a half-million dollars due to ransomware attacks.

Ransomware’s infiltration of the security-forward financial services industry underscores the dramatic rise in ransomware over the past year and growing pressure on preparedness. The malware that infects machines and holds them for ransom payment by the victim is the fastest-growing form of malware today, with more than 4,000 ransomware attacks per day since January 1 of this year. That’s an increase of 300% since 2015, and security experts at Trend Micro say ransomware cost enterprises some $209 million in the first half of 2016.

Attackers are also tucking ransomware alongside and inside other attacks. Some ransomware attacks hold the machine for ransom and then also use it to wage distributed denial-of-service (DDoS) attacks on other victims. More than half of DDoS attacks worldwide ultimately lead to ransomware and other malware attacks, according to a new study by Neustar.

Meanwhile, organizations of all sizes and industries are getting infected with ransomware. The difference between those who get stung and those who survive relatively unscathed is preparedness – and sometimes a little luck.

Take the Hyannis, Mass.-based Barnstable Police Department, which was hit with its first-ever ransomware infection last month. Craig Hurwitz, director of IT at the department, says he noticed something was amiss when the department’s dispatch software and records management system stopped working. He took a closer look and spotted files being encrypted and file extensions getting altered.

“I tried to get a file and it wasn’t there,” he recalls. “And there was a text file in the directory saying ‘pay me now.'”

The police department reverted to radio dispatch to patrol cars, and Hurwitz contacted the backup and array vendor from which the Barnstable Police Department had recently purchased a system for data backup and storage capacity, as well as its data timestamp feature. At the time the department purchased the storage array system from Reduxio Systems, it was more about protecting against hard drive corruptions and server crashes. “At the time we weren’t thinking about ransomware specifically,” he says.

The recovery process with the backup system took 35 minutes with no loss of data or any ransom payment to the attackers. The malware never spread beyond the application server where Hurwitz found it. “They [Reduxio] cloned the drives … and set the timestamp two minutes before the infection had started … and remounted the drives,” Hurwitz says.

Backing up data regularly and keeping a clean backup has always been one of the key recommendations for surviving a ransomware infection. Even endpoints running the most up-to-date software, email filters, and other security layers can get hit with ransomware: all it takes is for a user to fall for a phishing email and to open a malicious attachment or link.

But how a backup is managed can be the difference between losing data to the attackers unless you pay, or retrieving data and eradicating the ransomware.

Travis Smith, senior security research engineer at Tripwire, says the old 3-2-1 strategy applies: “Always have three copies of data, one that is offsite [or] offline,” he says. “What’s also very important for companies to adopt in today’s ransomware world: we’ve seen ransomware that targets backup systems, so when you try to bring backups back online you don’t have the ability to restore from the backups.”

Backups of critical data should be tested at least every six months, he says, to ensure the data is uncorrupted and accessible.

Smith says clean backups work for about three-fourths of ransomware victims. “Seventy-five percent are successful [in ransomware recovery] if they have backups,” he says, meaning they can get to their data and not pay any ransom to the bad guys.

Users shouldn’t be storing critical data on their endpoints, either, he notes. Stick with a shared server for that information. “So then you only need to back up one critical server,” he says. “If a laptop gets infected with ransomware and the data isn’t backed up on a centralized server, you’ve lost that data.”

If backups aren’t done properly, it may be cheaper for an organization to pay the ransom, which is not recommended. Regular backup tests can drive down the cost of data restoration and make it more cost-effective than having to resort to actually paying a ransom if the data isn’t properly backed up, he says.

Filed Under: Advanced Persistent Threat, antivirus, CyberThreats, endpoint, Kaspersky, LogRhythm, Malware, Network Access Control, Ransomware, Security News, Snoopwall, Sophos

Education Now Suffers The Most Ransomware Attacks

2016/09/22 by admin

Dark Reading – Kelly Jackson Higgins

New data shows ransomware rates worldwide doubling and tripling in past 12 months.

When you think ransomware victim, most likely your first thought is a hospital. But a new survey of ransomware’s spread among different industry sectors shows that education is actually the biggest target right now.

BitSight, which rates the security posture of organizations based on external data showing malicious activity surrounding them, in a new report today found that education is hit most by ransomware attacks, followed by government, healthcare, energy/utilities, retail, and finance.

Ransomware by Industry
Source: BitSight

The firm’s analysts studied ransomware activity at some 20,000 organizations and found that one in 10 education organizations had been hit with malware on their networks, followed by 6% of government entities; 3.5% of healthcare organizations; 3.4% of energy/utilities; 3.2% of retailers; and 1.5% of financial organizations. According to BitSight, the rate of ransomware attacks has doubled or tripled among various industries in the past 12 months.

BitSight’s ransomware data is based on traffic by the malware; for instance, as it communicates to its command-and-control servers. It shows infected victim machines in those organizations, but doesn’t necessarily mean the victims were unable to retrieve their data from backups, for example.

A recent Osterman Research survey found that both phishing and ransomware attacks had jumped several hundred percent per quarter in the past 12 months. That survey, commissioned by DomainTools, also named ransomware in the top three concerns for IT and security pros.

Law enforcement has been relatively vocal about noticeable spikes in ransomware of late: the FBI issued a public service announcement late last week urging ransomware victims to report attacks to the agency. This, after an FBI official told attendees of a Federal Trade Commission (FTC) event to immediately contact the FBI or IC3.gov if they suffer a ransomware infection, and not to pay any ransom fees.

“People have to remember that ransomware does not affect just one person or one business,” Will Bales, supervisory agent for the FBI’s Cyber Division, said. “It will more than likely move on and affect somebody else. And for those who pay the ransom, it only encourages them to extort the next person.”

One ransomware variant infected 100,000 computers in just one day, the FBI noted in its announcement. “Cyber security companies reported that in the first several months of 2016, global ransomware infections were at an all-time high,” the alert said. The FBI also noted that it needs to get a better handle on the actual number of victims, hence the call for reporting to them.

Stephen Boyer, co-founder and CTO of BitSight, says he and his team were surprised that education tops healthcare in ransomware attacks. “Protections in higher ed are lower” he says, given universities’ open culture and complex user environment, for example.

To date, healthcare organizations—namely hospitals—have been the most high-profile ransomware victims, from Hollywood Presbyterian Medical Center in Los Angeles, Calif., to Washington, DC-area MedStar. Hollywood Presbyterian ultimately ponied up with $17,000 to the attackers to release its systems. MedStar had to temporarily shut down its computers, email system, and large record database to inhibit its spread to other locations in the region, and reportedly did not pay the attackers any ransom.

More unnerving is that BitSight’s new data represents just a snapshot of the attacks, Boyer says. “We know we’re not seeing all of the ransomware” here, Boyer says. “But we’re seeing hundreds of companies in just about every sector.”

BitSight also found that two particular ransomware variants were the most prevalent: Nymaim and Locky. More than 11% of education organizations were hit by Nymaim, and 4%, with Locky, which came on the ransomware scene about eight months ago. Nymaim hit about 4% of the government entities, and 3%, Locky.

“Another important fact to note is that Nymaim, although typically associated with ransomware, is actually a Trojan that can be used to install a variety of malware,” the report said.

The big takeaway from the BitSight data on ransomware: “No sector is immune,” Boyer says.

 

Filed Under: Advanced Persistent Threat, compliance, CyberThreats, endpoint, Kaspersky, Malware, Network Access Control, Products, Security News, Sophos Tagged With: Ransomware

The 3 Biggest Mistakes in CyberSecurity

2016/08/23 by admin

August 23, 2016 – Chris Moschovitis – Information Management

Everyone, from the small business owner, to senior executives in businesses of every shape and size are confronting a seemingly insurmountable problem: Constant and rising cyber security breaches. It seems no matter what we do, there is always someone that was hacked, a new vulnerability exploited, and millions of dollars lost.

In an effort to stem the tide people have tried everything: From throwing money at it by buying the latest and greatest tech gizmos promising security, to outsourcing cyber security management, to handing it over to the IT folks to deal with it. And, every time the result is money lost, productivity decreased, and the attacks continue.

Many business people complain that we’re not just losing a battle here and there. We’re losing the war. Is that true?

The truth is that those that keep losing their cyber battles and risk losing the war are making three critical mistakes:

1. They think cyber security is a technology problem.

2. They follow a cyber security check list once-and-done.

3. They don’t have a cyber security awareness training program in place.

First, cyber security is not a technology problem. Far from it. It is a business-critical problem, and more importantly: It’s a people problem, and we need to address it at that level.

Second, cyber security is a constantly evolving battlefield. The threats evolve, the attacks take new paths, the underlying technologies change. A static check list solves yesterday’s problems, not today’s, and certainly not tomorrow’s.

Finally, if people don’t understand the threat they will not even see the attack coming, much less be able to respond and protect themselves. Cyber security awareness training is the only way to prepare everyone for the new reality we live and work in.

Cyber security is not an IT problem either, according to Prosyn. It is a risk management problem. This is easier to understand in you work in a regulated industry. There, the concept, language, even governance of risk management is part of the daily lexicon.

Not so with small and mid-market business less familiar with the risk management function. It doesn’t help that the very nature of the threat and the way the “payload” of the attack is delivered is via information technologies. It almost makes sense to have IT deal with cyber security. But the victims are not the computers. The victims are the businesses and their people.

More importantly: A company’s Information Technology generates Value. It does so a myriad different ways depending on the business you are in, from the actual delivery of goods to clients (e.g. software businesses, data businesses, media and technology businesses etc.) to complementing, enhancing, and realizing the mission and vision of the company (law firms, manufacturing, logistics, healthcare, etc.)

Cyber security, like all risk management, is there to protect value. Therefore, you can never have cyber security (the value protector) report to IT (the value creator). That creates a conflict of interest. Just like IT reports directly to the CEO, so must cyber security. They are parallel tracks keeping the business train aligned and moving.

Once you have the reporting structure correctly in place, you need to empower it with executive buy-in and engagement. Cyber security needs your direction on company goals and risk appetite so they can develop the right strategy to protect the company’s assets. Cyber security professionals, working with the board and executives, including IT and business units, will develop the right defense-in-depth strategy that is right for the company.

Cyber security doesn’t happen in isolation. It is not a set check list. It is dynamic, adjusting strategy to risk, asset value, and controls. As market conditions change, as company goals change, and as technology changes, so will the cyber security strategy.

Neither structure nor strategy will help if you ignore the most important element in cyber security: People. In 2016 ISACA published the top three cybersecurity threats facing organizations in that year. They were, in order: 52% Social Engineering; 40% Insider Threats; 39% Advanced Persistent Threats.

Excluding the advanced persistent threats typically targeted against large multinationals, governments, military, infrastructure and the like, the other two have one common element: People.

It is people that become the victims of cyber-attacks, and by extension, the businesses they work in or do business with. Be it through social engineering, extortion, or any of the many vulnerabilities that hackers can exploit, it is people that get compromised first. They are the ones that have to pick up the pieces when all the data is gone or when their identity is stolen.

The good news is that cyber security awareness training is one of the most effective controls against hackers. Training and sensitizing people to the threats, the methods used, vulnerabilities, even their own personal privacy risks, has been proven time and again as the one thing that makes a real difference in early detection, quick response and recovery during a cyber-attack. Having a quarterly lunch-and-learn will go a long way in developing a culture of cyber awareness, saving both your business and your employees from cyber-harm.

Avoiding these three mistakes in cyber security won’t help win every single battle. But it will guarantee you win the war.

Filed Under: Advanced Persistent Threat, antivirus, byod, Cloud, compliance, CyberThreats, endpoint, industry, Log Management, LogRhythm, Malware, Network Access Control, Network Monitoring, PCI, Products, profile, Security News, Snoopwall, SolarWinds, Sophos, Unified Threat Management

Cyber Threat and Vulnerability Assessment

2016/08/23 by admin

A NetSHIELD Cyber Threat and Vulnerability Assessment can help you to understand:  Baseline Security–who and what is really on your network. Build a trust list and identifying unknown and unwanted assets

Threat Prevention – identify zero-hour malware not detected with AV. Capture, in real time, successful phishing attacks with no false positives. Ensure IT and employee productivity and create tangible, teachable moments for reinforcing employee cyber-awareness.

Vulnerability Assessment and Compliance Report – discover and prioritize vulnerabilities that exist on your network and run compliance assessments for PCI, HIPAA, SOX, etc.

Sign up for 7 days of auditing and monitoring.

To register:

Filed Under: Advanced Persistent Threat, antivirus, byod, compliance, CyberThreats, Network Access Control, Products, Security News, Snoopwall

5 cybersecurity practices to pursue in the second half of 2016

2016/08/16 by admin

To protect sensitive data, businesses must take the time to refocus on best practices

In the past five years, businesses of all sizes have realized just how vulnerable they are to cyber attacks.

The astonishing increase in the number of attacks each year troubles corporate leaders, IT professionals and chief information security officers, who see their security efforts foiled by hackers.

The number of large corporations targeted since 2015 is proof that everyone is vulnerable. Wherever you look, there is an Ashley Madison, Home Depot or JP Morgan Chase breach that makes you realize just how precarious security structures are.

In sports, teams regroup at halftime and get back to work in the second half with a refocused goal of finishing the game strong. The same holds true for security practices. To help businesses beef up security in the second half of 2016, here are some ideas to keep data safe:

1. Be aware of stored data

It is astonishing how many big firms do not know they have huge chunks of data in their systems. Technologies such as the Internet of Things contribute a lot to this, but company data should be handled better overall. Knowing what is stored in their systems would provide companies with information about which data needs to be protected most against threats.

2. Focus on protecting data

The biggest cases of 2015 related to data breaches of global services and corporations. Business owners think that beefing up firewalls and security perimeters is the answer, but they couldn’t be more wrong. Protecting their data should be the priority. Secure encryption is vital to prevent data from being compromised easily should the corporate network be breached.

3. Address the mobile threat

Many corporations allow employees to use their personal devices in the workplace. It’s safe to assume that most employees do not take the necessary security measures for their mobile devices. This puts corporate data on such devices at great risk. IT administrators need to have better—not more—control over such devices.

4. Spread awareness

It’s always good to make employees companywide aware of the threats they face. Talking with employees regularly about new and emerging threats and sharing ideas about improving security is good practice.

5. Take insider threats seriously

You could shell out millions of dollars trying to protect your network from outside threats only to be undone by an employee who clicks on a nefarious link and compromises sensitive data. Hackers regularly send malicious emails to many employees in a firm in hopes that one of them falls for it—and someone frequently does. Encourage employees to be more vigilant since such emails often can easily be spotted.

Reprinted from ThirdCertainty Guest Essay by Oscar Marque

 

Filed Under: Advanced Persistent Threat, antivirus, byod, compliance, CyberThreats, Malware, Network Access Control, Products, Security News, Snoopwall, Sophos, Unified Threat Management

  • « Previous Page
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next Page »

Let us help answer any questions you may have

requestmoreinformation.fw

Security News and Updates

  • Was my information part of a breach?
  • Phishing and stolen credentials
  • Ransomware is the Biggest Threat for Small to Medium Businesses

RSS SecurityWeek

  • Chinese Threat Actor Uses Browser Extension to Hack Gmail Accounts
  • Security, Privacy Issues Found in Tens of COVID-19 Contact Tracing Apps
  • Microsoft Releases Open Source Resources for Solorigate Threat Hunting

Contact

  • Contact Us

Request More Info

  • Request Quote

Site Map

  • Site Map

© Copyright 2016 Symtrex Inc. ; All Rights Reserved · Privacy Statement