[metaslider id=2951] … Read More
Over 12,000 Business Websites Leveraged for Cybercrime
By Kelly Sheridan- Dark Reading – February 5, 2018
Attackers exploit trust in popular websites to launch phishing campaigns and spread malware.
More than 12,300 websites in the business category were used to launch cyberattacks or deliver malware in 2017, making company sites riskier than gambling and shopping sites. Attackers are abusing people’s trust in popular sites to launch consistent and effective malware campaigns.
Forty-two percent of the top 100,000 websites ranked by Alexa are considered “risky,” according to Menlo Security’s State of the Web 2017. Researchers determined a website’s risk based on three criteria: use of vulnerable software, history of distributing malware or launching attacks, and the occurrence of a security breach within the 12 previous months.
A site was deemed risky if it met any one of these criteria. The largest category of risk was news and media sites, 49% of which met a risk factor, followed by entertainment and arts (45%), travel (41%), personal sites and blogs (40%), society (39%), and business and economy (39%), which includes company, association, industry group, financial data and serivces, and hosted business application sites.
Business and economy sites hosted more phishing sites, ran more vulnerable software, and experienced more security incidents than any other category in 2017, researchers found. The category was hit with 23,819 incidents in 2017; the next-highest was society sites at 12,669.
Background websites: Who are you talking to?
Menlo CTO Kowsik Guruswamy explains the risk of “background radiation,” which stems from the idea that much of cybercriminals’ damage happens behind the scenes. Each time someone visits a website, it contacts an average of 25 background sites for different demands: grabbing ads from an ad delivery network, for example, or videos from a content delivery server.
Any of these third-party sites could be compromised and pose risk to users. Most malware prevention tools, from antivirus products to behavioral modeling systems, are designed to focus on the intended domain and often don’t pick up on calls to background sites.
A major website like Bloomberg might have an IT team to update servers, Guruswamy says. However, when end users visit and are presented with videos and ads, the activity comes from other networks and may not necessarily be safe. The same applies to all major websites.
As software ages, risks grow
Many of today’s websites are participating in browsing sessions, and actively servicing ads, on software riddled with vulnerabilities, Guruswamy says.
“You have this really, really old software that’s full of holes that haven’t been patched and are waiting to be exploited,” he explains, pointing to the Equifax breach as an example of what threat actors can do if a website is running unpatched software.
Menlo analysts passively fingerprinted website software for both primary and background sites, and coordinated the documented vulnerabilities for each one. They found more than 51,000 business and economy websites are running vulnerable software.
The software supporting company websites is often old enough to have been compromised several times over the past few years. More than 32,000 websites analyzed run on Microsoft Internet Information Services (IIS) 7.5, which was released in 2009. Many sites use software that is no longer fully supported; for example, Microsoft’s IIS 5 Web server, which was released in 2000 and stopped receiving mainstream support in 2005.
Sophos Named Leader (again) in Gartner Magic Quadrant for Endpoint Protection
Sophos has once again been named a Leader in the Gartner Magic Quadrant for Endpoint Protection Platforms, as we have been for the past decade. This year, there were one of only three in this category. This positioning confirms the ongoing innovation and impressive results of Sophos Intercept X, one of the industry’s most comprehensive endpoint protection.
Get your complimentary copy of the Magic Quadrant Report, click here,
In the report, Gartner states that the definition of an Endpoint Protection Platform (EPP) has been updated: “In September 2017, in response to changing market dynamics and client requirements, we adjusted our definition of an EPP. An EPP is a solution deployed on endpoint devices to prevent file-based malware, to detect and block malicious activity from trusted and untrusted applications, and to provide the investigation and remediation capabilities needed to dynamically respond to security incidents and alerts…Organizations are placing a premium on protection and detection capabilities within an EPP, and are depreciating the EPP vendors’ ability to provide data protection capabilities such as data loss prevention, encryption or server controls.”
“The threat landscape is evolving at an astonishing rate,” said Dan Schiappa, senior vice president and general manager of products at Sophos. “During the last 12 months alone we have seen repeated ransomware attacks that traditional endpoint protection alone cannot adequately protect against. To stay at the forefront of endpoint protection, vendors must continually analyze the landscape and innovate the approach to protection faster than cybercriminals can innovate their attack techniques. We believe Gartner’s continued placement of Sophos in the Leaders quadrant in the Magic Quadrant for Endpoint Protection Platforms demonstrates that Sophos is able to innovate and deliver solutions that organizations of all sizes can use every day. Predicting future threats is the future of security protection and the deep learning capabilities we have added to our portfolio is enabling us to do just that, more effectively than any other next-generation vendor.”
Further strengthening the advanced levels of protection within its endpoint portfolio, Sophos also announced today that it has added deep learning neural network and advanced anti-exploit technology to the newest release of its next-generation Intercept X. Intercept X can be installed alongside any traditional endpoint protection from any vendor, immediately boosting detection speed and accuracy. Sophos believes that its next-generation enduser, server, and network protection technologies will further its leadership and continue to keep customers protected as threats evolve. The advanced machine learning technology has been further developed by Sophos to enhance Sophos Sandstorm capabilities and is powering automated threat analysis in SophosLabs facilities worldwide.
Digital Extortion to Expand Beyond Ransomware
From DarkReading – Kelly Sheridan – January 30, 2018
In the future of digital extortion, ransomware isn’t the only weapon, and database files and servers won’t be the only targets.
When we think of digital extortion, we typically think of ransomware. But cybercriminals now are looking outside ransomware for new ways to shake down organizations.
Cybercriminals have learned that many businesses will pay if a ransomware attack cripples their day-to-day operations. Ransomware drove the spike in digital extortion in 2017 and remains cybercriminals’ weapon of choice, according to a new Trend Micro study “Digital Extortion: A Forward-Looking View.”
But threat actors are exploring new extortion tactics. “Some of the attacks we’ve seen highlight a shift in the model itself,” says Trend Micro chief cybersecurity officer Ed Cabrera. “As we expand our digital footprint, I think it creates an enormous opportunity for attackers to identify areas where they can have immediate impact.”
The criminal extortion framework has been around in the physical world for a long time, he continues. Now, in the digital world, it’s just getting started. Attackers are learning their chances of getting paid increase exponentially if they target certain files, systems, or databases. While ransomware will remain popular, but other types of threats are starting to appear, according to Trend Micro.
Extortion attacks and critical infrastructure
“Going forward, you would be remiss to just focus on files,” says Cabrera. Cybercriminals will begin to leverage the growth of IoT, specifically industrial IoT, to extort money from victims. Businesses that need to be up and running at all times are especially vulnerable
If you have questions on how to protect your mission critical systems, contact us.
Over a Quarter of Ransomware now targets Corporates
From InfoSecurity – Phil Muncaster
The number of ransomware attacks targeting business users in 2017 rose to 26% as the number of new families discovered halved, according to new stats released this week by Kaspersky Lab.
The Russian AV firm claimed that 26.2% of attacks over the past year were aimed at corporates, with just over 4% targeting SMBs.
This would seem to represent just a small increase from the 22.6% of attacks aimed at business users in 2016. However, the vendor said these figures didn’t include the three mega ransomware worm campaigns of WannaCry, NotPetya (ExPetr) and BadRabbit.
There are other signs of an evolution in the ransomware landscape: the number of new malware families discovered by Kaspersky Lab dropped from 62 last year to just 38 in 2017.
However, it appears as if cyber-criminals are instead looking to modify existing strains in order to bypass security filters: the number of mods grew from 54,000 last year to 96,000 this.
Ransomware remains a serious threat to organizations, with two-thirds (65%) of those hit claiming to have lost a “significant” amount or even all of their data. Even the 29% that managed to decrypt their data said they lost a “significant” number of files.
Over a third (36%) ignored the advice of police and security experts and paid the ransom, but one in six never managed to recover their data.
There are also signs that ransomware is having a longer-lasting impact on the victim organization: 34% claimed they took a week or longer to recover from such an incident, versus 29% in 2016.
“The headline attacks of 2017 are an extreme example of growing criminal interest in corporate targets. We spotted this trend in 2016, it has accelerated throughout 2017, and shows no signs of slowing down,” argued senior malware analyst, Fedor Sinitsyn.
“Business victims are remarkably vulnerable, can be charged a higher ransom than individuals and are often willing to pay up in order to keep the business operational. New business-focused infection vectors, such as through remote desktop systems are not surprisingly also on the rise.”
This vector became increasingly popular in 2017, used to spread Crysis, Purgen/GlobeImposter and Cryakl ransomware variants, among others.
However, there was some good last year, after decryption keys were published for strains including ES-NI, xdata, Petya/Mischa/GoldenEye and Crysis — although the latter was subsequently resurrected.
Have a question about how to protect yourself against ransomware – Contact us
Many businesses continue to leave their doors wide open to unsophisticated attackers, research shows
New research reveals that cyber-attacks by unsophisticated hackers this year have successfully exploited vulnerabilities that many of the world’s famed businesses were already aware of but did nothing to fix.
Despite upcoming laws that will charge them millions in penalties if found non-compliant, many businesses worldwide continue to neglect standard security procedures.
The latest evidence comes from the 20th annual EY Global Information Security Survey (GISS), which breaks some disconcerting news regarding the willingness of big businesses to beef up security.
While the surveyed companies weren’t named in the report, the research was conducted with the aid of “1,200 C-level leaders of the world’s largest and most recognized organizations.” Here’s what EY found:
Only 56% of those surveyed are changing or planning to change their strategies due to the increased impact of cyber threats. Even though most organizations are spending more on cybersecurity, only 12% expect an increase of more than 25% this year.
Potential damage from a cyber-attack isn’t always immediately obvious, yet 64% say an attack that “did not appear to have caused any harm” would not likely persuade the powers-that-be to spend more on cybersecurity.
Many, however, recognize that lack of adequate resource allocation can increase cybersecurity risks. As many as 20% of respondents admit they do not have enough of a grasp on current information security implications and vulnerabilities to decide what needs to be done.
Cybersecurity budgets are bigger in organizations that place dedicated security officers in key lines of business, as well as in companies that report on cybersecurity to the board audit committee at least twice a year. Some companies also seek the counsel of cybersecurity lawyers from Sidley Austin (https://www.sidley.com/en/services/privacy-and-cybersecurity) or similar law firms that can offer their legal guidance and support through data security breaches of all dimensions.
However, while 50% report to the board regularly, only 24% say the go-to person with responsibility for cybersecurity sits on that board. Moreover, only 17% of respondents say boards have enough of a grasp on IT security matters to properly assess the effectiveness of preventive measures.
The report also reveals, perhaps most importantly, that common attacks described as “cyberattacks carried out by unsophisticated, individual attackers” have successfully exploited vulnerabilities that many of the surveyed organizations were aware of. According to EY analysts, this finding points to “a lack of rigor in implementing standard security procedures.”
Other findings include:
- Malware and phishing are regarded as the most prolific threats in the past 12 months
- Careless, unaware and/or malicious employees are seen as the most significant increasing vulnerability to organizations’ security
- 75% rate the maturity of their vulnerability identification as “very low to moderate.”
- 12% say they have no formal breach-detection program
- 35% describe their data-protection policies as ad-hoc or non-existent
- 38% either have no identity and access program or have not formally agreed on such a program.
- 57% of respondents have an “informal” threat intelligence program or do not have one at all
- just 12% of respondents can confidently say they can detect a sophisticated cyberattack targeting their organization
If you have questions or would like to discuss how to improve your security posture – contact us.