Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

5 cybersecurity practices to pursue in the second half of 2016

by

To protect sensitive data, businesses must take the time to refocus on best practices

In the past five years, businesses of all sizes have realized just how vulnerable they are to cyber attacks.

The astonishing increase in the number of attacks each year troubles corporate leaders, IT professionals and chief information security officers, who see their security efforts foiled by hackers.

The number of large corporations targeted since 2015 is proof that everyone is vulnerable. Wherever you look, there is an Ashley Madison, Home Depot or JP Morgan Chase breach that makes you realize just how precarious security structures are.

In sports, teams regroup at halftime and get back to work in the second half with a refocused goal of finishing the game strong. The same holds true for security practices. To help businesses beef up security in the second half of 2016, here are some ideas to keep data safe:

1. Be aware of stored data

It is astonishing how many big firms do not know they have huge chunks of data in their systems. Technologies such as the Internet of Things contribute a lot to this, but company data should be handled better overall. Knowing what is stored in their systems would provide companies with information about which data needs to be protected most against threats.

2. Focus on protecting data

The biggest cases of 2015 related to data breaches of global services and corporations. Business owners think that beefing up firewalls and security perimeters is the answer, but they couldn’t be more wrong. Protecting their data should be the priority. Secure encryption is vital to prevent data from being compromised easily should the corporate network be breached.

3. Address the mobile threat

Many corporations allow employees to use their personal devices in the workplace. It’s safe to assume that most employees do not take the necessary security measures for their mobile devices. This puts corporate data on such devices at great risk. IT administrators need to have better—not more—control over such devices.

4. Spread awareness

It’s always good to make employees companywide aware of the threats they face. Talking with employees regularly about new and emerging threats and sharing ideas about improving security is good practice.

5. Take insider threats seriously

You could shell out millions of dollars trying to protect your network from outside threats only to be undone by an employee who clicks on a nefarious link and compromises sensitive data. Hackers regularly send malicious emails to many employees in a firm in hopes that one of them falls for it—and someone frequently does. Encourage employees to be more vigilant since such emails often can easily be spotted.

Reprinted from ThirdCertainty Guest Essay by Oscar Marque

 

Zepto Ransomware Soars

by

InfoSecurity Magazine- Phil Muncaster

Security researchers are warning users of a spike in spam emails containing a variant of the infamous Locky ransomware, known as Zepto.

Cisco’s Talos team spotted 137,731 emails in just four days, containing over 3300 unique samples, according to technical lead, Warren Mercer.

Most of the emails used simple social engineering, asking the user to look at an attached document they had ‘requested.’

Emails are also crafted to appear more convincing by greeting the recipient by first name, he explained.

Once opened, the malicious JavaScript will run in the background, encrypting all files on a user’s machine with the .zepto extension.

Some samples only contacted one C&C server whilst others communicated with up to nine domains, the researcher continued.

Once the encryption has been done, the malware will display a message for the victim, demanding payment.

“The email attack vector will continue to be used as email is an everyday occurrence now and the ability to generate large lists of emails for spam campaigns like this is growing easier. The breaches which occur include email data which is actively sold to bidders on the underground for this type of campaign,” said Mercer.

“Ensuring users are careful with email attachments, like the ones used in this campaign, will help in an attempt to null the effects of this and further spam campaigns. Talos recommend you ensure you have a good backup strategy should you be hit with ransomware and we strongly advise that payment is never made to these actors.”

Meanwhile the Locky ransomware continues to evolve, causing devastation to individuals and businesses as it goes.

When it first burst onto the scene earlier this year, the botnet distributing it was shown to be the same one spreading Dridex banking malware.

In March, FireEye noted a sharp spike in Locky spam with users impacted in over 50 countries.

If you have any questions on Ransomware or how to protect yourself, contact us.

Most SMBs Completely Unprepared for Ransomware

by

Tara Seals - InfoSecurity - June 21, 2016

A majority of American small and medium-sized business (SMB) owners say they recognize the severity of ransomware but lack the necessary resources, such as cyber-insurance or extra funds, to become operational once again if hit.

According to theft protection firm IDT911, one out of three say they could not go without access to critical business systems for any length of time. It added that SMBs, defined as businesses with less than 1,000 employees, have a lot to learn in terms of how to prepare for this risk and deal with the situation once impacted—making them prime targets.

Three-quarters of SMBs (75%) do not have cyber-insurance, or are unsure if their policy includes cyber protection; and 65% of SMB owners say they currently do not, nor plan to, budget extra funds. More than two out of 10 (22%) of SMB owners say they are unsure how to, or were not aware of the need to, back up their system and files.

The good news is that a majority (84%) said they would not pay in the event of an attack; and only 3% say they would pay $10,000 or more. About 10 percent would pay between $1 and $100.

Interestingly, Millennials (ages 18 to 34) are more likely to have cyber insurance protecting their business than those respondents aged 35 to 44. And female business owners are more likely than men to report ransomware attacks to authorities right away.

The FBI’s Internet Crime Compliant Center reported that a total of 2,453 ransomware complaints were received in 2015, costing victims more than $24 million dollars. And since January 1, Symantec Security Response has seen an average of 4,000 ransomware attacks per day—a 300-percent increase from last year.

“Ransomware is the Zika virus of the business world and there is absolutely no telling how far and wide this will spread,” said Adam Levin, founder and chairman of IDT911, and author of Swiped. “Training alone isn’t enough, cyber-insurance alone isn’t enough and, sure as heck, backed-up data alone isn’t enough. We’re talking about complete and utter paralysis of systems that could spell lost revenue, viciously impacted customers and a potential near-extinction level event for a business. Businesses need a comprehensive cyber security strategy that includes prevention, monitoring and damage control.”

There’s much riding on getting this right: More than half (60%) of business owners said that they would immediately report an attack to law enforcement authorities, as one out of three respondents (33%) say they could not go without access to critical business systems for any length of time.

Contact us to find out more about how to block, detect and protect your network from ransomware.

Beware downloading some apps

by

Beware downloading some apps or risk “being spied on”

From 10 News
Popular apps on your smartphone can be convenient and fun, but some also carry malicious software known as malware, which gives hackers easy access to your personal information.

A security firm found that between 75 and 80 percent of the top free apps on Android phones or iPhones were breached. The number jumps as high as 97 percent among the top paid apps on those devices.

Whether these apps help advertisers target you or help hackers rip you off, you’ll want to do your homework before downloading apps, reports CBS News correspondent Anna Werner.

California’s Susan Harvey said she was a victim after she used a debit card to download a slot machine game app to her cell phone through a Google Play store account.

“It was something you purchased once, for like $15,” Harvey said.

When she went to reload the game, she found hundreds of purchases had been made — by her math, more than $5,000 worth of transactions.

“My heart sank, I just sat there looking at it… I physically, I was sick, because I didn’t know what they were,” Harvey said.

That story’s no surprise to cybersecurity expert Gary Miliefsky, whose company SnoopWall tracks malware. He said certain apps are designed to steal your personal information.

Read the entire story

SnoopWall: Counterveillance Security for Network, Mobile and Apps

by

InsightSuccess
Today, smartphones carry your private data, which is the most convenient way of doing all online banking transactions smoothly, only when your data is completely protected from the bank’s network to your smartphone. Meanwhile those banks you are doing business with might not have enough network security protection in place, behind their corporate firewall.

SnoopWall is the world’s first counterveillance security company delivering a suite of network, mobile and app security products as well as cloud-based services, protecting all computing devices from prying eyes and new threats through patented cloaking technology.

SnoopWall secures mission critical and highly valuable confidential information behind firewalls and on mobile devices with next generation technology that detects and blocks all remote control, eavesdropping and spying. SnoopWall’s software products and hardware appliances are all made in the U.S.A.

Gary Miliefsky, Masterful Cyber Security Professional

Gary Miliefsky, founder and CEO of SnoopWall, is a consumer advocate and a cyber-security expert who frequently appears on ABC, CBS, NBC, Fox News, CNN and many other media outlets to share his expert opinion. He is a member of ISC2, CISSP® and Advisory Board of the Center for the Study of Counter-Terrorism and Cyber Crime at Norwich University. He also advised the National Infrastructure Advisory Council (NIAC) which operates within the United State. DHS for the National Strategy to Secure Cyberspace. Gary is a Founding Member of the US Department of Homeland Security, served on the OVAL advisory board of MITRE and is a strong supporter of the CVE Program, plus he is a founding Board member of the National Information Security Group.

Subduing, the Biggest Challenge in Cyber Security

SnoopWall is growing rapidly, as their NetSHIELD appliances, MobileSHIELD endpoint agent and AppSHIELD SDK are critical to network and mobile security.

Firstly, SnoopWall’s NetSHIELD appliances solve internal network access control and dramatically reduce internal risk for a fraction of the cost of competition. SnoopWall’s MobileSHIELD endpoint agent solves the data leakage risks inherent in the BYOD dilemma, which is the second biggest problem in cyber security. And finally with their AppSHIELD SDK, they are protecting mobile banking, wallet and retail apps on smartphones from losing consumer information (PII) to cyber criminals. The market is very receptive, with their amazing network of channel partners and their phenomenal corporate team; SnoopWall is expanding their network throughout the globe through multi-tier distribution.

Most exploitation happens behind firewalls – either through malicious insiders, rogue devices, new forms of malware, trusted, yet infected employee owned equipment and SnoopWall’s NetSHIELD appliances as well as MobileSHIELD agents for the Bring Your Own Device (BYOD) dilemma continues to solve these problems for their customers.

Honest, Ethical, Passionate Information Security Team

Proudly, SnoopWall has customers around the globe who have not experienced a single breach since properly deploying their solutions. They have ‘INFOSEC professionals’ that care deeply for their customers and the protection of their networks and mobile devices. With this drive and passion, SnoopWall continues to build innovative, next generation security solutions that solve the worst problems in network security not resolved by firewalls and antivirus solutions, alone.

They would like to continue to grow and expand their international channels with the future possibility of being the worldwide market leader in network and mobile device security for small to medium sized enterprise (SME).