[metaslider id=2951] … Read More
ThreatList: Top 8 Threat Actors Targeting Canada in 2019
Bad actors are looking to hit financial and banking firms in Canada with geo-specific campaigns touting malware like Emotet, GandCrab and Ursnif.
Banking and financial services in Canada are being targeted in geo-specific attacks looking to spread varying forms of malware, according to researchers tracking thousands of malicious email campaigns between January 2019 to May 2019.
In particular, campaigns are typically launched by financially-motivated cybercriminals, but can also be orchestrated by national, state-sponsored threat actors (such as Advanced Persistent Threat or APT groups), said researchers with Proofpoint.
“In 2019, threats specific to Canadian interests, whether abusing Canadian brands, or affecting Canadian organizations through specific geo-targeting mean that defenders at Canadian companies must be cognizant of threats far more targeted than ‘North America,’” researchers said.
Ransomware – fail to prepare, prepare to fail
When it comes to falling victim to a ransomware attack, it’s not a case of ‘if’ but ‘when’.
Ransomware has been growing in awareness for years, and its potential harm and disruption has been widely discussed across the board. However, last year, awareness peaked as ransomware caused havoc for organisations, as threats like WannaCry and NotPetya found them to be defenceless and vulnerable. In spite of attacks happening again and again, many organisations are still not able to effectively defend against them.
Recent research from Sophos, which looked at The State of Endpoint Security Today, revealed the extent to which organisation are unprepared for ransomware attacks. Findings revealed that the defence readiness and end-point security from organisations needs a lot of work – over half of organisations (54%) were hit by ransomware in the past year, and the average cost of an attack was $133,000.
When it comes to IT security, the usual consensus is that once an organisation encounters a specific threat, they learn from it, shore up their defences, and are then better prepared for the next attack. However, the research revealed that with ransomware, this approach doesn’t work as respondents said they were hit by ransomware multiple times, and expect that they’ll fall victim to it again in the future.
With ransomware, it is clear that no organisation can afford to be complacent. Cybercriminals are deploying a variety of different attack methods until they’re successful, whether using a mix of ransomware in a single campaign or taking advantage of a remote access opportunity, then infecting the server and disabling security software. With attacks only becoming more frequent and complex, it is time for organisations to prepare and protect, and avoid falling victim to the next attack.
Don’t be fooled – Ransomware needs to be treated differently
After a ransomware attack, we usually find ourselves pointing the finger at the breached organisation – were there defenses in place? Were systems up to date? Were patches in place? However, once again this is not always the case when it comes to ransomware, as over three quarters of respondents said that they were running up-to-date software when ransomware hit.
Therefore, it is clear that traditional endpoint protection alone cannot and does not stop the latest in ransomware attacks.
Given the ingenuity, frequency and financial impact of attacks, all businesses should re-evaluate their security to include predictive security technology that has the capabilities needed to combat ransomware and other costly cyber threats.
Knowledge is key
Seeing as not all anti-ransomware technology offers equally effective protection against attacks, many organisations may find themselves investing in technologies which offer little protection when the attacks occur. And it seems the knowledge gap widens from here, as the research revealed that less than one in three respondents were able to correctly define what anti-ransomware and anti-exploit technologies do.
With this many professionals having this level of understanding, a significant number of organisations may believe that they are adequately protected against the ransomware threat, but are not. Therefore, it’s important that organisations do their research and ensure that they have the right level of protection in place.
Deep learning
The key to being protected against ransomware can be found by changing from a traditional security methodology which can only stop previously seen before threats to a predictive one.
Over the years, traditional approaches to security (i.e. anti-virus that use signatures) have focused on improving the time to stopping a threat by increasing the update increments. Traditional security methods are very accurate and can spot and block seen before malicious software within as little as an hour after the first report. Since we’re now seeing as much as 400,000 different malicious files a day it’s very difficult to keep up with the ever changing threat landscape using this traditional technology. Machine learning now plays a crucial part in tackling this issue by predicting what a malicious file looks like.
Machine learning ‘learns’ using mathematical models instead of being specifically programmed to address a particular problem. Deep learning is the latest evolution of machine learning. In the context of stopping malware, a deep learning engine is trained on hundreds of millions of previously seen before malicious and non-malicious files. Using the features of these files, it then looks for correlations and similarities in the malicious vs non-malicious files. By doing this grouping of similarities the deep learning engine is then able to accurately sort files into two buckets, malicious and not malicious with the anti-virus left to quarantine accordingly. By using deep learning, you’re not just stopping a previously seen bad file, you’re stopping ones which have never been seen before as well.
Although 60 percent of respondents admitted their endpoint defenses are not enough to block the huge ransomware attacks we saw last year, only 25 percent have predictive threat technologies such as machine learning or deep learning, which leaves 75 percent vulnerable to repeated ransomware attacks.
Given the speed at which cyber threats have evolved it is not surprising that many IT departments are unable to stay ahead of the next-generation technology required for security. Yet this knowledge gap could be placing operations at risk. Organisations need effective anti-ransomware, anti-exploit, and deep learning technology to stay secure.
You’re not alone
To many organisations, the urgency and complexity of protecting against ransomware and cyber attacks in general may seem daunting. In fact, 87 percent of respondents said that the malware threat had grown more complex in the last year. In order to effectively stop ransomware in its tracks, traditional endpoint security isn’t enough.
Organisations need the strongest defense against these persistent threats, and so need to explore, learn, and adopt anti-exploit and anti-ransomware technologies in order to be fully prepared against future attacks – it’s not a case of ‘if’, but ‘when’.
Younger employees ‘main culprits’ for security breaches
UK senior decision makers believe younger workers are the biggest risk to cyber security, but are doing little to support them and reduce that risk, a report reveals
From ComputerWeekly.com – Warwich Ashford
More than a third of senior executives believe that younger employees are the “main culprits” for data security breaches in the workplace, a study shows.
However, the same decision makers are doing very little to allay their own fears, with more than a third of 18 to 24 year olds able to access any files on the company network, and less than half (43%) have access only to the files that are relevant to their work.
The study, conducted by Censuswide, sought the views of 1,000 next generation workers (18-24 year olds) and 500 decision makers in UK organisations.
The study examines how security, privacy and online behaviour at work impacts the lives of younger employees and the companies that they work for.
Password sharing tops the list of what keeps decision makers awake at night (56%), but 29% of younger workers reveal that they are in the driving seat when it comes to password changes, with their employers leaving it to them to decide when they need a password change. Furthermore 15% admit to sharing passwords with colleagues.
Asked how younger employees could negatively impact the workplace, 47% of decision makers worry about them sharing social media posts and the impact these could have on brand and reputation. Many have even raised issues in court regarding such issues. Employment law firms such as Dhillon Law (learn more) and others regularly deal with cases of employee misconduct, which include cases of malicious or accidental data breaches, but also of younger employees being discriminated against due to such stereotypes.
However, these concerns appear well founded with one in five workers saying they are not bothered about how their social media activity might affect their employers and 18% admitting that their posts could compromise employers’ security and privacy policies.
However, less than half say their company has social media guidelines in place, highlighting the need for strong social media access controls that follow the principles of a zero-trust approach to security, which assumes that users inside a network are no more trustworthy than those outside the network. The lack of trust may be caused by previous incidents of security breaches or leaks of information due to carelessness or malpractice. In turn, this could result in chain-reaction events that could cause further losses for the company.
Likewise, communications within digital company workspaces leave a small window for security breaches. By using a ucaas hosted voice assistant software from a company such as BCM One, such wiggle room can be minimized regarding telecommunication-based activities. The use of hired or native communication software or applications in accordance with the company’s protocols can be regarded as a precautionary step. Following these steps can result in a more secure workspace for employees.
In addition to that, companies can also consider other ways to make sure that their business communication and data are secure. The “always on” approach to technology of younger workers with no experience of an off-line world, further reinforces the need for robust security policies, the study report said. When it comes to this generation of workers, 40% of decision-makers are concerned about their misuse of devices, while 35% say they are too trusting of technology and 30% worry they share company data too easily.
While 79% of decision makers report having a strong security policy in place and 74% of them think that their employees abide by it, over a third (37%) feel that young workers are too relaxed about security policies.
Awareness of the dark web
Decision-makers also say the next generation of workers have a good awareness of the dark web (87%), underground hacking (79%) and crimeware. And although around half (48%) say they have strict guidelines in place for employees accessing these new “dark arts”, 39% feel they could be better. That is why dark web monitoring is essential in all businesses so that there can be safety checks done consistently to keep on top of any issues.
“Some may think of younger workers as always online, always ready to share information and perhaps not being as concerned about privacy or security as perhaps older workers, but we must remember they are the business leaders of tomorrow and we must help not hinder them,” said Barry Scott, chief technology officer for Europe at Centrify.
“While it’s clear that employers are concerned about this new generation entering the workforce – and see them as a potential risk to both the business and brand – these same companies are perhaps guilty of not putting in place the right security processes, policies and technologies.
“If you give employees access to any information at any time from any place, or fail to enforce strict password and security policies, they are likely to take full advantage, putting both their own jobs at risk as well as the company itself,” he said.
According to Scott, the study shows it is time to discard the old castle and moat model of “trust but verify” because it does not work in today’s mobile-first, cloud-enabled world where employees can be anywhere and work on multiple devices.
“Traditional network perimeters are dissolving and security professionals must adopt a zero-trust security approach that assumes bad actors are already on the network,” he said. “With zero-trust, we verify every user, validate their device and limit their access to only the resources they need, and use machine learning to ensure the resulting improved security has no impact on efficiency.
“Let’s be clear that zero-trust is not saying we’ve lost trust in our employees, it actually provides an enabler to allow them to work exactly the same way wherever they are, and provides the company with a stronger security posture.”
Extra mentoring needed
The study report concludes that while managers’ assumptions that next-generation workers are the root of cyber security problems in the workplace may be overstated, there are some areas, such as social media use and password management, where younger workers do need extra mentoring.
Decision makers can do more to address this problem, the report said, by putting technical controls in place (for example, businesses can look here to learn more about the aforementioned zero-trust approach), refining security policies and communicating them effectively to employees.
However, according to the report, leadership and the need for decision makers to set a good example are equally important. “If managers can demonstrate a commitment to security through their own policies and actions, then the next-generation workforce will surely follow,” the report said.
Almost all business report being hit with an email-borne attack, survey
The almost total pervasiveness of phishing scams and other email-based attacks can be seen in a recent survey that found almost 90 percent of the cybersecurity executives saying their company was hit with an attempted or successful email-based cyberattack in the last year.
The Barracuda survey found employers are experiencing more email attacks with 81 percent seeing an increase in the last year, and 25 percent of those describing the increase as being dramatic. This is leading to the cost of mitigating costs with 81 percent seeing a jump in cost with 22 percent describing the price rising dramatically.
The price that must be paid in the wake of an attack is not just monetary. Sixty-seven percent of those surveyed said an email incident forced their IT team to divert needed resources from other priorities to deal with an attack; employee productivity was interrupted said 61 percent and 10 percent reported that their firm’s reputation took a hit.
Having sensitive corporate information stolen was judged to be the most costly kind of attack, followed by ransomware and business email compromise. When it came to recovering from a ransomware attack 12 percent of the companies decided their only option was to pay the ransom with the remaining 88 percent declining to do so. Interestingly, enterprise-size businesses were more likely to pay compared to small and medium-size operations.
“Based on how pervasive ransomware attacks have become, along with the accompanying media coverage, it’s somewhat surprising to see such a small percentage of companies paying. Perhaps it’s actually a glimmer of hope: maybe organizations had comprehensive backup solutions in place and were able to rapidly recover critical data without paying,” the report stated.
Thirty-five percent of the surveyed executives said their firm had been hit with a ransomware attack in the last year with 75 percent of those individual saying the malware was delivered via email, 32 percent from the web and 23 percent through network traffic.
Banking Trojans replaced Ransomware as top email-based payload in Q1
The concept of infecting targeted users with banking trojans has been so successful in the recent past that in the first quarter of 2018, banking trojans overtook ransomware as the top malicious payload distributed through email.
The concept of infecting targeted users with banking trojans has been so successful in the recent past that in the first quarter of 2018, banking trojans overtook ransomware as the top malicious payload distributed through email.
In all, banking trojans accounted for 59 percent of all malicious email payloads in the first quarter of 2018 which also saw email-based malware attacks rise significantly. A new report from Proofpoint has shown that the number of firms receiving more than 50 email-based malware attacks grew by 20 percent compared to in the last quarter of 2017.
Aside from injecting banking trojans that are designed to obtain confidential information about customers and clients using online banking and payment systems, hackers are also distributing information stealers, downloaders, remote access Trojans (RATS), and other banking malware via emails to steal credentials and to use them to commit fraud or theft.
Cyber-criminals are also leveraging sophisticated malware that are adept at defeating a majority of anti-malware protections installed on targeted systems. For example, Emotet, a polymorphic malware that has the ability to evade over 75 percent of antivirus engines, has been used in 57 percent of all banking malware attacks and 33 percent of all malicious payloads in Q1.
“Trojans are effective because they exploit weaknesses on different levels. Fraudsters often bait unsuspecting users to click on links in emails that seem to be legitimate, which lead them to a fake website or to download a malicious app,” said Gerhard Oosthuizen, CTO at Entersekt to SC Magazine UK.
“These fakes can look frighteningly real, and the emails baiting users often mimic the bank’s official communications in design and tone. It makes it very hard for users to know when an email, the site they’re clicking through to, or the app they’re downloading, is legitimate.