Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

Cybercriminals are after your servers too

by

It’s not just your endpoints that need protecting…

Your servers hold your most critical data, your business applications and your highest privilege accounts, so protecting them is key to protecting your whole organization.

What if a server with order processing or patient health records was maliciously encrypted and held hostage for ransom? What if an organization’s domain controller was rendered unusable? Or what if an application server slowed to a crawl because attackers had managed to take advantage of an unpatched exploit to mine cryptocurrency?

If a laptop gets infected with ransomware, the user’s productivity is affected. But if a server is attacked and unavailable, the whole organization may be impacted. You don’t have to look further than last year’s WannaCry and NotPetya ransomware attacks to see examples of this.

Merck, the global pharmaceuticals company, Maersk, the global shipping and transportation company, and FedEx were all hugely financially impacted by the NotPetya attacks.

But it wasn’t just multinational corporations who fell victim. Smaller companies, such as Nuance Communications, were also attacked. The company recently disclosed its losses in a filing with the Securities and Exchange Commission (SEC).

Nuance was unable to get its software back online completely until early August, inhibiting its ability to offer SaaS transcription services for healthcare companies. The company also mentioned that a subsequent data breach in November had occurred when “an unauthorized third party illegally accessed reports hosted on a Nuance transcription platform.”

The company expects to incur additional costs this year when it enhances and upgrades its cybersecurity software, while still providing additional resources to its health companies.

The 2018 Verizon Data Breach Investigations Report notes how ransomware has increased in prevalence because it has been, and continues to be, an effective tool for cybercriminals.

To find out how to be part of the early access program for the Server Protection products by Sophos - Contact us.

A New Age of Malware - Cryptocurrency Mining

by

By Leonard Kleinman - Forbes

Cryptocurrencies continue to make headlines, and generally for all the wrong reasons. As cryptocurrency continues to fluctuate in value, we are seeing a plethora of new cryptocurrency malware emerging. This is reflective of the evolution of modern malware, with variants attacking computer systems globally, hijacking them to mine cryptocurrencies and capitalizing on the victim’s resources. Crypto-malware is literally making money.

It is no surprise that crypto-malware has been proliferating, as digital currencies provide a level of anonymity and are rather profitable. It is, however, probably the worst of all malware. This new age of crypto-jacking malware simply uses the end user’s device to mine cryptocurrency when they visit an infected site.

More websites are adopting cryptocurrency mining through visitors instead of running ads to fund their businesses. Recently, the popular torrent site The Pirate Bay ran a bitcoin-miner as an alternative to ads to generate funds for the business. This new income-generating scheme caused users’ central processing units (CPUs) and electricity usages to skyrocket while degrading the performance of their device. Coincidentally, advertising revenue is dropping significantly.

Mining 101

If you have not heard of bitcoin, then you must be living under a rock. Undoubtedly the most famous cryptocurrency, it is generated by “mining.” By mining, I mean a computationally intensive task that utilizes a lot of energy and processing power for verifying transactions. Successful miners are rewarded with a “coin,” which is added to a digital wallet — or, in the case of crypto jacking, to the digital wallet belonging to the hackers. For the first time, malware can directly “print money” for criminals.

On its own, a personal computer would not be powerful enough to profitably mine cryptocurrencies — the operative word being “profitably.” Mining done properly requires specialized rigs composed of specialized hardware and lots of electricity. Note that there are different cryptocurrency algorithms, some of which are more intense and require more computing power than others.

Have a question on how to protect you networks - Contact us.

Sophos #1 in Exploit Protection

by

Sophos blocked 34 out of 35 exploits tested, while the next highest score was 22 out of 35.

Exploits are the techniques that attackers use to gain access and control of computers. Common bugs and vulnerabilities found in popular, legitimate software can be leveraged as exploits to steal data, hold files for ransom, perform reconnaissance, or simply to deploy malware.

Attackers rely on exploits the same way video game characters rely on their weapons toolkits: without them, it would be like going into battle unarmed. And despite being extremely popular for attackers, many defenses remain vulnerable to exploits, since the software often being exploited – Microsoft Office, Adobe Reader, and the like – is generally considered “safe” by security products.

This would seem to make exploit testing a no-brainer for vendor comparison services. The problem, however, is that due to the constantly evolving nature of software vulnerabilities, exploit-based attacks are some of the most difficult scenarios to test.

Fortunately, MRG Effitas managed to develop reliable and repeatable exploit testing scenarios and has recently released its “Exploit and Post-Exploit Protection Test” report. Commissioned by Sophos, this report compares the exploit-stopping abilities of nine different endpoint products.

As you can see in the chart below, Sophos far outperformed other vendors at stopping exploits: Level 1 means that the product blocked the exploit, and Level 2 means that the exploit was missed but the attack was stopped via other methods.

Sophos Exploit Protection

Sophos blocked 34 out of 35 exploits tested, while the next highest score was 22 out of 35. In fact, most vendors weren’t even able to stop half of the exploits that Sophos was able to stop.

This test was a follow-up to MRG’s previous report on malware protection. In that commissioned report, Sophos ranked #1 for both malware protection and potentially unwanted application (PUA) protection.

To summarize the test results from the two MRG Effitas reports:

  • Sophos ranks #1 in exploit prevention
  • Sophos ranks #1 in malware protection
  • Sophos ranks #1 in potentially unwanted application prevention

Contact us for more information on the Sophos Endpoint, or you can watch one of the on-demand webinars on Sophos discussing the deep learning in the Endpoint, CryptoJacking and more -

According to ISACA - Cyber Threats Up but no increase in Ransomware

by

Ransomware attacks are significantly declining despite an increase in cyberattacks generally, according to the global IT association ISACA.

Written by Peter Dinham - ITWire

In its State of Cybersecurity 2018 research study just released, ISACA reveals that last year, 62% of respondents experienced a ransomware attack, compared to 45% this year — a 17-point drop.

According to ISACA, the drop in ransomware attacks is likely because organisations are significantly better prepared after last year’s WannaCry and NotPetya attacks, with 82% of respondents saying that their enterprises now have ransomware strategies in place. In addition, 78% said they have a formal process in place— up 25-points from last year.

“While these findings are positive, the data show that ransomware attacks may have been displaced by cryptocurrency mining, which is becoming more frequent,” said ISACA.

“Cryptocurrency mining malware can operate without direct access to the file system, making them harder to detect—and as the prices of cryptocurrencies increase, the economics of cryptocurrency mining malware becomes better for the attacker.

“Additionally, the three most common attack vectors remain unchanged from last year - phishing, malware and social engineering.”

The research also shows that 50% of the 2,366 security leaders surveyed have seen an increase in cyberattack volumes relative to last year and, in addition, 80% of respondents said they are likely, or very likely, to be attacked this year — a statistic that ISACA says remains unchanged from last year’s study.

According to ISACA, active defence strategies are highly effective, but underutilised.

The research also found that nearly 4 out of 10 respondents (39%) are not at all familiar or only slightly familiar with active defence strategies (e.g., honeypots and sinkholes), and of those who are familiar with active defence strategies, just over half are actually using them.

“This is a missed opportunity for security leaders and their organisations,” said Frank Downs, director of cybersecurity at ISACA.

“ISACA’s research indicates that active defence strategies are one of the most effective countermeasures to cyberattacks. A full 87% of those who use them indicate that they were successful.”

The ISACA report suggests enterprises must be better prepared with focused attention on several areas, and makes several recommendations, including:

  • Investing in talent—With attacks still on the rise, enterprises must continue to invest in finding, retaining and training skilled cyber security professionals
  • Exploring further automation benefits—Enterprises should consider automation-driven strategies and tools for detection and to support recovery and response efforts
  • Ensuring appropriate investment in security controls—With attack vectors (phishing, malware and social engineering) minimally changing, existing control types are still valid and useful. Enterprise investment and attention to security controls should increase in line with the frequency of these attack vectors.

The Anatomy of a Hack

by

Sophos Cybersecurity Advisor James Lyne appeared on NBC recently, where he talked about the state of cybersecurity and what we can all do to protect ourselves and our information. It’s an important, realistic look at the state of our data, and what we can do to stay ahead of the bad guys.

Take a moment to scan the results of this survey of 2,700 industry pros to learn more about how to protect your business. - Survey Results

Learn more about protecting your business from Ransomware and other never-before-seen threats before they disrupt your business and impact your bottom line - Check out Sophos’ Whitepaper on Exploits Interrupted.

If you have questions on any of the Sophos Products or how to ensure your employees do not inadvertantly open an email with malicious content - contact us at [email protected], by phone 866-431-8972, or use the chat window.