Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

Ransomware Attacks Double for Second Year in a Row

by

Dark Reading - Sara Peters - News

Outside attackers still the biggest problem - except in healthcare.

After doubling in 2016, the frequency of ransomware attacks doubled again in 2017, according to findings in the latest Verizon Data Breach Investigations Report (DBIR).

The 2018 DBIR is the 11th edition of the report, and includes data not only from forensic investigations conducted by Verizon, but also 67 contributing organizations. In total, the report covers analysis on over 53,000 incidents and 2,216 breaches from 65 countries.

Ransomware was found in 39% of the malware-related cases covered in the report. Dave Hylender, Verizon senior network analyst and co-author of the report, says he was “a bit surprised” at an explosion of that magnitude.

The type of targets is changing as well. “When we first started seeing [ransomware], it was smaller organizations, one desktop, one laptop,” says Hylender. “Now it’s more widespread and affecting critical systems,” including servers.

Further, attackers are using ransomware for more than collecting ransom payments. They’re also employing ransomware to distract, disrupt, or destroy - as part of a multi-pronged attacks or a ransomworm like NotPetya, for example.

“There are a lot of things that are going under the guise of ransomware,” says Hylender. He cites an example in which an attacker requested payment, but made it almost impossible for themselves to decrypt the data even if they receiveed the payment; the goal was definitely to disrupt or wipe data.

“I think [ransomware] is growing because it’s continuing to work, but that kind of attack is [also] one of the reasons it’s growing,” he says.

Read Full Article ->

The two most important ways to defend against security threats

by

By Roger A. Grimes - CSO - February 7, 2018

Patching and security training programs will thwart attacks more effectively than anything else. You’re already doing them. Here’s how to do them better.

An average of 5,000 to 7,000 new computer security threats are announced each year. That’s as many as 19 every day. The rate at which new threats appear make it difficult to decide which ones require your attention. It might surprise you that, while your competitors waste money on high-tech, expensive, and sometimes exotic defenses, you can get far more value by concentrating on just two things you already do. You can spend less money and nothing you do otherwise will provide a better defense.

The two things you need to do better are not a secret. You already know you need to do them. You know from your own experience that what I’m saying is true. The data in favor of doing them is overwhelming. Still, most companies don’t do them well enough.

Change your security focus

Most computer security defenders focus on the wrong things. They focus on specific threats and what they did after hackers broke in, not how they broke in. There may be hundreds of thousands of unique software vulnerabilities and hundreds of millions of unique malware families, but they all share about a dozen different ways that they initially exploited an environment, including:

  • Unpatched software
  • Social engineering
  • Misconfigurations
  • Password attacks
  • Physical attacks
  • Eavesdropping
  • User errors
  • Denial of service

Focusing on and reducing these root exploitation causes will help you significantly defeat hackers and malware.

If you want to minimize computer security risk the fastest, identify the biggest root exploitation causes in your company that allow threats to do the most damage to your environment. Stop the biggest root cause and you stop every threat that uses that root cause.

So, what are the biggest root exploitation causes in most environments? Unpatched software and social engineering.

Without a doubt, these two root causes are responsible for the most successful and damaging attacks in most companies and have been for decades. One of these root exploitation methods has likely been behind any big attack that has made news in the mainstream media. In my experience, when a company of any size or even the military suffers a big attack, it’s can be traced to one of those two root causes.

Your company’s experience may vary, and if it does, you can ignore this article. The biggest problems for the majority of readers are unpatched software and social engineering. If they fix those two things, it will do more to decrease security risk than all the other things they could do combined.

Read the full article ->

Sophos Named Leader (again) in Gartner Magic Quadrant for Endpoint Protection

by

Sophos has once again been named a Leader in the Gartner Magic Quadrant for Endpoint Protection Platforms, as we have been for the past decade. This year, there were one of only three in this category. This positioning confirms the ongoing innovation and impressive results of Sophos Intercept X, one of the industry’s most comprehensive endpoint protection.

Get your complimentary copy of the Magic Quadrant Report, click here,

In the report, Gartner states that the definition of an Endpoint Protection Platform (EPP) has been updated: “In September 2017, in response to changing market dynamics and client requirements, we adjusted our definition of an EPP. An EPP is a solution deployed on endpoint devices to prevent file-based malware, to detect and block malicious activity from trusted and untrusted applications, and to provide the investigation and remediation capabilities needed to dynamically respond to security incidents and alerts…Organizations are placing a premium on protection and detection capabilities within an EPP, and are depreciating the EPP vendors’ ability to provide data protection capabilities such as data loss prevention, encryption or server controls.”

“The threat landscape is evolving at an astonishing rate,” said Dan Schiappa, senior vice president and general manager of products at Sophos. “During the last 12 months alone we have seen repeated ransomware attacks that traditional endpoint protection alone cannot adequately protect against. To stay at the forefront of endpoint protection, vendors must continually analyze the landscape and innovate the approach to protection faster than cybercriminals can innovate their attack techniques. We believe Gartner’s continued placement of Sophos in the Leaders quadrant in the Magic Quadrant for Endpoint Protection Platforms demonstrates that Sophos is able to innovate and deliver solutions that organizations of all sizes can use every day. Predicting future threats is the future of security protection and the deep learning capabilities we have added to our portfolio is enabling us to do just that, more effectively than any other next-generation vendor.”

Further strengthening the advanced levels of protection within its endpoint portfolio, Sophos also announced today that it has added deep learning neural network and advanced anti-exploit technology to the newest release of its next-generation Intercept X. Intercept X can be installed alongside any traditional endpoint protection from any vendor, immediately boosting detection speed and accuracy. Sophos believes that its next-generation enduser, server, and network protection technologies will further its leadership and continue to keep customers protected as threats evolve. The advanced machine learning technology has been further developed by Sophos to enhance Sophos Sandstorm capabilities and is powering automated threat analysis in SophosLabs facilities worldwide.

 

Digital Extortion to Expand Beyond Ransomware

by

From DarkReading - Kelly Sheridan - January 30, 2018

In the future of digital extortion, ransomware isn’t the only weapon, and database files and servers won’t be the only targets.

When we think of digital extortion, we typically think of ransomware. But cybercriminals now are looking outside ransomware for new ways to shake down organizations.

Cybercriminals have learned that many businesses will pay if a ransomware attack cripples their day-to-day operations. Ransomware drove the spike in digital extortion in 2017 and remains cybercriminals’ weapon of choice, according to a new Trend Micro study “Digital Extortion: A Forward-Looking View.”

But threat actors are exploring new extortion tactics. “Some of the attacks we’ve seen highlight a shift in the model itself,” says Trend Micro chief cybersecurity officer Ed Cabrera. “As we expand our digital footprint, I think it creates an enormous opportunity for attackers to identify areas where they can have immediate impact.”

The criminal extortion framework has been around in the physical world for a long time, he continues. Now, in the digital world, it’s just getting started. Attackers are learning their chances of getting paid increase exponentially if they target certain files, systems, or databases. While ransomware will remain popular, but other types of threats are starting to appear, according to Trend Micro.

Extortion attacks and critical infrastructure

“Going forward, you would be remiss to just focus on files,” says Cabrera. Cybercriminals will begin to leverage the growth of IoT, specifically industrial IoT, to extort money from victims. Businesses that need to be up and running at all times are especially vulnerable

Read the article ->

If you have questions on how to protect your mission critical systems, contact us.

SyncCrypt ransomware able to sneak past most antivirus defenses

by

From SC Magazine - August 17, 2017 - Doug Olenick,

A new ransomware called SyncCrypt is using a unique method of downloading the malicious files that makes it very hard for an antivirus program to detect.

SyncCrypt was detected by Emisoft researcher xXToffeeXx, reported Bleeping Computer, and is spread via spam emails containing an attachment with .wsf (Windows Script File) files. What is unusual about this, other than a .wsf file being used – which is rare – said Bleeping Computer founder Lawrence Abrams, is the .wsf will download an image with embedded .zip files containing the ransomware.

“This method has also made the images undetectable by almost all antivirus vendors on VirusTotal,” Abrams said.

Once the email is opened and the target decides to open the attachment, the social engineering plan being used has the document being listed as a court order, a JavaScript script activates that downloads the image. If the victim clicks on the downloaded image the cybercriminal’s sense of humor, or perhaps musical taste, appears when an image of Olafur Arnalds’ album titled “& They Have Escaped the Weight of Darkness” is shown.

However, whether or not the image is opened the .zip file is downloaded and its contents, a sync.exe, readme.html and readme.png, are extracted, Abrams said. The good news is that while image file tends to pass through most antivirus files contained inside the .zip file are more susceptible to detection. Although Bleeping Computer found that VirusTotal still detected them less than 50 percent of the time.

If properly installed the files are encrypted with a .kk extension and then the ransom note appears giving the victim 48 hours to pay about 0.1 bitcoin.

At this time there is no way to decrypt the files and the best defense is to ensure all files are properly backed up.