Tuesday, May 31, 2016

All Seeing, All Knowing Border Control: Endpoint Detection and Response

The evolutionary arms race between hackers and cyber-defenders has led to the rapid disruption of the traditional managed security service provider (MSSP) market. As vendors scramble to stay relevant, this has led to a sea of sales messages and acronyms, including the advent of EDR and proactive threat hunting. Breaking this down, we have EDR (Endpoint Detection and Response), the word proactive (the mainstay of copyright teams globally), and threat hunting (why wouldn’t you want that), but marketing aside, what does this actually mean? Read this article and you'll know.

Monday, May 9, 2016

April Was Worst Ransomware Infection Month on Record

May 9, 2016--Ransomware infections in the U.S. made up a bigger chunk of infections in April than any other month on record.

Ransomware infections in April 2016 more than doubled the total from March 2016.

And that ransomware made up a larger percentage of overall infections in April than in any other month in the last three years.

That's according to data released this week by Enigma Software.

The experts at Enigma looked at more than 65 million malware infections detected by its software in the US since April 2013.

Generally, ransomware infections threaten computer users with destruction of data if they don’t pay a ransom to the crooks who created the infections.

Several high profile cases of ransomware have made national and international headlines in the last few weeks as infections have hit hospitals, school districts, and other government offices.

"It’s not just businesses that are being hit by ransomware," said Enigma Software spokesperson Ryan Gerding.

"Every day thousands and thousands of people turn on their personal computers only to find their most precious photos and other files have been locked up by bad guys."

Enigma Software Group reports that after staying steady for the last six months of 2015, the number of ransomware infections began to climb in 2016.

February saw a 19.37% increase over January. March had a 9.46% increase over February.

And now April infections have more than doubled those in March with a spike of 158.87%, the third biggest month to month spike on record.

Gerding says the best defense against ransomware is a three-pronged approach:
  • Regularly back up your data to an external device or to the cloud. That way, if you do get a ransomware infection, you can simply restore your data to the last time you saved it rather than paying the ransom or losing the files altogether.
  • Make sure all of your operating system and anti-virus/anti-malware programs are set to update automatically
  • Think about that link. Almost all of the ransomware infections attacking individual computers come because someone got tricked into clicking on a link: either in a bogus email, a hijacked social media account, or somewhere else online.
Gerding points out that while the threat of ransomware is growing, it makes up just a tiny fraction of the kinds of infections that plague computers across the US on a daily basis.

In fact, for every ransomware infection detected by in April, there were 133 non-ransomware infections.

Those infections range from rogue anti-spyware programs that steal money by pretending to be legitimate anti-spyware programs to adware that slows down computers and hijacks web browsers.