Tuesday, June 28, 2016
Building Cyber Awareness: What I Would Do First
Cyber security experts are often asked what strides an organization should take in order to measurably reduce their exposure to cyber threat actors, and their relentless cyber-attacks. Deploying the right security technologies obviously makes good sense. However, no matter how much security technology you deploy, it will never completely replace good common sense. Most cyber-attacks that result in data theft involve the human element, and the dreaded 'click;' that is, the act of an employee being fooled by a phishing E-mail and clicking a link or attachment that installs malicious software without detection. Reducing this single liability would serve to improve anyone's defensive posture. This article discusses how to solve this problem.
Monday, June 27, 2016
Ransomware Infections Double in Two Years
KnowBe4 just released the first long-time study focusing on IT Pros experience with ransomware. In June 2016 KnowBe4 surveyed 1,138 companies in a variety of industries and compared your levels of concern about ransomware in 2014 to 2016. It's not a pretty picture.
Thursday, June 16, 2016
Security Experts Offer Password Hygiene Tips
PORTLAND, Ore. -- June 15, 2016 -- In May 2016, security researchers discovered that millions of user accounts from popular sites like LinkedIn, MySpace and Tumblr were for sale in underground marketplaces. The victims' personal data came from multiple widespread data breaches, many of which took place between 2011 and 2013. Overall, the breaches revealed over 642 million passwords, and the FBI has issued a warning that cyber criminals have already started using information stemming from the breaches in blackmail and ransomware schemes.
According to the FBI, "The recipients are told that personal information, such as their name, phone number, address, credit card information, and other personal details, will be released to the recipient's social media contacts, family, and friends if a ransom is not paid. The recipient is instructed to pay in Bitcoin, a virtual currency that provides a high degree of anonymity to the transactions."
"With the increase of breaches that we've seen over the past few years, it's likely at least one of your passwords has been stolen by a hacker," said Travis Smith, senior security research engineer for Tripwire. "It's entirely possible one of your accounts has been compromised and that the website or service has not yet discovered the breach."
"Passwords are often the weakest link in an otherwise secure system," said Craig Young, security researcher for Tripwire. "The reuse of passwords across multiple systems and the use of simple passwords commonly found in password cracking dictionaries account for a large number of account hijackings."
Major vendors like Microsoft are taking direct steps to ban common passwords, but the attacks stemming from recent data breaches serve as serious reminders for users to take a closer look at their passwords. Tripwire security experts offer the following advice for consumers to improve their password hygiene:
• Change your passwords on a regular basis. Many of the passwords from these recent data breaches are being sold on the dark web and are over three years old. Using stale passwords can keep you exposed to threats.
• Stop using passwords and start using passphrases. Using a series of words is far less likely to show up in an attacker’s password dictionary than a single word. A starting point for a secure passphrase could be a favorite quote or a line from a song, complete with spaces and punctuation.
• Be liberal with character substitutions. A password can be made stronger by replacing 'o' with '0,' 'e' with '3,' or 'a' with '@.'
• Use a different password for each website or service. If an attacker manages to steal a password for one website, they cannot use the same password to access other websites.
"Creating unique credentials for each website may seem daunting, but one option is to add something you associate with the website’s service to the passphrase," Young added. "For example, if I were to create a password for an online book retailer, I might start with the quote "It was the best of times," and then change it to "It w$s th3 b3st 0f tim3s." To make an ever stronger, more unique passphrase, I could add 'books': "It w$s th3 b3st 0f tim3s b00ks.""
An additional way to utilize unique credentials is to take advantage of two-factor authentication. "Employing multiple authentication factors prevents an attacker from gaining access by simply compromising your password," said Tim Erlin, director of IT security and risk strategist at Tripwire. "Two-factor authentication often uses a password and a one-time code sent to a mobile device. Other factors used for authentication could be a fingerprint, retinal scan or a physical card. Many websites and online services now support two-factor authentication, and users should enable it where possible."
According to the FBI, "The recipients are told that personal information, such as their name, phone number, address, credit card information, and other personal details, will be released to the recipient's social media contacts, family, and friends if a ransom is not paid. The recipient is instructed to pay in Bitcoin, a virtual currency that provides a high degree of anonymity to the transactions."
"With the increase of breaches that we've seen over the past few years, it's likely at least one of your passwords has been stolen by a hacker," said Travis Smith, senior security research engineer for Tripwire. "It's entirely possible one of your accounts has been compromised and that the website or service has not yet discovered the breach."
"Passwords are often the weakest link in an otherwise secure system," said Craig Young, security researcher for Tripwire. "The reuse of passwords across multiple systems and the use of simple passwords commonly found in password cracking dictionaries account for a large number of account hijackings."
Major vendors like Microsoft are taking direct steps to ban common passwords, but the attacks stemming from recent data breaches serve as serious reminders for users to take a closer look at their passwords. Tripwire security experts offer the following advice for consumers to improve their password hygiene:
• Change your passwords on a regular basis. Many of the passwords from these recent data breaches are being sold on the dark web and are over three years old. Using stale passwords can keep you exposed to threats.
• Stop using passwords and start using passphrases. Using a series of words is far less likely to show up in an attacker’s password dictionary than a single word. A starting point for a secure passphrase could be a favorite quote or a line from a song, complete with spaces and punctuation.
• Be liberal with character substitutions. A password can be made stronger by replacing 'o' with '0,' 'e' with '3,' or 'a' with '@.'
• Use a different password for each website or service. If an attacker manages to steal a password for one website, they cannot use the same password to access other websites.
"Creating unique credentials for each website may seem daunting, but one option is to add something you associate with the website’s service to the passphrase," Young added. "For example, if I were to create a password for an online book retailer, I might start with the quote "It was the best of times," and then change it to "It w$s th3 b3st 0f tim3s." To make an ever stronger, more unique passphrase, I could add 'books': "It w$s th3 b3st 0f tim3s b00ks.""
An additional way to utilize unique credentials is to take advantage of two-factor authentication. "Employing multiple authentication factors prevents an attacker from gaining access by simply compromising your password," said Tim Erlin, director of IT security and risk strategist at Tripwire. "Two-factor authentication often uses a password and a one-time code sent to a mobile device. Other factors used for authentication could be a fingerprint, retinal scan or a physical card. Many websites and online services now support two-factor authentication, and users should enable it where possible."
Building Cyber Awareness: What I Would Do First
Cyber security experts are often asked what strides an organization should take in order to measurably reduce their exposure to cyber threat actors, and their relentless cyber-attacks. Deploying the right security technologies obviously makes good sense. However, no matter how much security technology you deploy, it will never completely replace good common sense. Most cyber-attacks that result in data theft involve the human element, and the dreaded 'click.' That is, the act of an employee being fooled by a phishing E-mail and clicking a link or attachment that installs malicious software without detection. Reducing this single liability would serve to improve anyone's defensive posture. This article by Stephen Gates, Chief Research Intelligence Analyst, NSFOCUS, discusses his recommendations on how to solve this problem.
Thursday, June 2, 2016
New Studies of Russian Ransomware: How Much Users Pay and How Much Money They Make
This morning, deep and dark web intelligence firm Flashpoint released the findings from a five month study of an organized Russian ransomware campaign.
The new research reports, titled Inside an Organized Russian Ransomware Campaign and Hacking Healthcare, detail the pay out schemes and how cybercriminals are using Ransomware as a Service (RaaS) to successfully target victims, with the healthcare industry being identified as a priority target.
The reports detail ransomware campaign key metrics, including average salaries for various members of ransomware schemes, ransom amounts per US victim, and average monthly ransom payments as well as some of the latest healthcare-focused attacks and the response in underground forums.
The reports can be found at Ransomware as a Service and Hacking Healthcare.
Tuesday, May 31, 2016
All Seeing, All Knowing Border Control: Endpoint Detection and Response
The evolutionary arms race between hackers and cyber-defenders has led to the rapid disruption of the traditional managed security service provider (MSSP) market. As vendors scramble to stay relevant, this has led to a sea of sales messages and acronyms, including the advent of EDR and proactive threat hunting. Breaking this down, we have EDR (Endpoint Detection and Response), the word proactive (the mainstay of copyright teams globally), and threat hunting (why wouldn’t you want that), but marketing aside, what does this actually mean? Read this article and you'll know.
Monday, May 9, 2016
April Was Worst Ransomware Infection Month on Record
May 9, 2016--Ransomware infections in the U.S. made up a bigger chunk of infections in April than any other month on record.
Ransomware infections in April 2016 more than doubled the total from March 2016.
And that ransomware made up a larger percentage of overall infections in April than in any other month in the last three years.
That's according to data released this week by Enigma Software.
The experts at Enigma looked at more than 65 million malware infections detected by its software in the US since April 2013.
Generally, ransomware infections threaten computer users with destruction of data if they don’t pay a ransom to the crooks who created the infections.
Several high profile cases of ransomware have made national and international headlines in the last few weeks as infections have hit hospitals, school districts, and other government offices.
"It’s not just businesses that are being hit by ransomware," said Enigma Software spokesperson Ryan Gerding.
"Every day thousands and thousands of people turn on their personal computers only to find their most precious photos and other files have been locked up by bad guys."
Enigma Software Group reports that after staying steady for the last six months of 2015, the number of ransomware infections began to climb in 2016.
February saw a 19.37% increase over January. March had a 9.46% increase over February.
And now April infections have more than doubled those in March with a spike of 158.87%, the third biggest month to month spike on record.
Gerding says the best defense against ransomware is a three-pronged approach:
In fact, for every ransomware infection detected by in April, there were 133 non-ransomware infections.
Those infections range from rogue anti-spyware programs that steal money by pretending to be legitimate anti-spyware programs to adware that slows down computers and hijacks web browsers.
Ransomware infections in April 2016 more than doubled the total from March 2016.
And that ransomware made up a larger percentage of overall infections in April than in any other month in the last three years.
That's according to data released this week by Enigma Software.
The experts at Enigma looked at more than 65 million malware infections detected by its software in the US since April 2013.
Generally, ransomware infections threaten computer users with destruction of data if they don’t pay a ransom to the crooks who created the infections.
Several high profile cases of ransomware have made national and international headlines in the last few weeks as infections have hit hospitals, school districts, and other government offices.
"It’s not just businesses that are being hit by ransomware," said Enigma Software spokesperson Ryan Gerding.
"Every day thousands and thousands of people turn on their personal computers only to find their most precious photos and other files have been locked up by bad guys."
Enigma Software Group reports that after staying steady for the last six months of 2015, the number of ransomware infections began to climb in 2016.
February saw a 19.37% increase over January. March had a 9.46% increase over February.
And now April infections have more than doubled those in March with a spike of 158.87%, the third biggest month to month spike on record.
Gerding says the best defense against ransomware is a three-pronged approach:
- Regularly back up your data to an external device or to the cloud. That way, if you do get a ransomware infection, you can simply restore your data to the last time you saved it rather than paying the ransom or losing the files altogether.
- Make sure all of your operating system and anti-virus/anti-malware programs are set to update automatically
- Think about that link. Almost all of the ransomware infections attacking individual computers come because someone got tricked into clicking on a link: either in a bogus email, a hijacked social media account, or somewhere else online.
In fact, for every ransomware infection detected by in April, there were 133 non-ransomware infections.
Those infections range from rogue anti-spyware programs that steal money by pretending to be legitimate anti-spyware programs to adware that slows down computers and hijacks web browsers.
Subscribe to:
Posts (Atom)