Ransomware 101: What it is and how to protect yourself

Ransomware
Ransomware was once a blip on the cyber security radar, but times have changed: Ransomware attacks grew nearly 500 percent, to 3.8 million attacks, from 2014 to 2015.

Ransomware has been headline news ever since hospitals became big targets. One survey found that only 18 percent of hospitals haven’t been hit with ransomware attacks. But health care isn’t alone: Police departments, schools, and churches are all seeing ransomware attacks grow in frequency. Still, some organizations fail to protect themselves or are simply unaware of the threat ransomware poses. Continue Reading…

Tags: , ,

Is your phone safe from mobile malware?

mobile-malwareA decade ago, Windows machines were perceived as the target of all malware. Today, malware is a threat to all platforms. Rather than one popular operating system being inherently more secure than another, it seems malware increases in tandem with the OS’s use. The more popular it becomes, the more targeted it is, and the more vulnerabilities are found.

Today, our smartphones connect us with social media accounts, banking services, and retailers. The important question for a mobile device is not just whether its operating system is secure, but whether it has an effective security patching strategy for when (not if) the latest malware eludes a device’s safeguards. Even mobile and desktop operating systems designed with security first have had problems that called for this kind of effective update management.

Security in the mobile world

The mobile device market is dominated by two operating systems. Android owned 81.5 percent of the market in 2014, compared to 14.8 percent for iOS (not unlike the Windows and OS X situation of years ago).

However, only Apple can patch its mobile operating system similar to the way desktop OS manufacturers patch security holes and shortcomings. Android’s openness is a strength, but also its greatest security weakness because Google doesn’t have the last say when distributing security updates and patches – the OEMs and service providers hold that power. In addition, controls that block the installation of unknown, third-party software are easily circumvented, providing an easy avenue of attack for cybercriminals.

Unsurprising then is our finding that the vast majority of mobile malware — 99 percent in fact — targets Android devices. The number of attacks and different kinds of mobile malware are growing at a staggering pace, and in 2014, the number of mobile malware attacks against Android more than quadrupled, affecting about one in five Android devices.

Most people aren’t aware that Google is virtually powerless to stop malware from compromising an Android device, unless the program comes through the Play Store. Only a small percentage of users are aware that mobile malware even exists and that they need protection software to defend against it. When you consider that mobile devices now often store critical information – credit card numbers, online banking logins, etc. – and are more vulnerable to a host of attacks, it’s critical to defend devices against malware.

Though we have battled malware on desktop operating systems for years, there’s still room for progress in some areas on mobile. Most users don’t get updates in time, or at all. Plus, users are installing unknown, third-party software left and right, but have no controls (e.g., security software) in place to detect malicious apps or activity.

Complicating matters is Apple’s controls for iOS. It’s true that software sources are more tightly controlled through the App Store, but protection software is banned, and it’s unclear how often iOS devices are compromised.

Moving toward better mobile security

Understanding the current threats to your mobile device is key. No matter what kind of mobile device you use, you must realize the importance of the data on it, and exercise commensurate caution when installing apps, opening URLs, or choosing whether to enable encryption.

If you are using an Android device, there is a significant chance (one in five, likely more) that you will be targeted by malware in the next year. This malware will likely try to steal financial information from your device, or abuse it in a way that hurts you financially. And it’s very likely that we’ll see even more ransomware – software that encrypts your files with an encryption key that will be revealed only after the payment of a ransom – being targeted at Android users.

To effectively protect a device from these threats, first pick an Android device whose updates are handled directly by Google, and make sure updates are installed when available. It’s also advantageous to block the downloading of third-party applications and install protection software that can ward off any malware.

If you are using an iOS device, you are likely safe — for now. If you install updates as soon as they are available, and avoid downloading and installing apps you don’t trust, there’s a very small chance you’ll be subject to malware attacks in the near future. But as iOS increases in market share, so will the number of potential malware attacks.

 

About the author

Michael Canavan is the Vice President, Sales Engineering, Kaspersky Lab North America. He is responsible for overseeing all pre-sales systems engineering activities in the region, including North America B2B sales product training, which includes a standardized onboarding initiative for the sales team as a whole, guiding senior sales management regarding technology and solutions, and acting as a solution evangelist for North America B2B sales both internally and externally. Michael brings more than a decade of engineering experience to his role. Prior to joining Kaspersky Lab in 2010, Michael held various roles at Trend Micro in Sales Engineering and Product Management.

Tags: , , , , ,

Cyberattackers had a great 2014. Here’s how to stay ahead of them in the second half of 2015.

Symantec Internet Security Threat Report 2014 was a banner year for cyberattackers, but not security. The high-profile data breaches of last year prove that antivirus is not enough, and the numbers of spear-phishing and web-based attacks, malware targeted at virtual machines, and ransomware continues its climb to historic levels.

Symantec highlighted the various methods hackers are using to attempt to steal company data in the 20th edition of its Internet Security Threat Report (ISTR). After a thorough reading of this April report, it’s clear that businesses of all sizes are at risk: Continue Reading…

Tags: , ,

Is it a patch, or just another problem for your network?

security patchWhen is a patch not a patch? When it becomes another exploit on your network.

We sometimes lose sight of these obvious points when talking about patching and vulnerability management. At Tenable, we often discuss vulnerability management (it is what we do), which leads to conversations about patching and patch management (even though that is not what we do). Patch Tuesday has driven systems administrators and vulnerability management professionals into a myopic patch mentality; sometimes it works well, sometimes it works just well enough, and sometimes it leads to stupidity.

Patching isn’t always the answer. When vulnerabilities are found, there should be a logical process for dealing with them. While “slap a patch on that bad boy” is often a great answer, and frequently the easiest, it is not the only response to network vulnerabilities. Continue Reading…

Tags: , , , , ,

Why it’s time to rethink what drives your IT security program

intrusion prevention system (IPS)In the past, IT security was like insurance, viewed as an expense, not a revenue generator. That perception left IT with minimal dollars allocated to securing networks, data, and other assets. But with the increase in threats, ranging from malware to data and identity theft, security has become a priority for all organizations.

Over the past three decades, businesses have developed structured security programs as federal and industry regulations became more prevalent. The Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley Act (SOX), and Payment Card Industry Data Security Standard (PCI DSS) are some of the well-known guidelines that have advanced compliance-based security.

But regardless of the industry guidelines, both compliance controls and the threat landscape have evolved, introducing a new requirement to address: risk. Security can no longer simply check the box of compliance as it could in the past. Risk is the new basis for every effective IT security program. Continue Reading…

Tags: , , ,

3 perimeter security challenges, and how organizations can fix them

perimeter securityIT administrators have plenty of perimeter security tools at their disposal, from firewalls to spam filters to intrusion detection solutions. But despite all the preventative measures, most organizations still have gaps in their security controls or processes, which could lead to cracks in their system. A coordinated attack from an outside threat could penetrate these seemingly thick walls of perimeter security due to poor security management and overlooked system vulnerabilities.

Securing a network’s perimeter, defined as the demarcation point for exchanges among data, assets, employees, and partners, is a struggle for many organizations because of its complexity. IT departments can be easily overwhelmed by operating a complete perimeter security system because individual solutions are often stitched together, and therefore require multiple management controls, protocols, and licenses.

Companies with fewer than 2,000 users experience the most significant challenges, because the laundry list of best practices that includes firewalls, VPNs, web and mail proxies, and intrusion prevention systems (IPSs) is typically expensive and arduous. In response to individual threats, the piecemeal approach of perimeter security is often deployed over many years.

The threats don’t stop, and with infrastructure constantly under attack, the risk of a breach remains high. Here are three common challenges mid-size businesses are facing with regard to perimeter security, and how organizations are solving them. Continue Reading…

Tags: , , , ,

3 steps to secure your network for the Internet of Things

everything connectedThe number of devices that rely on network connectivity to do their jobs is skyrocketing — mobile-connected devices will outnumber people in the world by the end of the year, according to Cisco. All those smartphones and tablets are improving productivity and access to data, but they can also become security risks that open your network to attacks. The vulnerability of network connections has always been a problem, but the more devices are linked, the more risks you’ll have to manage, and the more stringent your security will have to be.

No potential threat is greater than the Internet of Things (IoT). As the IoT takes hold in organizations, it will exponentially multiply the number of devices on your network, connecting everything from thermostats and HVAC systems to vehicles and manufacturing equipment. Experts expect 26 billion connected units by 2020.

Every organization is facing the inevitability of the IoT and must take a stand against future security risks now. Here are three things you should do to take control of your connectivity and head off any risks as we brace for an explosion of devices as part of the IoT. Continue Reading…

Tags: , , ,

Ghost assets are scarier than you might think: Part 1

Ghost serversThis post is part of a three-part series on ghost assets.

The vast majority of IT environments are haunted. Large-scale infrastructures, by virtue of their operational requirements, value high capacity and high availability over asset management. This inevitably means there are ghost assets lurking in most environments — devices whose purpose withered and passed on some time ago, but were not removed or repurposed. Still plugged in and probably connected to a network, they serve no material business purpose. They simply absorb space, power, and resources. A recent article on InfoWorld rightly points out that decommissioning ghost servers saves money on utility bills and datacenter space. However, these wraiths also embody a much more serious risk: software and regulatory compliance exposure.

Ghost in the machine
This post will refer to ghost assets rather than just servers. This term encompasses hardware, software, maintenance value, as well as any supporting systems that might be needlessly consumed by assets that no longer make a meaningful contribution to an IT environment. Power management, facilities maintenance, middleware, storage, backup, and disaster recovery are all secondary resources consumed by a ghost that add to its overall cost. But when ghost assets negatively impact compliance, the cost they represent increases exponentially. Continue Reading…

Tags: , , ,

The biggest IT security threats and how to prevent them

If the news is any indication, IT security (or the lack thereof) is a growing concern among companies of all sizes. In the wake of reports that Chinese hackers are engaging in commercial cyber-espionage, some companies are calling for a go-ahead to hack right back when they fall victim to such security threats. Breaches by hackers from Syria, Iran, and other countries around the world signal the need for a new approach to guarding IT infrastructure.

But even beyond hackers, there are a number of threats to corporate IT systems that can disrupt business and gouge bottom lines. Let’s look at some of the major threats and how companies of all sizes can mount a defense to keep their systems secure.

Top four IT security threats

From outsiders to your own employees, here are definitions for four of the most common vulnerabilities in corporate networks:

  • Hackers. One of the oldest and most commonly understood threats, hackers work as individuals or groups to leverage weaknesses in an organization’s IT infrastructure to gain access to its systems. Through the years this access has dramatically evolved from young pranksters seeking little more than bragging rights to today’s organized groups of cyber criminals stealing financial and proprietary information for financial or political gain. Today’s hackers use both manual and automated processes to break into an organization’s IT infrastructure.
  • Malware. Malware refers to any type of malicious software used to infiltrate private computers or networks in order to gain access to sensitive data. Malware is also used to slow down system performance by utilizing memory, CPU, and other system resources. Wikipedia offers a comprehensive list of the different types of malware, including computer viruses, worms, trojan horses, rootkits, keyloggers, dialers, spyware, adware, malicious browser plug-ins, and rogue security software. Continue Reading…
Tags: , , ,