Skip to main content
Tag

ransomware

||||

Tackling Endpoint Security Head-On in 2020

By Patch ManagementNo Comments

Tackling Endpoint Security Head-On in 2020

As cybersecurity hazards increase, every organization needs an endpoint security solution that can face the modern threat landscape with ease.

[vc_empty_space]
[vc_single_image image=”305244″ img_size=”full”]

Technology and the inherent interconnectedness it fosters provides businesses with near-limitless possibilities.

But with that potential comes no small amount of risks.

The broad spectrum of cybersecurity hazards is perhaps the clearest manifestation of that danger, and endpoint security lies at its core. Already a complicated issue by any standard, it’s only liable to become more complex and urgent to address in 2020.

Many factors play into this forecast. The rise of newer and more dangerous threats, from crippling denial-of-service ransomware to large-scale records theft, is certainly among them, but so is the proliferation of mobile devices as IoT endpoints. What’s undeniable is your organization’s need for an endpoint security solution that can face the modern threat landscape.

Maybe it’s your client database, including all of the financial and personal information you’ve collected in the partnership process, that suddenly becomes inaccessible. Perhaps key files are abruptly encrypted in a way that you’ve never seen before. Or maybe systems grind to a halt and won’t function. You see a message telling you, in so many words, to pay up or lose the data (or remain locked out of your mission-critical networks and devices). It’s a simple and often successful exploit tactic.

The Dollars-and-Cents Factors

To members of the C suite who aren’t chief information or technology officers, the urgency of cybersecurity threats may not be realized.

  • Although average organizational cybersecurity spend is up — from $584 per employee in 2012 to $1,178 in 2018 — that may not be nearly enough for large enterprises, or those within commonly targeted industries like finance or health care.
  • The average data breach anywhere in the world costs an organization $3.92 million. Specific figures vary by country (unsurprisingly, the U.S. average is highest, at $8.19 million), industry (healthcare breaches cost the most, at $6.45 million per incident) and incident severity.
  • All told, the impact of cybercrime costs the world as much as $600 billion each year.

The Endpoint Numbers Game

88% of IT professionals understand the importance of endpoint management and security, but a significant number of those individuals may not know exactly how many endpoints their organizations’ networks have.

Based on the current pace of tech development, the number of endpoints in any given system is bound to increase exponentially in 2020. Significant upticks in overall mobile device use, as well as expansion of the internet of things, will drive this, increasing organizations’ endpoint security risk by default.

More access points mean more vulnerabilities.

Cyberattackers’ Main Goal

Cyberattackers go about their criminal activities for various reasons: monetary gain, the excitement of causing chaos, information misuse, state-sponsored espionage and more.

But your IT team doesn’t have time to speculate about the reasons. There is only room for you to deal with attackers’ goals. Login and access credentials are going to be the primary target of their interloping efforts, with the intention of obtaining and purloining confidential information.

The initial shock of a cyberattack belies how adversely impactful it may be over an extended period of time. A breach’s lifecycle, from initial compromise to containment, lasts an average of 314 days, with about 279 of those directly spent on identification and eradication. You need to cut down that time frame as much as possible, and securing your endpoints is the best way to do that.

[vc_single_image image=”36938″ img_size=”full”]

Major Endpoint Threats to Watch in 2020

Endpoints, everything from PCs and smartphones to IoT-enabled printers, represent an attractive collection of weak spots to malicious online actors. Such cybercriminals will use malware to attack said endpoints in any way they can: through the operating system and application layers as well as at the firmware and BIOS levels.

Threats of particular note include:

  • Ransomware: These high-profile dedicated-denial-of-service attacks have successfully shut down municipal governments including Baltimore, Atlanta and Greenville, North Carolina during 2018 and 2019, and also devastated the healthcare sector.
  • Phishing: Social engineering threatens mobile endpoints just as much as desktops.
  • Rootkits/backdoor-access attacks: Cyberattackers who care more about theft (monetary or informational) than havoc may use subtler methods like these to gradually take what they want.
  • Employee negligence: Lax security-protocol adherence can leave endpoints more open to attack. For example, employee-owned mobile devices are the endpoints least likely to be properly secured.

Consistency in Endpoint Security

You can’t protect your network’s endpoints by operating on a case-by-case basis, going with the flow as different issues arise independent of one another. Doing so amounts to treating this as a “fly by the seat of your pants” issue, which is neither feasible nor responsible in the context of any aspect of cybersecurity (endpoint-related or otherwise).

It is critical for organizations to adopt consistent approaches to endpoint security in 2020 and beyond, fully comprehending and addressing all risks associated with its endpoints. This involves vetting the security capabilities of new devices before they are introduced to the network and continuously monitoring device vulnerability levels to ensure they never become dangerously outdated and unprotected.

Enforce Endpoint Security Hygiene

IT must relentlessly hold the organization to high endpoint security standards:

  • Retire and replace legacy hardware/software: Such resources are more likely than not to have unmanageable vulnerabilities.
  • Ensure all endpoints matter equally: An attacker entering via a networked printer (a commonly under-protected endpoint) likely isn’t interested in taking over that machine, but rather something far more destructive.
  • Keep up with trending threats: Note which scams are most prevalent among your industry peers and in general (like ransomware/DDoS attacks and botnets), without losing sight of less obvious possibilities (logic bombs, man-in-the-middle attacks, formjacking).
  • Maintain up-to-date patch management: Enable automatic updates for the most critical security patches, while handling less mission-critical patches manually. (Also, ensure patch application disrupts day-to-day operations minimally or not at all.)

Turn to Syxsense for More Secure Endpoints

Endpoint security is a complex and multifaceted issue requiring vigilance and cooperation across all departments within any given organization. Turning to the broad complement of endpoint security solutions offered by Syxsense will be an excellent place for you to start.

  • For a “one-stop-shop” with vulnerability scanning, patch management and endpoint detection and response in one package, look no further than Syxsense Secure. Available as a standalone software product or alongside 24/7 managed services from our dedicated, experienced team.
  • The similarly comprehensive Syxsense Manage solution offers additional endpoint, OS and patch management oversight to complete the picture of meticulous and wide-ranging threat management.

Begin your organization’s journey toward airtight endpoint security with a free trial of Syxsense’s products and services.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial|||” css=”.vc_custom_1572936982710{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
|||||

How Deadly is Ransomware?

By Patch ManagementNo Comments

How Deadly is Ransomware and How Effective are the Protections Against It?

Organizations of all kinds have found themselves victims to ransomware. Find out how dangerous these attacks are and explore strategies to protect your business.
[vc_empty_space]
[vc_single_image image=”36831″ img_size=”full”]

Picture the following scenario for a moment: It’s a seemingly typical day at the office for your business. People are busy and coffee-driven. Everything is unfolding as it should — or at least as it usually does.

Then, in the space of just a few seconds, everything changes on a dime with the beginning of a ransomware attack.

Maybe it’s your client database — including all of the financial and personal information you’ve collected in the partnership process — that suddenly becomes inaccessible. Perhaps key files are abruptly encrypted in a way that you’ve never seen before. Or maybe systems grind to a halt and won’t function. You see a message telling you, in so many words, to pay up or lose the data (or remain locked out of your mission-critical networks and devices). It’s a simple — and often successful — exploit tactic.

No matter how the incident specifically unfolds, whether you pay up or work around it, you’ll likely always divide your job, to some extent, into pre- and post-ransomware periods. Here, we’re going to take a deep dive into the ins and outs of ransomware, and examine how effective various tools — ranging from staff training to endpoint detection and response solutions — can be in mitigating the damage that this increasingly common cyberattack type can do.

A Brief History of Ransomware

According to a 2012 piece from TechRepublic, ransomware dates back to the late 1980s, though it did not emerge as a tool during that decade. It became somewhat prominent among hackers and cyberattackers in the mid-2000s, and about a decade after that, it began to take the forms that IT and information security team members are familiar with today.

To date, the most famous ransomware attack — and certainly the most impactful in terms of the sheer number of those who were victimized by it — is 2017’s WannaCry. This particular act of extortion involved a viral exploit known as ExternalBlue, which attacked Microsoft operating systems that hadn’t been patched for a vulnerability in the Server Message Block file-sharing protocol.

Gizmodo noted that the attack, based on a self-propagating cyber warfare tool originally developed by the National Security Agency and hijacked by the ShadowBrokers hacker group, spread quickly to every device on every network it reached and randomly through the internet.

WannaCry-infected machines saw their data encrypted and received demands for $300 ransom payments into bitcoin wallets in exchange for decryption. Since the ransomware spread to as many as 200,000 computers across 150 countries before white-hat hackers began distributing decryption keys, its makers received almost $130,000 for their efforts.

Also, although the Department of Justice would ultimately charge a North Korean hacker, Park Jin-hyok, with deployment of WannaCry and various other cyberattacks, The New York Times pointed out Park would likely never stand trial for these alleged offenses due to poor U.S.-North Korean diplomatic relations.

[vc_single_image image=”36812″ img_size=”full”]

The WannaCry ransomware attacks were some of the most devastating threats in recent history.

Anatomy of a Typical Ransomware Attack

Social engineering strategies like phishing or spear-phishing are perhaps the most common delivery system for ransomware attacks, especially in organizational networks:

  • An employee receives an email purporting to be from a manager or co-worker, urging them to click on a link or attachment.
  • When they do, malware takes over targeted systems, either encrypting files or preventing access.
  • A ransom-demand message is then delivered, sometimes with a deadline. Bitcoin wallets are the typical method of payment requested by attackers, due to their use of decentralized ledgers that can be easily found but whose owners are virtually untraceable.

Existing vulnerabilities, like the Windows flaw that allowed WannaCry just enough room to sneak into so many machines, are another common entry point for ransomware scams. Intrusion through the internet of things is also entirely feasible, especially, as CSO noted, in the case of botnets that have seized control of dozens of devices.

Botnets can — and have — shut down large portions of the global internet due to their raw power, making them perhaps the most frightening ransomware threat vector. (That said, the average ransomware attack is more precisely targeted than the blitzkrieg approach of a large botnet would allow.)

Organizations of all kinds across the public and private sectors have found themselves the victims of ransomware. But throughout the late-2010s heyday of this cyberattack type, state and local government offices were targeted with particular frequency. In many cases, this was due to under-protected or outdated IT infrastructure that was easier to breach.

Due to the sensitivity (and volume) of information these bodies hold in their records, they will most likely remain common ransomware victims for the foreseeable future. On the private-sector side of things, energy sector firms and healthcare organizations — especially the latter — have often been similarly attacked and will continue to be targeted in 2020 and the years to come.

As stated, ransomware usually works by encrypting or walling off data, or bringing an infected machine (or network) to a halt through a dedicated denial of service. However, in some recent cases, cyberattackers have used the exploits in their ransomware deployments to steal data from businesses and leak it — or threaten to do so — to add further heft to their monetary demands, according to ZDNet. Organizations must be prepared for all of the worst-case scenarios that can accompany a ransomware attack.

[vc_single_image image=”36823″ img_size=”full” css_animation=”fadeIn”]

When it comes to ransomware, preparation is essential for every organization.

The Personal Side of Ransomware Mitigation & Response

Most people are at least somewhat aware of ransomware by now. But that doesn’t necessarily mean the average employee of a given organization is trained to be cyberattack-wary in a manner that genuinely minimizes their likelihood of being hit with such an attack or provides them the skills to deal with it.

According to the results of the Chubb 2019 Cyber Risk Survey, only 31% of organizations offer company-wide training to bolster staff awareness of cyberthreats. Because of this, it’s hard to fault workers for falling prey to well-disguised ransomware scans.

The Infosec Institute pointed out that regular cybersecurity awareness training, once implemented, can be a significant aid to organizations’ efforts to reduce their overall levels of vulnerability to ransomware and other potentially devastating attacks. Experts noted that it can be particularly effective to engage employees in such training exercises on a monthly basis.

Framing these initiatives through the lens of gamification -— e.g., conducting simulated social engineering and ransomware attacks and offering prizes to those who respond to the mock threats properly — can further galvanize workers’ enthusiasm for and commitment to cybersecurity. This can lead to a significant decrease in staff members falling prey to the phishing, pretexting and other social engineering scams that often precede ransomware infection.

Choosing the Proper Tools

Training and increased awareness alone will not be sufficient to substantially mitigate the dangers that ransomware poses to countless organizations. It’ll also be necessary to find and implement a number of more concrete tools equipped to detect and repel or quarantine these cyberattacks.

If you already have an antivirus software solution in place, there’s a strong chance that it won’t be equipped to deal with contemporary ransomware threats unless the program is brand new. And most of the antivirus software that does work on ransomware is specifically focused on detecting and preventing it as opposed to other attack vectors.

Also, often as not, businesses that haven’t been previously targeted by cyberattacks of any kind will have let their cybersecurity measures fall out of date- and such lax awareness, on its own, can be enough to facilitate a ransomware intrusion, as the WannaCry debacle proved.

Instead, it may be best for your organization to use a multifaceted approach that includes not only employee training, firewalls and antivirus tools but also solutions for patch management and endpoint detection and response. As businesses integrate themselves further into the IoT landscape, their endpoint numbers will skyrocket, presenting that many more potential entry points for attackers, so it’s critical to protect them at all costs.

Syxsense offers comprehensive EDR software and patch management platforms along with always-available managed services from our support team. To dive deeper into the possibilities of our products, consider a free trial today.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial|||” css=”.vc_custom_1572936982710{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||

Fake ‘Windows Update’ Installs Ransomware

By NewsNo Comments

Fake ‘Windows Update’ Installs Ransomware

An executable file disguised as a Windows Update has been dropping the new Cyborg ransomware on its victims.
[vc_empty_space]
[vc_single_image image=”35900″ img_size=”full”]

You’ve Got Mail

An executable file disguised as a Windows Update has been dropping the new Cyborg ransomware. The delivery mechanism claims to originate from Microsoft; however, it directs the victim to an image attachment described as the ‘latest critical update’.

The email-based threat, discovered by researchers at Trustwave, is unique in various ways, unveiled in a blog post on Tuesday. One such example is that the attached file appears to be in a .jpg format, even though it executes as an .exe file.

An interesting aspect is that the emails contain a simple subject: “Install Latest Microsoft Windows Update now! Critical Microsoft Windows Update!” – but it has only a single sentence in the body, researchers stated. Typically, malicious emails include more data, socially engineered to lure the victims into clicking the malicious files.

“The fake update attachment,” writes Trustwave, “although having a ‘.jpg’ file extension, is an executable file. Its filename is randomized and its file size is around 28KB. This executable file is a malicious .NET downloader that will deliver another malware to the infected system.”

How Cyborg Ransomware Works

It’s been stated that if the attached file is clicked, it downloads the malicious payload from Github. The file is named bitcoingenerator.exe contained under its btcgenerator repository. Ironically, the file is the Cyborg ransomware and the only bitcoin generated is any cryptocurrency paid by the victim as ransom. In the sample ransom letter provided by Trustwave, the demand is for $500 in bitcoin.

The original name for the generator ‘bitcoingenerator.exe’ is ‘syborg1finf.exe’.

Trustwave then searched VirusTotal looking for the original filename, syborg1finf.exe, and found 3 separate examples of Cyborg. The supposed file extension applied to encrypted files differs between the samples found on VirusTotal and the sample found originally by Trustwave.

“This is an indication that a builder for this ransomware exists,” stated Trustwave. “We search the web and encountered the Youtube video about ‘Cyborg Builder Ransomware V1.0 [ Preview free version 2019 ]’. It contains a link to the Cyborg ransomware builder hosted in Github.”

Trustwave then used the builder to generate a new sample ransomware, finding it very similar to the version it found in the spam campaign: “Only the overlay differs as it contains the data inputted by the builder’s user.”

Ransomware on the Rise

Ransomware has clearly increased over the past years, now growing ‘fastest’, according to ZDNet. Tech security company Bitdefender analyzed Windows security threats including the dreaded ransomware, but also coin miners, fileless malware, PUAs (‘potentially unwanted applications’ that can compromise privacy or security), exploits (attacks based on unpatched or previously-unknown vulnerabilities) and banking Trojans.

In their findings, Bitdefender reports that ransomware saw the biggest year-on-year increase – a whopping 74.2%. Ransomware also (scarily) ranked first in terms of the total number of reports.

Interestingly, the number of ransomware reports actually dropped during the first half of 2019, largely because the group behind the GandCrab ransomware throttled down their operation. But since then, ransomware reports grew again as new ransomware has emerged to fill the void left by GandCrab (it’s also very possible the same group has restarted operations).

“The fall of GandCrab, which dominated the ransomware market with a share of over 50 percent, has left a power vacuum that various spinoffs are quickly filling. This fragmentation can only mean the ransomware market will become more powerful and more resilient against combined efforts by law enforcement and the cybersecurity industry to dismantle it,” the report said.

Mac Ransomware Matters

Ransomware attacks are clearly on the rise and can affect any device. ZDNet stated that all this focus on Windows means that malware writers have little time for Macs—or at least those owned by the average computer user.

“With Windows remaining a lucrative battlefront, there is little incentive for malware authors to invest time and resources to develop mass-market Mac-centric threats, focusing mostly on advanced and sophisticated threats designed for C-level executives and decision makers,” the report elaborated.

Ransomware may be scarce on macOS, but it has been “easily” targeted by ‘cryptojacking’ operations, attacks using known vulnerabilities, and ‘potentially unwanted applications’.

Recent Ransomware Strikes

Hundreds of veterinary locations (National Veterinary Associates) were hit with the Ryuk ransomware. Earlier this month, the state of Louisiana revealed that multiple state servers were targeted and compromised, and back in August, 23 local governments in Texas were hit with ransomware in one single incident.

Organizations are not adhering to current standards to prevent these types of malicious attacks. Syxsense Manage and Syxsense Secure can easily resolve vulnerabilities across an entire environment. A combination of strict security standards and proper offline backups, paired with a secure systems management and security solution, will ensure that organizations are not affected by rising ransomware and other malware events.

 

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial|||” css=”.vc_custom_1573147510616{margin-top: 15px !important;}”]
||

Worried about Cloud Security? Why On-Premise is More Dangerous

By NewsNo Comments

Worried about Cloud Security? Why On-Premise is More Dangerous

ConnectWise is warning its customers that hackers are targeting its on-premise software to gain access to client networks and install ransomware.
[vc_empty_space]
[vc_single_image image=”35646″ img_size=”full”]

Attackers Targeting On-Premise Software

Remote IT management solutions firm ConnectWise is warning its customers that hackers are targeting its on-premise software to gain access to client networks and install ransomware.

First notifying its customers via Twitter on November 7, ConnectWise said it was aware of “recent reports of malicious actors targeting open ports for ConnectWise Automate on-premises application to introduce ransomware…Please ensure that your ports are not left open to the internet based on our best practices.”

In a separate statement, ConnectWise said that “in an effort to protect our partners, we will not publicly disclose the specific port that is being targeted. We are communicating with our impacted Automate on-premise partners and are happy to answer any questions offline.”

The company is recommending that customers visit a support page and follow the steps provided to secure the on-premise Automate implementations and prevent the attacks. These steps involve closing Automate ports exposed to the internet.

Reaction to the Attacks

Some customers who received this information were confused and wanted to know more, such as the actual ports that were being exploited or the type of attacks. One such user pointed out that the support page appears to contradict itself by persuading customers to open the ports, then to close it.

ZDNet asked ConnectWise for additional details about the attacks, but the company did not respond. ZDNet went on to state that if customers would know what ports the attackers are targeting, the types of attacks hackers are launching, or what type of ransomware hackers are attempting to install, this would help many companies take preventative measures.

This would be the second time this year that attackers have targeted ConnectWise to penetrate its customer networks and deploy ransomware. In February, a malicious group exploited an outdated plugin for ConnectWise Manage to deploy versions of the GandCrab ransomware on the networks of more than 100 companies, stated ZDNet.

Instead of taking a huge risk with hosting an IT management solution on-premise, as well as forking-out more capital for additional assets to host it on, leverage a fully cloud-based solution where every connection is encrypted end-to-end.

Syxsense Manage and Syxsense Secure provide a fully-encrypted experience over 2048-bit encryption, in addition to multi-factor methods, location security, and granular user access.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial|||” css=”.vc_custom_1572936982710{margin-top: 15px !important;}”]
|||

Massive Ransomware Attack Strikes 23 Texas Towns

By BlogNo Comments

Massive Ransomware Attack Strikes 23 Texas Towns

The state of Texas has been hit with a rare coordinated ransomware attack that disrupted systems of 23 different local governments.
[vc_empty_space]
[vc_single_image image=”33206″ img_size=”full”]

Use Patch Management to Prevent Ransomware Attacks

23 cities in Texas were hit with a coordinated ransomware attack this weekend. A research firm which studies ransomware, has said that attacks aimed at state and local government are on the rise, with at least 169 examples of government computer systems hacked since 2013. There have been more than 60 already this year.

One of the most popular ways of tapping into government networks is through remote desktop systems, which can be vulnerable to hackers. Last week, Microsoft included a patch for RDS which had a CVSS score of 9.8. Windows RDS has been exposed for a plethora of network hacks and global data thefts. It’s also one of the chosen weaknesses used to spread ransomware.

The biggest lesson to come out of these attacks is that applying security updates as soon as possible can go a long way toward avoiding victimization when vulnerabilities are exploited by ransomware.

The Best Offense is a Solid Defense

The Top 5 Patching Mistakes whitepaper breaks down the assumptions that many IT professionals have about managing their environment. When a future ransomware attack occurs, these mistakes could significantly contribute to the spread of it. Or, when the next doomsday strikes, you could be completely bulletproof.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
[vc_btn title=”Get Started with Syxsense” color=”warning” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial|||”]
||

Why Enterprise Ransomware Attacks Are Increasing

By Blog, Patch ManagementNo Comments

Why Enterprise Ransomware Attacks Are Increasing

According to researchers, ransomware is rapidly shifting toward corporate targets.
[vc_empty_space]
[vc_single_image image=”33126″ img_size=”full”]

According to various sources, ransomware appears to see triple-digit spike in corporate detections. A pair of reports released by Black Hat and Accenture mark the enormous shift away from targeting typical consumers.

With attackers attempting to “win” the most payout, ransomware attacks are proving to migrate from consumer targets to organizations, businesses, and municipalities. It also appears consumer detections have finally fallen below organizational detections, according to Malwarebyte’s Black Hat 2019 quarterly threat report. The report determined that overall ransomware detections against enterprise environments in the second quarter rose by 363 percent year-over-year; meanwhile, consumer detections have been slowly declining by 12 percent year-over-year.

The report also found that ransomware is certainly expected to evolve with hybrid attacks with worm-like functionality and other malware families.

“This year we have noticed ransomware making more headlines than ever before as a resurgence in ransomware turned its sights to large, ill-prepared public and private organizations with easy-to-exploit vulnerabilities such as cities, non-profits and educational institutions,” said Adam Kujawa, director of Malwarebytes Labs, in the report published on Thursday at Black Hat 2019. “Our critical infrastructure needs to adapt and arm themselves against these threats as they continue to be targets of cybercriminals, causing great distress to all the people who depend on public services and trust these entities to protect their personal information.”

Earlier in the month, Accenture’s iDefense division discovered MegaCortex, a form of malware in prior years, has been rearchitected as enterprise-focused ransomware.

“The authors of MegaCortex v2 have redesigned the ransomware to self-execute and removed the password requirement for installation; the password is now hard-coded in the binary,” states Leo Fernandes, Senior Manager of Malware Analysis and Countermeasures at Accenture. “Additionally, the authors also incorporated some anti-analysis features within the main malware module, and the functionality to stop and kill a wide range of security products and services; this task was previously manually executed as batch script files on each host.”

It also appears that ransomware will not only focus on local files but attempt to access enterprise network shares, unbelievably increasing the level of impact from ransomware. “The evolution of ransomware from high volume, low return, spray and pray consumer attacks to lower volume, high value, targeted attacks against business is well documented,” stated Security Week, “The intent now is not to simply encrypt local files, but to find and encrypt network shares in order to inflict the greatest harm in the shortest time.”

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
[vc_btn title=”Get Started with Syxsense” color=”warning” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial|||”]
|||

MegaCortex Ransomware Targeting Victims Worldwide

By Blog, Patch ManagementNo Comments

MegaCortex Ransomware Targeting Victims Worldwide

A new variant of ransomware called MegaCortex is targeting enterprise networks and organizations across the United States and Europe.
[vc_empty_space]
[vc_single_image image=”33108″ img_size=”full”]

A new variant of ransomware has been discovered, called MegaCortex, that is targeting enterprise networks and organizations. Once the environment is penetrated, the attackers infect it by distributing the ransomware using Windows domain controllers.

Researchers at Accenture iDefense described that operators behind the ransomware are focusing strictly on corporate targets to ensure large cash payouts. Being a new variant of ransomware, not much is currently known about its encryption algorithms (other than it’s been reported an RSA public key is hardcoded into the malware), how the network can actually be infiltrated, and whether the payments are actually being honored.

“With a hard-coded password and the addition of an anti-analysis component, third parties or affiliated actors could, in theory, distribute the ransomware without the need for an actor-supplied password for the installation,” the researchers say. “Indeed, potentially there could be an increase in the number of MegaCortex incidents if the actors decide to start delivering it through email campaigns or dropped as secondary stage by other malware families.”

How MegaCortex Strikes

The ransomware creates a ransom note named “!!!_READ_ME_!!!.txt” and contains information about the ransom as well as the email addresses to contact the attackers.

Ransomware aimed at enterprise and corporate networks continue to rise, not just because of the hope for larger payout, but because of centralized authentication making it easier for devices to spread the ransomware so quickly.

[vc_single_image image=”33111″ img_size=”full” onclick=”link_image”]

Using a tool like Syxsense can actively prevent breaches before they spread. Receive live, accurate, data from thousands of devices in under 10 seconds then instantly detect running .exes, malware or viruses and kill those processes before they spread.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
[vc_btn title=”Get Started with Syxsense” color=”warning” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial|||”]
||||

How Executives Can Prevent Data Breaches

By NewsNo Comments

How Executives Can Prevent Data Breaches

When the total average cost of a data breach is $3.86 million, preventable problems are not acceptable. Here's how to mitigate the risk.
[vc_empty_space]
[vc_single_image image=”30024″ img_size=”full”]

This article was originally featued in Hackernoon

Data breaches are so much a part of our way of life that we barely bat an eye any more when another company gets their data stolen. In fact, some publication or another has called every year since 2005 the “year of the data breach”. Every year there are multiple new high-profile thefts of consumer data, and a lot of them are preventable.

Equifax’s 2017 data breach is one of the best-known, and it stemmed from one of the dumbest possible reasons: not keeping up to date with patches. There are multitudes of basic, preventable problems that have caused huge data breaches: sequential user IDs in plaintext, plaintext password storage, transaction logs that don’t check balance on every transaction — the list goes on and on…

When the total average cost of a data breach is $3.86 million, preventable problems are not acceptable.

[vc_single_image image=”30026″ img_size=”full” alignment=”center”]

But data breaches are preventable, and as an executive you have the responsibility to make sure they don’t happen. Here’s how you can mitigate the risk.

1. Get Your Staffing Right

Equifax’s data breach was particularly egregious for a few reasons. One was the scope of the breach, with 143 million people put at risk. Another was their chief security officer being a music major with no known credentials in security.

A company of that size putting their trust in someone who had no credentials in the field is unfathomable. For patching to go undone for that long is also unfathomable, given that the patch that would have fixed the security hole had been available for months.

This could have been fixed with proper staffing. Getting the right people in the right positions is key in any organization, but in an organization that’s responsible for this much user data, it’s absolutely crucial. Make sure those key security positions are locked down.

2. Make Sure There’s Accountability In Place

When two-thirds of CEOs have organizational control over IT and 60 percent have control of the IT budget, the buck stops at the top desk.

Creating a culture of accountability starts at the top. You can’t get into a checklist mentality — once you’ve got your security checklists done, you still can’t rest. A properly-motivated staff looks for other ways to safeguard against things like zero day exploits and other possibilities that won’t show up on a checklist. Even if you’re trying to be GDPR-compliant, it will help — but there are things that won’t show up if that’s all you do.

[vc_single_image image=”30028″ img_size=”full” alignment=”center”]

Accountability starts with the C-suite. Are you empowering the right people to make decisions in the department? Giving them the budget they need? Holding them accountable for breaches and helping them create a better infrastructure?

As Ashley Leonard, CEO of Syxsense, told me in an email, “When it comes to an IT department, it’s important to give them the tools and people they need to do their job. Otherwise, when mistakes happen, the responsibility lies with the C-suite and not the people on the ground. Automatic solutions for patching, innovative employees that come up with possible vectors of invasion, pen testing … all those things go into creating a strategy that keeps your company safe.”

3. Educate Your Employees

This doesn’t just apply to IT. It’s important for every level of a company.

Kaspersky Labs notes that “The vast majority of data breaches are caused by stolen or weak credentials. If malicious actors have your username and password combination, they have an open door into your network. Because most people reuse passwords, cyber criminals can gain entrance to email, websites, bank accounts, and other sources of PII or financial information.”

Make sure you’re keeping your employees up to date with common phishing strategies and testing them periodically to make sure they’re on top of it. Rotate passwords frequently, even if they grumble. It’s important to make sure they don’t unwittingly open your network to attack, and that starts with proper education.

Phishing is one of the most common routes of attack for both personal identity theft and corporate data theft. It’s also getting harder to detect as groups start to use multiple redirects to obfuscate URLs. If you can stop at least the very common methods, you’ll be a lot safer.

4. Stop Data Breaches Before They Happen

Not every breach can be stopped, but it’s absolutely key that you do everything you can to keep them from happening. Data breaches are on the rise across the United States and the world. As more information makes its way onto the Internet, there are more and more ways for us to have our identities compromised and more companies that have our personal information to steal.

[vc_line_chart type=”line” x_values=”2005; 2006; 2007; 2008; 2009; 2010; 2011; 2012; 2013; 2014; 2015; 2016; 2017; 2018; 2019″ values=”%5B%7B%22title%22%3A%22Data%20Breaches%22%2C%22y_values%22%3A%22157%3B%20321%3B%20446%3B%20656%3B%20498%3B%20662%3B%20419%3B%20447%3B%20614%3B%20783%3B%20781%3B%201093%3B%201579%3B%201244%22%2C%22color%22%3A%22blue%22%7D%2C%7B%22title%22%3A%22Million%20Records%20Exposed%22%2C%22y_values%22%3A%2266.9%3B%2019.1%3B%20127.7%3B%2035.7%3B%20222.5%3B%2016.2%3B%2022.9%3B%2017.3%3B%2091.98%3B%2085.61%3B%20169.07%3B%2036.6%3B%20178.96%3B%20446.52%22%2C%22color%22%3A%22pink%22%7D%5D” title=”Annual Number of Data Breaches and Exposed Records in the United States (In Millions)”]

You can’t prevent every incursion, but what you can do is harden your perimeter. Make sure you’re not leaving holes in your security through negligence or starving your IT department of resources. Establish a culture of accountability, hire the right people, educate your employees, devote the proper resources to staying patched and secure, and you’ll be able to stop most attacks before they happen.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
[vc_btn title=”Get Started with Syxsense” color=”warning” size=”lg” align=”center” link=”url:%2Fsyxsense-trial|||”]
||

Malware: It’s Not If…It’s When

By NewsNo Comments

[vc_single_image image=”25760″ img_size=”full”]

An unfortunate fact for IT departments is that they will, at some point, face a malware crisis.

Here’s how addressing malware normally plays out.

At some point after the infection occurs, usually much later, it gets noticed. Whether by pure luck or through receiving a ransom notice, the IT department becomes aware of the crisis after it has already spread.

The IT team attempts to outrun the exploding crisis. To prevent further infection, they shut down every device. Then, one by one, they must be booted back on and cleaned of the infection.

It could take days, weeks, or even months, to get every device cleared of the malicious software. An enormous amount of money is lost to destroyed productivity and IT labor hours.

But there’s a new way to tackle a malware crisis.

How Syxsense Realtime Security Can Address Malware

Live data means being able to see processes and status in real time. Using the AI-powered personal assistant, an IT manager would simply ask ‘Is WannaCry running on my devices?’ The console would then show where any such process was running.

If the process is running on devices, the option to kill it is available. A process can be killed on a device by device basis or everywhere it’s running.

[vc_single_image image=”25454″ img_size=”full” alignment=”center” onclick=”link_image”]
[vc_single_image image=”25456″ img_size=”full” alignment=”center” onclick=”link_image”]
[vc_single_image image=”25455″ img_size=”full” alignment=”center” onclick=”link_image”]

But what if the malware changes its name to escape detection?

Realtime Security can still detect the process by MD5. It’s that simple; identify devices running the process, and then kill it with a button click. From there, an alert can be set so that if it somehow starts running again, you will know immediately.

Realtime Security means having live data that is secure, accurate, and actionable.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
|

Malware Tops Annual Cybercrime Report

By NewsNo Comments
[vc_single_image image=”25221″ img_size=”full”]

Europol Cybercrime Report 2018

According to Europol’s 2018 Internet Organised Crime Threat Assessment (IOCTA) report, ransomware is the top threat to organizations.

This report sites ransomware as the largest player in financially-motivated attacks. It also points out the increase in nation state cyber-attacks as a reason for ransomware’s continued leading threat level.

Distributed-Denial-of-Service (DDoS) attacks are still quite prevalent. These kinds of attacks were the second most frequent, just after malware, in 2017. It stands to reason that DDoS attacks will be a concern going forward as they are “becoming more accessible, low-cost, and low-risk.”

An emerging field is Cryptojacking. This is the act of using targeted users’ bandwidth to mine cryptocurrencies. These attacks can cripple an organization by dominating their internet bandwidth and device processing power.

How can your organization protect against these threats?

In the event of a cyberattack, authorities should be alerted. But companies should already have a comprehensive IT management solution in place. Maintaining a proper update strategy can mitigate the risk of exposure.

Syxsense has a diverse set of features that eases the burden of IT management. These features include Discovery, Inventory, Patch Management, Software Distribution, Reports, and more. As updates are released, the console will show which devices need updates.

From there, the patch manager can target those vulnerable devices and a task can be launched to deploy the needed patches. Learn more about securing your environment and start a trial with Syxsense.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]