On average, organizations take about 200 days to identify new ransomware threats. In combination with aging hardware, out of date software, poor network monitoring, and lack of professional IT assistance, this makes for quite the mess.
Hackers are less likely to attempt an attack against an automatically patched software or newly issued hardware. The reason being that vulnerabilities are lower and exploits for newly issued hardware most likely have not been found yet, or are already patched. Those that are behind in refreshing their technology are an easy target for attack.
Here are 5 best practices to follow to secure your network and avoid ransomware attacks.
Improve Network Hygiene – Automatic deployment of patches and updates, replace old or out of date firewalls, IPS, as well as ensure you are using a quality email spam filtering service to protect against phishing and malicious links and sites.
Defend Strategically rather than Haphazardly – It is recommended that organizations employ security as a big picture solution rather than single use. Integrated security is the best defense for networks as it reduces backdoor vulnerabilities and holes that might be exploited.
Reduce Detection Time – It would be ideal if your organization had the tools and professional aid to recognize an attack as soon as it occurred. But most organizations find themselves in the dark for weeks before an attack is detected. By measuring the time to detection, you vet that the systems in place are capable or not capable of delivering the fastest detection time. This ensures that your organization can respond to threats in real time, and prevent further attack.
Protect Users No Matter the Location – Ensure that you are protecting your users while they are on the company network and when they are not. Good password manager software and VPN tunnels are key to keeping to a good security practice. It is also important that you communicate with your users the importance of cyber security and illustrate good habits.
Routinely Test Backups – Confirm that your backups are healthy and current. Test that they are free from compromise. If you are hacked, you will want to have backups that are ready to go.
If you are interested in reading the original article, or would like to educate yourself in more detail about the information presented in this blog post, please visit: https://newsroom.cisco.com
Four-star hotel and ski-resort in Australia paid a reported $1,600 ransom to regain control of its computer system during a fully booked weekend. The systems were kicked offline which temporarily interfered with room keys and guest check in among other things. This ransom marks the third attack on the hotel system, but the first time full control was taken. This may be why the hotel opted to pay the bitcoin rather than mess with the situation any further. Rather than risk losing revenue and fully restricting guests from checking in or out of their rooms the hotel worked with the hackers. Cheaper and faster said the hotel representative.
“Neither police nor insurance help you in this case,” Brandstaetter lamented to The Local. “The restoration of our system after the first attack in summer has cost us several thousand euros. We did not get any money from the insurance so far because none of those to blame could be found.” – PCmag
This is not the first time that a company has had to make the difficult decision whether or not to pay the bitcoin and risk losing that money as well as their data, or not paying the bitcoin, and risk total lockout of the system. IBM Security ran a study that found 70 percent of businesses attacked and infected with ransomware have paid the dollar to regain access to their systems and or data.
If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.pcmag.com
Microsoft freaked out many tech pros, announcing that February patches would be delayed till Tuesday, March 14th, because of a “last minute issue”.
Tech professionals often plan such patching schedules and prefer to know in advance when major vendors are set to release the next patch, since they are most likely deploying these across thousands of workstations and servers.
February was also the first month that Microsoft was set to publish information on patches and vulnerabilities on the new Security Updates Guide portal (rather than in Security Bulletins) but that will have to wait till March.
Many were expecting a remedy for the unpatched Windows SMB bug as well in the February update bundle.
Word on the street is that Microsoft was having trouble with its patch build system. Microsoft has been very hush hush about the reason for the delay.
If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.zdnet.com
Windows as a service means less control for IT professionals. Faster upgrade cycles, single rollup patching, and no more service packs.
Aggressive upgrade cycles means that you can no longer deploy a version of windows and stick with it for 5 or 7 years. The upgrade cycle has shortened dramatically to about 18 months. Now feature updates can be deferred but only for a certain amount of time, and never refused entirely.
Windows 10 Pro was released in February 2016, six months later the Anniversary update (version 1607) was released to the Current Branch (CB) and in November 2016 to the Current Branch for Business (CBB). Business versions are able to defer updates for eight months. Therefore, not even a year and a half later in July 2017, you will be forced to upgrade to version 1607 or later.
The version 1607 tightens the group policy timeline down from eight months to 180 days, with a 60 day grace period at the end. It is expected that businesses will have to upgrade each PC in their organization once a year, which can be difficult for those small business without IT staff, since upgrades often break the functionality with third party applications.
It use to be that patches could be selected, rather than with the new upgrade model that rolls all patches into one. This essentially is forcing the PC to the same base configuration as needed for the new rollup. IT professionals can no longer pick and choose, and uninstall problematic updates. The only option is to delay the update a number of weeks until the next rollup. But this also means delaying critical security fixes as well.
No more service packs means that rolling back an OEM device to factory configuration entails getting it to the latest feature update then installing another large update to get it to current.
If you would like to educate yourself in more detail about the information presented in this blog post, or to view the original content please visit: www.zdnet.com
New Android Trojan virus reported by Kaspersky Lab, that goes by the name, Switcher.
Switcher Trojan infects wifi routers through an infected Android, where an attacker can then reroute other users on the network to malicious sites. This is through brute force attacks against the admin interface of the router – using a predetermined list of password/login combos. The DNS servers are then replaced with both an active and backup server of the hacker. This allows for a multitude of potential infections, since every DNS query is directed to a network controlled by the attacker.
Kaspersky Lab researchers explained that “the ability of the Switcher Trojan to hijack [DNS] gives the attackers almost complete control over network activity which uses the name-resolving system … the approach works because wireless routers generally reconfigure the DNS settings of all devices on the network to their own – thereby forcing everyone to use the same rogue DNS.” – www.techgenix.com
Attacks primarily in china and proven track record predicts that the attacks will certainly spread across locations. This is the first Android malware that has been used to attack routers in this manner.
At the moment it is advised that admins and users alike should be on the look out for the following rogue DNS servers:
“A successful attack can be hard to detect and even harder to shift: the new settings can survive a router reboot, and even if the rogue DNS is disabled, the secondary DNS server is on hand to carry on,” says Kaspersky Lab cybersecurity researcher Nikita Buchka. – www.zdnet.com
If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.techgenix.com
What is a VPN? A virtual private network creates a secure tunnel between two sites via the Internet to protect your privacy. This is usually a paid service to ensure web browsing is secure and private while using public wifi or less secure wifi networks.
What happens? Your PC connects to a VPN server, and then your web traffic passes back and forth through that server. This VPN server can be located anywhere in the world whether it be the United States or Thailand. Therefore when you are surfing the web, those websites you are visiting see you as browsing from that VPN server’s geographical location, not where your laptop is really located.
Why is that important? When you are hanging out on your laptop in a public space such as a coffee shop, perusing Amazon for some deals, hackers are far less likely to be able to steal your login credentials, your credit card information, email address, or direct you to a fake banking site or other spoof. Even your internet service provider will have a hard time trying to snoop on what websites you are visiting.
Free services are offered, but they are slow with considerably less bandwidth, so pay the $5 a month and get a service of quality. Ask questions such as what kind of logging does the VPN provider do? How long do they keep information about your VPN sessions? Are they going to be recording the IP addresses you use? Answers to these questions should be taken into consideration based on how much privacy you want and need.
If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.networkworld.com
Atlanta based company KwikVR is confident they can deliver a wireless VR headset device that is capable with both the HTC Vive and the Oculus Rift.
The device is less than a pound and is attached to your belt. It features two USB ports and an HDMI port. The company reports that the device delivers low latency and “guaranteed native resolution”. It also delivers 5GHz Wi-Fi connectivity.
Price of the device has not yet been released. The Vive-compatible TPCast sells for around $220 a pop, so it is predicted that KwikVR could be priced similar. The KwikVR could stir up additional buzz since the TPCast is currently only available in China.
If you would like to educate yourself in more detail about the material presented in this blog post please visit the source : www.mashable.com
Researchers from German security company, Security Research Labs, recently revealed the poor security behind the current travel booking systems. Three of the largest Global Distributed Systems (GDS) handling flight reservations for worldwide travel are Amadeus, Sabre, and Travelport. These three systems handle 90 percent of flight reservations.
The poor security stems from these systems originating in the 70’s and 80’s and never being rebuilt, but rather integrated with the more modern web infrastructure of today.
Each traveler on a GDS is identified by a six-digit code that also serves as the booking code. This code houses all traveler information from home address, email address, phone numbers, credit card information, frequent flyer number and even the IP address used to make the booking online! This ID is printed on boarding passes and luggage tags.
A specific ID is not needed to find valid traveler information and airline websites and GDS do not limit the amount of times you can check for codes. This gives hackers the window to use brute force approach to finding valid codes for use.
Researchers explain that it is possible for a hacker to steal your flight by changing the flight information without your knowledge or canceling it and receiving a voucher, just from your ID printed on your luggage tag. A hacker could also take frequent flyer miles, or use the knowledge that you are on vacation for a potential phishing attack.
If you would like to educate yourself in more detail about the information presented in this post please visit: www.pcmag.com
First Optane storage announced at CES in the low form of 16 GB and 32GB units to be used as cache, not primarily storage. It is anticipated that Optanes will gradually grow in densities and capacities over the next few years.
3D Xpoint is the technology that bases Optane. Memory cells sit in three-dimensional mesh. Intel and Micron cooperated together on the development of the technology. The first 16G and 32 GB storage will work only on PCs with Kaby Lake chips. New Optanes are exclusive to Kaby Lake and will not on PCs with older Intel chips like Skylake or Broadwell or on PCs with AMD chips.
Intel will eventually ship large-capacity Optane SSDs, replacing conventional SSDs and DRAM. Optane will also ship as a DRAM replacement that could plug into DIMM slots. Optane memory will be denser and retain data in comparison to DRAM, which deletes data once a PC is turned off. Intel claims Optane could be up to 10 times faster than conventional SSDs, making gaming, PC booting and productivity applications much much faster. However, no real world tests have been completed as of yet.
The large-capacity Optane SSDs will most likely be installed in servers before coming PCs. Facebook and IBM are already testing large-capacity SSDs in servers. Low-capacity Optane storage will ship in the second quarter of this year. The storage will initially go into sockets on motherboards. Eventually large capacity Optane storage will plug into m.2 slots or 2.5-inch slots.
3 Laptops that will have Optane
Lenovo’s ThinkPad T570 $909. Will have optional 16 GB PCle M.2 2242-S3 and is available in March even if Optane comes later.
HP’s new and improved Envy Curved All-in-One 34 with Kaby Lake. Will get Optane when updated in spring, and that is all the details we get.
Dell plans to install Optane in some of its Precision laptops and OptiPlex desktops around June. Intel’s new “tall” NUC systems — the NUC7i3BNH with 7th Generation Core i3, NUC7i5BNH with Core i5, and the NUC7i7BNH with Core i7 — will support Optane.
If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.computerworld.com
Have you been getting random calendar invitations from unfamiliar sources about events you have never heard of before? It seems we are not the only ones. Most of the calendar invitations seem to be coming from email accounts from other countries, promising deals on brand name products such as Ray-Bans.
This is just another type of phishing scam. Do not accept or decline calendar invitations from unknown senders. If possible, try not to open the invitation at all, and if you do open the invitation, do not click any links that may be attached. From what we know about email phishing and malware, this is most likely an attempt at retrieving personal information from your device.
Apple is in the process of blocking the suspicious email addresses and hopefully putting a quick end to the unknown invitations. In the meantime, you can do a few things to protect yourself. Firstly, do not decline the invitations, this only alerts the sender of an active email account, and will most likely lead to even more invitations. Go into your calendar settings and change invitations to be sent via email rather than device iPhone notifications. Finally you can create a junk calendar, purely for these spam invitations. These are temporary alternatives while we wait for Apple to block the email addresses and secure the problem. If you would like to create an alternative calendar for these invitations, which is the best way to protect yourself at the moment, click here.
If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.mashable.com