On average, organizations take about 200 days to identify new ransomware threats. In combination with aging hardware, out of date software, poor network monitoring, and lack of professional IT assistance, this makes for quite the mess.
Hackers are less likely to attempt an attack against an automatically patched software or newly issued hardware. The reason being that vulnerabilities are lower and exploits for newly issued hardware most likely have not been found yet, or are already patched. Those that are behind in refreshing their technology are an easy target for attack.
Here are 5 best practices to follow to secure your network and avoid ransomware attacks.
Improve Network Hygiene – Automatic deployment of patches and updates, replace old or out of date firewalls, IPS, as well as ensure you are using a quality email spam filtering service to protect against phishing and malicious links and sites.
Defend Strategically rather than Haphazardly – It is recommended that organizations employ security as a big picture solution rather than single use. Integrated security is the best defense for networks as it reduces backdoor vulnerabilities and holes that might be exploited.
Reduce Detection Time – It would be ideal if your organization had the tools and professional aid to recognize an attack as soon as it occurred. But most organizations find themselves in the dark for weeks before an attack is detected. By measuring the time to detection, you vet that the systems in place are capable or not capable of delivering the fastest detection time. This ensures that your organization can respond to threats in real time, and prevent further attack.
Protect Users No Matter the Location – Ensure that you are protecting your users while they are on the company network and when they are not. Good password manager software and VPN tunnels are key to keeping to a good security practice. It is also important that you communicate with your users the importance of cyber security and illustrate good habits.
Routinely Test Backups – Confirm that your backups are healthy and current. Test that they are free from compromise. If you are hacked, you will want to have backups that are ready to go.
If you are interested in reading the original article, or would like to educate yourself in more detail about the information presented in this blog post, please visit: https://newsroom.cisco.com
What is a VPN? A virtual private network creates a secure tunnel between two sites via the Internet to protect your privacy. This is usually a paid service to ensure web browsing is secure and private while using public wifi or less secure wifi networks.
What happens? Your PC connects to a VPN server, and then your web traffic passes back and forth through that server. This VPN server can be located anywhere in the world whether it be the United States or Thailand. Therefore when you are surfing the web, those websites you are visiting see you as browsing from that VPN server’s geographical location, not where your laptop is really located.
Why is that important? When you are hanging out on your laptop in a public space such as a coffee shop, perusing Amazon for some deals, hackers are far less likely to be able to steal your login credentials, your credit card information, email address, or direct you to a fake banking site or other spoof. Even your internet service provider will have a hard time trying to snoop on what websites you are visiting.
Free services are offered, but they are slow with considerably less bandwidth, so pay the $5 a month and get a service of quality. Ask questions such as what kind of logging does the VPN provider do? How long do they keep information about your VPN sessions? Are they going to be recording the IP addresses you use? Answers to these questions should be taken into consideration based on how much privacy you want and need.
If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.networkworld.com
Researchers from German security company, Security Research Labs, recently revealed the poor security behind the current travel booking systems. Three of the largest Global Distributed Systems (GDS) handling flight reservations for worldwide travel are Amadeus, Sabre, and Travelport. These three systems handle 90 percent of flight reservations.
The poor security stems from these systems originating in the 70’s and 80’s and never being rebuilt, but rather integrated with the more modern web infrastructure of today.
Each traveler on a GDS is identified by a six-digit code that also serves as the booking code. This code houses all traveler information from home address, email address, phone numbers, credit card information, frequent flyer number and even the IP address used to make the booking online! This ID is printed on boarding passes and luggage tags.
A specific ID is not needed to find valid traveler information and airline websites and GDS do not limit the amount of times you can check for codes. This gives hackers the window to use brute force approach to finding valid codes for use.
Researchers explain that it is possible for a hacker to steal your flight by changing the flight information without your knowledge or canceling it and receiving a voucher, just from your ID printed on your luggage tag. A hacker could also take frequent flyer miles, or use the knowledge that you are on vacation for a potential phishing attack.
If you would like to educate yourself in more detail about the information presented in this post please visit: www.pcmag.com
Now that holiday shopping is upon us, security researchers are handing out advice on how to protect yourself and your information from cyber hacking. More and more shoppers use their smartphones while they are shopping, to compare prices and deals at other stores or online. Reports by RiskIQ, an enterprise security firm, estimates that 30 percent of Cyber Monday and Black Friday shopping will be done on a mobile device.
Cyber criminals are well aware that shoppers are relying heavily on their smartphones this holiday season. Noticing that many consumers often connect to free wifi hotspots while shopping, hackers have taken to setting up fake wifi zones to entice people into connecting. Consumers may see a wifi network available named “Macysfreewifi” and connect without even second guessing – often times the store isn’t even in the mall! If you see a wifi network labeled with a store name that is nowhere nearby, do not connect. The same goes for wifi networks set up with the word “free”, often these are bogus as well. Hackers will also monitor communications over legitimate networks that are poorly secured and not properly configured, but this is a more difficult process than getting an unsuspecting shopper to connect to a malicious network.
Hackers are also known to repackage legitimate applications so that the fake application they create looks almost identical to the real thing, in the hopes you will choose theirs instead. Sometimes hackers will create a completely fake application from scratch, such as “Amazon Rewards” that does not exist in the official app stores. Many times these fake apps will promise rewards or points for downloading. The fake Amazon Rewards app was found to be a trojan, spread by using fake Amazon vouchers and a link to a fake website sent via SMS text messages. The fake app even accesses the user’s contacts to send the vouchers to more mobile phones without permission.
This is not the first fake application, and it most certainly will not be the last. RiskIQ found 1 million applications that have been blacklisted for using brand names in the title or description of the application to trick consumers. The only real way to avoid such applications is to go directly to official application stores such as Google Play and Apple App Store to download applications.
Things To Remember:
Download applications only from official app stores
Beware of apps that ask for permissions to contacts, text messages, stored password or credit card information
Question applications that have rave reviews, they are easy to forge
If you do not understand the warning on your device, do not click continue
Update your device to the most current operating system
Disconnect from the network if your phone begins to act up or crash
If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.computerworld.com
Two Factor Authentication, or 2FA, takes a combination of generally accepted forms of authentication to further secure your login to big sites and applications such as Facebook, Microsoft, Google, Apple iCloud and others. This is an extra layer of protection that utilizes something you know such as a password, and something only you has, such as a cell phone or fingerprint. This is not necessarily a new idea, many of us use this everyday when making purchases with a credit card and asked to enter a zip code for verification.
There are 3 generally accepted factors of authentication:
Something you know – such as a password
Something you have – such as a hardware token like a cell phone
Something you are – such as your fingerprint
Two Factor Authentication takes two of the above in order to secure your log in. Such that if you have 2FA enabled on Facebook for instance, when you attempt to log into Facebook on a new device or browser you will be asked to confirm this log in with a second form of authentication which can be any of the three described above.
This form of authenticating is especially advised for sites and applications that house your personal information, credit cards, location information, are tied to other accounts, and could otherwise affect your personal life such as email, social media – the list is endless!
A few big names have taken head to this advice by employing 2FA, although the process is not entirely seamless, great strides have been taken to make using 2FA as easy as possible. Look for 2FA on your favorite big name sites and applications.
Set up Google 2FA here
Set up Apple 2FA here
Set up Microsoft 2FA here
If you would like to educate yourself in more detail about the information presented in this blog post please visit :
The three best practices to avoid mobile malware is to use an official app store, resist temptation to jailbreak your device, and keep updates current. Apple and Google app stores remain the most vigilant about mobile malware concerns. Google uses Verify Apps that runs in the background of modern Android systems to scan for spyware, ransomware, and fraudulent apps. The company also checks mobile apps that are submitted to the Google Play Store. Less than one out of every 10,000 devices that only downloads from the Google Play Store has a program in the malicious category.
Jailbreaking your device undermines much of the already pre-installed security on the phone. In addition to this, the ability to restrict applications from accessing personal data on the phone as well as validate applications is disabled. Basically, if you jailbreak your device you better have a pretty good understanding of technology, because you just became the sole provider of security for that device.
This may be a surprise to most, but vulnerabilities actually do not increase the likelihood on malware on mobile devices. Symantec’s Internet Security Threat Report released Apple iOS had nearly 8 times as many vulnerabilities as Android in 2014, but near all malware for that year were targeted at Android devices.
The reliance and increased functionality of mobile devices leads developers to push out updates and bug fixes as fast as possible. Users should pay attention to this and keep their applications and software updates current. Android users often wait to update because of the lengthy process involved, but the benefits usually out whey this inconvenience, especially considering Android devices are most susceptible for malware.
If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.pcworld.com
Cisco has released reports that a high priority security hole in its IOS software could have allowed hackers access to memory contents, and therefore confidential information, from more than one product in their lineup.
Cisco has pinpointed cause of the vulnerability to “insufficient condition checks in the part of the code that handles [Internet Key Exchange] IKEv1 security negotiation requests. An attacker could exploit this vulnerability by sending a crafted IKEv1 packet to an affected device configured to accept IKEv1 security negotiation requests.”
IKEv1 is used in VPN applications such as LAN-to-LAN VPN, remote access VPN, Dynamic Multipoint VPN, and Group Doman of Interpretation. To address the vulnerability Cisco plans to release software updates and currently there is no workaround available.
The list of Cisco products is as follows:
Cisco IOS XR Software versions 4.3.x through 5.2.x. are affected
Cisco IOS XR Software released 5.3.x and newer are not affected
PIX versions 6.x and prior are affected
PIX versions 7.0 and after are unaffected
Back in August Cisco was alerted to information posted on the internet that had been exploited from firewall products from multiple vendors. The potential for exploitation of Cisco PIX firewalls was considered, and Cisco began an investigation into reports of the “BENIGNCERTAIN” exploit.
If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.networkworld.com
Strider hackers reference the all-seeing eye of Sauron in their ‘nation-state level’ malware, which has been used to steal files from organisations across the globe. Unknown hacker group, ‘Strider’, has just been discovered by cyber-security researchers at Symantec. Strider hackers are referencing the all-seeing eye of Sauron in the groups ‘nation-state level’ malware in use currently to steal files from organisations all over the world. Apparently the group has aimed their malware at those that would be of potential interest to a nation state’s intelligence services. The Remsec malware is mainly targeting organisations in Russia, however the group has infected airline systems in China, an embassy in Belgium, and a large organisation in Sweden, who’s name could not be confirmed. The malware in use is designed to infect a system and open a backdoor where it logs keystrokes and steals files.
The malware has been in operation since October 2011, but avoided detection by the majority of antivirus systems for nearly five years. Only 36 infections have been reported in these five years, but the nature and capability of the malware in terms of stealth and detection is rather unsettling. Components that make up Remsec are built as “BLOBs”, which stands for Binary Large Object, collections of binary data which are often difficult for antivirus security software to detect. The malware is deployed across a network rather than stored on a disk, which makes it increasingly had to detect.
A deeper look in the modules of the malware found the modules are written in the Lua programming language. This embedded scripting language is used to perform various functions and processes. In the case of Remsec, these functions include key logging and the code that contains references to the all-seeing eye of Sauron from the Lord of the Rings. The use of Lua modules leads security researchers to believe that Strider may have connections to the Flamer hacking group, known for using this type of programming in it’s malware. Another lead could be the connection the the infamous Regin malware. One of the victims of the Remsec malware had also been the victim of Regin malware. That poor machine!
The nature of the malware, combined with the coding and programming, leads security researcher to believe that the Strider group are highly proficient technically in the development of malicious software, and very well could escalate to a nation-state level attacker.
If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.zdnet.com
May it be mobile device management (MDM) software or the integration of MDM as a part of enterprise mobility management (EMM) two goals remain : protecting company data and optimizing technology for your company’s needs. Here are 7 Essentials to you mobile device management deployment.
- Square One – When it comes to technology it is nearly impossible to create a 5 year plan that even stands a chance. Technology just moves too quickly. Rather you need to constantly evaluate your information technology strategy for the needs and goals of your business. Instead of pinpointing one item in particular and getting bogged down by the details, such as mobile integration, think about how mobile integration can help aid your business goals. And if you can’t get the answer to that question on your own, enlist the help of a trusted Information technology company to help you see the light at the end of your businesses tunnel.
- All Aboard – All relevant departments should be represented in strategy sessions, so that all departments can be supported with a unified strategy whether that be for mobile, desktop, applications, web interfaces. Each department will have their own specific concerns and needs which can be better mitigated with a unified discussion and plan. This does not mean you have to enforce a plan that fits all, but rather a plan that brings all together on a similar page, the plan itself can be tailored to fit the needs of each employee or department, depending on user roles and requirements. For example, accounting and sales. Each will deal with different daily tasks, but can share the need of a digital interface to make such daily tasks easier and more efficient. Each department will most certainly use different applications and software, but the mitigation and support for each should be a unified plan.
- Put it in Writing – A compliance policy document is the easiest was to eliminate uncertainty and educate the members of your organization. Make sure to spell out eligibility, supported devices, as well as user rules and responsibilities. These can include but as not limited to, reporting a broken, lost, or stolen device, performing regular system and application upgrades. It is extremely important to relay to employees that information technology responsibility is shared between the organization and the members of that organization. This is also a great place to educate your staff on secure practices to keep company data secure.
- Teach Your Team – This may seem obvious, but do not roll out a bunch of brand new software without teaching your people how to navigate responsibly. This means taking the time to establish security compliance in combination with procedures and training. Stress the importance of separating personal and company data as well as regular back ups. If a configured network-attached storage (NAS) is in your company plan for cloud storage, teach your members how to use the cloud rather than Dropbox. If employees are working around secure procedures, it is important to find out why, what interface is causing trouble so much so that employees are avoiding company policy. Then proceed to fix this problem.
- Be Well Supported – Trying to support every users on every device brings chaos. Roll out with a limited program with a subset of employees and devices and if you do it right, you should be able to scale to a larger population. Another smart idea is to limit the applications on your mobiles, you can set up you own in house app store for your company’s mobile devices that allows you to pick and choose which third-party applications are available. This should help manage security on all devices, as malware is increasingly present in applications.
- Find the Right User Experience – The size of your business is a large factor in how much you will be able to provide and control. Perhaps your small business does not have the resources to set up an in house app store. this should not stop you from find security means to protect your company. You can create your own website with a responsively designed user experience for assorted small screens. You can also convert browser-based apps to native ones.
- Who, What, Where are still Important – Mobile device management platforms offer geofencing capability that adds a new dimension to mobile security, by automatically taking action or requiring a different level of sign-on security if a device is taken further than a set distance form the company headquarters. You can even restrict operations this way.
The key to viable mobile device management is to develop a unified plan that can be presented to members in a way that explains their responsibility to the protection of company data. As always, a good IT company is your best friend for safe and secure management of multiple devices.
If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.pcmag.com
Many of us use Dropbox for it’s ease of use and accessibility, which is all the more reason to make it extra safe. One-factor authentication is no longer enough to protect against hacking due to incredibly weak passwords, (we are all guilty of this one). Two-step verification requires you to enter both your password and a security code sent to your mobile phone. This is by far one of the easiest ways to beef up your Dropbox security. To enable two-step verification, simply log into your Dropbox account and click your username in the upper-right corner of your Dropbox window. From here you should be able to find Settings from the menu. Click the Security tab, then click Enable under two-step verification.
Another way to ensure security is to unlink old devices. Dropbox has the wonderful ability to span across multiple devices, which can also create a security vulnerability if not cleaned up every so often. You’d be surprised how many old devices end up linked to your account after a few years. Find the Security tab as you did when accessing two-step verification, and scroll down the menu to “Devices“. This will show you a list of all the devices that have access to your Dropbox, complete with the date of their most recent Dropbox activity. Go through the list and unlink the devices you no longer use or need by clicking the X to the right of the device name.
Managing application access aids in narrowing the amount of third-party applications that require full access to your account. An app will retain the full access you originally gave it even if you barely use the app anymore. This is also true for applications that the developer has stopped supporting. This creates a very easy window of opportunity for hackers, with a very easy solution. Prevent future security flaws by revoking access of applications you no longer use. Return to the Security tab, and find Apps Linked in the drop-down menu. A list will appear with all of the applications you have authorized to access your Dropbox account. Same as with devices, click the X to the right of the application to remove the app from having access to your account.
If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.pcworld.com