main

Cloud SecuritySecurity

Evolving Cyberthreats: Enhance Your IT Security Mechanisms

November 28, 2018 — by Fabio Palozza0

cyber-960x720.jpg

For years, cybersecurity professionals across the globe have been highly alarmed by threats appearing in the form of malware, including Trojans, viruses, worms, and spear phishing attacks. And this year was no different. 2018 witnessed its fair share of attacks, including some new trends: credential theft emerged as a major concern, and although ransomware remains a major player in the cyberthreat landscape, we have observed a sharp decline in insider threats.

This especially holds true for the UK and Germany, which are now under the jurisdiction of the General Data Protection Regulation (GDPR). However, in the U.S., insider threats are on the rise, from 72% in 2017 to an alarming 80% in 2018.

The Value of Data Backups

When WannaCry was launched in May 2017, it caused damages worth hundreds of billions of dollars, affecting 300,000 computers in 150 nations within just a few days. According to a CyberEdge Group report, 55% of organizations around the world were victimized by ransomware in 2017; nearly 87% chose not to pay the ransom and were able to retrieve their data thanks to offline data-backup systems. Among the organizations that had no option other than paying the ransom, only half could retrieve their data.

What does this teach us? That offline data backups are a practical solution to safeguard businesses against ransomware attacks. Luckily, highly efficient and practical cloud-based backup solutions have been introduced in the market, which can help businesses adopt appropriate proactive measures to maintain data security.

[You may also like: SMB Vulnerabilities – WannaCry, Adylkuzz and SambaCry]

Security Concerns Give Way to Opportunities

However, there are concerns with regards to cloud security, as well with data privacy and data confidentiality maintenance. For instance, apprehensions regarding access control, constant and efficient threat-monitoring, risk assessment, and maintenance of regulatory compliance inhibit the holistic implementation of cloud solutions.

But while these concerns act as impediments for companies, they also serve as opportunities for security vendors to step into the scene and develop richer and more effective solutions.

And, make no mistake, there is a definite need for better solutions. According to Verizon’s 2015 Data Breach Investigations Report, even after the Common Vulnerabilities and Exposures (CVE) was published, 99.9% of exploited vulnerabilities went on to be compromised for more than a year, despite the availability of patches.

Why? Despite IT security experts’ insistence on regularly monitoring and patching vulnerabilities in a timely manner, doing so has its challenges; patching involves taking systems offline, which, in turn, affects employee productivity and company revenue. Some organizations even fail to implement patching due to lack of qualified staff. Indeed, more than 83% of companies report experiencing patching challenges.

[You may also like: The Evolving Network Security Environment – Can You Protect Your Customers in a 5G Universe?]

This is all to say, today’s dearth of effective patch and vulnerability management platforms provides opportunities for vendors to explore these fields and deliver cutting-edge solutions. And with IT security budgets healthier than ever, there’s a glimmer of hope that businesses will indeed invest in these solutions.

Let’s see what 2019 brings.

Read “Radware’s 2018 Web Application Security Report” to learn more.

Download Now

Attack Types & VectorsSecurity

The Origin of Ransomware and Its Impact on Businesses

October 4, 2018 — by Fabio Palozza4

origin_of_ransomware_and_business_impacts-960x641.jpg

In previous articles we’ve mentioned how Ransomware has wreaked havoc, invading systems and putting organizations’ reputation and stability at stake. In this article, we’ll start with the basics and describe what ransomware is and how it is used by cybercriminals to attack tens of thousands of systems by taking advantage of system-vulnerabilities.

[You might also like: Top Cryptomining Malware. Top Ransomware]

Ransomware is defined as a form of malicious software that is designed to restrict users from accessing their computers or files stored on computers till they pay a ransom to cybercriminals. Ransomware typically operates via the crypto virology mechanism, using symmetric as well as asymmetric encryption to prevent users from performing managed file transfer or accessing particular files or directories. Cybercriminals use ransomware to lock files from being used assuming that those files have extremely crucial information stored in them and the users are compelled to pay the ransom in order to regain access.

The History

It’s been said that Ransomware was introduced as an AIDS Trojan in 1989 when Harvard-educated biologist Joseph L. Popp sent 20,000 compromised diskettes named “AIDS Information – Introductory Diskettes” to attendees of the internal AIDS conference organized by the World Health Organization. The Trojan worked by encrypting the file names on the customers’ computer and hiding directories. The victims were asked to pay $189 to PC Cyborg Corp. at a mailbox in Panama.

From 2006 and on, cybercriminals have become more active and started using asymmetric RSA encryption. They launched the Archiveus Trojan that encrypted the files of the My Documents directory. Victims were promised access to the 30-digit password only if they decided to purchase from an online pharmacy.

After 2012, ransomware started spreading worldwide, infecting systems and transforming into more sophisticated forms to promote easier attack delivery as the years rolled by. In Q3, about 60,000 new ransomware was discovered, which doubled to over 200,000 in Q3 of 2012.

The first version of CryptoLocker appeared in September 2013 and the first copycat software called Locker was introduced in December of that year.

Ransomware has been creatively defined by the U.S. Department of Justice as a new model of cybercrime with a potential to cause impacts on a global scale. Stats indicate that the use of ransomware is on a steady rise and according to Veeam, businesses had to pay $11.7 on average in 2017 due to ransomware attacks. Alarmingly, the annual ransomware-induced costs, including the ransom and the damages caused by ransomware attacks, are most likely to shoot beyond $11.5 billion by 2019.

The Business Impacts can be worrisome

Ransomware can cause tremendous impacts that can disrupt business operations and lead to data loss. The impacts of ransomware attacks include:

  • Loss or destruction of crucial information
  • Business downtime
  • Productivity loss
  • Business disruption in the post-attack period
  • Damage of hostage systems, data, and files
  • Loss of reputation of the victimized company

You will be surprised to know that apart from the ransom, the cost of downtime due to restricted system access can bring major consequences. As a matter of fact, losses due to downtime may cost tens of thousands of dollars daily.

As ransomware continues to become more and more widespread, companies will need to revise their annual cybersecurity goals and focus on the appropriate implementation of ransomware resilience and recovery plans and commit adequate funds for cybersecurity resources in their IT budgets.

Read “Consumer Sentiments: Cybersecurity, Personal Data and The Impact on Customer Loyalty” to learn more.

Download Now

Attack MitigationAttack Types & VectorsSecurity

Top Cryptomining Malware. Top Ransomware.

August 21, 2018 — by Fabio Palozza2

cryptocurrencies_malware_cryptomining_ransomware-960x640.jpg

In 2018, cryptominers have emerged as the leading attack vector used by cybercriminals to gain access into others systems. Cryptominers are getting advanced makeovers by cybercriminals doing their best to develop innovative cryptominers with ground-breaking capabilities. The recently-discovered cryptominers are not only known for their advanced features, but also for their capabilities to attack a wide range of systems including cloud-based platforms, mobile devices, industrial IT-infrastructure, and servers.

It’s not surprising that cybercriminals have started targeting cloud infrastructures which are based on rich classes of strong computing resources and companies that use cloud platforms to store confidential information. Two of the most striking data breaches that we witnessed this past year were the Monero-miner attack on Tesla’s cloud servers and the data-leak incident that affected FedEx customers.

[You Might Also Like: Malicious Cryptocurrency Mining: The Road Ahead]

Top Cryptomining Malware That Is Dominating the Cybercrime Scene in 2018

The most popular web-based Monero currency miner, Coinhive, undoubtedly occupies the first spot regionally and globally with 25 percent of the companies being affected. With the introduction of Coinhive’s JavaScript mining code in September 2017, the code has been incorporated into thousands of websites allowing cybercriminals to capitalize on visitors’ computing resources. Additionally, the code can be used as substitutes for online advertisements that cybercriminals use to lure visitors to click malicious links. In 2018, threat actors have delivered Coinhive in innovative ways through Google’s DoubleClick service and Facebook Messenger, with code embedded in websites or by hiding code inside YouTube ads. Along with Coinhive, other miners, including Jesscoin and Cryptoloot, have been dominating the malicious cryptomining landscape this year, affecting almost 40 percent of businesses and consumers across the globe.

[You Might Also Like: Raising the Bar for Ethical Cryptocurrency Mining]

RIG Exploit Kit is increasingly being used by cybercriminals to capitalize on system vulnerabilities both regionally and globally. RIG Exploit kits typically work by redirecting people to a landing page that features an embedded JavaScript, the main purpose of which is to identify security flaws in the browser. Cybercriminals use RIG kits to deliver exploits for Internet Explorer, Java, Flash, and Silverlight.  RIG Exploit kits ruled the cybercrime scene in the first half of 2018, moving payloads such as cryptominers and Smoke Loader down the ranking.

XMRig, which is an open-source application for CPU-mining, occupies the third spot across all regions in the United States. The XMrig mining code, which gained popularity in early 2018, has been widely used by a number of crypto-strains, including RubyMiner which is specifically designed to target unpatched Linus servers and Windows. According to Check Point, cybercriminals targeted 30 percent of all business networks to utilize server capacities to support their mining operations.

When it comes to ransomware, Locky, which was first introduced in 2016, occupies the first spot in regional and global lists. Wannacry, which came into the scene in 2017 and made its way to thousands of systems continues to hold a high rank this year.

Read “Consumer Sentiments: Cybersecurity, Personal Data and The Impact on Customer Loyalty” to learn more.

Download Now

Attack Types & VectorsSecurity

Malicious Cryptocurrency Mining: The Road Ahead

August 14, 2018 — by Fabio Palozza0

crypto-part-6-960x640.jpg

As cryptomining continues to rule the cybercrime scenario, cybercriminals are designing innovative ways to drain people’s cryptowallets. Scammers are still doing their best to make the most out of their resources to launch leading-edge scam attempts. The increase in scams is mainly attributed to the failure in implementing appropriate fraud protection measures and unfortunately, popular cryptomining platforms including Coinbase and Bitcoin lack the necessary security features that they need to prevent fraudulent cryptomining activities.

Security

Drive-By Cryptomining: Another Way Cyber-Criminals Are Trying to Evade Detection

August 1, 2018 — by Fabio Palozza0

drive-by-cryptomining-960x640.jpg

By the end of the last year, we saw a drastic rise in drive-by cryptocurrency mining activities and it is quite alarming to note that cyber-criminals are getting smarter and smarter day-by-day at avoiding detection. Interestingly, cyber-criminals can deploy drive-by cryptocurrency mining to target a much wider audience compared to what they would typically achieve by delivering malware-based miners to machines.

Attack Types & VectorsSecurity

Accessing Your Crypto Wallet Through Android Devices?

July 10, 2018 — by Fabio Palozza0

crypto-wallet-960x320.jpg

Android platforms are commonly characterized by the presence of Trojan-infected apps that have built-in cryptocurrency mining codes, which means that mobile users are highly susceptible to malicious cryptocurrency mining attacks. It is quite alarming to note that cyber criminals deploy malicious APKs that are delivered through SMS spam and cryptocurrency miners into people’s mobile devices and the modus operandi is similar to that of Windows malware. In fact, attackers find it quite easy to add miners to apps that are already malicious. For example, cyber criminals could easily add miners on apps that were infected with the Loapi Trojan, an SMS Trojan that could deliver ads. Loapi caused a high degree of strain on the processor, which caused overheating of the batteries which, in turn, shortened the lifespan of the Androids.

Security

Malicious Cryptocurrency Mining: The “Shooting Star” in the Cybercrime Domain

June 6, 2018 — by Fabio Palozza0

cryptocurrency-mining-960x640.jpg

It’s quite evident how these days, attacks assume new forms along with transformations in the types of services that are widely used by consumers in a given period of time. Needless to mention, malware or malicious activities will find their presence in new applications and services as they evolve to occupy a prominent position in people’s lives.

Security

Detecting Malware/APT Through Automatic Log Analysis

May 23, 2018 — by Fabio Palozza0

big-data-malware-960x679.jpg

Legacy perimeter security mechanisms can be evaded very easily. It’s disappointing, but it’s true. Innovatively-designed malware and APTs have the potential to evade even the strongest signature-based security solutions that are currently being deployed across industries. This has encouraged IT companies to think beyond prevention and to design effective detection strategies. In recent times, companies have started analyzing traffic logs through a deployment of technology as well as professional services to detect attacks that are under way. However, even though traffic log analysis can promote the identification of malware activity, companies may not benefit from it much as the on-premises approach is incomplete, inefficient, and expensive at the same time.