Malware

Bad Rabbit Ransomware

October 29th, 2017

The United State Computer Emergency Readiness Team (US-CERT) has issued a warning against a campaign called Bad Rabbit which seams to be a variant of the Petya ransomware.

”US-CERT discourages individuals and organizations from paying the ransom, as this does not guarantee that access will be restored,” US-CERT stated in an alert. “Using unpatched and unsupported software may increase the risk of proliferation of cyber security threats, such as ransomware.”

Ukraine and Russia appears to be leading target. The affected entities includes Russian media groups Interfax and Fontanka, the Kiev Metro, Odessa International Airport and Ukraine’s Ministry of Infrastructure.

As per Sophos researchers, Bad Rabbit ransomware is distributed through media websites asking users to install fake Adobe Flash.

“Once it infects a computer, the ransomware attempts to move laterally using a list of hardcoded credentials, featuring predictable user names such as root, guest and administrator, and passwords straight out of a worst passwords list,” Sophos’ Bill Brenner wrote. “Another reminder, if one were needed, that all of your passwords need to be strong, even the ones you use behind the safety of a corporate firewall.”

STEALTHbits Technologies vice president of product strategy Gabriel Gumbs mentioned that this ransomware uses open source tool Mimikatz to harvest credentials.

“This could simply be to widen its reach internally for the purpose of further encrypting the files of users with elevated privileges, it may be used to hide inside compromised networks, or the ransom itself could be a decoy from the attack’s real purpose,” Gumbs said. “What we can definitively say today is the only reason you would package Mimikatz with ransomware is for the purpose of further exploiting internal networks — not simply to ransom files.”

VASCO Data Security CISO Christian Vezina mentioned, it’s important to keep in mind that Bad Rabbit uses social engineering tactics to spread. “By teaching your users not to simply click on any link that is presented to them, you may be able to limit your exposure,” he added.

David Zahn, general manager of the cybersecurity business unit at PAS mentioned that it is serious threat to important facilities. “The engineers who manage the industrial control systems that are at the heart of critical infrastructure — namely power generation, oil and gas, and more — are chiefly concerned with maintaining reliability and process safety,” he said. “Ransomware presents a particular risk to both as encrypted systems in a facility can mean loss of view into volatile processes or production disruptions.”

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology. It is designed to enforce that devices are encrypted before access to a network is granted.

Data breach at Vascular Surgical

December 7th, 2016

Vascular Surgical Associates based in Georgia recently suffered data breach after one of its computer servers was hacked. As per the statement, the attack occurred during the time of a software update. After an initial investigation by the facility, it found out that a compromised vendor password was used in this incident.

As per the FAQ section of Vascular Surgical, it had “hired vendors with national reputations and significant client bases to support the computer system infrastructure we use to maintain our medical records.” Furthermore, the ONC had certified the software.

“A password that was created by one of these vendors and controlled by that vendor was used to access our system inappropriately,” the FAQ read. “The perpetrators installed software on our system to prevent us from seeing the activity, but once that activity was identified by our internal IT staff, the system access was changed to prevent additional access using that password.”

As per the OCR data breach reporting tool, incident affected 36,496 individuals. As per the preliminary reports, it is likely that the hackers reside in other countries. Affected information included medical records and demographic information such as dates of birth and addresses. Social Security numbers and financial data were not present on the compromised server. Facility also mentioned that portal was not involved or affected. Patient care is carried as usual.

“Upon learning of the incident and verifying the unauthorized access through forensic evaluation, we immediately secured the server so that this type of attack could not occur again,” the statement explained. “We are confident that none of our staff had any involvement in this incident, as the compromised password that was used to access the information was only available to our vendors and their staffs.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Data breach at North Ottowa Medical Group

July 20th, 2016

North Ottowa Medical Group suffered data breach along with many other healthcare facilities due to hacking incident at Bizmatics, an EHR vendor. Bizmatics notified Michigan-based medical group  about the data breach. It mentioned unauthorised user access of its server, but didn’t confirm whether North Ottawa Medical Group data was accessed or not.

According to the reports, about 22,000 individuals were affected by the healthcare data security event. Possible affected data relates to patients at the medical group’s employed physician practices, including the internal medicine, family practice, and women’s health offices.Disclosed information included names, addresses, health visit information, treatments, health insurance information, and Social Security numbers. The incident may have also exposed the last four digits of a credit card number for some patients.

The medical center mentioned that an independent cyber forensics firm, hired by Bizmatics, is working with the vendor. Also, law enforcement officials conducted a criminal investigation.

“These investigations found that there was no reason to believe patient files were the target of the attack,” the press release stated. “Further, investigators could not conclusively determine if there was, in fact, a PHI breach at all.”

North Ottowa Medical Center has notified affected individuals and the Department of Health and Human Services of the incident. Complimentary identity recovery assistance services for a year is also setup.

According to the website:

Nonetheless, out of an abundance of caution, NOCHS has reported this incident to the Department of Health and Human Services (DHHS), and is treating the situation as though an actual breach occurred. Therefore, in accordance with HIPAA law NOCHS has notified DHHS, NOMG patients, and by way of this news release, the community. NOMG patients will also receive identity recovery assistance services for a year, at no cost.

The North Ottawa Medical Group doctors, physician assistants and nurse practitioners work directly for and within the North Ottawa Community Health System and your community hospital. Our mission is to develop a personal, long-term relationship with you, as well as be our community’s most trusted, local partner in creating a healthier future for all.

____________________________________________________________________________________________

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption software.

Malware attack and Data Breach

May 19th, 2016

Michigan-based Complete Chiropractic and Bodywork Therapies may have suffered potential data breach after its  server was accessed by an unauthorized entity. As per the OCR’s data breach portal, around 4,082 individuals were affected by the incident.

According to the statement, an outside entity gained access to a server which stored PHI information. The facility found the intrusion when its server malfunctioned. Afterwards malware infected its systems. Malware probably have scanned its systems to acquire login and password information.Affected information includes patient data, including treatment, billing and EHR information.

“Out of an abundance of caution, we notified all affected patients, offered them one-year of free identity theft protection through LifeLock, and provided them with recommended actions they can take to protect their information from identity theft. For example, we recommend that any affected patients obtain their credit reports from one or more of the major credit reporting agencies, and monitoring financial and bank accounts for unauthorized activity.”

According to EHR systems PHI which includes names, dates of birth, addresses, Social Security numbers, health information, and diagnosis information was encrypted and thus was not breached.

“However, there is no indication that this information was actually taken or inappropriately used – only that there was an opportunity for the same,” explained Complete Chiropractic and Bodywork Therapies.

Practice secured the server by disabling its connection to the internet. Passwords for all workstation and vendor profiles were changed. It also implemented additional security safeguards, such as adding an extra external firewall to track incoming and outgoing traffic. The chiropractic office has notified all affected individuals.

“CCBT [Complete Chiropractic and Bodyworks Therapies] deeply regrets that this incident occurred,” explained the statement. “We are taking this matter very seriously and are working hard to make sure this does not happen again. CCBT hired new IT professionals who come highly recommended based on their HIPAA compliance experience. With the guidance of our new IT professionals, we are adding to the IT safeguards that CCBT already maintained.”

————————————————————————————————————————————————————-

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption software.

Common sense can stop phishing attack

April 15th, 2015

What is phishing attack?

Phishing emails, websites and phone calls are designed to steal money. It can be also be done by installing malicious software. Cybercriminals asks you to install malware under pretext of useful software.

How to stop phishing attack?

Spelling & Grammar – Cybercriminals are not that good at spellings and grammar. Professional organizations have dedicated writers for drafting emails. So, the possibility of error in the phishing write up is more.

Fake Alerts – You may get the update from the company you know. Please check for the authenticity of the email and then take any action.

Website Links – Do not click the links from the email. They may also include direct download .exe file which installs malicious software on your computer.

Threats – One of the popular ways to steal the user is by threatening email which states that your account will get closed if you didn’t respond to the said email. Ignore such emails or mark them as spam.

Report Phishing Attack

Company Pretension – Verify the information with the official company helpdesk before taking action for the email, phone etc.

Phone Calls – Report to your local authorities if you receive any phishing phone call.

Emails – Report it to your email service provider like Google, Yahoo etc. if you receive phishing emails.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Sony like attack possible

April 6th, 2015

According to the security researchers, many hackers across the globe can launch Sony like attack. Around 90% of the companies can suffer possibilities of hacking considering their current security standards.

There is no shortage of technically proficient people willing to launch such an attack, said Jon Miller, a former hacker who now serves as vice president of strategy at Cylance, an antivirus software maker.

“There are probably a couple thousand, three, four, five-thousand people that could do [the Sony] attack today,” Miller tells “60 Minutes”‘ Steve Croft in an interview airing Sunday evening on CBS television stations.

Complicating things for companies is the sheer number of computers that must be protected, usually from the employees operating them, said Kevin Mandia, chief operating officer of FireEye, the anti-malware company that worked with Sony to mitigate the effects of the hack.

“The advantage goes to the offense in cyber,” Mandia says. The defense must defend every computer, thousands in some cases, but “the offense side thinks, ‘I only need to break into one and I’m on the inside.’…Nation-state threat actors, or hackers, target human weakness, not system weakness.”

The Sony security breach was more serious that it was perceived. Hackers leaked the personal information which includes Social Security numbers of more than 47,000 celebrities, freelancers, and current and former Sony employees. They also leaked movies which were not released, as well as embarrassing emails between Sony Pictures executives, among other internal documents.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Advanced Evasion Techniques

August 24th, 2014

What is Advanced Evasion Techniques?

An advanced evasion technique (AET) is a type of network attack that combines several different known evasion techniques on-the-fly to create a new technique that won’t be recognized by an intrusion detection system.

Advanced Evasion threat can cause severe damage even to the secured organization:

  • It can breach many firewalls and avoids detection
  • It inserts malicious code by slicing and dicing it into bits and pieces that arrive by different paths
  • It re-assembles on an endpoint to gain access
  • AETs are quite successful for the most part, evading the technologies deployed by next generation firewalls (NGFWs)
  • Targets intellectual property and financial resources
  • Goes unnoticed until long until the damage is done
  • Mcfee claims that most firewalls are only capable of blocking less than 10 percent of known AETs and the majority of malicious code delivered using AETs slips by unnoticed.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

New Dyre Banking Trojan

June 15th, 2014

A new banking Trojan also known as Dyre or Dyreza was discovered by Researchers at CSIS and PhishMe. It was found that this virus is designed to bypass SSL protection and steal banking credentials.

PhishMe researchers warned of this new malware, being delivered via phishing emails with the subject lines “Your FED TAX payment was Rejected” and “RE: Invoice.” The emails contain links to files on LogMeIn’s Cubby.com file storage service. “Since Dropbox has been quick to block phishing links, the attackers needed a new legitimate service,” noted PhishMe’s Ronnie Tokazowski.

Process of attack is as follow – Click on the link in the email, and you’ll download a zip file. If you open the zip file, and malware is installed, which monitors all of the victim’s browser traffic, including SSL traffic, with the aim of stealing and uploading online banking login credentials.

“[Bank credentials] should be encrypted and never seen in the clear,” Tokazowski wrote. “By using a sleight of hand, the attackers make it appear that you’re still on the website and working as HTTPS. In reality, your traffic is redirected to the attackers’ page. To successfully redirect traffic in this manner, the attackers need to be able to see the traffic prior to encryption, and in the case of browsers, this is done with a technique called browser hooking.”

Krause told Dark Reading that the malware seems to represent a new banker Trojan family, unrelated to the Zeus Trojan. “One of the biggest differences between Zeus and Dyre is how communication with the command-and-control infrastructure takes place,” he said. “With Zeus, data is usually encoded or encrypted, then passed back as raw binary data. With Dyre, the data is POSTed in the clear, making detection for enterprises with IDS capabilities very straightforward.”

But that may well change in the near future. “Since data is being posted back unencrypted, I believe this malware is only in its infancy, and we should expect more refinements from the malware author,” Krause said.

Kevin Bocek, vice president for security strategy and threat intelligence at Venafi, told eSecurity Planet by email that the threat from Dyre is being enabled at least in part by the blind trust too many users have in SSL/TLS. “In fact, 40 percent of mobile online banking applications are estimated to be vulnerable to man-in-the-middle (MITM) attacks without any cyber criminal effort,” he said.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

US tops as Malware Hosting Nation

January 19th, 2014

Solutionary’s Security Engineering Research Team (SERT) Quarterly Threat Intelligence Report for Q4 2013 states that the United States was the leading malware-hosting nation. US host 44 percent of all malware which was five times more than the second-leading malware-hosting nation, Germany. Later was responsible for 9 percent of all malware in Q4 2013. Report predominantly focused on distribution and analysis of malware. SERT used cloud-based Solution Active-Guard Platform and global threat intelligence network to get the results.

Solutionary SERT director of research Rob Kraus said in a statement ,“We aren’t just talking about foreign espionage campaigns, APTs and breaches; many of these malicious activities are taking place within U.S. borders,” and continued saying, “Malware and, more specifically, its distributors are utilizing the technologies and services that make processes, application deployment and website creation easier.”

Reports mentioned that over 40 antivirus fail to detect malware Researchers found that majority of malware applications are related to PUA’s i.e. potentially unwanted applications which are installed Microsoft Windows 32-bit portable executables (PE32) files.

SERT also mentioned about the malicious actors turning to cloud for malware distribution. It found that malware distributors are widely using cloud computing either by buying services directly or compromising legitimate domains. They are also hiding behind the reputed hosting providers like Google, Godaddy and Amazon to avoid geographic black listing. This type of modus operand has enabled distributors for cost effective ways of spreading malware through easily making them online.

Reports also provide recommendations to Internet Service Providers to limit the risk associated with malware distributions by sites hosted and domain name registered. Ultimately it is up to providers to take action for stopping the proliferation of malware.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Data breach incidents remain undisclosed by Companies

November 3rd, 2013

According to enterprise malware analysts, half of the data breach incidents suffered by U.S. companies go undisclosed.

As per a new survey, 57 percent of malware analysts working on enterprise-related data breaches have addressed security problems that U.S. firms failed to disclose. In order to save reputations or avoid difficult questions by customers and investors, it may be that data breaches are more widespread than first believed, and businesses are far behind in the fight against cyberattackers.

Attempts of attack on security and cyberattacks have become major problems for companies all over the world. If successfully breached, a company network could become an open treasure for hackers, potentially full of customer details including telephone numbers, addresses and card details, sensitive corporate data, or information which impacts national infrastructure security. LivingSocial, Evernote and the Federal Reserve are a among those to be victims of high-profile breaches  taken place this year.

In 2013, Verizon’s Data Breach Investigations Report found that 621 data breaches were confirmed in the year 2012. However when compaired to ThreatTrack’s data which says 66 percent of malware analysts working with 500+ employee enterprises have dealt with undisclosed security problems, the confirmed 621 attack number may somehow be underreported.

“While it is discouraging that so many malware analysts are aware of data breaches that enterprises have not disclosed, it is no surprise that the breaches are occurring. Every day, malware becomes more sophisticated, and U.S. enterprises are constantly targeted for cyber espionage campaigns from overseas competitors and foreign governments. This study reveals that malware analysts are acutely aware of the threats they face, and while many of them report progress in their ability to combat cyber-attacks, they also point out deficiencies in resources and tools.” said ThreatTrack CEO Julian Waits.

To no surprise, 40 percent of respondents said that skilled help is in short supply, this is one of the most difficult aspects of their roles. In an interesting twist, many of the malware analysts said the majority of their time was taken up, thanks to the Internet habits of executives who through browsing pornography sites, clicking on phishing emails and installing malicious apps allow malware to infiltrate networks.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta