Threats of the Week – December 23, 2019

Threats of the Week – December 23, 2019

Momentum Botnet

A new botnet dubbed Momentum has been found targeting Linux systems running on a variety of different processors and pushing a list of well-known backdoors with the goal of being able to launch DDoS attacks.

Once injected into a device the malware achieves persistence by modifying the rc files and then connecting to the command and control server and joins an internet relay chat channel named #hellboy to register and begin accepting commands. The chat channel is used to command the botnet devices.

Source: SC Magazine

How do you protect yourself?

Proper security measures must be in place to defend against Momentum botnet and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE 2019-18267

An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site scripting vulnerability that may allow session hijacking, disclosure of sensitive data, cross-site request forgery (CSRF) attacks, and remote code execution.

Source: CISA

How do you protect yourself?

GE produced and released Version 07A04, which fixed the vulnerability.

Maze Ransomware

The cybercriminals behind the Maze Ransomware strain erected a Web site on the public Internet, and it currently lists the company names and corresponding Web sites for eight victims of their malware that have declined to pay a ransom demand.

The information disclosed for each Maze victim includes the initial date of infection, several stolen Microsoft Office, text and PDF files, the total volume of files allegedly exfiltrated from victims (measured in Gigabytes), as well as the IP addresses and machine names of the servers infected by Maze.

Source: KrebsonSecurity

How do you protect yourself?

Proper security measures must be in place to defend against Maze ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

6 Areas to Focus Your Security Budget

6 Areas to Focus Your Security Budget

According to new research from Gartner, overall spending on security increased 10.5% in 2019, and global IT spending is expected to increase by 3.7% in 2020. With cyber threats increasing in sophistication and new compliance regulations being implemented worldwide, it makes sense for organizations to focus their time and effort investing in security.

While spending money on security solutions is important to help combat the current threat landscape, it has to be done in a thoughtful way. Organizations need to ensure they are protecting their most critical assets by investing in the right solutions for their needs. Here are 6 areas where you should prioritize your security budget to ensure you’re properly protecting your business

  2019 Spending 2019 Growth (%) 2020 Spending 2020 Growth (%) 2021 Spending 2021 Growth (%)
Data Center Systems 205 -2.5 210 2.6 212 1.0
Enterprise Software 457 8.8 507 10.9 560 10.5
Devices 675 -5.3 683 1.2 685 0.4
IT Services 1,031 3.7 1,088 5.5 1,147 5.5
Communications Services 1,364 -1.1 1,384 1.5 1,413 2.1
Overall IT 3,732 0.4 3,872 3.7 4,018 3.8

Source: Gartner (October 2019)

1. Employees

An often-overlooked aspect of cybersecurity is the role employees play in keeping an organization secure. Nearly a quarter of data breaches were caused by human error in 2018-2019 according to Ponemon Institute. Threats like social engineering and phishing can only be prevented by increasing awareness. Investing in employees is key because they are an organization’s first line of defence.

To help increase awareness, it’s important to train and test employees. At Jolera, we created the Secure IT – User Defence solution to empower employees. It includes online security training, simulated phishing testing and dark web credential monitoring.

2. Email

Email is the most common attack vector with 94% of malware being delivered via email according to the 2019 Data Breach Investigations Report. While most email comes with basic security protection like anti-spam filters, it’s not enough to prevent threats from entering your inbox. Threat actors can easily circumvent these filters which can lead to threats like spear phishing and ransomware to enter your inbox.

Organizations need to protect their inboxes with an advanced email security solution like Secure IT – Mail. Our email solution protects inboxes with powerful tools that scan for malware and malicious links. The solution also includes backup, archiving and email marketing features to enhance your email protection.

3. Endpoint Security

Employees use endpoints to connect to your network. With the rise of the mobile workforce there are usually hundreds, if not thousands, of endpoints connected at any given time. Each endpoint can act as an entry point for hackers. A 2018 SANS endpoint survey found that 42% of respondents reported that their endpoints had been breached. A breached endpoint can allow a threat actor to move laterally throughout your organization and put your data at risk.

Endpoint protection has evolved to keep up with the modern threat landscape. Endpoint security contains features like anti-malware protection and machine learning to detect zero-day threats. All endpoints that connect to your infrastructure should be protected with an endpoint security solution like Secure IT – Endpoint

4. Threat Detection and Analysis

Being able to monitor your IT infrastructure and detect threats is crucial in having proactive security. With a SIEM system, organizations can prevent breaches by detecting suspicious behaviour and sending alerts for remediation. The SIEM analyzes log data from all devices in an infrastructure and correlates the data to determine potential threats.

Research from Ponemon Institute found that 40 percent of companies say they do not qualify and track the company IT security posture at all. By not measuring security posture, organizations are unable to ensure their security investments are working as intended. SIEM provides organizations with insights into their infrastructure which they can use for compliance reporting and to make better decisions on budgeting.

5. Next Generation Firewall

Firewalls are essential in protecting your network and upgrading to a next generation firewall (NGFW) provides greater capabilities for advanced security. Such features include application awareness and control, intrusion prevention, and threat intelligence.

Employees using the internet have the potential to engage with malicious websites unknowingly. With a NGFW, organizations can receive greater visibility into their network and control/block web applications to help prevent breaches. Our Secure IT – Firewall solution also includes security services such as 24/7/365 monitoring and remediation to ensure that your network stays protected.

6. WiFi

Most people know to secure WiFi with a password, but corporate networks require more protection than just a password. A corporate network is often full of wireless access points which can be vulnerable to hackers. Attacks like packet sniffing and man-in-the-middle attacks also put WiFi networks at risk of being infiltrated or experience performance degradation.

WiFi is the most common way users connect to your network and they expect to be protected. Organizations can secure their wireless access points with a WiFi security solution like Secure IT – WiFi. All access points under our WiFi solution are SIEM integrated to provide advanced security and are monitored 24/7/365.

Threats of the Week – December 23, 2019

Threats of the Week – December 16, 2019

Anchor Malware

In a report, we learn of a new connection between a state-sponsored hacking group (North Korea’s Lazarus Group) and a mundane malware operation (TrickBot).

According to the security researchers, the Lazarus Group has recently become a customer of the TrickBot gang, from whom they rent access to already infected systems, along with a new type of attack framework that researchers are calling Anchor.

Researchers describe Anchor as “a collection of tools” combined together into a new malware strain.

The Anchor malware strain is provided as a TrickBot module.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Anchor malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE 2019-16449

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and  important vulnerabilities.  Successful exploitation could lead to arbitrary code execution in the context of the current user.    

Source: Adobe

How do you protect yourself?

Update Adobe Acrobat and Reader to the latest available version.

Snatch Ransomware

The authors of the Snatch ransomware are using a never-before-seen trick to bypass antivirus software and encrypt victims’ files without being detected.

The trick relies on rebooting an infected computer into Safe Mode, and running the ransomware’s file encryption process from there.

The reason for this step is that most antivirus software does not start in Windows Safe Mode, a Windows state meant for debugging and recovering a corrupt operating system.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Snatch ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

3 Tips to Improve Your Endpoint Security Strategy

3 Tips to Improve Your Endpoint Security Strategy

Adopting an endpoint strategy is crucial in strengthening your overall security posture but not many organizations are taking a holistic approach to securing their endpoints. According to research by IDC, nearly 50 per cent of organizations treat endpoint security as a secondary issue. Your infrastructure is comprised of thousands of endpoints that are susceptible to threats like malware and performance degradation. One damaged endpoint can cause significant damage to your organization such as financial loss or downtime, which is why it’s important to protect your endpoints. Here are three ways you can improve endpoint security.

Source: IDC

Reevaluate your endpoints

The first part of your endpoint strategy is to determine what endpoints reside in your infrastructure. This can be challenging because many organizations allow employees to bring their own devices to work and IoT devices like smart watches and personal mobile phones are difficult to regulate. What organizations can control and secure are the devices that they issue and use in the office.

Your endpoint strategy should consist of protecting all endpoints in your organization. This includes endpoints like printers and tablets, which are not often thought of as high risk despite the fact they can also be targeted by hackers or used as an entry point to laterally move around the organization. Failing to secure these devices causes gaps in endpoint protection. Organizations should seek to secure all endpoints with the same level of security policies. Organizations should also pay special attention when implementing IoT devices because they don’t always come with built-in security.

Gain visibility

In order to properly secure and manage endpoints, organizations need visibility. Organizations need to be able to see if an endpoint is running out of date software or needs to be patched for vulnerabilities. Without visibility, organizations leave their endpoints vulnerable.

Unfortunately, it can be difficult for organizations to keep track of their endpoints. This can be problematic because each endpoint is a potential entry point for hackers.  Using a single management console will make it easier to not only manage endpoints but gain insights and visibility into them as well. Under a single-pane-of-glass console, organizations can easily view all the policies, alerts and data from their endpoints.

Layer protection

Once proper visibility is established, it’s easier for organizations to implement the necessary controls to protect the endpoints. When it comes to complete endpoint security, taking a layered approach will help ensure your endpoints are protected at every level. This means your endpoint strategy should go beyond just having antivirus and a firewall. Your endpoint solution should include protection at all levels such as leveraging machine learning to detect emerging threats and web controls that inspect URLs.

Instead of having to install multiple products, our endpoint solution Secure IT – Endpoint product includes various modules that can be layered for multiple layers of protection. Features such as threat prevention, sandboxing and application containment are all included in our endpoint solution, with other add-ons available.

Threats of the Week – December 23, 2019

Threats of the Week – December 9, 2019

ZeroCleare Malware

Security researchers from IBM said today they identified a new strain of destructive data-wiping malware that was developed by Iranian state-sponsored hackers and deployed in cyber-attacks against energy companies active in the Middle East.

But unlike many previous cyber-attacks, which are usually carried out by one single group, IBM said this malware and the attacks behind appear to be the efforts of a collaboration between two of Iran’s top-tier government-backed hacking units.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against ZeroCleare Malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE 2019-17008

Mozilla has released new security patches for Firefox.

When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash.

Source: Mozilla

How do you protect yourself?

Update to Firefox version 71.

PyXie Trojan

A newly discovered hacking campaign by a ‘sophisticated cyber-criminal operation’ is targeting healthcare and education organisations with custom-built, Python-based trojan malware that gives attackers almost control of Windows systems with the ability to monitor actions and steal sensitive data.

Malicious functions of the remote access trojan, dubbed PyXie RAT, include keylogging, credential harvesting, recording video, cookie theft, the ability to perform man-in-the-middle attacks and the capability to deploy other forms of malware onto infected systems.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against PyXie Trojan and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

3 Steps to Simplify Security

3 Steps to Simplify Security

There once was a time where simply having antivirus and a firewall was sufficient protection for users and devices. Nowadays, malware has evolved to evade these defences, requiring organizations to step up their security efforts. To fight evolving threats, many organizations are investing a significant portion of their budget towards security. According to an updated forecast from the International Data Corporation (IDC), worldwide spending on security-related hardware, software, and services will be $106.6 billion in 2019, an increase of 10.7% over 2018. However, the vast amount of security technologies available on the market can be overwhelming for organizations. Here are three aspects of security that organizations can simplify.

Source: IDC

1. Updates and Alerts

Security requires constant maintenance and monitoring to ensure that all software and equipment is up to date. Having to manually update every endpoint in your infrastructure or review large sets of data can be time consuming. Automation is an integral part in helping to simplify these processes.

Automation helps security teams focus on real threats, increasing incident response time and detection, as well as reducing human error. It also allows teams to focus their efforts on more productive tasks, such as threat hunting, because they don’t have to sift through thousands of alerts. 

2. Backup

Data loss can have devastating consequences for organizations which is why it’s important to implement a strong backup strategy. Backups used to be more complicated due to the need to ship and store tapes. Nowadays, it’s easier for organizations to back up their data thanks to cloud technology.

To simplify your backup strategy, your organization needs to decide what data needs to be backed up and how often. Backing up large datasets can take up a lot of time which is why it’s important to narrow down your backups to the most critical data. Backing up in increments, which only backups the data changed since the last backup, can help simplify your data needs. Backups can also be scheduled automatically to ensure that the latest data is backed up. 

3. Security Basics

As mentioned earlier, the security industry is constantly changing to keep up with the latest threats. It’s easy to get swept up with all the new security technologies available. However, having a strong security foundation is the key to simplifying security for your organization. It’s easier to build upon a strong foundation than it is to start from scratch. It also provides greater visibility on your security gaps and helps you identify which areas need improvement.

Start with network security and work your way to your employees. Using a next generation firewall combined with endpoint security will help prevent and detect advanced threats like malware. Then secure your users with training to empower them to become your first line of defence.

At Jolera we understand that security is a big concern for businesses of all sizes. That is why our solutions are designed to simplify the various layers of security such as backup, email, endpoint and more. We’ve thoughtfully designed all our solutions so that businesses can choose the products and services to layer based on their needs. To learn more, contact us today.