Increase Internet Security with VPNs and Endpoint Protection

Increase Internet Security with VPNs and Endpoint Protection

Many companies are using internet devices as part of their daily operations. But as with everything connected to the internet, there are privacy and security risks that need to be taken into consideration. The average cost of a data breach in Canada is $6.11 million. When it comes to protecting devices, using a virtual private network (VPN) and endpoint security can make a big difference.

Source: Payments Cards & Mobile

What is a VPN?

VPNs are secure tunnels that encrypt and protect your internet connections across public and private networks. For corporate users, VPNs allow remote employees to connect to their workplace networks.

VPNs are easy to use. It’s as simple as launching an app and logging in to connect to the VPN server. Some firewalls, like our Secure IT – Firewall, can include VPN capabilities.

How Do VPNs Protect Me?

Protect your connection: Without a VPN, your internet connection remains open and insecure. This can be especially dangerous for those using public WiFi networks, where most hotspots are not secured. Using a VPN will reduce your risk of having your data stolen or being attacked. Even if cyber criminals intercept your data, they won’t be able to access it easily because it’s encrypted.

Protect your privacy:  When you access a website online, your internet service provider receives the requests and directs you to the web page. When this happens, your computer transmits data such as your IP address and your browsing history. This information can be transferred to advertisers or bad actors who can gain information about your internet behaviour and where you are located. With a VPN, your data is encrypted before you are connected to the desired web page. As a result, your data is protected from prying eyes.

Protect your productivity: Using a VPN will help your employees feel more secure and help your clients feel more confident when keeping their data. As mentioned earlier, employees traveling or working remotely can still have access to the workplace network via VPN. This makes it easier for employees to continue their work without interruptions even if they’re out of office.

What is Endpoint Security?

Endpoint security typically consists of using security software, such as anti virus and desktop firewalls, to secure devices and servers accessing the enterprise network. Managed endpoint security, like our Secure IT – Endpoint, also includes security experts that monitor for and respond to threats within your endpoints.

How Does Endpoint Security Protect Me?

Protect your devices: Every device or server you use to connect to the internet is an endpoint. Endpoints also serve as entry points that are targeted by bad actors trying to access your network. With endpoint security, your devices are protected even when you’re not connected to the internet.

Protect your data: Without the added layers of endpoint security, your endpoints remain vulnerable to threats and bad actors. Endpoints help block access attempts to help hack your data. Furthermore, some endpoint security solutions include data loss prevention to protect sensitive files from leaving your environment.

Protect against threats: Endpoint protection features many security capabilities in one suite. These security technologies help secure it against a wide variety of threats. For example, our Secure IT – Endpoint features SIEM integration that uses behavioural analytics to determine if a threat is taking place at your endpoints. These added features layer more security within your endpoints to protect against sophisticated malware and zero-day threats.

Threats of the Week – January 14, 2019

Threats of the Week – January 14, 2019

GandCrab Ransomware

 

 

Cybercriminals behind GandCrab have added the infostealer Vidar in the process for distributing the ransomware piece, which helps increase their profits by pilfering sensitive information before encrypting the computer files.

Following the trails of a malvertising campaign targeting users of torrent trackers and video streaming websites, malware researchers found that Fallout Exploit Kit was used to spread a relatively new infostealer called Vidar, which doubled as a downloader for GandCrab.

Using a rogue advertising domain, the threat actor triaged by geolocation the visitors of the compromised websites and redirected them to an exploit kit (EK).

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against GandCrab ransomware and similar threats. Make sure you only download legitimate apps from the app store and do not click on suspicious links. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

 

CVE-2018-19718

 

 

Adobe has released a security update for Adobe Connect. This update resolves an important session token exposure vulnerability. This update affects Adobe Connect versions 9.8.1 and earlier.

Source: Adobe

How do you protect yourself?

Adobe recommends users update their software installation to the newest version.

 

CryptoMix Ransomware

 

 

An old family of ransomware has returned with a new campaign which uses information about children stolen from crowdfunding websites and claims that payments made in exchange for unlocking encrypted files will be donated to good causes.

However, researchers at cyber security firm Coveware have uncovered a new CryptoMix campaign that looks to make up for its lack of notoriety with this unpleasant new trick.

This ransomware attack begins, like many others, with brute force attacks targeting weak passwords on RDP ports. Once inside the network, the attackers harvest the admin credentials required to move across the network before encrypting servers and wiping back-ups.

Victims are then presented with a ransom note that tells them to send an email to the ransomware distributors, who also warn victims not to use any security software against CryptoMix, with the attackers claiming that this could permanently damage the system (a common tactic used by attackers to dissuade victims from using security software to restore their computer).

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against CryptoMix ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

All About Password Managers: Benefits and Risks

All About Password Managers: Benefits and Risks

Password security is important but not everyone has good password habits. In a global survey, 75% of employees admitted to reusing passwords across their personal and work accounts. This is problematic and can put organizations at risk. One of the ways people solve this problem is by using password managers. But are password managers safe?

password management

Source: Ovum

What is a Password Manager?

Password managers are programs that store and manage your passwords across all your accounts. Password managers store your passwords in an encrypted database that can only be accessed through a master password.

What are the benefits?

Convenience: Password managers make accessing your accounts easier because you only need to remember the master password. This eliminates the headache of having to remember several different passwords for each of your accounts.

Secure passwords: Password managers can generate random, unique passwords for each of your accounts, removing the effort needed to come up with a different password each time. This is done through encryption algorithms that use a combination of symbols, numbers and upper and lowercase letters. As a result, your passwords are harder to guess, which makes them more secure.

Easy to use: Password managers can lead to a seamless user experience. Some managers can autofill your credentials, meaning they can recognize the URL of a website and enter the corresponding credentials automatically. This can help prevent you from entering your credentials into a fake website.

What Are the Risks?

They’re targets: Although password manager databases are encrypted, they are still vulnerable. Due to the important information they house, they are prime targets for hackers. Password manager Blur recently disclosed a breach that exposed information of 2.4 million users, including their encrypted Blur passwords.

Putting your eggs in one basket: When you use a password manager, you are relying on one program to house access to all your accounts. This means that if your password manager gets hacked, all your passwords are exposed. Similarly, forgetting your master password means losing access to all your passwords.

Autofill: Most password managers use autofill to make it easier for users to log in. The downside of autofill is that it remains a big security risk. Research has found that saved information can be accessed through invisible log in forms that trick your browser into filling your personal information.

Do I Need a Password Manager?

Overall, password managers are considered to be more secure than storing your passwords in a computer file or writing them down. Unlike browser-based password storage, password managers are encrypted, making it harder for outside parties to view your credentials. If you decide to use a password manager, you need to make sure you understand the pros and the cons.

Make sure you do your research when deciding on using a password manager. Some highly recommended password managers are KeePass, 1Password, and Dashlane.

When it comes to security, you should not just be relying on a password manager to keep your accounts safe. It’s still important to use multi-factor authentication and a blend of threat defence techniques (such as email and firewall security solutions) to protect against malware.

Threats of the Week – January 7, 2019

Threats of the Week – January 7, 2019

Mirai Malware

 

 

Trend Micro noted that the threat, which was first identified in early December, takes advantage of an exploit in the ThinkPHP programming framework. The remote code execution (RCE) vulnerability allows threat actors to infect machines based on the Linux operating system and execute Miori, which then generates a notification on the victim’s console.

Once attackers verify that a system has been infected through their command-and-control (C&C) server, they utilize the Telnet protocol and take advantage of weak or commonly used passwords to conduct brute-force attacks on other IP addresses.

Source: SecurityIntelligence

How do you protect yourself?

Proper security measures must be in place to defend against Mirai malware and similar threats. Make sure you only download legitimate apps from the app store and do not click on suspicious links. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

 

CVE-2018-16011

 

 

Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Affected Versions

Product Track Affected Versions Platform
Acrobat DC Continuous 2019.010.20064 and earlier versions Windows and macOS
Acrobat Reader DC Continuous 2019.010.20064 and earlier versions Windows and macOS
Acrobat 2017 Classic 2017 2017.011.30110 and earlier version Windows and macOS
Acrobat Reader 2017 Classic 2017 2017.011.30110 and earlier version Windows and macOS
Acrobat DC Classic 2015 2015.006.30461 and earlier versions Windows and macOS
Acrobat Reader DC Classic 2015 2015.006.30461 and earlier versions Windows and macOS

Source: Adobe

How do you protect yourself?

Adobe recommends users update their software installations to the latest versions.

 

EternalBlue Exploit

 

 

The latest version of NRSMiner has been spotted in recent attacks across Asia which are compromising systems which have not been patched against the well-known EternalBlue exploit.

According to cybersecurity researchers from F-Secure, unpatched machines in Asia — centered in Vietnam — are being infected with the latest version of NRSMiner, malware designed to steal computing resources in order to mine for cryptocurrency.

The new version of the malware relies on the EternalBlue exploit to spread through local networks.

EternalBlue is an SMBv1 (Server Message Block 1.0) exploit which is able to trigger remote code execution (RCE) attacks via vulnerable Windows Server Message Block (SMB) file-sharing services. The security flaw responsible for the attack, CVE-2017-0144, was patched by Microsoft in March 2017 and yet many systems have still not been updated and remain vulnerable to attack.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against EternalBlue exploit and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

7 Security New Year’s Resolutions for Your Business

7 Security New Year’s Resolutions for Your Business

2018 was a big year in security. New privacy laws were implemented  (GDPR in Europe and PIPEDA in Canada) and 2018 had the second greatest number of reported data breaches in a year since 2005. Some of the major data breaches that happened this year include those that affected airline Cathay Pacific, Marriott hotels and Facebook.

With 2019 coming up, many organizations will be looking to see how they can take their security to the next level. To help your organization get cyber ready for the new year, here are 7 security resolutions for 2019.

Source: Cisco 

7 Security New Year’s Resolutions

1. Manage local admin passwords: Local administrative accounts are privileged accounts that allow access across your network. These accounts often have easy-to-guess, default passwords that are the same across all the machines in your network This means that if a hacker is able to get hold of your local admin account, they can move freely across your network. In order to protect yourself, you need to either disable these accounts or make each local admin password unique. If you haven’t already done this, now’s a good time to start.

2. Adjust your social media privacy settings: Social media has become an integral for businesses to market themselves and reach out to their customers. However, social media can lead to great security risks. It’s important for businesses to adjust their security settings on their social media accounts. Limit access to your accounts and disable auto location tracking. You should be in control of your social media accounts, not the other way around.

3. Secure remote devices: Working remotely helps business productivity but it is also a security risk. Research has found that a third of cyber attacks are a result of unsecure remote working. Businesses need to ensure that employees are taking the proper precautions when they are working remotely. All remote devices should include endpoint security with anti-virus and firewalls. The new year might be a good time to re-evaluate your BYOD and remote working policies.

4. Implement Zero Trust security model: “Never trust; always verify” is the motto of a Zero Trust model. This means that nothing in your network (including users, devices, servers, etc.) should be trusted until you can verify its identity. Implementing Zero Trust requires a shift in how your organization thinks about security. Start by assessing your devices and data and adjust your security controls appropriately.

5. Limit privilege access: According to Forrester, 80% of security breaches involve privileged credentials. Limiting your local admin privileges is important, and one way to do this is to use least privilege access. Least privilege is the practice of restricting access rights for users and accounts. Make sure that you are limiting access to only those who need it.

6. Use a comprehensive prevention system: Hackers will be looking for any weak spots to exploit your vulnerabilities. It’s important to be one step ahead by protecting every layer of your organization. This includes using advanced security technology, like a SIEM system, to monitor your environment for threats.

7. Boost your security culture: 95% of organizations say their current cybersecurity environments are far from the ones that they would like to have. The new year is often a time for fresh starts, so why not improve your cybersecurity culture? Start the new year by educating your employees with cyber awareness training or with a cybersecurity assessment from our Consult IT team. It’s never too late to start protecting your organization.

Threats of the Week – December 31, 2018

Threats of the Week – December 31, 2018

Siren Bot

 

 

Researchers identified a new DoS bot family named Siren that uses 10 different DoS methods to carry out attacks.

The bot is capable of carrying out HTTP, HTTPS, and UDP flooding on any web server location as instructed by the command-and-control (C&C) server, according to a Dec. 21 blog post.

Siren is also capable of downloading and executing a payload from the URL given by the C&C server, updating, deleting itself using the cmd process, and uninstalling itself using the same process.

Source: SC Media

How do you protect yourself?

Proper security measures must be in place to defend against Siren bot and similar threats. Make sure you only download legitimate apps from the app store and do not click on suspicious links. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

 

CVE-2018-7800

 

 

Schneider Electric is warning about a critical vulnerability in its EVLink Parking devices – a line of electric vehicle charging stations. The energy management and automation giant said the vulnerability is tied to a hard-coded credential bug that exists within the device that could enable attackers to gain access to the system. Affected are EVLink Parking floor-standing units (v3.2.0-12_v1 and earlier).

Source: ThreatPost

How do you protect yourself?

The vulnerability is fixed in the latest EVlink Charging Station software updates.

 

JungleSec Ransomware

 

 

A ransomware called JungleSec is infecting victims through unsecured IPMI (Intelligent Platform Management Interface) cards since early November.

When originally reported in early November, victims were seen using Windows, Linux, and Mac, but there was no indication as to how they were being infected. Since then, BleepingComputer has spoken to multiple victims whose Linux servers were infected with the JungleSec Ransomware and they all stated the same thing; they were infected through unsecured IPMI devices.

IPMI is a management interface built into server motherboards or installed as an add-on card that allow administrators to remotely manage the computer, power on and off the computer, get system information, and get access to a KVM that gives you remote console access.

This is extremely useful for managing servers, especially when renting servers from another company at a remote collocation center. If the IPMI interface is not properly configured, though, it could allow attackers to remotely connect to and take control of your servers using default credentials.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against JungleSec ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.