Threats of the Week – December 30, 2019

Threats of the Week – December 30, 2019

Mozi Botnet

Netgear, D-Link, and Huawei routers are actively being probed for weak Telnet passwords and taken over by a new peer-to-peer (P2P) botnet dubbed Mozi and related to the Gafgyt malware as it reuses some of its code.

The botnet is implemented using a custom extended Distributed Hash Table (DHT) protocol based on the standard one commonly used by torrent clients and other P2P platforms to store node contact info.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Momentum botnet and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE 2019-5702

NVIDIA has released a software security update for NVIDIA® GeForce Experience™. This update addresses an issue that may lead to denial of service or escalation of privileges.

Source: NVIDIA

How do you protect yourself?

To protect your system, download and install this software update through the GeForce Experience Downloads page, or open the client to automatically apply the security update.

Ryuk Ransomware

A new version of the Ryuk Ransomware was released that will purposely avoid encrypting folders commonly seen in *NIX operating systems.

With the rising popularity of the Windows Subsystem for Linux (WSL), the Ryuk actors likely encrypted a Windows machine at some point that also affected the *NIX system folders used by WSL. This would have caused these WSL installations to no longer work.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Ryuk ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

6 Areas to Focus Your Security Budget

6 Areas to Focus Your Security Budget

According to new research from Gartner, overall spending on security increased 10.5% in 2019, and global IT spending is expected to increase by 3.7% in 2020. With cyber threats increasing in sophistication and new compliance regulations being implemented worldwide, it makes sense for organizations to focus their time and effort investing in security.

While spending money on security solutions is important to help combat the current threat landscape, it has to be done in a thoughtful way. Organizations need to ensure they are protecting their most critical assets by investing in the right solutions for their needs. Here are 6 areas where you should prioritize your security budget to ensure you’re properly protecting your business

  2019 Spending 2019 Growth (%) 2020 Spending 2020 Growth (%) 2021 Spending 2021 Growth (%)
Data Center Systems 205 -2.5 210 2.6 212 1.0
Enterprise Software 457 8.8 507 10.9 560 10.5
Devices 675 -5.3 683 1.2 685 0.4
IT Services 1,031 3.7 1,088 5.5 1,147 5.5
Communications Services 1,364 -1.1 1,384 1.5 1,413 2.1
Overall IT 3,732 0.4 3,872 3.7 4,018 3.8

Source: Gartner (October 2019)

1. Employees

An often-overlooked aspect of cybersecurity is the role employees play in keeping an organization secure. Nearly a quarter of data breaches were caused by human error in 2018-2019 according to Ponemon Institute. Threats like social engineering and phishing can only be prevented by increasing awareness. Investing in employees is key because they are an organization’s first line of defence.

To help increase awareness, it’s important to train and test employees. At Jolera, we created the Secure IT – User Defence solution to empower employees. It includes online security training, simulated phishing testing and dark web credential monitoring.

2. Email

Email is the most common attack vector with 94% of malware being delivered via email according to the 2019 Data Breach Investigations Report. While most email comes with basic security protection like anti-spam filters, it’s not enough to prevent threats from entering your inbox. Threat actors can easily circumvent these filters which can lead to threats like spear phishing and ransomware to enter your inbox.

Organizations need to protect their inboxes with an advanced email security solution like Secure IT – Mail. Our email solution protects inboxes with powerful tools that scan for malware and malicious links. The solution also includes backup, archiving and email marketing features to enhance your email protection.

3. Endpoint Security

Employees use endpoints to connect to your network. With the rise of the mobile workforce there are usually hundreds, if not thousands, of endpoints connected at any given time. Each endpoint can act as an entry point for hackers. A 2018 SANS endpoint survey found that 42% of respondents reported that their endpoints had been breached. A breached endpoint can allow a threat actor to move laterally throughout your organization and put your data at risk.

Endpoint protection has evolved to keep up with the modern threat landscape. Endpoint security contains features like anti-malware protection and machine learning to detect zero-day threats. All endpoints that connect to your infrastructure should be protected with an endpoint security solution like Secure IT – Endpoint

4. Threat Detection and Analysis

Being able to monitor your IT infrastructure and detect threats is crucial in having proactive security. With a SIEM system, organizations can prevent breaches by detecting suspicious behaviour and sending alerts for remediation. The SIEM analyzes log data from all devices in an infrastructure and correlates the data to determine potential threats.

Research from Ponemon Institute found that 40 percent of companies say they do not qualify and track the company IT security posture at all. By not measuring security posture, organizations are unable to ensure their security investments are working as intended. SIEM provides organizations with insights into their infrastructure which they can use for compliance reporting and to make better decisions on budgeting.

5. Next Generation Firewall

Firewalls are essential in protecting your network and upgrading to a next generation firewall (NGFW) provides greater capabilities for advanced security. Such features include application awareness and control, intrusion prevention, and threat intelligence.

Employees using the internet have the potential to engage with malicious websites unknowingly. With a NGFW, organizations can receive greater visibility into their network and control/block web applications to help prevent breaches. Our Secure IT – Firewall solution also includes security services such as 24/7/365 monitoring and remediation to ensure that your network stays protected.

6. WiFi

Most people know to secure WiFi with a password, but corporate networks require more protection than just a password. A corporate network is often full of wireless access points which can be vulnerable to hackers. Attacks like packet sniffing and man-in-the-middle attacks also put WiFi networks at risk of being infiltrated or experience performance degradation.

WiFi is the most common way users connect to your network and they expect to be protected. Organizations can secure their wireless access points with a WiFi security solution like Secure IT – WiFi. All access points under our WiFi solution are SIEM integrated to provide advanced security and are monitored 24/7/365.

3 Tips to Improve Your Endpoint Security Strategy

3 Tips to Improve Your Endpoint Security Strategy

Adopting an endpoint strategy is crucial in strengthening your overall security posture but not many organizations are taking a holistic approach to securing their endpoints. According to research by IDC, nearly 50 per cent of organizations treat endpoint security as a secondary issue. Your infrastructure is comprised of thousands of endpoints that are susceptible to threats like malware and performance degradation. One damaged endpoint can cause significant damage to your organization such as financial loss or downtime, which is why it’s important to protect your endpoints. Here are three ways you can improve endpoint security.

Source: IDC

Reevaluate your endpoints

The first part of your endpoint strategy is to determine what endpoints reside in your infrastructure. This can be challenging because many organizations allow employees to bring their own devices to work and IoT devices like smart watches and personal mobile phones are difficult to regulate. What organizations can control and secure are the devices that they issue and use in the office.

Your endpoint strategy should consist of protecting all endpoints in your organization. This includes endpoints like printers and tablets, which are not often thought of as high risk despite the fact they can also be targeted by hackers or used as an entry point to laterally move around the organization. Failing to secure these devices causes gaps in endpoint protection. Organizations should seek to secure all endpoints with the same level of security policies. Organizations should also pay special attention when implementing IoT devices because they don’t always come with built-in security.

Gain visibility

In order to properly secure and manage endpoints, organizations need visibility. Organizations need to be able to see if an endpoint is running out of date software or needs to be patched for vulnerabilities. Without visibility, organizations leave their endpoints vulnerable.

Unfortunately, it can be difficult for organizations to keep track of their endpoints. This can be problematic because each endpoint is a potential entry point for hackers.  Using a single management console will make it easier to not only manage endpoints but gain insights and visibility into them as well. Under a single-pane-of-glass console, organizations can easily view all the policies, alerts and data from their endpoints.

Layer protection

Once proper visibility is established, it’s easier for organizations to implement the necessary controls to protect the endpoints. When it comes to complete endpoint security, taking a layered approach will help ensure your endpoints are protected at every level. This means your endpoint strategy should go beyond just having antivirus and a firewall. Your endpoint solution should include protection at all levels such as leveraging machine learning to detect emerging threats and web controls that inspect URLs.

Instead of having to install multiple products, our endpoint solution Secure IT – Endpoint product includes various modules that can be layered for multiple layers of protection. Features such as threat prevention, sandboxing and application containment are all included in our endpoint solution, with other add-ons available.

3 Steps to Simplify Security

3 Steps to Simplify Security

There once was a time where simply having antivirus and a firewall was sufficient protection for users and devices. Nowadays, malware has evolved to evade these defences, requiring organizations to step up their security efforts. To fight evolving threats, many organizations are investing a significant portion of their budget towards security. According to an updated forecast from the International Data Corporation (IDC), worldwide spending on security-related hardware, software, and services will be $106.6 billion in 2019, an increase of 10.7% over 2018. However, the vast amount of security technologies available on the market can be overwhelming for organizations. Here are three aspects of security that organizations can simplify.

Source: IDC

1. Updates and Alerts

Security requires constant maintenance and monitoring to ensure that all software and equipment is up to date. Having to manually update every endpoint in your infrastructure or review large sets of data can be time consuming. Automation is an integral part in helping to simplify these processes.

Automation helps security teams focus on real threats, increasing incident response time and detection, as well as reducing human error. It also allows teams to focus their efforts on more productive tasks, such as threat hunting, because they don’t have to sift through thousands of alerts. 

2. Backup

Data loss can have devastating consequences for organizations which is why it’s important to implement a strong backup strategy. Backups used to be more complicated due to the need to ship and store tapes. Nowadays, it’s easier for organizations to back up their data thanks to cloud technology.

To simplify your backup strategy, your organization needs to decide what data needs to be backed up and how often. Backing up large datasets can take up a lot of time which is why it’s important to narrow down your backups to the most critical data. Backing up in increments, which only backups the data changed since the last backup, can help simplify your data needs. Backups can also be scheduled automatically to ensure that the latest data is backed up. 

3. Security Basics

As mentioned earlier, the security industry is constantly changing to keep up with the latest threats. It’s easy to get swept up with all the new security technologies available. However, having a strong security foundation is the key to simplifying security for your organization. It’s easier to build upon a strong foundation than it is to start from scratch. It also provides greater visibility on your security gaps and helps you identify which areas need improvement.

Start with network security and work your way to your employees. Using a next generation firewall combined with endpoint security will help prevent and detect advanced threats like malware. Then secure your users with training to empower them to become your first line of defence.

At Jolera we understand that security is a big concern for businesses of all sizes. That is why our solutions are designed to simplify the various layers of security such as backup, email, endpoint and more. We’ve thoughtfully designed all our solutions so that businesses can choose the products and services to layer based on their needs. To learn more, contact us today. 

5 Online Shopping Tips for a Safe Black Friday

5 Online Shopping Tips for a Safe Black Friday

Black Friday is one of the biggest shopping events of the year and it’s happening this week just in time for the holiday season. While this shopping event is synonymous with America, it’s gaining a lot of traction with Canadian retailers and shoppers. According to Retail Council of Canada’s second annual Holiday Shopping Survey, 43 per cent of Canadian consumers plan to shop on Black Friday this year.

Unfortunately, this is also a time where hackers strike the most. According to research from credit reporting company Experian, 43 per cent of identity theft happens while consumers shop online during the holidays. If that’s not alarming enough, researchers have found more than 100,000 malicious domains imitating large global retailers. Finding a good deal is exciting but it’s not worth putting your personal information at risk. Here are five tips for a safe online shopping experience.

black friday safe online shopping tips

Source: Retail Council of Canada

1. Don’t online shop in public

Avoid browsing online while you’re out in public because you may be tempted to make a purchase while connected to unsecured public WiFi. Not only are hackers able to snoop on your activity while you’re connected but threats like shoulder surfing or forgetting to log out of a shared computer can also put you at risk. Always use a VPN when connecting to public WiFi. VPNs provide an encrypted tunnel that will help protect your data. The best solution is to do your online shopping away from prying eyes and with a secure private connection at home.  

2. Be vigilant

Cyber criminals know that most people will be shopping and hunting for deals around this time. Beware of phishing emails claiming to be from PayPal or big retailers like Amazon asking you to update billing or account information. Always check the sender email address to determine if it is a legitimate email. Similarly, be wary of ads advertising amazing deals as these might be malicious. Bookmark websites before you shop or type the website in the browser to avoid clicking on malicious links. Always inspect the URL carefully.

3. Do Research

Ensure you only purchase items through reputable retailers by doing your research beforehand. If a deal seems too good to be true, compare prices from other merchandisers. If it’s not on par with what other retailers are offering, it may be too good to be true. If you come across an unfamiliar retailer, check if they have a social media following or contact page/company address. An established brand should have a decent online presence so be sure to check their social media engagement too. For maximum safety, it’s best to only shop at retailers you know and trust. However, a simple online search or looking the unfamiliar retailer up on the Better Business Bureau for complaints can help determine if they are real or not. If you can’t find much information on the retailer, it’s best to avoid them.

4. Use credit cards or gift cards

Stolen debit card information can cause great financial damage to your finances because debit cards are directly linked to your chequing account. Debit cards also don’t always have the same kinds of purchase protection as credit cards which can make it harder for you to recover your money if it falls into the wrong hands. Consider using your credit card instead. If you are hesitant to provide your credit information online, you can use a merchant or visa gift card.

5. Report suspicious activity right away

Monitor your credit card statements and bank account activity regularly to detect suspicious activity as soon as possible. Sometimes banks may be able to catch fraudulent activity but it’s always better to keep an eye on your transactions. If you notice anything suspicious, report it right away so that they can take action as soon as possible.

Credential Theft: How It Works and How to Protect Your Business

Credential Theft: How It Works and How to Protect Your Business

A threat actor only needs one employee’s credentials to gain access to your organization’s entire infrastructure and/or data. The potential consequences of stolen credentials in the wrong hands are endless. You can experience direct financial loss, damage to brand reputation, loss of intellectual property, downtime, etc.

Anyone in your organization can have their credentials stolen. According to the Cybersecurity Threatscape report by Positive Technologies, one in five data thefts involved stealing account credentials. It’s important that organizations understand the threat of credential theft and take action to defend against it.  

Source: Verizon 

How Do Cybercriminals Steal Credentials?

Hackers looking to steal credentials may use any of the following methods:

Keylogging: Hackers can install malware with keylogggers that record the keystrokes on a computer and send the data back to hackers.  

Phishing: Hackers will send users sophisticated phishing emails urging them to change their passwords or update their information. These emails will provide the user with links to web pages that look legitimate but are really phishing websites that are built to steal credentials and personal information. 

Web injections: Hackers inject malicious code into your web browser via malicious browser extensions, links, or ads that allow them to intercept data as its being transmitted.

What Happens to Stolen Credentials? 

Cybercriminals can do any of the following with your stolen credentials:

Engage in fraud: Hackers can impersonate your organization and request fraudulent wire transfers from vendors or business partners. 

Sell: There are several forums on the dark web dedicated to selling and buying user credentials. Once these credentials are bought, cyber criminals can essentially do whatever they want with the stolen credentials. 

Spy: Hackers can use your stolen credentials to spy on your company and gather intelligence regarding your business dealings. They can then leak this information to your competitors or use this information to blackmail your organization. 

Install malware: Hackers can alter the code of your website to steal customer information through formjacking or install malicious ads that can infect visitors with malware. 

How to Protect Your Credentials

Credentials are the keys to your organization and it’s imperative that organizations take the necessary steps to secure them. Here are three things you can do to defend against credential theft: 

Monitor credentials: Sometimes hackers don’t even have to work to steal your credentials – they can easily find them on the dark web after a massive data breach. By monitoring the dark web for your company’s credentials, you can take action before they are maliciously used by a threat actor. You can start monitoring your organization’s credentials today with our Secure IT – User Defence solution. We will alert your organization as soon as any compromised credentials are found on the dark web, reducing the potential impact of a breach. 

Have a good password policy: Users are responsible for creating safe passwords for their accounts. It’s important that they use good password security, such as never sharing or reusing their passwords.

Act immediately: If you experience suspicious activity in your network or find out your credentials have been exposed in a data breach, you must change your passwords immediately. Users should also never use default passwords or logins as they are easy to guess or can be easily found online. Always change the default passwords of any accounts or hardware as soon as they are added to your infrastructure.