Home Tags Encrypt the data

Tag: encrypt the data

Earlier today, our products detected and successfully blocked a large number of ransomware attacks around the world.
In these attacks, data is encrypted with the extension “.WCRYrdquo; added to the filenames. Our analysis indicates the attack, dubbed “WannaCryrdquo;, is initiated through an SMBv2 remote code execution in Microsoft Windows.

Spam and phishing in 2016

2016 saw a variety of changes in spam flows, with the increase in the number of malicious mass mailings containing ransomware being the most significant.

These programs are readily available on the black market, and in 2017 the volume of malicious spam is unlikely to fall.
Patch or perish Some 2,000 MongoDB installations have been compromised by an attacker demanding administrators pay 0.2 bitcoins (US$206) to have lost data returned. Victor Gevers (@0xDUDE), penetration tester and chairman of the GDI.foundation, noticed the attacks while reporting exposed non-password-protected MongoDB installations to owners. One open server contained a ransom warning message in place of the database content Gevers expected. Rather than encrypt the data, the attacker, "harak1r1," ran a script that replaced the database's content with the ransom message. So far 16 organisations appear to have paid harak1r1. John Matherly, the brains behind security search engine Shodan, where many exposed MongoDBs can be found, has warned since 2015 of the dangers of exposed installations. Back then he warned of some 30,000 exposed MongoDB instances open to the internet without access controls, a number that has since fallen to about 25,000, with version 2.4.9 being the most popular install. Gevers told BleepingComputer old MongoDB instances were deployed to cloud services, saying a whopping 78 percent of Amazon Web Services hosts were running known-vulnerable versions of the platform. Those old versions exposed databases to the internet, a problem that is fixed in the current releases. Gevers says he is receiving requests for assistance from ransomed and exposed organisations, and recommends MongoDB administrators check logs and ensure unauthorised accounts have not been added. ® Sponsored: Next gen cybersecurity.
Visit The Register's security hub
Why try to extract pennies from kiddies when there's businesses to be bilked? Criminals behind the massive Cerber ransomware enterprise are now targeting businesses as well as individuals with a module that kills and encrypts databases, warns Intel's former security arm McAfee. Cerber had conducted more than 160 campaigns when examined in July targeting 150,0000 users and raking in a cracking US$195,000 in profits in that month alone. Of that figure, Cerber's developer pocketed some US$78,000. It is estimated the malware earns authors and affiliates some US$1 million to US$2.5 million a year. Those figures surpass 2015 ransomware profits said to net authors a conservative US$84,000 a month for slinging ransomware at a cost of US$6000.

That's a whopping 1425 per cent profit margin. Security strategist Matthew Rosenquist says chasing businesses is the "next evolution" of ransomware. "[Cerber] now attempts to stop database processes running on the target system so it can encrypt the data," Rosenquist says. "This is a significant shift in focus from consumers to businesses, which typically run databases containing important operational data. "When database files are open and in use by software, they cannot easily be encrypted." It may not be the first to target businesses. The Register has been told of private ransomware variants sent to a limited number of highly-target organisations that encrypt very valuable databases and documents, demanding ransoms topping tens of thousands of dollars for the supply of decryption keys. Rosenquist warns administrators to be on alert for databases abruptly stopping which could signal Cerber is starting its encryption run. It appears there is no method to decrypt Ceber-encrypted files since an update to the malware rendered CheckPoint's decoding tool ineffective. Security engineers are continually working to find a dwindling pool of implementation and side-channel vulnerabilities to help decrypt files encrypted with high quality ransomware. The problem has this year been formalised into the NoMoreRansom alliance which unifies a formerly scattered and silo-ed, but furious effort by malware researchers to lay ruin to scores of ransomware variants, leaving a scant few including the latest Ceber, Cryptxxx, and Cryptowall unbroken. Victims who cannot decrypt their ransomware infections should also try Trend Micro's continually updated decryption tool. ® Sponsored: Customer Identity and Access Management
Cisco cybersecurity report points to dangers ahead Organizations are unprepared for future strains of more sophisticated ransomware, a report by Cisco warns. The networking giant's 2016 Midyear Cybersecurity Report concludes that the next wave of ransomware is expected to be more pervasive and resilient. While current strains typically infect a single computer, future ransomware variants are likely to spread rapidly across networks through vulnerability exploits. "New modular strains of ransomware will be able to quickly switch tactics to maximize efficiency," Cisco warns. "For example, future ransomware attacks will evade detection by being able to limit CPU usage and refrain from command-and-control actions.

These new ransomware strains will spread faster and self-replicate within organizations before coordinating ransom activities." Malvertising (malicious or malware-tainted ads) is likely to become a more common distribution method for ransomware.

Adobe Flash vulnerabilities continue to be one of the top targets for malvertising and exploit kits.
In the popular Nuclear exploit kit, Flash accounted for 80 per cent of successful exploit attempts. Cisco also saw a new trend in ransomware attacks exploiting server vulnerabilities specifically within JBoss servers.

Ten percent of internet-connected JBoss servers worldwide were found to be compromised. While organizations in critical industries such as healthcare have experienced a significant increase in attacks over the past several months, Cisco reports that all vertical markets and global regions are being targeted.

Clubs and organizations, charities, non-governmental organizations (NGOs), and electronics businesses all experienced an increase in attacks in the first half of 2016, according to Cisco. "Fragile infrastructure, poor network hygiene, and slow detection rates are providing ample time and air cover for adversaries to operate," the networking giant warns. David Kennerley, director of threat research at cybersecurity firm Webroot, said that ransomware is one of the biggest threats facing organizations. "Unfortunately, protecting against ransomware is currently a question of economics," Kennerley notes. "It is often cheaper to pay the ransom to get the data back than the costs of regular back-ups and running the technologies to defend.

This is why we have seen companies such as NASCAR team Circle Sport – Leavine Family Racing (CSLFR) paying for data to be recovered. "No matter how tempting it might be, companies should never concede to the criminal and pay the ransom.
It not only fuels the ransomware economy, as criminals see more and more success, but there is absolutely no guarantee that the data will be returned. We have seen instances of malware claiming to encrypt the data, but instead it has been deleted so paying the ransom still did not result in the data's return," he warned. Laila Khudairi, head of cyber at Lloyd's, added: "The fact that ransomware is set to evolve over the next few years is hardly a surprise.

The media regularly reminds us how even some of the biggest organizations can be disrupted by ransom events and clearly more needs to be done to combat this rapidly growing threat. What's more alarming is the fact that many organizations are still unprepared for the impact such events can have on their balance sheet." ® Sponsored: Global DDoS threat landscape report
I travel all over the world for my job, and for my hobbies. Although there are still plenty of places I haven't been, I've visited enough foreign countries that I don't deny it when someone calls me a world traveler. Over the years, I've experienced my fair share of foreign spying. I know what it's like to be snooped on. I'm no longer surprised when I suddenly get gobs of spam from a country I've visited. My best guess is that someone in the country intercepted my email and recorded my email address. I still get porn spam in Arabic and ads for weight loss products in Mandarin. I've had my laptop and USB keys searched at countless borders. An eye-opening moment: On one trip to an Asia-Pacific country, while I was taking a shower in my hotel room, I saw someone insert a USB key into my unlocked laptop. I yelled and jumped out of the shower, and the intruder ran out of the room, leaving his USB key behind. On it was a remote backdoor Trojan. That someone believed I was significant enough to spy on made me feel pretty important. It also taught me to be much more careful with my laptop. Besides keeping your eyes and ears open, what else can you do to protect your privacy and data when traveling? After discussing the topic recently with Salo Fajer, CTO of cybersecurity firm Digital Guardian, I put together the list below. After spending just a brief time with Fajer, I realized we shared a lot of the same ideas on protecting our data from foreign adversaries, but he had a few I hadn't thought of. #1. Know your rights before you go First, and foremost, know your rights and laws before you go to a foreign country. Just as you must know the currency and exchange rate and when to tip, you need to know the legal rights that a particular country might have to your data. It might surprise you to learn that your normal privacy rights, not to mention your Constitutionally protected rights as a U.S. citizen, go away at the border. Border crossings are a legal no-man's land, where each country's laws often do not apply. One of my Canadian co-workers, who traveled to the United States dozens of times a year, was once asked at the border to turn on his laptop, provide his encryption key, and let the border authorities copy his laptop's digital contents. He initially refused because his laptop contained private customer data that he legally could not provide ... or so he thought. The border guards told him that if he did not provide the data he would be immediately prevented from entering our country for five years. He called our company's lawyers and they recommended that he provide the encryption key and give the border guards access to the data. One little tip I gained from that experience is to double encrypt my data. I use a full disk encryption product that is readily apparent to anyone who turns on my computer. But I use a second encryption product to encrypt my most critical data a second time. I have changed the directory path, icon, and executable names so that they look like they belong to a common, run-of-the-mill program. Turns out that if the border guards don't know something is double encrypted, they don't ask for the second set of encryption keys. It's a cryptographer's variation of “Don't ask, don't tell.” #2. Protect copied data I'm a big fan of data encryption schemes like Microsoft's Active Directory Rights Management Service that encrypt the data from unauthorized eyes no matter where it is copied. So even if the border guards or spies get to your data, they are unlikely to be able to review it later on. #3. Leave the data home Better yet, leave the data at home. These days, all my data is stored in the cloud. Before traveling, I just delete the local copy after disabling the sync feature, so that there is no data on my laptop in the first place. I do all my updates and edits on cloud-based copies when I'm away, and then re-enable the local cache when I return home. Or I use the same method, but take another device that never had the data on it in the first place. #4. Always choose the most secure network option Whether you're traveling foreign or domestic, you should always choose the most secure network option available. Be wary of all free Wi-Fi and Bluetooth connections. Make sure you're connecting only to official Wi-Fi offerings and not fake hacker Wi-Fi access points. Better yet, if you can't be sure you're using the right open Wi-Fi network, use your cell phone's tethering feature. #5. HTTPS is your friend Make sure all of your web surfing, or at least your surfing to the websites you use authentication with, is protected by TLS-enabled HTTPS. You don't want bad guys sniffing your connections. Make sure that any wireless connections you use don't try to place fake digital certificates on your computer in an attempt to man-in-the-middle the connections. It's more common these days than ever. Also, it's important to remember that your 2FA (two-factor authentication) methods may not work, especially if your 2FA option uses your cell phone or messaging and your cell phone's voice or data service doesn't work. #6. Use a VPN Use your corporate VPN whenever possible. If your VPN connection uses split-tunneling, understand which traffic is secure and which is not secure. Fajer uses his own personal VPN router when traveling to make sure all connections are protected. Personally, I'm a big fan of Anonabox. #7. Use privacy screens I'm very old school. When I travel I always make sure I have a good privacy screen over my laptop display to keep prying eyes from reading what I'm reading or typing. 3M makes some of the most versatile and secure privacy screens you'll find. #8. Use throwaway accounts I try not to use other people's computers, but there are times when using other computers is necessary or at least very useful. When I use those computers, I often use temporary, throwaway email and cloud storage accounts when I travel. For example, I send my airline tickets to print to a throwaway account so I can pick up and print the tickets on hotel computer equipment. Hotel computers are obvious targets for malware and keystroke recording equipment. If you print that ticket from a throwaway account that you'll never use again, who cares if someone can access it after you leave? #9. Lock your device It goes without saying that you should lock your computing devices anytime you aren't using them -- even in your own hotel room when you're using the shower. #10. Make sure your device is secure Don't take your regular device along on trips if you don't have to. But regardless of whether the computer is your normal device or just a travel one, you want it as secure as possible. It should be securely configured, have all security patches applied, and have a host-based firewall, and host intrusion prevention software, as well. He also said to make sure that you turn off any file or network sharing features. #11. Don't broadcast your current location Lastly, while this isn't exactly a travel tip, don't share your current location with the world. This happens all the time when people use social media. Maybe it's the paranoia gripping me, but I've never understood my friends letting everyone know when they are out of the country, advertising that either their house is empty or that their spouse or kids are home alone. I love to share my pictures and adventures on social media, but I wait until I'm home and able to protect my assets and loved ones. If you travel, whether halfway around the world or halfway across the state, you must take special care to make sure your data and devices stay secure. If you don't take precautions, it's only a matter of time before you get burned.
Enterprise use of encryption saw the largest increase over the past year in over a decade, according to a report released today by the Ponemon Institute. But encryption technology spending as percent of total IT security budgets has gone down, said John Grimm, senior director of security strategy at Thales e-Security, which sponsored the report. In 2005, the first year of the report, only 16 percent of enterprises were using encryption extensively.

The percentage increased gradually to 34 percent last year, then jumped to 41 percent this year. The financial sector was in the lead, with 56 percent of companies using encryption extensively, followed by the health care and pharmaceutical industry. Manufacturing lagged the furthest behind, at 25 percent. ALSO: The CSO password management survival guide When it came to specific applications, databases had the highest use of encryption technology, followed by Internet communications, laptop hard drives, and backups. "This has to do with mature technology," Grimm said. "All the big databases have encryption built in, and on the Internet, SSL is ubiquitous." And now that more people are using encryption in more places, performance is becoming more of an issue, he added. It was the most-important feature when it comes to encryption technology, according to the survey, followed by support for both on-premises and cloud deployment. "They don't want to have two sets of tools," he said. "They want it to be one and the same." Email was just beyond the middle of the list, with public cloud services at the very end. In fact, only 44 percent of organizations said that they protected data at rest in the cloud using encryption, 17 percent used tokenization or another method, and 39 percent stored the data in clear text. Out of those companies that do protect data at rest in the cloud, 44 percent encrypt the data before it is sent to the cloud, 21 percent encrypt the data while it is in the cloud using tools under their control, and 35 percent allow the cloud provider to handle the encryption. Enterprises are increasingly looking to cloud providers to protect their data, Grimm said. "The major cloud providers have done a really good job at security and a lot of enterprises are looking at the cloud providers and seeing that the cloud providers have strong procedures, and are better set up from a skills perspective," he said. "And I think that's a trend that we'll continue to see." This story, "Study: Encryption use increase largest in 11 years" was originally published by CSO.
The cloud data security issue usually gets lost in the general discussion on cloud security.

But there are key differences around securing cloud data that you should understand. Many enterprises believe that if they have cloud security covered generall...