Tag Archives: Anti-Virus

WatchGuard report finds two-thirds of malware to be encrypted

WatchGuard Technologies’ latest Internet Security Report shows that 67% of all malware in Q1 2020 was delivered via encrypted HTTPS connections and that 72% of encrypted malware was classified as zero day, so on that basis would have evaded signature-based anti-virus protection.

These findings show that, without HTTPS inspection of encrypted traffic and advanced behaviour-based threat detection and response, organisations are missing up to two-thirds of incoming threats. The report also highlights the finding that the UK was a top target for cyber criminals in Q1, earning a spot in the Top Three countries for the five most widespread network attacks.

“Some organisations are reluctant to set up HTTPS inspection due to the extra work involved, but our threat data clearly shows that a majority of malware is delivered through encrypted connections and that letting traffic go uninspected is simply no longer an option,” said Corey Nachreiner, chief technology officer at WatchGuard. “As malware continues to become more advanced and evasive, the only reliable approach towards defence is implementing a set of layered security services, including advanced threat detection methods and HTTPS inspection.”

Malware

Key findings

Other key findings from WatchGuard’s latest Internet Security Report include:

Monero cryptominers surge in popularity Five of the Top Ten domains distributing malware in Q1 (identified by WatchGuard’s DNS filtering service DNSWatch) either hosted or controlled Monero cryptominers. This sudden jump in cryptominer popularity could simply be due to its utility. Adding a cryptomining module to malware is an easy way for online criminals to generate passive income

Flawed-Ammyy and Cryxos malware variants join top lists The Cryxos trojan was third on WatchGuard’s Top Five encrypted malware list and also third on its Top Five most widespread malware detections list, primarily targeting Hong Kong. It’s delivered as an e-mail attachment disguised as an invoice and will ask the user to enter their e-mail and password which it stores. Flawed-Ammyy is a support scam where the attacker uses the Ammyy Admin support software to gain remote access to the victim’s computer

Three-year-old Adobe vulnerability appears in top network attacks An Adobe Acrobat Reader exploit that was patched in August 2017 appeared in WatchGuard’s top network attacks list for the first time in Q1 of this year. This vulnerability resurfacing several years after being discovered and resolved illustrates the importance of regularly patching and updating systems

Mapp Engage, AT&T and Bet365 targeted with spear phishing campaigns Three new domains hosting phishing campaigns appeared on WatchGuard’s Top Ten list in Q1 2020. They impersonated digital marketing and analytics product Mapp Engage, online betting platform Bet365 (this campaign was in Chinese) and an AT&T login page (this campaign is no longer active at the time of the report’s publication)

COVID-19 impact Q1 2020 was only the start of the massive changes to the cyber threat landscape brought on by the COVID-19 pandemic. Even in the first three months of 2020, WatchGuard still saw a massive rise in remote workers and attacks targeting individuals

Malware hits and network attacks decline Overall, there were 6.9% fewer malware hits and 11.6% fewer network attacks in Q1, despite a 9% increase in the number of Fireboxes contributing data. This could be attributed to fewer potential targets operating within the traditional network perimeter with worldwide work-from-home policies in full force during the COVID-19 pandemic

Malware2

Anonymised data

The findings in WatchGuard’s Internet Security Reports are drawn from anonymised Firebox Feed data from active WatchGuard appliances whose owners have opted in to share data to support the Threat Lab’s research efforts. Over 44,000 appliances worldwide contribute threat intelligence data to the report. In Q1 2020, they blocked over 32,148,519 malware variants in total (730 samples per device) and more than 1,660,000 network attacks (38 attacks per device).

The complete report includes key defensive Best Practices that organisations of all sizes can use to protect themselves in today’s threat landscape and a detailed analysis of how the COVID-19 pandemic and associated shift to working from home affected the cyber security landscape.

*To view the full report visit Internet Security Report for Q1 2020

Leave a comment

Filed under Security Matters

Dell “reinvents” endpoint security portfolio through strategic collaborations with Secureworks and CrowdStrike

Cyber criminals are continuously shifting their attack techniques to better target endpoints. As more than one-third (39%) of cyber attacks are now non-malware based, adversaries can exploit gaps in traditional anti-malware solutions used in isolation.

Considering that 50% of organisations also have insufficient endpoint or network visibility during incident response engagements, it’s clear many businesses are injecting ineffective security tools into their environments, ultimately adding complexity without directly addressing the problem.

These disconnected solutions require ongoing diligence and expert resources to analyse a multitude of security alerts and identify compromised devices. Yet, with the growing cyber security skills gap, businesses don’t have the resources needed to manage their security infrastructure effectively.

To help organisations in addressing these challenges, Dell is introducing Dell SafeGuard and Response, a portfolio of next generation endpoint security solutions that combines the managed security, incident response expertise and threat behavioural analytics of Secureworks with the unified endpoint protection platform from CrowdStrike.

Dell’s modern and effective approach designed to prevent, detect and respond to the shifting threat landscape makes it easy for organisations to protect their data with the industry’s most secure commercial PCs.

With Artificial Intelligence (AI)-driven and cloud-native endpoint protection powered by CrowdStrike and expert threat intelligence and response management by Secureworks, Dell SafeGuard and Response provides end user customers with the essential capabilities they need to protect their PCs and data. CrowdStrike endpoint security solutions prevent more than 99% of malware and non-malware-based threats, detect 100% of vulnerabilities and respond to sophisticated attacks rapidly.

DellLaptop

Secureworks’ RedCloak behavioural analytics are built into the prevention, detection and response capabilities, so customers benefit from an ever-smarter network effect of protection. When an emerging threat is discovered in one environment, countermeasures are created and deployed to all customers who may be affected. 

Prevent, detect and respond to threats

With Dell SafeGuard and Response, customers no longer need to worry about complex implementation involving numerous agents. Dell’s modern approach to security simplifies the buying process, allowing customers to order these new solutions alongside their new PC. Businesses will receive outstanding prevention combined with the ability to quickly detect compromised devices and remediate cyber incidents.

Customers can select from the following new Dell SafeGuard and Response solutions to meet their unique security needs:

CrowdStrike Falcon Prevent: This next generation anti-virus (NGAV) solution uses AI and machine learning to stop malware and malware-free attacks, offering organisations enhanced protection without requiring signatures and the heavy updates that come with them

CrowdStrike Falcon Prevent and Insight: In addition to the NGAV solution, customers can advance their threat prevention capabilities with Device Control and Falcon Insight, the leading endpoint detection and response solution. This enables full visibility into endpoint threat activity and real-time remediation designed to prevent, detect and investigate incidents and stop threats

Secureworks Managed Endpoint Protection: Combined with CrowdStrike Falcon Prevent and Insight and Device Control, this offer provides customers with 24×7 managed services from Secureworks to monitor the state of endpoints for indications of threat actor activity. Secureworks’ Security Operations Centre and Counter Threat Unit will investigate events to determine severity, accuracy and context to suggest remedial actions, in turn giving organisations peace of mind around the clock

Secureworks Incident Management Retainer: In the event of a serious security incident, Secureworks will deploy its on-demand incident response specialist team who are highly skilled to respond to and mitigate a cyber incident at any time. Now, organisations with and without SOCs can have the support and expertise needed in critical times. This service can also be used to build a proactive response plan for future security incidents.

Devices and data secure 

“Organisations are faced with what may feel like an exponentially expanding threat landscape and a mixed bag of solutions to fix it,” said Brett Hansen, vice-president and general manager of client software and security solutions at Dell. “To meet the evolving needs of our customers and stay ahead of ever-evolving threats, Dell is offering organisations the tools they need to keep their devices and data secure.”

Wendy Thomas, senior vice-president of business and product strategy at Secureworks, added: “Attacker techniques are becoming more sophisticated. Customers need managed solutions that are actively guarding against threat activity. Our modern approach with Dell ensures a co-ordinated defence against cyber threats at the scale and speed required for any customer’s evolving security needs beyond the network.”

Matthew Polly, vice-president of worldwide business development and channels at CrowdStrike, concluded: “Being selected by Dell is a testament to CrowdStrike’s market leadership and the proven value of our platform. Together, we are equipping customers with a unique and compelling solution to deliver an end-to-end approach to endpoint security that effectively stops threats, while also reducing enterprise complexity and modernising threat detection and management.”

*Dell SafeGuard and Response will be available globally in March through Dell and its authorised channel partners. Additionally, the comprehensive CrowdStrike Falcon platform can also be purchased through Dell

Leave a comment

Filed under Risk Xtra, Uncategorized

30% of NHS Trusts have experienced a ransomware attack” finds SentinelOne

30% of NHS Trusts in the UK have experienced a ransomware attack, potentially placing patient data and lives at risk. One Trust – the Imperial College Healthcare NHS Trust – admitted to being attacked 19 times in just 12 months. These are the findings of a Freedom of Information (FoI) request submitted by SentinelOne.

The Ransomware Research Data Summary explains that SentinelOne made FoI requests to 129 NHS Trusts, of which 94 responded. Three Trusts refused to answer, claiming their response could damage commercial interests. All but two Trusts – Surrey and Sussex and University College London Hospitals – have invested in anti-virus security software on their endpoint devices to protect them from malware.

Despite installing a McAfee solution, Leeds Teaching Hospital has apparently suffered five attacks in the past year.

No Trusts reported paying a ransom or informed law enforcement of the attacks: all preferred to deal with the attacks internally.

Ransomware which encrypts data and demands a ransom to decrypt it has been affecting US hospitals for a while now. The Hollywood Presbyterian Medical Center in Los Angeles notoriously paid cyber criminals £12,000 last February after being infected by Locky, one of the most prolific ransomware variants.

nhstrustsransomware

With the infected computers or networks becoming unusable until a ransom has been paid* or the data has been recovered, it’s clear to see why these types of attack can be a concern for business continuity professionals, with the latest Horizon Scan Report published by the Business Continuity Institute highlighting cyber attacks as the prime concern. This is a very good reason why cyber resilience has been chosen as the theme for Business Continuity Awareness Week in 2017.

“These results are far from surprising,” said Tony Rowan, chief security consultant at SentinelOne. “Public sector organisations make a soft target for fraudsters because budget and resource shortages frequently leave hospitals short changed when it comes to security basics like regular software patching. The results highlight the fact that old school AV technology is powerless to halt virulent, mutating forms of malware like ransomware. A new and more dynamic approach to endpoint protection is needed.”

Rowan continued: “In the past, some NHS Trusts have been singled out by the Information Commissioner’s Office for their poor record on data breaches. With the growth of connected devices like kidney dialysis machines and heart monitors, there’s even a chance that poor security practices could put lives at risk.”

*Note that the data isn’t always recovered even after a ransom has been paid

Leave a comment

Filed under Risk UK News, Uncategorized