PDF Software Represents a Real Security Threat

Foxit, PDF Software, Security Threats, Software Security Patches, , , ,
20
Sep 2017

security-265130_1280

PDF files are vital for business as they allow files to be sent from business to business without room for editing. However, the software is far from safe.

The most popular software for viewing PDF files is Adobe Reader and this has regularly had its security flaws laid bare by hackers such as a font vulnerability in 2015 and a ransomware exploit earlier in 2017. Considering that Adobe are considered the kings of PDF software, it’s no surprise that other builders of PDF software are struggling to cope with security flaws being exploited; a case in point is the Foxit PDF reader.

A popular alternative to Adobe Reader, Foxit PDF saw early success when it was able to gain customers from Adobe due to well publicized security flaws in Adobe Reader. Now, though, hackers clearly have their eyes on Foxit’s huge user base and are keen to discover security flaws in Foxit PDF. Let’s take a look at what’s been happening.

Discovering the Flaws in Foxit

Steven Seeley and Ariele Caltabiano – two security researchers – systematically dismantled the code for Foxit Reader and were able to uncover not one, but two serious security flaws. Capable of tricking Foxit Reader into loading malicious websites, these flaws had the potential for malware to be downloaded and whole systems to be compromised. Once these findings were made public, Foxit claimed that their software had an in-built security procedure – known as ‘Safe Reading Mode’ – to counter this. Whilst this is all well and good, many users had deactivated this procedure due to its oversensitive calibration.

At first, Foxit were resolute in their belief that a patch was not required to prevent any exploit taking place through its software, but the company eventually relented and a patch was released that allowed users to deactivate ‘Safe Reading Mode’ but not at the expense of any vulnerabilities being opened up. However, while this patch was made available, it was the users’ responsibility to ensure that this patch was executed and installed on their systems.

cyber-2120014_1280

Patches are CRUCIAL!

The Foxit Reader vulnerabilities have highlighted that software can never be 100% safe and, in fact, many of these vulnerabilities may be completely unknown to the vendor – a flaw known as a zero-day vulnerability. Thankfully, most software manufacturers regularly provide updates and patches to help secure and improve their products. Executing and correctly installing these patches though is a manual task that users must make sure they complete as soon as possible.

Patches are usually released as automatic updates that sync with your software, but this can easily be deactivated – mostly because PC users don’t like to be irritated by popups. However, this small irritating task which, let’s face it, only occasionally takes up a tiny fraction of your day, can make a huge difference to the security of your system. Ignore software patches and you run the risk of your entire system being compromised and your organization being forced to down tools.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Do Your Ex-Employees Still Have Access to Your Data?

disable employee access, disgruntled employees, OneLogin, Security, SIEM, , , ,
19
Sep 2017

Insider_Threat

Your employees can often pose a huge risk to your data security, but what about ex-employees? Well, it turns out they may present an even bigger threat.

When employees leave an organization, it’s prudent that their network and application privileges are immediately terminated. After all, there’s no need for them to have access to your data and this is particularly important if they’ve left to join a competitor. Not only that, it presents them with an easy route for sabotaging your network. So, it’s clear to see why it’s so important to revoke privileges, but it would appear this isn’t always the case.

Research by OneLogin has demonstrated that 50% of accounts previously held by ex-employees with the power to make IT-decisions are still active 24 hours after they have left the organization. And many employees have revealed that around 25% of their employees’ accounts will still be active for up to a week. And, as you well know, it can take mere seconds to completely compromise a PC, so the delay reported by OneLogin has the potential to cause real damage.

Why Do IT Accounts Need to be Terminated Immediately?

The majority of employees who leave your organization are highly unlikely to even consider wanting to log back on to your network, but there are some who may try as soon as they’ve left the building. In particular, disgruntled ex-employees who have had their contracts terminated are likely to be looking for revenge and, of course, those who have left the business to join a local rival may be tempted to log on and steal sensitive information to give them an advantage. While these individuals are in the minority, it still represents a huge threat to your data.

Despite being a basic threat, and one that’s easy to remedy, the statistics provided by OneLogin would indicate that it’s a simple procedure which is being ignored by many organizations. And the end result of this lackadaisical approach is, as OneLogin’s poll has found, that 10% of all data breaches are believed to have been committed by ex-employees. Eliminating this security risk, therefore, can make a real difference to your overall security.

authorizedpersonnelonly

How to Prevent Ex-Employees Accessing Your Networks

OneLogin have found that ex-employees can spell trouble for your security, but what can you do to minimize the risk? Let’s take a look:

  • Create an exit procedure for IT privileges – Thankfully, most employees will give a certain amount of notice before leaving and this gives organizations plenty of opportunity to plan for their exit. Therefore, there’s no excuse for login details to be disabled as soon as that employee leaves. Sometimes, of course, employees will leave suddenly and, in these instances, IT departments need to be informed immediately to close these accounts.
  • Reduce remote access – Some organizations may have networks which can only be accessed internally, so an ex-employee may struggle to even log in once they’ve left the business. However, many organizations provide remote access to their networks and, if an ex-employee can obtain the web address to access this, they could easily connect. To avoid this, make sure that only certain login names are allowed to log on in this manner.
  • Incorporate an SIEM system – Using a security information and event management (SIEM) system can indicate employees’ activity within individual applications, so this can quickly indicate if any unauthorized access is being made. OneLogin discovered that 41% of organizations do not use this type of system, but it would appear to be crucial in protecting your data.

These approaches are simple, quick and easy, so there’s no excuse for being negligent in this area of security.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Mamba Highlights a Change in Ransomware

Mamba, Ransomware, Security, ,
12
Sep 2017

MAMBA-RANSOMWARE

We’re all aware that ransomware can hit you financially, but ransomware is now changing its modus operandi for causing chaos and becoming more dangerous.

The Mamba ransomware first appeared in September 2016 and, rather than just scrambling certain file extensions, it scrambles every single disk sector on your hard drive. And in layman’s terms this means that your whole PC will be next to useless. However, whilst ransomware usually offers you a way out of this mess through a ransom payment, this is where Mamba differs.

In recent attacks on organizations in Brazil and Saudi Arabia, the Mamba ransomware doesn’t specifically demand a ransom. Instead, it merely provides two email addresses and an ID number for you to use in correspondence. The ransom note also asks those infected to enter a key which, we can only assume, could be provided once contact has been made with the aforementioned email addresses.

Of course, much like the NotPetya attack, this could be a form of ransomware which simply sabotages a hard drive by making all its data inaccessible. Regardless of this, it’s not a situation that you want to find yourself in, so let’s take a look at what Mamba consists of. 

The Mamba Attack

There’s a lot of concern that Mamba may be another piece of ‘wiper’ malware which simply dumps data once encrypting it rather than offering a decryption service. It’s also difficult to determine who has been authoring this new Mamba variant – sure, a Russian email address is used, but it would be foolhardy to assume that the attack comes from Russia simply because of an email address.

The attack itself seems to execute the Mamba ransomware by exploiting the PSEXEC application – a piece of software which allows communication between remote systems and crucial for organizations networks to operate effectively. The malware works in two stages with the first line of attack seeing DiskCryptor – a free encryptor – installed on the infected system before rebooting the system. Upon bootup, DiskCryptor begins encrypting disk partitions and, once the hard drive is fully encrypted, the system is rebooted once more.

It’s at this point that the ‘ransom’ note is delivered to the user. It’s too early to say exactly what correspondence with the emails provided will result in, but it’s fair to assume that the hackers aren’t just going to hand over the key. Now, each infected computer has a specific password generated for it, so this hints that, perhaps Mamba isn’t a piece of wiper malware and that payment will result in your hard drive being decrypted. However, it could also just be a diversionary tactic and your files could be lost forever. 

internet-1593448_960_720

Combatting Mamba

The level of encryption carried out by Mamba through DiskCryptor is exceptionally strong, so there’s currently no way of retrieving your files without somehow receiving help from the hackers. Whether this help will be forthcoming is debatable, so it in no way represents a way out from this particularly difficult hack.

Good security practices, as ever, are essential to prevent your organization falling foul of ransomware, particularly when it’s one which appears to be very enigmatic and provides little light at the end of the tunnel. Such attacks are likely to increase, so make sure you practice the following:

  • Always backup your files and data to ensure they’re not compromised on an infected system. It’s also recommended that these are backed up to a system not connected to your network to prevent falling foul of malware which can spread throughout a network.
  • Use multi-layered security in the form of firewalls, web filtering and antivirus software in order to stop malware from either activating or even reaching your network.
  • Restrict user privileges and access on your network as, again, this can stop ransomware spreading through your network once it has started to gain a foothold in your network.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Petya Cyber Attack Goes Global with Ransomware

Cyber Attack, Petya, Ransomware, Security, , , ,
05
Sep 2017

2017_Petya_cyberattack_screenshot

A major cyber attack has swept across the globe and, once again, it’s taken the form of ransomware to shut down computers and demand Bitcoin ransoms.

Known as Petya – the Russian word for stone – has managed to halt operations at a chocolate factory in Australia and even one of Russia’s biggest oil companies, so the scale and sophistication of its attack is clear to see. Following the recent WannaCry ransomware attack, Petya has made headlines in a security landscape where safety appears to be far from guaranteed.

As this is such a widespread attack – and the fact that new ransomware attacks are appearing weekly – it seems like the perfect time to look at Petya and reinforce what you can do to protect yourself.

The Story behind Petya

Although it’s difficult to confirm, it’s believed that the Petya attack originated in the Ukraine. Reports suggest that the ransomware was spread through the update server for MeDoc which is a popular brand of Ukrainian accounting software. Consumers believed they were simply downloading a new update for their software, but it was actually a powerful slice of malware which then spread like wildfire.

Petya.Random

This latest variant of Petya, however, is even more powerful than its original incarnation. It’s believed that Petya now comes loaded with a tool named LSADump which harvests data and passwords from all the PCs located on that network. Petya also appears to be encrypting every single file on the infected PCs through the master boot record – this helps your PC boot up Windows at startup.

Most disturbingly, though, it’s being reported that Petya may not even be ransomware and may, instead, simply wipe everything from a PC with no chance of recovery. While the thought of having to pay a small ransom to retrieve data is troubling enough, the idea that your data may never be retrieved brings a whole new level of concern to Petya.

Defending Against Petya

Regardless of whether Petya encrypts or destroys files, it remains a highly sophisticated strain of malware that no PC user wants to find on their system. Kaspersky and Symantec have assured consumers that their anti-virus software will actively identify and protect against Petya, but for many users this may be too late.

cyber-security-2296269_960_720

Unfortunately, despite the spate of attacks taking advantage of Windows vulnerabilities, many PC users are still incredibly lax when it comes to installing security updates and patches. The main reason for this procrastination is an issue of time, but what’s five to ten minutes of installing updates and rebooting compared to having all the files on your entire network encrypted or even deleted?

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Malware Upgrades to 64-Bit

hardware, Office IT
29
Aug 2017

64-bannellr1-600x330 (1)

Modern operating systems run on 64-bit systems, but they’re still capable of running 32-bit code and this is what hackers have always coded in. Until now.

Guy Propper – security expert at Deep Instinct – has revealed that whilst malware coded in 32-bit code is still as popular as ever, there’s been an increase in the number of 64-bit variants. This is somewhat of a game changer in terms of the cyber security landscape due to the unchartered territory that 64-bit malware operates in.

You’re probably well aware that out-dated legacy systems can provide an unsecured route into your systems, but you would think that a new, up to date system would provide you with a secure defense. Unfortunately, as 64-bit malware is so new, the amount of available knowledge on combatting it is scarce, so it’s a very real threat to contemporary computing.

And that’s why you need to learn the ins and outs of this new threat before your systems fall victim.

32-Bit vs 64-Bit Systems

32-bit-vs-64-bit-main_thumb800

Windows 95 ushered in the era of 32-bit systems and this allowed applications to use up to 4GB of memory to complete their tasks. That was more than enough for applications of the time but, as applications have become more and more advanced, they can now demand more than 4GB of memory. And this is where 64-bit systems come in due to their ability to allocate huge areas of memory over to applications.

The Threat of 64-Bit Malware

It’s only recently that 64-bit systems have begun outselling 32-bit systems, so they’re finally becoming the dominant system; as a result, hackers have started adapting their malware to suit this new frontier. Of note, the ransomware installer Zeus and the computer virus Shamoon – capable of leaving your PC unable to boot up – have been discovered to have 64-bit partners in crime alongside their 32-bit malware code.

The main problem with 64-bit malware is that it’s more difficult to detect than 32-bit malware and this is because most antivirus signatures only search for 32-bit malware. This means that they’re looking for specific pieces of code and system activity, but these are not associated with the 64-bit malware variants as they constructed in a completely different manner. Therefore, they can remain undetected on your system and remain relatively free to carry out their malicious activities.

How Do You Combat 64-Bit Malware?

how-to-choose-a-network-monitoring-software

As more and more consumers adopt 64-bit systems, there’s going to be an ever increasing number of 64-bit malware variants. Naturally, as time goes by, security experts are going to be able to recognize and defend against such threats in a more efficient manner. Unfortunately, that doesn’t really help people in the here and now.

However, the good news is that 64-bit malware is transmitted and executed in much the same as 32-bit malware. And this means that the traditional methods for combatting malware are just as effective, so make sure that you’re actively doing the following:

  • Treat all suspicious email attachments as exactly that – suspicious! If there’s even the slightest doubt about an email then don’t open any attachments, get it checked out by your IT team.
  • You should already be monitoring the network activity of your applications to identify any unusual behavior, but it’s worth setting up a separate monitor to keep a check on 64-bit applications. This may be the only way, at present, that you can identify an infection
  • Finally, educate your staff on the dangers of malware. This can take place during IT induction processes, but also regular refresher courses to keep the information fresh and relevant in your employees’ minds.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 2 3 4 5 6 9