Targeted ransomware attacks surge in 2018: Report

PUNE: 2018 saw the advancement of hand-delivered, targeted ransomware attacks that are earning cybercriminals millions of dollars, according to the Sophos 2019 Threat Report. The report, produced by SophosLabs researchers found that capitalist cybercriminals are turning to targeted ransomware attacks that are premeditated and reaping millions of dollars in ransom.

The threat report explores changes in the threat landscape over the past 12 months, uncovering trends and how they are expected to impact cybersecurity in 2019.“The threat landscape is undoubtedly evolving; less skilled cyber criminals are being forced out of business, the fittest among them step up their game to survive and we’ll eventually be left with fewer, but smarter and stronger, adversaries. These new cybercriminals are effectively a cross-breed of the once esoteric, targeted attacker, and the pedestrian purveyor of off-the-shelf malware, using manual hacking techniques, not for espionage or sabotage, but to maintain their dishonorable income streams, said Joe Levy, CTO, Sophos.

The report also highlighted that cybercriminals are using readily available Windows systems administration tools as their route to advance through a system and complete their mission – whether it’s to steal sensitive information off the server or drop ransomware.
Other key trends include:
* Cybercriminals are playing digital dominos by chaining together a sequence of different script types that execute an attack at the end of the event series, hackers can instigate a chain reaction before IT managers detect a threat is operational on the network, and once they break in it’s difficult to stop the payload from executing.

* Cybercriminals have adopted newer Office exploits to lure in victims

* EternalBlue becomes a key tool for cryptojacking attacks with the coupling of EternalBlue to cryptomining software turning the activity from a nuisance hobby into a potentially lucrative criminal career.

The continued threat of mobile and IoT malware extends beyond the organization’s infrastructure. With illegal Android apps on the increase, 2018 has seen an increased focus in malware being pushed to phones, tablets and other IoT devices. As homes and businesses adopt more internet-connected devices, criminals have been devising new ways to hijack those devices to use as nodes in huge botnet attacks.

Ransomware virus attack: India faces unique threat, here is how Modi government is tackling the menace

Ransomware virus attack: Smart power grid systems in India are vurnerable to deadly virus Wannacry ransomware. It has been learnt that aftermath of the deadly Ransomware virus attack last year, Central Electricity Authority (CEA) has advised an ‘urgent’ need to develop a cyber security framework

Ransomware virus attack: Smart power grid systems in India are vurnerable to deadly virus Wannacry ransomware. It has been learnt that aftermath of the deadly Ransomware virus attack last year, Central Electricity Authority (CEA) has advised an ‘urgent’ need to develop a cyber security framework to resolve the security issues in the power sector, accordng to Indian Express report. Notably, on December 23, 2015 hackers had successfully attacked information systems of three prominent power distribution companies in Ukraine. It had disrupted the electricity supply to approximately 2,50,000 Ukranians. A similar small-scale attack had occurred in Ukraine’s capital, Kiev in December 2016. It had led to a power outage for about an hour. Subseauently, Ukraine had accused Russian hackers of carrying this malicious attack.

 

After that the Wannacry ransomware attack in May 2017 had affected computers and systems in 150 countries, including India. Following that the Ministry of Power had tasked the CEA — the apex policy advisory body in the electricity sector — with constituting a committee to discuss various issues including “cyber security issues in the power sector”. The CEA submitted its report on July 19, 2017.

A smart grid is a power network used to supply electricity to consumers via two-way digital communication — is more vulnerable to cyber attacks. “Unfortunately, sophisticated cyber attacks on advanced metering infrastructures (smart grids) are a clear and present danger. The most devastating scenario involves a computer worm that traverses advanced metering infrastructures and permanently disables millions of smart meters,” said a study.

“Though India in past few years has developed technical standards for evaluating cyber security/ cyber-attacks, there is a perceived lack of security built into the smart grid systems. Further, the mechanism for information sharing on cyber security incidents need to be developed. Given the vulnerabilities in the operations of the power system devices, including present practices followed, developing a multiple-threat intrusion detection system is the need of the hour,” stated the CEA report, titled ‘Cyber Security in Power System’.

“Cyber and physical security threats pose a significant and growing challenge to electric utilities. Unlike traditional threats to electric grid reliability, such as extreme weather, cyber threats are less predictable and therefore more difficult to anticipate and address. This calls for an urgent need to develop a cyber security framework and regulatory response to address the specific security needs of the power sector in India,” the CEA’s report stated.

5 Ways Big Companies Protect their Data

In recent years, data protection has become a must for all companies, no matter their size. While big organizations suffering data breaches such as Facebook, Orbitz or Quora are the ones making headlines, a more troubling reality awaits small and mid-sized companies: 60% of them go out of business within six months of a cyberattack, according to the National Cyber Security Alliance.

1. Knowing where information is and where it’s going

A standout amongst the most critical strides towards effective information assurance is knowing precisely what information is being put away and where. By precisely distinguishing their information stream and its powerless focuses, organizations can take educated choices concerning the measures they have to take to secure it. Huge associations use information disclosure instruments to check organization systems for touchy information and, when discovering it on PCs not approved to get to it, they oftentimes have the choice of erasing or scrambling it. In the period of information insurance directions, straightforwardness is key both for consistence and for building viable information assurance strategies.

2. The utilization of encryption no matter how you look at it

From scrambled hard drives, USBs and telephones to information encoded preceding its exchange to the cloud or onto versatile gadgets, encryption has turned into an absolute necessity for all organizations hoping to anchor their touchy data. Encryption handles two regular information insurance vulnerabilities in the present worldwide economy: a work constrain dependably progressing and the ascent of remote work. With gadgets much of the time leaving the wellbeing of organization systems, encryption guarantees that, in the event of burglary or misfortune, the touchy information they contain is difficult to reach to outcasts.

3. Ensuring information in the cloud

The cloud has turned into a necessary piece of digitalization endeavors, however as information moves to the cloud, the issue of its security has started warmed discussions among CIOs and in data security circles. While many contend that the safety efforts connected by cloud specialist co-ops to their servers far surpass any a humble or even substantial organization is probably going to apply to its on location servers, the inclination that their most delicate information’s security is out of their hands makes numerous associations apprehensive. The most widely recognized approaches connected by enormous organizations include the utilization of apparatuses had practical experience in information insurance in the cloud or an impediment of the sorts of information that are put away in the cloud. Another technique includes encoding delicate information before it is exchanged to the cloud.

4. Instructing representatives at all dimensions

The human factor is frequently the greatest helplessness in the chain of information security. Regardless of whether through obliviousness or carelessness, workers represent 54% of information ruptures as indicated by a study directed by the Ponemon Institute. Extensive partnerships guarantee representatives are kept educated of consistence controls and inside cybersecurity approaches, furnishing them with both preparing and clear rules for those coming into contact with the most touchy sorts of information. C-level administrators are often focused by malevolent untouchables because of their abnormal state access to information. Huge organizations take uncommon consideration that higher administration don’t dodge the tenets as it is basic that a similar dimension of information security is kept up no matter how you look at it, evenly, as well as vertically also.

Programming, for example, Data Loss Prevention arrangements can go about as a successful strategy for implementation, by setting clear strategies that secure and confine access to delicate information. Dimensions of access to information can be controlled dependent on gatherings and explicit clients or endpoints.

5. Creating BYOD policies
As companies embrace Bring-your-own-device (BYOD) policies that increase productivity and reduce costs, they often ignore their security implications. Accessing sensitive information on personal devices means that data is traveling outside the confines of the company network, effectively rendering any security measures taken to protect it moot. Big organizations restrict the sort of data that can be transferred outside company devices. At the same time, policies marking the level of trust of a device can be applied. In this way, employees are given the option of aligning the security of their personal devices to policies used within the company and, if they choose not to apply them, it guarantees that no sensitive data is allowed to be transferred on them.

As we move forward into the age of data protection by design and by default, smaller and mid-sized companies must follow in the footsteps of larger companies and adopt policies that protect sensitive information from both inside and outside threats or risk losing not only their customers’ trust, but their entire businesses.

 

Keeping Source Code Safe with Data Loss Prevention

When developing new software and algorithms, companies’ number one concern is that they do the job they are meant to do and function efficiently. Cybersecurity features, when implemented, are meant to ensure the protection of users’ data and guard against malicious process hijacking attacks. Source code itself is often left out of these security considerations and its importance as proprietary confidential information is overlooked.

Sensitive data is frequently viewed as referring to individuals’ data that is protected in many cases by law and whose leakage can cause both financial liability and a loss of customer trust.  When it comes to source code, inevitably, there are competitors that might develop similar products, but there is a marked difference between them having to do the ground work themselves and simply following a company’s available code as their blueprint.

The Vulnerability of Source Code

The simplest way source code can be leaked is through employee theft or negligence. The human factor is at the heart of many data leaks: whether it is disgruntled employees feeling underappreciated or individuals leaving the company, they often have direct access to the source code and can easily transmit it, post it online or copy it onto portable devices.

Third party contractors are also a notable vulnerability. In today’s interconnected world, companies often rely on outside services to run or improve their software. By outsourcing projects, they put their trust in other companies’ security measures to protect their source code. At the same time, they have no way of monitoring and ensuring the enforcement of non-disclosure agreements.

Many developers today incorporate open source software into their projects. Depending on the type of license used, this can mean that any software incorporating them must also adhere to open source policies. This means that, although companies are not obligated to publically post their source code, they can be legally bound to provide it to individuals who request it.

How Data Loss Prevention Can Help

Data Loss Prevention (DLP) tools can help software developers combat data leakage and theft by ensuring security policies that protect it in place. This means limiting or blocking employees from copying source code into emails, transferring it via social media channels or uploading it onto websites. They can also stop the copying of source code files onto portable devices such as USB sticks or external drives.

Source code detection in DLP often uses complex libraries to identify programming languages. These require in-depth knowledge to accurately differentiate between various programming languages, leading to heavyweight databases. DLP solutions such as Endpoint Protector, have taken source code detection to the next level by implementing N-gram-based text categorization which greatly improves the accuracy rate of source code detection, as much as 98% in the case of some programming languages.

By accurately identifying source code, DLP tools can more efficiently apply the policies created to manage, limit or block the transfer and use of source code.

WADING THROUGH THE DLP INCIDENT SWAMP

Any company that has toiled through an extensive data loss prevention (DLP) technology implementation will find that the real work is just starting.

Not long after deployment and the configuring of initial policies, solutions often start throwing off more events than designated handlers can reasonably manage. When this happens, DLP vendors point to the need for policy tweaking to “tune out” (or at least tune down) the chatter. While the need to adjust policies is a requirement across many tools, including DLP, fine tuning is easier said than done.

Until recently, the only options were to engage in a serious and extended policy tuning exercise – or learn to live with incident overload. One company is hoping to change that. The Data Exfiltration Intelligence application from Securonix is designed to take DLP incident logs (among data from other solutions) and automatically uncover and rank the most critical incidents. From a recent press release:

The Securonix solution mines DLP events, proxy logs, printer logs and performs automated analytics on them including identity correlation, recipient analysis, sentiment analysis, behavior analysis, peer group analysis and other techniques to identify data exfiltration threats tied to specific or multiple event. The application automatically monitors for users that show flight risk behavior, high privileged access, and any sensitive data access. Each DLP event is dynamically risk ranked as Securonix continuously updates the user-centric threat model based on new user activity or changes in their identity and access risk profiles. 

We can’t comment on the effectiveness of the solution, however, it’s an interesting proposition. Our preferred approach would be a well-planned, phased policy creation process that addresses key sensitive data, piece by piece. Still, even after successfully creating well-tuned and accurate policies, the solution by Securonix may prove beneficial.