Indian Police Break Up International Computer Virus Scam

Police said Thursday that they have arrested nearly two dozen people on suspicion of defrauding people around the world by sending fake pop-up messages warning them that their computers were infected with a virus and offering to rectify the problem at a price.

UP police officer Ajay Pal Sharma said those arrested Tuesday and Wednesday posed as authorized representatives of Microsoft and other companies and used their logos.

The arrests were made after input from the US Federal Bureau of Investigation and Interpol, Sharma said. Microsoft was the complainant in the case.

He said those arrested have been running the scam out of call centres in the Indian capital and neighbouring states of Haryana and Uttar Pradesh for months.

Their pop-up messages prompted victims in the United States, Britain, Australia and other countries to call a phone number showing on their computer screens, he said. They would then be scammed out of money in exchange for supposedly fixing the problem.

Those arrested were mostly people in their 20s and early 30s who quit their jobs in call centres. Police recovered hard drives, servers, laptops, mobile phones, computers and central processing units (CPUs) from them, Sharma said.

In 2016, the Mumbai police arrested 70 people for allegedly cheating thousands of Americans. They would call them from dubious call centres in Mumbai and tell their victims that they owed unpaid taxes. They would ask Americans to buy prepaid cash cards to settle outstanding tax debts or face jail.

Gujshield Next Generation Firewall – Beyond UTM

Gujshield Next Generation Firewall – Beyond UTM GajShield Next Generation Firewall machines go route past current UTM firewall innovations, by utilizing industry’s most ground-breaking setting based profound parcel examination motor to group application traffic and give perceivability to basic SaaS application. GajShield’s Application channel gives continuous, Layer-7 arrangement of all system application traffic.

GajShield Next Generation Firewall appliances, are ICSALabs certified and come with a unique Context based Data Leak Prevention, Cloud Access Security Broker (CASB), Cloud Security for Roaming users, BYOD for mobile device security and Application Filtering, GajShield next generation firewalls are industries leading innovators in data and network security. GajShield firewalls are easy to configure using its Object Oriented policy management which brings policy re-usability and inheritance.

Sophose Next-Gen Network Protection – XG Firewall

Sophos network security appliances, provide configured multiple features like firewall-vpn,gateway antivirus,anti-spam,ips,content and application filtering,web application firewall,application visibility and control,bandwidth managment..etc
Sophos configured security features to protect your network against malware,insider threats,hacker,and other sophisticated network attacks.
This is the lowest cost because of support on the cyberoam devices installed previous at the board.If the board purched the devices sophos XG330 with 3 year licenses it will be cost approx 35Lakh for both of machines.
the configuration and installation reports as follows:-
If any problem faced the board instalation regarding cyberoam/sophos any other devices of data center ,we are ready to solve the issues on 24*7 support.

What Does It Mean When Internet Access Is Unsecure?

An unsecure wireless connection is one you can access without a password. Public networks offered in places like cafes are often open. Although these provide free wireless Internet access, using public Internet comes with dangers. If your home Internet is open, you should consider securing wireless access to protect your data and avoid legal trouble.

Unsecure Wi-Fi

The two types of public networks are ones that are left open by businesses and ones that are left open by individuals. An open network from a business allows customers to use the Internet in the establishment — such as patrons of a coffee shop using the network to work. An open network in a home comes from a router that hasn’t been secured. Sometimes this is unintentional, if the owner doesn’t know that her network is open. However, an unsecure wireless connection isn’t always bad. Some experienced users opt to leave their Wi-Fi open for the public to access, with proper security precautions to protect their data and bandwidth.

The Risks of Hosting Open Wi-Fi

Although there’s a certain nobility in sharing your Wi-Fi with your neighborhood, there’s also a danger in it. Unscrupulous users sometimes cruise around looking for unsecure wireless connections to exploit — such as the 2011 arrest of a man after someone else used his open wireless to download child pornography.

While it’s an extreme example, other risks are hackers snooping on data sent over your network and using your network to access your computer’s files and system information. Having users on your Wi-Fi also uses your bandwidth, which can become costly if your ISP charges for bandwidth overages.

Implementing Wireless Security

Every router has some wireless security features built into the settings. Log in to your router’s administration settings using your browser; if you’ve never done this before, the IP address and default login details are usually on the bottom of the router. When choosing wireless security, WPA2 is the most secure, while WEP is the easiest for outside users to crack. Set a strong password, and only share the password with people you trust. Some routers also offers a Guest Network setting, which allows you to create a secure wireless network and another unsecure network, which offers you home security and an open network for visitors or neighbors.

Safety on Public Networks

If you routinely access public networks, you can still browse safely. Avoid entering anything sensitive, such as bank or credit card information. If you have to access this data, consider using a virtual private network (VPN), which encrypts all the data you send using an external server. Disable file sharing while you’re on a public network. Make sure you’re using a public connection owned by a business, as it goes both ways — users can set up fake public networks in an attempt to catch your private data.

RSA CONFERENCE AND DATA LOSS PREVENTION

Along these lines, RSA is practically around the bend and like earlier years, there are various DLP sellers that have nothing at all to do with “information misfortune counteractive action,” yet use this expression to depict themselves. With all the commotion about securing information, numerous sellers simply need their bit of the DLP pie, paying little heed to whether their item/s really perform information misfortune counteractive action.

Should this truly be a worry or am I making a mountain out of mole slope? Are organizations truly purchasing non-DLP innovations, supposing they are determining DLP advantage? All things considered, no doubt, purchasers of security advances are the absolute most astute out there. What’s more, while the greater part of them can see through the pitch, “obviously, Mr. Client, this workstation security channel will completely put a conclusion to your information misfortune aversion hardships,” you may be amazed to realize what number of purchasers get advancements that are “nearly DLP” or “channel DLP,” not understanding they are unequipped for giving the far reaching dimensions of assurance they should have.

Very frequently, an association decides an explicit need and purchases to address that require, just to discover at a later date that they began down the wrong way. A valid example is a client that recognized the need to control USB gadgets on workstations around three years back. Because of budgetary limitations and a tight vision of their need, they chose an item constrained to gadget control just, with no substance mindfulness and no thinking ahead to future needs. The seller they chose can’t address information in movement, information being used and information very still, which means they need to discard this item and select another one, or be looked with overseeing dissimilar arrangements.

Had they chosen a full suite DLP merchant in any case, they could have begun their undertaking with straightforward gadget control (with some extra DLP highlights tossed in for good measure) and afterward included information in movement and information very still at a later date. All without pulling a seller and acquire another.

This in light of the fact that the first gadget control seller they chose pitched their answer as DLP and the client got it.

The DLP Buyer’s Guie for RSA Conference Expo 2013 will be accessible in the coming weeks and will give a thorough perspective of RSA Expo DLP sellers.

SonicWall Secures Hybrid Clouds by Simplifying, Enhancing Deployment for Enterprises, SMBs

Today, SonicWall announced new Capture Cloud Platform capabilities that include Zero-Touch Deployment and Secure SD-WAN (software-defined WAN) designed for distributed enterprises and organizations with hybrid cloud environments. The company also announced enhancements to the Capture Security Center with personalized Risk Meters that deliver company-specific, real-time threat intelligence and risk scoring, as well as Hyper-V, Azure and AWS support for its virtual firewall series.

“Organizations are invested in hybrid cloud strategies where they’re able to harness the power of both public and private clouds, but they require solutions that help simplify and secure their cloud migration initiatives,” said SonicWall President and CEO Bill Conner. “Whether they are pursuing the benefits of a vendor’s specific capabilities, looking to reduce the cost of hiring staff or seeking to reach compliance standards, SonicWall helps protect their migration while simultaneously giving more visibility and control of their environments.”

Reducing Cost with Zero-Touch Deployment
SonicWall Zero-Touch Deployment allows organizations to quickly and securely configure firewall hardware at new locations without requiring advanced and costly on-site personnel. Once new products are brought online in remote locations, administrators can manage local and distributed networks through a single pane-of-glass using Capture Security Center, SonicWall’s flagship cloud-based management and analytics SaaS platform.

“We are very excited about the recent addition of Zero-Touch and SD-WAN from SonicWall. Cerdant has been deploying SonicWall next-generation firewalls for over 15 years and these new additions will allow us to deliver even faster deployments for customers,” said Cerdant Vice President of Technology and Operations Joshua Skeens. “The agile and simplified deployment capabilities will help reduce labor costs with centralized cloud management.”

To reduce wire clutter and the complexity associated with PoE injectors and switches, the company is introducing SonicWall TZ300P and TZ600P unified threat management (UTM) firewalls that provide power directly to connected PoE/PoE+ enabled devices, such as wireless access points, point-of-sale (POS) terminals, printers, cameras and other IP devices.

Leveraging Public Networks Securely
With strong and proven security provided by SonicWall, SD-WAN can be leveraged to use readily-available, low-cost public internet services to reduce the cost and complexity commonly associated with building distributed private networks based on MPLS technology.

“SD-WAN is a highly effective technology for distributed organizations like retailers, banks, manufacturers and campuses to simultaneously improve performance and reliability while reducing operational overhead,” said 451 Research analyst Mike Fratto. “However, the use of the direct, connected public internet for business opens up security challenges for organizations.

“For SD-WAN to be a viable alternative to private WANs, enterprises need to ensure they have the same level of inspection and enforcement at the branch and remote sites as they have at the data center. Integrated security features with SD-WAN are table stakes for most enterprises adopting the technology.”

A new capability of SonicOS 6.5.3, the operating system for SonicWall next-generation firewalls, SonicWall Secure SD-WAN enables distributed organizations to safely deploy and connect branch and remote sites for sharing data, and enhancing the resiliency and performance of applications and services.

SonicWall Secure SD-WAN ensures the consistent performance and availability of business-critical and SaaS applications with intelligent failover, application-based load balancing and quality of service (QoS) capabilities.

Personalized Threat Intelligence, Risk Scoring
The rising growth of applications, endpoints, mobile devices and databases also means a larger attack surface for cybercriminals. To shrink it, the SonicWall Capture Security Center Risk Meters service provides enterprises and SMBs with data-driven analysis about evolving threat vectors that include networks, web, clouds, applications, endpoints, mobile devices and databases.

Because no two organizations are alike, SonicWall Risk Meters deliver personalized threat data and risk scores that are adapted to individual situations and environments, promoting immediate and precise defensive actions.

To better guide business and security objectives in a more timely manner, computed risk scores and threat levels are continuously updated based on live threat data relative to existing defense capabilities. Organizations can leverage their scores when performing security effectiveness planning, policy and budgeting decisions.

Virtual Firewall Extended to Cloud Deployments
The SonicWall Capture Cloud Platform continues to deliver security for businesses of any size and now extends next-generation virtual firewall capabilities to cloud deployments, including Hyper-V, Azure and AWS, with the NSv Firewall Series.

As an added benefit, new and existing customers using SonicWall NSa or NSsp next-generation firewalls and who also have active Advanced Gateway Security Suite (AGSS) or Comprehensive Gateway Security Suite (CGSS) services, will receive a SonicWall NSv firewall for one year at no additional cost.

SonicWall Zero-Touch Deployment is available immediately. The TZ300P Series, TZ600P and SonicOS 6.5.3 with Secure SD-WAN will be available in December 2018.

Key Program Metrics of Data Loss Prevention

Data Loss Prevention is a set of security controls that helps organization protect their sensitive data, throughout its life cycle, across all platforms, from getting disclosed to unauthorized users (insiders or outsiders) either accidentally or intentionally.
Different types of DLP:

  1. Endpoint DLP:Protects data leak from endpoints devices such as, data leak from removable storage devices (USB’s), Local file shares, print services etc. Endpoint DLP controls data usage on laptops, workstations, servers and provides additional layer of protection for Mobile users.
  2. Network DLP: Provides broad security coverage across networks.  Network DLP is able to perform deep packet inspection across applications, Protocols and are able to monitor SSL/ and other forms of encrypted traffic. They are content aware and uses myriad set of rules and policies to monitor data in Motion.
  3. Storage DLP: Protects data stored on Storage towers and network storage. Helps in data discovery, data classification and data de-duplication.  Enforces sensitive data storage policy across all devices and networks.
  4. Cloud DLP:DLP functionality extended to the cloud. This is for the protection of your cloud apps or if you have sensitive data residing on the cloud. Cloud based DLP also has an additional advantage of being deployed in the more speedy and cost effective way. Cloud Access Security Brokers (CASB) provides Cloud DP features in addition to other security features.

Let’s have look at some of the key program metric of Data Loss Prevention (DLP) Technology:

Key Program Metrics:

#Exceptions granted during defined time period :
This is the number of exceptions granted over a defined time period. Exceptions are temporary permissions granted on a case-to-case basis. If the Exceptions are not tracked or documented these could result in potential vulnerabilities for exploitation. Ideally, the number of exceptions for a defined time period should remain as minimum as possible

# False positives during defined time period :
One of the major challenges in Data Loss Prevention program is dealing with false positives. Any mature DLP program within an organisation will try to reduce the false positives to near zero value. This metric is a very good indicator of your Data classification effectiveness, DLP rule-set effectiveness etc.

Mean time to respond to any attempted data breach :
This is the mean time to respond and initiate action to DLP alerts regarding possible data exfiltration attempt. This metric is important as most DLP implementations are for alerts only and aren’t put into Blocking mode due to high False-positives. DLP alerts are among the most significant security events those Data if not prioritized can result in a major data breach. DLP alerts can uncover malicious insider attacks, advance persistent threats and accidental data breach.

# Mis-managed devices in your network handling sensitive data :
This is the number of mis-managed devices which processes and stores sensitive data. This could be file shares, endpoints, servers etc. Each of these devices is potential egress points for sensitive data. A good DLP program will have all of the devices, that handles sensitive data, managed using DLP tool.

# Databases not yet fingerprinted :
Database fingerprinting is one of the key methods which any modern DLP tool use to protect your sensitive data against possible leakages. Ideally, all the databases holding sensitive data must be fingerprinted and available to the DLP tool. This metric gives an indication of the risks associated with databases which are yet to be fingerprinted.

# Databases and data residents not yet classified :
The first step in any Data Loss Prevention program is data classification. Data classification is done to identify sensitive data wherever it resides. It is imperative to classify databases and other data resident devices so that effective controls can be applied to them. If you are blind about your sensitive data sources your DLP is already a failure. This metric indicates you the number of databases, devices, endpoints, file shares which are still at your blind spots.

Do let me know if you want us to add or modify any of the listed key use cases.

Check out the Data Loss Prevention (DLP) market within FireCompass to get more information on these markets.

Check Point Named a Leader in IDC MarketScape Report on Mobile Threat Management

Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cybersecurity solutions globally, today announced it has been named as Leader in the IDC MarketScape: Worldwide Mobile Threat Management Software 2018-2019 Vendor Assessment (Doc# US44521018, December 2018). It is the second-consecutive year Check Point was named a leader in this category with its SandBlast Mobile security solution.

“To be named a Leader by the IDC MarketScape for the second year in a row validates our innovation in the Mobile Threat Management space,” said Itai Greenberg, VP of Product Management, Check Point. “As enterprises rely more on mobile devices, mobile attacks will continue to increase, rendering these devices as easy targets filled with critical business data. CheckPoint’s SandBlast Mobile is a full mobile security solution that was built in preparation for the BYOD era and provides detection capabilities for threats such as zero day malware, email phishing, bots and more.”

The report provides an assessment on the Mobile Threat Management (MTM) marketplace, an area in which interest is driven by the overall security challenges businesses face.

“As the mobile threat management landscape continues to evolve, today’s enterprises will inevitably see an increase in cyber-attacks on mobile devices,” said Phil Hochmuth, Program Director of Enterprise Mobility for IDC. “Check Point continues to meet the needs of enterprises for a robust mobile security platform, with Mobile Threat Management deployments in such critical industries as retail, hospitality, finance, manufacturing and entertainment.”

The IDC MarketScape Worldwide Mobile Threat Management Software 2018-2019 Assessment report analyzes and rates vendors across a broad range of capability- and strategy-focused criteria. As mobile threat management comprises a group of products in a nascent stage, it is important to evaluate them based on customer interactions with the available mobile security solutions. As threats evolve, so must the road maps of the products that will protect devices from these threats.

A complimentary excerpt copy of the IDC MarketScape: Worldwide Mobile Threat Management Software 2018-2019 Vendor Assessment can be accessed here: https://pages.checkpoint.com/idc-report-marketscape-mobile.html

About IDC MarketScape
IDC MarketScape vendor analysis model is designed to provide an overview of the competitive fitness of ICT (information and communications technology) suppliers in a given market. The research methodology utilizes a rigorous scoring methodology based on both qualitative and quantitative criteria that results in a single graphical illustration of each vendor’s position within a given market. IDC MarketScape provides a clear framework in which the product and service offerings, capabilities and strategies, and current and future market success factors of IT and telecommunications vendors can be meaningfully compared. The framework also provides technology buyers with a 360-degree assessment of the strengths and weaknesses of current and prospective vendors.

SamSam Ransomware

It has been reported that new variants of ransomware named “SamSam” is spreading. The modes of spreading this malware is via malicious advertisements, spam emails etc. with crafted attachments.

Malicious activity:

 

  • The attacker’s tries to access the victim machine either by exploiting the vulnerable server or through building the remote desktop connection on victim machine using brute force attack or credentials it purchase from dark Net.
  • Once attacker successfully access the victim machine, it drops the SamSam Ransomware executable on the victim machine which encrypt all the files of the victim machine (excluding window file and Recycle bin folders) with dot stubbin extension. After encrypting all files of victim machine, attacker also drop a text file which contain message for paying ransom to decrypt the data.

Countermeasures and Best practices for prevention:

  • Users are advised to disable their RDP if not in use, if required it should be placed behind the firewall and users are to bind with proper policies while using the RDP.
  • Restrict execution of Power shell /WSCRIPT in enterprise environment Ensure installation and use of the latest version (currently v5.0) of PowerShell, with enhanced logging enabled. Script block logging, and transcription enabled. Send the associated logs to a centralized log repository for monitoring and analysis.
    Reference: https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html
  • Establish a Sender Policy Framework (SPF) for your domain, which is an email validation system designed to prevent spam by detecting email spoofing by which most of the ransomware samples successfully reaches the corporate email boxes.
  • Application whitelisting/Strict implementation of Software Restriction Policies (SRP) to block binaries running from %APPDATA% and %TEMP% paths. Ransomware sample drops and executes generally from these locations.
  • Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organization’s website directly through browser
  • Block the attachments of file types, exe|pif|tmp|url|vb|vbe|scr|reg|cer|pst|cmd|com|bat|dll|dat|hlp|hta|js|wsf
  • Consider encrypting the confidential data as the ransomware generally targets common file types.
  • Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.

References:

Britain Issues Warning Over Russian Anti-virus Software

The UK cyber-security agency will say the software could be exploited by the Russian government. Security firm Kaspersky Labs, accused in the US of being used by the Russian state for espionage, denied wrongdoing.

Kaspersky Labs is widely used by consumers and businesses across the globe, as well as by some parts of the UK government.

Around the world, 400 million people use Kaspersky products.

For it to work, anti-virus software like that sold by Kaspersky Labs requires extensive access to files on computers and networks to scan for malicious code.

It also requires the ability to communicate back to the company in order to receive updates and share data on what it finds.

However, the concern is that this could be used by the Russian state for espionage.

Officials say the National Cyber Security Centre’s (NSCS) decision is based on a risk-analysis rather than evidence that such espionage has already taken place.

In the new government guidance, Ian Levy, NCSC’s technical director, said: “Given we assess the Russians do cyber-attacks against the UK for reasons of state, we believe some UK government and critical national systems are at increased risk.”

The NCSC is understood to have been in dialogue with Kaspersky Labs and says it will explore ways of mitigating the risks to see if a system can be developed to independently verify the security of its products.

It comes amid heightened concern about Russian activity against the UK.

Last month, Prime Minister Theresa May warned the Russian state was acting against the UK’s national interest in cyberspace.

Following her warning, Ciaran Martin, chief executive of the NCSC, said Russia had targeted British infrastructure, including power and telecoms.

Officials stress they are not recommending members of the public or companies stop using Kaspersky software.

“Beyond this relatively small number of systems we see no compelling case at present to extend that advice to the wider public sector, more general enterprises, or individuals,” Levy added.

“Whatever you do, don’t panic. For example, we really don’t want people doing things like ripping out Kaspersky software at large as it makes little sense.”