Panda Security Warns of More Advanced Cyber Attacks in 2017

Cyber Ransomware

 

Cyber security continues to be a hot topic, and 2017 is unlikely to be any different.

Panda Security has done an interesting piece of work. They have looked at the most popular cyber attacks of last year and analysed their evolution to see what could be in store in 2017.

Here’s what they found.

Cybercrime

Cyber criminals are interested in one thing – finding the attacks that rake in the most profit and exploiting them to the max. Their increasingly effective tactics and professionalisation of their operations is what is allowing them to make quick and easy money in an efficient manner.

Ransomware

As mentioned, profit is the driving force behind cyber crime, which is why ransomware is a firm favourite. It is the simplest and most efficient way to achieve this. Victims of this hijacking malware face a decision; should they pay or not, to recover their data. Of course, it’s important to bear in mind that paying the ransom does not guarantee the total recovery of stolen data.

Companies

Attacks on large corporations are set to increase. The information stored by businesses is far more valuable to cyber criminals than that of private users, so it’s vital that companies remain vigilant.

Internet of Things (IoT)

Greater connectivity is a Godsend for cyber criminals. This technological revolution has led to the complete integration of smaller devices into the grid, which are converted into entryways into corporate networks.

DDoS Attacks

At the end of 2016, we saw the most powerful DDoS (Distributed Denial of Service) attacks in history. Carried out by bot networks, they relied on thousands of affected IoT devices (IP cameras, routers, etc.). This type of attack is likely to increase in 2017, which is typically used to blackmail companies or to harm their business (by blocking web access, online shopping, etc.).

Mobile Phones

Focusing on one single OS makes it easier for cybercriminals to fix a target with maximal dissemination and profitability. Android users will get the worst of it in the next 12 months.

Cyberwar

The precarious situation about international relations can have enormous consequences in the field of cyber security. Governments will want access to more information (at a time when encryption is becoming more popular), and intelligence agencies will become more interested in obtaining information that could benefit industry in their countries. A global situation of this kind could hamper data sharing initiatives in the next year.

If you think this paints a bleak future, you could be right, but only if you fail to take precautions to protect your data. To put your mind at ease, get in touch, and we’ll talk you through your options to make sure you have a trouble free future.

 MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: Panda Security

 

How to Protect Yourself Against Cryptowall 4.0

Crypto wall 4.0

 

Crytpowall 4.0 is the newest version of Cryptowall ransomware – one of the most destructive computer viruses of all time.

It can be spread by malicious emails. Once on your machine, it scans the entire system to find your personal files, and locks them using an encryption algorithm that’s almost impossible to crack.

Then it leaves ransom notes on several folders informing you what needs to be done in order to recover the encrypted data.

Not very nice.

Prevention is always better and we found this comment on a thread on the Spiceworks.com community forum about the security measures you should take to avoid such attacks.

In no particular order of importance, do ALL of them…

  • Make some real firewall rules – DON’T just leave the default allow-any-outbound rules – ONLY allow traffic outbound on ports that you actually use/need – Example for DCs: 53,80,123,443,3544  Example for End-Users: 80,443,1935,3544
  • CryptoPrevent: https://www.foolishit.com/cryptoprevent-malware-prevention/ or some other Group Policy based software run restrictions – don’t let any executable run from a temp location.
  • An end-user should never be a local admin.  Admit it, you did this once-upon-a-time only cause you were tired/lazy and didn’t take the time to set the permissions right on something.
  • Automatically remove all shares if/when the encryption starts to happen: http://jpelectron.com/sample/Info%20and%20Documents/Stop%20crypto%20badware%20before%20it%20ruins%20… This can also be setup to email you the moment it happens, the filename, and the user who did it.
  • Use an Internet filter to block all the ccTLD’s and IDN’s your company doesn’t really need – also block the known bad/malware domains – better yet also block advertisements (the source of much badware) – we use DNS Redirector: http://dnsredirector.com it’s great and it doesn’t cost a fortune.
  • Prevent access to any URL with an IP in it – only bad guys do links like http://93.184.216.34 – everything else should be a DNS name like http://example.com and therefore a DNS lookup (which is filtered) before getting out to the Internet.
  • User training: re-enforce that users should not click on things that look phishy, are spelled wrong, or they were not expecting – even if the email looks like it’s someone they know.  
  • Implement spam/email message filtering, if your users can’t get to a bad link, then they can’t click on a bad link.
  • Do backups, check that they are actually working.  Make a “compliance game” if someone else (in your IT department) can delete a file (they should make their own backup first) and you can’t restore it – then you owe them lunch.  Shit get’s solved real fast.
  • Try executable whitelisting, the idea being only software you know about can run, I think this is extreme and haven’t resorted to doing it myself.

Another comment provided a 20 Step Security Defence in Depth Strategy:

  1. Two anti-malware email filters (separate services).
  2. Anti-malware at perimeter and at endpoints (separate services).
  3. Firewall at perimeter and endpoints blocking inbound and outbound (separate services).
  4. Content filtering at endpoints and perimeter (separate services).
  5. Geo-IP filtering at perimeter.
  6. End-user security training.
  7. Quarterly phishing tests.
  8. Block malicious attachments (bat, scr, exe, etc).
  9. Require admin review of all ZIP attachments.
  10. Software restriction policy white listing.
  11. Windows shadow copies.
  12. Block-level snapshot’s of shared drives.
  13. Daily backups that are secured from end users.
  14. Offsite replication of critical storage and backups.
  15. Regular patching of apps and operating systems.
  16. Firmware updates of firewalls, storage and servers.
  17. Restricted admin rights.
  18. Restrict RDP and VPN access using AD permissions and IP blocking by valid login attempts.
  19. Strict password policies.
  20. Test, test and re-test.

The most important thing is to always remain vigilant, never open a suspicious email and be wary about the websites you visit.

Hopefully these user tips will prove useful to you. If you have any other tips you’d like to share, please leave a comment below.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.