Unbelievably it is the tenth anniversary of ‘Cyber Security Awareness Month’. The month in which we are all reminded that bad people may want to get their paws on our stuff by the US Department of Homeland Security, who have spend the previous eleven months getting their hands on our stuff.
Browser vulnerabilities and exploits continue apace and we really do urge all of our customers to use patched browsers, prioritise browser patching and implement Malware/Advanced Persistent Threat detection systems like Wildfire (Palo Alto), FireEye or Checkpoint’s Threat Emulation preferably triaged through an SIEM system like ITC’s NetSure360° powered by HP Arc sight.
Ransomware (honestly) is on the rise, predominately in the form of alleged “Microsoft Support Calls”. You receive a call stating that it is “Microsoft Support” on the line, and that they will help you resolve an issue with our computer as they were alerted that the machine is infected.
If your user falls for this, the “support agent” (complete with eye patch and a wooden leg) persuades them into installing a piece of software which historically would keep popping up requesting a subscription fee that most people would end up paying in the end just for the notifications to go away.
What is new is that the attackers now use ransomware and install this on the target. There are multiple types of this tool – one of them locks the screen of the computer, the other one encrypts/locks your files until the “ransom” is paid.
Known variants include: Trojan:W32/Reveton, Trojan:W32/Ransom
You can find more information on this malware here:
http://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspx
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/ransomware-a-growing-menace.pdf
Proactive measures:
– Install and use up-to-date antivirus
– Install software updates regularly
– Don`t trust files, links from unknown sources or in suspicious emails/messages from trusted sources
– Use APT (Advanced Persistent Threat) Detection systems See above) , if possible, cloud-based so you can benefit from other users` experience using the same service
– Regularly backup your files and systems – some variants/components of ransomware can leave the system unusable even when removed
As we mentioned, we are in the Cyber Security Awareness Month. The official theme is “Our Shared Responsibility”. If you find this article useful, please share it with your colleagues, friends and family to help spread the word and share the responsibility in protecting against cyber attacks.
ITC are an experienced integrator of cloud-based malware sandboxing/APT detection (Palo Alto Wildfire) with SIEM (HP ArcSight).
ITC are also able to provide consultancy of modern Network Access Control solutions using ForeScout that can categorize the devices on your network and detect any unwanted software being installed on your network and if fully integrated with HP ArcSight, it can also take automatic action if an alert is received of an infected host.
Contact ITC at [email protected] to discuss our NetSure360° Security, Performance and Network Management platform.
