508-909-5961 [email protected]

Nyetya ransomware: what you need to know

Nyetya, a variant of the Petya ransomware, is spreading across businesses all over the world. Although it shares the same qualities as WannaCry -- a ransomware deemed ‘one of the worst in history’ -- many cyber security experts are calling it a more virulent strain of malware that could cause greater damage to both small and large organizations.

The post Nyetya ransomware: what you need to know appeared first on Complete Technology Resources, Inc..

Nyetya ransomware: what you need to know

Nyetya, a variant of the Petya ransomware, is spreading across businesses all over the world. Although it shares the same qualities as WannaCry -- a ransomware deemed ‘one of the worst in history’ -- many cyber security experts are calling it a more virulent strain of malware that could cause greater damage to both small and large organizations. Here’s everything we know about it so far.

Worse than WannaCry

Nyetya is deemed worse than WannaCry mainly because it spreads laterally, meaning it targets computers within networks and affects even systems that have been patched. Because it also spreads internally, it needs to infect only one device to affect several others within a single network.

Cyber researchers trace its origins to a tax accounting software called MEDoc, which infected 12,500 systems in Ukraine. Since the initial infections in June, it has spread to thousands of networks in 64 countries. And although it hasn’t spread as fast as WannaCry, it might have a wider reach soon because it uses three attack pathways to infect a system. It hasn’t made as much money as WannaCry, which is why cyber researchers are concluding that the attacks are not economically motivated.

Don’t pay the ransom

Cyber security firms and researchers strongly recommend affected businesses to avoid paying the ransom. According to them, paying the ransom would be a waste since the infected user won’t be able to receive a decryption key to unlock their files or systems. This is because the email provider has blocked the email address on the ransomware message.

Although it operates like a ransomware -- locking hard drives and files and demands a $300 ransom in Bitcoin -- it functions more as a wiperware that aims to permanently wipe out data and/or destroy systems. So far, it has affected big-name multinationals in various industries, including Merck, Mondelez International, and AP Moller-Maersk, among others.

Perform backups and update outdated security patches

The only way businesses can be protected is by performing backups and staying on top of patch updates.

It’s safe to say that in case of a Nyetya attack, there’s no chance of getting back your data. In such a scenario, you would have only your backup files -- whether on an external storage or in the cloud -- to fall back on. But backing up is not enough; you should also ensure that your backups are working, which you can do by testing them regularly. Given the nature of Nyetya, you should also make sure that your backups are stored off-site and disconnected from your network.

Like its predecessor, Nyetya exploited vulnerabilities in unpatched Microsoft-run computers. As a business owner, make it a part of your cyber security routine to update your systems with the latest security patches, or risk having your files or systems permanently corrupted.

As a business owner whose operations’ lifeline depends on critical files, your backups are your insurance. If your systems’ network security needs another layer of protection, get in touch with us today.

Published with permission from TechAdvisory.org. Source.

The post Nyetya ransomware: what you need to know appeared first on Complete Technology Resources, Inc..

Read More

Microsoft issues security patch for XP

When a Microsoft product reaches its “end-of-life,” the tech developer no longer provides feature updates, technical assistance, and automatic fixes for that product. Support for Windows XP, for instance, ended in April 2014. That said, recent malware attacks have caused Microsoft to continue support for their outdated operating system.

The post Microsoft issues security patch for XP appeared first on Complete Technology Resources, Inc..

Microsoft issues security patch for XP

When a Microsoft product reaches its “end-of-life,” the tech developer no longer provides feature updates, technical assistance, and automatic fixes for that product. Support for Windows XP, for instance, ended in April 2014. That said, recent malware attacks have caused Microsoft to continue support for their outdated operating system. Read on to find out more.

More WannaCry copycats
The primary reason why Microsoft reassessed their update policy for Windows XP was due to the success of WannaCry, a ransomware worm that encrypted hundreds of thousands of computers worldwide. Even though the attack did not affect XP computers, Microsoft anticipates increased risk of similar attacks for the outdated OS being developed in the near future.

According to Microsoft’s Head of Cyber Defense Operations Center Adrienne Hall, cyberattacks by government organizations and copycat hacking groups are imminent; and this time, they’ll improve upon WannaCry’s shortcomings. In fact, shortly after WannaCry was stopped on May 12th, other strains with more sophisticated code popped up seeking to exploit the same weaknesses.

NSA leaks
Many security experts also suspect that Microsoft is releasing security fixes for outdated systems because of leaked NSA hacking tools. Over the years, the NSA’s ‘hacking’ department, Equation Group, has been storing cyber exploits in its arsenal. But a group known as the Shadow Brokers found these exploits and publicly disclosed them, which led to the WannaCry outbreak.

Right now, the Shadow Brokers are promising to leak more NSA exploit tools to hackers in the Dark Web who are willing to pay $10,000.

The update
Since a significant portion of businesses are still working with XP, Microsoft believes that their recent security update is the best way to protect all Windows users. The new patch fixes 16 critical vulnerabilities, many of which seem to defend against the exploits leaked by the Shadow Brokers.

Windows 10 users can find the critical update in the Microsoft Download Center. Alternatively, they can simply check for updates in Windows Update, which can be found in the Settings menu. But to install the update for unsupported operating systems, users should visit Microsoft’s security advisory page for tips and download links.

Although Microsoft has extended support for Windows XP, don’t expect regular fixes for outdated systems. As always, the best protection is to use an up-to-date system that’s equipped with the latest security patches.

“Older systems, even if fully updated, lack the latest security features,” said Hall.

If you’re unsure about your Windows security, what operating system you’re running, or how to protect your company workstations, give us a call. Our certified and experienced experts will help keep your business safe from WannaCry and future malware attacks.

Published with permission from TechAdvisory.org. Source.

The post Microsoft issues security patch for XP appeared first on Complete Technology Resources, Inc..

Read More

Mobile security threats in Android

Employees today are working under tight timelines, but thanks to bring your own device policies (BYOD), they can access critical files and applications using their mobile device and get work done from anywhere. But BYOD can be a double-edged sword to those not vigilant about cyber attacks.

The post Mobile security threats in Android appeared first on Complete Technology Resources, Inc..

Mobile security threats in Android

Employees today are working under tight timelines, but thanks to bring your own device policies (BYOD), they can access critical files and applications using their mobile device and get work done from anywhere. But BYOD can be a double-edged sword to those not vigilant about cyber attacks. If you’re using an Android device, here are five security threats you need to know about.

Unsafe devices

Sometimes, the device itself might not be safe due to faulty production or configuration. In fact, Checkpoint found 36 Android devices earlier this year at a telecommunications company and multinational technology company that were infected out of the box. This means that the infection was not caused by users, but the malware was pre-installed via apps somewhere along the supply chain before users even received them.

Malicious apps

Judy is an Android app, and although it sounds completely harmless, this software is actually designed to infect a device and activate an auto-clicking command used for malicious advertising campaigns. Believe it or not, this malware got 18.5 million downloads.

Information leakage from useful apps

Many applications are installed for legitimate uses. But don’t let that fool you, as these apps can be used to extract confidential information such as contact information from your mobile device. According to recent research, 0.3 percent of the 20 million Android transactions resulted in some level of privacy leakage. This is primarily due to cybercriminals tapping into an organization's network traffic, which requires skills but isn’t impossible to do.

Banking malware

This is when cybercriminals use phishing windows to overlap banking apps so that they can steal credentials from mobile banking customers. But that’s not all, as cybercriminals can overlap other apps and steal credit card details, incoming mobile transaction authentication number, and even redirect calls. Even worse, file-encrypting features now allow them to simultaneously steal information and lock user files.

One such banking malware that Android users need to look out for is Faketoken. According to Kaspersky Lab, Faketoken is designed to generate fake login screens for more than 2,000 financial applications in order to steal login credentials. The app also displays phishing pages to steal credit card information, can read and send text messages, and even has the ability to encrypt user files stored on a phone’s SD card.

Ransomware

Ransomware is a type of malware that blocks a device and demands for a payment in order for the device to be unlocked. The latest ransomware, WannaCry, spread like a wildfire and greatly affected the global healthcare industry. Ransomware continues to be a cyberciminal’s weapon of choice and attacks targeting Android devices have increased by over 50 percent.

If you think ransomware is bad enough, ransomworms can be your worst nightmare. Basically, it’s ransomware attached to a network that copies itself to every computer on a local network it could reach  with no warning whatsoever.

All this sounds horrific, but the worst is yet to come if you don’t act fast. Having said that, we’ve rounded up some security best-practices that will help keep your Android devices secure:

  • Enforce device passcode authentication
  • Monitor mobile device access and use
  • Patch mobile devices quickly
  • Forbid unapproved third-party application stores
  • Control physical access to devices
  • Conduct application security assessment to ensure compliance
  • Implement an incident response plan for lost or stolen mobile devices

While it’s easy to turn a blind eye against cyber threats, the question is are you willing to take that chance? If you’re looking for an advanced security solution to keep your Android device safe, give us a call and we’ll be happy to help.

Published with permission from TechAdvisory.org. Source.

The post Mobile security threats in Android appeared first on Complete Technology Resources, Inc..

Read More

How did WannaCry spread so far?

By now, you must have heard of the WannaCry ransomware. It ranks as one of the most effective pieces of malware in the internet’s history, and it has everyone worried about what’s coming next. To guard yourself, the best place to start is with a better understanding of what made WannaCry different.

The post How did WannaCry spread so far? appeared first on Complete Technology Resources, Inc..

How did WannaCry spread so far?

By now, you must have heard of the WannaCry ransomware. It ranks as one of the most effective pieces of malware in the internet’s history, and it has everyone worried about what’s coming next. To guard yourself, the best place to start is with a better understanding of what made WannaCry different.

Ransomware review

Ransomware is a specific type of malware program that either encrypts or steals valuable data and threatens to erase it or release it publicly unless a ransom is paid. We’ve been writing about this terrifying threat for years, but the true genesis of ransomware dates all the way back to 1989.

This form of digital extortion has enjoyed peaks and troughs in popularity since then, but never has it been as dangerous as it is now. In 2015, the FBI reported a huge spike in the popularity of ransomware, and healthcare providers became common targets because of the private and time-sensitive nature of their hosted data.

The trend got even worse, and by the end of 2016 ransomware had become a $1 billion-a-year industry.

The WannaCry ransomware

Although the vast majority of ransomware programs rely on convincing users to click compromised links in emails, the WannaCry version seems to have spread via more technical security gaps. It’s still too early to be sure, but the security experts at Malwarebytes Labs believe that the reports of WannaCry being transmitted through phishing emails is simply a matter of confusion. Thousands of other ransomware versions are spread through spam email every day and distinguishing them can be difficult.

By combining a Windows vulnerability recently leaked from the National Security Agency’s cyber arsenal and some simple programming to hunt down servers that interact with public networks, WannaCry spread itself further than any malware campaign has in the last 15 years.

Despite infecting more than 200,000 computers in at least 150 countries, the cyberattackers have only made a fraction of what you would expect. Victims must pay the ransom in Bitcoins, a totally untraceable currency traded online. Inherent to the Bitcoin platform is a public ledger, meaning anyone can see that WannaCry’s coffers have collected a measly 1% of its victims payments.

How to protect yourself for what comes next

Part of the reason this ransomware failed to scare users into paying up is because it was so poorly made. Within a day of its release, the self-propagating portion of its programming was brought to a halt by an individual unsure of why it included a 42-character URL that led to an unregistered domain. Once he registered the web address for himself, WannaCry stopped spreading.

Unfortunately, that doesn’t help the thousands that were already infected. And it definitely doesn’t give you an excuse to ignore what cybersecurity experts are saying, “This is only the beginning.” WannaCry was so poorly written, it’s amazing it made it as far as it did. And considering it would’ve made hundreds of millions of dollars if it was created by more capable programmers, your organization needs to prepare for the next global cyberattack.

Every single day it should be your goal to complete the following:

  • Thorough reviews of reports from basic perimeter security solutions. Antivirus software, hardware firewalls, and intrusion prevention systems log hundreds of amateur attempts on your network security every day; critical vulnerabilities can be gleaned from these documents.
  • Check for updates and security patches for every single piece of software in your office, from accounting apps to operating systems. Computers with the latest updates from Microsoft were totally safe from WannaCry, which should be motivation to never again click “Remind me later.”
  • Social engineering and phishing may not have been factors this time around, but training employees to recognize suspicious links is a surefire strategy for avoiding the thousands of other malware strains that threaten your business.

Revisiting these strategies every single day may seem a bit much, but we’ve been in the industry long enough to know that it takes only one mistake to bring your operations to a halt. For daily monitoring and support, plus industry-leading cybersecurity advice, call us today.

Published with permission from TechAdvisory.org. Source.

The post How did WannaCry spread so far? appeared first on Complete Technology Resources, Inc..

Read More