Rise of Mobile Security Threats

Mobile security threats

Cyber criminals are stepping ahead with variations in their weapons to launch attacks on mobile devices. Even a decade ago, mobile malware was a very unlikely threat. Today, all mobile devices, irrespective of manufacturers, are under the threat radar and no one is immune. According to a detailed report by Dimensional Research, around 20% mobile devices have been breached. Almost 94% users expect that the frequency of mobile attacks are going to increase.

Apple and Android have already started to work on creating more robust and secured operating systems. On the other hand, malicious actors continue to come up with newer malware variants. Till now, app security is not a top priority in app design and the proliferation of BYOD policy is alluring the criminals to chalk out newer plans for mobile attacks in the organization. According to Forrester’s annual security survey, almost 68% employees are using their own smart phones at work and 69% use their own tablets. Thus, mobile attacks become too obvious and easy for hackers to get access of enterprise data.

Researchers have identified some new security threats to mobile devices that can impact the business. eScan highlights them below:

Infecting mobile device with spyware

Today mobile devices are used by employees in almost every aspect of their lives. Due to the close proximity of corporate network, the criminals are continuously looking for innovative ways to infect mobile devices with spy-ware. This has been successful on both iOS and Android devices.

Last year, the arise of Pegasus spy-ware hacked iPads and iPhones to steal data about and conduct surveillance on the victim. Researchers also discovered few iOS vulnerabilities that were exploited to attack Apple’s strong security environment. However, Apple quickly fixed all three Trident iOS vulnerabilities.

In April 2017, malware authors came again with the Android version of Pegasus spy-ware which apparently seemed to be a normal app. It secretly gained root access to any Android device to scrutinize the user broadly. Since then, Google has re-enforced security measures, including Play Protect security within the Play Store.

Converting mobile device into botnets

New malware can convert mobile devices into a botnet which is managed by the criminals keeping it secret from the owners. Just a year ago, the first mobile botnet namely Viking Horde targeting Android devices was revealed. It used to create a botnet on any rooted / non-rooted device which uses proxy IP addresses to disguise ad clicks and generate revenue for the hacker. After that, the researchers have identified few more mobile botnets, which infected millions of Android users.

Accessing mobile device with click fraud

This is a growing concern of mobile threat. Compromising any mobile device through ad and click malware is a smart way for a criminal to get access of the company network, mostly by sending a malicious SMS, with a link pursuing the user to download a malicious app. After that, the hackers get hold of the phone and can steal credentials to get official network. What is more alarming is that, it acts as an adware, but then spread to the entire botnet easily.

Update relevant apps and remove redundant apps

Employees need to check the status of their mobile apps regularly by updating them if required or deleting them if not. Security teams for both Android and iOS have been quietly removing huge number apps from their stores incessantly, though there is no official record of the same. The reasons behind them are mainly malware issues, copyright infringement or discovery of data leaking signs. The lack of transparency could impact the enterprise because there is more sensitive data at stake by infiltrating enterprise networks.

User behavior awareness and training should be continued to evolve with the newer threats, mobile researchers say. In order to reduce risk, through encryption and visibility into all devices, access to the enterprise network has been reduced significantly.

Posted in eScan 11, eScan 14, Security | Tagged , , , , , , , , | Leave a comment

Ransomware attack targets top sectors

Ransomware Attack Targets

Ransomware Attack Targets

Today any enterprise, big or small, is vulnerable to ransomware attack. The possibility of a it depends upon how attractive and important data your organization possess. Also, it is important how quickly you respond to any ransom demand. It is very critical on how vigorously enterprises keep their employees trained about phishing emails and other security factors.

With most of the security organizations stating that ransomware is the “biggest threat of our time,” it’s been very important to protect the respective organizations. What it seems to be the conventional sectors of ransomware targets, can surprise you with an attack in unconventional or unexpected way. Thus taking serious means to protect data should be the best practice for any organization irrespective of size and industry.

Ransomware attack targets top sectors

In today’s scenario, there are several sectors where ransomware attack is speculated. Some of them are discussed below:

Education

The number of ransomware attacks have doubled in academic organizations, especially colleges and universities. In fact, a study from BitSight Insights showed educational sector as the top target, with at least 1 in 10 institutions experiencing a ransomware attack. The obvious reasons behind choosing this sector are small/ no IT teams, budget constraints and too much of network file sharing. These organizations are so vulnerable to cyber attacks because of the social security number of the students and financial data of the teachers, professors or even non-teaching staffs. In a recent instance during June 2017, University College London became a major ransomware victim with the shared drives and student management system being compromised.

Government

The incidents of ransomware attacks in Government sector have tripled from 2015 to the end of 2016, making it a prime target for the hackers. A recent incident in May 2017 saw more than 120 computers linked to the Gujarat State Wide Area Network (GSWAN) were affected by WannaCry ransomware. The government organizations, specially data centers are targeted mostly because of the services offered like police protection, important identity details (like PAN No., Aadhar No. etc.) or financial details from Government authorized banks and insurance companies. Thus the hackers are always eager to keep their eyes on this sector.

Health care, energy/ utilities

Today, ransomware attack can cancel X-ray sessions, postpone operation appointments, disrupt MRI scanner or even stop ECG tests. Thus hospitals are forced to take immediate action so that medical treatment is not delayed and patients’ data is kept safe. One such incident was the Hollywood Presbyterian Medical Center, which paid a ransom amount of $17,000 in 2016 to hackers who had locked some of the hospital’s critical data. Recently, United Kingdom’s National Health Service (NHS) was affected by WannaCry attack in May 2017. The hackers normally pose as job applicants, expecting HR people to open their emails and they successfully spread the ransomware at ease.

Retail

In 2016, almost 19% of the total ransomware attacks happened in retail sector, which is almost 167 times higher than 2015. The hackers know that a minute of downtime can cost millions to these retail organizations. Thus, they execute DOS (denial of service) attacks during key hours to demand hefty ransoms. They either threaten operations person or target customers’ financial data. This information flows in abundance across the retail organization network.

Finance

The motif for any data breach involves monetary benefits, thus banks become the most obvious targets for cyber criminals inspite of those organizations spending hefty amounts on security measures. Although we are yet to observe a ransomware attack on banking infrastructure, however the infamous Bangladesh bank heist in 2016 is the most relevant example to showcase the need for stringent security measures. The incident created ripples among security personals of most of the International banks worldwide and forced them to re-evaluate the security of the respective banking infrastructure.

Emerging ransomware threats

Any organization that has critical data is always a prime target for ransomware attack. The extent of sensitivity of the data influences the chances of attack. The advanced variant of ransomware won’t just hold the data back but also threaten the victim to publish the data online if the ransom is not paid. Law firms, technology companies, financial firms (both Govt. & non-Govt.) are attractive targets in this scenario. The companies mostly end up paying the ransom because they can not afford to leak their data under any circumstances.

Not only that, the hackers might even block the victim’s ability to access the data and put it for sale to the online bidders. The amount of pressure created on the victims citing the advantage of numerous competitors in the industry forces the victims to pay heed to the culprit’s demands.

Minimize ransomware threats

 Almost 93% phishing emails are ransomware, which continue to be one of the most common medium of attack. Thus email scanning rules should be kept updated regularly and the employees should be trained with adequate security measures. Identification of suspicious emails and links is highly important.

 Admin credentials are another factors for network security. If any employee has access to the sensitive official network, like admin credentials, and forgets to log out at any given point, then ransomware will have an easier access to the important files.

 As always said, regular updates of the patches of eScan’s anti ransomware is crucial. It keeps an eye on the business network and endpoints continuously. The system encounters any suspicious activity, it alerts the user/ employee for an immediate action and prevents any further damage.

 Well-protected back-ups in any scenario of ransomware attack can help big. Most of the organizations end up loosing big chunk of critical data or pay the ransom amount, which does nothing but encourages more ransomware attacks.

Posted in eScan 11, eScan 14, Security | Tagged , , , , , | Leave a comment

Things to consider with your health care device security

Heath care device security

Heath care device security

The advancements coming in the technological arena are making its way to the health care industry. The health care professionals are now expecting a steep increase in the demand for advanced security measures to protect health care data. These devices curate large amount of sensitive data every day either by facility-based devices or home devices. Thus it demands more security measures within the health care industry.

Among all the newest technologies, the most important is adoption of IoT devices hitting the market equipped with Internet capabilities. This trend of Internet of Things (IoT) will continue to grow in the health care industry.

About IoT and its influence

The connection of multiple devices to the Internet allows the health care devices to communicate with the medical staff, doctors and patients to make life easier. It is important for health care professionals whose work save lots of lives every day. This technology trend is expected to have huge impacts on how patients, medical staffs and other medical centers interact with the rest of the world. IoT solutions are expected to evolve and change the face of medical industry in the coming years. Nevertheless, before health care industry can involve itself into the world of IoT devices, they need to evaluate the advantages and disadvantages that can come with this technological investment.

Some IoT devices are used for more convenience of medical facility management, while others are used for patient care. The health care industry is still exercising on protecting private information. Here are some strengths and shortcomings that the health care industry should think about before adopting IoT solutions:

Role of IoT in Health care device security

eScan team explores few possibilities of health care device security breaches that can happen due to IoT adoptions in many health care organizations. Here is a glimpse of few of them

Convenient features

Investment in health care IoT solutions eases the workload more efficiently. In order to organize files, working on diagnosis of patients or even ordering coffee from coffee machine, IoT devices can save lots of facility time spent everyday. The medical staffs might no more require to do the monotonous task of ordering the medicine, other supplies and even keeping a track of the inventory. Adopting IoT solutions can maintain the quality of health care facility service and desired uniformity in the tasks.

Compatibility issues

There might be compatibility challenges between the medical devices and IoT solutions after the purchase of IoT capable devices from different manufacturers. Till the time an International Standard of compatibility is established, health care industry may choose to purchase IoT products from a single manufacturer to avoid these compatibility issues.

Personalization capacities

IoT devices have the ability to customize all medical data that is generated every day in the health care industry. Health care professionals have the chance to personalize the accumulated data because IoT devices are able to communicate with each other. It is easier since it creates an overall environment of consistency in the medical facilities.

Security threats

After evaluating the advantages and disadvantages in the above discussed IoT technology, the main risk lies in the vulnerability of the devices towards security threats. Now these devices can track almost everything like the number of footsteps taken or even the effects of stress. With lots of health care devices connected to the Internet and continuously creating data and storing the personal information, there are many loopholes available for the hackers to get access to the information and the health care facility might suffer a security breach.

The time is not far when Ransomware attack can cancel X-ray sessions, postpone operation appointments, disrupt MRI scanner or even stop ECG tests. Thus hospitals are forced to take immediate action so that medical treatment is not delayed and patients’ data is kept safe. As the health care industry is gearing up to invest in IoT Technology, it is important to facilitate the search for devices that have integrated security systems and can prevent data breach.

More read on Internet of Things (IoT) Devices Could Put Users And Their Data At Risk

Posted in eScan 11, eScan 14, Security | Tagged , , , , , , , , | Leave a comment

Petya Ransomware Advisory

Petya-Advisory

Petya – Dos&Don’ts

Petya Ransomware also known as Petrwrap or GoldenEye affects Microsoft Windows based systems and encrypts the data MBR / NTFS in the system using SMB exploits which are not updated with the latest software patch updates. This ransomware outbreak although is smaller than the previous WannaCry attack, it had a considerable impact in Europe primarily Ukraine, Russia, UK, India etc.

How can it impact you?

The recent attack by Petya ransomware is another warning to enterprises about the possible catastrophe due to vulnerabilities in their networks or IT infrastructure. Petya Ransomware is spreading fast with Ukraine being the worst hit country in last couple of days. It uses the same exploit, which WannaCry had used to propagate itself and has created havoc in the recent past. The exploit has been provided with a patch by Microsoft way back in March 2017, but many organizations missed updating their OS and systems.

Eternal Blue was the exploit which was used by WannaCry and it uses the SMB protocol vulnerability to propagate throughout the network. However, Petya Ransomware not just encrypts the files but after encrypting them, tries to encrypt the MBR too, effectively rendering the infected systems un-bootable.

According to our findings, Petya was pushed through an update for MeDoc a financial software widely used by organizations in Ukraine.

How does eScan protect against Ransomware attacks:

eScan’s Proactive Behavioral Analysis Engine (PBAE) monitors the activity of all processes on the Local Machine and when it encounters any activity or behavior that matches to Ransomware, a red flag is raised and the process is blocked. In case, if an infected system tries to access network share of a protected system and encrypt/modify files residing on that system, PBAE will immediately terminate the network session.

Along with Petya, PBAE technology is also successfully blocking Ransomware attacks such as WannaCry, Locky, Zepto, Crysis, Cerber3 and many more. It does so, by analyzing the data collected through our Cloud (ESN) network, we are able to successfully detect and mitigate thousands of Ransomware attacks on all systems protected by eScan.

eScan’s Active Virus Control (AVC) also proactively protects the system from infection, when it is being executed in real-time. It’s not just the PBAE but also the AVC which identifies and blocks the execution of malware / Trojans, including all types and variants of Ransomware.

Prevention Measures:

Posted in eScan 11, eScan 14, MailScan, Security | Tagged , , , , , , , , , | Comments Off on Petya Ransomware Advisory