Endpoint Security issues are no more a challenge for business continuity – eScan

eScan Endpoint Protection

With the growing digitization of businesses, the challenges for CISOs are growing manifold. The emergence of sophisticated cyber threats is one of the key concerns for the protection of network perimeters. According to Gartner, “Cyber-attacks on the corporate sector have risen since 2016 by 40%. There is a rise in the number of Unknown vector attacks in the enterprises in the year 2016 by 25%.” With more than 400 million malware reported in 2016 and the growth of approx. 50% YoY, the malware are getting stealthier to track and contain in time. Keeping the growing trends of the threat landscape, eScan’s R&D team has developed the state of the art solutions to protect endpoints in real time and giving complete control to the network administrators.

eScan has launched Endpoint Protection (EPP) solutions for enterprises to secure the endpoints from possible compromises. eScan’s EPP solutions provide unified endpoint management to provide proactive security solutions that can efficiently manage and secure the protection of the endpoints. These solutions resolve the key challenges for CISOs i.e. to keep the network safe from compromised endpoints and allow endpoints to access the network at the same time.

eScan’s Endpoint Protection has been designed keeping in mind the advance level of threats anticipated. One of the major concerns being Ransomware attacks by means of phishing attacks, which are hard to detect. By 2020 Gartner predicts, that there will be more than 21 billion connected sensors and endpoints in the enterprise network. eScan’s Endpoint protection solutions include an AI based ‘PBAE Technology’ to monitor the behavior of any suspicious files and stops it from spreading in the network by either isolating it or quarantining it and then alerts the network admin.

Key features of eScan’s EPP solutions with mobile device management and hybrid network support include the following:

  • Enhanced and unified endpoint security:eScan’s EPP provides a client that is administered via a centralized management console on to the endpoints with Windows, Mac, Linux, and Android Platforms in the network. This simplifies security administration and provides operational efficiencies such as centralized deployment, reporting and licensing module.
  • Security Information and Event Management:It is equipped with tools to capture live events from managed endpoints and publish it on the eScan management console. These events are automatically categorized on the basis of event severity, computer selection, asset changes or policy violation.
  • Anti Ransomware solutions with PBAE technology:eScan’s EPP solutions now boast of the latest technological advancement PBAE Technology (Proactive Behavioral Analysis Engine) that blocks ransomware attacks and keeps enterprise networks safe and secure.
  • Data Leak Prevention:eScan empowers Enterprises with advanced features for identifying, tracking, and securing all confidential data at rest, in use, and in motion thus minimizing the risk of data loss with its advanced features for Application and Device control as well as Data leak prevention at Endpoint, Network or Mail Gateway level.
  • Malware Threat Defense and Remediation:eScan is equipped with advanced technologies and feature to tackle and eliminate threats originating and spreading through the internet. It provides administrator with unified threat management and control solution to secure and manage endpoints connected to the network

eScan’s EPP solutions are based on advanced proactive scanning technologies that can efficiently secure and manage endpoints against evolving threats.

An important feature of eScan’s EPP solution is SIEM (Security Information and Event Management) that provides real-time capturing of security events generated for any hardware changes and software applications installed/uninstalled/upgraded. It facilitates real-time monitoring, correlating captured events, notifications and console views. It also provides long-term storage, analysis, and reporting of incidents (log data).

The security events are automatically categorized on the basis of event severity, endpoints, asset changes or policy violation. The core capabilities of SIEM technology are event collection and the ability to correlate and analyze them across various sources. Gartner reports predict, by 2018, 80% of endpoint protection platforms will include user activity monitoring and forensic capabilities, up from less than 5% in 2013.

eScan’s EPP provides the administrator a unified threat management for monitoring and controlling endpoints connected to the network with its technologies based on Proactive Detection using Intelligent Sandboxing, Active Monitoring and Continuous Process review.
Continue reading

Posted in eScan 11, eScan 14, MailScan, Security | Tagged , , , , , , , , , , , , , | Leave a comment

New Ransomware allows encryption of files

WYSIWYE Ransomware

A unique ransomware named WYSIWYE (What You See Is What You Encrypt) has been detected recently where the conventional ransomware techniques differ. The cyber-criminals deploy this malware to get access to the victims’ computers and then execute the equivalent malware to start encryption automatically and give the ransom message.

After analysis of a recent intrusion incident, it is seen that the malware allows the attackers to customize the interface to more user-friendly manner before launching. With this customization, the attacker cautiously selects the computer whose information would be encrypted, choose files and then self-delete them once the encryption is completed.

Generally configuration of ransomware is standard everywhere. WYSIWYE ransomware is designed for more custom attacks, especially in business networks. In these attacks, the attackers gain access to various corporate networks after a severe attack against the remote desktop connection. The attackers then manually release the ransomware, run it and then configure in numerous ways depending on the nature of the victim, deciding minutely on what they wish to encrypt.

This actually indicates how the cyber-criminals are coming up with newer ways of attacks. While we still see the typical automated attacks, it is quite visible that the amount of hacking attacks in corporate networks are adapting every now and then. The cyber-criminals are fighting against all possible defenses, bypassing one by one and changing tactics every time they are blocked.

The users, who wish to avoid being victims to this new attack, can follow some advice:
• This ransomware attack happens through Remote Desktop Protocol (RDP), so it should be avoided in the corporate network. Even if it is required, there should be a VPN setup so that the users can first access the internal network and later use the RDP.
• Always change the default port and block each connection in the corporate firewall to the port.

Posted in eScan 11, eScan 14, MailScan, Security | Tagged , , , , , | Leave a comment

eScan warns about Kelihos

Kelihos Botnet
Kelihos botnet was first discovered in 2010 and since then it has been taken-down by various entities a number of times, however it has always managed to surfaced back.

Kelihos is a spam-bot which has a very unique hybrid peer-to-peer structure, wherein all the bots communicate with the Command and Control Servers by routing the requests through other nodes in the botnet and they themselves have the capability to function as a Command and Control Server. Under normal circumstances, a botnet is rendered useless by taking down the Command and Control Server, however, Kelihos, mitigates the risks associated with such take-downs due to its inherent design structure.

A bit about Kelihos:

The root of all Kelihos begins with a spam campaign containing the malware links which trigger the download of a Trojan horse. During its initial days, Kelihos was used for initiating Denial of Service attacks and for sending spams. Later on it also started stealing bitcoins and bitcoin mining. The later versions of Kelihos propagated through Social Networking Sites viz. Facebook.

For the success of any Trojan / Exploit Kit / Botnet, it is imperative for the creators to provide regular updates to their Malware, so as to ensure that they stay ahead of their competitors and the security researchers.

Similar to Ransomware, Malware viz. info stealers, bots, Trojans have a very huge market in the Darkweb and the competition is very tough, since the objective is to ensure that

1: Resiliance – should be able to overcome the take-down and detection by various Security Products.

2: Should be better than their competitors viz. the features and the pricing.

Malwares, be it of any category, are taken-down on regular basis so as to either render it non-functional or to put an end to an on-going campaign. However, it is very rare when the creators / authors of these malwares are apprehended. Way back in December 2013, Paunch – the creator of the infamous Black-Hole Exploit Kit (BHEK) was arrested, which resulted in ensuring that BHEK will never get updated with the latest vulnerabilities.

A couple of days back, the creator of Kelihos, who incidentally is a Russian National, was arrested in Spain and Court Proceedings were initiated against him in the US Courts. The US Government also initiated a take-down of the botnet, which requires the authorities to implement peer-poisoning so as to effectively pull down the entire botnet.

When we take a look at the history, it has been observed that a take-down is successful only after the arrest of the creator. And as of this moment we too expect the same with Kelihos. However, the entire process of arresting the creator is fraught with cross-border legalities, since the jurisdiction of the crime is diversified and the perpetrator might be residing in a different country. In these scenarios, the Law Enforcement Agencies have a crucial role to play since; they have to interact with their counter-parts who are governed by different set of Laws.

For ages, since the advent of Internet and the subsequent rise of cyber-crime, every country has adopted Cyber-Laws in some form or the other and these Laws are applicable for their respective states. However, when cases are International in nature, the only factor which plays an important role in apprehending the perpetrators is the relationship between the two countries vis-à-vis the treaties related to tackling such cases.

Criminals are well aware of these facts and have always tried maintaining their anonymity and most of the times try to operate from countries from where the victim countries would find it impossible to conduct any tangible action.

As most of the cross-border arrests of High Profile Cyber-Criminals have been done by US and many a times, US Law Enforcement has lured the perpetrators to fall into their traps. However, when the perpetrators are state-sponsored then there is nothing that anyone can do.

As long as, borders exist, cyber-criminals would reap huge benefits.

Posted in eScan 11, eScan 14, MailScan, Security | Tagged , , , , , , , , , | Leave a comment

Banks are boosting investment in cyber security

Banks boost investment cyber security

Banking, Financial services and Insurance (BFSI) sector are gearing up to beef up security systems, since the rise of mobile banking trends are putting IT infrastructure at growing risk.

Security investment is now a high priority for retail banking sector. Currently 64% of banks agree to the growing investment on improved and stronger IT security irrespective of the size of the organizations, their top management and even their customer database. Inspite of banks putting tremendous efforts to safeguard their perimeters against common and evolving cyber-threats, protecting IT infrastructure, ATMs and POS (Point of Sale) terminals have still become challenging. The fast and vast threat landscape, along with the newer challenges of improved security habits of customers, is forcing the criminals to search for vulnerable points.

Emerging risks:

Emerging risks on mobile banking are exposing the banks to newer and emerging threats. 42% of banks predict that most of the customers will use mobile banking in next three years. At the same time, the customers might be casual in their online behavior leading to open avenues for cyber criminals. 46% banks admitted that the customers are frequently victimized with phishing or debit/ credit card frauds leading to huge amount of financial loss.

Rising incidents of phishing are forcing the banks to reassess and restructure their security strategies. 61% of respondents see improvement in the security of apps and websites with introduction of more complex authentication mechanisms and multi-level verification of log-in details.

Persistent threats

The detection of unnatural and potentially malicious activities with the combination of legitimate tools and malware requires an advanced and extended mode. Till today, 59% of financial organizations are in the process of embracing multiple threat preventive measures which help in quick identification and mitigation of major emerging threats. ATM is another vulnerable device considered by banks. Sharing more third party intelligence, in this respect, could help banks prepare for unexpected threats.

ATM protection: Highly vulnerable

Banks have the tendency to show less concern regarding the threat of monetary loss due to ATM attacks. Only 19% banks are worried with attacks on ATM machines, inspite of the growing malware targeting this part of a banks’ infrastructure. This is expected to rise in the coming days if necessary mechanisms are not adopted in time.

According to eScan, a timely reminder of the growing threats faced by financial institutions can save numerous fraudulences. The users or customers need to be equally alert about these concerns. There are several guidelines which can change the scenario:

1) Never disclose/ write your login details anywhere
2) To do any online transaction, never hand over your smart phone to strangers like restaurant staff, supermarket attendant, mall employee, fuel station staff etc.
3) Ensure that you have installed a reputed mobile antivirus and regularly scan your smartphone for the presence of any suspicious app or detect and mitigate any suspicious activity.
4) Lastly, there has to be a regular supervision of your banking statements so that the discrepancies (if any) can be informed to the concerned bank.

Posted in eScan 11, eScan 14, MailScan, Security | Tagged , , , , , | 2 Comments