Endpoint Security

security-banner

Our top security updates in the news and on the web this week

1.10 tips to avoid Cyber Monday scams

Shoppers familiar with the Cyber Monday circus know they’re stepping into the lion’s den. The Internet has always been a lawless place. First posted on Malwarebytes.

For the original post and further information click here

2. More POS malware, just in time for Christmas

Threat researchers are warning of two pieces of point of sales malware that have gone largely undetected during years of retail wrecking and now appear likely to earn VXers a haul over the coming festive break. First posted on The Register.

For the original post and further information click here

3. Some simple security advice for computer and smartphone users

Demonstrated how easy it can be to compromise users computers and 'steal' very personal video and photos, here's some really simple advice to help prevent this happening. First posted on Pen Test partners.

For the original post and further information click here

4. CryptoWall Updates, New Families of Ransomware Found

The ransomware threat isn't just growing—it's expanding as well. There has been a recent surge of reports on updates for existing crypto-ransomware variants. First posted on Trend Micro.

For the original post and further information click here

ransomware-update

5. Blast from the Past: Blackhole Exploit Kit Resurfaces in Live Attacks

The year is 2015 and a threat actor is using the defunct Blackhole exploit kit in active drive-by download campaigns via compromised websites. First posted on Malwarebytes.

For the original post and further information click here

6. Another Day, Another HMRC Tax Phish…

We could all do with a bit of a tax refund right before the festive season, and wouldn’t you know it. First posted on Malwarebytes.

For the original post and further information click here

7. Diving into Linux. Encoder’s predecessor: a tale of blind reverse engineering 

Linux.Encoder.1 has earned a reputation as the worlds first Ransomware family tailored for Linux platforms. First posted on Bitdefender Labs.

For the original post and further information click here

If you have any security news that you would like to see on our blog please send it to us at bluesolutions, please include the link from the original article in the email.

BD Banner for blog

Originally published on the Bitdefender website

No matter how valiant the efforts to secure their systems, or the amount of money spent on IT defenses – many of the same IT security challenges persist today as they always have.

Enterprises are behind in their ability to quickly detect data breaches. According to the 2015 Verizon Data Breach Investigations Report, the vast majority of organizations don’t detect breaches with days of occurring, no – the time to detect compromise is still too often measured in weeks, or months. And, depending on the study, security breaches can cost $100 per record and up.

As the sheer number of breaches, their duration, and their costs reveal in the past few years, enterprises can clearly do much better. But it’s not a matter of a quick fix. It’s not a single product deployment, or hiring to fill a few positions. There are, however, key areas that organizations can focus upon to close the gap between the ease in which attackers can exploit enterprise weaknesses and the ability for enterprises to defend their systems and data.

Here we go:

1. The security program informs the regulatory compliance program, not vice versa

Too many organizations today remain focused on maintaining their baseline security controls. They check their regulatory compliance check boxes and move on. Firewall: check. Network monitoring: check. Network segmentation: Should be in place, check. What lacks is a focus is making sure each of these functions is done right.

This needs to be flipped around. Enterprises need to build rugged security programs and build the reporting on top of those programs to feed into their regulatory compliance efforts.

2. Hire and cultivate the right security talent

In my interviews with CIOs and CISOs it’s clear, across the board, enterprises are hurting when it comes to finding skilled information security professionals. If you know device security, enterprise security architecture, are a pen tester, can manage or build a security program – you are not in want to job opportunities.

The challenge for enterprises is that technology and attack methods are moving so swiftly, that traditional education and corporate training programs don’t keep up. And, quite frankly, many HR departments in large enterprises don’t know how to hire well for information security positions. They rely too heavily on certifications and not enough of security problem solving skills. Traditional training doesn’t keep pace producing security skills needed with constant changes in mobility, cloud architectures, virtualization, containerization, Internet connected devices (IoT) and others.

Skilled security pros also tend to come from non-traditional backgrounds. They are liable to be the men and women with purple hair, lots of tattoos, and a scattered college history: but they know how to hack and many know how to help defend against hackers. But they are overlooked. This needs to change, and government and corporate enterprises need to rethink how they vet and view security talent. They need to consider training in-house talent that has an affinity to this field and wants to be trained.

3. Communicate in terms the business cares about

Today, too many security professionals think, and speak, in technical terms. Such as when they see a certain attack vector, they see a technical problem. And they are right, it is in fact a technical problem in most cases and can be remedied technically. But to business leaders and management it is a business risk. And business people want to understand things in business terms and business risks.

When most people suffer say, a car breakdown, they care more about losing the utility of the car than they care about the technical reason for the breakdown. When they ask technical questions about the nature of the mechanical failure, what is really going on in most people’s minds about the car is how the nature of that mechanical breakdown will impact the cost to fix. So that’s loss of utility and cost to get that utility back that matters to us most.

Business leaders, when it comes to IT, think no differently.
What is at stake with the risk, from a business perspective. How much will it cost to remedy. What is the cost of losing the utility? These are the terms more security people much speak in.

4. Shift some security focus to breach detection and response

With good reason, tens of billions of dollars have been invested by public agencies and private enterprise into traditional security defenses: the stuff geared to keep bad guys and things out. I’m not sure if enterprises have spent enough, or too much. That is certainly an interesting and debatable question. But I am sure we can’t count on it to work all of the time, every time.

Attackers are going to get through. There will be a misconfiguration they find, or there will be an employee who clicks on something they shouldn’t, or a trusted web site will serve malware and that breach will go undetected. Bad things are going to happen to enterprises that strive to protect themselves and do the right thing.

This is why more resources and effort needs to be focused on the ability to detect and respond to successful breaches. It makes sense to want to stop attacks. But like in American football, good defense wins games but it doesn’t win every game and even the best defenses are scored against.

Your information security defenses and efforts are no different.

Plan and put the resources in place to rapidly respond. It will mitigate the damage of successful breaches, and hopefully keep the costs of those breaches down, too.

5. Shift to data-driven security decisions

An important shift is one that has been widely talked about in security, but not always very pragmatically acted upon. Security pros need to stop working from a position of what they knew to work in the past, or their personal hunches, or providing the types of defenses the business thinks it needs.

To date, this hasn’t worked so well. We need to start making more data-driven decisions. If the business wants to invest in certain areas of security spending, perhaps that is the wisest move or perhaps it is not. Collecting the right data about the nature of the security controls in place, how well they are performing, as well as what has not been working well may provide better answers. Certainly the final decision about what spending will get done is up to the business, but by providing the right data you can help them make better decisions.

All the data needed is out there: the nature of the adversarial threats, the technical vulnerabilities, the value of the business data and services provided by critical applications, as well as the goings-on within the network and applications. It’s time this information be better collected, analyzed, and put to use to make the best data driven decisions possible.

 

Windows10

Article originally published on the Malwarebytes website

It’s that time again, a new operating system emerges from the Microsoft incubator! While many of you might not get to experience Windows 10 just yet or even in the foreseeable future, we want you to know that when you decide to use it, Malwarebytes has got your back.

The latest versions of our Malwarebytes products supports Windows 10! And that includes:

  • Malwarebytes Anti-Malware Free
  • Malwarebytes Anti-Malware Premium
  • Malwarebytes Anti-Exploit Free
  • Malwarebytes Anti-Exploit Premium
  • Malwarebytes Anti-Malware for Business
  • Malwarebytes Anti-Exploit for Business
  • Malwarebytes Anti-Malware Remediation Tool

So one of the first things you should do after setting up your new operating system is to download Malwarebytes Anti-Malware. Trust me, the cyber criminals won’t wait until everyone is comfortable with Windows 10 to start targeting folks using it.

To download the latest Malwarebytes Anti-Malware on your new Win 10 system, click here.

Find out more about Malwarebytes at www.bluesolutions.co.uk/malwarebytes/. Call our sales team today on 0118 9898 222 for a free trial or demo.

Malwarebytes Image

Originally published on the Malwarebytes Security Blog

May 6 marked the 15 year anniversary of the infamous ILOVEYOU (Love Letter) email virus. The virus is regarded as the first major virus spread by email.

ILOVEYOU reportedly infected tens of millions of computers worldwide, and cost billions of dollars in damage.

Once a machine was infected with ILOVEYOU, the virus scanned the Windows Address Book and subsequently sent copies of itself to every contact within the list. Using the public’s lack of email security to its advantage, the virus was able to masquerade as a legitimate attachment sent by a known acquaintance.

This simple social engineering tactic allowed the virus to propagate world-wide quickly and efficiently.

In the years since ILOVEYOU, we’ve all learned lots regarding email security and ‘best practices’ to use when downloading attachments. There have been numerous articles, write-ups, warnings, and suggestions advising users to be wary when opening attachments that come via email – even when from a trusted source.

Despite more than a decade and a half of these warnings, email is still a primary vector for the installation of malicious software.

The M3AAWG Email Metrics Report, released Q2 of 2014, indicates that over a three-month tracking period, a whopping 987 billion “abusive” emails were identified as being successfully delivered.

While this pales in comparison to the other 9+ trillion emails blocked by the mail providers, this number demonstrates just how successful  a vector email is for malicious actors to use to compromise their victims.

While the M3AAWG report doesn’t distinguish between emails with malicious attachments and other types of abusive emails such as phishing emails, it’s reasonable to assume that at least a significant percentage of the abusive emails did indeed contain a malicious attachment.

As indicated by the report, the vast majority of these messages are blocked by large email providers such as Microsoft and Google, but despite the best efforts of these companies, many messages still find their way through the filters.  Here is an example of a malicious email I received to my personal email account just the other day.

MalSpam1

The success of these malware campaigns relies in numbers. With an estimated 205 billion emails sent each day, it seems to be a herculean, if not almost impossible task to prevent each and every malicious email from being delivered.

We would all be quite peeved if that important document from our boss wasn’t delivered to our email box, or if that emergency change in insurance wasn’t received from HR.

The big email providers know this, so they are forced to tread lightly when determining if an attachment is malicious or not. The problem is malicious actors know this too.  So for them, it’s just a numbers game.

If one address gets blocked, use another. If one message is blocked, send one more – better yet, send a million more. And there in-lies the issue that we in the security field face when it comes to preventing you from seeing (and in the case of malware – blocking) this sort of garbage all together.

A small portion of over-all attempted deliveries and an even smaller percentage of successful installs is all that’s needed to claim success.

Malware authors utilise a dizzying array of tools, services, and botnets to facilitate delivery of malicious email. Email addresses are spoofed. The subject and body can be dynamically generated using unique information to help provide a sense of legitimacy to the email. Most attachments are randomized both in name and MD5’s to thwart detection.

Geo-location is used to send emails to users of a particular region, city, or post code. And the subject matter of emails constantly changes to play into the fears, desires, and dreams of every potential person.

MalSpam2

Attachments are not limited to .zips either. Attachments have been seen to arrive in .exe format (although rare with large email providers), .scr, .pdf, .com, .js, or a variety of others. Here we can see how some attachments attempt to appear legitimate.  Take notice of the large spaces between filenames and the .exe extension on a few of the attachments.

MalSpam3

Remember, it only takes a small portion of sent emails, and an even smaller percentage of those to be clicked, in order for a malware author to claim a particular spam-run successful.

The reality is, these people wouldn’t use email as an attack vector if it didn’t work – but it does.

The only reason it does is because a small percentage of us still click such attachments thinking there may be some legitimacy to the content.

Despite 15 years of warnings, billions of dollars in damages, and countless attacks attributed to email, we have yet to learn the dangers of downloading unsolicited attachments.

So for the sake of humanity (a bit dire, I know) please quit clicking attachments from people you don’t know, or from contacts where the content appears suspicious.

If there is a question if the email is legitimate, contact the sender and inquire.

If you didn’t order anything online, don’t click the Word document advising you of your recent purchase.

If you haven’t done so already, configure Windows to always show file extensions. That way, if you do download and extract a malicious attachment, you can hopefully see if any trickery is being played with spaces between the visible filename and the extension.

And most importantly, educate someone you know who would never read this (or any) security blog as to hopefully help them from succumbing to the ever-changing tactics of malware spam.

Blue Solutions is now a distributor for Malwarebytes- read the press release here. Call our team on 0118 9898 222 and they'll help with any questions or arrange a free trial.

Trend Micro Worry-Free Business Security 9

Complete user protection for SMB networks & mobile devices

Protecting data from the threat of spam, phishing and social engineering attacks helps businesses to safeguard their livelihoods.  Finding solutions that offer complete protection is never an easy task. The launch of Worry-Free Business Security 9.0 from Trend Micro provides customers with this complete protection...  Read More

On July 5, 2011 Symantec Endpoint Protection 11.x and Symantec Endpoint Protection Small Business Edition 12.0 reached End-of-Life and have currently been running in Limited Support. If you are still on these older product versions, we strongly encourage you to upgrade to version 12.1 free of charge as part of your maintenance/support subscription.

Running Mac OS X?

Upgrade to 12.1.4 with IPS and Antivirus for Mac OS X 10.9 (or lower), better   Mac management and all the protection and performance capabilities for your   Windows and Virtual Machines in a single solution.

Download   Here

Versions 11.x and 12.0 of Symantec Endpoint Protection will move to partial support on January 5, 2014 and End-of-Support-Life on January 5, 2015. Any customers on these product versions will stop receiving technical support, including fixes, patches, workarounds, maintenance packs, and content updates.

To ensure all Symantec Endpoint Protection customers maintain the most advanced protection available, this notification is sent to ALL customers on ANY version of Symantec Endpoint Protection. We encourage you to upgrade all Symantec Endpoint Protection clients in your environment and use the full protection technologies available in version 12.1.

Powered by Insight, Symantec Endpoint Protection 12.1 provides fast, powerful defense-in-depth security technologies for endpoints. It offers advanced defenses against known and unknown threats for both physical and virtual systems and is as easy to roll out as a standard Release Update.

Symantec recently released version 12.1.4 of Symantec Endpoint Protection, which includes support for Windows 8.1 and Mac OS X 10.9, Mac IPS and enhanced management. Upgrade today by downloading Symantec Endpoint Protection 12.1.4 from FileConnect.

For helpful tips, tricks and links for upgrading and optimizing Symantec Endpoint Protection 12.1, visit one of the following sites:

Still running version 11.x or 12.0? Visit: http://www.symantec.com/page.jsp?id=sep12-migration

Already using version 12.1? Visit: http://www.symantec.com/page.jsp?id=sep12-protection

End of Limited Support: On January 5, 2014, these products will transition from Limited Support to Partial Support. Our technical support engineers may provide you with known fixes/patches/workarounds, existing maintenance packs or information from our Technical Knowledge Base in response to requests for assistance. As a courtesy, Symantec will continue to provide content updates and definitions for versions 11.x and 12.0 during this time. For details, see here. Customers are encouraged to have COMPLETED, or be well on their way toward completing the migration of all clients to version 12.1. Best practices for migrating can be found here.

End of Support Life: January 5, 2015 marks the official end of the product life cycle for versions 11.x and 12.0 of Symantec Endpoint Protection. As of this date, Symantec will cease providing any and all levels of standard or partial support, including content updates and virus definitions, for these versions of the products.

Symantec Product

Version

End of Limited Support

End of Support Life

Symantec Endpoint Protection

11.x

January 5, 2014

January 5, 2015

Symantec Endpoint Protection Small Business Edition

12.0

January 5, 2014

January 5, 2015

Symantec Endpoint Protection 12.1 includes in-product licensing, allowing you to use the License Activation Wizard on the Symantec Endpoint Protection Manager (link available on the Home Page or from the Admin page) to activate your license(s). You will only need serial numbers to complete the process.

The following serial number(s) may be used to activate your product:

Product

Qty

Activation Serial   Number

SYMC   ENDPOINT PROTECTION 12.1 PER USER I/O BASIC 12 MONTHS

5

M1810543270


Additional Resources

For more information regarding the services provided through Support, please refer to the Symantec Enterprise Technical Support Policy at the link below or contact your Symantec Account Manager.

http://www.symantec.com/content/en/us/enterprise/other_resources/b-symantec-enterprise-technical-support-policy.en-us.pdf

We also recommend that you periodically check our website for End-of-Life and End-of-Support-Life information for your specific Licensed Software:

http://www.symantec.com/content/en/us/enterprise/other_resources/b-end_of_life_policy_for_business_products.en-us.pdf


How to get more information

Symantec is committed to helping customers achieve success with their Symantec solutions. If you have any questions regarding this notice, please contact your Symantec Partner or your Symantec Corporation Account Manager.

LabTech Software, the only powerful, robust-featured remote monitoring and management (RMM) platform developed by a managed service provider (MSP) for managed service providers, is partnering with Webroot to make it easier for partners to deploy and manage endpoint security solutions for their customers. The integration is part of an ongoing effort to help partners access new sources of revenue using the LabTech platform.

"We continue to provide our partners with best-in-class solutions that further add value and automation to their LabTech platform," said Matt Nachtrab, LabTech Software CEO. "Partnering with Webroot allows us to further deliver on integrated solutions that can be managed through the single-pane-of-glass within LabTech. I'm excited to have Webroot as part of our security portfolio and look forward to helping our partners and MSP businesses succeed."

Unlike traditional antivirus solutions, the cloud-based Webroot SecureAnywhere portfolio includes the industry’s lightest and fastest endpoint security solutions, allowing LabTech partners to achieve exceptional threat protection and faster scans without bulky patches and signature updates. Webroot places the burden of malware protection in the cloud, freeing up operating systems and hardware resources – saving MSPs time and money, and increasing customer satisfaction.

"We're thrilled to be partnering with LabTech Software," said Charlie Tomeo, vice president of channel and technical sales at Webroot. "Their industry-leading services have fostered a loyal and rapidly-growing following within the MSP community. We recognize that traditional endpoint security has created many challenges for MSPs. With Webroot's cloud-based security solution, MSPs will be able to not only gain additional profits, but also significantly reduce the complexities and inefficiencies normally associated with managing a security solution."

Webroot’s cloud-based security solutions require no hardware, can be installed instantly and can be managed anywhere, anytime. This significantly reduces the amount of management required from MSP partners to deploy and manage endpoint security for all their customers. The solutions are lightweight and fast, with no impact on end-user productivity. Webroot takes an innovative and powerful approach to endpoint security that utilizes cloud-based big data, delivering maximum protection to MSPs. The security solutions feature instant rollback and remote remediation with no need to re-image machines, improving productivity, saving MSPs time and money and lowering total cost of ownership.

To learn more about the LabTech-Webroot integration, please visit www.labtechsoftware.com/webroot.