Viruses

Over the last week we have seen an increase in the amount of companies receiving emails containing Zepto Ransomware, a file encrypting virus based on the infamous Locky cryptoware.
Most of the emails have been carefully crafted to ensnare the victims using social engineering techniques, typically greeting the recipient by first name and asking them to open an attachment which they had requested.
zepto image
The attachment will typically be either a .zip extension or .docm extension and once opened will run a malicious JavaScript which then encrypts all files on the users machine with the .zepto extension

To try and combat the infection, we offer the following advice
1. To protect against JavaScript attachments, tell Explorer to open .JS files with Notepad.
2. To protect against VBA malware, tell Office not to allow macros in documents from the internet.
3. Ensure your AntiMalware program is upto date
4. Ensure your users are careful with email attachments and only open the ones they are sure they have requested
5. If possible set email filtering to quarantine all .zip and .docm files

Anti-Malware’s Like Your Winter Clothes: Layered Is Better!

Outdoors magazines, sports coaches, your mother – they all teach you that at this time of year, when the cold snap bites, layers of clothing are far more effective against the cold than one monstrous overcoat. Nobody pretends the cold’s not going to find its way into a fold or two, but after that, other folds stop it.

Seems like common sense, doesn’t it? Yet when it comes to anti-malware and the like, too many vendors (and partners!) still favour the overcoat – one big protective mantle that, once compromised, is a single point of chilly failure.

So for you, and your customers, the question is this: where can you get access to the kind of layered anti-malware solutions that don’t let you down like an overcoat, and how can you be sure they’ll deliver on the promise?

What are these anti-malware layers – and what benefit do they deliver?

Layered security’s central philosophy is that no one solution can cover every base. (Wikipedia describes this neatly here). You need layers of solutions, as well as layers of protection within those solutions.

Take one of the most vicious breeds of malware, for example – zero-day exploits, like the ones that placed millions of Android Chrome users at risk. These target vulnerabilities in newly-released browser and application software, often using these undefended pathways to deliver ransomware payloads.

To fight these threats effectively, each vulnerable program – it could be an Office app, a PDF reader, a media player, or anything else – needs its own dedicated protection.

But this kind of exploitation protection isn’t necessarily focused on threat profiles like viruses, Trojans, worms, rootkits, adware and spyware, so an additional anti-malware layer is needed.

And, critically, malware detection is not the same as malware removal – which, again, is a layer in itself.

Put all these items of “protective clothing” together, of course, and you have a multi-layered solution, something like this one, that covers all the critical malware and exploit vulnerabilities.

That chill wind might find its way in here and there, but it’s not going to hit skin.

Anti-malware’s layers within layers

Drilling down into these solutions, we find that there, too, layers are the key to trapping the threat, wherever it comes from and whatever form it takes.

So for example, an anti-malware solution might have four distinct layers:

  • Application hardening, to make outdated or unpatched applications less susceptible to attack
  • Operating System security, to stop exploit shellcode executing
  • Malicious memory protection, to prevent the execution of payloads
  • Application behaviour protection, for specific applications like Word, PowerPoint and others

 In short, there’s a trigger to raise a red flag on all the hot buttons that malicious code typically tries to press!

“Is layered anti-malware really that effective? Not convinced…”

At this point, if I were your mother I’d be telling you to come inside and get some hot soup. As it is, I’m going to tell you to come in from the cold and smell the coffee.

The effectiveness of layered anti-malware is documented fact, not hearsay. Here are some recent threat-busting stats from the layered anti-malware landscape:

  • It was a layered malware removal technology that recently earnt the only perfect score in tests by the internationally respected laboratory AV-TEST.
  • It was a layered malware tool that removed over five billion separate varieties of malware in 2014 alone.
  • It was a layered malware removal technology that, according to OPSWAT, who release periodic studies on security vendors’ market share, is the most popular security product installed by users.
  • Layered anti-malware technology is hot property, ranking 186th in Deloitte’s 2015 Technology Fast 500 nominations.

So what’s stopping you from (if you’re a partner) offering these solutions profitably to your customers, and (if you’re an end-user organisation) deciding to take the partners up on their offer?

Layered anti-malware as revenue multiplier!

The short answer is “nothing.”

Firstly, distribution businesses like mine (and others) already make these solutions available to partners, and not just in conventional subscription-based agreements.

The MSP model, for example, gives partners a powerful differentiator in their portfolio. This is primarily because it enables partners and their customers to pay only for what they use, but it also makes aggregated billing possible, reducing customer acquisition costs and so supporting the growth of the partners’ business.

Secondly – and this is where layers take on a dimension that’s probably a lot more interesting to you than it is to your mother – layered anti-malware not only gives partners the opportunity to combine (and charge for) multiple solutions, as we’ve already seen, it can also work with the customer’s existing security solutions and need not automatically displace them.

In short, every layer’s a revenue stream in itself, but any other security solutions you have already sold to your customers can stay in place too – so the revenue opportunity is multiplied!

So, that’s a whole load of stuff I bet you (and your mother) didn’t know about the similarity between what you wear and what you sell.

Either way, it’s going to make you look good.

Brian-A-Jackson1

On a weekly basis there are now articles regarding a big brand company which has been hacked, these usually relate to what data has been lost, how they are notifying those affected and what they are going to be doing to prevent this from happening again.

So how do you prevent it from happening in the first place?

From experience I can see that if a hacker wants to get details from somewhere they will take the easiest target, the ‘Low Hanging Fruit’ as they say, in ensuring your company has some basic security principles in place can help mitigate this.

So how do you ensure you are not the ‘Low Hanging Fruit’

Simple measures can be taken within your environment to help secure it. As a basic level you should be meeting the following guide - CyberEssentials Requirements

This sets out some advice regarding Firewalls, User access control, Passwords, Malware protection and Patch management.

Once you have met the standards given within this document you should be looking to increase the security standards within your organisation. The most effective we have found is the use of education, once educated your staff will be able to react to the threats quicker and reduce the risks to your company.

security-banner

Our top security updates in the news and on the web this week

1. CryptoWall 4.0 A Stealthier, More Sweet-Talking Ransomware

When the malware makes its move, the new CryptoWall not only encrypts files, as it always has done, it also encrypts filenames. Heimdal Security states this new technique increases victims’ confusion, and thereby increases the likelihood that they’ll pay the ransom, and quickly. First posted on Dark Reading.

For the original post and further information click here

2. TalkTalk – The case for a Chief Security Officer

While the importance of the Chief Information Security Officer has been in constant growth over the past few years, organisations that employ a CISO/CSO are still far too few. First posted on Trend Micro.

For the original post and further information click here

3. Linux Ransomware Debut Fails on Predictable Encryption Key

No need to crack RSA when you can guess the key. File encrypting ransomware Trojans are almost ubiquitous on Windows, and it was only a matter of time. First Posted on Bitdefender Labs.

For the original post and further information click here

Brian-A-Jackson1

 

4. Adobe Flash Update Includes Patches for 17 Vulnerabilities

In what’s becoming a monthly ritual, Adobe today pushed out an updated version of its Flash Player that includes patches for critical vulnerabilities. First posted on Threatpost.

For the original post and further information click here

5. How Scammers Are Trying To Use Your Computer To Steal Your Cash

Cyber criminals want to hijack your computer for financial gain. But how does the scam work and how can you stop them? First posted on TechWeek Europe.

For the original post and further information click here

6. Top ranking Instagram client removed from iTunes and Google Play after user data theft discovery

A software developer has discovered that a leading free app on iTunes and Google Play has been sending people’s usernames and passwords to an unknown website. The malicious app is called InstaAgent, and is touted as an Instagram client. It is also reportedly the most downloaded free app in the UK and Canada. First posted on TechWeek Europe.

For the original post and further information click here

If you have any security news that you would like to see on our blog please send it to us at bluesolutions, please include the link from the original article in the email.

blue and comptia bannerAre you attending CompTIA EMEA Member and Partner Conference 20th October 2015?

If you haven't yet registered to the Comptia event at 155 Bishopsgate London please go to  https://www.comptia.org/emea/home it would be great to see you there.

Blue Solutions was founded in 2000 with a clear mission: to enable IT channel partners to sell managed services software that would boost recurring revenues, strengthen margins, and clearly differentiate their offerings in a crowded market. As key vendor partners like AppRiver, Bitdefender, Censornet, DataFortress, Malwarebytes, Microsoft, Phish5, Redstor, Symantec, TrendMicro, and many others will testify, we’ve been succeeding at it ever since.

The bottom line of it is we enable our partners to build profitable, regular revenues, by delivering what their competitors can’t – compelling, diverse, scalable managed services, at low cost, that delight their end-users. So if you’re serious about growing your business, don’t miss this opportunity to expand your knowledge and to hear from our vendor and industry experts please feel free to book a time with Barry Atkinson, Emma Wale, Lee Walker or Israel Azumara to discuss Blue Solutions our vendors in more detail.

If you have queries please call 0118 9898 222 and request to speak to any of the names above regarding the event.

Windows10

Article originally published on the Malwarebytes website

It’s that time again, a new operating system emerges from the Microsoft incubator! While many of you might not get to experience Windows 10 just yet or even in the foreseeable future, we want you to know that when you decide to use it, Malwarebytes has got your back.

The latest versions of our Malwarebytes products supports Windows 10! And that includes:

  • Malwarebytes Anti-Malware Free
  • Malwarebytes Anti-Malware Premium
  • Malwarebytes Anti-Exploit Free
  • Malwarebytes Anti-Exploit Premium
  • Malwarebytes Anti-Malware for Business
  • Malwarebytes Anti-Exploit for Business
  • Malwarebytes Anti-Malware Remediation Tool

So one of the first things you should do after setting up your new operating system is to download Malwarebytes Anti-Malware. Trust me, the cyber criminals won’t wait until everyone is comfortable with Windows 10 to start targeting folks using it.

To download the latest Malwarebytes Anti-Malware on your new Win 10 system, click here.

Find out more about Malwarebytes at www.bluesolutions.co.uk/malwarebytes/. Call our sales team today on 0118 9898 222 for a free trial or demo.

Malwarebytes Image

Originally published on the Malwarebytes Security Blog

May 6 marked the 15 year anniversary of the infamous ILOVEYOU (Love Letter) email virus. The virus is regarded as the first major virus spread by email.

ILOVEYOU reportedly infected tens of millions of computers worldwide, and cost billions of dollars in damage.

Once a machine was infected with ILOVEYOU, the virus scanned the Windows Address Book and subsequently sent copies of itself to every contact within the list. Using the public’s lack of email security to its advantage, the virus was able to masquerade as a legitimate attachment sent by a known acquaintance.

This simple social engineering tactic allowed the virus to propagate world-wide quickly and efficiently.

In the years since ILOVEYOU, we’ve all learned lots regarding email security and ‘best practices’ to use when downloading attachments. There have been numerous articles, write-ups, warnings, and suggestions advising users to be wary when opening attachments that come via email – even when from a trusted source.

Despite more than a decade and a half of these warnings, email is still a primary vector for the installation of malicious software.

The M3AAWG Email Metrics Report, released Q2 of 2014, indicates that over a three-month tracking period, a whopping 987 billion “abusive” emails were identified as being successfully delivered.

While this pales in comparison to the other 9+ trillion emails blocked by the mail providers, this number demonstrates just how successful  a vector email is for malicious actors to use to compromise their victims.

While the M3AAWG report doesn’t distinguish between emails with malicious attachments and other types of abusive emails such as phishing emails, it’s reasonable to assume that at least a significant percentage of the abusive emails did indeed contain a malicious attachment.

As indicated by the report, the vast majority of these messages are blocked by large email providers such as Microsoft and Google, but despite the best efforts of these companies, many messages still find their way through the filters.  Here is an example of a malicious email I received to my personal email account just the other day.

MalSpam1

The success of these malware campaigns relies in numbers. With an estimated 205 billion emails sent each day, it seems to be a herculean, if not almost impossible task to prevent each and every malicious email from being delivered.

We would all be quite peeved if that important document from our boss wasn’t delivered to our email box, or if that emergency change in insurance wasn’t received from HR.

The big email providers know this, so they are forced to tread lightly when determining if an attachment is malicious or not. The problem is malicious actors know this too.  So for them, it’s just a numbers game.

If one address gets blocked, use another. If one message is blocked, send one more – better yet, send a million more. And there in-lies the issue that we in the security field face when it comes to preventing you from seeing (and in the case of malware – blocking) this sort of garbage all together.

A small portion of over-all attempted deliveries and an even smaller percentage of successful installs is all that’s needed to claim success.

Malware authors utilise a dizzying array of tools, services, and botnets to facilitate delivery of malicious email. Email addresses are spoofed. The subject and body can be dynamically generated using unique information to help provide a sense of legitimacy to the email. Most attachments are randomized both in name and MD5’s to thwart detection.

Geo-location is used to send emails to users of a particular region, city, or post code. And the subject matter of emails constantly changes to play into the fears, desires, and dreams of every potential person.

MalSpam2

Attachments are not limited to .zips either. Attachments have been seen to arrive in .exe format (although rare with large email providers), .scr, .pdf, .com, .js, or a variety of others. Here we can see how some attachments attempt to appear legitimate.  Take notice of the large spaces between filenames and the .exe extension on a few of the attachments.

MalSpam3

Remember, it only takes a small portion of sent emails, and an even smaller percentage of those to be clicked, in order for a malware author to claim a particular spam-run successful.

The reality is, these people wouldn’t use email as an attack vector if it didn’t work – but it does.

The only reason it does is because a small percentage of us still click such attachments thinking there may be some legitimacy to the content.

Despite 15 years of warnings, billions of dollars in damages, and countless attacks attributed to email, we have yet to learn the dangers of downloading unsolicited attachments.

So for the sake of humanity (a bit dire, I know) please quit clicking attachments from people you don’t know, or from contacts where the content appears suspicious.

If there is a question if the email is legitimate, contact the sender and inquire.

If you didn’t order anything online, don’t click the Word document advising you of your recent purchase.

If you haven’t done so already, configure Windows to always show file extensions. That way, if you do download and extract a malicious attachment, you can hopefully see if any trickery is being played with spaces between the visible filename and the extension.

And most importantly, educate someone you know who would never read this (or any) security blog as to hopefully help them from succumbing to the ever-changing tactics of malware spam.

Blue Solutions is now a distributor for Malwarebytes- read the press release here. Call our team on 0118 9898 222 and they'll help with any questions or arrange a free trial.