Tag Archives: 2017

6 Things We Should Have Learned in 2017

This past year we bore witness to the sophistication of cyberattacks and their vertiginous growth. If we look at what happened in security in 2017, there are quite a few lessons that we should heed to, especially for businesses. These six lessons will help us to avoid making the same mistakes this year.

  1. Our response to incidents is as important as preventing them

One of the most important events of last year was the Uber incident. It came to light that Uber had concelead the fact that data corresponding to 57 million users had been pirated at the end of 2016. As the Uber CEO acknowledged, the criminals downloaded a database from servers used by Uber containing the personal information of users (name, email, and phone number) and data relating to 600,000 drivers in the United States. To prevent the attack from coming to light, the company paid the hackers $100,000.

The data theft at Equifax was the biggest hack of sensitive personal data in history. An organized group of cybercriminals took advantage of a security breach within their web application to steal information on 143 million customers, taking their social security numbers, postal addresses and even driving license numbers.

Whereas failure to notify users of the breach led to some legal entanglement for Uber (made worse by their payout to hackers), in the case of Equifax, their inconsistent statements about the vulnerability and their post-breach lack of commitment to consumers demonstrate a highly unprofessional approach.

To avoid situations like these, it is crucial for security updates to be a part of your business strategy — and notifying authorities, though unpleasant, should always be the first step to take after a breach. What happened at Uber can also teach us another lesson: sharing credentials via code is not such a great idea. This bad practice is what gave hackers access to the servers, having obtained the credentials thanks to the code that Uber developers published on Github.

  1. Attacks are not just a matter of malware

Not everything is ransomware (although, if you follow cybersecurity in the media, it may sometimes feel that way). With malwareless attacks, attackers assume the identity of the administrator after having obtained their network credentials using non-malicious tools on the company’s devices. Malwareless attacks are sure to be a trend in 2018, so we would do well to learn from these cases.

PandaLabs detected a case in which the attackers used Sticky Keys to sneak through the back door, accessing the computer without entering credentials. This remote access can then be monetized by generating online traffic that can be sold to third party websites or by auctioning access to the compromised machines. Another example is the use of Powershell for cryptocurrency mining.

To combat these attacks, advanced tools combined with Threat Hunting methods based on user behavior are essential. Monitoring the corporate network in real time and giving visibility to the activities in the teams, we can discover what legitimate tools are being violated and protect our companies.

  1. Secure passwords do not have to be hard to remember

Despite the suggestions of Bill Burr, which for years governed the policy of password creation in the online environment, a secure password should not be difficult to remember. This year we learned that even those that combine alphanumeric, uppercase and lowercase, and special characters can often be guessed by a computer. Given that human behavior is predictable, computer algorithms allow cybercriminals to detect weaknesses and patterns, and with them they manage to decipher our passwords.

In 2017, we witnessed a radical change in the recommendations of the National Institute of Standards and Technology (NIST) to create a secure password. Now we are encouraged to use compound sentences with random words that are easy for us to remember; that way, a bot or a computer can not crack the password by means of countless combinations. The password, then, can still be easily remembered by the user, but it will be difficult for a cybercriminal to decipher it.

  1. The malware tries to go unnoticed

Malware is growing exponentially. PandaLabs registered 15,107,232 different malware files that had never been seen before. Only a small part of ¡ total malware is truly widespread. That is, most malware changes every time it infects, so each copy has a very limited distribution and always tries to go unnoticed.

Having a limited life, the malware attacks the smallest possible number of devices to reduce the risk of being detected. In this sense, it is essential to choose an advanced cybersecurity platform to recognize and respond to attacks in real time.

  1. Be quick to implement patches

When it comes to patches, it’s never too early. The idea is to implement a method of action according to the characteristics of the architecture of our company (its systems, services and applications) in which we evaluate the implications of patching >(or failing to patch). Once this is taken into account, acting quickly is essential. Equifax, to give just one example, was first attacked in May 2017 because they hadn’t patched a vulnerability detected in March.

  1. Neglecting Shadow IT can be very expensive

The systems, solutions and devices used in a company, but which have never been explicitly recognized by the organization, are known as Shadow IT. This enemy in the shadows represents an overwhelming number of blind spots for the security of the company, since it is very difficult to protect something whose existence we aren’t even aware of. According to an EMC study, annual losses caused by Shadow IT reach up to 1.7 trillion dollars. Therefore, it is necessary to design affordable policies that cover the needs of workers, preventing them from resorting to unauthorized solutions. Prioritizing security awareness and evaluating why users turn to applications and tools not provided by the company could even help to improve workflows.

To start the year on the right foot, we can take 2017, internalize it, and move forward. External threats continue to grow, so our attention to basic tasks and lessons learned should do so in turn.

The post 6 Things We Should Have Learned in 2017 appeared first on Panda Security Mediacenter.

Read More

Cryptocurrency Mining Malware Infected Over Half-Million PCs Using NSA Exploit


2017 was the year of high profile data breaches and ransomware attacks, but from the beginning of this year, we are noticing a faster-paced shift in the cyber threat landscape, as cryptocurrency-related malware is becoming a popular and profitable choice of cyber criminals.

Several cybersecurity firms are reporting of new cryptocurrency mining viruses that are being spread using EternalBlue—the same NSA exploit that was leaked by the hacking group Shadow Brokers and responsible for the devastating widespread ransomware threat WannaCry.

Researchers from Proofpoint discovered a massive global botnet dubbed “Smominru,” a.k.a Ismo, that is using EternalBlue SMB exploit (CVE-2017-0144) to infect Windows computers to secretly mine Monero cryptocurrency, worth millions of dollars, for its master.

Active since at least May 2017, Smominru botnet has already infected more than 526,000 Windows computers, most of which are believed to be servers running unpatched versions of Windows, according to the researchers.

“Based on the hash power associated with the Monero payment address for this operation, it appeared that this botnet was likely twice the size of Adylkuzz,” the researchers said.

The botnet operators have already mined approximately 8,900 Monero, valued at up to $3.6 million, at the rate of roughly 24 Monero per day ($8,500) by stealing computing resources of millions of systems.


The highest number of Smominru infection has been observed in Russia, India, and Taiwan, the researchers said.

The command and control infrastructure of Smominru botnet is hosted on DDoS protection service SharkTech, which was notified of the abuse but the firm reportedly ignored the abuse notifications.

According to the Proofpoint researchers, cybercriminals are using at least 25 machines to scan the internet to find vulnerable Windows computers and also using leaked NSA’s RDP protocol exploit, EsteemAudit (CVE-2017-0176), for infection.

“As Bitcoin has become prohibitively resource-intensive to mine outside of dedicated mining farms, interest in Monero has increased dramatically. While Monero can no longer be mined effectively on desktop computers, a distributed botnet like that described here can prove quite lucrative for its operators,” the researchers concluded. 

“The operators of this botnet are persistent, use all available exploits to expand their botnet, and have found multiple ways to recover after sinkhole operations. Given the significant profits available to the botnet operators and the resilience of the botnet and its infrastructure, we expect these activities to continue, along with their potential impacts on infected nodes.”

Another security firm CrowdStrike recently published a blog post, reporting another widespread cryptocurrency fileless malware, dubbed WannaMine, using EternalBlue exploit to infect computers to mine Monero cryptocurrency.

Since it does not download any application to an infected computer, WannaMine infections are harder to detect by antivirus programs. CrowdStrike researchers observed the malware has rendered “some companies unable to operate for days and weeks at a time.”

Besides infecting systems, cybercriminals are also widely adopting cryptojacking attacks, wherein browser-based JavaScript miners utilise website visitors’ CPUs power to mine cryptocurrencies for monetisation.

Since recently observed cryptocurrency mining malware attacks have been found leveraging EternalBlue, which had already been patched by Microsoft last year, users are advised to keep their systems and software updated to avoid being a victim of such threats.

Cybersecurity Certification Courses – CISA, CISM, CISSP

Cybersecurity Certifications Training Courses

The year 2017 saw some of the biggest cybersecurity incidents—from high profile data breaches in Equifax and Uber impacting millions of users to thousands of businesses and millions of customers being affected by the global ransomware threats like WannaCry and NotPetya.

The year ended, but it did not take away the airwaves of cybersecurity incidents, threats, data breaches, and hacks.

The scope and pace of such cybersecurity threats would rise with every passing year, and with this rise, more certified cybersecurity experts and professionals would be needed by every corporate and organisation to prevent themselves from hackers and cyber thieves.

That’s why jobs in the cybersecurity field have gone up 80 percent over the past three years than any other IT-related job. So, this is the right time for you to consider a new career as a cybersecurity professional.

But before getting started, you need to gain some valuable cyber security certifications that not only boost your skills but also verify your knowledge and credibility as a cybersecurity expert.

THN Deals Store this week brings you the Cybersecurity Certification Mega Bundle, which will help you master three elite cybersecurity certification exams—CISA, CISM, and CISSP.

Online Cyber Security Courses for CISA, CISM, CISSP Certifications

This online training course provides you with the best-selling study materials to pass the CISA, CISM, and CISSP certification exams. It dives deep into the most proven and practical methods for protecting vulnerable networks in any business environment.

From the fundamentals of cryptography and encryption to the security holes in computer networks and mobile apps, this online course will help you learn about information security audits, assurance, guidelines, standards, and best cybersecurity practices in the industry.

At the end of this course, you would develop the expertise to manage, design, oversee, and assess an enterprise’s information security, as well as maintain a secure business environment using globally approved Information Security standards.

If you do not know what CISA, CISM, and CISSP certifications are, below, you can find brief information about the courses and their importance in the IT industry.

1) CISA – Certified Information Systems Auditor

The CISA certification is renowned across the world as the standard of achievement for those who audit, monitor, access and control information technology and business systems.

Being CISA-certified showcases candidates for their audit experience, skills, and knowledge, and signifies that you are an expert in managing vulnerabilities, instituting controls and ensuring compliance within the enterprise.

2) CISM – Certified Information Security Manager

The demand for skilled information security managers is on the rise, and CISM is the globally accepted certification standard of achievement in this area.

The uniquely management-focused CISM certification ensures you are re-equipped with the best practices in the IT industry and recognises your expertise to manage, design, and oversee and assess an enterprise’s information security.

3) CISSP – Certified Information Systems Security Professional

The CISSP certification is a globally-recognised certification in the field of information security and has become a standard of achievement that is acknowledged worldwide.

Offered by the International Information Systems Security Certification Consortium, commonly known as (ISC)², CISSP is an objective measure of excellence, which requires a broad level of knowledge.

THN Offer: How To Avail 93% Discount on Cybersecurity Certification Training

If you want to select the best and cost-efficient course to pass CISA, CISM, and CISSP certifications, the Cybersecurity Certification Mega Bundle course is the one for you to begin with.

You can get Cybersecurity Certification Mega Bundle for just $69 (after 93% discount) at the THN Deals Store.

So, to Sign-up for the Cybersecurity Certification Mega Bundle course, click on this link and get your online course now.

Buying this course will not be a wrong decision. In case, you are not satisfied with this course for any reason, our training partner also provides a 15-day money back guarantee and will issue a refund.

So, what you are now waiting for? Grab the course Now!

The Ways Cybercrime Has Changed in 2017

With thousands of infected computers and millions of dollars lost, the latest ransomware attacks are surely marking the trends to come in the increasingly lucrative field of cybercrime. This, together with the exponential proliferation of connected devices on the IoT, as well as covert cyberwar, sets the stage for cybercrime to come.

More malware, more sophisticated than ever

Incidents from unknown threats went up 40% in this year’s second, according to the latest data collected by PandaLabs in their quarterly report. These attacks are carried out with malware that is unrecognizable to signature-based antivirus solutions, and also evades heuristic detection, indicating a considerable increase in the amount of new malware. As the PandaLabs report points out, small and medium-sized enterprises generally account for the most-targeted victims of these new malware attacks, but home users are more affected by this malware in terms of sheer numbers,

Increased sophistication means that much of the malware we’ve seen uses legitimate system tools to exploit vulnerabilities, something that is especially critical in professional environments. Over the course of 2017, more than 150 million attacks are expected, of which a large percentage will seriously affect companies. We’ve already discussed the growing economic impact that could reach almost three billion dollars in losses in 2017. However, other vectors should be considered, such as the IoT and the troves of data it connects to. Also of note is the increasing probability of being caught in the crossfire of a cyberwar between two world powers, as international cyberespionage continues to rise.

Ransomware, the “fashionable” attack

We can’t stop talking about the attacks that have caused the most impact in the past few months (and which incidentally are some of the most brutal cyberattacks in history). Both WannaCry, which has affected more than 150 countries, causing losses of up to four billion dollars, and the subsequent Petya/GoldenEye incident, whose economic impact was infinitely lower, wreaked havoc on corporate networks the world over. Regardless of who’s responsible for the attacks, their sophistication belies a budding professionalism and simmering hostility in the underworld of cybercrime.

We can no longer deny that there is indeed a cyberwar being waged, sometimes covertly and sometimes not. Often, the perpetrators appear to be institutional (governmental, to be more specific), a hypothesis that can be further justified by looking at the chosen targets of these attacks (especially in the case of Petya/GoldenEye). But it is also important to note that these ransomware attacks take advantage of vulnerabilities found in legitimate system tools, and can therefore be classified as zero-day attacks.

The EternalBlue exploit is at the center of these attacks. It had already been patched by Microsoft before the events took place, but many users had not updated their systems. If on a network of hundreds of computers just one employee fails to update with the patch, the entire network is exposed to the wave of ransomware.

Smart Cities are especially vulnerable. In some cases, the attacks not only resulted in the loss of data, but also brought entire systems down, leading to the interruption of public services. From blackouts to blocked devices, such as cameras or traffic signals, the consequences of recent attacks show that the future of cybercrime can seriously hinder our digital life as we know it.

Fighting advanced cyber attacks

Corporations and home users alike must be constantly vigilant, and that means constantly updating systems and using advanced cybersecurity solutions that can stop an attack before it is able to penetrate the network. And how can we protect ourselves from vulnerabilities we don’t even know exist? More modern solutions address the problem by monitoring systems in real time and are triggered by suspicious behavior (and not known signatures or heuristics). So despite the proliferation of unknown malware, users can stay protected at all times. This is the secret of the advanced technology of Panda Adaptive Defense: to prevent the attack before it happens.

The post The Ways Cybercrime Has Changed in 2017 appeared first on Panda Security Mediacenter.

Read More