We are seeing our customers experience malware (Malicious software like Ransomware or Banking Trojans) that is continuing to bypass their antivirus software (see why in our blog on “Why antivirus fails“). One of the reasons is that criminals are very open to sharing the techniques and tools they use to get past traditional security controls such as antivirus or a firewall.
1. Creating Partnerships:
There is further evidence that a number of the ransomware criminal groups are creating partnerships enabling them to bypass controls. An example in the article was that “In recent months, the operators of the GandCrab ransomware-as-a-service affiliate operation announced a new partnership with NTCrypt, a malware crypter service that’s designed to alter malicious code to make it more difficult for security tools to detect.”
2. Sharing compromised victims to expand reach
The criminals who already have hundreds of thousands of victims of their Banking Trojans are able to share them with another group who can then extort them for more money through Ransomare. This is because the businesses did not detect or remove the original malicious software as their antivirus was not able to identify it. As described in the article. “The Trickbot banking Trojan, meanwhile, has also been doing double duty as a dropper and pushing Ryuk ransomware onto some – but not all – systems that it infects.”
3. Previous criminal groups share new techniques
Although authorities continue to find success in arresting some of these criminal groups which often breaks their operations. These groups seperate and reform to return to their lucrative illegal activities. Often forming new criminal organisations and later collaborating with others from the same previous groups. This was seen in Trickbot which came from a group who produced Dyre and split into a number of other groups.
“The Trickbot banking Trojan is being used in cyberattacks against small and medium-sized businesses, and individuals in the U.K. and overseas,” the U.K.’s National Cyber Security Center, which is the public-facing arm of intelligence agency GCHQ, warned last September.
This is one of the reasons that large businesses use layers of security to identify when these controls fail and then take steps to clean this up. Normally this is through what is called a Security information and event management (SIEM) and these cost hundreds of thousands of dollars and require a team of experts (internal or as a service) to identify when they get past and the steps to take to resolve.
This is a problem for small businesses who do not have the team, tools or budget to take these vital steps. If this is you and you want to get the capability but at a hundredth of the cost then reach out and see how we are changing the game for small business.
Our CEO Paul Byrne was interviewed by York Butter Factory Ventures on some simple tips for small businesses and startups to help them not get hacked. This is how small businesses move beyond the basics that banks and enterprise businesses used over 10 years ago such as anti-virus and firewalls. These are a great complement to the layers of defence these large organisations such as network monitoring, vulnerability management, security governance and security awareness. All of these we provide SME‘s through our amazing brAIn box.
Essential Security for SMB shared by Global Experts
We have spoken with over 50 experts in the fields of IT Security, Law, Insurance, Business continuity as well as directly with some small businesses themselves to bring you the top 21’s advice and insights. This advice shows a number of key themes that align with expert advice from leading government organisations on cybersecurity such as NIST, ASD, and GCHQ in particular about the visibility of your network through vulnerability scanning and security monitoring as well as simple free steps around processes and planning.
“Security isn’t just for big companies, just because you’re a smaller business doesn’t mean that you won’t be targeted. And with the global average cost of a data breach standing at $3.62 million, ignoring your security is a risk that you can’t afford to take,” said Job Brown, Web Team Leader at Wooden Blinds Direct.
This is so true now but many solutions are out of reach for many small businesses to afford. We asked our experts for the essentials and often free steps they can take to protect themselves from being hacked. Small business needs to gain a cybersecurity awareness of their assets, threats, and controls to be able to effectively manage the business risk of Cybercrime. It is a war and SME’s need to be prepared by understanding what hackers are after and what their weaknesses are.
“If you know neither the enemy nor yourself, you will succumb in every battle.” – Sun Tzu
Currently many have not considered security and have no visibility of the threats or their own environment. We are trying to level the battlefield bring a number of these steps to businesses through our brAIn box. Click here to read more or join our mailing list.
Often the last thing that a small business will do is monitoring all the online connections of their business but this is a very valuable way to protect yourself. This is particularly important now in Australia with the new Mandatory Breach Notification and needing to understand what has happened and who has been affected. This has been often out of the price range of most small businesses as many suggest a Security Events and Incident Management (SEIM) platform which costs hundreds of thousands of dollars a year. These are often basic monitoring and missing the enhanced AI detection capabilities. We think this needs to change and are offering something for a hundredth of the cost which uses world-leading AI to detect security threats.
“While no single strategy ‘fits all’, practicing basic cyber hygiene would address or mitigate a vast majority of security breaches. Being prepared if an intrusion occurs is also critical and having a communications method for a response, actively monitoring centralized host and networks, and including enhanced monitoring to detect known security, events is a must.” Braden Perry, litigation, regulatory and government investigations attorney states.
Have you enabled windows update or automatic updating of all employees computers? Also, something to remember is all the applications being used like adobe reader so enable those updates. Using tools like Secunia PSI can monitor and help. Another good step is to a vulnerability scan regularly to see what is missed and what needs updating (our “brAIn box” does on your internal network regularly). This is also commonly a requirement for a Cyber Insurance policy.
Bob Herman is the Co-Founder and President of IT Tropolis says “Configure your Windows computers and servers to automatically install Microsoft updates as they become available. Occasionally an update from MS breaks a valid 3rd party software or their own software, but dealing with those occasional issues is a far better path then dealing with the results of security vulnerabilities, like the SMB vulnerability exploited by WannaCry and Not Peyta last year.”
“I have six locks on my door all in a row. When I go out, I lock every other one. I figure no matter how long somebody stands there picking the locks, they are always locking three.” Elayne Boosler.
Carl Mazzanti, Co-founder, and Vice President eMazzanti Technologies says “I am a raving fan of 2-factor authentication (2FA). It’s a mandatory tool for me and anyone I can educate about it! Not only can 2FA provide an extra layer of security for small business PCs and other devices, but it can store your passwords too.
In addition to your bank accounts, enable two-factor authentication for Facebook, LinkedIn, Twitter, Microsoft, Apple, and Google. Furthermore, use 2FA to protect any other accounts that contain personal or sensitive business information.”
Enough can’t be said about having plans in place for a cybersecurity incident, these help clarify steps and responsibilities as in a crisis emotions are high and this can affect people’s judgment. One key consideration is that Cyber incidents are a business risk, not an IT risk and as such the whole of business need to be considered and involved. Incidents have legal, privacy, reputational and business operations impacts as well as IT ones. As such it needs to be integrated into crisis plans if you have them. These need not be onerous or complex, in fact, they need to be flexible and succinct. We will be looking to add a free template for these and a future blog post on writing your own.
Braden Perry from KennyHertz Perry LLC “While no single strategy ‘fits all’, practicing basic cyber hygiene would address or mitigate a vast majority of security breaches. Being prepared if an intrusion occurs is also critical and having a communications method for a response, actively monitoring centralized host and networks, and including enhanced monitoring to detect known security, events is a must. With a well-oiled cyber policy, you can mitigate outsiders significantly.”
Job Brown the Web Team Leader for Wooden Blinds Direct has found that there are some specialist companies who help SMB’s with security capabilities on a subscription basis and very affordable. I am glad to say we are one of these companies. See our SMB Security AI service brAIn-box.
“Thankfully though, there are a number of affordable ways for small businesses to cover themselves. The first thing you should do is find yourself a partner who has your best interests in minds. There are many IT support companies out there who specialize in ensuring SMBs’ are protected from cyber-attacks and most of these offer subscription schemes which don’t require any upfront cost. So, you can find one suitable for you, without having to pay out a large immediate sum. “
Kyle White, Chief Executive of “VeryConnect” shared some insights to help small businesses avoid the ever-increasing scams people face every day.
“There are some easy practical tips you can follow to protect yourself against a range of frauds. An increasingly common threat is where people are sent the wrong bank details for a transaction that they may or may not be expecting to make to a new recipient for the first time. This could be a completely fraudulent invoice or fraudulent payment details to a new person who you are expecting to pay. To protect yourself, you should call the new recipient on a number you know is theirs (not necessarily the number on the invoice or email that was sent). Talk to someone you know and verify the amount and bank account details are correct. You can then rest assured for future transactions that they are the correct recipient.”
Justin Lavelle, Chief Communications Officer for “BeenVerified.com” also gives great advice in this space. Verifying the identity when there is a payment involved is very important, also worth validating that any invoice matches the original purchase order number.
“Invoice scams are invoices for goods and services you never ordered or received. These invoices may look genuine but are actually phony. Take the time to make sure that any invoice paid matches up to a purchase order or packing slip before paying. Limit A/P management to one employee that is well trained in how to close the loop. Issue purchase order numbers for all purchases and check all invoices against the original orders. “
Nine of our 21 experts talked about security awareness and education as important for small businesses to stay secure online.
Robert Siciliano Identity Theft Expert with Hotspot shield gives his expert advice on this. One addition I would make is that the phishing emails although traditionally had spelling mistakes (on purpose to ensure better conversation rate) some more targeted attacks do not and have information about you or your organisation to instill trust.
“Small business should focus on increasing security awareness in the workplace, from the ground up and from the top down: We should teach workers how to handle data to minimize the potential of its falling into the wrong hands.
After presenting information about security awareness, come up with a scheme to set up a situation where employees are given the opportunity to open a very alluring link in their email. This is called a “phishing simulation.” This link will actually take the worker to a safe page, but you must make the page have a message, such as “You Fell For It.” You should also make sure that these emails look like a phishing email, such as adding a misspelling.
The people who fall for this trick should be tested again in a few days or weeks. This way, you will know if they got the message or not.
Don’t make it predictable as to when you are giving out these tests. Offer them at different times of day and make sure that the email type changes.
Consider hiring a professional who will attempt to get your staff to hand over sensitive business information over the phone, in person, and via email. This test could be invaluable, as it will clue you into who is falling for this.
Quiz your staff throughout the year, to allow you to see who is paying attention.
You want to focus on educating your staff, not disciplining them. They shouldn’t feel bad about themselves, but they should be made aware of these mistakes.
Make sure your staff knows any data breach could result in legal, financial or criminal repercussions.
Schedule workstation checks to see if employees are doing things that might compromise your business’ data, such as leaving sensitive information on the screen and walking away.
Explain how important security is to your business and encourage staff to report any suspicious activity.
After training your staff and testing your employees, make a full list of all of the important concepts that they should understand. Examine this list frequently and then re-evaluate the list to see if any revisions are required.”
Nick Santora of Curricula shares what is a security awareness training program. “You have employees interacting with online accounts all day. Emails, logins, passwords, you name it. A security awareness training program helps educate your employees on how to identify cyber threats. The education should teach them what the risks are and how to protect themselves from those risks. Simply putting together a few emails that say don’t click suspicious links is not enough to build a security culture among your employees. A true security awareness program is constantly engraining security in your employee’s days work so that it becomes part of your company culture.”
Darren Guccione is the CEO and co-founder of KeeperSecurity, Inc. “Considering more than 80 percent of data breaches occur due to weak or poor password management, adopting a password manager is a cost-effective and powerful tool that substantially mitigates the risk of a cyber breach. We are in a cyberwar. More than 55% of businesses reported breaches last year. On average, 30,000 websites are hacked each day. The question is no longer what should I do IF I get attacked and breached. Instead, the question is how do I prepare myself WHEN I get attacked and breached?”
Nick Santora CEO of Curricula said “Password managers are a great tool for your employees to manage multiple sets of difficult passwords for all the systems they log in to. Think about all of the passwords that your employees use every day. Most employees have access to over 30 different online accounts, some of them are including your work accounts. Did you know that over 50% of employees reuse their personal account passwords with their work accounts? This is alarmingly high and to think that a breach of one of your employee’s personal accounts, will most likely impact your business. Having a policy on this is important but discussing the risk with your employees is the more important factor for prevention.”
Another hot topic for our experts and this is no surprise as using backups is a very good mitigation to one of the largest threats to small biz which is ransomware. Everyone knows that antivirus is not effective against this (if not see our blog on antivirus fails SMB). As such using a good backup solution is key.
Bob Herman, the Co-Founder and President of IT Tropolis, “Small businesses should ensure they’ve implemented a proper backup and disaster recovery system that is monitored and tested for recovery on a regular basis. Knowing you can recover your data after a breach, such as falling victim to ransomware, will allow you to sleep easier at night!”
Eric Schlissel the CEO of GeekTek “Particularly against ransomware, which affects small business owners, consistent backups are a must, and Backblaze provides a good, inexpensive service.”
Ian McClarty, CEO, and President of PhoenixNAP Global IT Services.
“One of the first things we ask all of our clients is what their pain threshold is for catastrophic data loss. Many small business owners have never even considered the possibility of devastating data loss from phishing, malware, viruses, or even natural disasters. The reality is it happens every day. Hackers are targeting small businesses, as they are low hanging fruit, easier targets.
Small business should implement a data protection plan that includes offsite storage, ideally cloud storage. Cloud storage means merely when you back up a file; the file goes to multiple locations around the world.
Your critical data should be kept in multiple physical locations separated by significant physical distance. The cloud provides this level of duplication and redundancy by distributing your stored data across multiple different data centers in multiple locations. The cost for such services have come down significantly in the past few years, and this service once only reserved for large companies is very affordable for small business owners.”
Cindy Murphy a veteran expert in the field of digital forensics and incident response, president and co-founder of Madison, Wisconsin-based Gillware Digital Forensics gave some simple yet effective advice on choosing your staff email addresses.
“Contrary to what pop culture might have you believe, hackers do not have magic powers. What they do have is the same thing every con man and swindler has: a good grasp of peoples’ psychological weak points and common blind spots, including our tendency to trust authority figures.
One of the lesser-known, but most-powerful tools you can have to protect your business from ransomware and hacking rests in the Administrator account on your network. Is your Admin account named “Admin?” If so, you could have a security hole in your network.
Imagine a hacker wants to sneak some ransomware onto the network at a small business called “Jim’s IT.” They do this by guessing some of the employees’ emails (since, for example, John Doe at Jim’s IT probably uses “[email protected] or “[email protected]”). Then, they have to make it look like their dodgy link is coming from a trusted source.
Of course, who’s more trusted than the network administrator? The hacker makes their email look like it’s coming from “Admin,” and might even go so far as to set up a vanity address and send the email as “[email protected],” or something that looks similar at first glance.
But Jim was smart. He didn’t name his administrator account “Admin,” he named it “Elongated Muskrat,” or something else unintuitive, and the administrator email is “[email protected]” And he had the good sense to make sure all of his employees knew that. John Doe takes one look at the fraudulent email he’s received from “Admin” and tosses it in the trash, because he knows what areal email from the real admin account would have looked like, foiling the would-be hacker.”
Often missed in advice about security is the value in understanding your businesses key assets, often these are not what you think of as it’s not always money but often something they can monetize like personal information which criminals can sell or blackmail you with Isaac Kohen, the founder, and CEO of Teramind shares some insights on this.
“Here’s the best thing a small business owner can do to protect against a hacker: identify your ‘crown-jewel’ data and double-down on investments to protect this data. Data is gold to hackers – whether it’s your intellectual property, employee personal data, customer information, or bank account information. Every small business needs to take the time to identify its most valuable data, where the data resides on the network or in the cloud, and who has access to this data across both employees and partners/vendors. Then, take the following steps to protect the data: restrict access to those who need the data to do their jobs, use strong authentication methods to control access, and monitor activities (like downloading and printing) to catch a potential breach early.“
“Limit Access to Consumer Data — employees at an SMB should be able to access only those systems and data that they absolutely need to perform their jobs. So that all activity can be traced to a particular user, each employee should have a unique access ID and should be authenticated using a strong password or passphrase, biometrics, or a token device or smart card. Strong cryptography should be used to render all passwords unreadable during storage and transmission. Physical access to systems and consumer data should also be restricted to prevent employees and building visitors from accessing or removing devices, data, systems, or hard copies.”Mike Baker, Founder and Managing Partner, Mosaic451
“Constant vigilance and thoughtful, prudent, proactive security measures will keep users safe not just from ransomware attacks, but all cyber attacks. Users should keep their fingers on the pulse of cybersecurity and look for new exploits and threats to be aware of.” Adnan Raja Vice President of Atlantic.Net.
Mapping your threats to your assets and understanding what security controls you have to protect yourself is key to being able to manage your cyber risks. This is something we offer as part of our “brAIn box” along with vulnerability scanning and security monitoring.
“Never assume public clouds, such as Azure or AWS, are safe because they’re owned by trusted brands. Cases abound online where sensitive private data was exposed due to misconfigured S3 buckets on AWS. At a minimum, your data should be encrypted at rest, whether on or off the cloud, on every endpoint which stores your data.” said Eric Schlissel, CEO of GeekTek
“Here are 3 things about internet security that every small firm should know:
Get a security certificate for your website, it sends a message to customers that you care about their security. And Google is now penalising sites without it.
Ensure that SPF is set on your domain so that bad actors can’t spoof your domain and trick employees into clicking links in phishing emails.
For larger firms consider encrypting data at rest. For consumers, try and use services that have this as an option.”
“Invest in cyber liability insurance. Hacks aren’t 100% preventable, so it is best to be prepared. Very few businesses have cyber liability insurance, which is why so many go bankrupt and close after a hack. This insurance helps cover the steep legal and technical costs businesses may see after a hack.” Keri Lindenmuth from KDG, a tech solutions company.
“Be wary of any email requesting an urgent wire transfer. To verify its legitimacy, call the person who supposedly sent the email to verify whether it’s legitimate. The FBI says that companies should also carefully look at emails to see if they are authentic and use multi-level authentication.
When it comes to making payments/wire transfers, hold customer requests for international wire transfers for an additional period of time to verify the legitimacy of the request, confirm requests for transfers of funds by phone verification as part of the two-factor authentication using previously known numbers (not the numbers provided in the e-mail request), know the habits of your customers, including the details of, reasons behind, and amount of payments, and carefully scrutinize all e-mail requests for transfer of funds to determine if the requests are out of the ordinary.
Never assume a call requesting documentation or renewals are authentic. Some of these services are already offered for free, always check your certifications to see when renewals are due and realize many of these calls are not legitimate.
If you think you or your business has been scammed, call your financial institution immediately and your local FBI agency.”
One way to prevent spoofing is to add DKIM and SPF and finally DMARC. DKIM is a digital signature to outgoing message headers using the DKIM standard. This involves using a private domain key to encrypt your domain’s outgoing mail headers, and adding a public version of the key to the domain’s DNS records. Recipient servers can then retrieve the public key to decrypt incoming headers and verify the message is from you. Learn more about DKIM. Not all mail servers support the DKIM standard so it’s useful to set up SPF, or Sender Policy Framework records, too. These allow recipient servers to verify that messages addressed from your domain indeed come from a valid server.
This may all seems difficult but your email provider can help with Google and Microsoft having very simple and clear instructions to do all of these.
“Small businesses can protect themselves against cyber attacks by investing in clean email services that work in conjunction with cloud email providers like Gmail or Microsoft. These companies front end your corporate cloud mail services and filter out SPAM, Phishing and malware before it enters your email system. The second step is to install strong endpoint protection software that can stop ransomware from being installed. This software not only protects against like viruses but can block suspicious behavior on your endpoints before it can cripple your business.
A DDoS appliance protecting the Internet connection is the first line of defense. Appliances from vendors such as Fortinet or Radware are placed on customer premise as close to their Internet edge as possible. These devices can help identify and block most DDoS traffic. However, this solution falls short, with a DDoS attack that attempts to flood Internet circuits. The only way to protect against this type of attack is to have a device at the service provider or in the cloud. Infrastructure Access Control Lists (IACLs) can also be installed in routers and switches to detect suspicious network traffic patterns. Many companies believe they can hide behind a firewall, which can be easily hacked. A firewall is important, but not a panacea. DDoS attacks will continue due to the ease of execution. Companies must be prepared, constantly monitoring the network, and have a game plan to deal with attacks. With foresight, it is possible to both thwart an attack and defend against future ones.” Mike Baker, Founder and Managing Partner, Mosaic451
Braden Perry is a regulatory and government investigations attorney with Kansas City-based Kennyhertz Perry, LLC. Mr. Perry has the unique tripartite experience of a white-collar criminal defense and government compliance, investigations attorney at a national law firm; a senior enforcement attorney at a federal regulatory agency; and the Chief Compliance Officer of a global financial institution.
Bob Herman is the Co-Founder and President of IT Tropolis. He is an engineer with over thirty years of professional working experience. His areas of expertise include managed IT services, data protection, cybersecurity, cloud computing, technology implementations, project management, IT operations, business continuity, network topology, and virtualization technologies.
Carl Mazzanti is the Co-founder and Vice President of eMazzanti Technologies, a premier IT security consulting firm throughout the NYC Metro area and internationally, and a frequent business conference speaker and technology talk show guest.
Job Brown is the Web Team Leader and backend engineer for Wooden Blinds Direct. He is responsible maintaining the cyber-security of all nine sites under the Interior Goods Direct brand. He graduated with a first class degree in Software Engineering from the University of Huddersfield.
Kyle White is the CEO & Co-Founder of VeryConnect – Membership Management Software, and has a PhD in Computer Science from the University of Glasgow, Scotland. Kyle has worked in New Zealand, the East and West coasts of the USA and in mainland Europe in technical and project management roles.
Justin Lavelle is the Chief Communications Officer for BeenVerified.com, a leading source of online background checks and contact information. It allows individuals to find more information about people, phone numbers, and criminal records in a way that’s easy and affordable. BeenVerified.com helps people discover, understand, and use public data.
ROBERT SICILIANO, CSP, the #1 Best Selling Amazon.com author and CEO of IDTheftSecurity.com, may get your attention with his fun engaging tone and approachable personality—but he is serious about teaching you and your audience fraud prevention and personal security. Robert is a security expert and private investigator fiercely committed to informing, educating and empowering people so they can protect themselves and their loved ones from violence and crime in their everyday lives, both in their physical and virtual interactions. Robert, a Certified Speaking Professional with a “tell it like it is” style, is a favorite source for dozens of major media outlets, leading corporations and organizations looking for the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Robert is accessible, professional, and ready to weigh in and comment with down-to-earth insights at a moment’s notice on breaking news that affects us all.
Nick is the CEO of Curricula a cyber security training company that teaches organizations how to not get hacked. Nick is a Cybersecurity expert leading the Curricula team with their story based cyber security awareness training program. Helping organizations across the world change and improve their cybersecurity culture with engaging content and simulated phishing training program.
Darren Guccione is the CEO and co-founder of KeeperSecurity, Inc.creator of Keeper, the world’s most popular password manager, and secure digital vault. Keeper has more than 13 million customers and the business solution protects more than 4,000 organisations worldwide.
Eric Schlissel is the CEO of GeekTek, an LA-based managed IT/cybersecurity firm. With clients in law, medicine, manufacturing and cannabis GeekTek designs and implements IT solutions for rapidly scaling businesses. Possessing 20 years of entrepreneurial and investment experience, Eric is also a travel addict, aspiring bourbon connoisseur, and foodie-wannabe.
Ian McClarty holds an MBA from Thunderbird School of Global Management. He has over 20 years executive management experience in the cybersecurity and data center industry. Currently, he is the CEO and President of PhoenixNAP Global IT Services.
Cindy Murphy is a veteran expert in the field of digital forensics and incident response. As the president and co-founder of Madison, Wisconsin-based Gillware Digital Forensics, Murphy deals with ransomware intrusions, data theft, phishing, and hacking incidents affecting clients large and small on a regular basis.
Isaac Kohen is the founder and CEO of Teramind, an employee monitoring, and insider threat prevention platform that detects, records, and prevents malicious user behavior.
Mike is Founder and Managing Partner at Mosaic451, a managed cyber security service provider (MSSP) with expertise in building, operating and defending some of the most highly-secure networks in North America. Baker has decades of security monitoring and operations experience within the US government, utilities, and critical infrastructure. This year Mosaic451 was ranked No.376 on Inc. Magazines annual Inc. 5000 list and ranked No. 6 in the Security category.
Adnan Raja is the Vice President of Atlantic.Net, a trusted web hosting solution who offers HIPAA-Compliant, Dedicated, Managed and Cloud hosting. We’ve been around since 1994 and are experts in cyber threats and how to handle them.
Co-founder of Sensorpro: The Customer messaging & feedback platform to grow your business.
Keri Lindenmuth is the marketing manager at KDG, a tech solutions company that serves higher ed, nonprofits, and small businesses. The award-winning team at KDG has kept hundreds of clients safe from data breaches.
The ongoing controversy of the US election and the proliferation of fake news on platforms such as Facebook continues. Now we are discovering a Cyber Security and privacy slant, where a UK company, who specialise in changing audience behaviour has been found to be abusing Facebook’s API. This resulted in Cambridge Analytica gaining access to 50 million user profiles without the users or Facebook’s permission through a deal with a UK-based academic, Aleksandre Kogan, and his company Global Science Research. Although Cambridge Analytica claims no wrongdoing, Facebook has still suspended their access.
There are a few concerns here, one the abuse of millions of peoples privacy and exploitation of open API’s of companies. We are looking for banks and large organisations to open up their API’s to all businesses. This can allow smaller more innovative companies to create new and valuable services which will be great for society. The issue is that this is making privacy and security more challenging and creates a greater need for these to be front of mind for developers.
Secondly that it appears Facebook knew about this in 2015 but did not act then. Data breaches can take many forms and often are through avenues of abusing normal functionality. Understanding your privacy obligations and what threat scenario’s need to consider this particularly with key features of your API’s or applications. The need for organisations to take privacy more seriously is critical as when the information is out, particularly psychological profile information, we can’t just reset it like a password.
There is an ongoing challenge for online businesses who depend on website ads for revenue with users being told to protect themselves from malicious websites through using Adblockers. Remote scripts have become a valuable tool for delivering ads to websites because of their flexibility and ability to dynamically change depending on the ad campaign. Unfortunately, they are also being used more and more to inject malicious code into your website by hackers and Cybercriminals for the same reasons. Attackers use dynamic scripts to deliver malware and ransomware through attack tools called Web Exploit Kits.
This is why users are being told to use Adblockers to prevent attacks but they are very broad and can not distinguish between an Ad and an attack.
0 day vulnerability in SAML could lead to your SSO being hacked
A new SAML vulnerability could allow Cybercriminals to hack organisations Single-Sign-On to access private data. A flaw in the SAML protocol which is used by all SSO implementations from cloud providers and internal applications was discovered by Duo Security and the US-CERT. It allows an attacker to access users accounts without the need of their password thus not requiring a phishing campaign, they would simply directly exploit the SSO provider.
The Duo Labs technical report is available here. For the CERT/CC advisory click here.
Antivirus fails to protect Small Business for these 5 Reasons
All small businesses know they should be using antivirus and this often seen as a good first step to protecting your business from malicious software that will steal money from your banking account, or encrypt all your systems, therefore, holding you to ransom. However, it has been found, that cybercriminals are now improving and modifying this malicious software to defeat most of these products sometimes on an hourly basis. Often this results in an infected computer which has protection installed. This is why we developed a world-leading Security-Operation-Center in a box to give small business the capabilities of an enterprise (read more about our brAIn box).
Below we will explain 5 reasons why it doesn’t stop current infections and doesn’t mitigate all risks for small businesses.
1. They only test a subset of known viruses
Most of these products have a plethora of signatures of viruses that they have analysed over many years using them all every time would bring everyone’s computer to a halt much like a traffic jam. The challenge they face is that each of these signatures has to be run one after another on every single file on your computer it wants to check in a scan or when to execute a new file is run (most programs you use have hundreds of files that all need checked each time you run them). Over the time most of these vendors have been running, there have been hundreds of thousands of checks or signatures they need to use against every single file. This would mean that for a simple program to run on your computer it would result in it taking hours to load and run which is completely unusable to most people. As a result, only a small subset of these are possible to run and most will run only a small subset of signatures about 10000-20000 and look for the most recent. As the malware or virus changes, they may need to have 5-20 signatures for one type of ransomware or other malicious software. This means that they are only able to pick up maybe 20% of all the currently known viruses let alone all the new ones coming out on a daily basis. They need to do this to balance the usability vs detection balance.
This is not a problem for network-based security where we can run billions of signatures in the cloud without impacting your laptop. Check out our brAIn box.
2. There is a delay for new campaigns
When a new or unknown virus appears (referred to as being “in the wild”) and they start impacting people, it takes a period of time before a new signature is able to be created. They first need one of their products to pick up a strange behavior and send the sample of the suspected file in to be analysed or alternatively have it sent to them by a third party. These campaigns can occur on a weekly basis and are there are usually a number of new campaigns for banking trojans (malicious software waiting for someone to connect online to their bank and stealing their money) or Ransomware. These can take days if not weeks to be able to be detected and this leaves a window of opportunity in which is too late for most organisations. Their behavioral and heuristic detections are being bypassed and tricked so not always able to detect the new threats and only if configured as per point 3.
Through our extensive community of users, we can see patterns in interactions with the internet before an attack happens and quickly identify malicious files involved in this before they cause damage. Check out our brAIn box.
3. Organisations don’t enable active scanning due to performance issues
In most cases, organisations will not enable it to actively scan any running program but only scan every night to reduce the impact on their users. This will often result in the most serious threats such as Ransomware already impacting the business and caused damage before running. Having a security solution that gives you the protection you need without impacting your business performing as needed is key for small businesses to compete with peers.
Network-based security takes the load off your servers and mission-critical systems but still provides the security you need. Large banks and financial traders have used this security capability for decades. Check out our brAIn box.
4. Not all attacks on are virus based
Although we hear about Ransomware and infected systems there are many attacks which are either based off phishing which allows attackers to steal user’s legitimate credentials to email and systems or have security vulnerabilities that are directly exploited by cybercriminals. This is not able to be protected by an anti-virus solution. Small businesses need to have something that checks all there computers to ensure they have the latest software and not at risk of being hacked.
When a file is not used your antivirus is sitting around delivering no value. Complementing this with an advanced AI enhanced network-monitoring can identify fileless malware and help you stay ahead of the criminals. Check out our brAIn box.
5. Most criminals test their attacks against popular antivirus products.
Most of the malware criminals use in new campaigns against businesses are tested in what they call farms which tests their new attacks against the majority of products on the market to ensure that they are effective before they are sent to you. This in addition to the use of small batches means that often they are undetectable for a while due to issue 2 the delay in companies getting signatures. With a smaller batch that is tested to not be detected, it takes the vendors longer to get a sample and create a signature.
Our detection capabilities are in our cloud, not a piece of software any criminal can download. Check out our brAIn box.
Overall it can be a useful tool for small business to have installed however it is only one small subset of the capabilities small businesses need, to protect themselves against the threats they face from cybercriminals. They need to have more advanced and adaptive products that can analyse and detect evolving threats and at a network layer as well as on individual computers, looking for more than just the files. They need to be predictive of new attacks and campaigns which is why we have created the “brAIn box” to help identify internal vulnerabilities of systems which would not be identified by antivirus or traditional controls such as firewalls, as well as monitoring for new and previously unknown viruses or malware through AI and advanced machine learning.
To see a new way to manage security from these threats see our “brAIn box“, or feel free to sign-up for our mailing list.
Here are some good (some free) AV products we have used: