Posts

Drive-by Downloads

This post is part of our Cyber Threat Series.

The Challenge:

Drive-by downloads are exploit kits that download invisibly from infected websites. These websites may be malicious sites built for malware distribution or trusted sites infected by hackers. Many of these attacks take advantage of weaknesses in popular software and tools, including video players, Java, and Adobe Reader.

Downloads may install and run other malware or may themselves be malicious. Many drive-by downloads install cryptoware, or ransomware, that encrypts files and holds them for ransom.

What to Do:

User education and web protection are the best protection from drive-by downloads. Cyber-aware users understand the risks and can avoid malicious links and sites. Web protection can prevent unexpected downloads and malicious behavior from reaching your systems and users.

DNS protection and secure DNS services provide additional protection by preventing impersonation, hijacking, and domain level attacks.

 


Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.


 

Data Protection

The Protection We Are Missing

Data ProtectionBack in 2006, the big problem with email was SPAM.  Unwanted messages pushing “healthy pills” and cell phone deals inundated our mailboxes and clogged our Internet connections.  At times, over 90% of all email traffic reaching our local servers was unwanted junk. We fought back and, for a long time, won the battle. With tools like Postini (purchased by Google and part of Gmail since 2008), we were able to block spam and email viruses “in the cloud” before they reached our email servers and services. And while spammers became more sophisticated, our technologies were able to keep up.

Over the past year or so, however, we have clearly lost ground. It feels like we are back to square one.

Spam and malware attacks via email are on the rise. This time around, the consequences can be disastrous. Blocking unwanted emails about supplements is still needed, but cryptolocker, ransomware, and destructive malware can destroy your data and your business.

What happened?

We see a convergence of several factors leading to the increase in successful malware attacks.

The IT Industry Became Complacent

Antivirus and email security vendors wrongly assumed that their existing models of protection were capable of keeping up with new types of threats.  For nearly a decade, this assumption held true. Cyber-criminals study and understand how to exploit weaknesses in our existing protections; they build malware that goes undetected by our traditional methods of discovery. Our industry was slow to recognize that systemic changes were needed to stay on top, and ahead, of the game.

We Face New Threats

To stay ahead of anti-virus protections, malware has grown up. A new class of malware, known as Advanced Persistent Threats, exists. On average, APTs sit on systems and networks for more than 4 months before activating. During this time, they periodically test the system security and protections. They learn how to act to avoid detection. While our legacy protections are watching the doors and windows, the threat is hiding under the bed.

Humans Deliver the Goods

Cyber-criminals have learned that human nature is easier to exploit than technology. They now send us messages and present web pages that look and feel valid. We are willing but unknowing accomplices when click links and install malware on our systems from fake emails and web sites. The human instincts to help and trust readily betray us when we are not careful.

We Assume our Vendors do the Work

Both Microsoft and Google tell our customers that their email and other information in the cloud gets backed up. What they do say is that these backups are to maintain service reliability and not to protect us from damage or loss due to application or human error. We hear “data backup” and we assume our protection is greater than the reality. This assumption holds true when we are told about built-in protections against cyber-threats.

We focus on Cost not Value

Cloud computing drives down cost perception faster than it drives down cost. Major cloud players wage periodic price wars. Cloud services like Office 365 and G Suite continually add new capabilities without increasing prices. We do not expect, and do not want, to pay for extras. You are as likely to fall victim to ransomware from a corrupt or hacked web site than by clicking on an email attachment. While nearly all of our customers protect email, fewer than 5% protect web traffic. Web protection is added cost that does not appear to have value until after the cyber attack.

Good News: We Have Solutions

While we have created a bit of a mess, we do have options. Innovative vendors have built new solutions that affordable confront and address the new wave of threats. Using the power of cloud, some vendors have radically improved their solutions while others have taken a step back and built new, strategic solutions. To protect your business, you need to protect your email service and your web browsing.

  • Web protection should scan and analyze all web traffic, intended (page you click) and unintended (the auto-start video stream, cookie update, etc.) for all web traffic from any device you use.
  • Email protection should pre-screen (open and validate) links and attachments in a sandbox (safe environment) before allowing messages to reach your inbox.

The solutions are affordable, are easy to manage, and can be up and running in no time. A dollar of cost can protect against thousands of dollars loss.


For more information, or a free assessment and set of recommendations for your business, contact us today.


 

MS Office 365

The Best Unknown Add-on for Office 365

MS Office 365Microsoft Office 365, from the entry level Exchange Online plans through the Business and Enterprise plans, includes a robust infrastructure for spam/virus protection. As we have blogged about on numerous occasions, cyber attacks continue to get more sophisticated and are using social engineering to trick and trap more people than ever.

Advanced Threat Protection

Advanced Threat Protection (ATP), a little know add-on for Exchange Online and Office 365, offers additional protection against cyber attacks. Using a secure “sandbox”, ATP tests and validates links within email messages and tests attachments for malware and other threats before the message makes it to your inbox. With minimal latency, ATP can block messages or strip them of the offending item(s).

With the increasing threats of ransomware and identity theft, ATP is well worth the nominal per user fee.


If you want to add ATP to your ecosystem, please contact us.


 

News from Cumulus Global

SMBs Benefit from Tech and Policy Mashup

Westborough, MA – Faced with increasing regulations and a changing technology landscape, small and midsize businesses (SMBs) struggle to ensure compliance and maintain data privacy. With the sophistication of rasonmware attacks and advanced persistent threats, employee awareness and behavior is more important than ever. Cloud technology makes it easier to share, even when sharing is not appropriate.

To help SMBs tackle these challenges, Cumulus Global (www.cumulusglobal.com) and Privacy Ref (www.privacyref.com) announced a unique partnership designed to help SMBs assess their needs and risks, plan and implement sound privacy practices, and respond to threats and potential breaches.

“Smaller businesses face the same regulations and requirements of large corporations,” noted Bob Siegel, Founder and President of Privacy Ref. “SMBs generally do not have the internal resources and expertise to create and manage a privacy program. This partnership gives SMBs a place to turn for guidance, expertise, and results.”

In addition to privacy assessments and policy updates, the Privacy Education Programs provides SMBs with the awareness education and training needed to ensure employees understand the risks and their role in preventing attacks and breaches.

“Our role is to ensure businesses can avoid and prevent malware attacks and data breaches,” noted Allen Falcon, CEO and Pragmatic Evangelist at Cumulus Global. “We ensure that the protecting technology, policies and procedures, and people are working together for the greatest level of protection.”

Through the partnership, SMBs also gain access to a range of data protection and recovery services and tools. These tools help prevent attacks and breaches and facilitate response and recovery if needed.

Rethinking Risks and Responses

Malware, Ransomware, Natural Disasters and More Keep Hitting SMBs Hard

Never have we had a greater ability to work together to get things done than we do right now. As our cloud and hybrid environments expand, the ease-of-use encourages us to share ideas and information and to collaborate in new and exciting ways.

Never have we been under attack from so many directions. Changing weather patterns and aging infrastructure leave businesses without power for days instead of hours. Fading employee loyalty means more chances for information to walk out the door. The same features that let us easily share information also let us accidentally share information we shouldn’t. Malware and viruses have evolved from a nuisance to potentially existential threats with the increase in ransomware and advanced persistent threats.

Our Businesses, Employees, and Customers Need and Expect Protection

With the risks and impacts on the rise, we as small and midsize business owners and technologists should rethink how we both prepare and respond. Since the dawn of business computing, large enterprises have built expensive solutions to ensure that their businesses keep running “no matter what”.  Now that we are in the cloud, and solutions are incredibly affordable, we need to adopt the same approach.

Business continuity is no longer just being able to keep your business running after a disaster.

Business continuity means that you are able to prevent business disruptions and distractions, regardless of the cause. Business continuity means …

  • You actively work to minimize the chance of a ransomware attack, and that you can respond and recover quickly should it happen.
  • You have systems and procedures in place to prevent data loss and privacy breaches, and that you can detect and mitigate issues quickly and effectively.
  • You and your team are no longer tethered to the hardware, Internet access, and electricity in your offices.

For SMBs, now is the time to consider the tangible and intangible costs of business interruptions of all types and to see the value in solutions to prevent and recovery. Understand the value proposition of that goes beyond dollars and cents to include the customer relationship impact and the toll that business disruption has on your team.

Food for Thought:

The Cost of Ransomware

The cyber criminals behind ransomware see their efforts as a volume business.  Charge too much, and victims will not pay. Targeting businesses and organizations in wealthier countries and in cities where people and businesses are most likely able to pay, the typical ransom is often about $500.  More recently, we have heard of ransoms between 1 and 2 bitcoin (about US$600 to US$1300).

The ransom is only part of the cost

Every victim loses productivity from the start of the attack until it is fully resolved. Whether or not you pay, you still need to conduct a full sweep of all of your systems to ensure the ransomware has been removed. Otherwise, you risk reinfection.

For organizations that pay the ransom, they still suffer the time and cost of decrypting and validating files, a process that can consume days or weeks of IT resources. If you choose not to pay, you have the cost of recovering data from before the attacks and re-creating lost information across all of your servers, systems, and applications. We recently spoke with a company that lost less than 6 months of data. After three months, they are still working to recreate lost files and transactions as they have no way of knowing if they have missed any.

A ransomware attack can cost tens of thousands of dollars to clean up. Attacks may also damage valuable customer and vendor relationships and result in higher bookkeeping, accounting, and legal fees.

A dollar of prevention ….

The costs associated with prevention and the ability to recover quickly (should an attack breach your defenses) is relatively minor. The value of prevention and preparation is well worth the cost.

Learn more …

You can protect your business against ransomware attacks. In our new eBook, a Business Guide to Ransomware, you will learn how malware spreads, the different types of ransomware proliferating today, and what you can do to avoid or recover from an attack. Hiding your head in the sand does not work, because today’s ransom seekers play dirty. Make sure your organization is prepared.


For a 1:1 consultation and assessment of your risk, contact us today.


Be Ready for Ransomware

Ransomware continues to emerge as a major threat to individuals and businesses alike. Ransomware, a type of malware that encrypts data on infected systems, has become a lucrative option for cyber extortionists. When the malware runs, it locks victims’ files. The cyber criminals demand payment in return for the decryption key needed to release the files.  

You are probably well aware that ransomware is a hot topic in the news these days as attacks target all types and sizes of organizations. Small businesses are particularly vulnerable to attacks as ransomware is on the rise. Researchers identified more than 4 million samples of ransomware in Q2 of 2015, including 1.2 million new samples. That compares with fewer than 1.5 million total samples in Q3 of 2013 (400,000 new).

The rate of attacks is also on the rise. While Q1 2015 had a 165% increase in ransomware attacks from the prior quarter, the number of ransomware attacks in Q1 2016 was 300% greater than Q4 2015.

Cyber criminals distribute ransomware in a variety of ways. Protection is difficult because, just like the flu virus, ransomware constantly evolves. Between 14% and 17% of attacks in Q1 2016 were new variants, indicating that cyber criminals continue to be creative in finding new ways to do harm.

Over $325 Million was paid by businesses to recover their data in 2015. This number is expected to exceed $1.2 Billion in 2016. The real cost might be 3 times or 4 times these figures when the labor and lost productivity is added up.

You can protect your business against ransomware attacks. In our new eBook, a Business Guide to Ransomware, you will learn how malware spreads, the different types of ransomware proliferating today, and what you can do to avoid or recover from an attack. Hiding your head in the sand does not work, because today’s ransom seekers play dirty. Make sure your organization is prepared.


For a 1:1 consultation and assessment of your risk, contact us today.