Tag: Malware

10 Cybersecurity Myths

December 20, 2018 · Leave a comment ·

A new infographic by Varonis, titled “10 Cyber Security Myths Putting Your Business at Risk” identifies what is the myth and what is the reality. If you are like most small business owners, you probably aren’t a digital security expert. So, having a look at this infographic may be the best way to identify weaknesses in your security protocol.

With small businesses increasingly becoming targets of cyber-attacks, it is extremely important for owners to stay abreast of the latest developments in digital security.

On the official Varonis blog, Senior Director of Inbound Marketing Rob Sobers writes, “The proliferation of high-profile hacks in the news cycle often tricks small- and medium-sized businesses into thinking that they won’t be targets of attack.”

But this may not be the case, Sobers warns. Staying in the know makes it much harder for you to fall victim to the relentless attacks by cybercriminals.

Sobers ads, “If you or your employees believe any of the myths below, you could be opening up your business to unknown risk.”

strong-passwords-myth

The number one myth listed on the new infographic? ‘A strong password is enough to keep your business safe’. Although a strong password is important — and certainly better than ‘Admin1234′ — you need to do more.

Having a two-factor authentication and data monitoring adds another level of protection. And adding this layer of protection is in many cases enough to drive the average hacker to look for easier targets.

small-businesses-hacked-myth

Another myth listed on the infographic? “Small and medium-size businesses aren’t targeted by hackers. This is obviously false because hackers are opportunists who will target anyone as long as they can benefit from it. And small businesses are not excluded from this.

The 2018 Verizon Data Breach Investigations Report has revealed 58 percent of data breach victims are small businesses, so the idea the size of your business might exclude you is definitely a myth.

Cybercriminals hack computer systems for a variety of reasons. Once they breach your security, they could use it to launch a DDoS attack, use your IP address for other nefarious purposes and more.

industries-vulnerable-hacking-myth

Much like some businesses believe they won’t be attacked because of their size, other businesses wrongly assume that they won’t be attacked because of the industry they’re in. This myth also goes hand-in-hand with the belief that some companies don’t have anything “worth” stealing. The reality is that any sensitive data, from credit card numbers to addresses and personal information, can make a business a target.

What’s more, even if the data being targeted doesn’t have resale value on the dark web, it may be imperative for the business to function. Ransomware, for example, can render data unusable unless you pay for a decryption key. This can make attacks very profitable for cybercriminals, even if the data is deemed “low value.”

anti-virus-myth

Anti-virus software is certainly an important part of keeping your organization safe — but it won’t protect you from everything. The software is just the beginning of a comprehensive cybersecurity plan. To truly protect your organization, you need a total solution that encompasses everything from employee training to insider threat detection and disaster protection.

insider-vs-outsider-threats

While outsider threats are certainly a concern and should be monitored extensively, insider threats are just as dangerous and should be watched just as closely. In fact, research suggests that insider threats can account for up to 75 percent of data breaches.

These threats can come from anyone on the inside, from disgruntled employees looking for professional revenge to content employees without proper cybersecurity training, so it’s important to have a system in place to deter and monitor insider threats.

IT-cybersecurity-responsibility

While IT has a big responsibility when it comes to implementing and reviewing policies to keep companies cyber safe, true cybersecurity preparedness falls on the shoulders of every employee, not just those within the information technology department.

For example, according to Verizon, 49 percent of malware is installed over email. If your employees aren’t trained on cybersecurity best practices, like how to spot phishing scams and avoid unsafe links, they could be opening up your company to potential threats.

public-wifi-password-myth

If your business has employees who travel often, work remotely or use shared workspaces, they may incorrectly assume that a password keeps a Wi-Fi network safe. In reality, Wi-Fi passwords primarily limit the number of users per network; other users using the same password can potentially view the sensitive data that’s being transmitted. These employees should invest in VPNs to keep their data more secure.

computer-infected-myth

A decade or so ago it may have been true that you could tell immediately if your computer was infected with a virus — tell-tale signs included pop-up ads, slow-to-load browsers and, in extreme cases, full-on system crashes.

However, today’s modern malware is much more stealthy and hard to detect. Depending on the strain your computer or network is infected with, it’s quite possible that your compromised machine will continue running smoothly, allowing the virus to do damage for some time before detection.

BYOD-security-myth

Employees often assume that their personal devices are immune to the security protocols the company’s computers are subjected to. As such, Bring Your Own Device (BYOD) policies have opened up companies to the cyber risk they may not be aware of. Employees who use their personal devices for work-related activities need to follow the same protocols put in place on all of the network’s computers.

These rules aren’t limited to cell phones and laptops. BYOD policies should cover all devices that access the internet, including wearables and any IoT devices.

cybersecurity-preparedness-myth

Cybersecurity is an ongoing battle, not a task to be checked off and forgotten about. New malware and attack methods consistently put your system and data at risk. To truly keep yourself cyber safe, you have to continuously monitor your systems, conduct internal audits, and review, test, and evaluate contingency plans.

Keeping a business cyber safe is a continuous effort and one that requires every employee’s participation. If anyone at your company has fallen victim to one of the myths above, it may be time to rethink your cybersecurity training and audit your company to assess your risk.

cybersecurity-business-myths-inforgaphic

Source: Varonis, Smallbiztrends

Android Menace – MALICIOUS APPS

September 13, 2012October 21, 2015 · 1 Comment ·

Android Menace – MALICIOUS APPS:

In June 2012, the number of Android malware threats increased to a whopping 25,000 samples. More specifically, 5,000 new malicious Android apps were found in Q1 2012 while 15,000 were found so far in Q2 2012. Put another way, in all of Q1 2012, the number jumped by 5,000, while just one month in Q2 2012 was responsible for another 10,000.

The data come from Trend Micro, which originally predicted the number would hit 11,000 by this time of the year. It turns out the company has found closer to 25,000 Android malware samples in the wild, so far.

Various tactics cyber criminals use to trick users into downloading malicious apps. Official Android app store Google Play became host to infected apps. Fake versions of Skype, Instagram, Angry Birds Space, Farm Frenzy, and other legitimate apps were used to send messages to premium numbers at the users’ cost. Users’ curious nature was monetized by spying apps like Spy Tool and Spy Phone Pro+. The particularly sophisticated BotPanda strain opens rooted devices for remote access while hiding its routines

The security firm Trend Micro elaborated a bit on the top malware types and released a corresponding infographic:

The last statistic mentioned above is that one in five Android devices has a security app installed.

source: Trend Micro, ZDnet

Mobile Security: 10 Simple Things You Can Do

August 17, 2012October 21, 2015 · 1 Comment ·

Mobile Security: 10 Simple Things You Can Do:

BYOD (Bring-Your-Own-Device) concept is a popular trend in recent times. As per surveys just 23 percent of enterprise employees are using company sanctioned mobile devices, remaining 77 percent of employees using their own devices.

Mobile devices are more prone to malware attacks compared to earlier. Either you are using your personal mobile device or company sanctioned mobile device at work, you should be aware of latest security threats.

To understand the threat better, it’s important to review the stats found in recent study of IT Professionals:

51% organizations had experienced data loss, 59% organizations experienced an increase in malware infections as a result of insecure mobile devices in the workplace.
Found 59% employees circumvent or disengage mobile security features, such as passwords and key locks, on corporate and personal mobile devices.

A single successful mobile attack can open the door to possible identity theft or worse, results in financial loss to either you or your organization.

Most of the mobile devices vulnerable because of the apps, users use to download from the internet.

In case of iPhone Apple strictly controls and inspects its App store which apps are approved for listing, but it’s not clear exactly what security measures they are checking for.

Android is more open with more distribution channels including third-party market places. Security researchers startled to find that Android malware (malicious apps) grew 3,325 percent in 2011 alone.

App store have been very quick to remove malware once discovered, but that is typically after the damage is done.

F-Secure has found that between Q1 2011 and Q1 2012, the number of Android malware families has increased from 10 to 37, and the number of malicious Android APKs has increased from 139 to 3,069.

For full F-Secure mobile threat PDF report, check the below link:

http://www.f-secure.com/weblog/archives/MobileThreatReport_Q1_2012.pdf

It’s time to start protecting our smartphones just like we all learned a decade ago to protect our laptops and PCs from online threats and to think seriously after looking at the sobering facts on rising mobile attacks.

10 Ways to Secure Your Mobile Gadget:

1. Use Password protected access controls:

All mobile devices come with the ability to set a lock requiring a passcode or pattern for access. Some mobile users don’t employ even this basic safety feature! It may take you a couple extra seconds to unlock your smartphone before using it, but it could take a thief a very long time to figure out your PIN.

PINs aren’t the only locking mechanisms in use.

Grid-based pattern locks work fine, but they leave smudge marks on the touchscreen that may be easier to guess than passwords.

Some devices are rolling out facial recognition as an access mechanism, but this technology isn’t perfected yet so it’s not recommended.

2. Control Wireless Network & Service Connectivity:

Turn Wi-Fi off completely and turn it on only when you need it, which will also save your battery power.

It’s safest to set your phone to automatically connect only to your trusted networks, and to ask you before connecting to any other network it finds. The general rule is to limit your phone’s automatic connection capabilities to just the networks that you know.

Select Bluetooth connectivity option also manual.

3. Control Application Access & Permissions:

Many of the apps store sensitive data that must be protected.

Most of the apps require a network connection to operate. They may store data in the cloud, constantly track your location, or push updates to your smartphone. Get to know the permission settings of each app or service and what data or systems they access. You may be permitting services to access your phone without prior approval, or your apps may be pushing alerts and updates when you aren’t specifically requesting them. You can restrict all notifications at once by looking under your device’s settings.

Turn off location based services entirely as well, so your phone isn’t constantly broadcasting your GPS location, no matter which apps request it.

4. Keep Your OS & Firmware Current:

Your device has an operating system that runs all of its apps and services, as well as firmware which runs the device hardware itself. It’s definitely important that you routinely accept the major updates from Apple, Google, or whoever the manufacturer is.

Criminals are innovative; their attacks are at an alarming rate, with growing sophistication. Connect often and download security patches and other minor updates that are released to block the latest exploits. Most of these updates will be free of charge. No manufacturer wants a major attack to cripple its users, so they have a vested interest in helping you stay up-to-date.

Android users currently using outdated firmware and OS versions that can’t be updated due to hardware incompatibility. Upgrade your device every couple years, if and when promotions are offered by your carrier.

5. Back Up Your Data:

Small and compact, mobile devices are easy to lose or steal. Take time to backup your data, it is useful in case your phone lost, stolen or corrupted. Take data backup daily, weekly or monthly depends on your mobile usage.

6. Wipe Data Automatically if Lost or Stolen:

Enroll your phone in a “find my phone” service. It will help you to locate your device when it is lost or stolen. These services typically have the ability to wipe your phone data remotely.

On some devices you can add extra protection such as a total device reset if the PIN is guessed incorrectly a certain number of attempts.

7. Never Store Personal Financial Data on Your Device:

As a behavior that all mobile users should adopt, this one is pretty straightforward. Never store personally identifiable information such as such as Social Security Numbers, credit card numbers, or checking account numbers on your smartphone, especially in text messages.

8. Beware of Free Apps:

The problem is, more and more free and innocent apps are trying to make money from their offerings, so sometimes they track your personal information with limited disclosure or authorization, then sell your profile to advertising companies. The app developers in question may not even be aware of their privacy violations – leaking your location, gender, age and other personal data to embedded mobile ad networks while in the pursuit of revenue. Free apps are just wrappers for malware, unfortunately.

9. Try Mobile Antivirus Software or Scanning Tools:

The well-known PC antivirus vendors are now offering similar services to mobile users that scan and protect your smartphone just as they did your desktop.

Some even offer additional mobile security services such as download protection, SMS/call-screening services, parental controls, and anti-phishing features.

10. Use MDM Software:

Mobile Device Management or MDM is being increasingly employed by IT departments to secure, manage and support all mobile devices that are authorized to access enterprise networks. These services control and protect sensitive and confidential business data by distributing mobile application.

The goal of MDM is to optimize the functionality and security of your mobile computing experience, not to impede the way you like to work.

If your organization doesn’t offer MDM, there are other options like SIM card locks and credential storage functions protect the phone by requiring a passcode to use network dependent services, and operate similar to screen/key access PINs. SIM locks prevent anyone from making unauthorized calls with your smartphone, or from removing your SIM and using it in another phone.

source: veracode,f-secure

lakkireddymadhu

Mad's World