Does this sound familiar? On June 27, news outlets began reporting on a ransomware attack that was spreading like wildfire, hitting over 300,000 devices across over 150 countries and counting. The attack utilized the EternalBlue exploit that was stolen from the NSA and released by the group Shadowbrokers, targeting SMB vulnerability CVE-2017-0144 to spread across multiple systems.
Immediately following the WannaCry attack, CISOs started to examine ways they could improve their ransomware defenses (we described the deception solution in our recent blog Deception Derails Ransomware: WannaCry Analyzed by Attivo Labs.)
Following the initial attacks, TrendMicro has seen three new entries, UIWIX, Adylkuzz and EternalRocks, come onto the scene leveraging the same core set of vulnerabilities.
We asked 25 security professionals to provide us with some examples of use cases where they are helping clients secure applications and data. Here’s what they told us:
1) We ensure apps that manage valuable data (personally identifiable information, healthcare data) are secure. We see data dumps of SQL databases from insecure apps on the dark web all the time. We help customers identify their high-risk applications, identify the kind of data at stake, and evaluate the risk to the company. We prioritize and put the appropriate testing in place to protect customer data managed by the web app. 2) Hackers are using apps to break into internal networks of corporations. Any app poses a risk if someone can access your mainframe through it. We help clients identify the risk of their apps.
As ransomware attacks continue to claim hundreds of thousands of victims, organizations are scrambling to figure out if their current security tools can effectively stop, detect, and remediate large-scale ransomware attacks.
While the major WannaCry ransomware attack was stopped by an uncovered kill switch, experts fear a resurgence of new strains without such shortcomings. Now, more than ever, organizations across all industries need to strengthen their defenses against these aggressive and damaging attacks.
Attivo Networks challenged not only healthcare, but all industries to take immediate steps in the wake of Friday’s global ransomware attacks. “It’s not only the sheer magnitude of the attacks, but also that hackers are now crossing ethical boundaries,” says Tushar Kothari, CEO of Attivo Networks. “Friday’s attacks signify a change in ransomware attacks from holding files hostage to creating situations that impact human safety.”
LONDON — Hackers using a tool stolen from the United States government conducted extensive cyberattacks on Friday that hit dozens of countries around the world, severely disrupting Britain’s public health system and wreaking havoc on computers elsewhere, including Russia.
Hospitals in Britain appeared to be the most severely affected by the attacks, which aimed to blackmail computer users by seizing their data. The attacks blocked doctors’ access to patient files and forced emergency rooms to divert people seeking urgent care.
Kaspersky Lab, a Russian cybersecurity firm, said it had recorded at least 45,000 attacks in as many as 74 countries.
The two newest versions of Android are vulnerable to a permissions feature being exploited by ransomware and banking malware.
Security firm Check Point has examined Android’s permission model and discovered it contains an odd bug that has become a favorite tool for ransomware, adware, and banking trojans to hijack victims’ screens with phishing pages and extortion demands.
This problem stems from an extremely sensitive permission in Android 6.0 Marshmallow, the most widely used version of Android, called SYSTEM_ALERT_WINDOW. The permission allows an app to create windows that overlay all other apps.
Ransomware attacks on businesses around the world rose 50% last year, research into successful cyber-breaches shows.
Its popularity means malware is now responsible for 51% of all the incidents analysed in the annual Verizon data breach report.
This analyses almost 2,000 breaches to find out how firms were caught out by cyber-thieves.
It also found that measures taken by some firms after payment systems were targeted, stopped new breaches.
According to a new study by Trend Micro, there is a reason ransomware continues to dominate the security news cycle. The study found that new ransomware families increased a whopping 752% in 2016. The report adds that the availability of open source ransomware and ransomware as a service (RaaS) will continue to make it easier for cybercriminals to run turnkey ransomware attacks. While it may be a challenge to find the money for ransomware prevention, the old adage “you can pay me now or pay me later” certainly comes to mind here. If you can’t find the budget to protect against ransomware, you may ultimately still find yourself paying in the long run. The findings shared here, can be useful as supporting budget justification.
The first three installments of the Cyberthreat Defense Report (CDR) began the process of looking beyond major breaches and the never-ending evolution of cyberthreats to better understand what IT security teams are doing to defense against them. Let’s face it. We all know that ransomware ran rampant in 2016. More valuable to most IT security professionals than the intimate details of the next variant to emerge on the scene are the tactics and technologies other organizations are using to defend against it.