Category Archives: Antivirus Vendors

Antivirus Vendors

Panda Security

How to avoid hacking to Critical Infrastructure

panda-security-infrastructure

The cyber-attacks on the backbone of today’s economies are materialized in those assaults that affect society as a whole. The strategic priorities of national security include infrastructure exposed to the threats that can affect the operation of essential services.

PandaLabs, Panda Securitys anti-malware laboratory, has released a whitepaper called “Critical Infrastructure: Cyber- attacks on the backbone of today’s economy” with a timeline of the most notorious cyber-security attacks around the world on critical infrastructure, and recommendations on how to protect them.

Malware and targeted attacks aimed at sabotaging these networks are the main threats to critical infrastructure. Oil refineries, gas pipelines, transport systems, electricity companies or water supply control systems all form part of a technologically advanced industry where security failures can affect the whole of society.

Malware and targeted attacks

Today’s increasing trend towards interconnecting all types of infrastructure also increases potential points of entry for attacks on the services that have become essential for today’s societies.

This is apparent with the cyber-attacks that have been carried out in the past against these networks, the first of which took place in 1982, even before the Internet existed. In this case, attackers infected the systems of a Siberian oil pipeline with a Trojan.

critical-infrastructure-pandaIn addition to paralyzing and reducing services, which was what happened to the Venezuelan oil company PDVSA when it was hit by an attack that reduced production from 3 million barrels a day to 370,000, such attacks can also have a significant financial impact. One of the largest car manufacturers in the USA was left with losses of around US$150 million thanks to an attack using SQLSlammer, which spread rapidly and affected 17 production plants.

The threat is real

panda-security-crtical-infrastructureOne of the most infamous cases of cyber-attacks on critical infrastructures in history was Stuxnet. It is now known that this was a coordinated attack between the Israeli and US intelligence services, aimed at sabotaging Iran’s nuclear program. The case became the catalyst that made the general public aware of these types of threats.

Over the years there have been key events that have marked turning points in global security, such as the 09/11 attacks. In Europe, there was a similar key date, March 11, 2004, the date of the Madrid train bombings. As a result, the European commission drew up a global strategy for the protection of critical infrastructure, the ‘European Programme for Critical Infrastructure Protection’, which includes proposals to improve Europe’s prevention, preparation and response to terrorist attacks.

How could these attacks have been avoided?

The technical characteristics and the high level of exposure of data that can be stolen means that special care needs to be taken in protecting these infrastructures, including a series of good practices, such as:

  • Checking systems for vulnerabilities.
  • The networks used to control these infrastructures should be adequately monitored and, where necessary, isolated from external connections.
  • Control of removable drives is essential on any infrastructure and not just because it has been the attack vector for attacks as notorious as Stuxnet. When protecting such critical infrastructure, it is essential to ensure that malware doesn’t enter the internal network through pen drives or that they are not used to steal confidential information.
  • Monitoring PCs to which programmable logic controllers (or PLCs) are connected. These Internet-connected devices are the most sensitive, as they can give an attacker access to sensitive control systems. Moreover, even if they don’t manage to take control of a system, they can obtain valuable information for other attack vectors.

In light of this panorama, protection against advanced threats and targeted attacks is essential. Adaptive Defense 360 offers comprehensive security against these attacks and provides companies with all they need to defend themselves and close the door on the cyber-security vulnerabilities that can, in the end, affect us all.

Download the infographic “Cyber-attacks on the backbone of today’s economy” here.

Download the Whitepaper:

international

International Edition

 

Russia

Russian Edition

 

PortuguesePortuguese Edition

 

swissSwiss Edition

 

The post How to avoid hacking to Critical Infrastructure appeared first on Panda Security Mediacenter.

Avast

An in-depth look at the technology behind CyberCapture

 CyberCapture_Blog.png

Earlier this summer, we told you about our proprietary CyberCapture technology. CyberCapture is a vital component of the Avast Antivirus Nitro Update, providing users with increased speed and a higher level of protection against zero-second attacks. In this post, I’d like to dive deeper into the engineering behind CyberCapture and explain the components that give the feature its technical integrity.

In essence, CyberCapture is a cloud-based smart file scanner. In order to provide immediate analysis, CyberCapture automatically establishes a two-way channel of communication with the Avast Threat Labs while securing suspicious files on the user’s PC until analyses are completed. Once a file has been isolated, our team can clear away all the false code, misdirection, obfuscation, and other stuff malware creators use to mask malware’s true intentions. By doing so, CyberCapture is able to dissect malicious file, observe the binary level instructions inside the malware, and understand the true purpose hidden within it.

Panda Security

How To Evaluate a Next- generation Endpoint Protection

Adaptive-defense-document

We are lately seeing blogs attempting to publicly demonstrate that next-generation protection solutions, like Adaptive Defense, are vulnerable. These proofs of concept aim to demonstrate that there are malicious files that evade detection when reaching a system or attempting to run. The problem with these demonstrations is that the writer expects the malicious files to be stopped before being run. But that’s a mistake, and reveals a clear misunderstanding of this new protection model based on the continuous monitoring of process activities.

To be truly effective, a next-generation solution must provide continuous protection against all types of attacks. This means that it must offer continuous prevention, detection at runtime, visibility into every action taken, and intelligence to block malicious actions such as lateral movements.  It is not enough to provide detection at file level based on a list of malware files. Efficient security means being able to protect systems before, after and during an attack.

The cyber-security ‘war’ goes beyond the ‘battle’ of detecting malicious files when they reach a computer or attempt to run. It will be won by whoever is capable of efficiently, seamlessly and unobtrusively monitoring every process running on devices, blocking those that, despite being apparently and initially harmless, show malicious behaviors. Today’s malware is extremely sophisticated and should never be underestimated. But not ony that…

Protection is not only about detecting threats before, after and during an attack, it is also remeadiation and prevention.

That’s why a next-generation solution must also include response and remediation capabilities. These products are known in the security sector as EDR (Endpoint Detection and Response) solutions, and they incorporate forensic analysis tools capable of tracing every action taken on the endpoint in order to remediate and prevent present and future attacks.

Why past methodologies are no longer valid

Panda Adaptive Defense integrates all of those features into a single Next-Generation protection solution based on continuous monitoring, and which provides prevention, detection, visibility and intelligence to block known and unknown attacks. In addition to continuous monitoring via hundreds of sensors, Adaptive Defense also provides forensic analysis tools for efficient remediation and prevention.

When  you read these proofs of concept, you must understand that they are not real. The fact that a security solution doesn’t detect a file as malware at the time of reaching a system doesn’t mean that it is not efficient. On the contrary, in the particular case of Adaptive Defense, it is perfectly possible that the solution doesn’t detect the file at that time, but it will detect it as soon as it attempts to run, or will monitor and block it during an attack.

This ability is not present in traditional solutions based on a more or less generalist malware blacklisting strategy, and which rely on detecting malicious files on the system or when attempting to run. With these solutions, if a malicious file is not classified as malware, it will be allowed to run regardless of the actions it carries out during its life cycle.

Adaptive Defense might also let it run, albeit keeping an eye on it at all times and reporting its activities to our Machine Learning Intelligence platform. This system, which is in constant evolution and correlates data from thousands of endpoints with hundreds of sensors, will determine if the file’s activities constitute malicious behavior, in which case it will prevent it from running. Then, the file will be immediately classified either automatically or by a team of cyber-security experts. This analysis will determine with complete accuracy the nature of the attack. The old model doesn’t provide any of this.

Welcome to the Next-Generation Panda Security!

The post How To Evaluate a Next- generation Endpoint Protection appeared first on Panda Security Mediacenter.

Panda Security

How is Internet privacy upheld in the ‘digital afterlife’?

How do you account for someone’s digital presence after they’re no longer with us in the physical world?

The ‘digital afterlife’ is a concept that has been receiving increased attention from tech giants like Facebook and Google. Their aim is to make the passing of a loved one or relative easier, while also playing a role in celebrating people’s lives after they have passed away.

Internet Privacy

The issue of Internet privacy is, of course, a touchy one and this is magnified immensely in the difficult period after someone has passed away.

Whereas it used to be less clearly defined, Facebook recently felt the need to clarify the process that it adheres to after a user has passed away. If the social media giant is made aware of a user’s passing, there are two options; the account is memorialized or deleted. The account cannot remain active.

There’s an important reason for this, and that is the curious cyber security risks that come with leaving the page of a social media page unaccounted for after a user has passed away.

Unfortunately, the growing digital graveyard left by people’s data footprints as they lived their lives is not treated with the same reverence as its equivalent is in the physical world.

Cyber Security risks for a social media account

There are tangible cyber security risks for a social media account that isn’t being used, with reported incidents of deceased users’ accounts being hacked and taken over by spambots. These accounts are often used for advertising, with some users having reported seeing their deceased relative or friend’s account starting to like pages on the social media website months, or even years after that person has passed away.

People’s social media pages have also even been hacked after their deaths and distasteful messages left on their page as status updates.

These risks are the main reason that Facebook has recently clarified its policy on changes to a user’s account once they have passed away. In a recent statement, the tech company said, “if Facebook is made aware that a person has passed away, it’s our policy to memorialize the account.

Facebook though, has had issues with processing memorialization requests; there have been reported cases of it taking up to 6 months for a request from a family member to be processed, and others of people receiving no response at all.

With over a billion users, and some estimates claiming that more than 8,000 Facebook users die every day, it’s no easy task dealing with so many accounts and companies like Facebook and Google usually outsource such extensive undertakings.

Whilst the policy is strict on what happens to deceased users’ accounts, the social media giants don’t want this to take away from the freedom of deceased users’ loved ones in having a say in their relative’s digital afterlife.

Facebook have released a statement saying “there is more we can do to support those who are grieving and those who want a say in what happens to their account after death.” Google, meanwhile, have highlighted the importance of allowing people to “plan [their] digital afterlife.” Both companies allow users to designate a contact who will have access to their memorialized account after they have passed away.

Facebook ‘legacy contacts’ and Google+ ‘trusted contacts’ are able to curate their loved one’s social media pages after they have passed, by posting pictures and leaving updates whilst those who are already friends can leave parting messages.

Allowing this form of contact decreases the risk of cyber security being an issue in the digital afterlife.

The post How is Internet privacy upheld in the ‘digital afterlife’? appeared first on Panda Security Mediacenter.