Tag Archives: companies

Where the leading apps keep your company’s data

panda-security-data

The current digital economy revolves around data. Giving up our data is the price we pay for signing up for free internet services, as the companies who provide these services use this personal information in order to fine-tune ads paid for by their true clients: advertisers.

Data is the Internet’s oil. Unlike this limited fossil fuel, however, data is increased in quantity every day. In 2013, it was reported that 90% of the world’s data had been generated in the two previous years, in other words, between 2011 and 2012. The trend has not shifted since then. The companies and countries who control the world’s data reserves will have, as with petroleum, a highly valuable resource on their hands.

90% of all the data in the world in the year 2013 was generated between 2011 and 2012

So, where is the majority of the digital era’s black gold stored? For now, the winner is, by far, the United States. 63.5% of services analyzed by Jorge Morell, expert in the terms and conditions of these kinds of companies, store their data in the US.

A far cry from that figure, weighing in at 1.9%, it appears that Europe has not jumped on the bandwagon of Big Data, so for now it looks like the American domination of the digital market is here for the long haul.

For a more detailed look, 58% of the most visited websites in a country like Spain, the subject of Morell’s research, do not reveal where they store their users’ personal information. As of now, they are not obligated to do so, so many of them make no mention of it in their terms and conditions.

Among those who are transparent in this regard, the clear winner is, again, the United States (36% of all analyzed services), although it is rarely cited as the only one. The ambiguous “and other countries” is thrown into the report haphazardly, as well as the tags Canada, China, or the vague “Outside of the European Economic Area (EEA)”.

When data crosses the pond, companies are legally bound by the Safe Harbor or Privacy Shield agreements to declare where it is stored, hence the fact that national companies are more likely to keep this information a secret.

However, all websites that until now have been silent will soon be required to declare openly the country in which their users’ personal information is stored. The new General Regulation of Personal Data Protection, with which all countries in the EU will have to be in accordance starting in May 2018, will make it compulsory that companies who maintain operations in Europe reveal the whereabouts of their personal data storage for all users, whether companies or the general public.

Such being the case, we shall soon be able to answer with greater certainty the question, “Where do the leading apps keep your information?” For now, we know beyond the shadow of a doubt that in most cases your personal information ends up in or passes through the United States at some point as it bounces around the net.

The post Where the leading apps keep your company’s data appeared first on Panda Security Mediacenter.

How to avoid bogging down your own servers

panda-security-attacks

There’s been a lot of talk recently about DDoS (distributed denial-of-service) attacks in the wake of an incident that left thousands of users without internet access as a result of the collapse of the servers at Dyn, a DNS hosting service. Needless to say, we should be aware of this threat, know how it works, and how to defend ourselves against it. Especially now, in the age of the Internet of Things, which has made it easier for cybercriminals to build an army of infected devices to carry out this kind of attack.

Protecting multiple devices in the Internet of Things leaves much to be desired, opening up a broad avenue for attackers to easily gain access to and control over these devices in order to use them as weapons. In a DDoS, all of these involuntary recruits connect to the server at the same time in order to overwhelm it and render it incapable of responding to legitimate requests. It’s as though a mob of people jumped in front of you in the check-out line at the supermarket not with the intention of buying anything themselves, but rather just to block you from doing so.

This danger may be commonplace and companies should, of course, be weary of it, but the truth is that a company’s servers are much more likely to collapse as a result of their own errors than from an external exploit. This has been confirmed by Google’s experts, who, without citing concrete data, warn of the alarming frequency with which this occurs.

A company’s servers are more likely to collapse as a result of their own errors

 Researchers at the search engine giant allege that programmers and developers often assume that a traffic load will be correctly and evenly distributed by the system, with no contingency plan in place in case it doesn’t work out that way.

Google gives us this example in the way of an explanation. A good amount of mobile apps establish a connection with their servers in a given increment of time in order to fetch information. If there’s no urgency, many apps connect every 15 minutes. In the event of an error, these apps are programmed to resubmit the petition every 60 seconds so as not to have to wait an additional 15 minutes if something in case something goes wrong on the first attempt.

This system reveals its shortcomings when the server, for whatever reason, is unavailable for a given period of time (not necessarily a long one). When it’s back up and running, it receives not only the usual requests every 15 minutes, but will also receive, all at once, an onslaught of requests that were made every 60 seconds during its time offline.

The outcome? A self-inflicted DDoS attack, which could shut down the app as a result of excessive simultaneous connections. If, on top of that, the server goes back offline following this bottleneck of traffic, the chain of incidents will start all over again.

Tips to avoid DDoS attacks

In order to prevent this from happening, the experts at Google offer some advice:

  • First, make it so that the initial 60 second delay doubles with each failed request, so that the second attempt is submitted after 120 seconds, the third after 240 seconds, and so on. That way, the number of requests piled up will be lower when the server returns to normal.
  • They also recommend that the app keep count of the number of reconnection attempts that each user has made, so that the most urgent requests are given priority when the server gets back to normal. This way, the requests that have been waiting the longest will be attended to first, while the rest continue waiting. A traffic bottleneck will therefore be averted, along with unwanted downtime caused by a DDoS attack launched against yourself.

The post How to avoid bogging down your own servers appeared first on Panda Security Mediacenter.

Anticipate the risk of your employees getting a new phone for Christmas

cybersecurity-mobile-panda

As we enter the Christmas period, many of your company’s employees will be deciding to change their phones in the coming months. Something as simple and seemingly harmless as a gift (or a purchase from the Black Friday sales) could actually be putting your business security at risk, especially if it encourages workers to use their own smartphones for work.

As such, the idea of BYOD (Bring Your Own Device), if not properly managed, can compromise the confidentiality of corporate information when any member of staff decides to change device. Not just because your employees’ new devices do not have adequate protection, but because of where their previous phones may end up, and the data they may have inside.

In fact, it is essential to make your company’s employees aware that they must completely wipe all information stored on their old phone before they get rid of it. Although it is not unusual to sell old devices when buying a new one, this operation involves certain risks that must be avoided.

Before selling a cell phone it is essential to completely delete all information stored on it.

After all, the device in question may have confidential documents stored in its memory or, worse still, could still enable access to the email accounts of its former owner, and allow a complete stranger to access company resources. In addition to all of this, of course, there is the personal and equally private information that an individual could have stored on the phone.

So not only is it important to ensure employees have adequate security on their phones, but also to explain how to handle the sale of an old one. To begin with, you need to back up everything stored on your phone and also remove the memory card and SIM.

Once this is done, both Android phones and iPhones offer a way to permanently delete everything stored on them. This is the option that lets you restore the factory settings, which you can find in the settings of both operating systems.

Any device that stores company data must be sold without any confidential information. This is the best way to prevent a simple Christmas gift from catching out the owner of the new phone (or the company that employs them). However, should anyone forget to delete this data, it is always possible to remove it remotely, thereby eliminating everything that the phone contains even if it has already been sold. Yet this should only be an emergency plan should all else fail.

The post Anticipate the risk of your employees getting a new phone for Christmas appeared first on Panda Security Mediacenter.

Malicious office printers could hijack employees’ cell phones

panda-security-printer

At first glance it is just another printer; one of those big machines that sits against the wall of thousands of offices around the country, turning blank sheets of paper into corporate documentation. And as inoffensive as it may seem, just another piece of office furniture, it can become a threat to your company’s confidentiality. While your printers and networks can become one your most vulnerable security holes, the one created by the ‘hacker’ Julian Oliver is quite simply a spy.

Every time you make a call on your cell phone, the device connects to the nearest phone antenna. What Oliver has managed to do is to camouflage a similar antenna inside an everyday office printer.

In this way, the device can intercept all calls made or received from an office, thereby allowing an attacker to spy on conversations or read SMS messages.

In this case, however, there is nothing to be afraid of. This has simply been an experiment through which Oliver has tried to draw attention to the importance of using communication tools with end-to-end encryption, such as the Signal messaging app recommended by Edward Snowden himself.

Yet the fact that is only a demo shouldn’t detract from the lesson to be learnt. In the strategy used by Oliver, every time a phone connects to the antenna camouflaged in the printer, the device sends an SMS. If the recipient responds to any of these messages from an unknown number, the printer prints the SMS message and the ‘victim’s’ phone number, thereby revealing the scam.

What’s more, the printer is programmed to make calls to the phones that connect to its antenna. If someone answers, all they will hear is a Stevie Wonder song. A practical joke that lasts some five minutes; after this time, the printer disconnects the phone from the antenna, allowing it to connect to the genuine mobile network. In the event of a real attack however, the consequences won’t be as entertaining, nor the scare so brief.

Oliver’s experiment serves to remind us of the fragility and vulnerability of the communication networks we use every day. A simple Raspberry Pi motherboard and two GSM antennas would be enough to enable an attacker to camouflage an antenna in a printer and spy on all of a company’s phone conversations and steal confidential corporate information.

The post Malicious office printers could hijack employees’ cell phones appeared first on Panda Security Mediacenter.

Be careful not to keep your invoices where your competitors can find them

invoices-panda-security

One of the most common and most sensitive documents that companies handle on a daily basis is invoices. Issuing and receiving them is a fundamental activity for every business, however, people are not always aware of how important they are even after being paid or collected.

Together or individually, they can expose critical information that can be very valuable to your competitors, such as customer lists, product and service descriptions, prices and promotions, or details of key agreements.

However, these files are so common in organizations that they are often treated carelessly or with a complete disregard for security by employees, to the point of being sent via email in unencrypted formats, through instant messaging applications, stored in virtual stores more or less accessible to the public, in physical devices such as pen drives, etc. In fact, it’s quite easy to overlook the importance of the information they can provide to a third party.

Invoices are so common that they are often treated carelessly.

Just do a couple of searches on Google and you’ll realize the extent of the problem.     Search for such simple, obvious terms as ‘invoice euros vat inc address tax number date total’ with a filter to show only PDF files, and you’ll find an endless number of sensitive documents that are accessible to the public without companies knowing.

Companies in the textile sector, integrated service companies, travel agencies, etc. The list is too long, especially if you consider how easy it is to protect invoices if you take the appropriate precautions.

First, these and other critical files should never be stored on Internet-facing servers. However, as this can be difficult in the day-to-day reality of the majority of companies, at least it should be checked that those servers are not accessible to the public in such evident places as Google.

In reality, the presence of these and other confidential files in the popular search engine is almost always due to the wrong configuration of corporate servers, or to the fact that these include directories that can be easily crawled by Google’s bots.

Being aware of this and taking the necessary steps to prevent it is one of those simple, effective protection measures that companies often forget about. However, it is very important to understand that invoices contain far more valuable information than may seem apparent at first glance.

The post Be careful not to keep your invoices where your competitors can find them appeared first on Panda Security Mediacenter.

Camera drones: A flying spy is peeping into your window

panda-dron

Drones have conquered the world: they are used to hunt down tax evaders and illegal hunters, help suppress wildfires, find victims after natural disasters… They even serve as flying cameras to assist in filming movies and for aerial photography.

Online retail giant Amazon, for example, is planning on using drones for commercial delivery in order to fly purchases right to customers’ front doors. Despite being originally developed for military purposes, drones are slowly finding their place into our everyday lives.   However, just as with every other technology, these unmanned aerial vehicles can pose a serious threat if they fall into the wrong hands.

Among other things, drones can be used as highly effective spies. Their ability to get close to almost any place where confidential data is stored (for example, an office) without being seen, makes them the perfect spy. Not only because of their ability to carry cameras and capture images through windows, but also because they can make the perfect weapon to carry out sophisticated cyber-attacks.

Drones can be used by cyber-criminals to easily get their malicious tools close to their target without having to overcome the physical barriers that the potential victim may have in place (security guards, access control systems, biometric sensors, surveillance cameras, etc.).

A drone could hide, for example, a jammer, a malicious hotspot, a device to launch attacks via Bluetooth or NFC, etc. The number of ways in which these aerial devices can be used to spy on victims and steal confidential information is almost endless.

Such is the risk that there are countries such as Sweden that have ruled that camera drones qualify as surveillance cameras, banning their use unless the drone operator has the necessary permit.

However, a cyber-criminal that wanted to use a drone to carry out an attack would still have another option: to take control of someone else’s device. Unfortunately, many of today’s models have vulnerabilities that could allow a remote attacker to take control of them.

Drone manufacturers have the responsibility to increase the security of their aircrafts to mitigate the security and privacy concerns raised by them. As this technology becomes ever more present in our lives, it is clear that the notion of safety and security in IT systems cannot be limited to computers and smartphones, but should also reach other high-flying devices. In this respect, having the cyber-security protection that best adapts to your needs is absolutely essential.

 

The post Camera drones: A flying spy is peeping into your window appeared first on Panda Security Mediacenter.

Companies don’t take proper care of the data they store in the cloud

cloud panda security

That hard disks, pen drives and other physical storage devices are an attractive target for cyber-criminals wanting to steal confidential information from enterprises is something that company managers are well aware of. And, in fact, they try to educate their employees about the need to use those tools properly.

However, the now-popular digital cloud, used by businesses to store increasing amounts of sensitive information, must also be taken into consideration when designing a company’s cyber-security strategy. Moving to the cloud has powerful benefits – cost savings, easy access to files from anywhere, convenience, etc.- yet it also poses some risks that must be identified and controlled.

According to a recent study published by the prestigious Ponemon Institute, the majority of businesses have not or do not know if they inspect their cloud services for malware.

The majority of businesses have not inspected their cloud services for malware.

According to the study, while 49 percent of business applications are now stored in the cloud, fewer than half of them are known, officially sanctioned or approved by the IT Department.

While respondents understand the risk of data breaches, nearly a quarter could not determine if they had been breached, and nearly a third couldn’t determine what types of data were lost in the breach(es). Neither do they know how the breach(es) occurred.

This and similar studies seem to indicate that enterprises rely too much in the security measures adopted by cloud service providers themselves and that, all too often, companies leave the protection of their most valuable secrets and assets almost exclusively in the hands of third parties such as Amazon or Slack.

To resolve this situation, CISPE, a coalition of cloud service providers operating in Europe, has published the sector’s first code of conduct aimed at ensuring data security and confidentiality. Compliant cloud infrastructure providers will be able to identify themselves with a ‘Trust Mark’ that will provide additional security assurance for customers, especially corporate ones.

Nevertheless, despite the measures taken by these Internet giants to ensure the integrity of the information stored on their servers, companies and their employees cannot ignore their own responsibility to keep corporate data and documents secure. Just as they take good care of their hard drives and pen drives, they should also take care of the cloud to prevent their data from ending up in the wrong hands.

The post Companies don’t take proper care of the data they store in the cloud appeared first on Panda Security Mediacenter.

TrickBot, new spam campaign against companies

attack panda security

On November the 2nd we witnessed a new spam campaign delivering emails each with a Word document attachment targeting UK companies. Each email message had the subject “Companies House – new company complaint” and the Word document attachment was titled “Complaint.doc”. When users open the document, this is what they see:

windows trickbot

How TrickBot works?

If the user follows the instructions given, the macro in the document will be executed. It will download a file called dododocdoc.exe which will be saved in %temp% as sweezy.exe and then executed. This file is a variant of the TrickBot malware family. Once executed it will install itself in the computer and will inject a dll into the system process svchost.exe. From there it will connect to the command and control server.

This has not been a massive campaign, but it has been targeted to UK companies – we’ve just seen a few hundred e-mails to our clients, and all of them were protected proactively without needing any signature or update. However taking a look at the potential victims, all of the emails were to companies, no home users were targeted, and it turns out that most of them were to businesses in the UK. There were 7 cases in Spain, and one in Belgium, Ireland and Thailand. The campaign was short, the first case happened at 10:55am and the last one at 12:11pm (GMT).

The macro uses PowerShell to execute the malware, which is a common technique that is becoming more and more popular recently, being used in ransomware attacks or even to infect Point of Sale terminals.

From Panda Security we recommend that businesses ensure all software is updated, have a reputable security solution in place  and hold regular staff security awareness training.

The post TrickBot, new spam campaign against companies appeared first on Panda Security Mediacenter.

AtomBombing, a new threat to your Windows

atombombing panda security

A few days ago Tal Liberman, a security researcher from the company enSilo revealed a new code injection technique that affects all Windows versions up to Windows 10. Due to the nature of this technique it is unlikely that it can be patched. In this article I’d like to shed light on this attack, its consequences and what can be done in order to protect ourselves.

How does it work?

Basically this attack takes advantage of the own operating system to inject malicious code and then use some legit process to execute it. Although it is not that different to what malware has been doing for ages (malware has been injecting itself in running processes for decades) it is true that the use of the atom tables (provided by Windows to allow applications to store and access data) is not common, and it is likely to go unnoticed by a number of security solutions.

This attack is not common, and it is likely to go unnoticed by a number of security solutions.

The best explanation you can find so far is the one made by Tal in his blog “AtomBombing: A Code Injection that Bypasses Current Security Solutions”.

If there is no patch and it affects all Windows versions, does it mean that we are under great danger?

Not really. First, in order to use this technique malware has to be able to be executed in the machine. This cannot be used to remotely attack and compromise your computer. Cybercriminals will have to use some exploit or fool some user into downloading and executing the malware, hoping for the security solutions in place not to stop it.

Is this really new?

The way the attack is performed to inject code is new, although as I mentioned earlier malware has used malware injection techniques for a long time, for instance you can see that in many ransomware families.

 

atombombingNew, but not that dangerous… why the panic?

As I said first malware has to be executed in the machine, but we know that at some point this will happen (not a matter of IF, but WHEN.)

Many security solutions have the ability to detect process injection attempts, however to do this they rely on signatures, therefore many of them are not able to detect this particular technique nowadays. On top of that, many of them have a list of trusted processes. If the malicious code injection happens in one of them, all security measures from that product will be bypassed.

 

Finally, this attack is really easy to implement, now that it is known there will be a number of cybercriminals implementing it in their malware sooner than later.

What can we do to protect our company’s network?

On one hand, traditional antimalware solutions are great to detect and prevent infections of hundreds of millions of different threats. However they are not that good at stopping targeted attacks or brand new threats.

On the other hand we have the so called “Next Gen AV”. Most of them claim that they do not use signatures, so their strength come from the use of machine learning techniques, which have evolved greatly in the last few years, and they have shown they are pretty good at detecting some new threats. As they know their weakness is that they are not that good stopping all threats, they have a great expertise in post-infection scenarios, offering a lot of added value when a breach has already happened. Another issue they have is that machine learning won’t give you a black or white diagnosis, which translates into high false positive rates.

Using traditional antimalware + Next Gen AV is the best approach?   

Not the best, although it is better than using just one as they can complement each other. It has however a few downsides. As a starter you have to pay for both. Although it can be justified due to the overall protection improvement, it means you will need extra budget for the extra work (false positive exponential growth coming from Next Gen solutions, different consoles to manage each one, etc.) Performance can become an issue is both are running in the same computers. And finally these solutions don’t talk to each other, which means you are not taking full advantage of the information each one handles.

Panda Solutions for Companies combine the power of the traditional solutions and the machine learning techniques.

The best solution is one that has both capabilities, one that has the power of traditional solutions as well as long experience in machine learning techniques combined with big data and cloud. Working together and exchanging information, with a continuous monitoring of all running processes, classifying all programs that are executed on any computer of your corporate network and creating forensic evidences in real time in case of any breach. Only deploying a small agent that will take care of everything, using the cloud for the heavy-processing tasks offering the best performance in the market. In other words, Adaptive Defense 360.

 

The post AtomBombing, a new threat to your Windows appeared first on Panda Security Mediacenter.

Signature recognition, a reliable replacement for passwords?

firma panda security

Biometrics continue to stand first in line to replace traditional passwords. All those whose employees use long and complex combinations of letters and numbers will be looking forward to a system whereby all that is required is for a fingerprint or iris pattern to be recognized by a sensor in order to access the services that employees have to use every day.

Nevertheless, in addition to these two popular systems which some latest generation mobile devices already incorporate, other biometric-based systems have been put forward as the alternative that will finally consign traditional passwords to history. This is the case with signature recognition.

What is it?

The truth is that this is a system that has been around for decades, in one form or another. Whenever you pay by credit card and have to sign a digital screen with an e-pencil, signature recognition is being used to confirm your identity. What’s happening is that your signature pattern is being contrasted with the one that your bank has stored in its systems.

This is not however a simple comparison of both images. The security software doesn’t just place the two signatures next to each other to see if they coincide, or at least, if they are similar. In reality, signature recognition compares the way that both images have been created, looking for a similar behavioral pattern.

Advantages and Disadvantages

So although it may be relatively simple to forge a signature, replicating the speed and pressure that was used to make the signature is practically impossible. As such, signature recognition using the most advanced technologies appears to be the perfect replacement for passwords for operating corporate bank accounts.

However, as with all secure identification methods, there are also downsides. One of the major setbacks is that the way we sign things varies for a number of reasons, which is a serious challenge. For the system to be practical, it is essential to be able to distinguish between a slow signature due to an injury and one that is the result of an attempted fraud.

Moreover, it is not an efficient way, at least at present, of accessing services. In fact, when you sign for something when paying for it, this data is not being used in real time. Instead, the data is sent to your bank to be validated later.

The current failings, however, of signature recognition will not see the door closed on this technology. It is more than likely that future corporate banking operations will be authorized through a simple signature on a tablet or smartphone.

 

The post Signature recognition, a reliable replacement for passwords? appeared first on Panda Security Mediacenter.