Tag Archives: featured1

Panda Security

How to avoid hacking to Critical Infrastructure

Leave a comment

panda-security-infrastructure

The cyber-attacks on the backbone of today’s economies are materialized in those assaults that affect society as a whole. The strategic priorities of national security include infrastructure exposed to the threats that can affect the operation of essential services.

PandaLabs, Panda Securitys anti-malware laboratory, has released a whitepaper called “Critical Infrastructure: Cyber- attacks on the backbone of today’s economy” with a timeline of the most notorious cyber-security attacks around the world on critical infrastructure, and recommendations on how to protect them.

Malware and targeted attacks aimed at sabotaging these networks are the main threats to critical infrastructure. Oil refineries, gas pipelines, transport systems, electricity companies or water supply control systems all form part of a technologically advanced industry where security failures can affect the whole of society.

Malware and targeted attacks

Today’s increasing trend towards interconnecting all types of infrastructure also increases potential points of entry for attacks on the services that have become essential for today’s societies.

This is apparent with the cyber-attacks that have been carried out in the past against these networks, the first of which took place in 1982, even before the Internet existed. In this case, attackers infected the systems of a Siberian oil pipeline with a Trojan.

critical-infrastructure-pandaIn addition to paralyzing and reducing services, which was what happened to the Venezuelan oil company PDVSA when it was hit by an attack that reduced production from 3 million barrels a day to 370,000, such attacks can also have a significant financial impact. One of the largest car manufacturers in the USA was left with losses of around US$150 million thanks to an attack using SQLSlammer, which spread rapidly and affected 17 production plants.

The threat is real

panda-security-crtical-infrastructureOne of the most infamous cases of cyber-attacks on critical infrastructures in history was Stuxnet. It is now known that this was a coordinated attack between the Israeli and US intelligence services, aimed at sabotaging Iran’s nuclear program. The case became the catalyst that made the general public aware of these types of threats.

Over the years there have been key events that have marked turning points in global security, such as the 09/11 attacks. In Europe, there was a similar key date, March 11, 2004, the date of the Madrid train bombings. As a result, the European commission drew up a global strategy for the protection of critical infrastructure, the ‘European Programme for Critical Infrastructure Protection’, which includes proposals to improve Europe’s prevention, preparation and response to terrorist attacks.

How could these attacks have been avoided?

The technical characteristics and the high level of exposure of data that can be stolen means that special care needs to be taken in protecting these infrastructures, including a series of good practices, such as:

  • Checking systems for vulnerabilities.
  • The networks used to control these infrastructures should be adequately monitored and, where necessary, isolated from external connections.
  • Control of removable drives is essential on any infrastructure and not just because it has been the attack vector for attacks as notorious as Stuxnet. When protecting such critical infrastructure, it is essential to ensure that malware doesn’t enter the internal network through pen drives or that they are not used to steal confidential information.
  • Monitoring PCs to which programmable logic controllers (or PLCs) are connected. These Internet-connected devices are the most sensitive, as they can give an attacker access to sensitive control systems. Moreover, even if they don’t manage to take control of a system, they can obtain valuable information for other attack vectors.

In light of this panorama, protection against advanced threats and targeted attacks is essential. Adaptive Defense 360 offers comprehensive security against these attacks and provides companies with all they need to defend themselves and close the door on the cyber-security vulnerabilities that can, in the end, affect us all.

Download the infographic “Cyber-attacks on the backbone of today’s economy” here.

Download the Whitepaper:

international

International Edition

 

Russia

Russian Edition

 

PortuguesePortuguese Edition

 

swissSwiss Edition

 

The post How to avoid hacking to Critical Infrastructure appeared first on Panda Security Mediacenter.

Avast

An in-depth look at the technology behind CyberCapture

Leave a comment

 CyberCapture_Blog.png

Earlier this summer, we told you about our proprietary CyberCapture technology. CyberCapture is a vital component of the Avast Antivirus Nitro Update, providing users with increased speed and a higher level of protection against zero-second attacks. In this post, I’d like to dive deeper into the engineering behind CyberCapture and explain the components that give the feature its technical integrity.

In essence, CyberCapture is a cloud-based smart file scanner. In order to provide immediate analysis, CyberCapture automatically establishes a two-way channel of communication with the Avast Threat Labs while securing suspicious files on the user’s PC until analyses are completed. Once a file has been isolated, our team can clear away all the false code, misdirection, obfuscation, and other stuff malware creators use to mask malware’s true intentions. By doing so, CyberCapture is able to dissect malicious file, observe the binary level instructions inside the malware, and understand the true purpose hidden within it.

Panda Security

How To Evaluate a Next- generation Endpoint Protection

Leave a comment

Adaptive-defense-document

We are lately seeing blogs attempting to publicly demonstrate that next-generation protection solutions, like Adaptive Defense, are vulnerable. These proofs of concept aim to demonstrate that there are malicious files that evade detection when reaching a system or attempting to run. The problem with these demonstrations is that the writer expects the malicious files to be stopped before being run. But that’s a mistake, and reveals a clear misunderstanding of this new protection model based on the continuous monitoring of process activities.

To be truly effective, a next-generation solution must provide continuous protection against all types of attacks. This means that it must offer continuous prevention, detection at runtime, visibility into every action taken, and intelligence to block malicious actions such as lateral movements.  It is not enough to provide detection at file level based on a list of malware files. Efficient security means being able to protect systems before, after and during an attack.

The cyber-security ‘war’ goes beyond the ‘battle’ of detecting malicious files when they reach a computer or attempt to run. It will be won by whoever is capable of efficiently, seamlessly and unobtrusively monitoring every process running on devices, blocking those that, despite being apparently and initially harmless, show malicious behaviors. Today’s malware is extremely sophisticated and should never be underestimated. But not ony that…

Protection is not only about detecting threats before, after and during an attack, it is also remeadiation and prevention.

That’s why a next-generation solution must also include response and remediation capabilities. These products are known in the security sector as EDR (Endpoint Detection and Response) solutions, and they incorporate forensic analysis tools capable of tracing every action taken on the endpoint in order to remediate and prevent present and future attacks.

Why past methodologies are no longer valid

Panda Adaptive Defense integrates all of those features into a single Next-Generation protection solution based on continuous monitoring, and which provides prevention, detection, visibility and intelligence to block known and unknown attacks. In addition to continuous monitoring via hundreds of sensors, Adaptive Defense also provides forensic analysis tools for efficient remediation and prevention.

When  you read these proofs of concept, you must understand that they are not real. The fact that a security solution doesn’t detect a file as malware at the time of reaching a system doesn’t mean that it is not efficient. On the contrary, in the particular case of Adaptive Defense, it is perfectly possible that the solution doesn’t detect the file at that time, but it will detect it as soon as it attempts to run, or will monitor and block it during an attack.

This ability is not present in traditional solutions based on a more or less generalist malware blacklisting strategy, and which rely on detecting malicious files on the system or when attempting to run. With these solutions, if a malicious file is not classified as malware, it will be allowed to run regardless of the actions it carries out during its life cycle.

Adaptive Defense might also let it run, albeit keeping an eye on it at all times and reporting its activities to our Machine Learning Intelligence platform. This system, which is in constant evolution and correlates data from thousands of endpoints with hundreds of sensors, will determine if the file’s activities constitute malicious behavior, in which case it will prevent it from running. Then, the file will be immediately classified either automatically or by a team of cyber-security experts. This analysis will determine with complete accuracy the nature of the attack. The old model doesn’t provide any of this.

Welcome to the Next-Generation Panda Security!

The post How To Evaluate a Next- generation Endpoint Protection appeared first on Panda Security Mediacenter.

Panda Security

How is Internet privacy upheld in the ‘digital afterlife’?

Leave a comment

How do you account for someone’s digital presence after they’re no longer with us in the physical world?

The ‘digital afterlife’ is a concept that has been receiving increased attention from tech giants like Facebook and Google. Their aim is to make the passing of a loved one or relative easier, while also playing a role in celebrating people’s lives after they have passed away.

Internet Privacy

The issue of Internet privacy is, of course, a touchy one and this is magnified immensely in the difficult period after someone has passed away.

Whereas it used to be less clearly defined, Facebook recently felt the need to clarify the process that it adheres to after a user has passed away. If the social media giant is made aware of a user’s passing, there are two options; the account is memorialized or deleted. The account cannot remain active.

There’s an important reason for this, and that is the curious cyber security risks that come with leaving the page of a social media page unaccounted for after a user has passed away.

Unfortunately, the growing digital graveyard left by people’s data footprints as they lived their lives is not treated with the same reverence as its equivalent is in the physical world.

Cyber Security risks for a social media account

There are tangible cyber security risks for a social media account that isn’t being used, with reported incidents of deceased users’ accounts being hacked and taken over by spambots. These accounts are often used for advertising, with some users having reported seeing their deceased relative or friend’s account starting to like pages on the social media website months, or even years after that person has passed away.

People’s social media pages have also even been hacked after their deaths and distasteful messages left on their page as status updates.

These risks are the main reason that Facebook has recently clarified its policy on changes to a user’s account once they have passed away. In a recent statement, the tech company said, “if Facebook is made aware that a person has passed away, it’s our policy to memorialize the account.

Facebook though, has had issues with processing memorialization requests; there have been reported cases of it taking up to 6 months for a request from a family member to be processed, and others of people receiving no response at all.

With over a billion users, and some estimates claiming that more than 8,000 Facebook users die every day, it’s no easy task dealing with so many accounts and companies like Facebook and Google usually outsource such extensive undertakings.

Whilst the policy is strict on what happens to deceased users’ accounts, the social media giants don’t want this to take away from the freedom of deceased users’ loved ones in having a say in their relative’s digital afterlife.

Facebook have released a statement saying “there is more we can do to support those who are grieving and those who want a say in what happens to their account after death.” Google, meanwhile, have highlighted the importance of allowing people to “plan [their] digital afterlife.” Both companies allow users to designate a contact who will have access to their memorialized account after they have passed away.

Facebook ‘legacy contacts’ and Google+ ‘trusted contacts’ are able to curate their loved one’s social media pages after they have passed, by posting pictures and leaving updates whilst those who are already friends can leave parting messages.

Allowing this form of contact decreases the risk of cyber security being an issue in the digital afterlife.

The post How is Internet privacy upheld in the ‘digital afterlife’? appeared first on Panda Security Mediacenter.

Panda Security

Panda Security Scoop Advanced Award from Computing

Leave a comment

panda-security-award

Panda Security were delighted to attend Computing’s Security Excellence Awards 2016, held in the heart of London on 24th November, and took home one of the major prizes with Adaptive Defense named best solution against Advanced Persistent Threats.

This first award ceremony from the UK’s leading business technology publication Computing, celebrating achievements of the IT industry’s best security companies, was attended by hundreds of industry notables and disruptors alike.

prize pandaAs well as some mind-melting table magic the audience were amazed by ‘pretty fly’ compère Chris Turner who took suggestions and items from the audience merging them seamlessly into hilarious improv’ raps.

Amongst those handed out on the night, of special note was the award for Advanced Persistent Threat Solution, as stealthy attacks are becoming increasing more common against organisations, requiring solutions to be one step ahead of the game at all times.

Fending off stiff competition in this hotly contested category from Darktrace, Barracuda and Illusive Networks, Panda Security was announced the overall winner with their Adaptive Defense Solution, with the award accepted by Tony Lee, Managing Director of Panda Security UK & Ireland.

The award was judged according to functionality, differentiation and adoption, and the winner Adaptive Defense is just the latest result of innovation from Panda Security designed to work alongside existing security solutions and protect against APTs and other advanced threats such as Ransomware.

 

For more information on Panda Security’s solutions visit http://www.pandasecurity.com/enterprise/

Congratulations to all Finalists and Winners at this first ever Computing Security Excellence Awards, we are excited for next years’.

The post Panda Security Scoop Advanced Award from Computing appeared first on Panda Security Mediacenter.

Panda Security

Anticipate the risk of your employees getting a new phone for Christmas

Leave a comment

cybersecurity-mobile-panda

As we enter the Christmas period, many of your company’s employees will be deciding to change their phones in the coming months. Something as simple and seemingly harmless as a gift (or a purchase from the Black Friday sales) could actually be putting your business security at risk, especially if it encourages workers to use their own smartphones for work.

As such, the idea of BYOD (Bring Your Own Device), if not properly managed, can compromise the confidentiality of corporate information when any member of staff decides to change device. Not just because your employees’ new devices do not have adequate protection, but because of where their previous phones may end up, and the data they may have inside.

In fact, it is essential to make your company’s employees aware that they must completely wipe all information stored on their old phone before they get rid of it. Although it is not unusual to sell old devices when buying a new one, this operation involves certain risks that must be avoided.

Before selling a cell phone it is essential to completely delete all information stored on it.

After all, the device in question may have confidential documents stored in its memory or, worse still, could still enable access to the email accounts of its former owner, and allow a complete stranger to access company resources. In addition to all of this, of course, there is the personal and equally private information that an individual could have stored on the phone.

So not only is it important to ensure employees have adequate security on their phones, but also to explain how to handle the sale of an old one. To begin with, you need to back up everything stored on your phone and also remove the memory card and SIM.

Once this is done, both Android phones and iPhones offer a way to permanently delete everything stored on them. This is the option that lets you restore the factory settings, which you can find in the settings of both operating systems.

Any device that stores company data must be sold without any confidential information. This is the best way to prevent a simple Christmas gift from catching out the owner of the new phone (or the company that employs them). However, should anyone forget to delete this data, it is always possible to remove it remotely, thereby eliminating everything that the phone contains even if it has already been sold. Yet this should only be an emergency plan should all else fail.

The post Anticipate the risk of your employees getting a new phone for Christmas appeared first on Panda Security Mediacenter.

Avast

Popular call blocking apps expose 3 billion users' phone numbers

Leave a comment
FW-APPS-PRIVACY.jpgPhoto: FactWire

Truecaller, CM Security, and Sync.ME, three popular caller blocking and ID apps used by millions of customers, have just been outed for storing the contact details of three billion people in publicly searchable databases. According to Digital Journal, research published earlier this week by Factwire, a group of investigative journalists in Hong Kong, said that the mobile phone numbers of politicians, celebrities, and billions of other people, can be found via searches on the app publisher’s websites.

Panda Security

Malicious office printers could hijack employees’ cell phones

Leave a comment

panda-security-printer

At first glance it is just another printer; one of those big machines that sits against the wall of thousands of offices around the country, turning blank sheets of paper into corporate documentation. And as inoffensive as it may seem, just another piece of office furniture, it can become a threat to your company’s confidentiality. While your printers and networks can become one your most vulnerable security holes, the one created by the ‘hacker’ Julian Oliver is quite simply a spy.

Every time you make a call on your cell phone, the device connects to the nearest phone antenna. What Oliver has managed to do is to camouflage a similar antenna inside an everyday office printer.

In this way, the device can intercept all calls made or received from an office, thereby allowing an attacker to spy on conversations or read SMS messages.

In this case, however, there is nothing to be afraid of. This has simply been an experiment through which Oliver has tried to draw attention to the importance of using communication tools with end-to-end encryption, such as the Signal messaging app recommended by Edward Snowden himself.

Yet the fact that is only a demo shouldn’t detract from the lesson to be learnt. In the strategy used by Oliver, every time a phone connects to the antenna camouflaged in the printer, the device sends an SMS. If the recipient responds to any of these messages from an unknown number, the printer prints the SMS message and the ‘victim’s’ phone number, thereby revealing the scam.

What’s more, the printer is programmed to make calls to the phones that connect to its antenna. If someone answers, all they will hear is a Stevie Wonder song. A practical joke that lasts some five minutes; after this time, the printer disconnects the phone from the antenna, allowing it to connect to the genuine mobile network. In the event of a real attack however, the consequences won’t be as entertaining, nor the scare so brief.

Oliver’s experiment serves to remind us of the fragility and vulnerability of the communication networks we use every day. A simple Raspberry Pi motherboard and two GSM antennas would be enough to enable an attacker to camouflage an antenna in a printer and spy on all of a company’s phone conversations and steal confidential corporate information.

The post Malicious office printers could hijack employees’ cell phones appeared first on Panda Security Mediacenter.