Tag Archives: featured1

Panda Security

Worldwide “Crysis” Through Remote Desktop Protocol

Leave a comment

Tales from Ransomwhere Two weeks ago we saw a ransomware attack in a server belonging to a French company. It was a Crysis variant, a ransomware family that appeared earlier this year. We witness thousands of infection attempts by ransomware on a daily basis, but this one caught our attention as the file somehow showed up in the computer when no one was supposed to be using it and in fact, there were no email clients or Internet browsers running there.

How did it get into the computer?

Why did the security measures in place allow this file into the server? That’s what we wanted to find out, and so we began an investigation. It turns out that this server is running Remote Desktop Protocol (RDP) and these cybercriminals used a brute force attack until they could guess the credentials to obtain remote access.

Back to the story—as most users do not have 2FA enabled and the passwords are not that complex nor random, it is pretty easy to get into a server using this kind of brute-force attack, a good dictionary or with the most common combinations. This is not a new technique. More than a year ago, I remember one wave that hit Spanish companies with ransomware using the exact same technique. Cybercriminals usually perform these attacks at night or during weekends, when there are few people in the office, or none at all.

Cybercriminals get into a server using this kind of brute force attack, a good dictionary or with the most common combinations. 

In this case, the attack to the server started on May 16th, where they performed 700 login attempts. These were performed automatically, usually for a period of two hours approximately. Most of these attacks have been happening from 1am to 3am, or from 3am to 5am. Each and every day. The number of login attempts changes, for example on May 18th there were 1,976 while on July 1st there were 1,342.

After almost four months and more than 100,000 login attempts, the attackers were finally able to get into the server and drop the Crysis ransomware.

This is a Worldwide Crysis

This week our colleagues from Trend Micro published an article that warned us about similar attacks happening in Australia and New Zealand that deploy Crysis variants. Unfortunately, we can say that those are not the only countries—this is happening at a worldwide level (at least since May).

Assuming you need to have RDP running and connected to the Internet, apart from monitoring connection attempts so you can learn that you are under attack, you should also enforce complex passwords. The best approach would be to implement 2FA, such as SMS passcode, so guessing passwords becomes useless.

We’ll continue to keep you informed with our Tales from Ransomwhere series!

 

The post Worldwide “Crysis” Through Remote Desktop Protocol appeared first on Panda Security Mediacenter.

Panda Security

Panda Security Protects Privacy in Public Administration

Leave a comment

Header-EN

There have been thousands of top secret documents leaked, confidential information pertaining to individuals has been stolen, cyber espionage between powerful governments has occurred, and attacks have been performed by personnel with privileged access. These are all examples that confirm that propagandistic pursuit and economic gain drive cybercriminals, and they target those who are willing to pay for the retrieval of their valuable information, such as institutions in the public sector.

PandaLabs, Panda Security’s anti-malware laboratory, presents the “Privacy in Public Administrationwhitepaper; detailing numerous cyber-attacks on countries that could almost have come from a science fiction story.

Legislative Developments in Cybersecurity

The technological revolution in the public sector, the digitalization and storage of information, and the boom in online services to simplify administration for the public have led to an exponential growth  in the generation, storage and processing of confidential data; data which must be treated with the utmost care. Consequently, the public sector now faces a new series of demands in risk prevention, security and legal compliance.

Politically-motivated attacks

During the past decade, crimes including cyber-terrorism, cyber-espionage and hacktivism have been on the rise, threatening the privacy of Public Administrations, businesses and nations:

Manning-EN 2010: Bradley Manning, a US soldier, copied 700,000 confidential documents and used WikiLeaks to publish the data. In total almost half a million records from the Iraq and Afghanistan conflicts, and more than 250,000 secret U.S. diplomatic cables.

2013: EdSnowden-ENward Snowden, a former employee of the CIA and NSA, published top secret documents through the Guardian and the Washington Post concerning various NSA programs, including the mass surveillance programs PRISM and xkeyscore.

2016: A total of 19,252 emails (including attachments) from 8,034 servers of the US Democratic National Committee sent between January 2015 and May 2016 were revealed on WikiLeaks this July. The security company contracted by the Democratic National Committee has claimed that the hack was the work of at least two different groups of hackers linked to a Russian government agency in an action designed to favor Republican candidate Donald Trump.

Now, three months before the US elections, the FBI has confirmed the hacking of at least two electoral databases by foreign hackers who have extracted voter information from at least one of them. There is an ongoing investigation and IPs have been traced back once again to Russian hacking forums. Coincidence?

Elections-EN

The solution for adapting to the change.

The emergence of new players from different backgrounds and with varying motivations combined with their ability to act in any security dimension, hinders the identification of aggressors and decreases the ability of countries to adequately respond. Current legislation is not adapted to the new cyber-crime dynamic or to new technological or data management demands.

To prevent new attacks on public agencies, a common regulatory and legislative framework is needed, with responsibilities shared between states. One such example is the new regulatory framework passed in the EU in 2016.

For public institutions, success in ensuring cyber-security lies with meeting certain requirements:

  • Having real-time information about incidents and security holes related to data security, such as the accidental or illegal destruction, loss, alteration, unauthorized disclosure or remote transference of data.
  • Compliance with Article 35 of the “General Data Protection Regulation” on data protection with regular and systematic monitoring of data on a large scale.
  • Reporting all possible transfers of data files to foreign countries.
  • Improving individual rights, including the right to be forgotten, and data portability across all shared data files.
  • Safeguarding delegation to other processors of data deletion, reporting and notification requirements, and the maintenance of file transfer activities.

To this effect, the implementation of advanced technologies such as Adaptive Defense 360, as a complement to traditional antivirus solutions or perimeter security, enables compliance with guidelines and the technical requirements outlined above, since Adaptive Defense offers guaranteed security against threats and advanced targeted attacks on companies.

Download the Infographic here.

Download the Whitepaper:

International Edition
Edición América Latina Edición México
Edição Portugal Ausgabe Schweiz
UK Edition US Edition

The post Panda Security Protects Privacy in Public Administration appeared first on Panda Security Mediacenter.

Panda Security

Improved Efficiency and Centralized Management with the Latest Version of Panda Systems Management

Leave a comment

Systems management

Computer systems have become part of every aspect of our lives. As digital transformation continues to grow in the corporate environment and the number of devices connected to the network is on the rise, the issues associated with this topic are becoming increasingly complex.

For this reason, Panda Security has presented the latest version of Panda Systems Management: the most powerful, scalable and easy-to-use RMM administration tool on the market. Systems Management is capable of combating all inefficiencies in the IT environment, allowing businesses to save time and money.

The Problem

This new hyper-connected context means that new challenges may arise while trying to increase your company’s productivity. Some of the challenges that have added to the already complex IT environment include: the increasing and varied number of devices connected to the network, the growing number of remote users, and the need to fix problems with greater flexibility (anytime, anywhere).

The mixture of tools used everyday in the workplace provoke incidents and interrupt work. Consequently, as these inefficiencies multiply, they add to the IT department’s workload, and other important details that affect business management and security can be overlooked.

The Solution: Greater Automation and Maximum Performance

Systems Management remotely monitors and manages devices from the Cloud so that every IT department can offer a professional service with minimal impact on employee work.

Patch Management - manual n

What does the new version offer?

The new version of Systems Management gives you maximum performance ’out of the box’. To increase efficiency and grow business for our clients and partners, the Systems Management manager facilitates five pillars (asset inventory, device monitoring, remote device management, resolution tool support that is not intrusive, and generated reports) with the following functions:

device_new_mRecommended monitoring policies based on the best practices of our clients.

  • New filters improve management systems: instant visualization of the IT Park so you can see what you need.
  • New reports for server performance, CPU, memory, and disk performance for the last 30 days, including general averages.
  • Integrates with Microsoft Hyper-V and the new hardware monitors added for VMware ESXi.
  • New maintenance Windows- now alerts can be programmed and silenced.

 

 

 

 

 

 

 

The post Improved Efficiency and Centralized Management with the Latest Version of Panda Systems Management appeared first on Panda Security Mediacenter.

Avast

Inside Petya and Mischa Ransomware

Leave a comment

Petya and Mischa ransomware, come as a package deal, distributed by its creators, Janus. They are very unusual in that they combine two different methods to encrypt user data. Unlike most other ransomware, Petya primarily encrypts MFT (Master File Table) and MBR (Master Boot Record). If Petya has insufficient privileges to access MBR on HDD (Hard Disk Drive), the Mischa module is deployed and encrypts files one by one.

Panda Security

Panda Security Achieves 100% Detection Rate

Leave a comment

awards-pandaPanda Security  solutions were recently recognized by Virus Bulletin, one of the world leaders in testing security for the prevention, detection and elimination of malicious software and spam.

With more than two decades of experience, Virus Bulletin regularly analyzes the latest viruses then evaluates the current anti-malware products on the market in their publication. This year, Virus Bulletin has honored Panda with a VB100 certificate in their most recent comparative test.

Here you can see the complete report with all of the results of the 2016 study: https://www.virusbulletin.com/testing/results/latest/vb100-antimalware

A History that Guarantees 100% Detection

This is not the first time that Panda Security’s cybersecurity solutions have received a high grade from a demanding approving agency.

Halfway through this year, the independent organization AV-TEST, named Panda as the best antivirus software for Windows End Users. On this occasion, Panda was also given a certification that recognized their software as the highest protection against 0-Day attacks, and the Panda products additionally had the highest ratio of detection for the most extended and frequent malware. The lightness of the software on the system load and its impact on PC use were also key factors included in the test results.

Additionally, at the end of 2015 Panda was recognized in the Real World Protection Test for the proper functioning and efficiency of our solutions. So, have you enjoyed the benefits of the Panda guarantee?

panda-security-solutions-tests

The post Panda Security Achieves 100% Detection Rate appeared first on Panda Security Mediacenter.

Panda Security

Do you stand by all your tweets?

Leave a comment

A wise man once said: “You should never share anything on the internet unless you are ready for it to be seen by the whole world”. This is certainly something you should keep in mind especially if in fear of judgment… This is also something to be careful about if you are a business owner and you want to turn your dream of a company IPO into reality. Hey, you should even watch out for your posts if you are a recent graduate looking for your next employment opportunity.

Twitter made it easy for you to search their feeds and some tweets are now even indexed on Google. Your thoughts are now visible to the whole world and this is something you need to consider every time you make your thoughts public.  We have seen so many stories of people whose lives have been turned around due to a single tweet. Today’s world is not what it used to be and individuals and businesses alike need to adapt and care for their reputation.  It’s a common misconception that only a live tweet could damage your reputation, tweets from years ago may be just as harmful as the ones you send out on a Friday night.

Years ago when Twitter was on the rise, many people created profiles tweeting things they wouldn’t necessarily agree with today. You would be surprised of the things people would say when under the soft blanket of internet anonymity. However, today’s internet is not as anonymous as it used to be. The toddler Twitter, which was just making its first steps into the world about ten years ago, grew up big and strong enough to place everything you said within reach of whoever is interested in digging for it.

The importance of managing your digital prints

Panda Security suggests you may want to do some research into your Twitter feed yourself. Get your hands dirty, do some digging of your own. Twitter history can reveal a lot of things for your personality which you may not necessarily want to share with the whole world, i.e. your mother’s maiden name, DOB, PayPal email address as well as your physical one, or the primary school you went to. Staying on top of your digital prints has never been as important as it is now.

However it is not all gloom and doom, there is a way out! It’s not an easy task to search through thousands of tweets but luckily, Twitter has an option for you to request your personal archive. You can go to ‘Settings’ and hit the ‘Request your archive’ option. You will get an email containing a zip file that includes all of your tweets since the beginning of time… or well the beginning of Twitter. The email usually takes a few working days to receive but once you get it, you will have the opportunity to search through all of your Twitter history in an easy way, mimicking the real interface of Twitter.

If you don’t want to wait for a few days just go to your Advanced Search option and search through your tweets. In the ‘From These Accounts’ field, enter your username, and in the ‘Words’ fields the key-words you are trying to find. Once you get the result you were looking for, you can delete the unwanted content. Easy peasy lemon squeezy!

The post Do you stand by all your tweets? appeared first on Panda Security Mediacenter.

Avast

Oktoberfest 2016: How to quickly connect to secure Wi-Fi in Munich

Leave a comment

Oktoberfest Wi-Fi

This Saturday, the 183rd Oktoberfest will take place on the Theresienwiese in Munich, Germany. People will travel to the Bavarian capital from all over the world to enjoy beer, music, chicken, cotton candy, amusement rides and more!

If you are traveling to Munich for Oktoberfest, you probably want to share your exciting beer hall photos and videos with friends and family to show off (as soon as possible) what an awesome time you are having! You may also need to access Google Maps to find your way around the city while sightseeing. Now, you’re probably asking yourself: How am I going to do this, unless I pay for an expensive international plan?

Panda Security

“Counter- intelligence as a change to the IT security strategy”, David Barroso

Leave a comment

david barroso panda

David Barroso is one of the key names in IT security in Spain and our guest article. We’ve known each other for years, as even though we haven’t had the chance to work together on joint projects, we have often met at security conferences over the last decade or so. That said, I’m going to let him introduce himself:

1-  David, who are you? How have you got to where you are in IT security? How did you get into this crazy, fascinating world?

It all started when I began university in the 90’s. I left my home town of Palencia to study in Madrid, living on campus with more than 300 others. The IT and telco people had set up a network of coaxial cables across the floor (later we were able to wire up each room with RJ45) and we were responsible for managing the network. In fact, in the late 90’s, we were the first ADSL customers in Spain, so it was like running a company of 300 employees. This was the era of the beginning of Linux, Windows 95, with all the fun of using winnukes, land, back orifice, exploits for X-Windows with your colleagues, generally to play tricks on people. But we also had to configure the whole network back then, to share a miserly 256Kb ADSL connection among 300 students: IP masquerading, QoS, provide email for everyone, Web pages, Linux security, Windows, etc.

I learned a lot during this time because we did everything from scratch and everything was really manual, not to mention the continuous incidents affecting our ‘users’.

panda security

David Barroso, CEO of Countercraft

2- As an entrepreneur you have set up your own company, Countercraft. What are the main challenges and obstacles nowadays when setting up a cyber security startup?

I think there are several major challenges. The first, of course, is to create a product or service that customers want to buy, and that means finding a balance between the technical and business sides of the project. Tech people often fail to appreciate the marketing and sales aspects, but both are essential.

Another mistake we tend to make in Spain is that we don’t think about creating something international from the outset; we try to do something local. That’s so different from the Israeli or US outlook (today’s leaders in IT security) where they want to take on the world from the word ‘go’.

It is also makes a difference where you start up your company. We are grateful to have had support though it is nowhere near the support that companies get in the countries mentioned before. They are not only supported financially, but are also helped to position their company or product.

Tech people often fail to appreciate the marketing and sales aspects, but both are essential.

3-  Tell us about a typical day in the life of David Barroso. What sort of challenges do you come up against in your day–to-day life?

The truth is that for obvious reasons, I’m working quite intensely at the moment, dedicating some 12-13 hours a day to our company, doing everything: programming (which I really enjoy), defining the product, analyzing the competition, discussing the market policy, talking with partners, visiting customers, administrating computers, changing print toner, buying laptops, sorting out invoices, etc. There’s no time to get bored.

We’re gradually beginning to outsource some tasks, especially after the round of financing, though there are still many, many things to do in a small company.

I’d say the main challenge is to try to get the whole band playing in tune in this early phase without creating problems further down the line.

4- Countercraft sets itself out as a counter-intelligence startup… Can you explain this concept and the focus of the company? What kinds of organizations need these solutions?

We are positioning ourselves as a change to the IT security strategy. Today, most companies tend to focus on setting up all possible security measures, then resolving security incidents as they occur.

What we propose is to use a lot of the techniques that our enemies are using, particularly as we need to be more proactive. Just as attackers deceive and lie, why not do the same thing (legally, of course)?

We use the classic concept of honeypots adapted to the present day, with many other techniques to make life as difficult as possible for attackers. The idea is to identify them as soon as possible, discover their tools and modus-operandi, as well as getting as much information about them as possible.

We are positioning ourselves as a change to the IT security strategy(…) Just as attackers deceive and lie, why not do the same thing ?

The types of companies that can adapt to this new strategy are those that have already done their security homework, i.e. mature companies from a security perspective, as it is not a good idea to use lures if you have security holes.

5- The world of IT security is advancing at an incredible pace, both in terms of technological developments as well as the sophistication and complexity of attacks. What new challenges will security companies have to face over the coming years?

An inherent problem is that human beings will always be the main entry point for security problems, and as such, technology and security products face an uphill task as we are so unpredictable. It’s also true that we don’t really like following security procedures and we are easily tricked. So even if we give most users highly secured desktops, attackers will (and already do) target system administrators, who generally have more freedom.

In our case, what we try to do is to find a human error or lapse on the part of the attackers (they also make mistakes), and give a tug on the loose thread to see if we get what we’re looking for. In other words, we also take advantage of the fact that attackers are human and make mistakes, maybe because of too much haste or greed, or a lack of knowledge.

6- The type of strategy employed by Countercraft is strongly focused on attacks that aim to penetrate corporate networks and steal sensitive data. Do you believe that these techniques could be used to counter other types of attacks?

Of course. In fact there are other scenarios in which we are using the same techniques, such as to counter fraud to identify and monitor malware and phishing campaigns, sabotage of governments or companies, or working with law enforcement agencies to tackle child pornography or online recruitment by terrorist groups.

7-  Managing to hoodwink cyber-crooks offers you the chance to find out a lot about them, not just how they operate and the steps they take to infiltrate a company, but also data that could also help to identify the culprits. Do you anticipate, as part of your strategy, working with law enforcement agencies, or would this be a decision for each of the customers you protect?

From the outset we work with law enforcement agencies, although the decision to contact them regarding incidents in companies is entirely down to the customer.

 

 

The post “Counter- intelligence as a change to the IT security strategy”, David Barroso appeared first on Panda Security Mediacenter.