Tag Archives: IT security

97% of Large Companies are Victims of Mass Data Breaches

data-breachAshley Madison, Dropbox and Yahoo have something in common—they are all victims of mass data breaches where user log-in credentials were stolen. Sadly, this type of tactic has become more common over the last year. What’s even worse is that it seems like this will continue to be an objective for cybercriminals—after all, why wouldn’t they want access to millions of users’ data? The greater the risk, the bigger the reward.   

Large corporations cannot escape these attacks. Although you might think that regular internet users are the targets of these attacks, most cybercriminals are after large corporations. Despite the security solutions that companies can implement, a recent study has revealed that 97% of the thousand largest companies in the world have been victims of data breaches.

The 97% of the thousand largest companies in the world have been victims of data breaches.

Many users choose to use their corporate email when signing up for one of these online services which, over time, will be victims of some type of attack. If a business’s employees always use the same password to access different platforms, regardless if they use their work email or a personal one, the situation becomes much riskier.

Following a recent investigation, out of all the mass leaks that have affected large corporations, LinkedIn suffered a massive data breach during the attacks last May. Adobe was a victim of a similar attack during 2013. It’s no wonder these two companies were hit: both services are accessed by professionals who use their corporate emails to log-in.

However, the LinkedIn and Adobe cases are not the only multinational companies who have been victims. In fact, the study also reveals one of the most famous data breaches, the Ashley Madison attack that endangered thousands of corporate emails linked to large corporations.

Large economic consequences

The danger these data breaches have on corporate accounts is much greater than simply affecting the company’s reputation. In fact, according to a recent report by the Ponemon Institute , these data breaches cost companies an average of 4 million dollars, that’s more than 3.5 million euros.  With that said, make sure your employees are educated on the matter—While signing up for one of these services, they shouldn’t use corporate information like business emails, and they should make sure they use different usernames with several complex passwords.

The post 97% of Large Companies are Victims of Mass Data Breaches appeared first on Panda Security Mediacenter.

Tales from Ransomwhere: Macros & Ransomware(s)


How does MW get into systems?

This ransomware’s initial infection vector occurs when it’s sent/received through Phishing campaigns.ransomware-macros-6

First, the user receives an email with the malicious file in zip format, giving the illusion it is a zip, but in this case, the user also receives some type of invoice; this varies depending on the message received or the name of the file. On this occasion, the received file has the following name: Receipt 80-5602.zip, as seen in the screen capture.

In this compromised file you will find a Microsoft Office document, or more specifically, an Excel with the extension “.xls” containing macros (codes are in Visual Basic Script)

How is this Code/Macro Executed?

By defect,  unless we have the macro execution forced in Excel, the damaged code will not automatically run, unless, an advertisement appears indicating that the document contains macros, as demonstrated in the second screen capture.


And…What is this Macro?

The basic feature of this macro is to use the “dropper”, what we mean is, download and execute the other binary file, in this case a file encrypter or ransomware; although it could have been another malicious program like RATs, backdoors, bots, etc.

In this case, as with droppers, the file (or payload) runs on a remote server when executed.


Once the macro is executed, it is now in charge of taking the next steps: downloading and deciphering the remote file that is encrypted, and afterwards, ejecting it.

If we look at the name of the file running from the macro, or its command-line execution, we will see that the ransomware comes by DLL format; this has become increasingly more common. In addition, it requires that an export is indicated to operate, in this case “qwerty”, as shown in the following screen shot:


Why do it this way? Simply because a lot of systems that update the malware analysis (sandboxes) have problems when they execute programs/codes/libraries that require parameters, that are sometimes unknown.

Once encrypted, this library’s MD5: 586aaaaf464be3a4598905b5f0587590

Finally, from PandaLabs we would like to give you the following advice: if you don’t want to have an unwanted surprise, when you receive Office documents from unknown senders do not click the button that says “activate macros”. Lastly, make sure your antivirus solutions and systems are always up-to-date!

The post Tales from Ransomwhere: Macros & Ransomware(s) appeared first on Panda Security Mediacenter.

Worldwide “Crysis” Through Remote Desktop Protocol

Tales from Ransomwhere Two weeks ago we saw a ransomware attack in a server belonging to a French company. It was a Crysis variant, a ransomware family that appeared earlier this year. We witness thousands of infection attempts by ransomware on a daily basis, but this one caught our attention as the file somehow showed up in the computer when no one was supposed to be using it and in fact, there were no email clients or Internet browsers running there.

How did it get into the computer?

Why did the security measures in place allow this file into the server? That’s what we wanted to find out, and so we began an investigation. It turns out that this server is running Remote Desktop Protocol (RDP) and these cybercriminals used a brute force attack until they could guess the credentials to obtain remote access.

Back to the story—as most users do not have 2FA enabled and the passwords are not that complex nor random, it is pretty easy to get into a server using this kind of brute-force attack, a good dictionary or with the most common combinations. This is not a new technique. More than a year ago, I remember one wave that hit Spanish companies with ransomware using the exact same technique. Cybercriminals usually perform these attacks at night or during weekends, when there are few people in the office, or none at all.

Cybercriminals get into a server using this kind of brute force attack, a good dictionary or with the most common combinations. 

In this case, the attack to the server started on May 16th, where they performed 700 login attempts. These were performed automatically, usually for a period of two hours approximately. Most of these attacks have been happening from 1am to 3am, or from 3am to 5am. Each and every day. The number of login attempts changes, for example on May 18th there were 1,976 while on July 1st there were 1,342.

After almost four months and more than 100,000 login attempts, the attackers were finally able to get into the server and drop the Crysis ransomware.

This is a Worldwide Crysis

This week our colleagues from Trend Micro published an article that warned us about similar attacks happening in Australia and New Zealand that deploy Crysis variants. Unfortunately, we can say that those are not the only countries—this is happening at a worldwide level (at least since May).

Assuming you need to have RDP running and connected to the Internet, apart from monitoring connection attempts so you can learn that you are under attack, you should also enforce complex passwords. The best approach would be to implement 2FA, such as SMS passcode, so guessing passwords becomes useless.

We’ll continue to keep you informed with our Tales from Ransomwhere series!


The post Worldwide “Crysis” Through Remote Desktop Protocol appeared first on Panda Security Mediacenter.

AVG works with National Federation of Independent Business to raise awareness of online security

Read the headlines and you would think cyber-crime was all about big brands fighting to keep customer data out of hackers’ hands.

You might even think it is about governments and cyber-espionage.

But behind the headlines, there is a day-to-day story of small business under attack.

So to mark National Cyber Security Awareness Month, we’re working with the National Federation of Independent Business (NFIB) to share free tools and resources and about online threats.

Through October, we’ll help NFIB members and small business owners learn more about some of the practical issues around cybersecurity.

We’ll share information about the common tricks and tactics of hackers, and we’ll explore the issues around Bring Your Own Device (BYOD) and the challenge of keeping a business secure when the lines are blurring between an employee’s personal tech and their professional life.

This week we’re encouraging small business owners and NFIB members to take our AVG Small Business IT Security Health Check.

It’s a simple free tool to help business owners think about how well-prepared they are against cyber threats.

The tool poses 17 multiple choice questions across a range of security topics: from password security to IT infrastructure.

There are also questions about what plans business owners have in place to deal with the fall-out if a security breach happens and customer, employee or suppliers’ personal information is compromised.

In the weeks ahead, we’ll share updated versions of our free ebooks through the NFIB’s regular email newsletter to members:

  • Digital Policy Guide
    What kind of issues emerge from employees and business owners using social media for personal and professional life? This guide looks at how social media can be a positive tool for businesses – and a management challenge if it’s misused. Download the guide.
  • Hackers and Hacking
    What are hackers looking for and what are their common tricks and tactics? Employees’ payroll data? Customer and suppliers’ bank details? This guide covers the threat of hacking, the motives behind it, what is at risk and how to combat these kinds of attacks. Read the ebook.
  • Bring Your Own Device
    Mobile tech from smartphones to tablets means that employees can keep in touch with friends and family on the same device they use to keep track of work emails, appointments and data. So what does that mean for your business? This guide looks at the issues around BYOD.

Sadly, there’s no way to stop hackers from trying to breach the virtual defences of small businesses. Wherever they are in the world, hackers will keep trying to find valuable data and disrupt business operations. And as Steve Chabot (R-OH), Chairman of the Congressional Small Business Committee, explained earlier this year, 71 percent of cyber-attacks are targeted at businesses with fewer than 100 employees.

So we hope our association with the NFIB will spread awareness of the issues and help small business owners feel better prepared to deal with online threats and ready to take steps to make their businesses more secure in future.

Gamers can have a big impact on cybersecurity

Video games are very big business. The industry was calculated at $22.41 billion in the U.S. alone, by the researchers at NPD Group in 2014.

The insatiable appetite for games and resulting economic impact of gamers has been credited with driving major tech industry advancements, from better graphics that require ever-higher processor speed to driving down costs of pricey tech innovations making it more accessible in all markets.

Perhaps now is time for gamers and game developers to play a role in helping to shape cybersecurity.

New research shows concerns about cybersecurity among gamers and that the majority of gamers lack confidence in game developers’ ability to ensure their security. According to a new study by PlayFab, the back-end services provider for games, 83% of gamers believe that game developers should be responsible for securing a player’s personal data – though fewer than 40% said they currently feel confident with the safeguards.

When asked about the security of their game accounts and experiences, more than 80% ranked either personally identifiable or financial related information as the most important thing to protect. The concern is not surprising, considering high profile data security breaches that have taken place across the industry, including the huge hack of the Sony PlayStation Network, when hackers stole identity information for up to 77 million players.

“These survey results underscore both the opportunity for game developers to improve trust by focusing on security measures, and the importance that they do so to safeguard an audience that relies on them,” noted James Gwertzman, co-founder and CEO of PlayFab.

Meanwhile, gamers are also being enlisted to help the cybersecurity industry fight cybercrime – by doing what they do best.

In the UK, gamers are being recruited to fill the cybersecurity skills gap as part of the Cybersecurity Challenge UK, a government and industry-backed program designed to promote cybersecurity as a profession.

As part of the effort, the UK government has launched a new 3D video game platform, a browser-based massively multiplayer online game (MMO), where members of the general public of all ages and abilities are invited to participate and crack codes in cybersecurity games.

Stephanie Daman, the CEO of the Cybersecurity Challenge UK recently told the tech website Motherboard, “…a lot of people who are very good at cybersecurity are also gamers.” She identified a convergence of traits that make gamers good security professionals, “It’s that urge to find out how something works, to pursue a trail, to get to the end, to see what’s there.”

If we can transfer gamers concerns around cybersecurity and apply their skills to protect our data, everyone wins.

Game on.