Tag Archives: Panda Security

How to avoid hacking to Critical Infrastructure

panda-security-infrastructure

The cyber-attacks on the backbone of today’s economies are materialized in those assaults that affect society as a whole. The strategic priorities of national security include infrastructure exposed to the threats that can affect the operation of essential services.

PandaLabs, Panda Securitys anti-malware laboratory, has released a whitepaper called “Critical Infrastructure: Cyber- attacks on the backbone of today’s economy” with a timeline of the most notorious cyber-security attacks around the world on critical infrastructure, and recommendations on how to protect them.

Malware and targeted attacks aimed at sabotaging these networks are the main threats to critical infrastructure. Oil refineries, gas pipelines, transport systems, electricity companies or water supply control systems all form part of a technologically advanced industry where security failures can affect the whole of society.

Malware and targeted attacks

Today’s increasing trend towards interconnecting all types of infrastructure also increases potential points of entry for attacks on the services that have become essential for today’s societies.

This is apparent with the cyber-attacks that have been carried out in the past against these networks, the first of which took place in 1982, even before the Internet existed. In this case, attackers infected the systems of a Siberian oil pipeline with a Trojan.

critical-infrastructure-pandaIn addition to paralyzing and reducing services, which was what happened to the Venezuelan oil company PDVSA when it was hit by an attack that reduced production from 3 million barrels a day to 370,000, such attacks can also have a significant financial impact. One of the largest car manufacturers in the USA was left with losses of around US$150 million thanks to an attack using SQLSlammer, which spread rapidly and affected 17 production plants.

The threat is real

panda-security-crtical-infrastructureOne of the most infamous cases of cyber-attacks on critical infrastructures in history was Stuxnet. It is now known that this was a coordinated attack between the Israeli and US intelligence services, aimed at sabotaging Iran’s nuclear program. The case became the catalyst that made the general public aware of these types of threats.

Over the years there have been key events that have marked turning points in global security, such as the 09/11 attacks. In Europe, there was a similar key date, March 11, 2004, the date of the Madrid train bombings. As a result, the European commission drew up a global strategy for the protection of critical infrastructure, the ‘European Programme for Critical Infrastructure Protection’, which includes proposals to improve Europe’s prevention, preparation and response to terrorist attacks.

How could these attacks have been avoided?

The technical characteristics and the high level of exposure of data that can be stolen means that special care needs to be taken in protecting these infrastructures, including a series of good practices, such as:

  • Checking systems for vulnerabilities.
  • The networks used to control these infrastructures should be adequately monitored and, where necessary, isolated from external connections.
  • Control of removable drives is essential on any infrastructure and not just because it has been the attack vector for attacks as notorious as Stuxnet. When protecting such critical infrastructure, it is essential to ensure that malware doesn’t enter the internal network through pen drives or that they are not used to steal confidential information.
  • Monitoring PCs to which programmable logic controllers (or PLCs) are connected. These Internet-connected devices are the most sensitive, as they can give an attacker access to sensitive control systems. Moreover, even if they don’t manage to take control of a system, they can obtain valuable information for other attack vectors.

In light of this panorama, protection against advanced threats and targeted attacks is essential. Adaptive Defense 360 offers comprehensive security against these attacks and provides companies with all they need to defend themselves and close the door on the cyber-security vulnerabilities that can, in the end, affect us all.

Download the infographic “Cyber-attacks on the backbone of today’s economy” here.

Download the Whitepaper:

international

International Edition

 

Russia

Russian Edition

 

PortuguesePortuguese Edition

 

swissSwiss Edition

 

The post How to avoid hacking to Critical Infrastructure appeared first on Panda Security Mediacenter.

How To Evaluate a Next- generation Endpoint Protection

Adaptive-defense-document

We are lately seeing blogs attempting to publicly demonstrate that next-generation protection solutions, like Adaptive Defense, are vulnerable. These proofs of concept aim to demonstrate that there are malicious files that evade detection when reaching a system or attempting to run. The problem with these demonstrations is that the writer expects the malicious files to be stopped before being run. But that’s a mistake, and reveals a clear misunderstanding of this new protection model based on the continuous monitoring of process activities.

To be truly effective, a next-generation solution must provide continuous protection against all types of attacks. This means that it must offer continuous prevention, detection at runtime, visibility into every action taken, and intelligence to block malicious actions such as lateral movements.  It is not enough to provide detection at file level based on a list of malware files. Efficient security means being able to protect systems before, after and during an attack.

The cyber-security ‘war’ goes beyond the ‘battle’ of detecting malicious files when they reach a computer or attempt to run. It will be won by whoever is capable of efficiently, seamlessly and unobtrusively monitoring every process running on devices, blocking those that, despite being apparently and initially harmless, show malicious behaviors. Today’s malware is extremely sophisticated and should never be underestimated. But not ony that…

Protection is not only about detecting threats before, after and during an attack, it is also remeadiation and prevention.

That’s why a next-generation solution must also include response and remediation capabilities. These products are known in the security sector as EDR (Endpoint Detection and Response) solutions, and they incorporate forensic analysis tools capable of tracing every action taken on the endpoint in order to remediate and prevent present and future attacks.

Why past methodologies are no longer valid

Panda Adaptive Defense integrates all of those features into a single Next-Generation protection solution based on continuous monitoring, and which provides prevention, detection, visibility and intelligence to block known and unknown attacks. In addition to continuous monitoring via hundreds of sensors, Adaptive Defense also provides forensic analysis tools for efficient remediation and prevention.

When  you read these proofs of concept, you must understand that they are not real. The fact that a security solution doesn’t detect a file as malware at the time of reaching a system doesn’t mean that it is not efficient. On the contrary, in the particular case of Adaptive Defense, it is perfectly possible that the solution doesn’t detect the file at that time, but it will detect it as soon as it attempts to run, or will monitor and block it during an attack.

This ability is not present in traditional solutions based on a more or less generalist malware blacklisting strategy, and which rely on detecting malicious files on the system or when attempting to run. With these solutions, if a malicious file is not classified as malware, it will be allowed to run regardless of the actions it carries out during its life cycle.

Adaptive Defense might also let it run, albeit keeping an eye on it at all times and reporting its activities to our Machine Learning Intelligence platform. This system, which is in constant evolution and correlates data from thousands of endpoints with hundreds of sensors, will determine if the file’s activities constitute malicious behavior, in which case it will prevent it from running. Then, the file will be immediately classified either automatically or by a team of cyber-security experts. This analysis will determine with complete accuracy the nature of the attack. The old model doesn’t provide any of this.

Welcome to the Next-Generation Panda Security!

The post How To Evaluate a Next- generation Endpoint Protection appeared first on Panda Security Mediacenter.

Panda Security Scoop Advanced Award from Computing

panda-security-award

Panda Security were delighted to attend Computing’s Security Excellence Awards 2016, held in the heart of London on 24th November, and took home one of the major prizes with Adaptive Defense named best solution against Advanced Persistent Threats.

This first award ceremony from the UK’s leading business technology publication Computing, celebrating achievements of the IT industry’s best security companies, was attended by hundreds of industry notables and disruptors alike.

prize pandaAs well as some mind-melting table magic the audience were amazed by ‘pretty fly’ compère Chris Turner who took suggestions and items from the audience merging them seamlessly into hilarious improv’ raps.

Amongst those handed out on the night, of special note was the award for Advanced Persistent Threat Solution, as stealthy attacks are becoming increasing more common against organisations, requiring solutions to be one step ahead of the game at all times.

Fending off stiff competition in this hotly contested category from Darktrace, Barracuda and Illusive Networks, Panda Security was announced the overall winner with their Adaptive Defense Solution, with the award accepted by Tony Lee, Managing Director of Panda Security UK & Ireland.

The award was judged according to functionality, differentiation and adoption, and the winner Adaptive Defense is just the latest result of innovation from Panda Security designed to work alongside existing security solutions and protect against APTs and other advanced threats such as Ransomware.

 

For more information on Panda Security’s solutions visit http://www.pandasecurity.com/enterprise/

Congratulations to all Finalists and Winners at this first ever Computing Security Excellence Awards, we are excited for next years’.

The post Panda Security Scoop Advanced Award from Computing appeared first on Panda Security Mediacenter.

The Malware Plateau – Less New Malware

malware-panda-security

Back in 2008 McAfee researcher Toralv Dirro posted a blog on new malware growth slowing – admittedly from an exponential rate to straightforward linear growth – around 20,000 new malware samples each day. He then went on to say that “Now with constant, although still massive, growth there is some light at the end of the tunnel for the security industry”.

Unfortunately this 2008 malware plateau was a temporary respite – by 2010 new malware creation had tripled to 63,000 and in 2015 the quantity received by PandaLabs topped out at 230,000 new samples every day.

Over the last 12 months PandaLabs have seen a levelling-out of new malware at around 200,000 samples per day. This trend is verified by statistics from malware lab AV-Test, and it would appear for the first time in forever the amount of new malware samples released this year will be lower than the previous year.

av-test

 

 

 

 

 

 

For 2016 the red section shows current new malware registered by AV-Test up to 16th Nov and the blue section projects this malware to year end – less than last year.

 

 

 

 

 

 

 

 

So we’re all safer now, right?

Wrong. There are still 200,000 new malware samples every day and cyber-attacks are showing they are more dangerous than ever – with cybercrime making up more than 50% of crimes committed in some countries.

This new malware creation plateau can be attributed to:

  • Less traditional malware – Viruses and worms are being dropped in favour of Trojans, especially ransomware.
  • Highly targeted malware attacks – Upwards of 90% of malware is unique to a specific endpoint rendering signature and heuristic detection useless, and the samples less likely to reach malware labs.
  • Self-destruct malware – we are seeing examples of Ransomware and APTs that once successful in their mission delete themselves, as if antivirus vendors can’t identify the malware it can be used again.

Also attackers are using alternative techniques to gain access:

  • Social engineering – the amount of data freely available on for businesses and endusers online means compromising their systems can be done without malware.
  • File-less attacks – there has been an increase of threats that instead of using malware files they abuse legitimate system tools (such as PowerShell) in conjuction with registry entries, allowing to exfiltrate data from a business – with no exploits used, no malicious URLs and no malware ever touching the system.
  • The rise of the Internet of Things – Routers, IP cameras and even thermostats and baby monitors, with poor security design and often default settings, are giving easy access to work and home networks. Once in the crooks have easy access to your data or can use your devices to conduct Distributed Denial of Service (DDoS) attacks on others.

To combat the evolving threat landscape Gartner recommend that businesses improve their existing security with Endpoint Detection and Response solutions, such as Panda Adaptive Defense.

Written by Neil Martin, Marketing Manager at Panda UK.

 

The post The Malware Plateau – Less New Malware appeared first on Panda Security Mediacenter.

A phishing attack is launched every thirty seconds: 6 tips to protect yourself

Phishing continues to blight the Internet and is a thorn in the side of companies around the globe. Not only is it one of the most serious problems facing any company with even a minimal activity on the Web, it is also an ever-increasing threat.

phishing-tips- panda- securitySo much so, that a recent study has revealed that in the last year alone there have been more than a million attacks of this nature. This means that on average, a phishing attack is launched every thirty seconds with the aim of defrauding companies and home-users alike. In the case of businesses, the damage inflicted by this onslaught is nothing short of dramatic: the total cost to companies around the world is in excess of 9,000 million dollars, more than 8,000 million euros at today’s exchange rate.

The total cost to companies around the world is in excess of 9,000 million dollars.

Given this situation, in addition to having proper protection, it is more important than ever that companies follow a series of recommendations to prevent falling victim to an attack that could have grave financial consequences. Checking the source of each email you receive and not accessing bank websites from links included in emails are two of the basic precautions you can take to avoid falling into the traps set by cyber-criminals.

What makes these and other similar measures so essential is the dramatic increase in phishing attacks that has taken place over the last year. In the second quarter of 2016 alone, more than half a million unique attacks were identified, that’s a 115 percent increase on the previous quarter. Moreover, the increase with respect to the same period in 2015 is even more alarming: 308 percent.

In the second quarter of the year “Phishing” attacks have been incresing in a 115 %

To counter this situation, it is essential for companies to ensure that their employees are aware that they must only enter confidential data on trusted websites which, as with all secure pages, have an address starting with HTTPS. Phishing attacks are on the rise and they are also evolving. Now, for example, not only are they aimed at identity theft on social networks or taking money from current accounts, they are also being used to steal from e-Wallets.

 

The post A phishing attack is launched every thirty seconds: 6 tips to protect yourself appeared first on Panda Security Mediacenter.

AtomBombing, a new threat to your Windows

atombombing panda security

A few days ago Tal Liberman, a security researcher from the company enSilo revealed a new code injection technique that affects all Windows versions up to Windows 10. Due to the nature of this technique it is unlikely that it can be patched. In this article I’d like to shed light on this attack, its consequences and what can be done in order to protect ourselves.

How does it work?

Basically this attack takes advantage of the own operating system to inject malicious code and then use some legit process to execute it. Although it is not that different to what malware has been doing for ages (malware has been injecting itself in running processes for decades) it is true that the use of the atom tables (provided by Windows to allow applications to store and access data) is not common, and it is likely to go unnoticed by a number of security solutions.

This attack is not common, and it is likely to go unnoticed by a number of security solutions.

The best explanation you can find so far is the one made by Tal in his blog “AtomBombing: A Code Injection that Bypasses Current Security Solutions”.

If there is no patch and it affects all Windows versions, does it mean that we are under great danger?

Not really. First, in order to use this technique malware has to be able to be executed in the machine. This cannot be used to remotely attack and compromise your computer. Cybercriminals will have to use some exploit or fool some user into downloading and executing the malware, hoping for the security solutions in place not to stop it.

Is this really new?

The way the attack is performed to inject code is new, although as I mentioned earlier malware has used malware injection techniques for a long time, for instance you can see that in many ransomware families.

 

atombombingNew, but not that dangerous… why the panic?

As I said first malware has to be executed in the machine, but we know that at some point this will happen (not a matter of IF, but WHEN.)

Many security solutions have the ability to detect process injection attempts, however to do this they rely on signatures, therefore many of them are not able to detect this particular technique nowadays. On top of that, many of them have a list of trusted processes. If the malicious code injection happens in one of them, all security measures from that product will be bypassed.

 

Finally, this attack is really easy to implement, now that it is known there will be a number of cybercriminals implementing it in their malware sooner than later.

What can we do to protect our company’s network?

On one hand, traditional antimalware solutions are great to detect and prevent infections of hundreds of millions of different threats. However they are not that good at stopping targeted attacks or brand new threats.

On the other hand we have the so called “Next Gen AV”. Most of them claim that they do not use signatures, so their strength come from the use of machine learning techniques, which have evolved greatly in the last few years, and they have shown they are pretty good at detecting some new threats. As they know their weakness is that they are not that good stopping all threats, they have a great expertise in post-infection scenarios, offering a lot of added value when a breach has already happened. Another issue they have is that machine learning won’t give you a black or white diagnosis, which translates into high false positive rates.

Using traditional antimalware + Next Gen AV is the best approach?   

Not the best, although it is better than using just one as they can complement each other. It has however a few downsides. As a starter you have to pay for both. Although it can be justified due to the overall protection improvement, it means you will need extra budget for the extra work (false positive exponential growth coming from Next Gen solutions, different consoles to manage each one, etc.) Performance can become an issue is both are running in the same computers. And finally these solutions don’t talk to each other, which means you are not taking full advantage of the information each one handles.

Panda Solutions for Companies combine the power of the traditional solutions and the machine learning techniques.

The best solution is one that has both capabilities, one that has the power of traditional solutions as well as long experience in machine learning techniques combined with big data and cloud. Working together and exchanging information, with a continuous monitoring of all running processes, classifying all programs that are executed on any computer of your corporate network and creating forensic evidences in real time in case of any breach. Only deploying a small agent that will take care of everything, using the cloud for the heavy-processing tasks offering the best performance in the market. In other words, Adaptive Defense 360.

 

The post AtomBombing, a new threat to your Windows appeared first on Panda Security Mediacenter.

New Panda Security Loyalty Program

pandasecurity-antivirus-renewal

We’ve a plan for you: Discover the New Panda Security Loyalty Program

We have good news for you. Here at Panda Security we have launched a new Customer Loyalty Program to reward our customers with more favorable renewal conditions.

The Plan includes special renewal discounts that will increase year after year to reach 50% from your third renewal onward. That is, the longer you stay with us, the more you’ll save.

How to you join the program?

It’s as easy as selecting the auto-renewal option when you first purchase your product. That way, you’ll ensure you are always protected with the latest advances in computer security and the best services to ease and protect your digital life at the best price.

It’s as easy as selecting the auto-renewal option when you first purchase your product. That way, you’ll ensure you are always protected with the latest advances in computer security and the best services to ease and protect your digital life at the best price.

pandasecurity-antivirus-renewal-2

Also do not forget to get the most out of your protection, it is much more than a simple antivirus.

Panda’s protection offers you features like:

1. Wifi monitor that helps you to control the devices that use your network, being able to block those that could be using it without permission. Goodbye neighbors!

2. Parental Control to you keep your children safe from contents that are not appropriate to their age.

3. Data protection so you can browse and shop online without fear of having your personal information stolen.

4. Devices optimization so that they always perform as if they were new.

5. Password Management to manage from a single tool the different passwords of services like email, online bank or your Netflix account.

6. Protection for mobile devices:

7. We also offer Support service to our Premium Gold Protection customers. It Will be like having a computer technician at home

Stop worrying and join our plan.

The post New Panda Security Loyalty Program appeared first on Panda Security Mediacenter.

97% of Large Companies are Victims of Mass Data Breaches

data-breachAshley Madison, Dropbox and Yahoo have something in common—they are all victims of mass data breaches where user log-in credentials were stolen. Sadly, this type of tactic has become more common over the last year. What’s even worse is that it seems like this will continue to be an objective for cybercriminals—after all, why wouldn’t they want access to millions of users’ data? The greater the risk, the bigger the reward.   

Large corporations cannot escape these attacks. Although you might think that regular internet users are the targets of these attacks, most cybercriminals are after large corporations. Despite the security solutions that companies can implement, a recent study has revealed that 97% of the thousand largest companies in the world have been victims of data breaches.

The 97% of the thousand largest companies in the world have been victims of data breaches.

Many users choose to use their corporate email when signing up for one of these online services which, over time, will be victims of some type of attack. If a business’s employees always use the same password to access different platforms, regardless if they use their work email or a personal one, the situation becomes much riskier.

Following a recent investigation, out of all the mass leaks that have affected large corporations, LinkedIn suffered a massive data breach during the attacks last May. Adobe was a victim of a similar attack during 2013. It’s no wonder these two companies were hit: both services are accessed by professionals who use their corporate emails to log-in.

However, the LinkedIn and Adobe cases are not the only multinational companies who have been victims. In fact, the study also reveals one of the most famous data breaches, the Ashley Madison attack that endangered thousands of corporate emails linked to large corporations.

Large economic consequences

The danger these data breaches have on corporate accounts is much greater than simply affecting the company’s reputation. In fact, according to a recent report by the Ponemon Institute , these data breaches cost companies an average of 4 million dollars, that’s more than 3.5 million euros.  With that said, make sure your employees are educated on the matter—While signing up for one of these services, they shouldn’t use corporate information like business emails, and they should make sure they use different usernames with several complex passwords.

The post 97% of Large Companies are Victims of Mass Data Breaches appeared first on Panda Security Mediacenter.

Tales from Ransomwhere: Macros & Ransomware(s)

tales-ransomware-7

How does MW get into systems?

This ransomware’s initial infection vector occurs when it’s sent/received through Phishing campaigns.ransomware-macros-6

First, the user receives an email with the malicious file in zip format, giving the illusion it is a zip, but in this case, the user also receives some type of invoice; this varies depending on the message received or the name of the file. On this occasion, the received file has the following name: Receipt 80-5602.zip, as seen in the screen capture.

In this compromised file you will find a Microsoft Office document, or more specifically, an Excel with the extension “.xls” containing macros (codes are in Visual Basic Script)

How is this Code/Macro Executed?

By defect,  unless we have the macro execution forced in Excel, the damaged code will not automatically run, unless, an advertisement appears indicating that the document contains macros, as demonstrated in the second screen capture.

ransomware-macros-2

And…What is this Macro?

The basic feature of this macro is to use the “dropper”, what we mean is, download and execute the other binary file, in this case a file encrypter or ransomware; although it could have been another malicious program like RATs, backdoors, bots, etc.

In this case, as with droppers, the file (or payload) runs on a remote server when executed.

ransomware-macros-3

Once the macro is executed, it is now in charge of taking the next steps: downloading and deciphering the remote file that is encrypted, and afterwards, ejecting it.

If we look at the name of the file running from the macro, or its command-line execution, we will see that the ransomware comes by DLL format; this has become increasingly more common. In addition, it requires that an export is indicated to operate, in this case “qwerty”, as shown in the following screen shot:

ransomware-macros-6

Why do it this way? Simply because a lot of systems that update the malware analysis (sandboxes) have problems when they execute programs/codes/libraries that require parameters, that are sometimes unknown.

Once encrypted, this library’s MD5: 586aaaaf464be3a4598905b5f0587590

Finally, from PandaLabs we would like to give you the following advice: if you don’t want to have an unwanted surprise, when you receive Office documents from unknown senders do not click the button that says “activate macros”. Lastly, make sure your antivirus solutions and systems are always up-to-date!

The post Tales from Ransomwhere: Macros & Ransomware(s) appeared first on Panda Security Mediacenter.

Advanced Reporting Tool, an Intelligent Control Platform

art-main

A platform that can detect a company’s internal threats? Many organizations and companies could have avoided major scandals if they acted in time: there’s the case of Snowden and the stolen NSA files, Bradley Manning and the US diplomatic cables, and Hervé Falciani and top-secret information from the HSBC private bank. These are all clear examples that, with cybersecurity, you can’t just cross your fingers and think “this won’t happen to me”. Any business could be threatened by an insider.

That’s why Panda Security has introduced the latest version of its Advanced Reporting Tool. This efficient and easy-to-use tool satisfies business needs; it is capable of maximizing Big Data performance to control the corporate resources.

Threats in the Workplace

PandaLabs detects 200,000 samples of new malware daily. It is imperative for businesses to control all security issues, especially those that stem from the misuse and abuse of corporate resources, leading to attacks, threats, vulnerabilities, or data leaks.

art-2

 

While Adaptive Defense collects all information on processes running on the endpoint, the Advanced Reporting Tool automatically stores and correlates this information. The platform automatically generates security intelligence that allow users to identify strange behaviors or problems.

 

 

The Advanced Reporting Tool enables the IT administrator to:

  • Focus on relevant information, increasing efficiency in the IT department by finding security risks or misappropriation in the corporate infrastructure.
  • Pinpoint problems by extracting behavior patterns from resources and users, identifying its impact on the business.
  • Alert in real-time about all events that could be a potential data breach.
  • Generate configurable reports showing the status of key security indicators and how they are evolving.

What does the latest version offer?

art-1In addition to the existing Big Data Cloud Service and its real-time alerts, the latest version includes predefined and adaptable analysis with three different action areas:

  • Information about IT security incidents: generates security intelligence then processes and associates those events as intrusion attempts.
  • Controls network applications and resources: detects user patterns of IT resources.
  • Controls access to business data: shows any access to confidential information and its online traffic.

 

Feedback from SIEM system

For organizations already using a SIEM, the Advanced Reporting Tool compliments it providing a SIEMFeeder which feeds your SIEM relevant data and associates it with the information you already have.  The SIEMFeeder gathers information from all endpoints that are protected by Adaptive Defense.

The feedback provided by the SIEMFeeder enables you to detect insiders before they become the biggest threat to your business.  The SIEMFeeder creates behavioral logics and locates all anomalies existing in your technological system.

The post Advanced Reporting Tool, an Intelligent Control Platform appeared first on Panda Security Mediacenter.