Tag Archives: News

Panda Security

Where the leading apps keep your company’s data

panda-security-data

The current digital economy revolves around data. Giving up our data is the price we pay for signing up for free internet services, as the companies who provide these services use this personal information in order to fine-tune ads paid for by their true clients: advertisers.

Data is the Internet’s oil. Unlike this limited fossil fuel, however, data is increased in quantity every day. In 2013, it was reported that 90% of the world’s data had been generated in the two previous years, in other words, between 2011 and 2012. The trend has not shifted since then. The companies and countries who control the world’s data reserves will have, as with petroleum, a highly valuable resource on their hands.

90% of all the data in the world in the year 2013 was generated between 2011 and 2012

So, where is the majority of the digital era’s black gold stored? For now, the winner is, by far, the United States. 63.5% of services analyzed by Jorge Morell, expert in the terms and conditions of these kinds of companies, store their data in the US.

A far cry from that figure, weighing in at 1.9%, it appears that Europe has not jumped on the bandwagon of Big Data, so for now it looks like the American domination of the digital market is here for the long haul.

For a more detailed look, 58% of the most visited websites in a country like Spain, the subject of Morell’s research, do not reveal where they store their users’ personal information. As of now, they are not obligated to do so, so many of them make no mention of it in their terms and conditions.

Among those who are transparent in this regard, the clear winner is, again, the United States (36% of all analyzed services), although it is rarely cited as the only one. The ambiguous “and other countries” is thrown into the report haphazardly, as well as the tags Canada, China, or the vague “Outside of the European Economic Area (EEA)”.

When data crosses the pond, companies are legally bound by the Safe Harbor or Privacy Shield agreements to declare where it is stored, hence the fact that national companies are more likely to keep this information a secret.

However, all websites that until now have been silent will soon be required to declare openly the country in which their users’ personal information is stored. The new General Regulation of Personal Data Protection, with which all countries in the EU will have to be in accordance starting in May 2018, will make it compulsory that companies who maintain operations in Europe reveal the whereabouts of their personal data storage for all users, whether companies or the general public.

Such being the case, we shall soon be able to answer with greater certainty the question, “Where do the leading apps keep your information?” For now, we know beyond the shadow of a doubt that in most cases your personal information ends up in or passes through the United States at some point as it bounces around the net.

The post Where the leading apps keep your company’s data appeared first on Panda Security Mediacenter.

Panda Security

How to avoid bogging down your own servers

panda-security-attacks

There’s been a lot of talk recently about DDoS (distributed denial-of-service) attacks in the wake of an incident that left thousands of users without internet access as a result of the collapse of the servers at Dyn, a DNS hosting service. Needless to say, we should be aware of this threat, know how it works, and how to defend ourselves against it. Especially now, in the age of the Internet of Things, which has made it easier for cybercriminals to build an army of infected devices to carry out this kind of attack.

Protecting multiple devices in the Internet of Things leaves much to be desired, opening up a broad avenue for attackers to easily gain access to and control over these devices in order to use them as weapons. In a DDoS, all of these involuntary recruits connect to the server at the same time in order to overwhelm it and render it incapable of responding to legitimate requests. It’s as though a mob of people jumped in front of you in the check-out line at the supermarket not with the intention of buying anything themselves, but rather just to block you from doing so.

This danger may be commonplace and companies should, of course, be weary of it, but the truth is that a company’s servers are much more likely to collapse as a result of their own errors than from an external exploit. This has been confirmed by Google’s experts, who, without citing concrete data, warn of the alarming frequency with which this occurs.

A company’s servers are more likely to collapse as a result of their own errors

 Researchers at the search engine giant allege that programmers and developers often assume that a traffic load will be correctly and evenly distributed by the system, with no contingency plan in place in case it doesn’t work out that way.

Google gives us this example in the way of an explanation. A good amount of mobile apps establish a connection with their servers in a given increment of time in order to fetch information. If there’s no urgency, many apps connect every 15 minutes. In the event of an error, these apps are programmed to resubmit the petition every 60 seconds so as not to have to wait an additional 15 minutes if something in case something goes wrong on the first attempt.

This system reveals its shortcomings when the server, for whatever reason, is unavailable for a given period of time (not necessarily a long one). When it’s back up and running, it receives not only the usual requests every 15 minutes, but will also receive, all at once, an onslaught of requests that were made every 60 seconds during its time offline.

The outcome? A self-inflicted DDoS attack, which could shut down the app as a result of excessive simultaneous connections. If, on top of that, the server goes back offline following this bottleneck of traffic, the chain of incidents will start all over again.

Tips to avoid DDoS attacks

In order to prevent this from happening, the experts at Google offer some advice:

  • First, make it so that the initial 60 second delay doubles with each failed request, so that the second attempt is submitted after 120 seconds, the third after 240 seconds, and so on. That way, the number of requests piled up will be lower when the server returns to normal.
  • They also recommend that the app keep count of the number of reconnection attempts that each user has made, so that the most urgent requests are given priority when the server gets back to normal. This way, the requests that have been waiting the longest will be attended to first, while the rest continue waiting. A traffic bottleneck will therefore be averted, along with unwanted downtime caused by a DDoS attack launched against yourself.

The post How to avoid bogging down your own servers appeared first on Panda Security Mediacenter.

Panda Security

“Cyber-crime is international, but we get stuck with national laws that may not be compatible in this fight”, Righard Zwienenberg

eset- panda- security

Our guest article Righard has been in the IT security world since the late 80’s, and “playing” with computers since the 70’s.

1- At the beginning, computer viruses were almost like a myth. However, over the years, computer attacks became real and they have evolved significantly, along with security solutions. To what extent are we doing things properly? It seems that today there are more attacks than ever before…

Obviously there are more attacks than ever before. In the beginning, having a computer was a novelty, on top of that, the underlying OS was rather diverse. Nowadays, almost everyone has one or more computers or devices. More devices makes the attack vector more interesting (higher chance of success for the cybercriminal) but as many more people are now “into” computers, there automatically are also more people that will exploit for ill purposes. It is inevitable. As in business, where there is an opportunity there will be an entrepreneur, likewise in cybercrime, if it can be exploited, someone will.

With the growth and evolution of the OS’s, security solutions followed. Actually not only the security solutions but also the general perception of security by the public. Guess banking Trojans and ransomware were useful to raise the awareness.

guest-article-panda

Senior Research Fellow, ESET

2- You developed your first antivirus in 1988. Back then, the number of viruses to detect was very small, despite the fact that they already used some really complex techniques. Considering the way computer threats have evolved, would it be possible for somebody today to develop an effective security solution by himself?

Why not? All you need is a good (new) idea and implement it. It may be the holy grail of heuristics and proactively block a complete new type of threat, or even multiple. That is how the current anti-malware products started in the late 80’s. Of course a single issue solution would nowadays not be enough anymore as customers expect a multi-layered, full protection solution and the sheer number of daily new malware will make it impossible to keep up just by yourself. So it will be more likely that you sell your technology to a larger company or you become a niche player in the 2nd opinion market. But… There is nothing wrong with that!

3- You’ve worked with groups that cooperate with governments, agencies and companies. In your opinion, who should be more interested in improving their IT security knowledge?  Governments? Companies? The public sector and authorities?

Sadly all of the above. Education and Awareness is key here. New threats emerge all the time, and you need to be aware of the to defend yourself against it. Or at least be able to check if your security vendor is defending you against it.

Governments try to have all people use digital systems and guarantee people’s privacy, but can they? They say they do, but then, even at large public events like the 2016 elections for the US Presidency, where you would assume all the security is in place, ignorant security flaws pop up.

media-center-eset-panda

In the above case, the official website for – the now elected – Donald Trump allowed an arbitrary URL to show the header above the news archive. That can be used as a funny gimmick, but most likely also be exploited if the arbitrary URL is extended perhaps with script code.

4- You have collaborated with law enforcement agencies in multiple cases of cyber-crime. In your opinion, are law enforcement forces well prepared to fight cyber-crime? Do they have enough resources?

They are well prepared and most of the time have the resources to fight cyber-crime. You will be surprised what they actually know and can do. But what usually is the problematic issue is international laws. Cyber-crime is international, but we get stuck with national laws that may not be compatible in the fight against cyber-crime. On top of that, cyber-crime is digital and very fast moving. Too much legislation prevents swift actions. Politics has to catch up with more organic laws that “go with the flow” and do not takes ages to get updated against the latest threats, allowing law-enforcement to rightfully act against cyber-crime and not to have a case dismissed in court due to old-fashioned legislation.

New threats emerge all the time, and you need to be aware of them to defend yourself against it.

5- Is there an appropriate level of cooperation between law enforcement agencies and security vendors/experts, or do you think there is room for improvement?

Room for improvement is always there. But LEO’s and the private sector already do work together (although as mentioned hindered by (local) laws). Some new cooperation initiatives are actually about to be started and initiated by LEO’s. It clearly shows that working together, it will be easier to reach the mutual goal: to get cyber-criminals locked up, removing safe havens for them.

6- Ransomware attacks can have disastrous consequences for consumers, employees and companies in general. The cost of recovery from a security breach can be very high for an organization; however, what do you think of the expenses a company must face to prevent such attacks?

These must be seen as a preventive measure, a kind of insurance. You do invest for a lock on your door although the door can be closed, right? And when you compare the cost for preventive measurements against the cost after ransomware (the lost work, the lost time, checking and cleaning up the entire network (as you don’t know if it put some executable files of some stolen data somewhere on an open share, or if a backdoor was installed, etc.), the negative public PR, etc.), it isn’t all that expensive. Awareness (and thus proper education) is the key for all people to understand that reporting suspicious activity earlier can actually save a lot of money for the company. In this case, the cost of a report of suspicious activity that turns out to be false is nullified by the cost saved by that single report of suspicious activity where it turns out the threat is real.

Awareness (and thus proper education) is the key for all people to understand that reporting suspicious activity earlier can actually save a lot of money for the company.

7- Righard, you’ve been working with AMTSO (Anti-Malware Testing Standards Organization) since its inception. During this time, you’ve had the opportunity to work in different positions within the organization: CEO, CTO, and now you are a member of the board. What influence has AMTSO had on the world of security solution testing? What difference has it made?

AMTSO had – in my perception – a tremendous influence on the world of security solution testing. Yes of course, it was a struggle in the beginning, errors were made, but now, after repairing the organizational flaws, AMTSO came up with Guidelines and Recommendations that were adopted by testers and vendors, making sure that all testing was done fair and equally. This has also caught the eye of other organizations that are now recommending AMTSO and AMTSO “compliant” tests or to get a product certified by a tester that has adopted the AMTSO Guidelines and Recommendations.

8- What challenges will AMTSO have to face in the near future?

AMTSO is growing and is now changing the Guidelines and Recommendations into real Standard Documents. This is a delicate procedure to complete, but when completed and done properly, a big step forward. As AMTSO is growing and getting more members of different industries, but also from the same industry with motivations or ways of thinking that are different than the established industry, with older and newer companies, keeping it all together to continue to build AMTSO broader and going for AMTSO’s goals, that will be a challenge. But I am sure the new management will be able to do so. I would not have stepped down as CEO/President if I didn’t believe it would be in good hands!

The post “Cyber-crime is international, but we get stuck with national laws that may not be compatible in this fight”, Righard Zwienenberg appeared first on Panda Security Mediacenter.

Panda Security

Malicious office printers could hijack employees’ cell phones

panda-security-printer

At first glance it is just another printer; one of those big machines that sits against the wall of thousands of offices around the country, turning blank sheets of paper into corporate documentation. And as inoffensive as it may seem, just another piece of office furniture, it can become a threat to your company’s confidentiality. While your printers and networks can become one your most vulnerable security holes, the one created by the ‘hacker’ Julian Oliver is quite simply a spy.

Every time you make a call on your cell phone, the device connects to the nearest phone antenna. What Oliver has managed to do is to camouflage a similar antenna inside an everyday office printer.

In this way, the device can intercept all calls made or received from an office, thereby allowing an attacker to spy on conversations or read SMS messages.

In this case, however, there is nothing to be afraid of. This has simply been an experiment through which Oliver has tried to draw attention to the importance of using communication tools with end-to-end encryption, such as the Signal messaging app recommended by Edward Snowden himself.

Yet the fact that is only a demo shouldn’t detract from the lesson to be learnt. In the strategy used by Oliver, every time a phone connects to the antenna camouflaged in the printer, the device sends an SMS. If the recipient responds to any of these messages from an unknown number, the printer prints the SMS message and the ‘victim’s’ phone number, thereby revealing the scam.

What’s more, the printer is programmed to make calls to the phones that connect to its antenna. If someone answers, all they will hear is a Stevie Wonder song. A practical joke that lasts some five minutes; after this time, the printer disconnects the phone from the antenna, allowing it to connect to the genuine mobile network. In the event of a real attack however, the consequences won’t be as entertaining, nor the scare so brief.

Oliver’s experiment serves to remind us of the fragility and vulnerability of the communication networks we use every day. A simple Raspberry Pi motherboard and two GSM antennas would be enough to enable an attacker to camouflage an antenna in a printer and spy on all of a company’s phone conversations and steal confidential corporate information.

The post Malicious office printers could hijack employees’ cell phones appeared first on Panda Security Mediacenter.

Panda Security

The Malware Plateau – Less New Malware

malware-panda-security

Back in 2008 McAfee researcher Toralv Dirro posted a blog on new malware growth slowing – admittedly from an exponential rate to straightforward linear growth – around 20,000 new malware samples each day. He then went on to say that “Now with constant, although still massive, growth there is some light at the end of the tunnel for the security industry”.

Unfortunately this 2008 malware plateau was a temporary respite – by 2010 new malware creation had tripled to 63,000 and in 2015 the quantity received by PandaLabs topped out at 230,000 new samples every day.

Over the last 12 months PandaLabs have seen a levelling-out of new malware at around 200,000 samples per day. This trend is verified by statistics from malware lab AV-Test, and it would appear for the first time in forever the amount of new malware samples released this year will be lower than the previous year.

av-test

 

 

 

 

 

 

For 2016 the red section shows current new malware registered by AV-Test up to 16th Nov and the blue section projects this malware to year end – less than last year.

 

 

 

 

 

 

 

 

So we’re all safer now, right?

Wrong. There are still 200,000 new malware samples every day and cyber-attacks are showing they are more dangerous than ever – with cybercrime making up more than 50% of crimes committed in some countries.

This new malware creation plateau can be attributed to:

  • Less traditional malware – Viruses and worms are being dropped in favour of Trojans, especially ransomware.
  • Highly targeted malware attacks – Upwards of 90% of malware is unique to a specific endpoint rendering signature and heuristic detection useless, and the samples less likely to reach malware labs.
  • Self-destruct malware – we are seeing examples of Ransomware and APTs that once successful in their mission delete themselves, as if antivirus vendors can’t identify the malware it can be used again.

Also attackers are using alternative techniques to gain access:

  • Social engineering – the amount of data freely available on for businesses and endusers online means compromising their systems can be done without malware.
  • File-less attacks – there has been an increase of threats that instead of using malware files they abuse legitimate system tools (such as PowerShell) in conjuction with registry entries, allowing to exfiltrate data from a business – with no exploits used, no malicious URLs and no malware ever touching the system.
  • The rise of the Internet of Things – Routers, IP cameras and even thermostats and baby monitors, with poor security design and often default settings, are giving easy access to work and home networks. Once in the crooks have easy access to your data or can use your devices to conduct Distributed Denial of Service (DDoS) attacks on others.

To combat the evolving threat landscape Gartner recommend that businesses improve their existing security with Endpoint Detection and Response solutions, such as Panda Adaptive Defense.

Written by Neil Martin, Marketing Manager at Panda UK.

 

The post The Malware Plateau – Less New Malware appeared first on Panda Security Mediacenter.

Panda Security

Be careful not to keep your invoices where your competitors can find them

invoices-panda-security

One of the most common and most sensitive documents that companies handle on a daily basis is invoices. Issuing and receiving them is a fundamental activity for every business, however, people are not always aware of how important they are even after being paid or collected.

Together or individually, they can expose critical information that can be very valuable to your competitors, such as customer lists, product and service descriptions, prices and promotions, or details of key agreements.

However, these files are so common in organizations that they are often treated carelessly or with a complete disregard for security by employees, to the point of being sent via email in unencrypted formats, through instant messaging applications, stored in virtual stores more or less accessible to the public, in physical devices such as pen drives, etc. In fact, it’s quite easy to overlook the importance of the information they can provide to a third party.

Invoices are so common that they are often treated carelessly.

Just do a couple of searches on Google and you’ll realize the extent of the problem.     Search for such simple, obvious terms as ‘invoice euros vat inc address tax number date total’ with a filter to show only PDF files, and you’ll find an endless number of sensitive documents that are accessible to the public without companies knowing.

Companies in the textile sector, integrated service companies, travel agencies, etc. The list is too long, especially if you consider how easy it is to protect invoices if you take the appropriate precautions.

First, these and other critical files should never be stored on Internet-facing servers. However, as this can be difficult in the day-to-day reality of the majority of companies, at least it should be checked that those servers are not accessible to the public in such evident places as Google.

In reality, the presence of these and other confidential files in the popular search engine is almost always due to the wrong configuration of corporate servers, or to the fact that these include directories that can be easily crawled by Google’s bots.

Being aware of this and taking the necessary steps to prevent it is one of those simple, effective protection measures that companies often forget about. However, it is very important to understand that invoices contain far more valuable information than may seem apparent at first glance.

The post Be careful not to keep your invoices where your competitors can find them appeared first on Panda Security Mediacenter.