Archive for the ‘Security’ Category

Get Updated on Latest Ransomware Attack !

June 29th, 2017 Comments off

What is NotPetya?

The primary side effects of the attack showed up on June 27 in Ukraine, with the National Bank of Ukraine and the Kiev International Airport both got hit hard. Indeed, even Chernobyl’s radiation monitoring system has apparently been influenced. In any case, NotPetya, which focuses on the Windows systems, didn’t remain there. Microsoft has confirmed that PCs in 64 extra nations have been contaminated.

The ransomware, purported on the grounds that it requests an installment from clients in return for retrieving their records, seems to utilize some code from a prior ransomware known as Petya. Nonetheless, this most recent rendition hopes to have been soaked up with the supposedly stolen NSA abuse EternalBlue — a similar attack that drove the spread of WannaCry — and all things considered has security scientists calling it “NoPetya.”

As per renowned security firms all over the world, NoPetya is very nasty and dangerous as it not only encrypts the systems files but modifies the master boot records.

Once a system is contaminated, a message is shown requesting $300 worth of Bitcoin in return for a decoding key. In any case, as the recorded email address for affirming that the payoff has been paid has been closed around the email supplier, there is almost no possibility a decoding key will be given regardless of the possibility that a victim pays.

Basically, those hit by NotPetya can kiss their information bye bye.

Preventions are always better than cure

  • It is always good to have a Domain Message Authentication Reporting & Conformance (DMARC), Sender Policy Framework (SPF), & DomainKeys Identified Mail (DKIM) for your domain, it’s a domain validation system designed to prevent spam.
  • Don’t click on any links or attached documents from an unsolicited email or SMS message.
  • Regularly update security and software patches of your operating systems.
  • Install updated antivirus software’s on your computers and mobile devices and avoid visiting disreputable websites including illegal movie streaming sites and some adult’s websites.
  • Take regular backups of your important data and make sure your devices are not connected to your systems or else even they can be corrupted.
  • Enable restrictions on the execution of PowerShell’s/WSCRIPT in enterprise environment. Make sure you use the latest version (currently v5.0) of PowerShell.
  • Restrictions on the execution of PowerShell’s/WSCRIPT in organizations. Ensure you utilize the most recent form (as of now v5.0) of PowerShell.
  • Software Restriction Policies (SRP) need to be implemented strictly in order to block binaries running from %PROGRAMDATA%, %APPDATA%, %TEMP% paths.
  • Instigate email filters on the network as the Petya Ransomware is spread majorly via emails.
  • Keep the Softwares and application updated with latest security patches.
  • Ensure the codes and scripts are well optimized
  • Disable remote desktop connections
  • Enable system and network firewalls to avoid any loopholes.
  • Do not pay any money in case the systems get compromised as there is no guarantee of retrieval.




How to Increase IT security of an Organisation?

January 20th, 2017 Comments off

Security – A term which was not so popular a decade ago. Security was earlier in terms of financial safety and home safety. Now, this term plays a huge role in the Information Technology sector and gaining widespread importance. Security tops the priority list of almost all CIOs. Data breaches and Cyberattacks concern top decision makers on a daily basis. In 2015, the average cost of data breach went up to £2.37 million.

Last year, in 2015, the percentage of security incidents rose up to 38% whereby even high profile companies were a part of it. A recent leak of login credentials of Twitter users signifies the rise of cyberattacks. So, this year is also not different with attackers constantly on the lookout to steal valuable business data.

Planning for the predictable

While organizations should take preventive steps in order to ensure a breach doesn’t take place, but cybercriminals today being smart enough using sophisticated techniques signifies that in reality they are also planning for a predictable breach. On a daily basis, if we consider, many organizations are likely to face major number of attacks and the sad truth is that at least one attack will be successful.

Organizations should adopt new approaches to deal with cyber attacks so that the risk is reduced and costs resulting from such a breach are also minimized. A prerequisite of properly framed IT security is preventive measure. However, having preventive measures is not just enough. More focus should be given to detection and damage limitation. Organizations should not think from an “IF” perspective but from a “WHEN” perspective thereby limiting the damage hackers can cause.

Security Investment

More investment should be made in detection tools which help in identifying any breach sooner. The time taken by the enterprise to discover a breach will become more interesting to customers and regulators and hence detection will logically take place a noticeable role in IT security measures. This becomes a public indication regarding an enterprise’s vigilance as the time taken between breach and detection is into months or even years eventually a significant damage is caused on enterprise reputation.

When more focus is given on damage limitation, it helps in mitigating the effects caused by security breach. The approach of detect and devalue require some innovative thinking from top level decision makers to administrators of IT systems. For this, more brainstorming sessions should be taken to identify the worst scenarios of breach and what solutions can be developed. This will help the enterprise to properly form the preventive steps limiting the damages as well as ensuring the victory of detect and devalue policy.


Data security: Rethinking the perimeter

January 3rd, 2017 Comments off

Business computing is the new buzzword these days. It is happening everywhere, offices, homes even on smart phones. Because of this, one can witness the transformation so caused in work as well. As per Harvard Business Review, every employee, company and even industry of the economy now deploy digital technologies.  And as per Okta’s recent report, on an average, organizations deploy between 10 and 16 off the shelf cloud apps and this number has grown almost 33% over last year.

This number clearly signifies that organizations irrespective of the size are concerned and are taking steps to secure increasingly mobile workforces. Nevertheless, cloud enabled technologies are helping individuals to be productive along with it bringing a range of challenges. Day by day, the number of employees using personal devices to access both work and personal information is increasing, thereby eliminating the traditional work culture. One challenge is that with data and information shifting to the cloud, security teams is able to look for a part of user activity on the enterprise’s personal internal systems. What can they do to secure their perimeter without comprising user productivity? Enterprises should concentrate on safeguarding user identities rather than having a secured network.

The Identity Perimeter

According to a recent report by Accenture, 51% of top decision makers of the organization are worried about the security as a challenge for taking digital technologies on board. Organizations have acknowledged the fact that applications are present outside the firewall., passwords are increasingly becoming a liability and devices are no longer controlled by IT that accesses enterprise data. For keeping end user computing secure, a better way is needed to control and secure an increasing number of users, applications and devices which spans network boundaries and traditional company.

Outmoded security approaches have always focused on founding network perimeters and then the layers of the firewalls, IDS, VPNs and DLP systems to fragment and secure data and users. However, the actuality these days is that users define the network perimeter and more precisely, their identity. Something that has become complicated is safeguarding this network perimeter and handling identities access to applications. IT should understand the access to data and applications should be given to whom, what are they doing and where they are accessing the data.

Thus, many enterprises are focusing beyond securing the network and enterprise owned devices, safeguarding internal and external individual identities and information instead of just devices. Taking into consideration contextual data about devices and users and behavioral patterns, unauthorized attempts can be detected more accurately to access enterprise data. With this the risk can be better mitigated by IT individuals from a security breach to efficiently guard the business.

Regaining Control Through MFA

The growth of social media has served as platform for attackers to misuse personal information in order to respond to typical security questions. This is triggering a huge number of organizations to deploy MFA (Multi Factor Authentication) to be protected against the series of malicious activities that are carried by stealing login credentials.

MFA which is extremely secure authentication mechanism is basically using two or more diverse types of authentication like a password and a temporary key which is directed to a user’s phone, email address, dongle or application in order to ensure that users are as true against the identity provided, eliminating the jeopardy of unauthorized access.

Even if the password is stolen, when MFA is deployed, attackers cannot access the account without also deceiving the second authentication mechanism. It is more difficult for attackers to break the perimeter when more contextual data is used by the organization to authenticate a user.

Minimising Risk in the New Perimeter

Nowadays, everything is around identity. With cloud hosting booming, it has become imperative to adopt a holistic approach for network and its surroundings irrespective of its complexity. Handling identity with single sign –on as well as provisioning offer organizations an improved way to control and have a secured access for increasing number of users. With this approach, IT decision makers can benefit themselves from real time data and the agility to respond to the continuous changing workforce and enlarged acceptance of applications.  In short, such solutions make sure that all users get themselves aligned with data security procedures, passing more control to IT on different applications, user types and access points will be connected to its cloud structures.

Adopting the new approach and handling identities with SSO will help organizations to rapidly and securely familiarize with the every changing surrounding. Minimize the concerns on visibility of devices, applications and users, delivering individuals with access the applications they require, where and when they want them, eventually growing their productivity.

SSL Certificate for Security and Credibility of Your Website

December 19th, 2016 Comments off

With the increasing trend of online shopping, online shoppers are very careful and want to be assured that their crucial information is safe. SSL certificate provides encryption of sensitive and crucial data like credit card and personal information. It also proves that your online website is trust worthy and reliable to your customers.

Why SSL certificate is important

E-commerce sites must have an SSL certificate. As an owner of an e-commerce site, it is inevitable for you to protect your customer’s sensitive information. SSL certificate acts as a shield and makes sure that information is not misused. If an inappropriate person somehow gets access to your customer’s credit card or debit card information, it will prove dangerous to you and create negative publicity of your brand. Your customers should know that their information is of prime importance to you and you are implementing solutions to protect them.

If you store credit card information on your database, you can process it using an offline POS machine or charge it manually on your merchant account’s website. For securing the credit card information which is transferred, you definitely need an SSL certificate.  You also need to be cautious with the data when it is stored on servers.

As long as it is not creating problems, you can opt for shared SSL certificate which web hosting providers give instead of buying your own SSL certificate. However, a shared SSL certificate will not provide 100% assurance to your customers regarding the security of their information. It doesn’t include your website or organization name in it and may give a warning.

If you want your own SSL certificate, you can own it. Many web hosting providers provide SSL certificate along with their other services. You will have to pay for having an SSL certificate.  But will not charge for an SSL certificate. Whether it is free or paid, SSL certificate is extremely important for your website to stand in the competitive environment.

Mamba Ransomware Encrypts Your Hard Drive, Manipulates the Boot Process

December 8th, 2016 Comments off


Typical Ransomware behavior involves encryption of a user’s computer files after they run an executable program, or maybe a Javascript file, in order to lower suspicions. However, a new anxiety of ransomware goes for a bigger piece of the cake, encrypting a whole hard drive apart from the files themselves.

Named Mamba or HDDCrypt, the malware was primarily discovered in the Morphus Labs in Brazil. It was also found not only in the machines of the United States but also in the machines of India.  Renato Marinho, a researcher at Morphus Labs said that, the malware is supposed to spread via phishing emails and malicious downloads.

 Its starts overwriting the host computer’s Master Boot Record (MBR) with its individual variant when it infects the machine. And then it will be able to encrypt the hard drive.

 It would imply that if the computer is unlocked, the system would load partially, and it would show the screen controlled by the Mamba Ransomware. It will reject to boot the PC until the decryption key is given, which will set back the user one Bitcoin. It will then use two programs called “mount.exe,” & “dccon.exe.” these are liable for encrypting the files on the computer, and all mapped network drives.

Via Morphus Labs

The ransomware note reads:

“You are Hacked ! H.D.D. Encrypted , For Decryption Key Contact Us ([email protected]) YOURID: 789456”

“Mamba encrypts the entire partitions of the disk,” Marinho said. “It uses a disk-level cryptography and not a traditional strategy of other ransomware that encrypts individual files.”

While the Mamba ransomware appears to act a lot like the Petya ransomware, which also manipulates the boot process, the former uses free and legitimate tools. It uses Netpass, a free network password recovery tool, as well as DiskCryptor, an open source disk encryption utility.


As per standard, be careful of the website that one visits and the file that one downloads, as malware such as Mamba is continuously waiting for it’s another victim.

Ransomware Main Source in Fueling Cyber Attacks

December 6th, 2016 Comments off


With the rise if ransomware attacks in early 2016, more and more cyber criminals are taking advantage of this lucrative crime spree. It has been reported that hackers have been busy the initial quarter of 2016 developing new domains and sub domains and attacking the authentic ones to carry out their ransomware operations.

The number increased 35 times in just first three months of this year. This does not include the volume of actual attacks but takes into consideration malicious infrastructure. Attackers are rapidly developing new domains and sub domains in order to be ahead of security filters and other blacklists. However, the ransomware’s attack infrastructure is growing is a good sign as it shows that attackers are shifting their focus to these operations.

The threat index was 137 which was the highest all time in first quarter of 2016. While there were other attacks like malware, phishing, distributed denial of service, ransomware domain’s explosion helped in reaching the overall threat index higher. Domains of ransomware, comprising of those hosting the actual download as well as those acting as command-and-control servers for infected machines led to 60% of the complete category of malware. To be precise, ransomware is working

Cybercriminals are shifting their focus to big money, big industrialists rather than small businesses. Cybercriminals don’t have to attack many victims for $500 each if they can get $17,000 from a single prospect.

FBI reported the latest estimates showing the costs suffered by the victims of ransomware which was around $200 million in the first quarter of 2016 whereas in 2015 it was $24 million. This comprises of expenses of downtime and the time needed to clear off the infection and plus the resources which were required to recover the systems from backup.

It has been witnessed that cybercriminals have abandoned the sow and harvest cycle.  They spent few months developing the attack infrastructure and then some months harvesting and reaping the benefits before doing everything from the start.

The harvest period seems to be less necessary, as criminals get more efficient shifting from task to task, developing domains, attacking authentic domains, developing and distributing malware, pilfering data, and usually initiating harm to victims.

For the matter of fact, such level of threats will be with us for the predictable future; it is just that the nature of threat will change constantly.

Though the fastest growing segment of attacks is ransomware however, it holds a very small percentage in the overall attack infrastructure. The biggest threat is Exploit kits causing more than 50% of the overall index.

Recently, it has been reported that ransomeware’s growth has been rapid; however, it is not the most prevalent threat facing enterprises today. Enterprises are most likely to see phishing attacks, malwares, Trojans, backdoors, exploit kits etc.

According to Microsoft, ransomware accounted for less than 1% OF malware in 2015. In the second half of 2015, the percentage jumped to 50%. To be precise an increase from 0.24% to 0.4%. So, even if we consider 35 times more attacks in 2016, that is still relatively a very small number.

You need to follow some basic steps to stay ahead of ransomware like keeping software up-to-date, tightening security measures and maintaining clean backups.