Archive for July, 2017

New Research Report Reveals Trends and Tactics Used in Ransomware Demands

Friday, July 21st, 2017

Analysis of the psychology behind digital ransom notes, commissioned by SentinelOne, sheds light on the range of social engineering tactics used by cyber attackers.

SentinelOne, the company transforming endpoint protection by delivering unified, multi-layer protection driven by machine learning and intelligent automation, has commissioned a new report examining ransomware ‘splash screens’ – the initial warning screens of ransomware attacks.

The report “Exploring the Psychological Mechanisms used in Ransomware Splash Screens” by Dr. Lee Hadlington PhD,1 senior lecturer of cyberpsychology at De Montfort University, London, reveals how social engineering tactics are used by cyber criminals to manipulate and elicit payments from individuals. It provides analysis of the language, visuals and payment types from 76 splash screens, to highlight how key social engineering techniques – fear, authority, scarcity (or urgency) and humour – are exploited by cyber criminals in ransomware attacks.

The report also examines the differing levels of sophistication on the part of the attackers and comes in the wake of recent global ransomware attacks which have struck both public sector and private organisations, causing massive disruption and costing businesses millions2 in lost revenue.

From the analysis of the splash screen samples, common trends highlighted include:

  • Time criticality: In over half the samples (57%), the ‘ticking clock’ device – in which a specific amount of time is given to pay a ransom – was used to create a sense of urgency and to persuade the victim to pay quickly. Deadlines given ranged from 10 hours to more than 96 hours.
  • Consequences: The most likely consequence given for not paying the demand or missing the deadline was that files would be deleted and the victim would not be able to access them. In other screens, threats were made to publish the locked files on the Internet.
  • The Customer Service Approach: 51% of splash screens included some aspect of customer service, such as instructions on how to buy Bitcoins (BTC) or presenting frequently asked questions (FAQs). One example offers victims the chance to ‘speak to a member of the team’.
  • Imagery: The research also examines the use of a variety of imagery, including official trademarks or emblems, such as the crest of the FBI, which instil the notion of authority and credibility to the request. One of the most prominent pop cultural images used was ‘Jigsaw’ – a character from the Saw horror movie series.
  • Payment: BTC was the preferred mechanism for payment; 75% of ransomware splash screens asked for payment in BTC. Over half the sample (55%) contained the ransom demand in the initial splash screen. The average amount asked for by attackers was 0.47 BTC ($1,164 USD).
  • “We know that psychology plays a significant part in cyber crime – what’s been most interesting from this study is uncovering the various ways that key social engineering techniques are used to intimidate or influence victims” said Hadlington. “With ransomware on the rise, it’s important that we improve our understanding of this aspect of the attack and how language, imagery and other aspects of the initial ransom demand are used to coerce victims.”

    “Although ransomware has leapt to the top of the public’s consciousness following recent attacks, what’s been less well documented is exactly how the criminals are manipulating their targets into paying up,” said Tony Rowan, chief security consultant at SentinelOne. “This report sheds light on the most common tactics used, with the aim that, through awareness, we are better placed to advise individuals and businesses how not to be duped by these criminals’ claims.”

    A copy of the full “Psychology of Digital Ransom Notes” report is available for download here.

    Notes for Editors

    Dr. Lee Hadlington PhD FHEA CPsychol AFBPsS, Senior Lecturer in Cyberpsychology and Chartered Psychologist, Psychology and Technology Research Group. De Monfort University, Leicester
    https://www.scmagazineuk.com/multinational-talks-of-100-mil-loss-as-petyanotpetya-leaves-its-mark/article/673198/

    MOBOTIX – Mx6 Camera Line is Complete

    Thursday, July 20th, 2017


    MOBOTIX has introduced the new indoor models c26, i26, p26 and v26, thereby completing the successful Mx6 6MP camera line. The new, higher performing processor delivers up to twice as many images per second as before – at the same resolution. The video data is simultaneously offered in three formats (MxPEG, MJPEG and H.264), as well as in a range of different resolutions. RTSP/multicast makes the Mx6 cameras more flexible. All of the models come standard with intelligent motion detection directly on the camera, and thereby offer more capacity for additional software applications.

    More Power, Easily Integrated

    As with the Mx6 outdoor cameras, now Mx6 indoor models are also available with a more powerful CPU as well as an H.264 encoder. The new processor architecture significantly increases the frame rate, which allows the cameras to do an even better job of capturing fast movements. Moreover, intelligent motion detection is integrated as a standard, and more capacity is available on the camera for additional software applications. The new Mx6 camera system is far more flexible and higher performing, thanks to RTSP/Multicast. The video stream can be displayed on multiple clients simultaneously without reducing the frame rate. Alongside the MxPEG video codec, which was specially developed for security applications, H.264 is available for the first time, ensuring compatibility with the industry standard. Depending on requirements, the focus can be set on high image quality with MxPEG, or the industry standard for video transmission and camera integration can be used. Moreover, Mx6 cameras also offer basic functions in keeping with ONVIF *, a global open interface standard. In this way, the new camera system opens up far more application and integration options for our partners and end customers. Regular software updates ensure that the performance of the Mx6 range continually improves, which in turn guarantees a maximum return on investment.

    “We will continue to remain true to our decentralised concept – storing maximum intelligence in a camera – and thereby offer solutions that go above and beyond traditional applications. At the same time, we are open to generally used technologies such as H.264 and participation in standard forums such as ONVIF. We do not consider these two parts of our approach to be in conflict with each other; instead, they help our range prepare for the future and stay solution-oriented,” explains MOBOTIX CTO Dr. Oliver Gabel.

    Flexibly Protect Interior Spaces

    With a diameter of only 12 centimetres and a weight of approximately 200 grams, the c26 is the smallest and lightest MOBOTIX 360° camera yet for fast ceiling mounting in suspended ceilings. The i26 is ideally suited for corresponding wall mounting, as it is just as compact and discreet. Thanks to its tilt angle of 15°, it provides a complete overview of the room and can thereby replace up to four conventional cameras. The p26 provides maximum flexibility during installation thanks to its manual swivel and tilt functions, and can also completely secure an entire room when it is installed in a corner area, thanks to its 90° lens. The v26 is the first vandalism indoor camera to also offer all MOBOTIX functions. Alongside the standard lenses, an on-wall audio set and suitable vandalism sets are available for optimum protection. All of the indoor models are fitted with 6-megapixel Moonlight sensors and deliver sharp, richly detailed videos, even under poor light conditions (>1 Lux).

    * ONVIF-ready; full Profile S support with future software update

    Palo Alto Networks Upholds Leadership Position in Gartner Magic Quadrant for Enterprise Network Firewalls

    Monday, July 17th, 2017

    Palo Alto Networks, the next-generation security company, today announced that it has again been recognised in the “Leaders” quadrant of the July 10, 2017 “Magic Quadrant for Enterprise Network Firewalls” by Gartner Inc.

    According to the report, “The Leaders quadrant contains vendors that build products that fulfil enterprise requirements. These requirements include a wide range of models, support for virtualization and virtual LANs, and a management and reporting capability that is designed for complex and high-volume environments, such as multi-tier administration and rule/policy minimization. A solid NGFW capability is an important element, as enterprises continue to move away from having dedicated IPS appliances at their perimeter and remote locations. Vendors in this quadrant lead the market in offering new features that protect customers from emerging threats, provide expert capability rather than treat the firewall as a commodity and have a good track record of avoiding vulnerabilities in their security products. Common characteristics include handling the highest throughput with minimal performance loss, offering options for hardware acceleration and offering form factors that protect enterprises as they move to new infrastructure form factors.”

    This marks the sixth consecutive time that Palo Alto Networks has been named a leader in the Magic Quadrant for Enterprise Firewalls, which evaluates vendors’ ability to execute and completeness of vision.

    QUOTE

    “We’re honoured to be recognised by Gartner as a Leader in the Magic Quadrant for Enterprise Network Firewalls. Our mission to protect our way of life in the digital age by preventing successful cyberattacks is enabled by our Next-Generation Security Platform, of which our firewall is a cornerstone. We believe this recognition for the sixth consecutive time validates that the advancements made to our next-generation firewall, including security consistency for public and private clouds, are addressing today’s toughest cybersecurity challenges.”
    – René Bonvanie, CMO, Palo Alto Networks

    Over 39,000 customers in over 150 countries have chosen Palo Alto Networks because of our deep expertise, unwavering commitment to innovation and breach prevention-oriented next-generation platform.

    To learn more about the Palo Alto Networks Next-Generation Security Platform, visit: https://www.paloaltonetworks.com/products/designing-for-prevention/security-platform

    To learn more about the Palo Alto Networks Next-Generation Firewall, visit: https://www.paloaltonetworks.com/products/platforms/firewalls.html

    To read the complete report, visit: http://go.paloaltonetworks.com/gartner

    Scale Up Your Network with Clusters and Ruckus Wireless

    Monday, July 17th, 2017

    Whether managed on premises or by distributed services, networks serve as the information pipeline that ensures the day-to-day operation for nearly every business. As a business grows, so does the size of the network. The goal is to minimise capital expenditure (CAPEX) while meeting today’s needs and to maximise the investment to realise the best long-term total cost of ownership (TCO). In scaling a network to meet growing business demands, how do you retain value on purchased equipment without relegating existing components to obsolescence?

    One solution is “clustering.” By adding network controller capacity, you can still make use of your existing controller services. With a highly integrated base controller design architecture, this becomes a viable approach.

    There are two basic design options:

    Active-Passive – Where a secondary controller service simply monitors an active controller and is only activated upon failure of the primary controller. With this architecture, the value of the overall system is diluted, as the secondary controller is left idle for long periods of time. This design is also less responsive during recovery from controller failures.

    Active–Active – Where a number of controller services act collaboratively to sustain network reliability even upon failure of any one of the controller services. The TCO of this option is much lower because all units are active and recoveries are virtually seamless.

    Active-Active clustering is a straightforward option for expanding network capacity. It provides the highest level of reliability for wireless networks and delivers additional key benefits:

    Because there are multiple controllers within the cluster, a “single-pane-of-glass” interface simplifies network management.

    Geographic redundancy can isolate localised controller failure scenarios and increase the overall reliability.

    Support of both appliance and virtual deployment options have a direct impact on CAPEX and overall network capacities when you select a cluster solution.

    “Cluster balancing” is a smart way to optimise utilisation of each cluster element.

    Client license management across a cluster is generally flexible and not bound to any single controller.

    When making an architectural decision on a WLAN solution, selecting one that meets your needs today and in the future without increasing IT overhead is your best bet. Ruckus SmartZone products provide flexible, reliable and scalable “clustering” solutions that meet the needs of fast-growing businesses like yours.

    Link: Ruckus SmartZone

    View original article by: Richard Watson, Product Marketing Manager

    Gemalto research reveals businesses overly confident about keeping hackers at bay, but less so about keeping data safe

    Wednesday, July 12th, 2017

    Despite the increasing number of data breaches and nearly 1.4 billion data records being lost or stolen in 2016 (source: Breach Level Index), the vast majority of IT professionals still believe perimeter security is effective at keeping unauthorised users out of their networks. However, companies are under-investing in technology that adequately protects their business, according to the findings of the fourth-annual Data Security Confidence Index released today by Gemalto (Euronext NL0000400653 GTO), the world leader in digital security.

    Surveying 1,050 IT decision makers worldwide, businesses feel that perimeter security is keeping them safe, with most (94%) believing that it is quite effective at keeping unauthorised users out of their network. However, 65% are not extremely confident their data would be protected, should their perimeter be breached, a slight decrease on last year (69%). Despite this, nearly six in 10 (59%) organisations report that they believe all their sensitive data is secure.

    Perimeter security is the focus, but understanding of technology and data security is lacking

    Many businesses are continuing to prioritise perimeter security without realising it is largely ineffective against sophisticated cyberattacks. According to the research findings, 76% said their organisation had increased investment in perimeter security technologies such as firewalls, IDPS, antivirus, content filtering and anomaly detection to protect against external attackers. Despite this investment, two-thirds (68%) believe that unauthorised users could access their network, rendering their perimeter security ineffective.

    These findings suggest a lack of confidence in the solutions used, especially when over a quarter (28%) of organisations have suffered perimeter security breaches in the past 12 months. The reality of the situation worsens when considering that, on average, only 8% of data breached was encrypted.

    Businesses’ confidence is further undermined by over half of respondents (55%) not knowing where their sensitive data is stored. In addition, over a third of businesses do not encrypt valuable information such as payment (32%) or customer (35%) data. This means that, should the data be stolen, a hacker would have full access to this information, and can use it for crimes including identity theft, financial fraud or ransomware.

    “It is clear that there is a divide between organisations’ perceptions of the effectiveness of perimeter security and the reality,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. “By believing that their data is already secure, businesses are failing to prioritise the measures necessary to protect their data. Businesses need to be aware that hackers are after a company’s most valuable asset – data. It’s important to focus on protecting this resource, otherwise, reality will inevitably bite those that fail to do so.”

    Most Businesses are unprepared for GDPR

    With the General Data Protection Regulation (GDPR) becoming enforceable in May 2018, businesses must understand how to comply by properly securing personal data to avoid the risk of administrative fines and reputational damage. However, over half of respondents (53%) say they do not believe they will be fully compliant with GDPR by May next year. With less than a year to go, businesses must begin introducing the correct security protocols in their journey to reaching GDPR compliance, including encryption, two-factor authentication and key management strategies.

    Hart continues, “Investing in Cybersecurity has clearly become more of a focus for businesses in the last 12 months. However, what is of concern is that so few are adequately securing the most vulnerable and crucial data they hold or even understand where it is stored. This is standing in the way of GDPR compliance, and before long the businesses that don’t improve their cybersecurity will face severe legal, financial and reputational consequences.”

    About the survey

    Independent technology market research specialist Vanson Bourne surveyed 1,050 IT decision makers across the US, UK, France, Germany, India, Japan, Australia, Brazil, Benelux the Middle East and South Africa on behalf of Gemalto. The sample was split between Manufacturing, Healthcare, Financial Services, Government, Telecoms, Retail, Utilities, Consultation and Real Estate, Insurance and Legal, IT and other sectors from organisations with 250 to more than 5,000 employees.

    Original article published by Gemalto.

    Frost & Sullivan Recognises Gemalto for Leadership in Encryption and Data Protection

    Friday, July 7th, 2017

    Gemalto has been awarded the Frost & Sullivan 2017 Encryption and Data Protection Technology Leadership Award(1). Frost; Sullivan analysts independently evaluated Gemalto’s SafeNet data protection and encryption solutions, in particular, the commercial success, growth potential, operational efficiency, and benefits provided to customers.

    Each year, Frost & Sullivan recognises companies across different industries based on their excellence in technology and innovation. Gemalto was selected based on the following attributes:

    • A unique position in the market based on an extensive portfolio and the variety of use cases and customers
    • Strong expertise in creating versatile and flexible solutions that support a variety of deployment environments
    • Quality of solutions and the company’s positive brand recognition
    • Commitment to research and development driving innovation in the industry

    “Gemalto’s vision for data protection guarantees a tailored, scalable, centralized-IT-service solution for organisations needing efficiency, without an overhaul of their existing security systems,” said Frost & Sullivan Research Analyst Danielle VanZandt. “Companies can standardise encryption and data protection breaking down internal silos achieving greater collaboration and visibility between departments.”

    “This award highlights our ability to provide customers with a simple, consolidated method of enterprise-wide data protection. The single pane of glass alleviates the burden of monitoring operations across multiple security platforms and simplifies the execution of internal data security policies,” said Todd Moore, Senior Vice President of Encryption Products at Gemalto. “When preparing for an internal or external audit, a centrally managed system helps organisations quickly demonstrate their level of compliance without the hassle of collecting information across different systems.”

    Gemalto’s portfolio of SafeNet data encryption and key management solutions ensures sensitive information remains secure wherever it resides, from the cloud and data centre to the network. Additionally, Gemalto speeds up deployment timelines by supporting a variety of digital and cloud environments, integrating with over 700 solutions across more than 240 different ecosystem partners. For more information on the solutions evaluated by Frost & Sullivan analysts, download the report.

    Additional resources:
    Gemalto SafeNet Data Protection
    Whitepaper: Own and Manage Your Encryption Keys
    Encrypt Everything

    1 Frost & Sullivan Best Practices Awards recognise companies in a variety of regional and global markets for demonstrating outstanding achievement and superior performance in areas such as leadership, technological innovation, customer service, and strategic product development. Industry analysts compare market participants and measure performance through in-depth interviews, analysis, and extensive secondary research to identify best practices in the industry.

    View original article by Gemalto.

    Tips for Gamifying Your Cybersecurity Education and Awareness Programs

    Thursday, July 6th, 2017

    Employees are fast becoming the weakest link in the defence against cybercriminals. Sometimes common sense can only go so far, as you need to make sure that best practices around security don’t go in one ear and out the other. Whether through innocent mistakes or because they were targeted for their access to sensitive information, employee error can easily open the door to malware or information theft.

    Successful attacks often involve poor processes and exploit human tendencies. To reduce an organisation’s threat surface, the focus of regular employee training needs to shift from reaction to prevention. Pure compliance-driven approaches have proven to be ineffective for organisations when used for employee security training, usually, because it isn’t interesting or personal enough to capture employees’ imaginations. Businesses should focus on educating employees about how to protect their personal data, thereby encouraging employees to enact further security-orientated practices in the workplace.

    Employee training may take different forms, including the increasing practice of “gamifying” cybersecurity education programs. Gamification is the process of using gaming mechanics in a non-gaming context, leveraging what is exciting about games and applying it to other types of activities that may not be so fun. Designed with elements of competition and reward, gamification programs are becoming popular because they can be used in a variety of industries.

    Many businesses currently use gamification in such areas as customer engagement, and employee education and training to drive performance and motivation. Gaming elements include one-on-one competitions, rewards programs, and more.

    There are two key ways business owners can use gamification as a way of addressing cybersecurity in their organisation:

    1. Make training more exciting and engaging for employees

    Using gamification can help businesses improve their cybersecurity in numerous ways, including showing employees how to avoid cyberattacks and learning about vulnerabilities in software.

    Global consulting firm PwC teaches cybersecurity through its Game of Threats. [1] Executives compete against each other in real-world cybersecurity situations, playing as either attackers or defenders. Attackers choose the tactics, methods, and skills of attack, while defenders develop (defence) strategies, and invest in the right technologies and talent to respond to the attack. The game gives executives an understanding of how to prepare for and reacts to threats, how well-prepared the company is, and what their cybersecurity teams face each day.

    Gamifying will help make the training process more exciting and engaging for employees, increasing employee awareness of cybersecurity practices, including how to deal with attacks correctly.

    2. Offer incentives and rewards to encourage desired behaviours

    Human error is responsible for most security breaches, with employees feeling pressured to complete work by certain deadlines and as quickly as possible, which can result in them overlooking important company policy regarding security.

    For example, running so-called PhishMe campaigns can be a great way to train employees on better email security. These include regular phishing emails sent across the organisation, testing the staff’s response and action.

    Gamification lets businesses reward those employees who follow security procedures and adhere to the correct security guidelines, which will further promote good behaviour. This may take the form of employees receiving a badge or recording points, which are then displayed on a scoreboard for the office to follow. In some organisations, after employees reach specific milestones, they are presented with a material reward, such as a gift voucher.

    This system also allows for the identification of those who display poor behaviour within gamification and may result in the employee needing to complete further cybersecurity training. Recognising and rewarding employees when they do the correct thing leads to continued positive behaviour, motivating employees to undertake safe practices and resulting in a more cyber-secure working environment.

    At the heart of any security awareness training is education to teach employees a shared sense of responsibility for the data they work with, and the data they create and use at home. All security awareness campaigns should become part of an ongoing process, not a one-time initiative. Leaders of any business, big or small, can sometimes feel they lack the resources needed to drive an effective cybersecurity education campaign, but this can be done without breaking the bank.

    • Visual aids work well. Start with some small videos, posters and/or contests as a reminder to drive the message home for all to understand that security is everyone’s responsibility.
    • ‘Fear of God’ tactics do not work. The business goal should be to build a culture of cyber awareness, so treat this like a marketing campaign with the intent to persuade and change the behaviour of an employee.
    • Short and concise work best. Long emails always get ignored. Keep them short and fun, and ALWAYS ensure it is a top-down approach. Employees look up to their leaders. If the leaders do not embody a cyber-secure culture, why should the employees? The aim is to educate employees about best practices, not force them to be cybersecurity experts. Make it fun and have a laugh, so everyone can learn at the same time.
    • Reinforcement and follow-up are key. Training is a constant; learn from what works and re-educate as needed. Re-test your newly onboarded, as well as existing, staff members on whether they fall for a phishing email, and check to see how many employees still fail to recognise a fake email. Encourage communication to report a fake and call out departmental groups that may be lagging. The aim is not to single people out, but rather create some healthy rivalry within the organisation.

    Eliminating cyber risks in any business is an ongoing process, but it can be managed. We need to foster a way for employees to call out where they question something and re-educate as needed. If employees walk away from the security awareness program questioning before they click on something malicious, you have moved the needle towards being more secure.

    [1] https://www.pwc.com/us/en/financial-services/cybersecurity-privacy/game-of-threats.html

    Original article published by Palo Alto Networks.

    Don’t Let Hackers Hold Your Enterprise Ransom

    Tuesday, July 4th, 2017

    By Prashant Batra at Pulse Secure

    While most enterprises are still recovering from WannaCry, the world has now been hit yet again with a large-scale ransomware attack. On June 27, many businesses and end-users woke up to Petya taking control of their devices.

    With the Digital Age comes a new weapon, cyberattacks!

    Critical Questions Every Enterprise Should Ask

    1. How should enterprises prepare against cyberattacks?
    2. What can we learn from previous cyberattacks to implement a strategy to better protect ourselves, our interests, and take control of our fate?
    3. How does ransomware take hold of enterprises so quickly and easily?
    4. How can businesses protect data if users won’t upgrade their machines?

    Petya is an example that we can learn from and prevent by first understanding its anatomy. How does this attack work? It might sound like a broken record but these types of attacks exploit vulnerabilities in software systems, in this case within an older release of Windows known as “EternalBlue.” You might be asking yourself: If this is a known vulnerability, why hasn’t it been addressed by Microsoft? Guess what – it has been and for quite some time.

    It turns out, that making security patches/updates available does not necessarily translate into those patches getting installed on machines.

    If You Avoid Change, You Invite Cyberattacks

    Specifically, in the enterprise world, where every change is best avoided, patches are slow with their uptake and not always implemented. Even when businesses decide to deploy a security patch, it does not translate into users actually accepting and installing those patches. In the case of Petya, it’s not just about patching alone. It’s about a strategic combination of security practices and solutions that seamlessly deliver accessibility of resources. This continues to remain a challenge within the growing landscape of other technologies like BYOD and IoT, adding more to the layer of challenges IT teams are presented with each year.

    Meet the Secure Access Suite, from Pulse Secure.

    Pulse Secure solutions are built with the notion of ‘WHO’ gets access, from ‘WHAT’ device, to ‘WHICH’ resources. In our world, we don’t rely on the ‘authenticated’ user but we go a step further and define our authentication as a mix of User Identity + Device Compliance. A valid user coming from a ‘Compliant’ device gets access to resources. A valid user coming from a ‘Non-Compliant’ device can get limited or no access while a valid user coming from a ‘Partially compliant’ device gets access to limited resources.

    Pulse Secure solutions are built with a component called ‘Host Checker’. Host Checker is the ability to scan a connecting endpoint, assess its security posture, and uses that to define the level of access to enterprise resources.

    So how could this have protected you against Petya? Admins can set up a policy requiring minimum security patch versions to be installed on connecting devices. If not found, there is limited to no access. This would encourage users to apply the needed patches to their machine, without which they wouldn’t get access to anything.

    Ransomware is here to stay, evolve, and attack again. Let’s stand up to ransomware together and strategize on the right solution for your enterprise.

    View the original article by Pulse Secure.

    Dissecting NotPetya: So you thought it was ransomware

    Tuesday, July 4th, 2017

    NotPetya was in the news this week, making headlines for being yet another ransomware attack that spread like fire – affecting organisations in several verticals across 65+ countries, drawing comparisons with the WannaCry attack that recently hit over 200,000 machines globally.

    While it shows characteristics similar to a ransomware, NotPetya is more akin to a wiper, which is generally regarded as a malware responsible for destroying data on the target’s hard disk. The ransom collection as of this writing is just over $10,000. Additionally, the email address used in the ransom request has since been shut down.

    NotPetya infects the master boot record (MBR) and prevents any system from booting. And even paying the ransom would not have recovered the machine! In that sense, it is also different from the 2016 Petya threat in that the damage from NotPetya is not reversible.

    NotPetya leveraged the EternalBlue (well-known with WannaCry) as well as EternalRomance, both exploiting the MS17-010 vulnerability. However, the attackers also leverage other non-exploit, legal mechanisms to laterally spread – such as psexec and windows management interface, further expanding the reach to include machines patched for the MS17-010 vulnerability.

    SentinelOne customers using SentinelOne Enterprise Protection Platform are proactively protected against this MBR attack. However, we also advise customers to ensure that all machines have installed the latest Windows updates to reduce the threat impact. Additionally, limiting or removing administrative permissions for regular users will further reduce the attack surface.

    Check out SentinelOne’s “Dissecting NotPetya: So you thought it was ransomware” report which includes a more technical analysis of NotPetya, including how it is installed and how it spreads.

    By Caleb Fenton, Joseph Landry, Nir Izraeli, Itai Liba, and Udi Shamir, Senior Security Researchers, SentinelOne Labs. View original post.

    Related Posts

    Russian Espionage Malware Adapted for Ransomware Scams
    According to Sentinel Labs, the malware, called “Gyges,” targets Windows 7 and 8 users running…

    WanaCrypt0r aka WannaCry ransomware wreaks havoc worldwide
    The WanaCrypt0r ransomware hit with a vengeance on Friday, with the outbreak beginning in Europe, striking…

    Ransomware by the Numbers
    Everyone in the security industry is talking about. Everyone who has been a victim of…

    Palo Alto Networks Announces New Cloud-Based Security Service for Remote Locations and Mobile Users

    Monday, July 3rd, 2017

    Enables Consistent Always-On and Up-to-Date Next-Generation Security in Minutes Across All Locations and Users at a Predictable Cost

    Palo Alto Networks® announced GlobalProtect™ cloud service, a new offering that provides the Palo Alto Networks next-generation security infrastructure as a cloud-based service for remote offices and mobile users.

    The new Palo Alto Networks GlobalProtect cloud service will enable customers to utilise the preventive capabilities of the Palo Alto Networks Next-Generation Security Platform, including application visibility and control, Threat Prevention, URL Filtering, and WildFire™ threat analysis service, to secure remote networks and mobile users. With this new service, widely distributed organisations can improve security while reducing the complexity of managing costly, time-consuming and cumbersome global deployments.

    The ever-growing population of mobile users, a distributed workforce and cloud applications are forcing organisations to evolve their cybersecurity infrastructure, which has traditionally focused on securing the corporate network. To extend security to remote networks and mobile users, typical approaches – such as backhauling traffic to the corporate network or using multiple point products – can be difficult to manage, costly, and produce inconsistencies in security policies and protections. When hundreds or even thousands of devices must be delivered, deployed and maintained across all remote locations, the result is often an efficient yet limited security solution with a heavy footprint, resulting in security deficiencies that can leave an organisation vulnerable to cyberattacks.

    The new GlobalProtect cloud service offering eliminates the operational hurdles posed by traditional distributed security infrastructure approaches and delivers the preventive capabilities of the Palo Alto Networks Next-Generation Security Platform to provide customers with consistent protections needed to prevent successful cyberattacks across a globally distributed network and cloud environments.

    With this new offering, Palo Alto Networks will manage and maintain a multitenant, cloud-based security infrastructure. Customers can quickly and easily add or remove remote locations and users, and establish and adjust security policies as needed. This flexible, always-on and up-to-date new security service can help customers easily scale to meet growth demands and achieve consistent security throughout their organisations’ computing environments – no matter where devices or users reside – at a predictable cost.

    QUOTES

    “The Palo Alto Networks GlobalProtect cloud service streamlines the process of deploying security infrastructure for remote offices and mobile users. With the proper prerequisites in place, we had functioning gateways around the world in minutes.”

    – Colin Bruce, infrastructure architect, Teck Resources Limited

    “Today’s organisations require enterprise-class security consistently delivered to all locations, including small branch office and mobile users. Palo Alto Networks is uniquely positioned to deliver the preventive capabilities of our industry-leading platform in the cloud via our new GlobalProtect cloud service offering, providing consistent and scalable security for all locations and users while easing the operational burden shouldered by IT organisations.”

    – Lee Klarich, executive vice president, Product Management, Palo Alto Networks

    Palo Alto Networks GlobalProtect cloud service offers:

    Scalable log collection via a new logging service that allows customers to collect ever-expanding rates of data from remote locations and users, without needing to plan for local compute and storage.

    Central management through Panorama, providing customers with a single management interface across a diverse physical, virtual and cloud service infrastructure through the Panorama™ console.

    Improved SaaS security functionality. With the new GlobalProtect cloud service and the Aperture™ service, customers can now use a comprehensive SaaS security feature set delivered in the cloud without the burden of deploying and scaling physical or virtual appliances for mobile users and remote locations.

    SD-WAN and IPsec technology partner support for large-scale remote location deployments. Customers can connect their remote and edge networks to GlobalProtect cloud service via an on-premise IPsec VPN capable device, or they can utilise one of the technology integration partners that support SD-WAN or IPsec VPN connectivity options. Initial GlobalProtect cloud service integration partners include Aruba, a Hewlett-Packard Enterprise company; CloudGenix, Nuage Networks from Nokia, VeloCloud, Viptela and VMware. These initial GlobalProtect cloud service technology partners join existing SD-WAN technology partners that have integrated with our next-generation firewall and include Ecessa, Riverbed Technology, Silver Peak Systems and Talari.

    AVAILABILITY

    The GlobalProtect cloud service is targeted for general availability in August 2017. GlobalProtect service for remote networks will be licensed according to bandwidth requirements, from 200 Mbps to 100,000 Mbps. GlobalProtect service for mobile users will be licensed per user, from 200 users to over 100,000.

    LEARN MORE

    GlobalProtect cloud service
    Blog: Announcing GlobalProtect Cloud Service: Consistent Protection Delivered to Remote Networks and Mobile Users
    Palo Alto Networks Next-Generation Security Platform