• Ask your anti-malware vendor what protections they provide against latest ransomware Trojans and what they can do to restore encrypted data.
• Make automated, frequent backups of critical data to offsite servers part of your defense in depth strategy.
There’s been a rise in the use of a particularly virulent form of ransomware attacks on the part of cybercriminals throughout 2012, and it’s likely that we’ll only see more and more of this in 2013. Even though threat researchers at Trend Micro claim that this is the work of a single cybercrime gang in Russia, the mounting publicity and success of this particular attack as it spreads across the globe will likely draw copycats into the mix. And although many of these scams target consumers, enterprises are also in the crosshairs of these attacks as well. For example, in one of these attacks, which seem to be based on the Reveton Trojan, cybercriminals are using sophisticated encryption techniques to hold sensitive files hostage. Once they’ve encrypted your data, only they have the encryption key necessary to decrypt the hostage files, and they use that to extort thousands of dollars from victims. One recent report highlighted how an Australian medical center had its patient database held for ransom, with the owners mulling whether to pay. A more recent ransomware attack impersonates local law enforcement and accuses the victim of committing a crime. The attack actually locks the victim’s computer and uses localized voice messages demanding verbally that the victim pay a (fake) fine. Meanwhile Trend Micro rival Symantec believes that there are up to 16 different families of ransomware, and that each one is controlled by a different cybercrime ring. It estimates that at least $5 million a year is being extorted from victims, and calls that number conservative. Continue reading “Don’t Fall for Ransomware Scams, Even If They Do Speak to You without an Accent”→
Thinking outside of the box is required to dispatch the new types of threats attacking enterprise IT.
That type of thinking is not likely to come from traditional security vendors.
It is clear that security professionals understand that their defenses are bound to be breached, and some recognize that the attackers are relentless in pursuing anything worth stealing. The blinders are coming off for many organizations that thought they had nothing worth stealing, and enterprises are looking around to find more effective weapons to defend their company valuables. Sadly, what they are seeing by and large from traditional threat management suppliers are extensions to existing product lines, new features and clever marketing designed to pass off such incremental improvements as innovation. While the need for thinking outside the box has never been greater than it is right now, there is little incentive for traditional threat management suppliers to do that, given their investment in existing technologies. Continue reading “Some Thoughts from RSA about the Future of Threat Management”→
Readers who are considering adding new IPSs to their network should ask what their suppliers’ plans are for next-generation firewall (NGFW) features and how far along they are in delivering those.
Additional features that come with a NGFW make it a more complex security tool to manage, and enterprises should be prepared to invest in training should they plan to add NGFWs to their arsenal.
Are standalone IPSs becoming the next stateful packet inspection firewall (i.e., an old perimeter security technology that is required but no longer sufficient for protecting enterprise networks)? Sophisticated and well-financed malware writers consistently find new ways of getting around existing and well-understood security controls such as the firewall and IPS, even as those suppliers race to keep up with the constantly changing threat landscape. The result has been a constant stream of breach headlines (too many being rather spectacular) that all point to the rise of the so-called ’advanced persistent threat’ (APT). Enterprises looking to address such threats are coming to embrace the NGFW and the greater application and user context it brings to the fight against more sophisticated cyber attacks. The NGFW integrates the functions of a stateful firewall and IPS with the ability to identify applications and application-level attacks and apply granular policies to applications usage. One forecast puts the IPS market at $2 billion by 2014, while the NGFW market is projected to reach $4 billion by 2014. Continue reading “Next-Generation Firewalls Poised to Eclipse Intrusion Prevention Systems”→