Defend your business from modern-day cyber attacks with these 3 tips

Unknowingly clicking on an email attachment containing malware has the power to corrupt your entire system and wipe out all of your highly sensitive data.

Now that’s frightening.

Cybercriminals are now finding more ways to steal money, highly sensitive data, and interrupt your business operations. That is why it’s crucial for you to protect your business and your customers from these types of threats.

Allow us to share with you three tips that you can use to defend your business from modern-day cyber attacks.

Let’s begin.

1. Perform Security Testing

One of the best defenses against cyber-attacks is to set up a defense mechanism that will detect threats before they even happen. You can do that by identifying vulnerabilities in your system.

Some vulnerabilities might only appear after a cyber-attack simulation or a test run, and this is why security testing is an essential factor in establishing the online security of your business.

For instance, one way of securing your website is by restricting access to specific pages through secure data access by catalog permissions.

Your web hosting and content management systems (CMS) should also be tested for possible security cracks that hackers can slip through.

You can work with third-party cybersecurity services like Bulletproof to help you with vulnerability assessment and penetration testing.

With cybersecurity features like hack simulations and a review of your firewall infrastructure, operating system, and server, this helps you identify system vulnerabilities that you need to fix and determine the level of risk to cyber-attacks.

Keep in mind that as your network changes and grows, so will the new and more sophisticated cyber-attacks. It’s because of this that you need to run vulnerability assessments as part of your first line of defense, and long-term cybersecurity game plan.

Suggested read: Acronis and ZNet Technologies join forces to equip partners with innovative cyber protection solutions

2. Guard Against Zero-Day Attacks

If you think that cybersecurity companies are the only ones fighting off cybercriminals, then think again. Even software developers are hard at work to protect their security solutions from cyber-attacks.

After all, the security and safety of their products can have a significant impact on retaining their customers, and this is why sellers include security patches in their solutions through regular software updates.

Security patches are intended to detect and fix vulnerabilities in your security system in the older software versions.

The first approach you should take should be to update your security software and applications regularly to keep yourself protected.

However, there is a kind of cyber-attack that even regular software updates have difficulty stopping, and that is zero-day attacks.

Zero-day attacks target and exploit security vulnerabilities as soon as they’re detected, not allowing software developers and security companies enough time to respond.

This type of attack is one of the most dangerous threats to your business and your customers.

The challenge, however, is remembering to regularly update your security software and apps as soon as they are available.

A sure-fire way to never miss your updates is to use apps to manage software patches automatically.modern-day cyber attacks

Here are some other tips to help you mitigate exposure to the risks that zero-day attacks pose:

  • Exercise safe browsing habits to minimize the dangers of cyber-attacks such as malware, spyware, virus, ransomware, etc. and protect your personal information.
  • Configure the security settings for your internet browser, security software, and operating system.
  • Always check for security patches and software updates by downloading the most recent versions. Doing so will fix bugs that older software versions might have missed.
  • Avoid downloading or opening files and attachments from unknown sources.

However, there might not be a fail-safe method to stop zero-day attacks, but a way to nullify its impact is by using Security Information and Event Management (SIEM) services.

SIEM services offer 24/7 incident response, real-time monitoring, and lets you see a full picture view of your network by collecting the security log data from host operating systems, many software elements and applications, and security controls.

SIEM can also analyze substantial security log data to detect potential attacks and security threats.

3. Protect from Man-in-the-Middle Attacks

A Man-in-the-Middle (MitM) attack is a term for a kind of cyber-attack wherein cybercriminals intercept the conversation between two parties, usually an application and a user, with the purpose of eavesdropping or impersonating either one of the parties.

This type of attack aims to make the exchange of information between the two parties appear normal and steal highly sensitive details such as credit card numbers and login credentials.

Stolen information from MitM attacks can be used for unauthorized fund transfers, illegal password changes, and identity theft (among other things), which is why common targets are users of ecommerce sites, financial applications or websites where a login is required.

So, the best course of action is to protect your information from being stolen during an MitM attack by using encryption.

Encryption keeps data theft from happening by turning readable data into a code, and a decryption key can only decode this.

Another way to protect your business using encryption is with SSL certificates, and you’ll know a website has one if it shows HTTPS instead of HTTP.modern-day cyber attacks

SSL certificates secure connections and encrypt the information (payment details, passwords, etc.) that are exchanged on your website.

For ecommerce sites, it can also build customers’ trust since savvy users know that transacting with websites that have SSL certificates will keep their personal information safe.

Here are additional tips to keep your business and personal information, devices, and connections protected from MitM attacks:

  • Wi-Fi networks. To keep your Wi-Fi network secure, make strong passwords using as many unique characters as possible for your router and update usernames and passwords, plus all the devices that are connected to the network.
  • Internet Security. MitB attacks are typically executed by releasing malware, so installing internet security solutions is a great way to detect and prevent this kind of threat.
  • Emails. Emails are also common modes of virus and malware delivery. Exercise caution when opening emails that ask you to reset or update your login credentials and avoid clicking on links and downloading attachments.modern-day cyber attacks

To be on the safe side, instead of opening the link within the email, manually type in the site address in the browser.

  • Public Networks. Never connect directly to public or unsecured networks.

Install a VPN or virtual private network to ensure that the connection between your server and browsers is secure.

It’s crucial to understand how man-in-the-middle attacks happen so you can take the necessary steps to prevent them from happening and protect your highly-sensitive information.

What’s Next?

As a business owner, one of your top priorities is to invest in the security of your business assets and customers from various cyber threats.

The tips discussed here are just three out of the many strategies you can equip yourself to bulletproof your business against modern-day cyber-attacks.

If you found this article useful, feel free to share it.

Articles Newss Web Security

Ransomware encounters declined by 60% in 2018: Microsoft report

Machine learning is declining the risks of phishing attacks, but the number of such attacks are still on the rise, finds the 24th edition of the Microsoft Security Intelligence Report (SIR).

Microsoft analyzes over 6.5 trillion security signals every day to get a wide and unique perspective into latest trends in the cybersecurity arena. The company has been releasing the security intelligence report for more than a decade now to share its expert insights with the enterprises.

The SIR this year is reflected on security events in 2018, including overview of security landscape, lessons learnt from it, and best practices that need to be followed. Some of the cybersecurity trends in 2018 included rise in cryptocurrency mining and supply chain compromises, decline in ransomware, and more.

Attackers are increasingly mining cryptocurrency in the background of user systems, without their permission and awareness. This activity significantly consumes bandwidth and causes security risks to users.

Having said that, let’s have a deep dive into the key findings of the Microsoft’s latest security report.

Key takeaways from Microsoft Security Intelligence Report:

1. Ransomware encounters declined significantly in 2018

Ransomware attacks like WannaCrypt and Petya were the biggest security events in 2017. Such attacks locks or encrypt computers and then demands money from users to restore access. It was anticipated that these ransomware attacks will increase in future.

However, the latest report says that ransomware encounter rates have declined by around 60% between March 2017 and December 2018.

The main reason behind this decline is improved detection and education among enterprises. This made it tough for cybercriminals to get what they were intending.

ransomware encounter rate in 2018

Highest ransomware encounter rate:

The highest average ransomware encounter rate per month were found in Ethiopia (0.77%), followed by Mongolia (0.46%), Cameroon (0.41%), Myanmar (0.33%), and Venezuela (0.31%).

Lowest ransomware encounter rate:

On the other hand, the lowest ransomware encounter rates per month were found in Ireland (0.01%), Japan (0.01%), the United States (0.02%), United Kingdom (0.02%), and Sweden (0.02%).

2. Cryptocurrency mining is becoming prevalent

Since the cybercriminals found it difficult to conduct ransomware attacks, they shifted their efforts to cryptocurrency mining. As a result, the cryptocurrency mining is increasing.

While the average ransomware encounter rate in 2018 was just 0.05%, the same for cryptocurrency coin mining encounter was 0.12%.

Cryptocurrencies like Bitcoin and Ethereum work as digital money and can be used anonymously. However, the cryptocurrencies require users to perform some calculations that are resource intensive. While new cryptocurrency coins are released very frequently these days, the calculations are becoming more difficult.

Mining of top cryptocurrencies like Bitcoin is almost impossible, if the immense computing resources are not accessible. As a result, the cybercriminals have turned to a malware that helps them gain access to the computers of victims and then mine cryptocurrency coins. By this way, they can leverage the processing power of hundreds of thousands of computers, rather than one or two.

Highest cryptocurrency mining encounter rate:

Ethiopia (5.58%), Tanzania (1.83%), Pakistan (1.47%), Kazakhstan (1.24%), and Zambia (1.13%) are the five locations with the highest cryptocurrency coin mining encounter rates in 2018.

Lowest cryptocurrency mining encounter rate:

The lowest average monthly coin mining encounter rate was approx. 0.02% in 2018. Ireland, Japan, the US, and China were the locations with lowest rate during the period.

3. Browser-based cryptocurrency mining comes to the scene

Typically, the cryptocurrency miners are installed on the computers of victims in the form of malware. But a new kind of threat has come to scene, where the malware is based entirely within web browsers, which doesn’t need to be installed on the computers.

What cybercriminals are doing is offering a number of services that promise website owner to monetize traffic to their websites without need of advertising. The site owners are asked to add JavaScript code to their webpages. This code starts mining cryptocurrency in the background. When a website is compromised, the attackers can take advantage of the users who visit that website.

These are browser-based cryptocurrency miners that don’t need to compromise the computers. Such miners can impact the computer performance and waste electricity while the users browse the compromised websites.

According to the report, Brocoiner was the most prevalent browser-based cryptocurrency in 2018.

Brocoiner encounter rate

4. Software supply chains are at risk

Attackers try to compromise the development or update process of a legitimate software to gain access to the software and systems of people who use the compromised software.

By injecting the malicious code into the software, attackers can easily gain the same trust and permissions as the software. This has become a primary concern for IT leaders as these attacks are increasing and can make the enterprise IT departments vulnerable.

software supply chain at risk

For example, the first major software supply chain in 2018 was found in March. Microsoft’s Windows Defender ATP blocked a massive campaign that was delivering Dofoil trojan, also called Smoke Loader.

The attackers had replaced the update package of an application with malicious code. This trojan had carried a coin mining payload and exhibited advanced cross-process injection techniques, persistence mechanisms, and evasion methods.

Windows Defender Antivirus had blocked over 400k infection attempts, in the first 12 hours of the campaign.

Suggested reading: Carelessness of employees leading to enterprise security concerns: Microsoft report

5. Email phishing is still a preferred attack method

Office 365 is the most popular enterprise productivity available out there. Microsoft said that it analyzes over 470 billion email messages per month to scan phishing and malware. In 2018, the phishing messages in inbound emails increased by 250%.

It shows that email phishing is still one of the most preferred attack methods for cybercriminals. Microsoft is rapidly strengthening the email security with anti-phishing protection, detection, and investigation. But, since the emails involve human decisions and judgement, it is a problem to completely get rid of the phishing.

email phishing in 2018

Suggested reading: Office 365 is now the most effective solution at mitigating phish emails

Email phishing lures can come in these forms:

  • Domain spoofing— the email message domain is an exact match with the original domain name.
  • Domain impersonation— the email message domain is a look alike of the original domain name.
  • User impersonation— the email message appears to come from someone you trust.
  • Credential phishing links—the email message contains a link to a page that resembles a login page for a legitimate site, so users will enter their login credentials.
  • Phishing attachments—the email message contains a malicious file attachment that the sender entices the victim to open.
  • Links to fake cloud storage locations— the email message appears to come from a legitimate source and entices the user to give permission and/or enter personal information such as credentials in exchange for accessing a fake cloud storage location.

For full Microsoft Security Intelligence Report (SIR), click here. Microsoft has also created an interactive website to allow users dig into the data specific to the regions.


Palo Alto Networks powers its next-gen firewall with analytics and automation capabilities

Leading cybersecurity firm Palo Alto Networks has unveiled a number of new security capabilities for prediction of malicious attacks and then automatically stop those attacks.

The company is adding software and hardware improvements to its next-generation firewall platform and introduced a new cloud-based DNS security service.

Palo Alto mentioned that over 60 new features and tools are coming to its firewall platform that will help enterprises to boost security and simplify protections across their hybrid cloud environments.

“At Palo Alto Networks, we’re focused on simplifying security by using analytics and automation,” said Lee Klarich, chief product officer.

“Customers choose our next-generation firewall platform because of our commitment to continuous innovation and our focus on reducing the need for standalone products. Today’s announcements include our new DNS Security service, which uses machine learning to stop stealthy attacks aimed at stealing information from legitimate businesses.”

The next-generation firewall will now feature PA-7000 Series, Policy Optimizer, VM-Series, and more capabilities. The company claims that PA-7000 Series will provide faster threat prevention and around 3x faster decryption than before.

Policy Optimizer is aimed to replace legacy rules with intuitive policies for stronger security and easier management. This will help in reducing data breaches.

Whereas, the VM-Series is for the enterprises that need consistent security across their virtualized datacenters and multi-cloud. They can deploy the VM-Series in private and public cloud environments based on VMware, Cisco, KVM, OpenStack, Nutanix, Amazon Web Services, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba Cloud.

To get the new capabilities in the firewall, customers will need to upgrade to PAN-OS version 9.0.

Talking about the new DNS Security service, it makes use of machine learning for blocking malicious domains and prevent attacks in the progress.

Apart from the new services, Palo Alto has also made its K2-Series generally available. It is a next-generation firewall for service providers with 5G and internet of things (IoT).

Also read: Sectigo to protect enterprises in Middle East against rising cyberthreats

“We listened and responded to customer feedback and found that what customers want above all is simplicity and control,” said Klarich.

“With this release, we’re not only adding features like the DNS Security service, which eliminates the need for security teams to bolt on yet another standalone tool, we are minimizing manual efforts that are error-prone, so teams can focus on projects aimed at growing their business.”

Articles Web Security

400 million unique malware samples detected globally in Q2 2018: Comodo Global Threat Report

In the second quarter of 2018, the leading cybersecurity firm Comodo detected more than 400 million unique malwares in the top-level domains of 237 countries. In its Global Threat Report, the cybersecurity firm distinguished the types of malware and their impacts around the world.

The types of malware included computer worms, high threat malware, medium threat malware, and low threat malware.

Computer worms are similar to virus, but they autonomously travel across the internet exploiting the computers with a malicious payload. These can diminish local system resources, consume high bandwidth, and cause a denial of service. Comodo placed the computer worms in a special category named Strategic Threat because of their ability to travel faster across the internet and infect many devices at a time.

Computer worms

The highest number of worm infections were found in Russia, Turkey and India. Whereas, the highest number of backdoors were detecting in the United Kingdom, as per Comodo’s Global Threat Report Q2 2018.

The high-threat malware includes backdoors, viruses, trojans and exploits. The high-threat malware is more localized threat as compared to worms because they require interaction of users for propagation and installation.

high-threat malware

Whereas, the medium-threat malwares are somewhat rarer but more exotic. These can include constructors, email flooders, virtual tools, jokes, and malware packers. The low-threat malware includes a range of malicious functionalities detected within unwanted and unsafe apps.

In its quarterly reports, Comodo presents the threat findings and analysis, highlights the pervasive malware and cyberattacks, and analyzes the malware patterns focusing on specific industries and geographies.

Global Threat Report

Key findings of the Global Threat Report by Comodo:

  • Trojans top the list of malwares

A sudden change in malware competition has been detected in Q2 2018. Trojans, the malware programs that pretend to be genuine applications, spread the most during the quarter, accounting for more than half of all kinds of malware.

What the trojans do is create backdoors in the systems that allow attackers to steal data, implant ransomware, adware, crypto-miners, and even crash the complete systems. The owner of the systems infected by trojans remain unaware of the attack for a long time.

The attackers can also disrupt the performance of computer or network of computers. As a result, the enterprises are facing major attacks where malware is hidden in the systems with long-term activity.

Malware distribution by type

Of all the trojans, TrojWare.Win.32.Injector was found to be the most widespread trojan. The attackers spread this trojan through a fake email imitating a message from a shipping and trading company. It could steal the credentials and personal data from browsers, email clients, FTP clients, WebDav, and SCP clients.

“Trojans have always been a prevalent and dangerous threat, but their evolution in Q2 is particularly interesting as they are now able to hide for longer periods of time and persist despite the efforts of some of the most efficient AV solutions on the market,” commented VP of Comodo Cybersecurity Threat Research Labs, Fatih Orhan. “Q2 has by far displayed the most sophisticated variants of Trojan malware we have ever discovered.”

  • Cryptominers becoming multifunctional malware

Researchers at Comodo found decrease in the number of cryptominers, however their capabilities have become more harmful. The cryptominers have become more developed in terms of better hiding and stronger persistence.

Earlier, the cryptominers could use the infected system resources for cryptocurrency mining on the behalf of attackers. Since most of the cryptominers could consume the CPU data rather than steal or destroy data like malware, several users didn’t consider them as particularly dangerous.

But the situation has changed now. Comodo malware analysts detected new samples of cryptominers that had more harmful capabilities instead of just cryptomining.

The new samples could hide and fight the anti-malware services, kill competing cryptominers, camouflage themselves, and even crash the entire system.

For example, WinstarNssmMiner cryptominers can steal the computer resources to mine cryptocurrencies for cybercriminals. This cryptominer comes with a special feature that allows it to be rooted so deeply into the system that nobody can remove it. If the users try to kill the WinstarNssmMiner, it will kill the target system totally.

  • Android malware spying on users, stealing confidential data

Cybercriminals and malware creators are increasingly targeting the Android devices. The users of Android devices not only store the personal data on the smartphone but also use it for most of the financial transactions.

Apart from targeting the financial transactions, the cybercriminals are spying on the owner of the device to steal confidential information. They use the confidential content of the device to blackmail the users. And if the owner of the attacked device is a politician, a CEO or any other VIP, then they sell the content to interested parties for huge sums or blackmail them.

Comodo reported that spying on the users has become the number one purpose of Android malware. The analysts found several kinds of spying tools in the second quarter that infect mobile devices and extract data from them.

Among the family of Android malware, a very dangerous one detected by Comodo is KevDroid, which is distributed in three versions.

The first version, Naver Defender application, enters a device and resides without showing an icon on the launcher screen. This can steal name, phone numbers, contacts, account details, and email address. It reads the call logs, emails, and photos of the contacts.

It also records the phone calls, gather information about installed applications, running services, and name of launcher. Further, the KevDroid encrypts the extracted data and send it to the server of attackers.

The second version, Netease Defender, can control the camera on an Android device. It records all the activities of the users and sends the video to attackers’ server. Whereas, the third version makes a list of files on the mobile, collects history of web browsers, and additional device information.

The Android users think that they are safe if they download apps from Google Play Store, but this is a wrong assumption. This year, a spyware called Desert Scorpion was found spreading through official Google Play Services. It was camouflaged as a chat app called Dardesh Instant App.

Suggested reading: It costs $715,000 to mitigate a DNS attack in 2018

Wrapping up:

The new cybersecurity trends not only show an increase in malware around the world, but also that malware is becoming more cunning in delivery method. Such malware can’t be easily tracked using anti-virus software.

Further, the mobile devices are becoming appealing to attackers as these devices contain several types of valuable information but aren’t secured as compared to the desktop systems.

The trends promise a big impact on IT end-users and cybersecurity market, forcing the IT-security departments and cybersecurity providers to revamp their security measures and strategies.

Download the full Global Threat Report Q2 2018 here.

Images source: Comodo

Cloud Cloud News News

Microsoft, Facebook, and other tech companies sign cybersecurity accord to not assist government in cyberattacks 

A group of 34 prominent technology and security firms, including Microsoft, Facebook, Dell, Cisco, Nokia, HP, and Oracle, signed a Cybersecurity Tech Accord agreement, meant to serve as a commitment to defend everyone against cyberattacks, especially the government-sponsored kind.

Cybersecurity Tech Accord, a watershed agreement, lays out a set of principles which will be fulfilled by the signatory companies to make the internet safer.

The credit for the new idea partly goes to Microsoft President Brad Smith, who has been advocating for Digital Geneva Convention for long. This convention could establish ground rules on what can and what can’t be done in cyberspace.

“The devastating attacks from the past year demonstrate that cybersecurity is not just about what any single company can do but also about what we can all do together,” said Brad Smith, President, Microsoft“This tech sector accord will help us take a principled path toward more effective steps to work together and defend customers around the world.”

The signatory companies made commitments in four areas.

The first part states that the signatories will protect all users from cyberattacks, regardless of their technical expertise, culture, location, etc. The companies will deliver solutions for better security, privacy, integrity, and reliability.

The second part drew the most attention, which states that Microsoft and the other signatories wouldn’t help governments launch cyberattacks against innocent citizens and enterprises from anywhere.

The companies pledged to protect against tampering and exploitation of technology solutions during their development, design, distribution and usage.

According to the third part, the signatory companies will broaden developers’ ecosystem with information and tools to better understand the threats against them. Additional support will be provided to governments, civil society, and international organizations to advance cybersecurity.

Furthermore, the companies will work together to improve technical collaboration, coordinated vulnerability disclosure and threat sharing. The initiative will also minimize the levels of malicious code into cyberspace.

“The real-world consequences of cyberthreats have been repeatedly proved. As an industry, we must band together to fight cybercriminals and stop future attacks from causing even more damage,” said Kevin Simzer, chief operating officer, Trend Micro.

Also read: 25% of businesses had their data stolen from public cloud: McAfee Study

Arm, Avast, Dell, GitHub, HPE, LinkedIn, Cloudflare, VMware, Trend Micro, SAP, Symantec, Juniper, CA Technologies, and RSA are some of the other signatories of Cybersecurity Tech Accord.


Acquisition of SiteLock by ABRY Partners strategically positions it for growth and product innovation

Global leader in cloud-based website security solutions – SiteLock, has announced that it has been acquired by the leading private equity firm – ABRY Partners.

SiteLock’s CEO and President – Neill Feather, considers this acquisition an opportunity to accelerate the company’s growth and increase its cybersecurity product portfolio.

SiteLock provides cloud-based website security solutions and protects more than 12 million websites around the globe. Its primary mission is to protect organizations from the ever-increasing cyberthreats and attacks.

St. Jean, Partner at ABRY Partners, considers Acquisition of SiteLock by ABRY Partners  as a strategic step towards supporting their innovation across new products, both organically and inorganically.

He said, “As threats become more complex and frequent, organizations need a comprehensive and reliable solution to protect their online presence. We believe SiteLock is well positioned to continue to be the go-to partner for website security needs.

Cyberattacks are becoming more and more hazardous these days with the high-risk probability of data breach, loss and theft.

During the fourth quarter of 2017 the average website experienced more than 44 attacks per day, and there was a 90 percent rise in the number of businesses targeted by ransomware for a total $5 billion financial impact. We are excited to work with the team at ABRY to continue to develop new products and solutions to support and protect our customers.” – said Feather. More such findings were revealed in the SiteLock Website Security Insider Q4 2017 report.

Tomas Gorny – CEO of UnitedWeb Inc. (former parent company) also commented on the acquisition and said, “We’re proud to have supported SiteLock for more than 10 years as it has grown to become the leading provider of website security solutions.

SiteLock was also named as the fastest growing software company in Arizona by Deloitte.

On the other hand, ABRY Partners, with an expertise of almost 30 years in media, communications, business services and information sector, stands as one of the most experienced private equity firms investing in North America and Europe regions.

Acquisition of SiteLock by ABRY Partners will help SiteLock extend its services in the small and medium sized business (SMB) market.

The financial terms of the deal have not been revealed yet, though the deal was closed on 5th April 2018, as per the market reports.

Articles Cloud News Web Security

Human error and misconfigured cloud servers responsible for most data breaches in 2017: IBM Security Report

Over 2.9 billion data records were leaked online globally in 2017, a drop of 25% from 4 billion records breached in 2016, according to a report from IBM Security.

The report, IBM X-Force Threat Intelligence Index 2018, however revealed that cybercriminals shifted their focus on ransomware attacks and other destructive attacks, where they demanded ransom from the victims by locking or destroying data.

“Last year, there was a clear focus by criminals to lock or delete data, not just steal it, through ransomware attacks. These attacks are not quantified by records breached, but have proven to be just as, if not more, costly to organizations than a traditional data breach,” said Wendi Whitmore, Global Lead, IBM X-Force Incident Response and Intelligence Services (IRIS). The ability to anticipate these attacks and be prepared will be critical as cybercriminals will continue to evolve their tactics to what proves most lucrative.”

  • Over $8 billion paid as ransom in 2017

Ransomware attacks like WannaCry, NotPetya, and Bad Rabbit grabbed the headlines in 2017, bringing enormous number of organizations to a halt. These cyberattacks infected and locked the systems and infrastructure in many industries including healthcare, transportation, and logistics.

The attackers locked the critical data through ransomware attacks, and demanded a huge sum of money from organizations, rather than leaking it online. As per the report, an amount of more than $8 billion was paid as ransom to the cybercriminals in 2017.

Longer the companies took to respond to the attack, the more it costed. According to another IBM Security study last year, a slow response can impact the cost of an attack, as the incidents that took longer than 30 days to contain, costed $1 million more than the incidents than those contained within 30 days.

  • Human error and misconfigured cloud servers responsible for data breaches

Human error and mistakes in infrastructure configurations like misconfigured cloud infrastructure, were responsible for around 70% of the compromised records.

According to the report, cybercriminals were aware of the existence of the misconfigured cloud servers, because of the mistakes by employees. Hence, the number of records breached through misconfigured cloud servers rose to 424% in 2017.

  • Millions of phishing attacks 

A lot of organizations were attacked through phishing attacks. The attackers launched spam campaigns and sent links and attachments that contained malicious code. When the links were clicked or the attachments were opened, the malicious code attacked the system.

In some instances, the cybercriminals relied on Necurs botnet, and distributed millions of spam messages within a few days. For example, IBM X-Force observed four separate Necurs campaigns that spanned more than 22 million emails, within two days in August 2017.

  • Drop in cyberattacks against Financial Services industry, but rise in banking Trojan

Information & Communication Technology and Manufacturing industries were the most attacked industries in 2017, accounting for 33% and 27% of the attacks, respectively.

Financial Services, the most targeted industry by cybercriminals for last few years, was the third-most attacked industry (17%) in 2017. However, it still faced the highest volume of security incidents (27%), for the second consecutive year.

The drop in the number of attacks on Financial Services organizations was because of the heavy investment in cybersecurity technologies by the industry. However, the cybercriminals started targeting the customers and end-users across the industry, using banking Trojans.

The banking Trojan is a malicious program used to gain confidential information about customers and clients using online banking and payment systems. In 2017, the Gozi banking Trojan and its variants were the most used malware against finance industry.

Also read: Cybercriminals using trending topics like Bitcoin and FIFA 2018 for phishing scams: Kaspersky Report

News Web Security

India faced over 53,000 cyberattacks in 2017: CERT report 

More than 53,000 cyber security incidents took place in India last year, as per a report by Indian Computer Emergency Response Team (CERT-In).

The report was submitted to Indian Parliament by IT Minister Ravi Shankar Prasad, where he mentioned that these cybersecurity incidents included website intrusions and defacements, virus and malicious code, phishing, scanning and probing, ransomware, as well as denial of service attacks.

“As per the information reported to and tracked by Indian Computer Emergency Response Team (CERT-In), a total number of 44679, 49455, 50362 and 53081 cyber security incidents were observed during the year 2014, 2015, 2016 and 2017, respectively,” wrote Ravi Shankar Prasad in a reply to Rajya Sabha (Indian Parliament).

The current data shows that the cyberattacks are rapidly increasing every year. While the rise in cyberattacks was low in 2016, it tripled in 2017 when compared to 2016.

“With the proliferation and vast expansion of Information Technology and related services, there is a rise in instances of cybercrimes including financial frauds, using bank cards and e-wallets in the country like elsewhere in the world,” he added.

As per the data by NCRB (National Crime Record Bureau), over 9622, 11592, and 12317 cases related to cybercrime were registered in 2014, 2015, and 2016, respectively.

Indian government has taken several legal, technical and administrative steps to control cybercrime. In 2014, the National Critical Information Infrastructure Protection Centre (NCIIPC) was established for the protection of critical infrastructure in the country.

Digital India’ campaign is among leading initiatives by the Indian Government to develop the country. It is empowering Indian citizens by enhancing connectivity, improving electronic delivery of government services, etc. However, the more India is moving toward digitalization, the more is the increase in cybercrime.

Also read: Bitcoin price drops below $9000, following cryptocurrency ban in India

Apart from NCIIPC, the government has set up cybercrime cells in all states and union territories.


McAfee Labs’ Threat Report for Q3 2017 identifies 57.6 million new malware samples – an increase of 10% from Q2

McAfee, one of the leading cybersecurity companies, released its Threat Report for December 2017. The report identifies the growth and trends of latest malware, ransomware and malicious cyber threats in Q3 2017.

According to the report statistics, new malware sample count in Q3 touched 57.6 million, which is an increase of 10% from Q2. With this, the total count in the McAfee Labs sample database has now reached more than 780 million. The potential reason behind this increase is the availability of exploit kits and dark web sources.

The third quarter revealed that attackers’ threat designs continue to benefit from the dynamic, benign capabilities of platform technologies like PowerShell, a reliable recklessness on the part of individual phishing victims, and what seems to be an equally reliable failure of organizations to patch known vulnerabilities with available security updates,” said Raj Samani, McAfee’s Chief Scientist.

Amongst industries, health and public sectors were the worst affected, accounting to more than 40% of the total incidents.

Source: McAfee Labs Threat Report, December 2017

Account hijacking followed by leaks, malware, DDoS were the top attack vectors.

Source: McAfee Labs Threat Report, December 2017

The total mobile malware was found to be increasing, reaching 2.1 million samples, with 60% increase in new mobile malware, probably due to Android screen-locking ransomware.

Source: McAfee Labs Threat Report, December 2017

The attackers are taking advantage of the known vulnerabilities, like CVE-2017-0199 vulnerability in Microsoft Office.

The report identified new variations of Trickbot banking Trojan which featured code that embedded the EternalBlue exploit. It was the exploit responsible behind massive WannaCry and NotPetya ransomware attacks in Q2.

Attackers, despite Microsoft’s security patches updates, were able to combine the known vulnerability with other features like cryptocurrency theft, making these Trickbot versions one of the most active banking trojans during Q3.

The year 2017 will be remembered as the time when such vulnerabilities were exploited to orchestrate large-scale cyber events, including the WannaCry and NotPetya ransomware outbreaks, and high-profile breaches such as at Equifax,” – said Steve Grobman, Chief Technology Officer at McAfee.

Fileless threats were also identified to be a growing concern in Q3, including high growth in PowerShell malware (up to 119%). Emotet banking trojan was one of the most prominent in Fileless threats.

In the ransomware space, Lukitus ransomware – a new version of Locky Ransomware, was distributed via more than 23 million spam emails within the first 24 hours of the attack.

The research team at McAfee also found that DragonFly 2.0 malware which was discovered in early 2017, has affected organizations that were not made public including pharmaceutical, accounting and financial services.

The actors involved in the DragonFly 2.0 attacks have a reputation for initiating attacks for the purpose of conducting reconnaissance on the inner workings of targeted sectors—with energy and pharmaceutical confirmed as top priorities,” said Christiaan Beek, McAfee Lead Scientist and Principal Engineer.

Find the complete report, here.



IBM, Packet Clearing House and Global Cyber Alliance’s new free service to protect users against cyberattacks

IBM Security, Packet Clearing House (PCH) and Global Cyber Alliance recently launched a privacy-enhancing technology – Quad9 Domain Name System (DNS). The new free service is designed to give internet users improved privacy and security protection.

Quad9 ( will help protect consumers and businesses from accessing malicious internet sites which can steal their personal information or inject any malware or ransomware into their systems.
The Quad9 DNS is more than a simple DNS name resolution. It uses DNS to protect users’ systems against the most malicious cyber-attacks. Quad9 translates numeric addresses into memorable URLs, while adding a layer of security and privacy before the user actually reaches the web address.

Consumers and small businesses traditionally didn’t have free, direct access to the intelligence used by security firms to protect big businesses. With Quad9, we’re putting that data to work for the industry in an open way and further enriching those insights via the community of users. Through IBM’s involvement in Quad9, we’re applying these collaborative defense techniques while giving users greater privacy controls.” – Jim Brennan, Vice President, Strategy and Offering Management, IBM Security.

Quad9 is different from other DNS services as it does not store any personally identifiable information of its users. It requires users to simply reconfigure their device setting to use as their DNS server.

Quad9 not only protects traditional PCs and laptops, but extends its protection to include every internet connected device or IoT devices.

It is designed to give users automatic protection against malicious websites without affecting their standard browsing speed.

Whenever the user clicks on any website link, Quad9 will check the site against IBM X-Force’s threat intelligence data, covering around 40 billion web pages and images. It also taps data from 18 other threat intelligence partners. With PCH’s global expertise and presence, Quad9 has points-of-presence in 70+ locations across 40 countries and plans to increase this number in the next 18 months.

We strongly support the values Quad9 places on end-user privacy. The personal information protections and selectable DNS encryption, DNSSEC, and blocklist that are in place show that this project is in line with PCH’s values. Quad9 will inspire trust in both individuals and businesses who understand the importance of securing their private browsing data.” – Bill Woodcock, Executive Director, Packet Clearing House.

Philip Reitinger, President and CEO of the Global Cyber Alliance – the non-profit coalition, believes that Quad9 will be able to solve much of the security issues of the small and medium size enterprises, without raising their cost concerns.

Talking about Quad9 he added, “It is memorable, easy to use, relies on excellent and broad threat information, protects privacy, and security and is free.”

Visit Quad9’s website to know in detail about the service and browse safe on the internet.