News 3/16/17

Now more than ever, cybersecurity is integral to running a business, whether you’re a consumer-facing startup or a B2B IT vendor. Data breaches have become increasingly costly thanks to the digitization of records, the rising reliance on cloud computing, and the need to comply with particular regulations (not to mention end users forever installing unknown zip files). In fact, the Ponemon Institute has estimated that the average breach cost $3.8 million in 2015, up from $3.5 million just two years ago.

In a way, everything an organization does is cybersecurity, as this Spiceworks Community post provided by Leidos pointed out a few months ago: There’s no wall to be set up between “cybersecurity” and “not cybersecurity.” Everything from phones and tablets to application traffic must be continuously accounted for with tools such as networking monitoring software. What’s at stake in this endeavor? Let’s consider a few recent high-profile cybersecurity risks.

LockerPIN ransomware on Android

Ransomware has rapidly evolved in the last few years. The inclusion of techniques such as strong encryption in threats like CryptoLocker have raised the stakes by giving victims a lose-lose choice between paying a fine or having stolen data scrambled forever.

More recently, at least one Trojan has succeeded in taking over basic access to the lockscreen. LockerPIN, as its name suggests, makes it virtually impossible to properly unlock an Android device. It generates a random PIN after furtively gaining Administrator Privileges and presenting itself as an innocuous patch.

LockerPIN also asks for a $500 ransom, typically through a bogus letter that purports to be from the FBI. Once the ransom process is in motion, the only way to uninstall LockerPIN is to reset the device to factory defaults, or to have rooted it at an earlier date.

This ransomware is also notable for its defensive mechanisms. It tries to kill running antivirus processes on the device, illustrating the need for supplementary defenses.

Targeted email

Spear-phishing often involves highly targeted emails. Once interacted with by their targets, these sorts of content can give attackers a path into the organization’s network. Quick Heal has estimated that at least 90 percent of successful attacks against enterprises begin with spear-phishing, while one international cybersecurity vendor has called spear-phishing the top bait for advanced persistent threats, or targeted attacks.

Companies have responded by relying more extensively on sandbox-based gateway appliances. In turn, new malware has emerged that specifically targets these gateways. One such threat was discovered in August 2015 in the Philippines, targeting financial institutions.

This malware, like LockerPIN, shows the growing importance of having multi-layered network defenses against intrusion and infection. With bring-your-own-device policies and cloud-based applications now mainstays at many shops, network admins as well as security teams cannot put all of their eggs into one basket. As the Leidos post talked about, cybersecurity is an ongoing process that requires, among other things, risk management, research, and continuous network monitoring tools.

Leave a Reply

Your email address will not be published.