SPAM on the Rise Globally

On March 23rd, 2017, posted in: Spammers by konweb

We highlighted the release of The 2017 Cisco Annual Cybersecurity report in our blog post a few weeks back. Today, SPAM is on the menu and the same Cisco report serves up some very interesting insights into the growth of global spam.

According to the report:

  • 65% of all email globally is spam
  • 8-10% of spam in 2016 was malicious. More troubling however is that 75% of spam in October, 2016 contained malicious attachments
  • From August to October 2016 there was a dramatic rise in the number of IP addresses deemed spammy and subsequent blocked
  • Cisco researchers attribute much of the rise of spam in 2016 to the Necurs botnet ( a primary distributor of the Locky ransomare

 

Konsultek Knows Spam

Spam is problematic for every organization. In its most benign form the sheer volume of spam can overload inboxes and waste valuable employee time. In its most malignant form spam can trick employees into inviting malware into networks or even sending funds to cybercriminals masquerading as suppliers.

At Konsultek, spam is just one of things we take of the buffet of cyber threats so that your employees, your organization and your network are protected. If you are interested in learning more about how we can help your organization please give us a call.

 

read more

We’ve reported on the rise in ransomware attacks previously. Ransomware is readily available for purchase on the Darknet and requires relatively little sophistication to use. This makes it very popular among cyber thieves looking to make a  quick buck holding individuals and organizations hostage.

Image Courtesy of Kaspersky Lab

However, it appears that competition may be heating up in the ransomware space and some speculate that this infighting may be a boon to would be victims because it consumes resources that may otherwise be used for mayhem.

Petya Code Stolen?

Petya, a particularly virulent strain of ransomware that was a pioneer in the malware-as a-service offering, has apparently had its code (or at least key portions of it) by a group that has used the stolen code to create and launch an even more nasty version they dub PetrWrap.

In use since February, PetrWrap uses its own cryptographic keys to lock down a user’s data rather than relying on the “stock” keys that come with a paid subscription to Petya.

Competition Eating Itself?

“We are now seeing that threat actors are starting to devour each other. From our perspective, this is a sign of growing competition between ransomware gangs,” says Anton Ivanov, senior security researcher at Kaspersky Lab. He further postulates “Theoretically, this is good, because the more time criminal actors spend on fighting and fooling each other, the less organised they will be, and the less effective their malicious campaigns will be.”

Konsultek Can Help

Whether this increased competition is good or bad for individuals and organizations will only reveal itself in the months and years ahead. In the meantime we urge you take as many precautions as possible including:

1. Routinely backing up all critical data on drives that are secure.

2. Implementing a robust threat prevention, detection and mitigation strategy

3. Proactively performing penetration tests and other types of network security challenges to identify areas of weakness prior to them allowing ingress by outside threats.

If you would like to discuss best practices in any of these areas, please give us a call. We are here to help!

 

read more

Mega Spammer Leaks 1.37 Billion Emails

On March 7th, 2017, posted in: Hackers, Spammers by konweb

Monday morning, March 6, 2017 started off with a teaser announcement from data breach storm chaser Chris Vickery over at MacOS security software specialists MacKeeper. The announcement stated that later in the morning the identity of a breach victim with 1.37 BILLION records compromised would be identified.

Wow 1.37 Billion is a LOT of records! For perspective, there are only about 300 Million people in the whole United States. A breach of that size can only happen to an organization that either has a lot of individual users/customers, a large government agency or perhaps a large scale data aggregator.

The Internet was immediately on fire with speculation as to who might have been breached… Facebook? Salesforce? Apple? Alibaba?

Well, a few hours later the mystery was solved when Chris Vickery revealed on the MacOS blog that the “victim” was one of the largest email spammers in the world! Wow, no one had that on their radar.

SPAM SPAM SPAM

The spammers, who position themselves as legitimate marketers under the name River City Media, use automation and hacking techniques to send out an estimated 1 Billion emails a day with a team that numbers around a dozen. While everyone despises spam email, at some level you have to admire the sheer spamming scale that Alvin Slocombe and Matt Ferris, the River City Media principles, were able to operate at.

 

Another Dark Day for Privacy

In addition to emails, the database contains real names, IP addresses and frequently physical addresses. It would appear that these details may be headed over to law enforcement authorities so “big brother” just got a huge windfall.

Kudos to the Spam Assassins

You can bet that this is only the beginning of the story and that much more will come to light in the months ahead. Certainly all the investigators involved, MacKeeper Security Research Center, CSOOnline, and Spamhaus deserve a huge helping of kudos for clearing up, at least a little bit, the inboxes of over a billion spam victims in one fell swoop.

How Secure is Your Network?

You would think that a group of professional spammers would have appreciated and deployed the best security measures possible. It just goes to show that any operation, illegal or otherwise can be brought to a screeching halt when a data breach occurs.

Don’t let something like this happen to your organization!

Get proactive on challenging your own network security before it is too late.  From executive assessments to vulnerability discovery and breach simulation Konsultek can help. Give us a call to find out how we can help you identify and quantify your network security risks in a proactive manner.

 

read more

The 2017 Cisco Annual Cybersecurity report was just published. Weighing in at 110 pages and filled with detailed analysis, this is a report that should be downloaded and reviewed by anyone with an interest in the ever changing cybersecurity landscape.

Here are some of the major findings outlined in the report:

● The top constraints to adopting advanced security products and solutions, according to the benchmark study, are budget (cited by 35 percent of the respondents), product compatibility (28 percent), certification (25 percent), and talent (25 percent).

● The Cisco 2017 Security Capabilities Benchmark Study found that, due to various constraints, organizations can investigate only 56 percent of the security alerts they receive on a given day. Half of the investigated alerts (28 percent) are deemed legitimate; less than half (46 percent) of legitimate alerts are remediated. In addition, 44 percent of security operations managers see more than 5000 security alerts per day.

● Twenty-seven percent of connected third-party cloud applications introduced by employees into enterprise environments in 2016 posed a high security risk. Open authentication (OAuth) connections touch the corporate infrastructure and can communicate freely with corporate cloud and software-as-a-service (SaaS) platforms after users grant access.  See our previous post on private vs. public cloud

● According to the Security Capabilities Benchmark Study, organizations that have not yet suffered a security breach may believe their networks are safe. This confidence is probably misplaced, considering that 49 percent of the security professionals surveyed said their organizations have had to manage public scrutiny following a security breach. 6 Executive Summary and Major Findings Cisco 2017 Annual Cybersecurity Report

● The Cisco 2017 Security Capabilities Benchmark Study also found that nearly a quarter of the organizations that have suffered an attack lost business opportunities. Four in 10 said those losses are substantial. One in five organizations lost customers due to an attack, and nearly 30 percent lost revenue.

● When breaches occur, operations and finance were the functions most likely to be affected (36 percent and 30 percent, respectively), followed by brand reputation and customer retention (both at 26 percent), according to respondents to the benchmark study.

● Network outages that are caused by security breaches can often have a long-lasting impact. According to the benchmark study, 45 percent of the outages lasted from 1 to 8 hours; 15 percent lasted 9 to 16 hours, and 11 percent lasted 17 to 24 hours. Fortyone percent (see page 55) of these outages affected between 11 percent and 30 percent of systems. See our recent post on Business Continuity

● The 2017 Security Capabilities Benchmark Study found that most organizations rely on third-party vendors for at least 20 percent of their security, and those who rely most heavily on these resources are most likely to expand their use in the future. Review Konsultek’s Managed Security Services

Konsultek Knows Security

When it comes to protecting organizational assets within your network, Konsultek shines. Our engineers’ consultative approach to security means that every organization gets the custom security solution that is right for them, not some off the shelf bundle of products. If you are ready to learn how you can take your organization’s network security to the next level, give us a call.

 

read more

The 2017 Horizon Scan from the Business Continuity Institute has been released.

The survey results have been compiled from the responses of 726 organizations across 79 countries. The survey represents a wide range of market segments including financial and insurance services, retail and defense. The companies surveyed were diverse in size ranging from small businesses, with fewer than 250 employees, to corporations with more than 100,000 employees and annual sales of more than 50 billion USD.

Source: Business Continuity Institute

Perception Is Not Reality When Classifying BC Risks

Later in the Horizon Scan report the folks at BCI introduce a new metric called the “Disruption Level”. Interestingly, when you reclassify the top 3 threats, in terms of disruption “Unplanned IT and Telecom Outages” rise to the top in terms of disruption with a score of 72. In contrast, “Cyber Attack” and “Data Breach” score just 35 and 15 respectively. This shows that there is a huge disparity between what is perceived as a risk to BC as opposed to what is actually a risk to BC.

Konsultek Knows Business Continuity

Whether it is security to harden your defenses, data center colocation, strategic use of cloud services or a suite of managed services, a comprehensive network security and infrastructure package from Konsultek can help your business weather the unexpected. To learn more about how one of our customized solutions can benefit your organization just pick up the phone and give us a call.

 

read more