Indeed, it was found out that the lockdown and the pandemic have led cyberattackers to develop more sophisticated ways to spread fears and hack into apps and networks.

The report showed that more than 90% of all pandemic-related malware took the form of Trojans. Researchers discovered evidence of an SMS worm targeting Indian consumers, which became one of the earliest vaccine fraud campaigns by encouraging users to download a vaccine app containing malware.

The study also showcased the dangers of billing fraud malware that makes purchases behind the backs of consumers. Indeed, a mobile malware dubbed Etinu is able to steal incoming SMS messages using a Notification Listener function and make purchases and sign up for premium services and subscriptions that get charged to the user’s account.

Finally, it was found out that hackers are using banking Trojans to target hundreds of financial institutions around the world. There was a 141% increase in Banking Trojan activity between Q3 and Q4 2020.

The post Report shows surge in mobile malware appeared first on DevOps Online North America.

Indeed, it was found out that Ransomware decreased by 50% in Q1 as cyberattacks started to focus on fewer, larger targets with unique samples. By launching these kinds of unique attacks, RaaS affiliate networks are then allowing adversaries to minimize the risk of detection by large organizations’ cyber defences as well as paralyze and extort them for large ransomware payments.

Moreover, the report noted a 117% surge in the spread of cryptocurrency-generating coin mining malware, which is due to a sharp spike in 64-bit CoinMiner applications. Indeed, Coin Miner malware is reported to infect compromised systems and silently produces cryptocurrency using those systems’ computing capacity for the criminals that designed and launched such campaigns.

This gives an advantage to cybercriminals as there is zero interaction required from the perpetrator nor the victim, and the victims may never become aware that their system is creating monetary value for criminals.

It was also showcased that the first quarter of 2021 witnessed around 688 new malware threats per minute, an increase of 40 threats per minute over Q4 2020. Besides, a 54% increase in publicly reported cyber incidents targeting the technology sector was reported during the first quarter of 2021.

The post Ransomware-as-a-Service threats to rise in 2021 appeared first on DevOps Online North America.

Even though NHS organisations did not report any cases of harm to patients or of data being compromised or stolen, about a third of hospital trusts in England were disrupted and NHS England data showed that at least 80 out of 236 trusts were affected – with 34 infected and locked out of devices (of which 27 were acute trusts), and 46 not infected but reporting disruption. A further 603 primary care and other NHS organisations were infected by WannaCry, including 8% of GP practices (595 out of 7,454).

In the report ‘Lessons learned review of the WannaCry Ransomware Cyber Attack’ released in February 2018, NHS’ Chief Information Officer for Health and Social Care William Smart explained that the work of a cybersecurity researcher, who activated a ‘kill-switch’ on the evening of Friday 12 May, had the effect of stopping WannaCry infecting further devices. Without this intervention, it is likely that the impact that WannaCry had on services would have been even greater.

But a question still remains, is there anything else that could’ve been done to avoid the incident, mitigate the risk of sensitive data falling into the wrong hands, and quickly recover from such an attack? The answer could be the cloud.

Is data more secure in the cloud?

After your data has been encrypted by a ransomware, recovering it is almost impossible, thus, investing in prevention seems to be the securest solution. The first step would be creating secure backups of sensitive data on a regular basis. Keeping in mind that in case of a ransomware attack you need to physically disconnect the storage device to avoid it being infected, it would be best to keep your data backed up in the cloud rather than on-premises.

In an ideal world, the best solution would be to be warned early enough, so you can quickly isolate a ransomware infection and recover important data before the entire network is affected. Some CSPs have enhanced their solutions, for example here at iland we now offer deep packet inspection, encryption, antivirus, anti-malware scans, and integrated reports for compliance and regulatory audits.

These services can include:

• vulnerability scanning
• monitoring of changes to critical files and application control which helps limit or block network access for certain applications firewall event
• identification and prevention of DDoS and other cyber attacks
• web reputation monitoring and control
• proactive quarantine of known viruses and malware

It is important here to outline that, when confronted by a ransomware attack, your weakest links in the security chain are your endpoints, so users’ devices must be protected with AV protection, regular backups and anomaly detection.

DRaaS, the ultimate prevention?

While the public opinion was primarily concerned about the consequences of WannaCry’s encryption of NHS patients’ data files and medical systems, what actually caused most damages was the downtime. Moreover, even though a simple backup will let you restore your production database, this will take much more time than a DRaaS solution.

DR is a system of replication combining software and the cloud designed to minimise downtime. It creates a copy of the VM at a secondary location and can fail-over in seconds or minutes. Instead of simply having backups, DR allows organisations to devise a recoverability strategy for when a  disaster strikes enabling them to failover production systems and get the organisation back up and running quickly.

DRaaS involves the engagement of a cloud service provider that facilitates some or all of the recovery process and hosts the replicated systems in their cloud. DRaaS provides more benefits to healthcare organisations than secondary sites by providing geographic diversity and the support of an engaged third party to help in an emergency.

Has it convinced healthcare organisations?

While consequences could have been much worse, healthcare organisations became more conscious of the importance of having robust security. This is when cloud computing was looked at as a one of the best threat response strategies. The automation that can be applied to the cloud and the scalability of its monitoring and threat detection means that it’s easier to detect and manage incidents. In terms of security, it shows a proactive process that allows organisations to manage incidents more effectively and enhance malware prevention.

Earlier this year, the Secretary of State for Health and Social Care, WJeremy Hunt, signed off on the first official guidance aiming to help the UK’s National Health Service moving to cloud. The cloud will help them to provide reliable disaster recovery, support for agile deployments, and a freedom from maintaining hardware. However, many seem to still be resistant to this move due to compliance concerns.

Whether it’s identifying and implementing the proper controls in the cloud, passing an audit on cloud resources, or keeping up with changing regulations, IT departments in healthcare firms often don’t have the time or resident expertise to confidently solve the cloud compliance problem.

However, they don’t have to do it alone. Here at iland we have brought together cloud, security, and compliance into one, seamless platform, enabling organisations to get access to the security controls required by HIPAA, the reports needed to complete an audit, and the support from in-house Compliance teams, to answer any questions.

Healthcare organisations should be urged to embrace the cloud, not only because it is an opportunity to reduce cost, but also because cloud technology stimulates innovation, offers greater security and easier scalability than traditional solutions.

Written by Sam Woodcock, Director Solutions Architect EMEA and APAC at iland NHS

The post Are healthcare organisations finally making a move to the cloud? appeared first on DevOps Online North America.

The global leader in delivering comprehensive, scalable IT service management solutions to IT solution providers and MSPs has created the threat detection system to continuously update over two million domains in over 85 countries.

The Mail Assure spam and threat protection also helps to effectively shield users from email threats; to act as a failsafe if a company’s primary email service goes down.

The solution provides business continuity and user access to email flow. Mail Assure also allows users to:

• Integrate with virtually any on-premises or cloud-based email service, including Microsoft Office 365 and Exchange
• Brand the solution with company logo and interface colour scheme
• Specify the location of servers within North America or Europe for regulatory compliancy
• Use any web-connected device with responsive UI design
• View comprehensive, detailed mail logs and reports
• Search indexed archives for copying and compression of all inbound and outbound emails
• Import existing archive data and export searched data to normal formats

Greg Lissy, vice president of product management at SolarWinds MSP, said: “The most vulnerable vector for malicious business attacks is email.

“According to recent research, 91% of cyber attacks and the resulting data breach begin with a spear phishing email. In this high-threat world, it’s more important than ever for IT service providers to provide a reliable and stable mail protection solution that offers spam filtering and seamless integration at an affordable price.

“Even if customers have a primary layer of security, as with Microsoft Office 365, Mail Assure provides an additional layer of defence to prevent spam, virus, and ransomware attacks-providing users with increased reliability, email continuity, and top-of-the-line email security.”

Written from press release by Leah Alger

The post SolarWinds MSP introduces email malware protection appeared first on DevOps Online North America.

A Paris-based security expert called Benkow, who brought this to the attention of the CZnet news site, found the Spambot discovery.

According to Benkow, the Spambot hides tiny pixel-sized images in sent out emails, collecting information about the computers targeted, and affecting different types of devices with malware attachments that consumers may perceive as business invoices.

He acknowledged that it was “difficult to know where the credentials had come from”, but suggested that it might be from a phishing campaign on Facebook.

The hackers gathered details of the accounts’ simple mail transfer protocol port and server settings, with the information collected used to fool email providers’ spam-detecting systems into letting blocked messages accessible, according to the BBC.

‘Be more vigilant with received emails’

Richard Cox, former chief information officer of the Spamhaus project, told the BBC: “While the list of email addresses is quite large, it is probably no larger than any seen previously.

“The lists of compromised accounts are more worrying.

“When compromised accounts are used for spam, they can only be stopped by their providers suspending the account – but when that many are involved, it will severely overload the security/abuse departments of those providers, making it a slow process and that is what keeps the spam flowing.”

Affected users are able to check if their email addresses have been targeted, but not if their accounts have been hijacked.

Benkow also noted users should change their passwords and be more vigilant with received emails.

Written by Leah Alger

The post Spamming operation hijacks 711.5 million email addresses appeared first on DevOps Online North America.

The apps silently register the device to a remote server once downloaded, which sends back malicious ad-click software to generate revenue for the site by clicking on adverts and opening hidden websites.

The malicious code has been found in more than 40 apps from the game Enistudio, created by South Korean developer Kiniwini, as well as several other app developers.

“I do not know how long the malicious versions of the apps have been available, but all the Judy games have been updated since March this year,” said Check Point.

“There are many tools available, and the advantage is that the malware distributor can change them remotely, which makes it difficult for anti-malware software to keep up,” added Andrew Smith, a Senior Lecturer in Networking at the Open University.

The infected apps have now been removed from Google Play Store.

Edited from source by Leah Alger
Source: BBC

The post Android’s malware scare appeared first on DevOps Online North America.

New ChatOps tool

Writing in the streaming service’s tech blog, senior engineers Michael Grima, Andrew Spyker and Jason Chan, introduced HubCommander, a ChatOps tool for GitHub management.

Netflix uses GitHub extensively for both open source and internal projects. The engineering team at Netflix highlighted some key challenges, particularly related to user management.

“Management of many users on GitHub can be a challenge without tooling. We needed to provide enhanced security capabilities while maintaining developer agility.”

“To reduce complexity, we enforce a consistent permissions model across all of our organizations. This allows us to develop tools to simplify and streamline our GitHub organization administration.”

Why ChatOps?

The Netflix approach leverages ChatOps, which utilises chat applications for performing operational tasks.

Increasingly popular amongst developers, ChatOps leverages chat tools that are ubiquitous, provide a single context for what actions occurred when and by whom, and also provide an effective means to provide self-serviceability to developers.

Security in GitHub organisations

Security is paramount for Netflix, and the company follows a permissions model that applies the principle of least privilege, but is still open enough so that developers can obtain the access they need and move fast.

“While we permit our developers to have write access to all of our repositories, we do not directly permit them to create, delete, or change repository visibility.”

Additionally, all developers are required to have multi-factor authentication enabled. All of our developers on GitHub have their IDs linked in our internal employee tracking system, and GitHub membership to our organizations is removed when employees leave the company automatically (we have scripts to automate this).”

Netflix also enables third-party application restrictions on its organisations to only allow specific third party GitHub applications access to its repositories.

Contributions from the developer community

“If you’d like to extend these features, we’d love contributions to our repository on GitHub,” the Netlix engineers said.

Stethoscope, Netflix’s first project following a user focused security approach

In another blog post, Jason Chan, Director of Engineering – Cloud Security at Netflix, discusses the open sourcing of Stethoscope, a web application that collects information for a given user’s devices and gives them clear and specific recommendations for securing their systems.

“The notion of ‘User Focused Security’ acknowledges that attacks against corporate users (e.g., phishing, malware) are the primary mechanism leading to security incidents and data breaches, and it’s one of the core principles driving our approach to corporate information security. It’s also reflective of our philosophy that tools are only effective when they consider the true context of people’s work,” Chan said.

Education, not automatic enforcement

The reasoning behind Stethoscope is primarily education and helping employees stay safe from phishing, malware, and other exploits on personal devices – outside of Netflix’s direct control.

“If they fall for a phishing attack on their personal laptop, that may be the first step in an attack on our systems here at Netflix,” Chan said.

Edited from sources by Cecilia Rehn.

The post Netflix open sources ChatOps tool for GitHub management and user focused security web application appeared first on DevOps Online North America.