Two webinars occurred last month. Both were hosted by a Bryley business partner and both concerned data protection in this prolific era of technology and cybercrime. One was hosted by Websense - an industry leader in web, email and data protection – and the other by Kaseya – an industry leader in endpoint, malware and virus security. Both webinars came to the same conclusion: businesses the world over are experiencing the exponential growth in cybercrime, especially smaller businesses due to their lack of advanced security. Last month The Wall Street Journal cited that 761 cyber attacks had been reported in 2010 and of that number 482 were at companies that had less than 100 employees. What businesses need, especially smaller businesses, is a more advanced form of network protection that will ensure the security of mission-critical endpoints and data.
The latest threats
Advanced Persistent Threats or APTs are growing at an alarming rate, in the form of phishing scams, viruses, drive-bys and malware. Just this past July, FBI agents arrested 16 people involved with a recent Pay Pal attack, a strand of Zeus, the bank account hijacking Trojan, was discovered on Android Smartphones and a Charlie Sheen death hoax was spreading malware through Facebook.
According to Websense, the most popular form of attack at the moment is malware on websites. Regarding the latter, Websense Security Labs identified a 111.4% increase in the number of malicious websites from 2009 to 2010. Even worse, most of these malicious sites (79.9%) were found to be legitimate sites that had become infected: according to Symantec, the top 100 websites in the world have been infected. So even when you believe yourself to be exercising caution when working online you might still be vulnerable to attack. Not to mention the fact that sites tend to fluctuate between states of cleanliness and infection: in other words they can be cleaned up but in two days time be infected again. This makes perfect sense when you stop and think about it. Cybercriminals are like fishermen, going where all the fish are: these are the most popular sites in the world, and even after they are cleaned up they will always be targeted again.
How cybercriminals are getting in
Cybercriminals are attacking businesses for financial gain and they are using off-the-shelf methods to hack into networks, slow down systems, hijack usernames and passwords and steal valuable data.
According to Websense they are getting into your network in the following ways:
1. Social networking – Many cybercriminals are using social networking sites such as Facebook to infect endpoints. Typically the scam invites you to view something by following a link on Facebook and that link takes you instead to a site infected with malware (ex: Charlie Sheen death hoax). Social networking sites are also frequently the targets of phishing scams.
2. SQL injections – Cybercriminals use SQL injections to compromise business websites, thus allowing them to steal any client information held within the site’s databases
3. Drive-by downloads - Cybercriminals utilize the drive-by download method of implementing malware onto endpoints as the users are completely unaware that the download is occurring.
4. 0-day vulnerabilities – Cybercriminals often search for vulnerabilities in software before the developer has time to identify and rectify them with a security service pack. In other words, cybercriminals target new software hoping that they can detect as yet undetected vulnerabilities.
5. Windows of exposure – Cybercriminals will take advantage of windows of exposure when security pack updates are not yet available to exploit the known vulnerabilities that have not yet been rectified.
Kaseya cited a few more points of entry in their webinar:
1. Email - According to Gartner Research email attacks went up 600% in 2009 alone. Cybercriminals use email to download malware, viruses, Trojans and worms onto endpoints usually through infected attachments. They also use email to run phishing scams often in the guise of correspondence from a bank with a counterfeit link to an account login page.
2. Scareware – This is another popular method of attack for cybercriminals looking to infect endpoints with malware. It looks like the following: a popup alerts users to the fact that their computers are running a virus scan and then asks them to download the latest version of their security software: only when they do this they are in fact downloading the virus. Sometimes the fake scan will even ask for credit card information as a means to pay for the removal of the fake virus.
3. Application Vulnerabilities – Adobe Reader, Microsoft Word, Microsoft Excel and Microsoft PowerPoint are all common targets of attacks.
The damage
No matter how they get in, cybercriminals are looking to enter your network and infect your endpoints: malware on your desktop, your laptop or your smartphone is their goal. This malware will then be used to steal valuable data such as usernames and passwords: anything that will allow access to personal and /or financial information such as bank accounts and social security numbers.
According to Kaseya, cybercriminals have stolen at least 100 million dollars from SMBs across America using these new forms of attack. These security breaches do not just result in stolen data and finances, they also lead to system slowdowns, system crashes, downtime, lost client information, broken compliance with privacy statutes, possible lawsuits and tarnished reputations.
How to protect yourself
As endpoints are the new targets of cybercriminals so too are endpoints the new border of defense. In order to protect your network you must devise a defense strategy that prioritizes the security of desktops, laptops and smartphones, tweak your security configurations and deploy advanced endpoint protection software.
Creating a defense strategy
Protecting your network and its vulnerable endpoints begins with a robust strategy for defense. Here are a few ideas to get you started on your own strategy.
1. Educate yourself – Learn everything you can about modern cybercrime and protection
2. Identify target data – Pinpoint information cybercriminals would want and secure it with enhanced access policies, passwords and encryption
3. Security software – Research and deploy the right security software for your business
4. Learn and evolve – Learn from the past and constantly evolve your defense strategy
Employing these top configuration tips from Websense
Websense offered the following configuration tips in their recent webinar to assist you in beefing up network security.
1. Deploy proxies
2. Inspect SSL
3. Protect yourself everywhere: from endpoints to the cloud
4. Lockdown outbound protocols
5. Employ multi-layer inspections on email
6. Monitor inbound and outbound traffic
7. Log as much as possible with search tools
8. Pen testing on SQL and Web servers
9. Train on mitigation not prevention and perform continuous privileged user training
10. Create and get disaster buy-in
11. Patch
Deploying advanced protection software
You need security software that will defend your endpoints from all of the modern threats. And since those threats tend to be lurking on legitimate websites, you need software that is content aware, not just reputation aware, that reviews all of the inbound and outbound traffic of websites in real-time for malicious code. Luckily both Websense and Kaseya offer solutions that assist with everything endpoint: from viruses and malware to data loss prevention. Some of these solutions are mentioned below, complete with bulleted lists of their highlights.
1. Websense Advanced Classification Engine (ACE)
· Precise ID
· Anti-spam
· Reputation
· Real-time content classification
· URL classification
· Antivirus
· Real-time security classification
2. Websense Data Loss Prevention (DLP)
· Block HTTP Post to uncategorized destinations (WBSN destination awareness)
· Create Content Classifiers and Policy
· Fingerprints confidential documents
· Monitors incidents
· Expands coverage to additional enforcement channels
· Set thresholds on suspicious number of transactions over a specified time
3. Kaseya Antivirus (KAV)
· Fastest response time to new threats (less than 2 hours from initial time of detection)
· Powered by Kaspersky Labs antivirus engine
· Real-time status updates and alerts
· Easy-to-use administrator console
· Offers your choice of either automatic or manual scanning scheduling
· Offers complete integration with other Kaseya products
4. Kaseya Antimalware (KAM)
· Detects, destroys and prevents malware specifically
· Real-time status updates and alerts
· Powered by Malwarebytes
· Easy-to-use administrator console
· Automated scanning
· Offers complete integration with other Kaseya products
5. Kaseya Endpoint Security (KES)
· A powerful add-on to KAV or KAM, KES again offers complete integration
· Protection from viruses, worms and Trojans
· Performs generic as well as known virus detection
· Offers heuristic analysis
· User-defined reports
· Easy-to-use administrator console
· Real-time status updates and alerts and email notifications
· On-access and on-demand scanning
· Email scanner
· Anti-spyware
· Automated deployment
Helpful Hint: When further researching solution options, be sure to ask yourself the following questions.
1. What are the overall detection rates for this product?
2. Does this product provide holistic protection?
3. Does this product affect system performance?
4. Is this product easy to manage?
5. What kind of support comes with this product?
6. Does this product’s pricing fit into my budget?
How Bryley can help
Bryley is business partners with both Websense and Kaseya and can help you locate the solutions that will best fit the needs of your business. Call us today at 978.562.6077 or email Sales@Bryley.com for more information.
References
Websense www.websense.com
Kaseya www.kaseya.com
Hackers shift attacks to small firms by Geoffrey A. Fowler for the The Wall Street Journal http://online.wsj.com/article_email/SB10001424052702304567604576454173706460768-lMyQjAxMTAxMDIwMjEyNDIyWj.html
Subscribe
Business Technology Solutions Since 1987