Kaspersky Labs Post

This page is going to have the latest post of the Kaspersky Lab post, and it will have all the security news from Kaspersky.

 

40% of industrial computers were hacked in 2016, here are 5 ways to protect your business

Two out of five industrial computers faced cyberattacks in the second half of 2016, according to Kaspersky Lab, and the risk is increasing. Here’s how to prevent these attacks.

Nearly 40% of industrial computers experienced cyberattacks in the second half of 2016, according to a new report from Kaspersky Lab, released Tuesday. And these attacks are on the rise: The percentage of targeted industrial computers grew from 17% in July 2016 to 24% in December 2016.

Kaspersky Lab’s Industrial Control Systems Cyber Emergency Response Team (ICS CERT) examined data from its Kaspersky Security Network, a distributed antivirus network operating across the globe, to create the report.

The no. 1 source of attacks? The internet. Malware downloads and phishing webpages attempted to infect more than 22% of industrial computers, Kaspersky Lab found. “This means that almost every fifth machine faced the risk of infection or credential compromise via the internet at least once,” according to a press release.

This may come as a surprise, as the desktop computers of the engineers and operators who work directly with industrial control systems (ICS) do not usually have direct internet access. However, other users have simultaneous access to the internet and ICS, the report noted.

“According to Kaspersky Lab research, these computers—presumably used by system and network administrators, developers and integrators of industrial automation systems, as well as third party contractors who connect to technology networks directly or remotely—can freely connect to the internet because they are not tied to only one industrial network with its inherent limitations,” the press release stated.

Other common sources of attacks included removable storage devices that contained malware, which impacted nearly 11% of ICS. And malicious email attachments and scripts were found on about 8% of industrial computers, often appearing in the form of Microsoft Office documents and PDF files.

Kaspersky Lab found about 20,000 different malware samples in industrial automation systems, from more than 2,000 different malware families, the report stated.

For more information on this article go to http://www.techrepublic.com

 

Hackers craving personal health care information are targeting exposed FTP servers.

The FBI issued a warning last week that focused on an increase in criminal activity targeting FTP servers used by medical and dental organizations that are configured to allow anonymous access without authentication.

“The anonymous extension of FTP allows a user to authenticate to the FTP server with a common username such as ‘anonymous’ or ‘ftp’ without submitting a password or by submitting a generic password or e-mail address,” the FBI bulletin said. “While computer security researchers are actively seeking FTP servers in anonymous mode to conduct legitimate research, other individuals are making connections to these servers to compromise PHI and PII for the purposes of intimidating, harassing, and blackmailing business owners.”

Medical data and the healthcare industry has been in the crosshairs of cybercrime since the transition to electronic health care data began in earnest. Healthcare officials have been urged to lock down access to patient data and medical devices critical to patient care.

This hasn’t stopped criminals from successfully attacking health care networks with ransomware, or targeting hospitals or connected medical equipment vital to care in healthcare facilities.

The exposed FTP servers, the FBI warns, could also be used as a launchpad for other attacks against the network.

‘Cyber criminals could also use an FTP server in anonymous mode and configured to allow ‘write’ access to store malicious tools or launch targeted cyber attacks,” the FBI said. “In general, any misconfigured or unsecured server operating on a business network on which sensitive data is stored or processed exposes the business to data theft and compromise by cyber criminals who can use the data for criminal purposes such as blackmail, identity theft, or financial fraud.”

FTP servers are just the latest weak spot when it comes to exposed services online. Most of the attention-grabbing news of late has been concentrated around open databases and poorly protected IoT and embedded connected devices.

A rash of MongoDB attacks in the past 12 months has left a number of enterprises and commercial businesses reeling. Attackers are using automated attacks to find the installations secured with weak or default credentials before copying and deleting data stored on these instances and demanding a ransom for their return.

Researchers count more than 56,000 exposed MongoDB databases, and believe that close to half have been attacked and held hostage. This phenomenon isn’t confined to MongoDB; 58 percent of 18,000 Elasticsearch servers were attacked and held for ransom while 10 percent of 4,500 exposed CouchDB servers were attacked.

Healthcare data, meanwhile, has been coveted for much longer. Last June, a Dark Web site was selling 655,000 healthcare records that were stolen using exploits for a vulnerability in RDP implementations in three medical organizations.

The FBI asks healthcare organizations to report any intrusions to local field offices, or its Cyber Watch (CyWatch) outfit. In the meantime, the FBI advises admins to inventory their FTP servers for any running in anonymous mode.

“If businesses have a legitimate use for operating a FTP server in anonymous mode, administrators should ensure sensitive PHI or PII is not stored on the server,” the FBI said.

For more information go to https://threatpost.com

by

 

 

In a rather worrying new report coming from Kaspersky Lab, it was revealed that in last year’s fourth quarter, about a fifth of all spam emails carried ransomware with them. 

While this is reason enough for everyone to worry and triple check any incoming email, it’s not exactly a surprise given the skyrocketing popularity of ransomware among hackers.

According to Kaspersky’s Spam and phishing in 2016 report, the volume of spam emails in 2016 rose to over 58% of overall email traffic, which is over 3% more than in 2015. As per usual, the US remained the biggest source of spam with 12% of it coming from computers across the 50 states. Second place is occupied by Vietnam, with 10.3%, while the third spot goes to India with 10.15%.

When it comes to the countries that are most targeted by malicious emails, Germany takes the lead with little over 14%. The second spot goes to Japan with nearly 7.6% and China with 7.3%.

As mentioned before, phishing attacks, in particular ransomware infections have grown quite a bit in the financial sector and across other businesses, places where attackers could make a little bit more money. Kaspersky notes that in 2016 the average proportion of phishing attacks against customers of financial institutions was over 47%, up from the 34% of the previous year.

“In 2016, fraudulent spam exploited the theme of major sporting events: the European Football Championship, the Olympic Games in Brazil, as well as the upcoming World Cups in 2018 and 2022. Typically, spammers send out fake notifications of lottery wins linked to one of these events. The content of the fake messages wasn’t exactly very original: the lottery was supposedly held by an official organization and the recipient’s address was randomly selected from millions of other addresses. To get their prize, the recipient had to reply to the email and provide some personal information,” the report reads, indicating just some of the techniques used by attackers.

Another topic exploited in spam mailings was terrorism. Numerous Nigerian letters were sent to users on behalf of state organization employees and individuals, detailing various stories. The purpose was always the same, however, promising large sums of money to make them join the conversation.

Most popular ransomw

 areThe most popular were mass spam mailings sent out to infect user computers with the Locky encryptor, but other ransomware such as Petya, Cryakl and Shade were also quite widespread. In total, in 2016, the anti-phishing system on computers running Kaspersky Lab was triggered nearly 240 million times, four times more frequently than the year before.

This whole report is just a great reminder to never click on emails from people you don’t know, and even when we receive emails from someone you do know to be wary of downloading any files unless you can confirm the sender is who they say they are and it’s not a spoofed address instead.

Feb 22, 2017 11:23 GMT  ·  By Gabriela Vatu

Many organizations still clueless when it comes to cyber security

Published
  • February 03 2017, 6:40am EST

Despite all the attention now focused on cyber security, a large number of organizations say they are unclear on the most effective protection strategy to combat these types of attacks.

This lack of knowledge and protection “is putting businesses across the globe at risk of grinding to a halt,” according to the new Corporate IT Security Risks survey from Kaspersky Lab.

The study found that nearly four-in-ten (39 percent) or organizations acknowledge that they not confident that they have adequate IT security safeguards in place.

“DDoS attacks in particular can quickly incapacitate a targeted business’s workflow, bringing business-critical processes to a stop,” the study noted. However, the research found that nearly a fifth (16 percent) of businesses are not protected from DDoS attacks at all, and half (49 percent) rely on built-in hardware for protection.

Despite all the attention now focused on cyber security, a large number of organizations say they are unclear on the most effective protection strategy to combat these types of attacks.

This lack of knowledge and protection “is putting businesses across the globe at risk of grinding to a halt,” according to the new Corporate IT Security Risks survey from Kaspersky Lab.

The study found that nearly four-in-ten (39 percent) or organizations acknowledge that they not confident that they have adequate IT security safeguards in place.

“DDoS attacks in particular can quickly incapacitate a targeted business’s workflow, bringing business-critical processes to a stop,” the study noted. However, the research found that nearly a fifth (16 percent) of businesses are not protected from DDoS attacks at all, and half (49 percent) rely on built-in hardware for protection.

“This is not effective against the increasing number of large-scale attacks and ‘smart’ DDoS attacks which are hard to filter with standard methods,” the report added.

In many cases, organizations assume that they’re already protected from these types of attacks, but that confidence is often misplaced.

Nearly half (40 percent) of the organizations surveyed fail to put measures in place because they believe that their Internet service provider (ISP) will provide protection. One-in-three (30 percent) believe that their data center or infrastructure partners will protect them.

“The reality is that these organizations mostly protect businesses from large-scale or standard attacks, while ‘smart’ attacks, such as those using encryption or imitating user behavior, require an expert approach,” the study explains.

Perhaps most surprisingly, the survey found that a third (30 percent) of organizationis fail to take action because they think they are unlikely to be targeted by DDoS attacks. One-in-ten (12 percent) even acknowledge that they believe that a small amount of downtime due to DDoS would not cause a major issue for the company.

“The reality is that any company can be targeted because such attacks are easy for cybercriminals to launch. What’s more, the potential cost of a single attack can be in the millions,” according to the report.

“As we’ve seen with the recent attacks, DDoS is extremely disruptive, and on the rise,” says Kirill Ilganaev, head of Kaspersky DDoS protection at Kaspersky Lab. “When hackers launch a DDoS attack, the damage can be devastating for the business that’s being targeted because it disables a company’s online presence. As a result business workflow comes to a halt, mission-critical processes cannot be completed and reputations can be ruined.”

“Online services and IT infrastructure are just too important to leave unguarded,” Ilganaev continued. “That’s why specialized DDoS protection solution should be considered an essential part of any effective protection strategy in business today.”

Kaspersky Adds Password Manager to Bug Bounty Program

By Eduard Kovacs on April 19, 2017

Kaspersky Lab has informed researchers that its bug bounty program has been extended. The company has also decided to add a new product to its program and increase the maximum reward.

Kaspersky launched its HackerOne-powered bug bounty program in August 2016. The first phase, which lasted for six months and promised a total of $50,000 in bounties, led to the discovery of more than 20 flaws.

Given the program’s success so far, the security firm has decided to extend it and make some changes. Bug bounty hunters can now earn rewards for finding vulnerabilities in Kaspersky Password Manager 8. Until now, only Kaspersky Internet Security 2017 and Kaspersky Endpoint Security 10 were in scope.

The security firm also announced that the maxim reward for remote code execution vulnerabilities has been increased from $2,000 to $5,000. White hat hackers can earn, on average, $1,000 for local privilege escalation flaws and $2,000 for sensitive information disclosure issues. The minimum reward is $300.

“Since August, it is fair to say that our Bug Bounty Program has been successful in optimising our internal and external mitigation measures to continuously improve the resiliency of our products. That’s why we’ve decided to extend it,” said Nikita Shvetsov, Chief Technology Officer at Kaspersky Lab.

“We appreciate the enthusiastic participation of security researchers worldwide. As a mark of our respect for the work they do in helping us to bolster our solutions, we’ve increased the remuneration on offer in this second phase of the program and extended the scope to include other important Kaspersky Lab products,” Shvetsov added.

Google Project Zero researcher Tavis Ormandy has reported finding several vulnerabilities in Kaspersky products in the past years. The most recent, disclosed in January, was related to how the security firm’s products inspect SSL/TLS connections.

Related: Attackers Can Hijack Security Products via Microsoft Tool

Related: Kaspersky Patches Critical Vulnerability in Antivirus Products

Related: Kaspersky Patches Flaw in “Network Attack Blocker” Feature

If you would like more information go to http://www.securityweek.com and see what the latest news from around the world.