Is the Dazzling Future of the Smart City at Risk? How Can Smart Cities Protect Themselves Against the Effects of Ransomware?

No Gravatar

The dazzling future of the Smart City; where governments are always connected -managing traffic lights, pollution control, and the power grid – all the way down to full home automation, from smart garage door openers, to your intelligent Google Nest thermostat – is now under attack.  A recent article on Gizmodo brought up the ongoing struggles that municipalities are facing and that they will continue to face as they implement Smart City infrastructure and services.   Dr. Hongwen Zhang, our CEO, brought up in an earlier blog that Smart Cities are being developed globally faster than ever before but that they need to be aware of the growing security issues that will face them.  Due to the fact that there is an increasing number of IoT devices being added to the Smart City networks in order to automate more services, the growing number of devices is opening up these networks to increased attack surfaces. The Air Gaps that had been previously put in place to protect critical networks, are subverted to enable more efficient communication between IT networks and Operational Technology (OT) networks.

HOWEVER, as a result of inadequate security or operational defences being considered whilst the Smart City infrastructure is being put into place, we are starting to quickly see the effects of this.  As noted in the Recorded Future report on Municipal ransomware attacks that we brought up in our previous blog, many of these municipalities that are taking the step towards being Smart Cities are also becoming the targets of profit-driven hackers who are utilizing Ransomware to great effect; taking down critical systems and demanding payment to release vital databases needed by these systems.  The number of cities being hit by Ransomware continues to grow.

The Smart City future, where governments are connected 24/7 (thus, allowing them to offer services to their constituent more quickly and efficiently than ever before), is getting hit, putting a damper on municipalities looking to technology for ways to improve their systems and services.  Unfortunately, at a time where many American cities are struggling with crumbling infrastructure such as bad roads, old mass transit systems, decaying schools and hospitals, their internet infrastructure is usually facing the same fate.  This does not bode well as more and more IoT devices, equipment, etc. are added, often haphazardly, to this crumbling infrastructure.  As cities around the world rush to become “smart”, with the hopes of adding efficiencies wherever possible, security has often taken a back seat, with not enough thought on the inevitable security problems and looming privacy concerns that will be a part of being a connected city.

That is why, at Wedge Networks, we continue to further develop and constantly look at ways of improving our Network Security platform.  We feel that many of the issues that these municipalities are facing, as they rush to become “Smart”, can be dealt with using an orchestrated network-based platform that can protect the greatly increasing numbers of IoT devices that are being added to the city networks.  Working with some of our partners, who are adding smarts to their power grid in Asia, Wedge’s Absolute Real-time Protection (WedgeARP) platform is proving itself to be the underlying security base for municipalities; acting like a water treatment plant, except that it cleans all the internet traffic that feeds the endpoints on these city-wide networks.  With our patented Deep Content Inspection technology, combined with Artificial Neural Networks and multiple best-of-breed security services, WedgeARP can “see” all the content that traverses the network, detecting and blocking any and all malware in real-time, BEFORE they can reach the endpoints.  With a platform like this in place, municipalities giving into the Smart City allure, can rest a bit easier, knowing that all of the devices that they are adding can actually be protected against Ransomware, Targeted Attacks, and all of the other Malware that hackers are using to try to shut down essential services.  

As always, we continue to preach the “Detect and Block” approach to all.  Municipalities going the Smart City route should be taking up this approach as they progress down the technological path to greater efficiency.  Any city who is interested, should get in touch with our team at info@wedgenetworks.com.  We continue to offer a FREE 90 day trial of our Wedge Advanced Malware Blocker and feel that it is our civic duty to continue to provide solutions that can help municipalities with their cybersecurity efforts.

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , | Leave a comment

Targeted Ransomware Attacks Are On the Rise and are Crippling Local Governments: How Can They Protect Themselves?

No Gravatar

Targeted ransomware attacks being perpetrated on local government entities is on the rise. Although the ransoms demanded are often relatively small, typically under $100K, the overall costs to remediate the attack and the damages inflicted by downtime and decreased efficiencies by having to go back to manual services, can often run into the hundreds of thousands of dollars; and more often than not, into the millions of dollars once all losses are finally tallied.

In a telling study by Massachusetts-based cybersecurity firm, Recorded Future, the collected evidence showed that at least 170 county, city or state governments in the US had been attacked since 2013, with at least 45 police and sheriff’s offices across the nation being hit. The numbers continue to rise. In 2019 alone, there have been 22 known public sector attacks so far, which is rapidly outpacing numbers from 2018; the latest major city to be hit being Baltimore, which was forced to quarantine its network and provide most municipal services manually. The security industry conservatively estimates that ransomware attacks are costing victims billions of dollars a year. Unfortunately, there are no precise numbers as comprehensive records of attacks around the world are not kept and not all attacks are even reported.

This rise in attacks on municipalities is a clear sign that hackers are becoming more discerning when choosing their targets: it is all about maximizing the amount of money that they can make. As we’ve stated in our blog last week, the overall number of ransomware attacks may be decreasing but the related costs are increasing as hackers become increasingly focused with more customized and targeted attacks being executed on municipalities, instead of individuals. Municipalities often have vital systems, not only in day-to-day operations but essential services such as traffic, transportation and other systems that they are more willing to pay a ransom for in order to get these services back online; as opposed to an individual that often simply decides to just go out and buy another computer.

Who are the perpetrators of these attacks? According to a CNN article covering the study, the attackers range from criminal gangs to people allegedly working at least tangentially with their countries’ governments. Unfortunately, in most cases, these attacks are carried out by hackers in other countries and often tend to be out of reach as they are in countries where they cannot be extradited to the US, nor to the districts on which they carried out the attack, in order to face charges. Also unfortunate is the fact that some of the ransomware worms that are currently being used by attackers on these municipalities were created originally by nations such as North Korea for government-sanctioned attacks before they got out of hand and got into the hands of hackers who have co-opted the malware for much more lucrative purposes.

All of this just continues to emphasize and reiterate the fact that without proper safeguards and a good solution in place, municipalities, and ultimately the residents that reside there, will continue to get bilked for hundreds of thousands, if not millions of dollars; often times, money that small municipalities cannot spare. That is why we continually bring up our “Detect and Block” solution. As part of our civic duty, we offer any municipality or government entity a FREE 90 day trial of the Wedge Advanced Malware Blocker that can Detect and STOP all forms of Ransomware in Real-time, BEFORE it has a chance to even hit your network. If a municipality can save itself from being one of the growing number of ransomware victims, we feel that our civic responsibility and duty will have been fulfilled. Get in touch with our team at info@wedgenetworks.com for more information on how we can protect your network!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , | Leave a comment

Ransomware Attacks May Be Decreasing BUT Related Costs Are INCREASING!

No Gravatar

Some good and bad news is coming out of the first quarter of 2019 regarding Ransomware Attacks. Dark Reading had some interesting statistics to share about the number of ransomware attacks decreasing. (Mind you, the verdict from the industry is not fully out yet on this but it is Dark Reading’s findings.) That’s the good news. However, the bad news, which we at Wedge agree upon, is how ransomware is becoming much more targeted; focusing increasingly on institutions instead of individuals. Which is leading to the netting of higher ransom payments, causing more downtime losses and requiring longer recovery times.

According to the article, the increasing cost trends are a result of an increase in the use of ransomware types such as Ryuk and Bitpayment, used in customized and targeted attacks on large enterprises. In terms of numbers, Ransomware incident responders, Coveware, suggest that the average number of days a ransomware incident lasts is 7.3 days, at an average cost of related downtime of $64,645 per incident. According to them, the average ransom amount paid by victims in cases handled by Coveware increased by 89%, going from $6,733 in Q4 2018 to $12,762 in Q1 2019.

What is of concern is that instead of using automated attacks, hackers are increasingly executing manual attacks against targeted organizations using compromised credentials; “specifically targeting high-value systems such as e-mail servers, database servers, document management servers, and public-facing servers.” As a result, downtime is increasing, with ransom-related downtime costs becoming substantial, with costs varying significantly by industry and geography. As shown by the Norsk Hydro attack, manufacturing companies are now becoming heavily targeted as they are more likely to pay a ransom to get things moving again.

Although security and law enforcement officials highly suggest against victims paying the ransom to get their data back; believing that by giving in to the ransomware demands will encourage more attacks, many victims ended up paying the ransom. According to Coveware, for the most part, companies that paid the ransom were able to get their data 96% of the time; an increase of 3% over Q4 of 2018 where the average was 93%.

In light of the worsening statistics for victims of Ransomware attacks, we continue to push for organizations to consider “Detect and Block” instead of having to go through the ordeal of “Detect and Respond”. The unfortunate fact is that if an organization becomes a victim, the costs are continuing to increase, with Ransomware continuing to be lucrative to the hackers and other bad actors out there. As a company that provides solutions that can stop Ransomware BEFORE it hits the network, we feel that these attacks could all have been prevented. If you are interested in protecting your organization from Ransomware, feel free to get in touch with our team at info@wedgenetworks.com. We offer a FREE 90 day trial of the Wedge Advanced Malware Blocker, which can Detect and STOP all forms of Ransomware before they can even enter your network. With the increasing costs to victims, what have you got to lose?

Posted in Industry News, Latest Security News, Wedge Channel Partner Forum | Tagged , , , , , | Leave a comment

Warning Investors of Cyber Security Risks to a Business’ Operations, Profitability and Share Performance – The New Norm?

No Gravatar

This article from ZDNet was of particular interest to us as a Network Security Company and really hit home how much potential financial impact Cyber-Attacks can have on any and all private and publicly listed companies. The cloud-based team collaboration platform, SLACK, recently filed documents with the SEC, with the intention of going public on the stock market. What was of particular interest in their filing is that they specifically warned new investors that cyber-attacks pose a serious risk to the performance of its stock. As per the ZDNet article, “It is very rare that a company going public lists cyber-security related issues as a major factor that may influence its stock, yet it somehow makes sense for Slack, a company whose reputation solely relies on its ability to maintain client confidentiality.” The company provided a fairly generic list of cyber-security threats that could potentially pose a risk to its business, including: “traditional computer ‘hackers’, malicious code (such as malware, viruses, worms, and ransomware), employee theft or misuse, password spraying, phishing, credential stuffing, and denial-of-service attacks”, in an effort to cover all of its bases. However, company officials also highlighted that above all of these, “nation-state supported actors” are one of the biggest threats to the company.

The biggest point to take out of Slack’s filing is that the company, due to the wealth of sensitive information on its servers about the multitude of companies that use its platform, the company expects to be at the top of most hacker groups’ target list and fully EXPECTS that it will be hacked. It’s not a matter of “if” but of “when”.

In a quote from its officials in its SEC filing: ”Despite significant efforts to create security barriers to such threats, it is virtually impossible for us to entirely mitigate these risks, especially when they are attributable to the behaviour of independent parties beyond our control”.

What this is doing is sending a clear message to its investors that cyber-attacks are almost certain to occur in the company’s future and that they should be prepared to take the financial hit when it happens.

Clearly, Slack is taking a proactive approach in this filing, and providing an abundance of caution. With other companies out there in similar situations, where they are in possession of sensitive or proprietary information that could potentially cost millions of dollars in damage if this information was hacked and leaked, going the route that Slack has gone with its recent filing may be the way to insulate itself from some of these damages.

As we wrote about in an earlier blog regarding insurance companies’ unwillingness to cover malware breaches, this could become the new norm of dealing with potential financial fallout from an “inevitable” breach; at least protecting itself from potential investor lawsuits claiming that they had not been warned of such risks.

In any event, we’ll have to see how this affects future listing from other companies. It is applaudable that Slack is taking this stance right now; taking more of a “prevention” approach to its future dealings. However, for Slack and other companies in this situation, they should really consider enhancing their networks security with a solution that follows the same “prevention” approach.

Luckily, Slack is well-designed, using a custom protocol of JSON objects sent via a WebSocket channel (which they call their Real-Time Messaging API). For the tech geeks out there, you can find out more about Slack in its documentation. WedgeARP can intercept this traffic and scan for any malicious activity; blocking in real-time when needed. For our existing customers who are using Slack, you can contact us through Wedge Support (support@wedgenetworks.com) to learn more about how you are protected.

In the mean time, the Wedge Advanced Malware Blocker, which Wedge offers FREE on a 90 day trial, takes the “prevention” angle one step further, allowing organizations to “Detect and Block” any malware (including new and never-before-seen varieties) BEFORE it hits the network. If an organization is expecting that it is going to be hacked at some point in its future, they might be able to rest a little bit easier with WedgeAMB enhancing its network security. Please email our team at info@wedgenetworks.com to find out more about how we can detect and block malware in real-time.

Posted in Industry News, Latest Security News, Wedge Channel Partner Forum, Wedge News | Tagged , , , , , , | Leave a comment

“Spending $1 on Prevention Now Can Prevent $100 (Or More) in Remediation Costs Later” – Forbes Magazine

No Gravatar

Forbes recently had another article on a ransomware outbreak that resonated with us here at Wedge Networks. Ransomware has been wreaking havoc on a growing number of municipalities as of late, taking down both essential and non-essential services and causing many municipal departments such as police and fire to go back to paper reporting. This Forbes article mentions the attack on Cleveland’s Hopkin International Airport last week in which several information systems were disrupted by a ransomware outbreak.

I don’t know about you, but I consider airports to be pretty essential in terms of transportation for both passengers and cargo in and out of their region. Thankfully, the malware that affected Hopkins International Airport only impacted some of the clerical systems, hitting email, payroll, digital records and some digital signage around the airport, as opposed to more critical infrastructure such as the air traffic control systems. In this case, travellers remained mainly unaffected as TSA was able to keep security flowing smoothly and both arrivals and departures remained on schedule.

Unlike other municipalities, such as Atlanta, which was hit by the SamSam malware, which demanded a $55K cryptocurrency payment; and which ended up costing almost $17MM to recover from, Cleveland is one of the “lucky” ones and won’t see nearly as high a financial hit. Other municipalities will not be as lucky, however. What we liked about the Forbes article is that it ended on the “prevention” mindset that Wedge Networks is a huge proponent of, suggesting that “Other municipalities need to learn from these events and be proactive – spending $1 on prevention now can prevent $100 (or more) in remediation costs later.

As we have mentioned on previous blogs, prevention could and SHOULD be the cure instead of relying on detection and expensive remediation. It continues to be our civic responsibility to all the municipalities out there to offer our Wedge Advanced Malware Blocker FREE for 90 days. Email our team at info@wedgenetworks.com to see how your organization can prevent these attacks from happening instead of paying the huge remediation bill later on!

Posted in Industry News, Latest Security News | Tagged , , , | Leave a comment

Looks Like Your Insurer Probably Won’t Be Covering Your Latest Malware Breach…

No Gravatar

So, this was a bit of an eye-opener on the financial effects from the latest corporate Malware breaches; Insurance Companies are declining coverage on the latest corporate malware breaches! In a recent article in the New York Times, it was brought to light that Mondelez International, a major global player in the food industry and one of hundreds of companies affected worldwide by the NotPetya attack in 2017, would have to bear the full burden of the more than $100MM financial hit the company experienced. Company executives had expected that their insurer, Zurich Insurance, to reimburse Mondelez for the financial blow it had suffered, only to be declined. Zurich had cited a common “war exclusion” clause that protected it and other insurers from being responsible for costs related to the damage from war. Mondelez was the unfortunate collateral damage in a never-ending cyberwar.

According to the NYT article, the 2017 NotPetya attack “was a watershed moment for the insurance industry”. Insurers, since then, have been utilizing the “war exclusion” clause in order to avoid claims related to digital attacks. Further justification was provided to insurers when the US government assigned responsibility for the NotPetya malware to Russia in 2018.

Naturally, Mondelez was not the only large conglomerate that was adversely affected by this shift coverage responsibility by the insurance industry; pharmaceutical goliath Merck, who had suffered a NotPetya attack causing to the tune of $700MM in damage, had also been denied claims from its insurer. Needless to say, disputes are still playing out in court with these major players suing their insurers for rejecting claims related to the NotPetya attack based on the “war exclusion” clause. It is expected that these cases will take years to resolve. The results of the legal fights will set major precedents regarding who pays when businesses are hit by cyberattacks blamed on foreign governments, especially when many of these insurance policies explicitly cover “cyber events” (i.e. cyber attacks).

Unfortunately, cyberattacks are a unique challenge for insurers since malware moves fast and unpredictably; often leaving a broad and expensive swath of destruction in its wake. Risks can no longer be contained and limited in such an interconnected cyber landscape. According to some industry experts, there are a multitude of insurers who are currently sitting on insurance policies that were never underwritten nor understood to cover cyber risk. Many insurers had no idea of the kind of losses that could be faced from cyber attacks such as NotPetya; but they are quickly realizing the depth of the potential harm. As such, many insurance companies are rethinking their coverage of these types of events.

Reflecting on the above, do you know if YOUR organization is covered in the event of a cyber attack? With the ongoing lawsuits against the insurers, it may be years before the final judgement is in on whether or not the insurance companies are responsible and liable for providing relief against these types of attacks. In the mean time, almost assuredly, the costs of premiums for insuring against these attacks will be going up.

Again, we come back to our all-encompassing “Detect and Block” approach to cyber security. Having to rely on an insurance payout to make your organization “whole” again after a cyber attack is so reflective of the “Detect and Remediate” mindset that continues to be followed by most of the industry and, in our view, is the much much more expensive approach. With Wedge’s Advanced Malware Blocker, an attack by NotPetya would have easily been detected and blocked BEFORE it had a chance to get into the network and cause so much damage. With Wedge’s patented Deep Content Inspection, alongside the orchestrated best-in-breed malware heuristics and artificial intelligence neural engine, even a new, never-before-seen variation of the NotPetya malware (and other major global attack malware such as WannaCry, CoinMiner, Zeus, etc.) would have been detected and blocked in real-time!

Once again, if your organization is at risk and if you’re not sure whether your insurance provides coverage in the event of a malware breach, perhaps it’s time to consider the “Detect and Block” approach to your network security. Then, you won’t have to worry about whether your insurance provides you coverage. Feel free to get in touch with our team at info@wedgenetworks.com. We offer a FREE 90 day trial of the Wedge Advanced Malware Blocker. You have nothing to lose and everything to gain!

Posted in Industry News, Latest Security News | Tagged , , , , , | Leave a comment

Hackers Can Now Give You… Tumours!

No Gravatar

Security in the Healthcare industry has been coming up a lot in the news lately, but not just for the hacking of patient data or the ransoming of hospital infrastructure; that has been the norm in the past. The latest spate of news articles have been dealing more with the potential for hackers to access and take control of machinery and equipment. In the case of an earlier blog, where Norsk Hydro was hit, the company’s production facilities were knocked out of commission, causing damage financially. With the healthcare industry, the stakes are much higher; where lives could be put at risk.

A very good article was posted on The Verge recently, that did a nice job of highlighting the OTHER security risks that the healthcare industry faces from hackers and malware. Much like the Norsk Hydro case, medical organizations such as hospitals and clinics could be at great risk should hackers take down critical equipment such as CT scanners, MRI machines, and other diagnostic or life-assisting equipment. Referring back to the WannaCry cyberattack, that crippled the UK’s National Health Service as well as other large organizations around the world, the effects of that attack, which combined to be one of the largest ransomware attacks in history so far, could be minuscule compared to what COULD happen if hackers focused a concerted attack against the woefully unprepared and typically underfunded healthcare industry cybersecurity efforts.

One alarming case in which hackers could potentially cause life-threatening results has been brought up in a few publications where hackers have been able to tamper with 3D medical imagery, adding or removing evidence of medical conditions from 3D medical scans. The potential harm that can come from this seems like something out of a movie plot where an attacker may tamper with medical scans in order to “stop a political candidate, sabotage research, commit insurance fraud, perform an act of terrorism, or even commit murder”. Seemingly implausible but very scary that it actually is possible! In a landmark publication revised last week (see previous link), researchers from Ben Gurion were able to demonstrate how malware could add fake tumours to medical scan images. The malware was so good that, in laboratory tests, the malware altered 70 images and managed to fool three radiologists into believing that their patients had cancer. Coverage was even covered by BBC.

Getting back to WannaCry, although there isn’t evidence pointing to any patients dying because of the WannaCry attack, the malware did end up crippling thousands of hospital computers and bringing down pieces of diagnostic equipment, causing delays in treatment and life threatening diagnoses as doctors had to revert back to more manual methods of getting lab results. Unlike business organizations where “time is money”, the effects on the healthcare industry would be “time is lives” since decisions made here could have dire real-life consequences for patients.

Then, we consider NotPetya, which was one of the largest cyberattacks of all time. This attack had an estimated damage total of around $10 Billion and crippled computers around the world. This also affected healthcare related companies and could have created acute patient safety issues. The unfortunate situation is that most healthcare organizations don’t have the resources to put in place robust security systems to protect them from any of these types of attacks apart from perhaps putting in place backup systems from which to restore if their network has been compromised.

Medical imaging devices, similar to many other IoT devices, are typically difficult to patch. The only option for remediation against an attack is to re-image the device; leading to often lengthy downtimes for when patients can be serviced. These organizations are operating a wide variety of computers, diagnostic machines and other endpoints that are running a range of operating systems; many of which are archaic systems that (like the case of the medical imaging devices) cannot be patched and are difficult to remediate. This just exacerbates the problem, especially in the case where resources for security are so scarce.

In any event, when attacks on the healthcare industry occur, the effects from equipment downtime and remediation have the potential of costing lives.

So, we get to bring up Wedge’s Absolute Real-time Protection solution again as possible fix to the Healthcare industry’s woes. Wedge has been having some great wins in the healthcare field as of late with some major national healthcare providers choosing our solutions to protect not just their patient information but their equipment and other endpoints as well. The Wedge platform allows for organizations to detect and block malware at the network in real-time, before they have a chance to hit any endpoints. With patented Deep Content Inspection that reassembles all content that comes in, the solution is able to “see” the intent of all content while scanning it for known and never-before-seen malware. The great thing is that the system is OS agnostic so it doesn’t matter what operating system is running on the endpoints; all computers and diagnostic / medical equipment would be protected with malware being blocked before they can enter the network and corrupt any machines. Combined with in-depth analytics and a single-pane-of-glass management console that can provide SecOPs with actionable threat intelligence on their network, healthcare organizations would be able to easily pinpoint and isolate potentially infected endpoints. It all comes down to the idea of “Detect and Block”, which is more of a preventative way of doing things than the current “Detect and Remediate”, which focuses on treating the endpoints AFTER they’ve already been hit by malware.

By enabling SecOps at these healthcare organizations with a platform and tool that allows them to be proactive in preventing malware attacks and by providing them with actionable intelligence that reduces the number of alerts that they have to remediate, organizations can save money that would have been spent on remediating against malware infections. Healthcare organizations can get back to treating its patients instead of having to worry about treating their networks.

Posted in Latest Security News, Wedge News | Leave a comment

Save Patient Zero!

No Gravatar

Owing to the onslaught of ever-evolving malware, firewalls will typically offload an inconclusive scan to a sandbox in order to properly identify whether content is safe or malicious.

This is how it works:

Your firewall will attempt to use Deep Packet Inspection scanning of network traffic against a continually updated malware database.

When the scan is inconclusive, because the traffic might contain new or never-before-seen malware, these are sent to a sandbox (which could be on premise or installed in the cloud) for further examination.

But here is the bad news. Current sandboxes are not real-time solutions and can take anywhere from a few seconds, to more typically, several minutes to several hours, before they can reach any sort of verdict on the safety of the file being analyzed. On top of that, depending on how many files the firewall sends for further inspection, these sandboxes can get overloaded.

In a business-oriented world where time means money, this sort of delay and unreliability would be unacceptable to owners and managers who are depending on safe content to arrive in real-time so that they can make their best business decisions.

The result is a compromise – if the sandbox does not give its verdict within a specific time, content is passed through, and if later on the sandbox concludes that was malicious, IT staff will need to go and remediate and figure out what could have been lost.

That victim endpoint, be it a server, workstation or OC, in Sandbox terminology, is termed as Patient Zero (not to be confused with the 2018 movie but somewhat similar in concept). Unfortunately, in a severe outbreak, this could be several endpoints; and in some cases, spanning up to complete network segments. The industry has been living with this concept for the last 5 years, and we are now being conditioned to accept it…

But what if we cannot afford any losses? What if we cannot have a Patient Zero? Can we be both extremely accurate while operating in real-time so that we do not have to take on such casualties?

This is why I get excited with the disruptive technology that the team here at Wedge has developed – namely, Wedge’s Absolute Real-time Protection! Wedge has combined patented Deep Content Inspection technology, that recreates content for complete visibility to its intent as it passes through the network, and orchestrates multiple security scanning engines and malware databases to be able to detect known malware, all topped with a deep learning AI Neural Network that can detect unknown malware. All of these pieces have allowed Wedge to create the industry-leading malware blocking solution that can detect and block malware in real-time at a detection rate of 99.97%! For the remaining 0.03% that comes up as grayware, we still block these, but they can be forwarded on to Wedge’s own optional Malware Analyzer service that utilizes cloud-based efficiencies to render verdicts faster than your average sandbox!

So, although Sandboxes have had their time in the spotlight as organizations attempt to improve on the reliability of malware detection, they have been proven to be too slow; and when overloaded they can still pass along malware. It’s time for the next generation of real-time detection and blocking solutions to shine. Sandboxes can now be replaced with Wedge’s Absolute Real-time Protection solutions!

Check out Wedge’s latest video that speaks to this new method of real-time network protection.

WedgeARP – Replacing Sandboxes
Posted in Latest Security News, Product and Services Updates, Wedge News | Tagged , , , , | Leave a comment

IoT and Smart Cities – Protecting Them From Growing Security Concerns

No Gravatar

I was fortunate to participate and present at the 2019 Smart Cities Summit and Expo in Taipei, Taiwan last week representing Canada’s leading cybersecurity Industries in a visit facilitated by the Alberta Taiwan Office and the Alberta Economic Development and Trade – Trade and Investment Attraction Division.  There, I talked to the growing security issues that are coming to light and that will need to be dealt with as cities around the world develop themselves into “Smart” cities.  On a very high level view, Smart Cities are just like a very large computer; just with way more attack surfaces.  As city resources and services become more intertwined and interlinked, we are seeing that Operational Technology (OT) Networks (i.e. water treatment plants, power plants, etc.), along with regular IT networks increasingly lacking the “Air Gaps” that had previously been put in place to protect many of these critical networks.

Unsecured links between the IT and OT environments are thus open to various vulnerabilities with the three most worrisome attack vectors that include:  

1.  Process Destruction – where critical systems that are connected to control systems in these plants can be co-opted by hackers and malware; leading to the disruption, of say, electricity distribution processes..

2.  Equipment Sabotage – where business applications, that exchange information with critical devices in order to operate, are hacked, leading to the equipment being destroyed (e.g., security camera hacks to the firmware).

3.  Market Fraud – where malware can get into business systems and fake data, potentially moving markets with erroneous or false information.

With the proliferation of IoT devices connecting to the city networks, gathering and feeding up immense amounts of data, many of these standalone devices are too underpowered to defend themselves.  This is where the discussion of security becomes very critical.  How does a smart city protect and defend itself from the ever-growing entries of attack?  

That’s where Wedge’s Vision comes into play.  At Wedge, we’ve built our company focus on this simple analogy – Water Treatment.  In developed countries, water is processed and cleaned of all impurities at strategically located water treatment plants.  As a result, all taps and endpoints that are connected to this system have access to clean water, free of germs, contaminants and other impurities.  We believe that the Internet could and SHOULD work in the same manner.  Internet traffic could be filtered and cleaned of all spam, viruses and other malware, at the network layer; allowing all endpoints connected to the network to be delivered content that is completely free from exposure to malicious attacks.  

By having all of the “heavy lifting” and content cleaning taking place at the network layer, the underpowered IoT devices no longer have to worry about being attacked or co-opted by hackers and other actors with malicious intent.

Because of Wedge’s focus and vision, we’ve built our products and services around making our Water Treatment Plant analogy a reality for the Internet.  Wedge’s underlying network security platform utilizes our patented Deep Content Inspection, which allows full visibility into the traffic flowing through the network, and orchestrates it with best-in-class security services.  In real-time, we are able to take that content and use massive multi-threading and various inspection engines and heuristics to scan the content for viruses, spam, malware and other malicious content, detecting and blocking before it can reach the endpoints.  Combined with a single-pane-of-glass management console that can manage all connected devices for compliance and security policies as well as in-depth actionable analytics that can detect anomalies in the network and related to these devices, Wedge’s platform is built to be THE platform and tool-of-choice for those providers that are helping to manage Smart Cities.

Utilizing the Wedge network security platform as part of the larger management system in Smart Cities can help to counteract the growing security issues facing these cities.  By protecting the increasing attack surfaces through the centralized cleaning and filtering of the internet services that are linking these IoT devices, Smart Cities should be able to continue to develop; reaping the benefits and efficiencies that come from making the cities “Smart”.

Presenting on Security for IoT and Smart Cities
Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , | Leave a comment

Weaponized Word Documents: Block Them BEFORE They Enter Your Network

No Gravatar

A recent article, this time from GBHackers, brings to light yet another way that hackers are getting quick and easy gains – Banking Malware.  Banking malware, in this case the Emotet variety, is a banking trojan that can steal key personal information used for online banking such as usernames and passwords.  Having first been introduced in 2017, this is one of the costliest banking trojans to date, typically spreading through large spam campaigns.

The spam email starts with an unassuming invoice email that urges the recipient to clear the outstanding amount, with a link that they can click to complete payment.  This link has recently been linking to an XML document with a .doc extension.  With the ubiquitous nature of Microsoft Word, especially with the prevalence of Office 365 use in most organizations, this .doc file will open up in Microsoft Word by default.  Since the document has macros, if enabled, the infection process begins, getting the Emotet malware through the door.  Once the infection has happened, Emotet starts intercepting logs and saves outgoing network traffic via a web browser, leading to sensitive data being collected and used to access the victim’s bank accounts.  Not only that, the Emotet malware is enabled to further download the Qakbot malware, that installs itself on the victim’s machine, copying itself to another directory and disguising itself as a calc.exe program.  Combined, these two pieces of malware are capable of monitoring browsing activities, logging all finance-related information and transactions.

Unfortunately, the above events play out a lot more frequently than most would like to think; despite users becoming more wary of spam emails and with users becoming more savvy against clicking on emails from unknown sources.  In some cases, the same malware could be used in targeted phishing attacks, in which case, the emails may be from sources that the users know or “believe” they know.  In any event, once the file gets through to the endpoint, the possibility of infection increases astronomically.

The question becomes, what is the best solution for protecting against this sort of attack?  Most solutions out there rely on “Detect and Remediate”, which unfortunately allows malware to get into the door and onto the endpoint through their web or email.  Wedge’s solution is different.  We believe in the “Detect and Block” approach; detecting and blocking in real-time so that these attacks don’t have a chance to get through to the endpoint.  With Wedge’s Advanced Malware Blocker, we use our patented Deep Content Inspection, which gives our solution the ability to reconstruct the full content and to “see” the intent of the content, scanning it with signature-based scans, heuristic based scans and an artificial intelligence neural engine; all of this in real-time and before it hits your endpoint.  WedgeAMB would be able to detect and block the malware in real-time before it had a chance to be seen by the end user, thus taking any possibility of infection out of the equation.  With Deep Content Inspection and the various scanning engines, the “intent” of the content can be determined, even if the malware is a new variation or new, never-before-seen malware, it will be scanned and blocked as soon as its mal-intent is revealed.

So, if you are interested in protecting your organization from attacks such as those driven through weaponized word documents, feel free to get in touch with our team at info@wedgenetworks.com.  We offer a FREE 90 day trial of the Wedge Advanced Malware blocker.  What have you got to lose?

Posted in Industry News, Latest Security News | Tagged , , , , , , | Leave a comment