Ransomware Partly to Blame for Company Being Forced Into Financial Restructuring: Could Your Firm be Next?

No Gravatar

Just a brief blog today about the dire results of a ransomware attack that hit foreign exchange company Travelex.  Stemming a ransomware attack that hit the company in December 2019, in conjunction with the current COVID-19 pandemic, the company has been forced into a GBP84MM financial restructuring in a bid to save the business.  “Despite operating over 1000 ATMs and 1000+ stores globally, and providing services for banks, supermarkets and travel agencies in over 60 countries, the firm was forced to cut over 1300 jobs as part of the restructuring.”

In this case, the Sodinokibi (REvil) variant of ransomware is believed to have been used in the attack, which forced its website online and impacted its brick-and-mortar stores and banking services.  Unfortunately, it took the company over 2 weeks for Travelex to get its customer-facing systems back online in the UK, causing an untold amount of monetary and brand damage.  The cause, although unconfirmed, suggests that the company had a critical unpatched vulnerability in its VPNs that may have allowed attackers to remotely launch malicious code.  Reports also state that the REvil hacker gang responsible for the attack demanded a ransom of GBP4.6MM for the decryption key and to delete stolen customer data.

This case again brings to light the dire consequences that some firms may face if they are hit by a ransomware attack.  Although Travelex has taken the steps to overcome the effects of the attack, as they work through a financial restructuring in order to safeguard jobs and to keep the business as an ongoing concern, many other companies are not as lucky.  Without adequate emergency and contingency plans in place, some companies have been forced out of business altogether.

So, the question is, “Could your firm be next?”.  How well prepared is your organization if it were to be hit by any sort of ransomware?  Do you have protection in place to detect and block something that could spell the doom of your company?  If you have any sort of concern that your organization could go under in such an attack, we suggest that you consider putting in place real-time threat protection that can detect and block all such attacks, BEFORE they can enter your network to do any harm.  Wedge’s Absolute Real-time Protection (WedgeARP) orchestrated threat management platform is a proactive way of dealing with all malware (including APTs, zero days, known and unknown).  Utilizing patented Deep Content Inspection techniques, along with orchestrated threat management with multiple layers of protection, WedgeARP can provide the safety blanket that organizations need in this age of increasing ransomware attacks.  WedgeARP is the first and only platform that applies deep learning / machine learning-based threat detection to network content.  The best way to not have to pay a ransom is to take the preventative approach of stopping ransomware before it can even get into your network.  Contact our team at: info@wedgenetworks.com to find out more about how you can protect your organization.

Posted in Industry News, Latest Security News | Tagged , , , , , , | Leave a comment

Garmin Ransomware Attack: How Malware Had a Massive Effect on Global Positioning Services

No Gravatar

An interesting ransomware case affected one of our co-workers recently as he went hiking in the Rocky Mountains.  This being that his Garmin GPS was out of commission as he was trying to navigate himself through the wilderness.  The good thing is that he was not in a life and death situation and lost somewhere in the forrest. The bad thing is that he was left with no mapping capabilities and did find himself trekking somewhat blindly during several sections of his hike.
 
Unfortunately, our co-worker was one of millions of customers globally in this situation as GPS titan Garmin’s website, customer support, apps and communications were all taken out by a massive ransomware  attack in late July 2020.  This ransomware, which was finally admitted by the company after days of nebulous statements, locked users out of their GPS services and disrupted a wide variety of Garmin GPS-based systems, along with causing Garmin an untold amount of reputational damage.  This is due to what many perceive to be mismanagement of the initial crisis response by the company.

According to an SEC report that the company filed in December of 2019, Garmin officials provided some insight into just how damaging a cyberattack would be to the company as it has transitioned from a simple GPS navigation company to a health and fitness tracking organization.  It collects, stores, processes and uses a wide variety of personal user information such as names, addresses, phone numbers, email addresses, payment accounts, height, weight, age, gender, heart rates, sleeping patterns, GPS locations and other activities.  Any of this information, if it were to be leaked, could cause a ton of headaches for the company as users lose confidence in Garmin’s ability to safeguard their confidential data.

In this case, security experts have confirmed that the WastedLocker ransomware was to blame for the attack.  This ransomware is a new variety that is operated by a hacker group known as Evil Corp.  The only positive news about the usage of this particular piece of ransomware is that it does not yet appear to have the capability to steal or exfiltrate the data before it encrypts the victim’s files (unlike even newer ransomware strains). This seems to be the case as Garmin put out a statement saying that it had “no indication that this outage has affected your data, including activity, payment or other personal information”.  In some cases, companies that have backups can sometimes get away without paying the demanded ransom.  However, those who do not have adequate backups have often faced ransom demands as high as $10MM.  With this uptick in ransom demands, it will not be surprising if other big companies are targeted in the near future as well.  Unlike smaller organizations who do not have the resources to pay high ransoms, bigger companies are often well-insured and can pay a lot more.

As Garmin’s services start coming back online, there is speculation that the company ended up having to give in to ransom demands in order to get their services back as quickly as they have been able to.  The interesting thing is that the U.S. Treasury department imposed sanctions on Evil Corp for their involvement in a decades-long hacking campaign against a variety of large global corporations and other U.S. interest.  As a result, it is nearly impossible for U.S.-based companies to pay ransoms to this hacker organization as they are generally prohibited from transacting with sanctioned groups.  This sets up a legal minefield for any company that considers paying a ransom to Evil Corp as a result of the WastedLocker ransomware.  In this respect, guess are that Garmin somehow did pay a ransom and may face some Treasury department sanctions in the near future.

Getting back to the underlying point of this story is that ransomware is certainly becoming a huge thorn in the side of corporations around the world.  It is causing companies grief in terms of lost revenues from service disruptions, losses to reputation, potential data breaches, as well as losses from having to pay ransoms.  The thing is that ransomware attacks such as these could be easily prevented through the use of Detect and Block solution such as the Wedge Absolute Real-time Protection (WedgeARP) platform.  Through a combination of patented Deep Content Inspection, orchestrated threat management and deep learning / machine learning, WedgeARP is able to stop all malware (including known, never-before-seen, APTs and zero-days) in real-time, BEFORE they can enter the network.  If companies such as Garmin were to embrace the proactive Detect and Block approach to network security with a solution such as provided by Wedge, this attack could have been stopped before any damage could occur.  To find out more about WedgeARP and the Detect and Block approach, contact our team at: info@wedgenetworks.com.  

Posted in Industry News, Latest Security News | Tagged , , , , , , | Leave a comment

Strange Measure of Success: Repelling a Ransomware Attack But STILL Having to Pay a Ransom

No Gravatar

A very interesting article came across the wire recently that had us wondering how the measure of success has seemingly changed recently; especially as it pertains to preventing malware and, in particular, ransomware.  ZDNet posted an article outlining how Blackbaud, one of the world’s largest providers of financial and fundraising technology for non-profits, had been hacked.  In this case, Blackbaud’s security team was able to detect and “successfully” prevent the blocking of system access for users as well as prevent the encryption of their files.  However, as is the case now with ransomware groups, they tend to pursue two avenues for extracting ransom; either for decrypting files, or in the case where the victim refuse to pay and intend on rebuilding their systems from scratch, the hackers will demand a ransom for NOT publishing the data that they have accessed and exfiltrated.  Unfortunately, the attack on Blackbaud was a prime example of “today’s double-extortion ransomware attacks”.  Blackbaud, concerned that a subset of their data had been stolen by the hackers, and not wanting this data to be published, still ended up paying an undisclosed amount in order to ensure that the hackers confirmed that the data they copied had been removed or destroyed.  So, although there was a measure of success by the company’s security team to prevent encryption and lock-up of their systems, this “success” is questionable since they still had to pay out a ransom.

And so, this is the reality for organizations when it comes to their network security; a single attack can provide several avenues for hackers to extort their ransom.  In some cases, these nefarious groups will actually double-dip; requesting one fee for decrypting files and ANOTHER fee for deleting the files that they were able to steal during the attack.  Either way, we feel that having to pay any sort of ransom does not count as successfully thwarting a ransomware attack.  In any case where a hacker has been able to successfully gain access to a network, it is a failure of the Detect and Remediate methodology that so many companies still utilize.  We feel that the only real “success” would be the case where an attack has been Detected and Blocked, BEFORE any network incursion has taken place.  
At Wedge, we are firm believers that the Detect and Block approach is the only true way that networks can be protected.  There are just too many consequences that organizations face once their network has been breached.  The Real-time malware prevention approach is the basis behind Wedge’s Absolute Real-time Protection (WedgeARP) orchestrated threat management platform.  Using a proactive, rather than reactive, way of dealing with all malware (including APT, zero days, known and never-before-seen), WedgeARP utilizes patented Deep Content Inspection techniques, along with orchestrated threat management with multiple layers of protection, to provide its real-time threat protection.  WedgeARP is the first and only platform that applies deep learning / machine learning based threat detection to network content.
 
If you feel that the only true measure of success in dealing with malware and ransomware attacks is by having your network fully protected and by NOT having to pay ransom, you may want to look at the Detect and Block approach that Wedge Networks espouses.  Find our more by contacting our team at: info@wedgenetworks.com.  Having a real-time orchestrated threat management system that can successfully detect and BLOCK attacks before they happen can save your organization time and money by not having to deal with the clean-up efforts that a Detect and Remediate approach requires.

Posted in Industry News, Latest Security News | Tagged , , , , , , , | Leave a comment

Even AFTER a Ransomware Attack, Hackers Continue to Lurk on the Networks: Another Big Reason to Detect and Block This Activity BEFORE It Happens!

No Gravatar

Ransomware continues to be a thorn in everybody’s side, with hackers continuing their unrelenting attacks despite the world being in the midst of a pandemic.  An interesting article from bleeping computer brought to light some interesting information that many organizations are not aware of even after they feel they’ve dealt properly with a ransomware attack.  The popular thought is that after a ransomware attack occurs, the attackers leave so that they won’t get caught.  “Unfortunately, the reality is much different as threat actors are not so quick to give up a resource that they worked so hard to control.”

What actually happens is that a ransomware attack often occurs over an extended period of time, starting with the hacker breaching and accessing a network.  Often, once a network is accessed, other tools are then implemented to gather login credentials and other valuable information.  These credentials are then used to exfiltrate unencrypted files prior to deploying ransomware software.  Once the ransomware is out in the open, even though victims may feel that the hackers have now left their system, the reality is that the hackers are possibly still stealing files AFTER the attack.  The new mode of operation is that, instead of the hackers demanding ransom and running for the hills, they will demand the ransom and then continue lurking around on the network to ensure that they get a more positive outcome to their demands.

In the example provided by bleeping computer, a recent Maze ransomware attack on a San Antonio Aerospace company showed that the hackers were still operating within the company’s network after the fact when they leaked a document from the company’s IT department reporting on the ransomware attack that had just been perpetrated!  Often, hackers are reading their victim’s emails on how they are dealing with the ransomware attack; even as ransomware negotiations are taking place.

The advice that is provided by the experts is that after detecting a ransomware attack, the company should first shut down their network and all computer systems running on it in order to prevent further encryption of data as well as to deny attackers access to systems.  Once this is done, the company should look to a 3rd party cyber security company to perform a full investigation; with the expectation that this audit will provide information on corporate devices that may have persistent infections, other vulnerabilities, as well as detect any malicious software left behind by the hackers.  The victim should be take on the assumption that their network was completely compromised and that even backup servers may have been infected.  They should also look to a different method of communication, not tied to their network, just in case the hackers are still accessing the victim’s regular communication channels.  Victims should also be mindful that even though they may need to completely wipe and rebuild there machines and servers, the hackers may have stolen their credentials so they should ensure that all of the previous credentials are changed in order to mitigate additional access by the hackers.

Unfortunately, the above is still all a result of the prevalent “Detect, Quarantine and Remediate” approach to network security.  Wedge customers would not have to deal with the above case since they subscribe to the “Detect and Block” approach; stopping malware and ransomware in its tracks BEFORE they can enter the network.  As well, Wedge’s solution goes one step further and is able to further guard your gateway by scanning for both incoming AND outgoing threats; thus would be able to detect malicious outbound communications from hackers should the threat already be present within the network.  The big thing about the Detect, Quarantine, Remediate way of doing things is that it tries to solve the problem of malware after the fact.  Once a network has been infected, in order to ensure that malware has been eradicated, the long process of a wipe and rebuild has to occur.  Wedge’s solution is proactive in detecting and blocking attacks but also provides protection by scanning outbound content for malware should the threat be coming from within the network.

There is such a stark difference between a remediation approach and a prevention approach.  Wedge Absolute Real-time Protection (WedgeARP) utilizes a proactive, rather than reactive way of dealing with malware; providing real-time threat protection through the use of patented Deep Content Inspection, along with orchestrated threat management with multiple layers of protection.  WedgeARP is the first and only platform that can apply deep learning / machine learning based threat detection to the network content.  It can detect and block in real-time sophisticated and growing numbers of new, previously unknown and customized or targeted malware variants.  If you feel that a Detect and Block approach may be what your organization is looking to move to instead of continually dealing with remediation activities, contact our team at: info@wedgenetworks.com.  Once you’ve experienced the difference in approaches, you’ll wonder why organizations are still stuck on the Detect and Remediate approach.

Posted in Industry News, Latest Security News | Tagged , , , , | Leave a comment

Wedge Networks to Provide Advanced Real-time Security Leadership in CELTIC-NEXT Project on 5G-enabled Road Safety

No Gravatar

Wedge Networks, Inc., a Leader in Real-time Threat Prevention, Has Been Selected by the Consortium of CELTIC-NEXT Project 5G-SAFE-PLUS to Lead Cyber Security Efforts for CAV and Smart Transportation Safety Services and Chair the Canadian Cluster

CALGARY, Canada – June 30th, 2020 –   Wedge Networks, a global leader in Orchestrated Real-time Threat Prevention, today announced that it has joined the Consortium of CELTIC-NEXT project 5G-SAFE-PLUS to lead Cyber Security Efforts.  Real-time threat prevention is critical for Connected and Autonomous Vehicles (CAVs), smart infrastructure, smart cities, and the digital transformation of our economy.  Supported by the Government of Canada and EUREKA Cluster CELTIC-NEXT, a successful Pan-European RDI initiative in the ICT domain, the Wedge Absolute Real-time Protection™ (WedgeARP™) platform will provide the foundation for innovations in real-time threat prevention to secure 5G-Enabled road safety services, spanning from CAV to transportation services infrastructures.

CELTIC-NEXT project 5G-SAFE-PLUS focuses on smart transportation network safety measures.  It aims to prevent traffic accidents and avoid casualties by delivering 5G-enabled time-critical road safety services to vehicles; following the EU vision of reaching close to zero traffic casualties by 2050.  The project will support interoperability with CAVs, wide-scale implementation and usage of advanced road weather, road maintenance and road safety services with enhanced 5G networking capabilities and service enablers.  With 5G, smart transportation systems will be able to act in real-time.  However, this connectivity also increases the security attack surface, making cyber-attacks and malware intrusion a life-and-death issue.  Advanced real-time threat prevention will be a key deliverable in this project.  The overall solution and services will be piloted in test sites hosted by the partner countries.

“The 5G-SAFE-PLUS project contributes to the vision of EUREKA Cluster CELTIC-NEXT by making transport and mobility smarter, more secure, safer and greener,” says Christiane Reinsch, CELTIC-NEXT Programme Coordinator. “We welcome that Wedge Networks contributes to the cyber security and safety aspects of 5G-SAFE-PLUS.”

“We are inspired by the vision of the 5G-SAFE-PLUS consortium,” remarked Dr. Hongwen Zhang, Wedge Networks, CEO & CTO. “Wedge Networks’ mission is to provide real-time threat prevention for the cloud connected world. The Connected and Autonomous Vehicle and smart transportation industry is one of the largest industries that requires real-time security and safety. We are honored to lead the cyber security group and the Canadian cluster in this very important CELTIC-NEXT project consortium. We look forward to working with other members across Europe to realize the vision of zero traffic casualties by 2050.”

“The main objective of 5G-SAFE-PLUS is to show a way towards the deployment of commercially viable and accessible co-operative systems and 5G-enabled services that can be implemented in various environments and conditions,” states Pekka Eloranta, Senior Consultant at Sitowise Oy and Project Coordinator of 5G-SAFE-PLUS. “Wedge Networks’ vision and core competence in real-time threat prevention will greatly benefit this project.  Its role as the chair of the Canadian Cluster will also bring in innovations in advanced communications, auto manufacturing, smart transportation and smart cities, from Canada.“

About CELTIC-NEXT project 5G-SAFE-PLUS

The 5G-SAFE-PLUS project for “5G Enabled Road Safety Services” aims to prevent traffic accidents and avoid casualties by delivering 5G-enabled time-critical road safety services to vehicles. Here, accurate weather and road maintenance information plays a key role together with direct incident/accident event information. The project will support wide-scale implementation and usage of advanced road weather, road maintenance and road safety services with enhanced 5G networking capabilities and service enablers.

For more information about 5G-SAFE-PLUS, visit: www.celticnext.eu/project-5g-safe-plus/

About CELTIC-NEXT

CELTIC-NEXT is the EUREKA Cluster for next-generation communications enabling the digital society. CELTIC-NEXT stimulates and orchestrates international collaborative projects in the Information and Communications Technology (ICT) domain. The CELTIC-NEXT programme includes a wide scope of ICT topics based on new high-performance communications networks supporting data-rich applications and advanced services, both in the ICT sector and across all vertical sectors. CELTIC-NEXT is labelled for 8 years from January 2019 until December 2026.

CELTIC-NEXT is an industry-driven initiative, involving all the major ICT industry players as well as many SMEs, service providers, and research institutions. The CELTIC-NEXT activities are open to all organisations that share the CELTIC-NEXT vision of an inclusive digital society and are willing to collaborate to their own benefit, aligned with their national priorities, to advance the development and uptake of advanced ICT solutions.

For more information about CELTIC-NEXT, visit: www.celticnext.eu

About EUREKA

EUREKA is an intergovernmental network launched in 1985, to support market-oriented R&D and innovation projects by industry, research centres and universities across all technological sectors. It is composed of 41 member states, including the European Union represented by the Commission and three associated states – Canada, South Africa and South Korea. With its flexible and decentralised network, EUREKA offers project partners rapid access to skills and expertise across Europe and national public and private funding schemes.

For more information about EUREKA, visit: www.eurekanetwork.org

About Wedge Networks

Wedge Networks Inc. is a Real-Time Threat Prevention solutions company.  Its innovative technology platform, Wedge Absolute Real-time Protection (WedgeARP™), is a software defined orchestrated network security system. Deployed in data centers by enterprises, governments,  and managed security service providers, WedgeARP™ inspects, detects, and blocks in real-time, malware and cyber threats (known, unknown and customized). Wedge does this through its patented Deep Content Inspection (DCI) technologies, combined with artificial intelligence and best-of-breed security functions.

Awarded a Gartner Cool Vendor designation, and twice bestowed with Build-In-Canada Innovation awards, Wedge Networks is headquartered in Calgary, Canada with international teams in the North America, Asia Pacific, and the Middle East and North Africa regions. 

For more information on Wedge Networks, visit http://www.wedgenetworks.com

Media Contact:

Wedge Networks:

Please forward any media or PR inquiries to: PR@wedgenetworks.com

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , | Leave a comment

Spectrami Enters Into a Distribution Partnership With Wedge Networks

No Gravatar

Leading Cyber Security Value-Added Distributor Spectrami Introduces Wedge Networks Absolute Real-time Protection Platform – WedgeARP™ to the Middle East and Africa Region

22 June, 2020 – Dubai, UAE: Spectrami, the region’s primary cyber security value-added distributor has announced today that it has been appointed as an authorised distribution partner for Wedge Networks for the Middle East and Africa. Through this partnership, Spectrami will be able to deliver the Wedge Absolute Real-time Protection™ (WedgeARP™) platform to its regional customers that are looking for real-time protection from the growing cybersecurity threats in the region.

WedgeARP™ provides network-based, real-time threat protection for all types of endpoints in a wide range of networks (mobile data, 5G, SD-WAN, SASE, and smart-city/IIoT). With an embedded deep learning AI engine and patented real-time deep content inspection technology, WedgeARP™ can detect never-before-seen malware in milliseconds. Running on an orchestrated threat management platform, it is an effective approach to enable large-scale real-time threat prevention.

Through this agreement, Spectrami expands its portfolio of cyber security solutions and the addition of Wedge Networks creates an excellent opportunity for Spectrami’s vast network of channel partners, resellers, MSPs, and VARs to provide real-time threat protection without compromising the performance of enterprises in the region.

Anand Choudha, CEO at Spectrami said “We are excited to welcome Wedge Networks and they are a valuable addition to our vendor portfolio as it helps us cement our ability to offer world-class cyber security solutions to the enterprises in the region.”

“We are all geared up to introduce the WedgeARP™ platform to our channel partners and with our in-house dedicated team of specialists, we will execute both sales and technical support to our channel partners that will enable them to offer this real-time threat protection platform to their customers spread across various industry verticals,” said Choudha.

Spectrami is one of the fastest-growing cyber security value-added distributors in the Middle East region with a focus on providing advanced security products and solutions across the Middle East. The distributor has a strong network of channel partners spread all across the region and it works closely with partners their customers to offer them innovative and most advanced cyber security solutions.

“The MENA region is an important market for Wedge Networks in our mission to secure the cloud-connected world,” stated Dr. Hongwen Zhang, Wedge Networks, CEO & CTO. “Spectrami is a strong partner for us to serve this market. We are impressed with its forward thinking of the Cloud Distribution Strategy. Working closely, this partnership will bring the much needed real-time threat prevention ability to secure governments, enterprises, and critical infrastructures. We welcome Spectrami to the Wedge Networks partnership family.”

Spectrami is authorised to distribute, market, and promote the Wedge Networks solutions across the Middle East and Africa region.

About Spectrami 

Spectrami is a pan-EMEA value-added distributor with local presence across Middle East, North Africa and parts of Europe. With headquarters in the UAE, the company boasts an extensive network of worldwide channel partners. Specializing in end-to-end solutions across information security, infrastructure management and intelligent automation, the global distributor assists enterprises to meet regulatory standards on their infrastructure, protect confidential data assets and applications.

With proficiency across sales, marketing, logistics and management, Spectrami ’s unique strengths include excellent resources, effective on-ground support and a highly qualified team to identify optimal sales channels and marketing strategies for a product line. Through thriving partnerships with its 100 plus resellers and systems integrators across more than 40 countries in the EMEA market, the value-added distributor ensures a cohesive business model to cater to evolving customer demands across the globe. For more information, visit www.spectrami.com

About Wedge Networks

Wedge Networks Inc. is a Real-Time Threat Prevention solutions company. Its innovative technology platform, Wedge Absolute Real-time Protection (WedgeARP™), is a software defined orchestrated network security system. Deployed in data centers by enterprises, governments, and managed security service providers, WedgeARP™ inspects, detects, and blocks in real-time, malware and cyber threats (known, unknown and customized). Wedge does this through its patented Deep Content Inspection (DCI) technologies, combined with artificial intelligence and best-of-breed security functions.

Awarded a Gartner Cool Vendor designation, and twice bestowed with Build-In-Canada Innovation awards, Wedge Networks is headquartered in Calgary, Canada with international teams in the North America, Asia Pacific, and the Middle East and North Africa regions.

For more information on Wedge Networks, visit http://www.wedgenetworks.com/

Please forward any media or PR inquiries to: PR@wedgenetworks.com

Media Contact
Dharmendra Parmar
Spectrami
Dubai, UAE
Email: parmar@spectrami.com

Posted in Industry News, Latest Security News, Wedge Channel Partner Forum, Wedge News | Tagged , , , , | Leave a comment

Protecting Your WFH Environment: Keeping Yourself Safe

No Gravatar

Vox recently presented a good primer on what to do to secure your work from home (WFH) environment during this pandemic.  As many have experienced, during their hastily required move from the very secure corporate networks to the underwhelmingly secured home network, their personal and home equipment is often woefully inadequate to properly secure the confidential files that they must work from at home.  While many companies will provide the necessary tools such as corporate laptops with VPN access to their corporate networks, many more companies were caught unprepared and are relying on their employees working on their own personal equipment to get their jobs done.  Combine this situation with hacking activity that has more than doubled, and there is a recipe for disaster just waiting to happen.

So, how do these WFH employees protect themselves in their current home office environment?  Distilling the suggestions in the Vox article and adding some of our own, the following are some good points and advice for how to protect yourself and your confidential information while working from a less than secure environment:

1.  Make sure you have strong passwords and use different passwords for each account.  Use two-factor authentication wherever it is offered.  Make sure you are NOT using any default passwords that any of your equipment came with.

2.  Keep current on software updates as these often provide security patches for any new vulnerabilities.  Set up automatic updates where possible.

3.  Be wary of Freeware, especially when it comes to handling sensitive and confidential information.  As we’ve seen with some free teleconference services, they often come with little or no security.

4.  Separate your work and personal life as much as possible.  If provided with a work device, don’t use that for personal activities as it might open up the work devices to security threats depending on the sites you may visit on personal time.

5.  Consider buying security software such as an antivirus program or utilize some secure browser extensions such as adblockers, etc..  While your office network may have afforded you a wide variety of expensive security services such as web and URL Filters, Firewalls, Anti-malware, sandboxes, network traffic analyzers, NGFW, etc., on home networks, it is rare to even see a basic firewall in place.

6.  Be more aware of the potential for phishing attacks and always be wary of whom you are receiving emails and text messages from as this is the prime vector of attack for tricking people into clicking on links that lead to malicious sites or malware.  During the pandemic, phishing attacks have grown exponentially.  This is especially relevant for mobile devices where malicious texts and emails are very readily clicked on.

7.  Also be aware of other IoT devices such as baby monitors, security cameras, personal assistant devices (i.e. Google Home, Amazon Alexa, etc.) that may be listening in and may accidentally pick up confidential information.  Consider turning off microphones and covering cameras while you are doing work.

8.  Utilize a VPN, if possible, to connect to work servers.  This can provide a private connection over public and unsecured networks.  HOWEVER, be aware that VPN usage has surged during this pandemic, leading to a marked increase in attacks on VPNs.  VPNs, although they provide a level of security, are not foolproof.  Make sure that you use a reputable VPN provider.  As an addendum to this point, you can further protect yourself while utilizing a VPN through the addition of the Wedge Absolute Real-time Protection (WedgeARP) Secure Home Office solution.  WedgeARP SHO provides an additional layer of real-time threat protection to your network and web usage that can detect and BLOCK known and unknown (never-before-seen) malware in real-time before it can breach your devices.

While the above is not an exhaustive list, it is a good start to securing your home office environment.  By doing a combination of the suggestions, you can layer your level of security and increase the overall effectiveness of your security.  Security experts always recommend stacking or layering security so that there are redundancies within the system.  Having several safeguards in place makes it more difficult for hackers and undesirable malware from breaching your home office environment.

To find out more about how WedgeARP Secure Home Office can provide you real-time protection against malware and other threats, contact our team at: info@wedgenetworks.com.  The real-time detection and blocking of malware (i.e. the Detect and Block approach) provides the underpinnings of a good WFH security system by keeping all malware out of the network BEFORE it can do any harm.

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , | Leave a comment

Wedge Networks Announces Strategic Distribution Agreement with Ingram Micro Cloud

No Gravatar

Wedge’s Absolute Real-time Protection (WedgeARP™) Available on Ingram Micro Cloud Market Place to Secure the Cloud Connected World

CALGARY & TORONTO, Canada – May 25th, 2020 – Wedge Networks, a global leader in Orchestrated Real-time Threat Prevention, today announced a strategic agreement with Ingram Micro Cloud to offer Wedge Absolute Real-time Protection™ (WedgeARP™) on Ingram Micro Cloud Marketplace that enables effective, real-time threat prevention solutions for any Cloud-connected computing devices from the Microsoft Azure Cloud.

WedgeARP™ provides network-based, real-time threat protection for all types of endpoints in different types of networks (mobile data, 5G, SD-WAN, SASE, and smart-city/IIoT). WedgeARP™ has the deepest visibility of network data in the industry, possessing an unmatched ability to defend against malicious attacks that are undetectable with shallow inspection techniques. With an embedded deep learning AI engine, WedgeARP™ can detect never-before-seen malware in milliseconds. Running on an orchestrated threat management platform, it is a novel approach that provides real-time large-scale security implementations with effective threat management services.

“Ingram Micro Cloud is an important go-to-market partner for Wedge Networks in our pursuit to implement real-time threat prevention for the cloud connected world,” remarked Dr. Hongwen Zhang, Wedge Networks, CEO & CTO. “With a world quickly moving towards working from home, the old methods of ‘Detect and Remediate’ are failing to meet security challenges. ‘Real-time threat prevention’ is becoming the rallying cry for the cyber security industry that has been long struggling to keep up with the expanding security gap. WedgeARP™ is a purposely built solution to address this need. We are impressed with the edge networking and virtual WAN architectures of the Microsoft Azure. This agreement will allow WedgeARP™ to be accessible from Azure Cloud to partners and customers worldwide.”

Wedge will offer three packaged solutions in the Ingram Micro Cloud Marketplace to allow governments and businesses to achieve secure computing and compliance for work-from-home workers and branch offices. Based on the WedgeARP™ platform, these solutions are: WedgeARP™ Secure Home Office; WedgeARP™ Secure Remote Office, and WedgeARP™ Secure Azure Virtual WAN. With Wedge’s patented Deep Content Inspection algorithms for real-time threat prevention, and the integrated deep learning artificial neural networks for new malware detection, these solutions allow customers to enforce real-time threat prevention from the ever-expanding edge of their IT infrastructure to their software defined cloud networks in Microsoft Azure. These solutions provide a set of comprehensive tools for Wedge’s MSSP and reseller partners in the Secure Access Service Edge (SASE) market, and further demonstrate Wedge’s commitment to its mission of Securing the Cloud Connected World.

The WedgeARP™ Secure Home Office is available for early access on Ingram Micro Cloud Marketplace for selected reseller partners and their customers on June 2nd, 2020, with GA in July 2020. Both WedgeARP™ Secure Remote Office, and WedgeARP™ Secure Azure Virtual WAN will be available for early access in July 2020.

“Wedge Networks is a front runner in our Comet Competition for Canadian ISVs. Their Absolute Real-time Protection™ platform and their disruptive real-time advanced threat prevention approach to cyber security is very impressive,” said Tim Fitzgerald, Vice President, Cloud Channel Sales North America at Ingram Micro Cloud. “With more than 200,000 customers in over 160 countries around the world, Ingram Micro Cloud is excited that the WedgeARP™-based solutions will offer an easy-to-implement cyber security platform.”

“The SASE market is emerging as a key segment in network security. The ability to rapidly roll out security services and deliver them as and when needed while maintaining performance is key challenge for this nascent market segment. Solutions like Wedge Networks’ that can combine deep content inspection with advanced machine learning for real-time threat prevention represents how many security services will be delivered from the cloud core to the network edge,” states Roy Chua, Founder and Principal at AvidThink and co-founder of SDxCentral. “This partnership with Ingram Micro represents the combination of market-leading product distribution, service SLA, and effective real-time threat prevention. It will benefit customers of SASE solutions.”

About Ingram Micro Cloud 
Ingram Micro Cloud brings together innovators and problems solvers to help the world accomplish more. It facilitates and manages the cloud’s complex digital value chain—all powered by CloudBlue technology. Ingram Micro Cloud operates in 64 countries with over 55,000 reseller partners, and its Cloud Marketplace serves 6.5 million seats, offering more than 120 cloud solutions. With unmatched global reach, easy access to automated go-to-market and integration tools, deep technical expertise, and a curated selection of scalable SaaS and IaaS solutions, Ingram Micro Cloud helps vendors, resellers and managed service providers by offering More as a Service. Detailed information is available at www.IngramMicroCloud.com.

About Wedge Networks
Wedge Networks Inc. is a Real-Time Threat Prevention solutions company. Its innovative technology platform, Wedge Absolute Real-time Protection (WedgeARP™), is a software defined orchestrated network security system. Deployed in data centers by enterprises, governments, and managed security service providers, WedgeARP™ inspects, detects, and blocks in real-time, malware and cyber threats (known, unknown and customized). Wedge does this through its patented Deep Content Inspection (DCI) technologies, combined with artificial intelligence and best-of-breed security functions.

Awarded a Gartner Cool Vendor designation, and twice bestowed with Build-In-Canada Innovation awards, Wedge Networks is headquartered in Calgary, Canada with international teams in the North America, Asia Pacific, and the Middle East and North Africa regions.

For more information on Wedge Networks, visit http://www.wedgenetworks.com/

Media Contacts:

Wedge Networks: 
Please forward any media or PR inquiries to: PR@wedgenetworks.com

Ingram Micro Cloud and CloudBlue:
David Yang
714-382-3357
david.yang@ingrammicro.com

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , , | Leave a comment

Why We Agree That the Largest Cyberattack in History Will Happen Within Six Months and How You Can Be the Action Hero That Stops It In the Last Critical Seconds…

No Gravatar

This Forbes article sparked my interest as it crossed my desk today.  For one, not many people are willing to stick out their neck to make such bold predictions as Mr. McBride did in his article.  At the same time, the logic behind his prediction and his reasoning appear quite sound.  The analogy of trying to break into two different types of buildings was also quite apt for describing how the best way to defend against an attack and hackers is by reducing the “attack surface”.

As we’ve written previously, COVID-19 has caused many organizations’ “attack surfaces” to be greatly increased as they grapple with the issue of enabling their employees to work from home (WFH).  Although these organizations probably spent a boatload of money fortifying their corporate networks in the workplace with EDR / MDR / Sandbox / NGFW, etc., with COVID-19 forcing workers to work from home, these corporate fortifications are no longer protecting them.
 
From what we’ve seen we wholeheartedly agree that WFH is going to continue, even after the pandemic eases up.  This is clearly evidenced by recent news where tech giants Facebook and Google asked their employees to continue WFH for the rest of the year.  Canadian Universities are also preparing for and advising their students that for the 2020/2021 year, classes will be online with only labs being carried out in person.  This is echoed in the corporate world with Gartner analysts forecasting, from over 74% of CFOs polled, that there is a plan to shift at least 5% of previously on-site employees to permanently remote positions post-COVID-19.
 
Unfortunately, organizations have been struggling to cobble systems together in order to enable WFH resources; usually starting by activating VPN features on their firewalls.  Workers who were previously on secure corporate computers and laptops in their offices, now find themselves trying to make-do with their home computing devices accessing their corporate networks through unsecured home internet connections. Again, based on today’s cybersecurity practises, the key for security has always been to keep the threat landscape as small as possible.  There was already and explosion of IOT and IIOT endpoints happening (to the tune of over 75 Bn devices being connected over the past couple of years and more being connected daily). Adding the effects of the current WFH trend is overwhelming security teams and is quickly exposing the fact that the Detect, Quarantine and Remediate mode of operations does not work.

As we’ve mentioned before, companies that are relying solely on an overwhelmed VPN infrastructure is a recipe for disaster.  Home traffic from devices that the companies do not control is leaving them wide open for a breach.  Even if they are utilizing legacy VPNs to access work networks, without security that can detect and block malware and hackers, their non-VPN traffic is left wide open to security breaches.  Those companies who are trying to avoid overloading their VPNs by electing to use split-tunnelling to offload users’ internet browsing traffic are also leaving themselves wide open for hackers to get into their corporate networks.  Instead of hacking the corporate network directly, hackers are compromising in a roundabout method by gaining access to WFH devices first, with the ultimate goal of accessing corporate networks through these unprotected devices.

So, why do we feel that this prediction has a good possibility of coming true?  Well, current available security  is not sufficient.  Although some VPN solutions enforce “security checks” on devices, this enforcement is static; they can discover vulnerabilities on the system while scanning but do not actually prevent traffic-borne malware at the endpoint.  On the more stringent end of the spectrum, although some organizations are mandating that their WFH employees install sophisticated endpoint detection and response (EDR) solutions, which would enable IT staff to treat home assets similar to business assets, this is defeated again by the fact that the home network security setup is typically far from the level of the fortified corporate fortress; and often times non-existent.  Although we may see Mobile Device Management (MDM) approaches trickle down to WFH devices, where they may be partitioned to support business usage, when it all boils down, the issue really becomes traffic malware detection.
 
As the Forbes article mentions, the alignment of all of the issues that COVID-19 has opened up is a “dream come true for cyber criminals”.  Hackers have stepped up their games and quickly started crafting COVID-related malware that would prey on individuals’ fears, tricking them into clicking on links that purported to provide information on how they could protect themselves during the pandemic.  With targeted phishing attacks on employees who are WFH, and who are prone to distractions from having to WFH, hackers are finding it easier find cracks in corporate security armour.  They only need to “gain access through one entry point to seize control of a whole network.  Once they’re in they can steal data, secrets, and even lock you out of the network.”

To make matters worse, hackers have been targeting those organizations whose resources are already stretched thin trying to battle the pandemic on the front lines.  As of this past week, it was reported that healthcare insurance giant Magellan Health was the victim of a ransomware attack and data breach.  The attack resulted in temporary system outages and exfiltration of confidential company and personal information.  With the company under “immense strain as it attempted to meet the demands onset by the COVID-19 pandemic”, hackers were just waiting for the optimum time to strike and cause most harm.

Back to the Forbes article, it was noted that over the past couple months, hackers have targeted the US Department of Health and cyberattacks against the World Health Organization (WHO) have more than doubled.  Intelligence reports also revealed that coronavirus-related cyberthreats have increase by 600% between the months of February and March with no abatement in sight.  

Hence, based on current trends, and current approaches to security, the prediction looks very likely to come to fruition.  So, if it is no longer a case of “if” but “when”, how do organizations try to protect themselves from being part of that largest cyberattack in history?  How can they try to minimize their “attack surfaces”, even though WFH requirements have basically left them wide open and vulnerable?  Well, if you don’t want your organization to become part of the statistics, you should look into the Wedge Absolute Real-time Protection (WedgeARP) Secure Home Office and Secure Remote Office solutions that are helping organizations greatly reduce their attacks surfaces during this time of growing WFH requirements.  

With our “Detect and Block” approach that underpins the WedgeARP platform, we espouse a proactive instead of reactive way of dealing with malware.  Wedge’s solutions are cloud-managed, on-premises or cloud-enforced security services offerings that provide a vast array of optimized Security-as-a-Service (SECaaS) features to enterprises and those working from home; enabling effective security solutions for any cloud-connected computing devices.  WedgeARP provides real-time threat protection for all types of endpoints in different types of networks (mobile data, 5G, SD-WAN, SASE, and smart-city/IIoT).  It enables situational awareness for the entirety of managed networks, with security event tracing, rapid response, centralized policy management, reporting, and analytics; all of the things that the legacy VPNs are missing. To find out more about how this solution can help reduce your organization’s attack surface, contact us at: info@wedgenetworks.com

For those organizations who already have a VPN infrastructure in place, WedgeARP can be easily deployed into their VPN Cloud to protect all connected systems and devices.  For those organizations who have not yet implemented a VPN infrastructure, Wedge provides professional services to help quickly set up remote offices with Microsoft Azure vWAN, secured by WedgeARP.  
Although it seems that Mr. McBride’s dire prediction looks very likely to come true, we believe that by incorporating solutions such as WedgeARP Secure Remote Office and Secure Home Office into your organization’s WFH infrastructure it may give you the chance of stopping “The Largest Cyberattack in History”.  Don’t be a victim.  As Benjamin Franklin once wrote,”An Ounce of Prevention is Worth a Pound of Cure”.

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , , , , , | Leave a comment

WFH: Security Implications and Considerations of VPN Split-Tunneling

No Gravatar

Cyber-security underpins many facets of our life.  The COVID-19 pandemic that has affected the world is forcing large enterprises and other organizations to quickly cobble together solutions that will enable their employees to keep working from home (WFH).  In many instances, there has been a rapid scale up of WFH employees from a “normal” average of VPN-ed users of around 5% / day, to now the opposite, where the number jumped to 95% users / day.  This surge of WFH network traffic has the pandemic revealing legacy VPNs’ stress points and limitations. As a result, many VPN infrastructures are overwhelmed; leaving many employees to enjoy “paid vacations” as they are unable to access the data and documents needed to carry out their jobs properly.

To ease the pressure on the VPN bottleneck,  many organizations are forced to use the approach of “split-tunneling”, to prevent service outages and performance degradations.  The concept of split-tunneling is simply this – the VPN client installed on the WFH employees’ devices will only direct traffic that is bound for internal business applications through the VPN tunnel while other traffic would always go directly out through the WFH’s home Internet connection.  The reasoning is simple – for example, if an organization’s egress bandwidth to the Internet is 100Mbps, were split tunneling not deployed, the same organization might require 200Mbps to support this new WFH model.  

The rationale is hence business-driven: “split-tunneling”, that many organizations are using, lightens the load on the infrastructure currently in place; without which, supporting this new WFH norm might not be possible.  However, doing so has introduced very severe cyber-security vulnerabilities.

Unlike in a corporate setting, where organizations have spent a lot of money implementing solutions like EDR / MDR/ Sandboxes, Network Traffic Analyzers, Firewalls, NGFW, etc., in a WFH environment, most home users do not have these security pieces in place.  Many do not even have a decent firewall protecting their home networks.  Thus, when split-tunneling is utilized, where the users’ normal, non-business traffic, such as web-browsing, access to external applications, etc. are NOT sent through the VPN tunnel, this traffic is left open and exposed to all of the security vulnerabilities that come with unsecured internet access .  The non-VPN traffic thus leaves these devices and endpoints open to whatever malware is out there.  

As observed by many industries and government agencies, there are lots of new threats ranging from COVID-19-themed ransomware attacks, weaponized URLs, and scam campaigns designed to steal employee credentials or compromise assets almost indiscriminately.  Any of these could quickly and easily lead to severe cybersecurity breaches.

Thus the dilemma we are facing is: Should organizations enable more workers to utilize the limited resources through split-tunneling even though it introduces severe cyber-security vulnerabilities?

Unfortunately, during this highly stressful time, most organizations are simply happy to accept whatever reliable connectivity that they can access, and in so doing, possibly compromising their corporate security posture in the process.  The upside is that they have connectivity for their growing numbers of WFH employees; the downside is that they are without proper security in place to protect those WFH employees who are working outside the protection of the corporate fortress.  To add to this, by using methods such as split-tunneling they may not actually be in compliance with regulations meant to protect their businesses.

We believe that enterprises and government agencies that are currently facing the challenges of increasing their remote and WFH users should reconsider this split-tunneling setup so as to avoid leaving WFH computing devices unprotected. 

There are several strategies to consider:

  • First, you may consider directing all internet traffic of your WFH devices through the corporate VPN tunnel;
  • Second, if it is not feasible to tunnel all traffic, you should at least identify those VIP computing devices, such as those containing or accessing highly confidential information, and have their traffic fully tunneled;
  • Third, deploy real-time threat prevention solutions at the cloud end of your VPN infrastructure. For example, you should consider installing a network-based anti-malware solution such as the Wedge Absolute Real-time Protection (WedgeARP) platform. With its built-in automated AI and Machine-learning, WedgeARP can detect and block all malware (even zero-day and never-before-seen malware) in real-time;
  • Fourth, consider using a public cloud facility, such as Microsoft Azure or Amazon AWS, as an overflow buffer for your VPN infrastructure.  For government agencies, healthcare, and financial institutions, you need to make sure such public cloud services are certified with all of the required GRC compliances.

To learn more about these strategies, feel free to contact us at: info@wedgenetworks.com


Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , | Leave a comment