COVID-19 is Resulting in Greatly Increased WFH Situations. AND It’s Also Causing a Surge in COVID Themed Cyberattacks!

No Gravatar

The world is in full blown pandemic mode as a result of the COVID-19 virus.  We hear on a daily basis that more countries are closing their borders to foreign travellers and, on a more local level, provincial and civic governments continue to urge their citizens to stay at home so as to help prevent the spread of COVID-19.  This has thus resulted in a vast number of organizations having their employees work from home (WFH).  While many organizations had already started down the path with the WFH movement, this current pandemic has forced many organizations to greatly accelerate the timeline to update their infrastructure to allow their workers to VPN into their servers in order to access documents and files that they need to be able to do their jobs.

Unfortunately, with the accelerated timelines, many organizations and their network infrastructures are ill-equipped to handle the greatly increased load caused by having most or all of their employees VPN or access their networks remotely.  That, and more often than not, security concerns are an afterthought, leaving organizations’ servers, as well as the employees working from home, even more vulnerable to cyber security threats and attacks.

In an article from Forbes, they mention that “Even before people began working at home during the COVID-19 pandemic, enterprise level ransomware was up 12% in 2019 with total costs of as much as $11.5B.”  One can only imagine how lessened security for those working from home could even further increase these numbers.  The article continues by saying that “Being safe from malware requires some work on your part and coordination with your IT department, but planning ahead will give you more peace of mind and allow you to continue being productive, even while working away from your office.”  It also goes on to provide some good steps that employees can take to prevent, detect, mitigate and recover from malware, such as ransomware.
 
We won’t go into those here as they are laid out quite nicely by the aforementioned Forbes article.  Instead, we want to press further and bring up the fact that the COVID-19 pandemic is creating an almost perfect storm for hackers and bad actors to increase their attacks.  With millions of people now WFH, without adequate protections against cybersecurity attacks now that they are no longer protected behind their organizations firewalls and other expensive security defences, hackers are making a concerted push to attack these workers.
 
In an article from MSN, they bring up that COVID themed attacks are exploding.  Cleverly designed emails are being sent out to look like they are from work supervisors with malicious attachments on the new “work from home policy”.  When combined with diversions resulting from parents having to take care of their kids while at home, or other things that might provide distractions, workers are at greater risk of clicking on links that may be malicious.  On top of that, COVID-19 has people very scared and looking for answers.  Many hackers are using social engineering to prey on these fears, disguising malware within emails that look like Coronavirus Awareness information, or crowdfunding pages purported to help those fallen ill.  The wicked do not rest and COVID-19 has provided a new theme for hackers to use to try to get people infected.

Thankfully, there is a ray of hope that is shining out of COVID-19’s dark clouds.  Wedge Networks has been on the leading edge of providing real-time threat protection for both home office and corporate infrastructure.  We understand that when your employees are working outside of your well-fortified corporate castle, they are not protected by all of the expensive defences that your organization has installed over the years, including EDR/MDR/ Sandboxes, Network Traffic Analyzers, and Firewalls / NGFW / SWG / IDPS.  In order to help protect the increasing levels of WFH workers, Wedge offers PlanV – Wedge’s Secure Remote Office Solution, based on the Wedge Absolute Real-time Protection (WedgeARP) platform.  For those organizations who already have a VPN infrastructure, WedgeARP can be easily deployed into their VPN Cloud to protect all connected systems.  For those organizations who have not yet implemented a VPN infrastructure, Wedge provides professional services to help quickly set up remote offices with Microsoft Azure vWAN, secured by WedgeARP.

PlanV offers some key benefits to organizations, including:
1. Allowing workers to access their workplace systems to achieve the same productivity while working from home.
2. Providing real-time threat protection for both the home office and corporate infrastructure.
3. Improving the economics of the WFH environment, lowering worker commute times, reducing bandwidth and office space costs and allowing for centrally managed security – blocking malware before it can even enter your network.

To learn more about how Wedge’s PlanV – Secure Remote Office Solution can help your organization to secure its WFH population, contact us at: info@wedgenetworks.com.  Our team wants to do its part in helping to secure workers around the world who are working from home during this unprecedented time.

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , | Leave a comment

COVID-19 Has Employees Working From Home: Is Your Organization’s Remote Access Secure?

No Gravatar

COVID-19’s effect on the global business community has now become far reaching.  WFH (Work From Home) is now a typical part of the lexicon as organizations around the world try to stem the spread of the virus amongst their workforce.  As such, a lot of more of the recent digital blogs that we’ve come across now offer a wide variety of tips to employees working from home, in an effort to ensure that they’re protected from hackers and scammers while they work outside the security walls of their organizations.  One such blog from Kim Komando, brings up a few good points to put those working from home on their guard so that they don’t get scammed.  Hackers and scammers are getting very adept at using easily gotten tools such as key loggers to obtain confidential information and even AI technology to spoof the voices of those you would normally trust in order to trick you into doing things that you shouldn’t.  Without the added protection of the organization’s internal network protections, many of those who WFH are left wide open potential threats as many are not adequately trained on, nor are they adept at enabling IT Security at home.

At least many of the better funded and more adept organizations out there can help protect their staff, even when they work from home, by providing them access to the company’s network through VPN.  Or, they can ensure that their company issued devices have built-in firewalls in order to offer at least some protection by allowing direct access to the company’s servers and data.  The only downfall is that if the company’s network does not have adequate security services, end-users could still be open to attack and potential threats.

The great news is that in this ever-growing WFH requirement, there is a solution available to organizations that provide 100% secure remote access to their employees.  Wedge now offers “PlanV”, a Secure Remote Office Solution that enables productivity and security for those working from home.  For those organizations who already have VPN infrastructures in place, Wedge’s Absolute Real-time Protection (WedgeARP) platform can be easily deployed in their VPN cloud to protect ALL connected systems.  Meanwhile, organizations who currently do not have a VPN infrastructure available, can work with Wedge’s professional services group to quickly set up remote offices with Microsoft Azure vWAN, secured by WedgeARP.

PlanV offers organizations several benefits, including:
1) providing workers access to workplace systems to achieve the same level of productivity as if they were in the office,
2) enabling real-time threat protection for both home offices as well as the corporate infrastructure, and
3) economically lowering commute, bandwidth and office space costs while still managing network access and security centrally; blocking any and all malware before it can enter into the network.

To find out more about how your organization can protect its workers as they are being forced to work from home during the COVID-19 crisis, contact the Wedge Team at: info@wedgenetworks.com.  Our team can ensure that your organization’s remote access is secure, giving your IT Staff one less thing to worry about during this unprecedented global pandemic.

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , | Leave a comment

Critical Infrastructure: Another Key Target for Ransomware Attacks

No Gravatar

We’ve written about this in the past, especially after malware such as Stuxnet spread like wildfire a few years back in Critical Infrastructure organizations.  We also elaborated on the amount of damage that could be caused if control systems were compromised at things such as power and other critical plants.  With the type of damage that is possible, it is no wonder that Critical Infrastructure continues to have a big target on its back when it comes to hackers looking to do harm.  The good thing is that government agencies, like the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), continue to monitor and provide warnings to all industries that operate critical infrastructure about new cyber threats such as ransomware that show up.

So, it wasn’t a big surprise when an article surfaced recently discussing about a recent advisory that CISA had issued in response to a cyberattack targeting and unnamed natural gas compression facility.  This attack used spear-phishing to deliver ransomware to the company’s internal network.  Critical data ended up becoming encrypted and operations at the facility were down for almost two days as the organization initiated a deliberate operational shutdown which resulted in lost productivity and revenues.

The surprising thing about this attack was that it was limited to Windows-based systems and did not impact any programmable logic controllers (PLCs), which would be typical in this case in order to shut down critical control systems.  The company was able to recover from the attack by retrieving and putting replacement equipment in with last-known-good configurations.
 
On the other hand, another article put out by the register, on this same incident, paints a less than rosy picture about how the attack was carried out.  In their article, it was brought up that the malware that did the damage to this natural gas plant was “a common or garden strain of file-scrambling Windows ransomware” and, although it didn’t result in any physical damage to equipment of any of the PLCs that directly control the gas flow, it was spread from an office computer through the plant’s IT network to the operational network.  According to the CISA, the plant’s operator fell short on separating its IT network from the operational systems of the plan, making it easier for the malware to move between the two networks when they really should have been isolated from one another, usually through some sort of air gap. 

While malware infections at critical infrastructure organizations, such as oil and gas plants, have always been seen as potentially catastrophic, usually, the attackers utilize purpose-built malware and spyware to inflict as much damage as possible to the infrastructure.  In this case, because of what could be seen as less than stellar security, “commodity” ransomware was able to do damage just by going through the network looking for Windows-based PCs to lock up.
 
So, in this sort of scenario, what can be done to help prevent attacks like these?  Well, for one, it is probably best to ensure that there are air gaps put in place between IT networks and OT networks.  At the same time, what can be done at the outset in order to prevent the spear-phishing attack from even entering the IT network in the first place?  Critical Infrastructure organizations should consider putting in place solutions such as Wedge’s Advanced Malware Blocker (WedgeAMB).  

Instead of relying on employees to be on the lookout and NOT click on potentially harmful links, as well as using a Detect and Remediate approach to security, WedgeAMB instead allows the organization to implement a DETECT and BLOCK approach.  By detecting the phishing attack and blocking it BEFORE it even gets to the employees’ computers, it eliminates the possibility of further allowing the ransomware payload from getting downloaded and causing whatever damage it is looking to do!  At Wedge, we’re trying to do our part to help secure Critical Infrastructure facilities by offering a FREE 90 day trial of our WedgeAMB product.  Contact us at: info@wedgenetworks.com to find out more!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , | Leave a comment

Continuing with the Healthcare Industry, Here are Some of the Numbers…

No Gravatar

As we covered Healthcare a fair bit last week, I just wanted to pass along some of the recent numbers that reflect the dire situation that the industry continues to find itself in.  Forbes published and article a couple of days ago that provides some telling numbers from the US Healthcare industry and a bit of history surrounding how it has been targeted since the first ransomware attack in 1989.  Unfortunately, ransomware continues to be the thorn in the side of healthcare even today.

So, down to the numbers.  According to a recent report from Comparitech, in the US Healthcare industry alone, 172 ransomware incidents have cost more than $157MM over the past four years.  The interesting thing to note is that the actual ransom demands only accounts for 11% of that figure.  The OTHER 89% of costs can be attributed to remediation costs and downtime!!

Damage has been incurred across the US, with attacks reported in ALL but five states: Maine, Montana, New Mexico, North Dakota and Vermont.  Interestingly, California has been hit the hardest during this time with 25 ransomware incidents reported.  Of the more than 1,400 clinics, hospitals and organizations impacted, 75% of attacks have been focused mainly on hospitals and clinics; the front lines of healthcare where downtime can cause life or death situations.

The unfortunate thing is that, although ransomware attacks result in network downtime, reduced patient care and lost time and resources, it is now also frequently targeting the databases that contain highly sensitive and confidential patient records.  This is a disturbing trend as, according to the Forbes article, medical records are a hot commodity on the Dark Web marketplaces, where they can often command more than 4 times the price of stolen social security numbers.  Factoring in the potential for identity theft, this could potentially cause the total related costs of these ransomware attacks on the healthcare industry to explode!

So, getting back to what the Healthcare Industry can do to help reduce the ongoing effects of ransomware, we refer back to our previous blog.  Healthcare has to take a long hard look at what its doing to protect itself.  Considering the fact that it’s now 31 years later and the attacks and severity continue to increase, it’s time for the industry to try something new.  Instead of the Detect and Remediate approach that has long been in use, and that can be attributed to 89% of the costs that have been incurred over the past 5 years, the industry really has to look at the Detect and Block approach; utilizing a solution that can literally STOP the ransomware from even entering the network.  Find out more by contacting our team at: info@wedgenetworks.com and see how you can take advantage of the FREE 90 day trial of the Wedge Advanced Malware Blocker (WedgeAMB) which is spearheading some of the needed security changes in cybersecurity for the healthcare industry.

Posted in Unclassified | Tagged , , , , , , | Leave a comment

Healthcare Industry Still Under Siege: Why They’re So Bad at Cybersecurity and Why Backups are No Longer a Solution Against Ransomware

No Gravatar

Over the weekend there were a couple of articles that popped out at me, mainly because it’s in an industry that we’ve been making strides to protect with our WedgeARP platform and our WedgeAMB product.  This industry is of course, the healthcare industry and it is continuously under attack from hackers because of the amount of damage that they can cause to essential services and, consequently, the payday that they can extract from accessing private health records and holding critical systems hostage, especially in life-or-death situations.

The first article, from CBC, brings up the fact that healthcare providers across the country continue to get hit by ransomware.  Despite having security in place, eHealth Saskatchewan, which manages the provinces personal medical records, appeared to have leaked files from its servers to suspicious IP addresses in various countries in Europe.  This discovery was made during forensic analysis that resulted from a recent ransomware attack.  It was found that although it was initially thought that the attack began on January 5, 2020, the initial virus entered the organization’s health system as early as December 20, 2019.  Employees did not discover any problem until they tried opening files on January 6th, 2020 and were requested for bitcoins in exchange for unlocking the files they needed to access.  Although eHealth’s CEO, Jim Hornell, stated that the affected server mainly contained administrative files, such as emails, it’s not clear whether this server was in communication with other servers in the network.  Despite backups being available, since the servers were breached and data encrypted and leaked offsite, the organization can never be sure whether confidential information had been compromised, even after they got their systems up and running again.  Scary stuff when organizations such as these can get back up and running from their backups but still manage to lose confidential information from the attack!

The second article, from Ars Technica, is a much more in-depth read and serves to bring home some very critical points.  From CBC’s article, we see that healthcare organizations continue to get hit, but this article tries to understand why healthcare continues to be so bad at securing themselves, despite the fact that they are aware that their networks are value targets.  Despite the fact that the healthcare industry deals with life-or-death scenarios on a daily basis, they continue to have issues securing themselves.  In 2019, the industry continued to get hit with data breaches, and ransomware attacks, costing to the tune of $4 billion.  A case in point on how bad things are getting, five US healthcare organizations had reported getting hit by ransomware attacks in a single week in June of last year!!  Because of the potential payday for hackers, their attacks are becoming more severe and more sophisticated as well!

So, what’s the problem?  The Ars Technica article brings up what we believe are several salient points:

1.  The “Last Mile” awareness problem:  The number of patient using implantable devices that are potentially prone to cyber-attacks, and even patients connected to devices at home or elsewhere, may not be aware of the importance of receiving updates and patches to fix potential vulnerabilities in order for their devices to continue functioning safely and effectively.

2.  A late start and continued lack of oversight:  Government organizations have only recently been overseeing the issue of cybersecurity within the healthcare industry and are met with a lot of pushback from device manufacturers when it comes to regulating and addressing cybersecurity issues.  Although many large healthcare organizations are recognizing the risk and are investing resources into prevention, for a vast majority of organizations, because of lack of or continued reduction in funding, the priority for cybersecurity gets pushed way down on the list.
 
3.  Hospitals are notoriously bad at patching: With patching of medical devices taking time and resources, and with no regulatory requirements for healthcare organizations to do so, it is not surprising that this fairly effective cybersecurity activity is not taking place regularly.  With no standardized protocols for patching and with so many different devices running both new and old operating systems, it becomes unwieldy to put together a regular patching protocol.

4.  There is a lack of research on the effects of cyber attacks on these organizations:  Not enough studies have been undertaken to provide concrete evidence of delays in emergency care and mortality rates that have directly resulted from cybersecurity incidents.  The evidence may very well be enlightening on just how lives could very well be affected but ransomware and other malware attacks on the healthcare industry and could spur regulators to expedite cybersecurity requirements.

5. Understanding “risk”:  Doctors do not understand cybersecurity risks, or they view it with a different lens as a result of their medical training.  That being so, their idea of risk doesn’t equate to how the cybersecurity industry understands risk.  Doctors consider the percentage of people who might get infected and how to mitigate that as opposed to looking at the exploitability of the infections and how they could be evolved for more nefarious purposes.

6.  Lack of staffing: Even if the other salient points were taken care of, there remains the fact that there is still a fundamental issue affecting healthcare security.  That is that they work with a limited amount of personnel and resources; and unfortunately, the first area that is cut or reduced is usually IT.

Thus, we see that there are a variety of reasons why the Healthcare, while continuously under siege by cyber threats, continues to hobble along.  Many are the issues are inherent to the underlying mentality and understanding surrounding Cyber threats and the effects of attacks, while some come down to resource and lack thereof.

What we here at Wedge are trying to do, with our WedgeARP platform and WedgeAMB product, is to show that there is a solution that can help to alleviate at least some of the issues as listed above.  With more visibility into the healthcare networks, and with tools such as AI and Machine learning that can detect and block malware such as ransomware in real-time, issues such as the “Last Mile” awareness and patching become non-issues.
 
From a reduced resource perspective, being able to PREVENT attacks from happening is a much more cost-effective way of dealing with cyber security than trying to remediate effects after the fact.  For those healthcare organizations who are struggling to find resources in order to defend from and mitigate against cyber attacks, they should consider that PREVENTATIVE solutions such as WedgeAMB can provide much greater ROI than utilizing  a Detect and Remediate approach.  This can often alleviate lack of staffing issues, especially when WedgeAMB, with its single pane of glass management console, greatly reduces the need for staffing by minimizing and consolidating alerts and reports so that they can be much more easily managed than other solutions on the market.

Finally, with built in reports and wider visibility into what is going on within the network, WedgeAMB provides many of the tools needed for the incoming government regulation and oversight that is no doubt in the works.  By generating insights into where the network is vulnerable, Healthcare Industry security teams can better understand where they need to shore up defences and where they can make better decisions on resource outlays.

At Wedge, we are continually working on ways that we can help beleaguered and hard hit industries like healthcare.  In order to see how we can help your organization, feel free to drop us a line at: info@wedgenetworks.com.  As always, we offer a FREE 90 day trial of our Wedge Advanced Malware Blocker (WedgeAMB) to any and all organizations in the healthcare industry.  We are striving to be one of the networks security companies that can actually spearhead some of the needed change within healthcare cybersecurity!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , | Leave a comment

Haven’t Received Your Packages as of Late? Blame Ransomware!

No Gravatar

An interesting article came across my desk yesterday, posted by Zdnet, which centred around how deliveries across Australia have been delayed recently.  Now many would figure that it was weather related or something similar as we have seen the news articles of how wildfires are still raging across the country creating havoc.  However, in this case, it was not Mother Nature, but the work of hackers that was causing delays.

Australian transport and logistics company, Toll Group  was hit by a targeted ransomware attack last Friday (now being blamed on a new variant of the”Mailto” or “Kokoklock” ransomware), infecting as many as 1000 servers.  This led to the company having to immediately isolate and disable various systems in order to limit the spread and effects of the attack.  By Monday, the company, which employs over 40,000 workers, had to shut down a number of systems, including several of its customer-facing applications.  Thankfully, although Toll Group does not believe any personal data has been lost from its systems, the incident has meanwhile resulted in the company having to revert to manual processes in order to clear the backlog of undelivered packages that the ransomware had caused. Toll Group’s update to its customers can be seen here.  Fortunately, Toll’s customers are able to continue to access the company’s services across a large part of its global network; however, the company has had to increase its staff in order to help with the continued backlog that the ransomware caused.

While Toll Group battles through the effects of ransomware infiltrating its systems, this need not have happened.  Wedge recently worked with one of the world’s fastest growing global logistics companies (PGL) to prevent exactly what occurred with Toll Group.  Based out of Texas, PGL transports over 250,000 tons of air freight annually.  One of the company’s top priorities is ensuring its customers’ confidential data while providing its end-to-end shipping, transportation and logistics services.  Like in the Toll Group case, with the critical nature of its freight and custom-clearance services, along with its 24/7 package tracking, PGL cannot afford to have any system downtime.  

As such, PGL worked with Wedge and deployed the Wedge Absolute Real-time Protection (WedgeARP) orchestrated threat management platform into its main data centre in order to eliminate malicious attacks to its on-premises and cloud infrastructure.  With WedgeARP’s embedded artificial neural network, each of PGL’s locations are protected from all threats, in real-time, with ransomware, APTs, backdoors and other never-before-seen malware being detected and BLOCKED before they can reach any endpoints.

”We cannot afford any downtime whatsoever if we are going to succeed in this very competitive industry. If we should ever get hacked, our competitors would eat our lunch. That’s why we are always looking for proven solutions to keep us several steps ahead of potential attacks. WedgeARP has truly shown its value to us in this respect, blocking several zero-day attacks that our other solutions didn’t even detect! It’s amazing to me that we’re getting thorough malware protection from a solution that has introduced literally no performance degradation into any of our systems and services.” 

-PGL IT Director, Steven Calton II

In PGL’s case, WedgeARP’s AI engine was able to detect and block several advanced threats and never-before-seen malware that the company’s existing firewall and UTM solutions did not catch.  With large-scale security implementation across its offices worldwide, WedgeARP provides effective real-time threat management services through its orchestrated threat management platform that incorporates the industry’s best-of-breed solutions; all managed through a single pane of glass.  Had Toll Group utilized the WedgeARP solution, perhaps they would not be facing the issues that they are currently dealing with.

If your organization is struggling to find a solution that will protect its valuable customer database and customer facing systems, drop us a line at: info@wedgenetworks.com.  Wedge provides a FREE 90 day trial of its Wedge Advanced Malware Blocker (WedgeAMB) that runs on the WedgeARP platform.  Attacks like the one that hit the Toll Group CAN be prevented!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , , | Leave a comment

The Endpoint Protection Numbers Are In And It’s Not Looking Pretty – Endpoint Attacks Are Still An Ongoing Issue

No Gravatar

Help Net Security published an article at the end of January that highlighted several Ponemon Institute findings and the fact that “Organizations are not making progress in reducing their endpoint security risk, especially against new and unknown threats…” According to a Ponemon Institute study, 68% of IT security professionals surveyed admitted that their companies experienced one or more endpoint attacks that compromised data assets and/or IT infrastructure, increasing from 54% of those surveyed in 2017.

The big thing that was revealed in the study its that of the incidents that were successful, 80% of them were caused by new or previously unknown malware that either exploited undisclosed vulnerabilities or that used malware variants that signature-based solutions were unable to recognize.  

To make things worse, these increased attacks also inflicted more business damage than before, with the Ponemon Institute findings showing that that the average cost for endpoint breaches increased by more than $2MM from 2018 numbers to sit at an average of $9MM in 2019.

According to Larry Ponemon, Chairman of the Ponemon Institute, “Over half of cybersecurity professionals say that their organizations are ineffective at thwarting major threats today because their endpoint security solutions are not effective at detecting advanced attacks.”

This is definitely not a good sign, especially as more and more businesses move their networks and digital assets to the cloud.  

What could be a silver lining in this ongoing fight against malware is that as organizations continue the shift to Windows 10, with Windows Defender AV built into the operating system, enterprise security strategies are changing.  Ponemon reports that 80% of organizations are using, or are planning to use, Defender AV for savings over their legacy anti-virus solutions.  These savings are then being reallocated towards adding a layer of advanced threat protection in endpoint stacks along with an increase in IT resources.

Although Endpoint Detection and Remediation (EDR) adoption is increasing as a way to increase advanced threat protection for endpoints, the study showed that organizations are finding that costly customization and false-positive alerts are significant challenges in their EDR adoption. Those who have not adopted these solutions state that they have a lack of confidence in EDRs ability to prevent zero-day threats.  Security staffing limitations are also a top reason why EDR solutions are not adopted.

At Wedge Networks, we’re gearing up to be part of the changing security strategies.  Organizations can add that extra level of threat protection with the Wedge Advanced Malware Blocker (WedgeAMB), a product from Wedge’s Absolute Real-time Protection (WedgeARP) line.  WedgeAMB combines: 1. Deep Content Inspection, so that it can see ALL content going through the network and improve on detection accuracy, 2. Orchestration of the industry’s best-of-breed security services, to cover all advanced threats, 3. Artificial Intelligence and Machine learning, to detect never-before-seen and zero-day malware, and 4.  SubSonic and GreenStream – hyper streaming technologies, so that malware detection and blocking can occur in Real-time with no perceptible latency.

In addition, to help increase EDR adoption, when WedgeARP is added to the mix, it becomes the tool of choice for Managed Detection and Response (MDR) providers.  With WedgeARP and a capable EDR system in place, organizations can access a potent solution that can Detect and Block malware in Real-time (instead of waiting for minutes and hours for results to come from a sandbox), while allowing MDR providers to offer Real-time remediation through the interactions with their EDR system.  WedgeARP, combined with EDR, greatly reduces false-positive alerts, provides EDR solutions with the ability to prevent zero-day threats, and, with its built in analytics and alerts, greatly reduces the IT resources needed to manage the solution.

So, although the Ponemon Institute report continues to paint a bleak pictures of the state of endpoint protection, there are things that organizations can and SHOULD do in order to help themselves.  If your organization is concerned about its endpoint protection capabilities, contact us at: info@wedgenetworks.com.  Wedge offers its WedgeAMB for FREE on a 90 day trial.  There is no time like the present to beef up your endpoint security!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , | Leave a comment

Snake Ransomware Now Causing Havoc on Industrial Control Systems – Are Your Systems at Risk?

No Gravatar

This is a follow-up blog to the one we provided earlier this month on how the Snake Ransomware was affecting Corporate Networks.

Yesterday, Bloomberg again brought to light the recent “Snake” ransomware and how it is now used to target Industrial Control Systems (ICS); and in particular, many industrial processes that belong to General Electric Co.  This new strain of ransomware was created by Iran and has the ability to lock up and even delete ICSs.  Snake will encrypt programs and documents on infected machines BUT it also removes all file copies from infected stations, preventing victims from even recovering encrypted files.  As such, deleting and/or locking targeted ICS processes would prevent manufacturers from accessing vital production-related processes such as analytics, configuration and control.

Of note, before the Snake ransomware starts encrypting files, it attempts to terminate processes associated with various types of programs, including system utilities, enterprise management tools and ICS.  Although other companies such as Honeywell and their processes are at risk, the majority of the industrial processes that are targeted by Snake are those in GE products.

According to an article by SecurityWeek, one organization that was recently targeted by this ransomware (or the related Dustman malware) was the Bahrain Petroleum Company (Bapco).  According to ZDNet  Saudi officials sent an alert to other local companies active on the energy market in an attempt to warn of potential attacks and advising these companies to ensure that their networks were secure.  The Bapco incident was brought up amid rising tensions between the US and Iran after the US military recently killed top Iranian military general, Major General Qassim Suleimani.  

Saudi Arabia’s National Cybersecurity Authority subsequently linked Dustman to the ZeroCleare malware; itself a wiper that has been targeted against energy and industrial organizations in the Middle East.  When the dust settles, all of these malware variations have been linked back to Iranian hacker groups, and are a testament to Iran’s advanced technical capabilities when it comes to launching destructive state-endorsed cyber attacks.  With the current political climate surrounding Iran and the US, it would not be prudent to rule out the possibility that they will try to create additional instability by targeting other energy and industrial / infrastructure organizations in the region.

That being said, if your organization is running any sort of ICS system that could potentially be at risk, how confident are you in the security solutions that you currently have in place?  How damaging would a ransomware attack be to your organization?  Are you prepared with backup plans?  In this case, should the Snake ransomware hit your operations, because it removes all file copies from infected stations, would paying the ransom even ensure that you’ll be able to get up and running again?

This is where Wedge, and its ability to detect the Snake ransomware, is able to help.  With Wedge’s Advanced Malware Blocker (WedgeAMB) in place, the Snake malware that is targeting ICSs can easily be detected and blocked in real-time, BEFORE it causes any damage.  With a deep content inspection, and AI / Machine-learning based platform that has proven effective to be able to detect and block ransomware in real-time, WedgeAMB is providing not only Energy and Industrial organizations but ALL organizations the extra blanket of protection that they need to weather the new variations of ransomware that are being pushed out by hacker organizations.  

If your organization is concerned about this recent spate of attacks, and is unsure of whether your security solution would be able to detect the Snake ransomware, make sure to contact us at: info@wedgenetworks.com.  Our team will be able to tell you more about how WedgeAMB can protect your organization.  WedgeAMB is available for a FREE 90 day trial so you really have nothing to lose!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , | Leave a comment

The Snake Ransomware is Making its Rounds Through Corporate Networks… However, it is Unable to Elude WedgeAMB!

No Gravatar

Snake is in the news as of late. No, not the one of the 2019 Chinese Zodiac but of the malware variation. Detected as “Trojan.Win32.Antavmu.asdd”, Snake works like most ransomware. It doesn’t touch your operating system files and programs so your computer still starts up and provides you with a working system. And, like most other ransomware, any other important files such as documents, photos, videos, spreadsheets, etc, are all scrambled and locked up with a randomly chosen encryption key.

Here’s the thing. With Snake, the scrambled files will consist of the encrypted content overwriting the original data with decryption info added on at the end. The original filenames and directories are are recorded, with the decryption key stored as well, with a special tag “EKANS” (“SNAKE” – backwards), finishing off the encrypted file.

Similarly to other ransomware, Snake uses a hybrid encryptions system with symmetric cryptography used to lock up the files but then public-key encryption used to lock up the decryption key. The reason being that symmetric cryptography is ideally suited for scrambling large amounts of data while public-key cryptography is better suited for small amounts but allows for two keys, instead of one, where the key used to lock up the data can’t be used to unlock it.

However, Snake is a bit different from other ransomware. While most ransomware denote scrambled files by adding unusual extensions to filenames so that they stand out, the Snake malware adds a different, randomly chosen string of characters, onto the names of encrypted files; making it more difficult to determine which files have been affected through name alone.

From there, the malware drops a “What happened to your files?” document onto your desktop, or in this case, it writes a file called “Fix-Your-Files.txt” into the Windows public desktop, where it shows up in the background for every user on the affected system. Unfortunately, the way the malware is written, with the expectation of having administrator access across the compromised network, the bad actors that are perpetrating this crime don’t intend on targeting individual users on the network but are looking to take their time and attack everyone, for a much more egregious outcome.

But there is a positive outcome to this story! As it turns out, the Snake ransomware is still ransomware at its core and because of the various key elements of the code, it can still be detected and blocked. Although many solutions out there are unable to detect it because they are still just looking at the packets and not the content itself, WedgeAMB, with Deep Content Inspection in its underlying platform, is able to do just that. By looking at the whole content, combined with AI and machine-learning abilities that can detect the “INTENT” of the content; despite variations in the malware itself, WedgeAMB can detect and BLOCK the malware in real-time. The malware is unable to even enter the network; preventing any and all damage from occurring. This can be evidenced in the screen-shots from WedgeIQ below, showing that the Snake malware was stopped in its tracks.

Now, hopefully your organization was not affected by this dastardly piece of ransomware as it has many other organizations out there. If you are concerned that perhaps your security systems might not be able to detect and block this and other ransomware variations, give us a shout! Wedge provides a FREE 90 Day trial of our Wedge Advanced Malware Blocker, which uses Deep Content Inspection along with Orchestrated Threat Management that incorporates best-of-breed security solutions and AI to detect and block ALL malware in real-time. Contact us at: info@wedgenetworks.com. Let’s usher out the Chinese Year of the Snake and protect ourselves from the Snake malware while ushering in a much better 2020 Year of the Rat!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , | Leave a comment

Cyber Insurance Company Warning of 6X Increase in Ransomware Attacks: Not Just Healthcare is a Target

No Gravatar

Wedge’s CFO recently forwarded me an article from the finance side of things that is painting an alarming picture. We’ve been talking a lot about how the Healthcare industry has been the main target of ransomware attacks but an article put out on insurancebusinessmag.com is painting an even bleaker picture for small businesses as a whole. According to cyber insurance company Tokyo Marine HCC, they have seen a 6-fold increase in ransomware attacks over the last four years, mainly targeting small businesses, with the costs of responding to these attacks up almost 10 x during that period.

It looks like the ransomware attackers have now finely honed their “business” and their testing of the market has shown how lucrative this business can be. Most businesses have been educated in the news by all the attacks, they know what ransomware is and how they have to pay the ransoms via bitcoin. Now that the ransomware business model is mature, with those hit by the ransomware being reassured that their data will be released upon payment, cyber criminals are upping the demands. Ransoms are jumping from the $10k-$30k range up to the six and seven figure range. Of course it also doesn’t help that insurance companies have joined the fray and are now covering part, if not all, of the losses from these attacks. Knowing that there is a deep-pocketed insurance company in the background that will be paying for the ransom is causing an upward shift in costs overall.

Getting back to the Healthcare industry, they have been the targets for so long because they typically have data that they cannot afford to go without for too long before their patient care starts suffering and before life and death situations start creeping into the equation. Not only that, but healthcare networks have also been known to provide good computing machinery for bitcoins mining, tons of good private and confidential data that could be used for blackmail or extortion schemes, not to mention that most of the OT machinery and diagnostic equipment running on the network cannot be easily patched with downtime costing the organization for every day they are not in operation. This doesn’t even touch on the potential for sabotage with patient misdiagnoses!!

Now, hackers are finding that other SMEs, such as accounting firms and retailers, can be just as affected as the healthcare industry by cutting off access to their critical data. Any industry that has mission and business critical data that is not adequately protected could be and will probably be an easy target. Even if they are covered with cyber insurance, the way costs are increasing, ransomware attacks are going to continue having a negative impact on everyone’s pocketbooks.

That’s why Wedge is so focused on ensuring that its WedgeAMB product is made available to provide the protection that these target SMEs need. With a deep content inspection and AI and machine-learning-based platform that can detect and block ransomware in real-time, WedgeAMB provides the extra blanket of protection that all SMEs need; PREVENTING ransomware from even entering the network and locking up mission critical data. SMEs can fight back by enabling more accurate real-time protection that will stop them from being another ransomware statistic. WedgeAMB is being offered for FREE on a 90 day trial. Contact us at: info@wedgenetworks.com to find out more! It takes everyone working together to solve this growing ransomware epidemic.

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , | Leave a comment