Wedge Networks Inc. | securing the cloud connected world

Under the Cover of COVID-19, Hackers are Stepping Up Their Criminal Activities in a Big Way and Exposing Security Cracks in Legacy VPNs

Posted on April 13, 2020 by Wedge Chief Scientist

Since the COVID-19 pandemic started taking a firm grasp over the world it has forced companies to accelerate their efforts for enabling their employees to work from home (WFH). As a result, cybercriminals have taken advantage; exploiting the emerging opportunities and vulnerabilities that have multiplied as workers do work from the less fortified confines of their home “offices”.

According to an article by helpnetsecurity, “The impact of the COVID-19 pandemic on cybercrime has been the most visible and striking compared to other criminal activities. Criminals active in the domain of cybercrime have been able to adapt quickly and capitalize on the anxieties and fears of their victims. Phishing and ransomware campaigns are being launched to exploit the current crises and are expected to continue to increase in scope and scale.”

More statistics on this are provided by i24news out of Israel, who have stated that in just the past two weeks, the number of daily attacks related to the Corona virus have increased from a few hundred to more than 5,000 with the average currently at more than 2,600 attacks per day.

How is this affecting security for the corporates and other organizations that have seen the number of their employees working from home skyrocket? One major result is outlined by a a recent article on betanews.com which warns that with the skyrocketing VPN usage and issues of internet overload, security and scalability to handle this is greatly lagging. With COVID-19 rapidly transforming the globe, forcing the largest number of people to work remotely in history, and with millions of people connecting to their corporate networks from their homes; it is no wonder network infrastructures around the world are being taxed at levels never seen before.

The big threat lies in the legacy Virtual Private Network (VPN) technology that has always provided the backbone to working remotely. Over the past 30 years, legacy VPNs “have enabled secure, remote access to the internet through a point-to-point connection by creating an encrypted ’tunnel’ through which IP traffic flows.” The downfall, however, is that because they provide access to the organizations entire network in order for them to access company resources, this makes all organizations using the legacy VPNs more vulnerable to attacks and data breaches.

With the massive numbers now using the legacy VPN technology, more than ever before, cracks are starting to emerge in the technology as the solutions “were not built to scale to support millions of users nationally or globally”. In the US alone, there has been an upwards of 53% increase in the usage of VPNs due to the number of state governments mandating work-from-home policies; and this is creating an unprecedented stress test on the VPN technologies. Combine that sudden spike in VPN usage and a resultant slowdown in internet access and reduced quality of service from the massive volume of users and there is a disaster just waiting to happen.

The big concern is the lack of security in legacy VPNs. For example, NordVPN had a breach recently where an attacker gained access to the TLS key ‘which opened the door and exposed the unencrypted network to hackers”. “In this case, the intrusion went undetected for over a month due to a lack of activity logs.” In addition, users are typically not restricted to specific network resources, ‘making VPNs another singular point of failure with respect to identity access and credential management. There is no segmentation, audit or control.’

Verbatim text from betanews.com: “Critical VPN limitations include a lack of network segmentation, traffic visibility, on-premises user security and straightforward network security. VPNs are also not suited for dynamic networks because they require computer hardware, constant management and cannot easily adjust to network or server changes.” “The new challenge for virtually any company I how to provide secure and reliable employee access without draining IT resources and budgets, especially remotely. Organizations must look beyond traditional VPNs to alternatives that can be quickly deployed and configured via the cloud to provide device and application configurability, as well as accessibility, increased security, privacy and user-access control granularity and analytics.”

The article goes on to outline the new cloud-based network security model defined by research firm Gartner, Secure Access Service Edge (SASE), which combines multiple network technologies delivered as a service and which supports dynamic secure access to all organizational assets.

This is where Wedge Networks and its recently launched Wedge Absolute Real-time Protection (WedgeARP) Secure Remote Office Solution comes into play. Based on the WedgeARP platform, it is a cloud-managed, on-premises or cloud-enforced security service offering that provides a vast array of optimized Security-as-a-Service features to enterprises; enabling effective security solutions for any cloud-connected computing devices. The Wedge Secure Remote Office solution provides real-time threat protection for all types of endpoints in different types of networks (mobile data, 5G, SD-WAN, SASE, and smart-city/IIoT). It enables situational awareness for the entirety of managed networks, with security event tracing, rapid response, centralized policy management, reporting, and analytics; all of the things that the legacy VPNs are missing.

As organizations face difficulties ramping up their WFH infrastructures, Wedge’s Secure Remote Office product provides the easy to deploy and enable solution. It integrates Microsoft Azure Virtual Wan with WedgeARP, along with Microsoft’s high quality VPN connection; providing Wedge’s cutting-edge real-time cybersecurity services that legacy VPNs are missing. To find out more about how WedgeARP Secure Remote Office solution could benefit your organization, contact us at: info@wedgenetworks.com. For those organizations who already have a VPN infrastructure, WedgeARP can be easily deployed into their VPN Cloud to protect all connected systems. For those organizations who have not yet implemented a VPN infrastructure, Wedge provides professional services to help quickly set up remote offices with Microsoft Azure vWAN, secured by WedgeARP. During this current COVID-19 Pandemic, Wedge is doing its part to step up and battle the increased hacker activities by helping to close the cracks and security holes that legacy VPNs are showing.

Accton Technology and Wedge Networks Partnership Launches Orchestrated Secure SD-WAN

Posted on April 8, 2020 by PR and Media

Powered by Accton uCPE Platforms, Wedge’s Absolute Real-time Protection Solution Is Successfully Deployed in Modern Beauty, Canada’s Best Managed Beauty Products Retailer

Calgary Canada, and Hsinchu Taiwan– April 8th, 2020 –Accton Technology and Wedge Networks have collaborated to port Wedge’s AI-based Absolute Real-time Protection (WedgeARP™) software system to Accton’s high-performance, open uCPE platforms. This joint solution enables MSSPs and business customers to deploy end-to-end secure SD-WAN across their entire organizations, thus achieving rapid growth and cost savings demanded by today’s real-time enterprises. The solution has been validated through a successful piloting with Modern Beauty Supplies, one of the best managed nation-wide retailers in Canada, which has storefronts from coast to coast.

With centrally managed policies, best-of-breed threat intelligence, and intuitive analytics, this solution orchestrates deep inspection-based security VNFs (Virtual Network Functions) either on small footprint uCPEs or in enterprise/service provider data centers to deliver high performance and high efficacy security services from the edge to the cloud. Specifically, the deep learning threat prevention engines in WedgeARP™ can autonomously block advanced threats in real-time and at the network edge, thus bring tremendous savings in both time and capital for the business owners.

Modern Beauty Supplies, Canada’s leading beauty supplies retailer, has been bucking retail trends since its establishment in 1986, growing to many locations across Canada. Modern Beauty needed a robust, secure operational network connecting its many showrooms and satellite offices to be an ultra-efficient real-time enterprise.

“Modern Beauty prides itself in its unmatched customer-first focus, providing quality, leading edge products, and at the most affordable pricing. We rely on automation and fiercely loyal and hardworking employees to deliver uncompromised customer services. Our growth requires us to continuously invest in an IT infrastructure that streamlines our flow of products from the supply chain all the way to the consumer and beauty services professionals. We needed a solution that can be effectively managed with integrated security functions situated close to where they are needed, that is cost effective and robust. The innovation from Wedge Networks and Accton allows us to address this need,” remarked Mike Jomaa, Founder & CEO of Modern Beauty Solutions.

“Like any other customer-facing business, we are targeted with cyberattacks – continued probing for vulnerabilities, ransomware, phishing, to name a few. After deploying WedgeARP™ to protect our HQ network we immediately reaped the benefit of stopping such attacks; providing the same level of security across our branch offices is the goal of this piloting. We leaned on Wedge and Accton and are very happy that they have delivered this solid solution. Before this innovation, the options available to us were to either deploy branch firewalls, which offer minimal security feature sets that are not a match to the level of cyberattacks we experience, or to tunnel back all branch office traffic to HQ where traffic can be services by our HQ network,” added Amer Jomaa, COO of Modern Beauty Solutions.

“The combination of Accton’s high performance and open uCPE platforms and the WedgeARP™ software delivers a best-of-breed secure SD-WAN solution that is demanded by distributed, cloud connected businesses world-wide,” explained Michael Lane, Vice President of Accton Technology. “This innovation is a testament of the shared vision of both partners and our abilities to design and develop high quality uCPE platforms with advanced security functions. It will allow both partners to better serve their respective customers.”

“Accton and Wedge have been working together to address the demands of distributed businesses to effectively manage their security, at the WAN, the new emerging security services edge in the cloud. Modern Beauty is a model of today’s visionary, successful businesses that uses information technologies and automation to focus on serving their customers’ needs anytime and anywhere,” said Dr. Husam Kinawi, Chief Scientist and President of Wedge Networks. “With their rapid growth, Modern Beauty challenged us to provide a robust solution to cost effectively manage and secure their ever-expanding network edge. We are proud of our work with Mike and the team at Modern Beauty which resulted in this world class innovation for securing SD-WANs, and more importantly, for securing the cloud connected world.”

About Modern Beauty Supplies
Established in 1986 by Mike and Fay Jomaa in Calgary, Alberta, Modern Beauty is one of the largest beauty suppliers in Canada and is the exclusive distributor of numerous professional hair and beauty brands. Today the company is still a family owned and operated business with a team of over 200 dedicated and committed individuals. The company is consistently looking for new ways to provide its clients with exceptional service by utilizing the latest technology and innovations. The company currently has 24 store locations across Canada.

About Accton Technology
Accton Technology Corporation is a global premier provider of networking and communication solutions for top-tier networking, computer, and telecommunications vendors. Leveraging its advanced hardware engineering, software application, and system design capability, Accton collaborates with its strategic partners to architect, develop and manufacture the innovative, leading-edge network products. Accton’s evolving core technology and its highly qualified global workforce enable it to deliver superior distributed virtual network solutions that are affordable and robust to variety market segment.

About Wedge Networks
Wedge Networks, Inc. is a leading orchestrated threat management (OTM) solution company. Its innovative technology platform, Wedge Absolute Real-time Protection (WedgeARP™), is a software defined orchestrated network security system. Deployed in data centers and network edges by enterprises and managed security service providers, WedgeARP™ inspects, detects, and blocks in real-time, malware and cyber threats (known, unknown and customized). Twice bestowed with Build-In-Canada Innovation awards, Wedge Networks is headquartered in Calgary, Canada with international teams in the North America, Asia Pacific, and the Middle East and North Africa regions.

For more information on Wedge Networks, visit http://www.wedgenetworks.com/

Media Contacts:
Please forward any media or PR inquiries to: PR@wedgenetworks.com

Posted in Industry News, Latest Security News, Product and Services Updates, Wedge News | Tagged Accton Technology, Accton uCPE Platform, Managed Security Services Providers, Modern Beauty, MSSPs, Orchestrated Secure SD-WAN, Wedge Absolute Real-time Protection | Leave a comment

Dispelling the Major Fallacy Surrounding WFH Security During This COVID-19 Pandemic

Posted on March 23, 2020 by Wedge Chief Scientist

WFH has now become the new norm across the globe as nations shut down borders, governments impose travel bans and group gathering restrictions, and organizations ask their employees to stay at home. As we’ve written in earlier blogs, the impact that this has had, especially on organizations who had not incorporated capabilities into their networks to allow their workers to access their servers from home, has been devastating in some instances. We’ve read that in some cases, workers are basically on paid vacations due to the fact that they are unable to access the work files they need while they are quarantined at home. Productivity has taken a massive hit and this does not bode well for the global economy as we all try to weather this global storm.

Because of this new reality, we are seeing a proliferation of tech articles providing advice and hints to organizations who now find the majority of their workforce working remotely. In a recent HelpNetSecurity article, several other cybersecurity implications are outlined that result from the shift from people working at the office to working from home. The biggest point brought up is that the shift to WFH greatly widens an organizations’ attack surface. Because many employees may use their own devices for work, it introduces new platforms and operating systems into the mix that require their own dedicated support and security; often which their companies are unable to adequately provide. As such, according to the article, “With so many devices being used, it’s likely that at least some will fall through the security cracks.” They, like other articles, also continue to bring up the thought that while workers are physically outside the walled fortress of their corporate networks while they work from home, they can no longer be protected.

To add to that, hackers and bad actors are relentless, utilizing the COVID-19 pandemic to step up their efforts to infect networks, sow chaos and line their pockets; stepping up attacks and hitting organizations when they’re down and unable to protect their workers in the growing WFH norm. Showing that they really have no sense of morality, hackers have stepped up their attacks on organizations that are being hardest hit right now during this crisis and that are the most in need by the public.

As highlighted by a recent Wired article, hackers continue to wreak havoc. For example, in the Czech Republic, Brno University Hospital was hit by ransomware and they have still not fully restored digital services. Unfortunately, ransomware on hospitals is the norm, as hackers bank on the urgent need for these organizations to function, especially in crisis situations such as now, that will push administrators to simply pay the ransom. These attacks can cause life and death situations in normal situations so in pandemic and crisis situations, it becomes orders in magnitude worse.

On top of that, the article goes on to say that it is not just monetary gain that hackers are looking for during this time. Some of the attacks are being carried out by nefarious nation-states looking to implant spyware in order to carry out surveillance operations and are taking the COVID-19 opportunity to carry out these plans. With the overall daily internet usage greatly increasing during this pandemic, more people are online and are thus seemingly at more risk.

So, what is the thought that both of the above articles seem to be getting at? They, and other articles that we’ve seen as of late, tend to lean on the idea that it is “impossible to completely secure employees working from home”. This is an unfortunately widespread fallacy that we would like to dispel. Although we understand that many organizations are having a tough enough time just trying to put in place infrastructure that will allow their employees to work from home, they don’t have to let cybersecurity fall by the wayside. With Wedge’s PlanV – Secure Remote Office Solution, organizations can be assured that their workers can actually be completely secured, even while working from home. Based on the Wedge Absolute Real-time Protection (WedgeARP) platform, real-time detection and blocking of all malware can still be provided to those not protected by the fortified corporate castle within the organization’s physical office.

PlanV offers some key benefits to organizations, including:
1. Allowing workers to access their workplace systems to achieve the same productivity while working from home.
2. Providing real-time threat protection for both the home office and corporate infrastructure.
3. Improving the economics of the WFH environment, lowering worker commute times, reducing bandwidth and office space costs and allowing for centrally managed security – blocking malware before it can even enter your network.

PlanV is both platform and OS agnostic so can provide protection to any and all connected devices; preventing any from falling through the security cracks. For those organizations who already have a VPN infrastructure, WedgeARP can be easily deployed into their VPN Cloud to protect all connected systems. For those organizations who have not yet implemented a VPN infrastructure, Wedge provides professional services to help quickly set up remote offices with Microsoft Azure vWAN, secured by WedgeARP. Contact us at: info@wedgenetworks.com to learn more. We’re here to help all those organizations facing difficulties as they move forward in this exploding WFH paradigm.

Posted in Industry News, Latest Security News, Wedge News | Tagged COVID-19, Maintaining Productivity While WFH, Major Fallacy, Protecting WFH, Real-time protection, Secure Remote Office Solution, Wedge PlanV, WFH | Leave a comment

COVID-19 is Resulting in Greatly Increased WFH Situations. AND It’s Also Causing a Surge in COVID Themed Cyberattacks!

Posted on March 20, 2020 by Wedge Chief Scientist

The world is in full blown pandemic mode as a result of the COVID-19 virus. We hear on a daily basis that more countries are closing their borders to foreign travellers and, on a more local level, provincial and civic governments continue to urge their citizens to stay at home so as to help prevent the spread of COVID-19. This has thus resulted in a vast number of organizations having their employees work from home (WFH). While many organizations had already started down the path with the WFH movement, this current pandemic has forced many organizations to greatly accelerate the timeline to update their infrastructure to allow their workers to VPN into their servers in order to access documents and files that they need to be able to do their jobs.

Unfortunately, with the accelerated timelines, many organizations and their network infrastructures are ill-equipped to handle the greatly increased load caused by having most or all of their employees VPN or access their networks remotely. That, and more often than not, security concerns are an afterthought, leaving organizations’ servers, as well as the employees working from home, even more vulnerable to cyber security threats and attacks.

In an article from Forbes, they mention that “Even before people began working at home during the COVID-19 pandemic, enterprise level ransomware was up 12% in 2019 with total costs of as much as $11.5B.” One can only imagine how lessened security for those working from home could even further increase these numbers. The article continues by saying that “Being safe from malware requires some work on your part and coordination with your IT department, but planning ahead will give you more peace of mind and allow you to continue being productive, even while working away from your office.” It also goes on to provide some good steps that employees can take to prevent, detect, mitigate and recover from malware, such as ransomware.

We won’t go into those here as they are laid out quite nicely by the aforementioned Forbes article. Instead, we want to press further and bring up the fact that the COVID-19 pandemic is creating an almost perfect storm for hackers and bad actors to increase their attacks. With millions of people now WFH, without adequate protections against cybersecurity attacks now that they are no longer protected behind their organizations firewalls and other expensive security defences, hackers are making a concerted push to attack these workers.

In an article from MSN, they bring up that COVID themed attacks are exploding. Cleverly designed emails are being sent out to look like they are from work supervisors with malicious attachments on the new “work from home policy”. When combined with diversions resulting from parents having to take care of their kids while at home, or other things that might provide distractions, workers are at greater risk of clicking on links that may be malicious. On top of that, COVID-19 has people very scared and looking for answers. Many hackers are using social engineering to prey on these fears, disguising malware within emails that look like Coronavirus Awareness information, or crowdfunding pages purported to help those fallen ill. The wicked do not rest and COVID-19 has provided a new theme for hackers to use to try to get people infected.

Thankfully, there is a ray of hope that is shining out of COVID-19’s dark clouds. Wedge Networks has been on the leading edge of providing real-time threat protection for both home office and corporate infrastructure. We understand that when your employees are working outside of your well-fortified corporate castle, they are not protected by all of the expensive defences that your organization has installed over the years, including EDR/MDR/ Sandboxes, Network Traffic Analyzers, and Firewalls / NGFW / SWG / IDPS. In order to help protect the increasing levels of WFH workers, Wedge offers PlanV – Wedge’s Secure Remote Office Solution, based on the Wedge Absolute Real-time Protection (WedgeARP) platform. For those organizations who already have a VPN infrastructure, WedgeARP can be easily deployed into their VPN Cloud to protect all connected systems. For those organizations who have not yet implemented a VPN infrastructure, Wedge provides professional services to help quickly set up remote offices with Microsoft Azure vWAN, secured by WedgeARP.

PlanV offers some key benefits to organizations, including:
1. Allowing workers to access their workplace systems to achieve the same productivity while working from home.
2. Providing real-time threat protection for both the home office and corporate infrastructure.
3. Improving the economics of the WFH environment, lowering worker commute times, reducing bandwidth and office space costs and allowing for centrally managed security – blocking malware before it can even enter your network.

To learn more about how Wedge’s PlanV – Secure Remote Office Solution can help your organization to secure its WFH population, contact us at: info@wedgenetworks.com. Our team wants to do its part in helping to secure workers around the world who are working from home during this unprecedented time.

Posted in Industry News, Latest Security News, Wedge News | Tagged COVID-19, COVID-19 Malware, Real-time protection, Secure Remote Office Solution, VPN, Wedge PlanV, WFH, Working From Home | Leave a comment

COVID-19 Has Employees Working From Home: Is Your Organization’s Remote Access Secure?

Posted on March 17, 2020 by Wedge Chief Scientist

COVID-19’s effect on the global business community has now become far reaching. WFH (Work From Home) is now a typical part of the lexicon as organizations around the world try to stem the spread of the virus amongst their workforce. As such, a lot of more of the recent digital blogs that we’ve come across now offer a wide variety of tips to employees working from home, in an effort to ensure that they’re protected from hackers and scammers while they work outside the security walls of their organizations. One such blog from Kim Komando, brings up a few good points to put those working from home on their guard so that they don’t get scammed. Hackers and scammers are getting very adept at using easily gotten tools such as key loggers to obtain confidential information and even AI technology to spoof the voices of those you would normally trust in order to trick you into doing things that you shouldn’t. Without the added protection of the organization’s internal network protections, many of those who WFH are left wide open potential threats as many are not adequately trained on, nor are they adept at enabling IT Security at home.

At least many of the better funded and more adept organizations out there can help protect their staff, even when they work from home, by providing them access to the company’s network through VPN. Or, they can ensure that their company issued devices have built-in firewalls in order to offer at least some protection by allowing direct access to the company’s servers and data. The only downfall is that if the company’s network does not have adequate security services, end-users could still be open to attack and potential threats.

The great news is that in this ever-growing WFH requirement, there is a solution available to organizations that provide 100% secure remote access to their employees. Wedge now offers “PlanV”, a Secure Remote Office Solution that enables productivity and security for those working from home. For those organizations who already have VPN infrastructures in place, Wedge’s Absolute Real-time Protection (WedgeARP) platform can be easily deployed in their VPN cloud to protect ALL connected systems. Meanwhile, organizations who currently do not have a VPN infrastructure available, can work with Wedge’s professional services group to quickly set up remote offices with Microsoft Azure vWAN, secured by WedgeARP.

PlanV offers organizations several benefits, including:
1) providing workers access to workplace systems to achieve the same level of productivity as if they were in the office,
2) enabling real-time threat protection for both home offices as well as the corporate infrastructure, and
3) economically lowering commute, bandwidth and office space costs while still managing network access and security centrally; blocking any and all malware before it can enter into the network.

To find out more about how your organization can protect its workers as they are being forced to work from home during the COVID-19 crisis, contact the Wedge Team at: info@wedgenetworks.com. Our team can ensure that your organization’s remote access is secure, giving your IT Staff one less thing to worry about during this unprecedented global pandemic.

Posted in Industry News, Latest Security News, Wedge News | Tagged COVID-19, Enabling IT Security at Home, PlanV Secure Remote Office Solution, Remote Access, Remote Office, VPN, WFH, Work From Home | Leave a comment

Critical Infrastructure: Another Key Target for Ransomware Attacks

Posted on February 25, 2020 by Hongwen Zhang, PhD, CTO & Cofounder

We’ve written about this in the past, especially after malware such as Stuxnet spread like wildfire a few years back in Critical Infrastructure organizations. We also elaborated on the amount of damage that could be caused if control systems were compromised at things such as power and other critical plants. With the type of damage that is possible, it is no wonder that Critical Infrastructure continues to have a big target on its back when it comes to hackers looking to do harm. The good thing is that government agencies, like the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), continue to monitor and provide warnings to all industries that operate critical infrastructure about new cyber threats such as ransomware that show up.

So, it wasn’t a big surprise when an article surfaced recently discussing about a recent advisory that CISA had issued in response to a cyberattack targeting and unnamed natural gas compression facility. This attack used spear-phishing to deliver ransomware to the company’s internal network. Critical data ended up becoming encrypted and operations at the facility were down for almost two days as the organization initiated a deliberate operational shutdown which resulted in lost productivity and revenues.

The surprising thing about this attack was that it was limited to Windows-based systems and did not impact any programmable logic controllers (PLCs), which would be typical in this case in order to shut down critical control systems. The company was able to recover from the attack by retrieving and putting replacement equipment in with last-known-good configurations.

On the other hand, another article put out by the register, on this same incident, paints a less than rosy picture about how the attack was carried out. In their article, it was brought up that the malware that did the damage to this natural gas plant was “a common or garden strain of file-scrambling Windows ransomware” and, although it didn’t result in any physical damage to equipment of any of the PLCs that directly control the gas flow, it was spread from an office computer through the plant’s IT network to the operational network. According to the CISA, the plant’s operator fell short on separating its IT network from the operational systems of the plan, making it easier for the malware to move between the two networks when they really should have been isolated from one another, usually through some sort of air gap.

While malware infections at critical infrastructure organizations, such as oil and gas plants, have always been seen as potentially catastrophic, usually, the attackers utilize purpose-built malware and spyware to inflict as much damage as possible to the infrastructure. In this case, because of what could be seen as less than stellar security, “commodity” ransomware was able to do damage just by going through the network looking for Windows-based PCs to lock up.

So, in this sort of scenario, what can be done to help prevent attacks like these? Well, for one, it is probably best to ensure that there are air gaps put in place between IT networks and OT networks. At the same time, what can be done at the outset in order to prevent the spear-phishing attack from even entering the IT network in the first place? Critical Infrastructure organizations should consider putting in place solutions such as Wedge’s Advanced Malware Blocker (WedgeAMB).

Instead of relying on employees to be on the lookout and NOT click on potentially harmful links, as well as using a Detect and Remediate approach to security, WedgeAMB instead allows the organization to implement a DETECT and BLOCK approach. By detecting the phishing attack and blocking it BEFORE it even gets to the employees’ computers, it eliminates the possibility of further allowing the ransomware payload from getting downloaded and causing whatever damage it is looking to do! At Wedge, we’re trying to do our part to help secure Critical Infrastructure facilities by offering a FREE 90 day trial of our WedgeAMB product. Contact us at: info@wedgenetworks.com to find out more!

Posted in Industry News, Latest Security News, Wedge News | Tagged CISA, Control Systems, Critical Industries, Critical Infrastructure, Critical Infrastructure Protection, Programmable Logic Controllers, Ransomware, Wedge Advanced Malware Blocker | Leave a comment

Continuing with the Healthcare Industry, Here are Some of the Numbers…

Posted on February 20, 2020 by Wedge Chief Scientist

As we covered Healthcare a fair bit last week, I just wanted to pass along some of the recent numbers that reflect the dire situation that the industry continues to find itself in. Forbes published and article a couple of days ago that provides some telling numbers from the US Healthcare industry and a bit of history surrounding how it has been targeted since the first ransomware attack in 1989. Unfortunately, ransomware continues to be the thorn in the side of healthcare even today.

So, down to the numbers. According to a recent report from Comparitech, in the US Healthcare industry alone, 172 ransomware incidents have cost more than $157MM over the past four years. The interesting thing to note is that the actual ransom demands only accounts for 11% of that figure. The OTHER 89% of costs can be attributed to remediation costs and downtime!!

Damage has been incurred across the US, with attacks reported in ALL but five states: Maine, Montana, New Mexico, North Dakota and Vermont. Interestingly, California has been hit the hardest during this time with 25 ransomware incidents reported. Of the more than 1,400 clinics, hospitals and organizations impacted, 75% of attacks have been focused mainly on hospitals and clinics; the front lines of healthcare where downtime can cause life or death situations.

The unfortunate thing is that, although ransomware attacks result in network downtime, reduced patient care and lost time and resources, it is now also frequently targeting the databases that contain highly sensitive and confidential patient records. This is a disturbing trend as, according to the Forbes article, medical records are a hot commodity on the Dark Web marketplaces, where they can often command more than 4 times the price of stolen social security numbers. Factoring in the potential for identity theft, this could potentially cause the total related costs of these ransomware attacks on the healthcare industry to explode!

So, getting back to what the Healthcare Industry can do to help reduce the ongoing effects of ransomware, we refer back to our previous blog. Healthcare has to take a long hard look at what its doing to protect itself. Considering the fact that it’s now 31 years later and the attacks and severity continue to increase, it’s time for the industry to try something new. Instead of the Detect and Remediate approach that has long been in use, and that can be attributed to 89% of the costs that have been incurred over the past 5 years, the industry really has to look at the Detect and Block approach; utilizing a solution that can literally STOP the ransomware from even entering the network. Find out more by contacting our team at: info@wedgenetworks.com and see how you can take advantage of the FREE 90 day trial of the Wedge Advanced Malware Blocker (WedgeAMB) which is spearheading some of the needed security changes in cybersecurity for the healthcare industry.

Posted in Unclassified | Tagged Costs of Remediation and Downtime, Healthcare, Healthcare and Ongoing Target, Identity Theft, Medical Records, Ransomware, US Healthcare Industry | Leave a comment

Healthcare Industry Still Under Siege: Why They’re So Bad at Cybersecurity and Why Backups are No Longer a Solution Against Ransomware

Posted on February 13, 2020 by Wedge Chief Scientist

Over the weekend there were a couple of articles that popped out at me, mainly because it’s in an industry that we’ve been making strides to protect with our WedgeARP platform and our WedgeAMB product. This industry is of course, the healthcare industry and it is continuously under attack from hackers because of the amount of damage that they can cause to essential services and, consequently, the payday that they can extract from accessing private health records and holding critical systems hostage, especially in life-or-death situations.

The first article, from CBC, brings up the fact that healthcare providers across the country continue to get hit by ransomware. Despite having security in place, eHealth Saskatchewan, which manages the provinces personal medical records, appeared to have leaked files from its servers to suspicious IP addresses in various countries in Europe. This discovery was made during forensic analysis that resulted from a recent ransomware attack. It was found that although it was initially thought that the attack began on January 5, 2020, the initial virus entered the organization’s health system as early as December 20, 2019. Employees did not discover any problem until they tried opening files on January 6th, 2020 and were requested for bitcoins in exchange for unlocking the files they needed to access. Although eHealth’s CEO, Jim Hornell, stated that the affected server mainly contained administrative files, such as emails, it’s not clear whether this server was in communication with other servers in the network. Despite backups being available, since the servers were breached and data encrypted and leaked offsite, the organization can never be sure whether confidential information had been compromised, even after they got their systems up and running again. Scary stuff when organizations such as these can get back up and running from their backups but still manage to lose confidential information from the attack!

The second article, from Ars Technica, is a much more in-depth read and serves to bring home some very critical points. From CBC’s article, we see that healthcare organizations continue to get hit, but this article tries to understand why healthcare continues to be so bad at securing themselves, despite the fact that they are aware that their networks are value targets. Despite the fact that the healthcare industry deals with life-or-death scenarios on a daily basis, they continue to have issues securing themselves. In 2019, the industry continued to get hit with data breaches, and ransomware attacks, costing to the tune of $4 billion. A case in point on how bad things are getting, five US healthcare organizations had reported getting hit by ransomware attacks in a single week in June of last year!! Because of the potential payday for hackers, their attacks are becoming more severe and more sophisticated as well!

So, what’s the problem? The Ars Technica article brings up what we believe are several salient points:

1. The “Last Mile” awareness problem: The number of patient using implantable devices that are potentially prone to cyber-attacks, and even patients connected to devices at home or elsewhere, may not be aware of the importance of receiving updates and patches to fix potential vulnerabilities in order for their devices to continue functioning safely and effectively.

2. A late start and continued lack of oversight: Government organizations have only recently been overseeing the issue of cybersecurity within the healthcare industry and are met with a lot of pushback from device manufacturers when it comes to regulating and addressing cybersecurity issues. Although many large healthcare organizations are recognizing the risk and are investing resources into prevention, for a vast majority of organizations, because of lack of or continued reduction in funding, the priority for cybersecurity gets pushed way down on the list.

3. Hospitals are notoriously bad at patching: With patching of medical devices taking time and resources, and with no regulatory requirements for healthcare organizations to do so, it is not surprising that this fairly effective cybersecurity activity is not taking place regularly. With no standardized protocols for patching and with so many different devices running both new and old operating systems, it becomes unwieldy to put together a regular patching protocol.

4. There is a lack of research on the effects of cyber attacks on these organizations: Not enough studies have been undertaken to provide concrete evidence of delays in emergency care and mortality rates that have directly resulted from cybersecurity incidents. The evidence may very well be enlightening on just how lives could very well be affected but ransomware and other malware attacks on the healthcare industry and could spur regulators to expedite cybersecurity requirements.

5. Understanding “risk”: Doctors do not understand cybersecurity risks, or they view it with a different lens as a result of their medical training. That being so, their idea of risk doesn’t equate to how the cybersecurity industry understands risk. Doctors consider the percentage of people who might get infected and how to mitigate that as opposed to looking at the exploitability of the infections and how they could be evolved for more nefarious purposes.

6. Lack of staffing: Even if the other salient points were taken care of, there remains the fact that there is still a fundamental issue affecting healthcare security. That is that they work with a limited amount of personnel and resources; and unfortunately, the first area that is cut or reduced is usually IT.

Thus, we see that there are a variety of reasons why the Healthcare, while continuously under siege by cyber threats, continues to hobble along. Many are the issues are inherent to the underlying mentality and understanding surrounding Cyber threats and the effects of attacks, while some come down to resource and lack thereof.

What we here at Wedge are trying to do, with our WedgeARP platform and WedgeAMB product, is to show that there is a solution that can help to alleviate at least some of the issues as listed above. With more visibility into the healthcare networks, and with tools such as AI and Machine learning that can detect and block malware such as ransomware in real-time, issues such as the “Last Mile” awareness and patching become non-issues.

From a reduced resource perspective, being able to PREVENT attacks from happening is a much more cost-effective way of dealing with cyber security than trying to remediate effects after the fact. For those healthcare organizations who are struggling to find resources in order to defend from and mitigate against cyber attacks, they should consider that PREVENTATIVE solutions such as WedgeAMB can provide much greater ROI than utilizing a Detect and Remediate approach. This can often alleviate lack of staffing issues, especially when WedgeAMB, with its single pane of glass management console, greatly reduces the need for staffing by minimizing and consolidating alerts and reports so that they can be much more easily managed than other solutions on the market.

Finally, with built in reports and wider visibility into what is going on within the network, WedgeAMB provides many of the tools needed for the incoming government regulation and oversight that is no doubt in the works. By generating insights into where the network is vulnerable, Healthcare Industry security teams can better understand where they need to shore up defences and where they can make better decisions on resource outlays.

At Wedge, we are continually working on ways that we can help beleaguered and hard hit industries like healthcare. In order to see how we can help your organization, feel free to drop us a line at: info@wedgenetworks.com. As always, we offer a FREE 90 day trial of our Wedge Advanced Malware Blocker (WedgeAMB) to any and all organizations in the healthcare industry. We are striving to be one of the networks security companies that can actually spearhead some of the needed change within healthcare cybersecurity!

Posted in Industry News, Latest Security News, Wedge News | Tagged Back-up Systems Not Longer a Solution, Detect and Block vs Detect and Remediate, eHealth Saskatchewan, Healthcare, Life or Death Situations, Preventative, Ransomware, Under Siege | Leave a comment

Haven’t Received Your Packages as of Late? Blame Ransomware!

Posted on February 7, 2020 by Wedge Chief Scientist

An interesting article came across my desk yesterday, posted by Zdnet, which centred around how deliveries across Australia have been delayed recently. Now many would figure that it was weather related or something similar as we have seen the news articles of how wildfires are still raging across the country creating havoc. However, in this case, it was not Mother Nature, but the work of hackers that was causing delays.

Australian transport and logistics company, Toll Group was hit by a targeted ransomware attack last Friday (now being blamed on a new variant of the”Mailto” or “Kokoklock” ransomware), infecting as many as 1000 servers. This led to the company having to immediately isolate and disable various systems in order to limit the spread and effects of the attack. By Monday, the company, which employs over 40,000 workers, had to shut down a number of systems, including several of its customer-facing applications. Thankfully, although Toll Group does not believe any personal data has been lost from its systems, the incident has meanwhile resulted in the company having to revert to manual processes in order to clear the backlog of undelivered packages that the ransomware had caused. Toll Group’s update to its customers can be seen here. Fortunately, Toll’s customers are able to continue to access the company’s services across a large part of its global network; however, the company has had to increase its staff in order to help with the continued backlog that the ransomware caused.

While Toll Group battles through the effects of ransomware infiltrating its systems, this need not have happened. Wedge recently worked with one of the world’s fastest growing global logistics companies (PGL) to prevent exactly what occurred with Toll Group. Based out of Texas, PGL transports over 250,000 tons of air freight annually. One of the company’s top priorities is ensuring its customers’ confidential data while providing its end-to-end shipping, transportation and logistics services. Like in the Toll Group case, with the critical nature of its freight and custom-clearance services, along with its 24/7 package tracking, PGL cannot afford to have any system downtime.

As such, PGL worked with Wedge and deployed the Wedge Absolute Real-time Protection (WedgeARP) orchestrated threat management platform into its main data centre in order to eliminate malicious attacks to its on-premises and cloud infrastructure. With WedgeARP’s embedded artificial neural network, each of PGL’s locations are protected from all threats, in real-time, with ransomware, APTs, backdoors and other never-before-seen malware being detected and BLOCKED before they can reach any endpoints.

”We cannot afford any downtime whatsoever if we are going to succeed in this very competitive industry. If we should ever get hacked, our competitors would eat our lunch. That’s why we are always looking for proven solutions to keep us several steps ahead of potential attacks. WedgeARP has truly shown its value to us in this respect, blocking several zero-day attacks that our other solutions didn’t even detect! It’s amazing to me that we’re getting thorough malware protection from a solution that has introduced literally no performance degradation into any of our systems and services.”
-PGL IT Director, Steven Calton II

In PGL’s case, WedgeARP’s AI engine was able to detect and block several advanced threats and never-before-seen malware that the company’s existing firewall and UTM solutions did not catch. With large-scale security implementation across its offices worldwide, WedgeARP provides effective real-time threat management services through its orchestrated threat management platform that incorporates the industry’s best-of-breed solutions; all managed through a single pane of glass. Had Toll Group utilized the WedgeARP solution, perhaps they would not be facing the issues that they are currently dealing with.

If your organization is struggling to find a solution that will protect its valuable customer database and customer facing systems, drop us a line at: info@wedgenetworks.com. Wedge provides a FREE 90 day trial of its Wedge Advanced Malware Blocker (WedgeAMB) that runs on the WedgeARP platform. Attacks like the one that hit the Toll Group CAN be prevented!

Posted in Industry News, Latest Security News, Wedge News | Tagged Detect and Block, Kokoklock Ransomware, Mailto Ransomware, New Ransomware Variations, PGL, Toll Group, Transport and Logistics, Wedge Absolute Real-time Protection, Wedge Advanced Malware Blocker | Leave a comment

The Endpoint Protection Numbers Are In And It’s Not Looking Pretty – Endpoint Attacks Are Still An Ongoing Issue

Posted on February 5, 2020 by Wedge Chief Scientist

Help Net Security published an article at the end of January that highlighted several Ponemon Institute findings and the fact that “Organizations are not making progress in reducing their endpoint security risk, especially against new and unknown threats…” According to a Ponemon Institute study, 68% of IT security professionals surveyed admitted that their companies experienced one or more endpoint attacks that compromised data assets and/or IT infrastructure, increasing from 54% of those surveyed in 2017.

The big thing that was revealed in the study its that of the incidents that were successful, 80% of them were caused by new or previously unknown malware that either exploited undisclosed vulnerabilities or that used malware variants that signature-based solutions were unable to recognize.

To make things worse, these increased attacks also inflicted more business damage than before, with the Ponemon Institute findings showing that that the average cost for endpoint breaches increased by more than $2MM from 2018 numbers to sit at an average of $9MM in 2019.

According to Larry Ponemon, Chairman of the Ponemon Institute, “Over half of cybersecurity professionals say that their organizations are ineffective at thwarting major threats today because their endpoint security solutions are not effective at detecting advanced attacks.”

This is definitely not a good sign, especially as more and more businesses move their networks and digital assets to the cloud.

What could be a silver lining in this ongoing fight against malware is that as organizations continue the shift to Windows 10, with Windows Defender AV built into the operating system, enterprise security strategies are changing. Ponemon reports that 80% of organizations are using, or are planning to use, Defender AV for savings over their legacy anti-virus solutions. These savings are then being reallocated towards adding a layer of advanced threat protection in endpoint stacks along with an increase in IT resources.

Although Endpoint Detection and Remediation (EDR) adoption is increasing as a way to increase advanced threat protection for endpoints, the study showed that organizations are finding that costly customization and false-positive alerts are significant challenges in their EDR adoption. Those who have not adopted these solutions state that they have a lack of confidence in EDRs ability to prevent zero-day threats. Security staffing limitations are also a top reason why EDR solutions are not adopted.

At Wedge Networks, we’re gearing up to be part of the changing security strategies. Organizations can add that extra level of threat protection with the Wedge Advanced Malware Blocker (WedgeAMB), a product from Wedge’s Absolute Real-time Protection (WedgeARP) line. WedgeAMB combines: 1. Deep Content Inspection, so that it can see ALL content going through the network and improve on detection accuracy, 2. Orchestration of the industry’s best-of-breed security services, to cover all advanced threats, 3. Artificial Intelligence and Machine learning, to detect never-before-seen and zero-day malware, and 4. SubSonic and GreenStream – hyper streaming technologies, so that malware detection and blocking can occur in Real-time with no perceptible latency.

In addition, to help increase EDR adoption, when WedgeARP is added to the mix, it becomes the tool of choice for Managed Detection and Response (MDR) providers. With WedgeARP and a capable EDR system in place, organizations can access a potent solution that can Detect and Block malware in Real-time (instead of waiting for minutes and hours for results to come from a sandbox), while allowing MDR providers to offer Real-time remediation through the interactions with their EDR system. WedgeARP, combined with EDR, greatly reduces false-positive alerts, provides EDR solutions with the ability to prevent zero-day threats, and, with its built in analytics and alerts, greatly reduces the IT resources needed to manage the solution.

So, although the Ponemon Institute report continues to paint a bleak pictures of the state of endpoint protection, there are things that organizations can and SHOULD do in order to help themselves. If your organization is concerned about its endpoint protection capabilities, contact us at: info@wedgenetworks.com. Wedge offers its WedgeAMB for FREE on a 90 day trial. There is no time like the present to beef up your endpoint security!

Posted in Industry News, Latest Security News, Wedge News | Tagged EDR, Endpoint Attacks, Endpoint Detection and Remediation, new and unknown malware, Real-time Detection and Blocking, WedgeAMB, WedgeARP, zero-day | Leave a comment

Main Website Links
Wedge DCI Search

Search for:
Wedge Calendar
December 2025

S M T W T F S

1 2 3 4 5 6

7 8 9 10 11 12 13

14 15 16 17 18 19 20

21 22 23 24 25 26 27

28 29 30 31

« Jun
Recent Posts
Recent Comments
- Ram Bathala on Calgary’s Wedge Networks Looks to Channel for Enterprise Push with Malware-Blocking Product
- Eva on Milliseconds Versus Minutes – The Difference Between Prevention and Remediation
- Smithb on Wedge Adds AI for Better Malware Blocking
- Abram on Wedge Joins MEF to Boost World’s Third Network Security
- David Millar on 5G & IoT Dominate MWC16
Archives
- June 2025
- May 2025
- March 2025
- February 2025
- December 2024
- November 2024
- June 2024
- March 2024
- February 2024
- December 2023
- October 2023
- June 2023
- May 2023
- February 2023
- January 2023
- November 2022
- September 2022
- August 2022
- July 2022
- June 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- September 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- October 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- March 2018
- February 2018
- July 2017
- June 2017
- May 2017
- April 2017
- February 2017
- November 2016
- October 2016
- September 2016
- May 2016
- April 2016
- March 2016
- February 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- June 2015
- May 2015
- April 2015
- March 2015
- December 2014
- November 2014
- October 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- April 2013
- November 2012
- October 2012
- September 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- June 2011
- May 2011
- February 2011
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
Categories
Meta
Kaspersky ThreatPost
- Student Loan Breach Exposes 2.5M Records August 31, 2022
- Watering Hole Attacks Push ScanBox Keylogger August 30, 2022
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms August 29, 2022
- Ransomware Attacks are on the Rise August 26, 2022
- Cybercriminals Are Selling Access to Chinese Surveillance Cameras August 25, 2022
- Twitter Whistleblower Complaint: The TL;DR Version August 24, 2022
- Firewall Bug Under Active Attack Triggers CISA Warning August 23, 2022
- Fake Reservation Links Prey on Weary Travelers August 22, 2022
- iPhone Users Urged to Update to Patch 2 Zero-Days August 19, 2022
- Google Patches Chrome’s Fifth Zero-Day of the Year August 18, 2022

Main Website Links

Wedge DCI Search

Wedge Calendar

Recent Posts

Recent Comments

Archives

Categories

Meta