As we move further into the 21st century and witness the major advancements in computational power and the sprawl of web-connected devices, malware writers manage to keep up with trends and write malevolent software to match each step forward. Just like the legitimate players in the tech industries, these shadowy figures innovate and find new vectors for infection and better methods to obscure their wares from the average user and professional alike. It is safe to assume that cybercriminals are doing all they can to become more effective and virulent, and as a result the demand for the security industry’s remedies grows as well. Here is a look at some upcoming trends in malware.
While some malware aim to impose a ransom or to steal data, others take a more aggressive approach. These “wiper malwares”, such as “Shamoon”, “Black Energy”, and Destover” have the single purpose of destroying systems and the data they contain. This tends to cause a great deal of financial damage to victims, as well as ruining their reputation in many cases. Whether it is all about sabotage or a means to cover the threat actor’s tracks on the way out of a penetrated system, this is an area to watch.
“Fileless malware” is able to infect local hosts without leaving behind any artifacts on the hard drive. This makes it difficult for traditional antimalware software to detect them, as they tend to rely on virus and malware signatures to determine infection. These attacks almost doubled in 2018.
Botnets are distributed infections using many host’s computational power to infect others and perform the desired actions of the attacker, such as crypto-mining or DDosing targets. So-called “bot-herders” who control these bots have even managed to create “self-organizing” botnet swarms. Due to the promise of automated wide-spread infection, this is a very enticing method of spreading malware for threat actors everywhere.
APTs (Advanced Persistent Threats) are typically thought to originate from nation-state actors with a wealth of resources. Due to the sovereignty of nation-states, it is difficult to impossible to do anything with regard to enforcement. They are able to create customized malware of the highest order to carry out their espionage and attacks, and often aim to spy on vast numbers of users and even entire enemy or rival nations. These threats, such as the malware “Sofacy”, will only continue to grow, and have now been observed to evolve their own code.
Cryptomining, which we have looked at previously, has seen an 83 percent increase in attacks in this last year according to Kaspersky Lab, with over 5 millions infections in the first three quarters of 2018. Examples include “Mass Miner” and “Kitty”.
Threat actors have picked up development of Card-skimming malware in 2019 according to RiskIQ. These malware steal personal information at POS machines and often involve the physical planting of devices onto things such as ATMs to “skim” credit card details.
Steganography involves hiding information using methods such as encoding executable information in images, text documents, and other formats that are less traditional. Encoding malware steganographically helps evade recognition by antimalware software. Threat actors will continue to push the limits to hide their toxic software from the user and antimalware alike.
Source: Threatpost.com
————————————————————————————–
Security Technology of South Texas
or call 24/7 (210)-446-4863
Avigilon Blue and the Case for Upgrading Existing Systems
/in Business Security, Video Surveillance /by Evan YoungmanMany organizations keep regular schedules of refresh for their security technologies where they replace old equipment on a set schedule, often somewhere in the 3 to 5 year range. Some choose to keep their tech through its full usable life. In these cases, this life cycle may extend beyond warranty for the involved hardware products and past the support timeline for related software. Maintaining a balance for hardware and software upgrades is critical for keeping security threats in check and ensuring utility of security solutions. One of the most robust, nearly plug-and-play options for bringing existing infrastructure into the modern day is Avigilon’s Blue cloud-based analytics platform, which offers incredible value relative to its cost.
Avigilon Blue centers around a small piece of hardware that integrates with existing cameras while also enabling the customer to add new services and expand the platform in the future. The device is powered by Microsoft Azure to leverage cloud services deployed through a global network of trusted datacenters. The on-premise Avigilon Blue Connect device can be deployed within a day to store all video locally while also sending the data to the cloud for analytics processing. The solution offers access to Avigilon’s Subscription Center for real-time account and subscriber information and features an effortless dashboard for quick identification of trends and system behaviors. This allows isolation of issues without the need to dispatch personnel to affected sites.
Alarm notifications are analytics-based and the platform supports both Avigilon and ONVIF compliant cameras to generate real-time alarms pushed to desktops and mobile devices. The central appeal of Blue is how quickly it allows you to scale up security operations across multiple sites, in addition to the ease with which it allows takeover of existing cameras all with fewer resources and at a lower cost than the competition. Camera and system settings are adjusted remotely, with upgrades and system health checks all performed without deploying a technician.
Blue offers up to 12 TB of on-site storage which allows it to record around 30 days of HD video in addition to pushing data to the cloud to perform analytics operations. All connected cameras stream to the cloud service platform for self-learning video analytics, but use only minimal bandwidth for this task with just 10-second analytics clips pushed to the cloud. These values are based on a standard 2MP/30 fps video stream, with Blue coming in two models; a 16-channel device ( recording at 196 Mbps) to 12TB onboard storage and an 8-port device (recording at 120 Mbps) to 8TB onboard storage.
Avigilon has also given much consideration to data security, as communication is protected by 256-bit AES encryption (typical of industry leading VPN services) with controlled key management. Various encryption models are used during data in transport and at rest, and no ports are left insecure. Data storage is also redundant locally and across data centers to eliminate the risk of data loss.
The platform is scalable from just a single camera all the way up to 33+ devices and allows for unlimited user accounts. Multiple subscription plans are available for the service, with upgrades easily performed alongside growth of the business the system is protecting. All built-in ports are PoE+ and support third-party devices (ONVIF-compliant).
Contact us at admin@gostst.com
or call 24/7 (210)-446-4863
Modernizing Security for the Banking Segment
/in Uncategorized /by Evan YoungmanThe banking market is continuing to evolve with the growing use of mobile devices, and more branch operations are aiming to enhance service and convenience for the customer. With these advancements come greater potential for fraud and associated loss. Naturally, increasingly sophisticated fraud technology and techniques will require organizations to look at new approaches to prevent and detect these activities. Here we will take a look at how solutions such as Verint EdgeVR and Op-Center aim to protect this market segment in the near future.
Financial institutions face more day-to-day challenges than retail or other business environments as a general rule, due to the nature of the services they provide and how enticing they are to fraud. The industry has relied on advanced video surveillance solutions for many years already, but actively seeks to keep up with trends and the latest technologies available in order to minimize losses. Furthermore, previous solutions are less and less able to support requirements for video retention, and so catalyze this move forwards.
Solutions that hybridize a mix of both analog and digital video cameras through a secure platform to limit cybersecurity risks, enhance video capture through analytics, and simplify the process of ongoing maintenance are preferred here. One such solution is Verint’s EdgeVR and Op-Center. This platform manages video surveillance and data capture across multiple branches and is an enterprise-class, IP-based network video recording system. It is built for large scale operations distributed geographically and is fully capable of hybrid IP/analog, permitting migration to digital video to enhance long term value and reduce integration costs.
The system provides for high quality video, optimized bandwidth use, a secure, proprietary operating system and industry-leading interfaces which increases ROI.
This is paired with Verint’s Op-Center which allows the enterprise to monitor, manage and troubleshoot NVRs from a central location. Adding Op-Center reduces the cost of video system management and allows the user to configure NVRs, change device properties, set passwords, download firmware, create audit reports, and manage user rights remotely. Remote diagnostics allow rapid troubleshooting and threat identification for large NVR deployments. Using this platform, administrators can monitor an entire network of surveillance, prevent loss of video, and maximize up-time.
Video analytics are also a valuable addition for fraud mitigation. Banks can search through footage much more easily and intelligently to locate any persons of interest throughout various locations. Analytics allows operators to address red flags and suspicious events much more rapidly than in the past. The technology is useful in identifying “slip and fall” events and ensuring long term capture of relevant video for use in later investigations. One banking chain estimates that this solution from Verint has provided them an 85 percent time savings over manual methods.
Verint continues to create technologies that simplify, automate and modernize, while also allowing for migration of old video surveillance technologies. Their solutions can be a significant force multiplier to help secure a branch’s footprint, alleviate risk, improve investigations into fraud, and maintain operational compliance over many locations. Moving past the first quarter of 2019 we should expect to see more use of “Big Data” for video analytics sourced from distributed spans of IOT devices to allow the banking industry to investigate threats rapidly and produce intelligence that can be acted on.
Contact us at admin@gostst.com
or call 24/7 (210)-446-4863
The Stages of Attack or Penetration Testing
/in Security General, Smart Security /by Evan YoungmanThis is the first phase involved in penetrating a system. This is the stage during which information is gathered about the target in order to facilitate the attack. It can feature “Active” methods, such as actual social engineering in person, or “Passive” methods using searches of public records and even material from “Shodan”.
This phase involves using port scanners to look for all open and closed ports. This is carried out using port scanners such as “Nmap”, “Superscan”, and “Angry IP Scanner”. Packet Sniffers like Ethercap and Wireshark can help capture information traversing a site or network.
Using tools like Metasploit or Sqlmap, this phase looks for any vulnerabilities which can be exploited to establish access to a system or network. Control can be gained at the level of the OS, system or network. This can proceed into privilege escalation via the cracking of passwords and Dos or DDos attacks. Vulnerability scanners such as Nessus and Nipper help determine how vulnerable a system is.
If possible, the installation of a rootkit is an excellent way to maintain control over a system or network while also avoiding detection. Rootkits can disguise themselves and are difficult to detect. The installation of the Rootkit generally occurs after an attacker has successfully exploited a vulnerability in a system or network. The term “Root” refers to what the administrator or privileged account on Unix-like systems was/is called. Rootkits are able to modify at the level of the “kernel”, and removal of firmware Rootkits is often difficult to impossible.
One of the final phases, “Daisy Chaining” or “Exfiltration” aims to leave as little evidence as possible that the attacker penetrated a system. The more skilled the hacker, the less evidence he will leave. This is a critical phase to avoid being caught and to ensure that any modifications or malware installed stay in place as long as possible. Hiding tracks well closes out the attack and ultimately determines the overall success of the attack.
Source: Author
————————————————————————————–
Contact us at admin@gostst.com
or call 24/7 (210)-446-4863
The Latest Trends in Malware
/in Smart Security /by Evan Youngman