IT Security: Is Your Strategy Adopted by Employees

/0 Comments/in /by

Patrick Sweeney, executive director of product management, SonicWall Security Products once said “At any given moment, every organization in the world is a few packets away from an imminent infrastructure disaster!” There can be many reasons for this to happen: out of date security technologies, non- adapted security policies and human errors. Despite our best efforts, human beings are, and will always be, imperfect. And so are the systems that humans design and maintain, from governments to corporations to schools to hospitals. Of course, the same is true of IT security systems, which employ powerful technology, but in the end are only as strong as how employees adopt and use them.

The recent security breaches that have allowed hackers to steal millions of credit card numbers and consumer names and addresses from the largest retailers in the U.S. turns out to not be particularly sophisticated. In the end, we’ve learned that many of these companies’ defenses were fully prepared with malware detection tools and that the technology did its job. If the tactics weren’t that sophisticated and the defensive technology in place worked as intended, then how can we account for what happened?

It’s come to light that a series of human errors are often in play starting with successful targeted phishing attacks on employees (more and more targeting privileged account users) that go undetected for weeks and give cybercriminals ample time to collect sensitive data and access business applications. It is widely accepted today that human errors like this cause the lion’s share of information security breaches around the world. In fact, one survey found that 70 percent of IT security breaches can be attributed to human elements.

Companies can have plenty of security controls with abundant security instrumentation and keep their software up to date. Yet one click from an employee””uninformed about security policies or simply trying to get the job done in the most expedient way possible””can inadvertently give access to threat actors with malicious intent, circumventing security technologies in place.

That is why forward-thinking companies are investing in more than just technology to maximize their IT defenses. They are working to educate, train, and cultivate a culture of security among the employees of their organizations.

In today’s connected world, data is the lifeblood of business. And that data includes billions of pieces of personally identifiable contact information, account numbers, healthcare patient records, trade secrets and a wide range of other sensitive material. The value of data increasingly relies on the ability for the right people””and only the right people””to access it wherever and whenever it’s needed.

To drive innovation and agility, organizations are adopting mobile, social, and cloud computing technologies at an accelerating rate. And these technologies are delivering data and applications outside the network boundaries and therefore outside many traditional IT security solutions. Securing information everywhere it resides and everywhere it needs to go is a top priority. But even as they keep pace with increasingly sophisticated cyber crime techniques, IT security technologies are only as effective as the people who use them (or don’t).

Let’s take a look at a small sample of human errors committed thousands, if not millions, of times every day:

  • Clicking on a malicious link in a seemingly innocent email
  • Using a simple password or using the same password for both work applications and personal accounts
  • Leaving or losing a smartphone or laptop in a taxi or airport
  • Uploading company data to a public cloud service

Whether slip ups are made out of carelessness, ignorance or a well-intentioned attempt to get work done faster, the results can be equally damaging. For organizations to truly secure their information, they need employees, partners and others with access to their data to understand, adopt and comply with well-articulated security policies and protocols.

And those policies and the technology that enforces them must be easy to use. They cannot be barriers to productivity. Creating this “culture of security” requires a comprehensive, end-to-end strategy, adapted to the unique business requirements of each organization and supported by top management.

SonicWall develops end-to-end IT security solutions that are easy to use, designed to be embraced and adopted by employees and business partners without hampering productivity. More adoption means more compliance, and better security. And better security is better business!

DOWNLOAD TECH BRIEF

Ensure that your IT security strategy is adopted by your employees read the tech brief “The AAA approach to network security”.

How Safe is Your Network Security in Your Retail Store

/0 Comments/in /by

Let me ask you a question. How safe is your security position in your retail store? If you lock your doors and windows, then why not lock your network as well? Locking down your network does not mean you are slowing it down for legitimate use but rather, hardening it against attacks. Now might be time to take a look at how you are being protected. You may have an outside security provider you are working with, you may have someone on your staff that does this or you may be doing it yourself. In any event, starting the conversation with a security advisor and knowing the answers to these questions may give you the information to better understand the extent to which you are protected. Knowing about security is becoming as important as knowing accounting.

So, why are retail establishments such great targets for cybercriminals?

Your assets. Cybercriminals target your bank account because it is often protected behind flimsy safeguards. If you are doing your banking over the internet, you may need to consider additional defense measures to protect the information coming into and going out of your network.

Your customers. Customer credit card data continues to be a valuable commodity for cybercriminals to sell to others who commit credit card scam. The trend of millions of credit cards being stolen annually is going to continue until proper security measures are in place. Expect an increase in point of sale (POS) attacks as criminals try to get in before new chip and pin technology is adopted later this year.

Your employees. Employee information is quite valuable in compromising individuals as well as possibly providing an entry into the individual’s network of friends and family. Knowing employee information allows criminals to impersonate an employee to gain access to your network.

Your partners. You might be doing business with larger enterprise customers. Compromising your network may be an effective way to gain entry into the networks of your enterprise partners. The Target breach came as a result of a compromised partner with access to Target’s network. Expect your partners to be asking about how they are being protected.

Many smaller and regional retail establishments consider a firewall as an “install it and forget it” product. Cybercriminals are constantly improving their game to come up with new ways to take your money. Because of the dynamic nature of the threat surface, your security posture should also be dynamic. Asking questions is a great first step in starting your security conversation.

What questions should you be asking about your network security that will help you reduce your vulnerability to attack?

  1. How old is your firewall? If you’ve been using it for more than three years, you may not be keeping up with the technology necessary to keep out cybercriminals.
  2. Does your wireless network segment employees from guests? Keeping guest and employee data separate is a keystone of a secure wireless strategy.
  3. When was the last time you paid to renew your network security subscription? If you cannot remember, it might have lapsed leaving your network wide open.
  4. Have you changed your broadband subscription? Sometimes, your broadband speed is upgraded without changing your subscription. Is your firewall able to keep up with the faster speeds?
  5. Do you know if all the security protections are turned on for your network? It is a dirty little secret that someone may be turning off security to maintain or improve network performance. You may consider network performance more important than security; this is an unnecessary tradeoff when you can have both.

If you are answering yes to these questions, you may be vulnerable to a security breach that can cost you time, money, lost customers and your good reputation. The last thing you want is to have your name in the news because of a network security breach. Security is more than a requirement. By hardening your security posture, you can avoid the downside and turn security into a competitive advantage. “Safe surfing” may well be as valuable to your customers as discounted products.

There are many moving parts to consider when evaluating your security posture. Because no silver bullet exists, the best defense is one of several layers. If you want to understand security better and learn how you can develop a security blueprint for your business, I encourage you to download the white paper “How to prevent security breaches in your retail network.”

download white paper

SonicWall Security Helping Partners Close Gaps to Reduce Risk

/0 Comments/in , /by

Recently, I was privileged to spend three days at the SonicWall Security Peak Performance EMEA conference in Berlin, meeting and talking with more than 300 SonicWall  partners and customers from across Europe. Security is very much top of mind for our partners, and we know from the results of a SonicWall survey conducted ahead of the conference that advanced persistent threats are a chief concern for a majority of their customers.

Our partners have told us that security and innovation are number one and number two on every customer’s list, but they believe that only a tiny percentage of those customers are protected against today’s threats, which can result in the devastating loss of IP, productivity and customer data.

As cybercrime becomes ever more sophisticated, organizations must take the appropriate steps to protect the company, their customers and employees. At the same time, they need a dynamic IT environment that can support current trends such as mobility, cloud and SaaS. At SonicWall , we’re committed to ensuring our partners’ success by equipping them to help customers close security gaps, reduce complexity and mitigate risk by extending end-to-end security that both enables the business and protects from ever-evolving, sophisticated threats.

Events like SonicWall Peak Performance EMEA reflect SonicWall’s commitment to our partners and to building channel momentum around security solutions. Keynotes and general sessions, plus deep dive breakout sessions led by our security experts, armed partners at the conference with the most up-to-date knowledge of our security products, and a view of innovative security development planned for the future. We have almost 1,000 security specialists at SonicWall , and philosophically, they wake up every morning to team with a partner. And that scale is a major difference between us and some of our competitors.

In talking with partners at Peak Performance EMEA, it was clear they were fired up about our security strategy, and understood what it meant when we showed them specific integrations and how we can make those work for them. For example, when SonicWall’s Secure Mobile Access solution is combined with SonicWall’s Enterprise Mobility Container, we can enforce the company’s data loss prevention policy at the edge, ensuring the intellectual property contained within sensitive data does not leak.

The channel is showing tremendous enthusiasm and continuing to grow. Last year, SonicWall Software achieved 60 percent growth through the channel in EMEA, and that momentum is set to continue. With SonicWall’s end-to-end connected security strategy, we expand our security footprint and equip our partners to provide greater value to customers beyond what they may initially request. Partners are able to leverage our complementary security solutions, and, what’s more, can take advantage of new opportunities for sales, adding value through their advanced security expertise. SonicWall’s channel program continues to grow and develop, enabling our partners to benefit from access to our impressive customer network, and helping them build potentially lucrative relationships. The survey of partners attending Peak Performance showed, alarmingly, that respondents believe only three percent of organizations are adequately prepared for an attack. Although this statistic is frightening, it also demonstrates the business opportunities still available.

Via our advanced competency training courses in security, partners can build their expertise and specialize in security, helping them to corner this growing market. Last year saw a 41 percent rise in the number of EMEA partners achieving security certification ““ and, as our partners are reporting an average year-over-year revenue growth of 37 percent, it’s great to see the channel is benefiting from working with SonicWall .

We’re protecting over a million customers every day. In their capacity as advisors helping customers manage security, our partners play a critical role. Our goal is to ensure their success by giving them opportunities to leverage the knowledge and tools in the SonicWall Security arsenal, so their customers benefit from security solutions that both protect their organizations from threats, and enable them to succeed.

SonicWall Security Peak Performance North America is August 30 ““ September 2 in Las Vegas. I encourage partners to register for this event, visit”¦www.SonicWall peakperformance.com

Oracle Micros PoS Customers Targeted By MalumPoS Malware

/in /by

The Dell Sonicwall Threats Research team observed reports of a New POS family named GAV: MalumPOS.AB. The POS Malware contains features such as memory scrapping functions like popular Point-of-Sale Trojan BlackPOS but this time the Malware targets Oracle Micros platform in the wild.

MICROS Systems, Inc. (NASDAQ: MCRS) is a leading provider of information technology solutions for the hospitality and retail industries. Its primary product, MICROS platform, delivers encryption and tokenization for the aforementioned industries.

Infection Cycle:

Md5s:

  • 45699cb86d10cf8ac5bd88276ec65eda [Detected as GAV: MalumPOS.AA (Trojan)]]

  • acdd2cffc40d73fdc11eb38954348612 [Detected as GAV: MalumPOS.AB (Trojan)]]

  • c4bc89d98fd4df783dcbeb514cd041bb [Detected as GAV: MalumPOS.AB (Trojan)]]

  • 3efea0afa146936d7c019107f3866b39 [Detected as GAV: MalumPOS.AB (Trojan)]]

  • 1ba17497994ef84c7853c59ae089fcaa [Detected as GAV: MalumPOS.AD (Trojan)]]

The Malware adds the following file to the system:

  • %Systemroot% system32 mnv.exe

The Malware registers its own Service as NVIDIA Display Driver or NVIDIA Display Driv3r to ensure persistence upon reboot:

MalumPOS retrieves a list of running processes; the service is responsible for scraping the memory of current processes on the infected machine for credit card information periodically. The malware tries to enumerate all credit card data from POS software; to perform this malicious behavior, the attackers use API function calls such as the following:

MalumPOS memory scanner is designed to specifically target POS systems. This malware uses a function called TRegExpr for scrapping memory:

The function dumps each process in memory and uses simple regular expressions for Credit Card track 1 and track 2 data. If a card number is found, the malware extracts it into %Systemroot% \ system32 \ nvsvc.dll file.

The malware uses the following regular expressions to verify credit card data:

SonicWALL Gateway AntiVirus provides protection against this threat via the following signatures:

  • GAV: MalumPOS.AA [(Trojan)]]

  • GAV: MalumPOS.AB [(Trojan)]]

  • GAV: MalumPOS.AD [(Trojan)]]

Microsoft Security Bulletin Coverage (Jun 9, 2015)

/in /by

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of June, 2015. A list of issues reported, along with Dell SonicWALL coverage information are as follows:

MS15-056 Cumulative Security Update for Internet Explorer (3058515)

  • CVE-2015-1765 Internet Explorer Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-1739 Internet Explorer Elevation of Privilege Vulnerability
    This is a local vulnerability.
  • CVE-2015-1743 Internet Explorer Elevation of Privilege Vulnerability
    This is a local vulnerability.
  • CVE-2015-1748 Internet Explorer Elevation of Privilege Vulnerability
    IPS: 10988 “Internet Explorer Elevation of Privilege Vulnerability (MS15-056) 1”
  • CVE-2015-1687 Internet Explorer Memory Corruption Vulnerability
    IPS: 10977 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 1”
  • CVE-2015-1730 Internet Explorer Memory Corruption Vulnerability
    IPS: 10978 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 2”
  • CVE-2015-1731 Internet Explorer Memory Corruption Vulnerability
    IPS: 10979 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 3”
  • CVE-2015-1732 Internet Explorer Memory Corruption Vulnerability
    IPS: 10980 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 7”
  • CVE-2015-1735 Internet Explorer Memory Corruption Vulnerability
    IPS: 10981 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 10”
  • CVE-2015-1736 Internet Explorer Memory Corruption Vulnerability
    IPS: 10982 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 8”
  • CVE-2015-1737 Internet Explorer Memory Corruption Vulnerability
    IPS: 10983 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 9”
  • CVE-2015-1740 Internet Explorer Memory Corruption Vulnerability
    IPS: 10984 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 12”
  • CVE-2015-1741 Internet Explorer Memory Corruption Vulnerability
    IPS: 10985 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 14”
  • CVE-2015-1742 Internet Explorer Memory Corruption Vulnerability
    IPS: 10986 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 15”
  • CVE-2015-1744 Internet Explorer Memory Corruption Vulnerability
    IPS: 10987 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 19”
  • CVE-2015-1745 Internet Explorer Memory Corruption Vulnerability
    IPS: 2144 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 4”
  • CVE-2015-1747 Internet Explorer Memory Corruption Vulnerability
    IPS: 2145 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 6”
  • CVE-2015-1750 Internet Explorer Memory Corruption Vulnerability
    IPS: 2147 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 11”
  • CVE-2015-1751 Internet Explorer Memory Corruption Vulnerability
    IPS: 2151 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 13”
  • CVE-2015-1752 Internet Explorer Memory Corruption Vulnerability
    IPS: 2153 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 18”
  • CVE-2015-1753 Internet Explorer Memory Corruption Vulnerability
    IPS: 2168 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 22”
  • CVE-2015-1754 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-1755 Internet Explorer Memory Corruption Vulnerability
    IPS: 2156 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 20”
  • CVE-2015-1766 Internet Explorer Memory Corruption Vulnerability
    IPS: 2167 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 21”

MS15-057 Vulnerability in Windows Media Player Could Allow Remote Code Execution (3033890)

  • CVE-2015-1728 Windows Media Player RCE via DataObject Vulnerability
    This is a local vulnerability.

MS15-059 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3064949)

  • CVE-2015-1759 Microsoft Office Memory Corruption Vulnerability
    ASPY: 1021 “Malformed-File doc.MP.21”
  • CVE-2015-1760 Microsoft Office Memory Corruption Vulnerability
    ASPY: 1037 “Malformed-File doc.MP.22”
  • CVE-2015-1770 Microsoft Office Uninitialized Memory Use Vulnerability
    ASPY: 1038 “Malformed-File docx.MP.6”

MS15-060 Vulnerability in Microsoft Common Controls Could Allow Remote Code Execution (3059317)

  • CVE-2015-1756 Microsoft Common Control Use After Free Vulnerability
    There are no known exploits in the wild.

MS15-061 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057839)

  • CVE-2015-1719 Microsoft Windows Kernel Information Disclosure Vulnerability
    This is a local vulnerability.
  • CVE-2015-1720 Microsoft Windows Kernel Use After Free Vulnerability
    This is a local vulnerability.
  • CVE-2015-1721 Win32k Null Pointer Dereference Vulnerability
    This is a local vulnerability.
  • CVE-2015-1722 Microsoft Windows Kernel Bitmap Handling Use After Free Vulnerability
    This is a local vulnerability.
  • CVE-2015-1723 Microsoft Windows Station Use After Free Vulnerability
    This is a local vulnerability.
  • CVE-2015-1724 Microsoft Windows Kernel Object Use After Free Vulnerability
    This is a local vulnerability.
  • CVE-2015-1725 Win32k Buffer Overflow Vulnerability
    This is a local vulnerability.
  • CVE-2015-1726 Microsoft Windows Kernel Brush Object Use After Free Vulnerability
    This is a local vulnerability.
  • CVE-2015-1727 Win32k Pool Buffer Overflow Vulnerability
    This is a local vulnerability.
  • CVE-2015-1768 Win32k Memory Corruption Elevation of Privilege Vulnerability
    This is a local vulnerability.
  • CVE-2015-2360 Win32k Elevation of Privilege Vulnerability
    This is a local vulnerability.

MS15-062 Vulnerability in Active Directory Federation Services Could Allow Elevation of Privilege (3062577)

  • CVE-2015-1757 ADFS XSS Elevation of Privilege Vulnerability
    IPS: 10892 “Cross-Site Scripting (XSS) Attack 49”

MS15-063 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (3063858)

  • CVE-2015-1758 Windows LoadLibrary EoP Vulnerability
    This is a local vulnerability.

MS15-064 Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3062157)

  • CVE-2015-1764 Exchange Server-Side Request Forgery Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-1771 Exchange Cross-Site Request Forgery Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2359 Exchange HTML Injection Vulnerability
    There are no known exploits in the wild.

Adapting Your Mobile IT Security Strategy to Enable Mobile Workers

/0 Comments/in /by

Providing employees with mobile access to corporate resources and applications can deliver a wealth of benefits, including improved productivity, satisfaction and innovation. However, it also introduces security and compliance challenges, from data loss to network breaches and malware attacks.

The way people work has fundamentally changed and mobile devices are at the forefront of this shift. An IDC study predicted that by now, more than one third of the world’s total workforce would consist of mobile workers. Meanwhile, Gartner Predicts by 2017, Half of Employers will Require Employees to Supply Their Own Device for Work Purposes. The phenomenal growth of mobile computing stems from its convenience and benefits. Mobile users have become accustomed to having the internet and their email and calendaring applications at their fingertips in their personal lives, and they are now expecting a similar experience when accessing business-critical applications, along with the ability to choose their corporate device or use their own. Organizations are finding that providing these capabilities increases employee productivity and spurs innovation.

Of course, there are challenges and risks to providing mobile access. The top five mobile threats are data loss from lost, stolen or decommissioned devices, information-stealing mobile malware, data loss and data leakage through poorly written third-party applications, vulnerabilities within devices, OS, design and third-party applications, and insecure Wi-Fi network or rogue access points. Mobile devices are often lost or stolen, which makes the data on them, as well as the corporate network, vulnerable to unauthorized access. In addition, a mobile device can become a conduit for malware from rogue apps, and unless data is encrypted in flight, it’s susceptible to interception, especially when users are on public Wi-Fi networks.

Compliance and legal aspects are another obstacle. In particular, it isn’t always clear who owns the data on mobile devices; some organizations insist that company data on employee owned phones and tablets belongs to the company and that it should be backed up and archived for legal and compliance purposes. In addition, unless a device has been locked down, there’s also a chance that an employee will move corporate data into the cloud or that it will be lifted directly from the device by an advertising network or a cybercriminal. Accordingly, an interesting dynamic is emerging between the teams responsible for IT and those tasked with security and compliance. IT leadership has strong motivation to implement a mobile access policy to gain productivity and user satisfaction benefits, while the individuals responsible for information security and compliance or IT support may try to stall or block the adoption of a mobile computing model.

Clearly, implementing a mobile program promises significant benefits but also introduces important risks. Therefore, in order for a strategy to emerge, all stakeholders must agree on the organization’s mobile computing needs, what can be supported in the short and medium term, and the ultimate vision.

To help your organization establish to what extent to embrace mobility, consider the secure mobility risk and compliance model (see figure below), which shows the risk, level of compliance and level of access associated with different mobile strategies.

As the model shows, company-issued devices offer the lowest security risk and the highest level of compliance. However, issuing devices to each user can be costly, and limiting mobile users to only a single device (that is not of their choosing) can significantly reduce the potential productivity benefits of the mobile strategy. At the other end of the spectrum, embracing full “bring your own device” (BYOD) may delight the mobile user community, but it entails some significant IT support, security and compliance challenges. Many organizations choose a mobile strategy between these two extremes, such as “company-owned, personally enabled” (COPE) or “choose your own device” (CYOD).

Whatever mobile strategy you choose, it is important to add context to access requests made by an authenticated user. For example, users who are accessing from a company-issued device should expect virtually the same experience as they would have in the office. However, users accessing company data and applications from a personal tablet or smartphone might be denied access to business-critical systems that contain sensitive data (such as HR, order processing or CRM) and allowed access to only email and calendar data.

Ensure that your IT security strategy is adapted to your mobility requirements read the tech brief “The AAA approach to network security”.

Download Tech Brief

10 Do’s and Don’ts for Securing Wireless in Retail Stores

/0 Comments/in /by

Not too long ago my wife and I went out to a nice restaurant for dinner. When it was time to pay, the waiter took my credit card and swiped it using a portable credit card processing device. Being in the security industry, I couldn’t help but wonder if the transaction was secure. After all, wireless connections are a vector hackers use to steal customer account information from retail vendors. Since I wanted to enjoy the evening I let that thought go for the time being.

When I got back to the office I started to think more about the level of security retail point-of-sale businesses have for their wireless networks. After all, wireless has become an important tool vendors use not only to take payments, but also as a way to provide customers with more value. Think about it. When we go into a store we can access product information over WiFi. We can redeem coupons over our mobile device. We can get information on promotional offers. There’s a lot available to keep customers interested and loyal.

It’s a two-way street though. Retailers are also collecting data on customers. For example, once we connect to their WiFi or pay our bill using a wireless point-of-sale (POS) payment card reader they can learn more about our shopping habits, the device we’re using, how long we’re connected and more. While all this gives us a more personalized shopping experience, it also helps retailers sell more products, in theory at least. Sounds like a win-win, right? Sure, as long as all the data that travels across the wireless network is secured. But that’s the issue. How do consumers know their personal information is secured over the wireless network? For retailers, how do they ensure their wireless network is secured from attack?

Wilson Lee, a colleague of mine, recently wrote in his blog that “It doesn’t matter whether you are a Fortune 100 company or a small business, the chances are that your Internet doorway is under attack more than your brick and mortar doorway.” His point is that when it comes to theft, it’s not just the physical door to your store that you should be concerned about. The fact is, small retail stores often serve as a point of entry to a corporate network which could result in a larger breach.

How popular is the use of wireless with retail businesses? A survey of retail IT professionals from EarthLink, IHL Group and AirTight Networks revealed that 82 percent of midsize-to-large retailers have deployed in-store WiFi, and 57 percent offer WiFi to both employees and customers. So, if you’re a retailer with a wireless LAN that’s used both internally and by customers, what steps can you take to help secure your wireless network from attack? Here are some basic “do’s” and “don’ts.

Don’t

  • Use basic or default passwords to access your wireless network that are easy to figure out or find on the Internet.
  • Use the name of the store as the wireless service set identifier or SSID.
  • Allow customers on the same wireless LAN as your internal staff and business systems. Keep them separate.
  • Don’t use WEP (wired equivalent privacy) to secure your network. It’s not very secure.

Do

  • Adopt a multi-layered security approach to avoid single point of failure.
  • Consider using a site survey tool before you roll out your WLAN. You might just find some unauthorized (rogue) access points.
  • Create a stringent security policy for wireless access and then allow exceptions.
  • Have your wireless traffic go through a next-generation firewall to scan for and eliminate threats.
  • Run intrusion detection and prevention (IDP) to identify rogue access points and prevent connections to the devices. This is a requirement for PCI (Payment Card Industry) compliance.
  • Create a “walled garden” for customer only access that is separate from internal users through virtual access point segmentation and wireless guest services.

The use of wireless in retail locations continues to increase, both from the consumer and business perspectives, making it a potential vector for attack. To learn more about how you can protect your business and POS systems from attack, read this white paper.

Download WhitePaper

Data stealing trojan posing as a PDF document (June 5, 2015)

/in /by

The Dell SonicWall Threats Research team has received reports of a data stealing Trojan posing as a PDF document. Upon execution, the trojan downloads more malware onto the infected machine and also steals information from the system.

Infection Cycle:

The Trojan uses the following icon:

Figure 1: Trojan purports to be a PDF document

Upon looking at the properties, the trojan is described in Norwegian as “flash game KLP – pension, banking and insurance to municipalities, health authorities, businesses and their employees.”

Upon execution, Adobe throws the following error:

The Trojan creates a copy of itself in the following location:

  • %Application Data%sample.exe [Detected as GAV: Downloader.FAUT (Trojan)]

In order to start after reboot the malware makes a copy of itself in the following location:

  • %%USER%softwaremicrosoftwindowscurrentversionrun[b528c54d1cfbb1b9bc2e8ffca007591][Detected as GAV: Downloader.FAUT (Trojan)]

The trojan injects into the following processes:

  • C:WINDOWSexplorer.exe

It tries to connect to the following domains:

  • mbaexecutiveranking.com
  • ekonomik-komerc.co.rs
  • gouliami.gr
  • smtpmail.t-online.de
  • smtp.1und1.de
  • smtp.mail.yahoo.com
  • mail.tel.net.ba

It periodically sends encrypted data to the remote C&C servers:

It downloads additional malware onto the victim’s machine, detected as GAV: Fiha.A_26 (Trojan)

The malware starts sending spams to the email addresses retrieved from its C&C server, here an example:

Overall, this Trojan is capable of downloading additional malware into the victim’s machine. It can also send sensitive information out to a remote server.We urge our users to always be vigilant and cautious with any unsolicited attachments specially if you are not certain of the source.

Dell SonicWALL Gateway AntiVirus and Intrusion Prevention provides protection against this threat with the following signatures:

  • GAV:Downloader.FAUT (Trojan)

  • GAV:Fiha.A_26 (Trojan)

How to Boost your Agility with End-to-End IT Security

/0 Comments/in /by

It has been almost impossible to escape the news around high profile security breaches over the past couple of years. The world’s biggest brands are under attack by organized and heavily funded cyber-criminal organizations, and it seems as though they are losing the battle. SonicWall Security has written blogs about new, innovative, and highly effective methods of attacking due to compromised websites, memory scraping, attacks leveraging email and more. According to the recently published 2015 SonicWall Security Threat Report, the number of new point-of-sale countermeasures put in place in 2014 was 3X greater than the previous year. IT security professionals are under intense pressure to ensure that the risk profile of the organization is minimized, and the rapidly evolving threat landscape dramatically complicates this situation. The 2015 SonicWall Global Technology Adoption Index shows that IT decision makers consider security the biggest barrier to expanding mobile technologies, using cloud computing and leveraging big data. At SonicWall, we want security to be an enabler of agility, not a barrier.

But, the reality is that current approaches to security just aren’t working. Organizations simply cannot continue to spend more money buying the latest technology in an attempt to patch and cobble their way to a secure organization. Each solution that is purchased creates a learning curve for IT, adds to the complexity of the infrastructure, and opens up potential gaps in coverage that attackers are able to exploit. I believe that it is the security industry’s fundamental responsibility to develop solutions that close these gaps. By designing end-to-end solutions that automate the complicated parts of security, we are able to make it much easier for our customers to ensure that the organization is protected against the latest evolving threats.

At SonicWall, we call this connected security, and this is a major initiative that drives interaction between our product groups. As an example, last year we rolled out firewall-enforced file encryption. SonicWall Data Protection and Encryption (DDPE) is an application that provides file encryption and is offered as an option on business-class PCs that we sell. Encryption is a fantastic security tool and in the future we expect to see more and more encryption being used, not only on data at rest on computers but also for data in-flight on the Internet. However like many security measures, encryption is only useful if it is turned on, and the risk to the organization if it isn’t turned on is too great to ignore. So, we developed a solution for customers who use both SonicWall encryption and SonicWall firewalls. With a simple checkbox in the SonicWall firewall user interface, IT can turn on enforcement of DDPE clients. This means that the firewall automatically checks communications from any computers either on the internal network or trying to access the network remotely for VPN. If the DDPE encryption application isn’t present, the user will not be allowed to send files into or out of the organization. And, they are automatically redirected to a download server to obtain the DDPE software. So, risk is minimized because encryption is enforced. And IT is now enabling the organization instead of hindering the ability to make progress. This is just one example of how end-to-end security makes your organization agile.

We believe that if we can take care of the heavy lifting in security, our customers will be able to focus on their core business, or those things which make them profitable. By architecting our solutions to work together, we can help minimize the risk profile and ultimately turn security from a barrier into an enabler, allowing our customers to be ready for whatever the future holds. To learn more about leveraging IT security to help your organization succeed, download the tech brief titled “The AAA approach to network security”.

Thwart Retail Breaches by Tracing Digital Footprints

/0 Comments/in /by

In the time it takes you to read this blog, you will have been cyberattacked over five times. That’s the average number of intrusions that the SonicWall Global Response Intelligent Response (GRID) network detects on each of its one million firewalls every two minutes, 24 hours a day, 365 days a year. It doesn’t matter whether you are a Fortune 100 company or a small business, the chances are that your Internet doorway is under attack more than your brick and mortar doorway.

How do these cybercriminals conduct their nefarious acts? Our forensic analysis of high-profile retail breaches reveals that attackers employ multi-vector attacks: a sophisticated series of methodical strikes against specific targets to reach their goal of stealing financial or personal information. These vectors may start with a phishing email to lure victims to a legitimate website that has been compromised. The website may have a “watering hole,” a link that appears to be trustworthy, but contains an exploit that infects the target through vulnerability in the victim’s browser. Once infected, the exploit contacts a malware server to download more malicious code that worms its way through the network, mapping the location of financial information, and illegally obtaining login credentials to key servers. At this point in your reading, you’ve been attacked three times, perhaps by some of the methods above.

What can you do to protect yourself? Start by employing a next-generation firewall (NGFW). Just as the attacks are multi-vector, NGFWs offer a multi-layered defense: anti-virus, anti-spyware, anti-spam, intrusion prevention, malware prevention, application intelligence and control, web content filtering, and SSL decryption and inspection. SonicWall’s next-generation firewalls provide this protection in real-time, as the SonicWall GRID network proactively updates the firewalls with countermeasures against the latest threats found world-wide.

At this point in your reading, you’ve been attacked four times. How would you know? Enter security reporting solutions like the SonicWall Global Management System (GMS) and the SonicWall Analyzer. Both of these solutions provide over 60 pre-defined reports and an unlimited number of customizable reports. These reports are easy-to-understand charts and tables that expose the names of the attacks (or “threat signatures”), the targeted users, machines, and their IP addresses, what countries/IP addresses the attackers originate from, websites detected/blocked, and applications detected/blocked. These reports provide the proof of compliance for regulations, such as those required to pass PCI audits. Moreover, these reports give network security administrators the data they need to read the digital footprints and design the optimal balance between locked-down security and the free flow of information needed for efficient business operations.

Congratulations, you’ve reached the end of this blog and have now been attacked for the fifth time. Don’t hesitate; download this white paper on how to better protect your retail network before the next attack happens.

Download WhitePaper