Posts

Seven Layers of Protection from Hacked Websites

/0 Comments/in /by

In January 2015, celebrity chef Jamie Oliver announced that his website, which attracts 10 million visitors per month, had been compromised. This followed an announcement by Forbes that a month earlier, in December of 2014, the highly visible “Thought of the Day” flash widget had been compromised as well. In both of these, the hacked website was simply the first step in a complex process that is carefully engineered to make money off of unsuspecting internet users.

Most people are surprised to learn that the Hollywood perpetuated stereotype of the cyber-criminal is a myth. We imagine an evil genius sitting in a dark room, typing feverishly to hack into the good guy’s networks in real time, guessing passwords and avoiding law enforcement through well-timed keystroke sequences as he goes. The reality is much less intriguing. The tools that are used for these exploits are often generic off-the-shelf software developed by third-party developers and then sold on the black market. The sale of criminal tools – exploit kits, malware droppers, malware itself and more — has become a big business in itself. In fact, according to researchers, in the case of the Jamie Oliver website, a popular and widely available hacking tool named Fiesta was used to scan visitors’ computers and look for vulnerabilities that could be exploited to deliver the malware. Our own  SonicWall threat research shows that Angler was the most commonly used exploit kit in 2014, resulting in over 60 percent of the exploits that we saw last year.

To add to the problem, NSS labs estimates that 75 percent of the world’s computers and 85 percent of the computers in North America are poorly protected against these exploits. Even worse, anti-virus (AV) software that is typically used to protect computers provides only adequate security at best.

How do websites get compromised?

The attacker will generally target websites with vulnerabilities that allow them to modify the HTML on the web page. A prime target for cybercriminals is a website that is highly trusted and high volume like Forbes.com. In many cases, attackers will look to compromise ad servers which generate a huge amount of views. After a webpage with a vulnerability is identified, users can be tricked into clicking links to a separate landing page on a rogue web server that hosts the exploit kit. In the more disturbing case of a so-called drive-by download, an exploit kit automatically loads content from the malware server with zero end user interaction required.

The exploit kit then attempts to scan the user’s computer looking for vulnerabilities in common applications. We know that most people ignore OS patches, and even more people ignore browser, Java and Flash patches. A sophisticated attacker may independently find a vulnerability, but more likely he or she will use published vulnerabilities. The level of sophistication of these exploit kits varies, but some will even check IP addresses to ensure that the target computer matches the desired profile, for example a residential PC.

Once a vulnerable application is discovered, the exploit is launched and if successful the chosen malware payload is finally downloaded to the victim’s computer. While one common payload delivers malware that takes control of the victim’s computers (this is called a bot as in robot or zombie), other malware can be used to steal data, log keystrokes, or launch distributed DOS attacks on other websites. Another common payload is called ransomware because it encrypts all data on the victim’s computer and holds it until the data owner provides a valid credit card number and pays to unlock the data. The reality with these attacks is that anybody and everybody is a target – the mom and pop business owner, gas station attendant, grandma and grandpa, business executive or school teacher – everyone is a potential victim.

No single tool or technique is guaranteed to stop these attacks, but there are a variety of tactics that can be utilized to minimize the chance of a successful exploit.

  1. Gateway malware protection. Modern firewalls, also known as next-generation firewalls, provide much more intensive packet scanning than legacy firewalls. Deep packet inspection is used to inspect not only the header portion of the packet but also the payload, searching for viruses, Trojans and intrusion attempts. This level of inspection will often block the download of the malware payload.
  2. Patch management. Since most of the known exploits take advantage of vulnerable versions of applications, it is critical that you continuously apply the latest versions of software to all of your servers, PCs, Macs, Chromebooks, smartphones, tablets, printers, networking gear and other connected non-computing devices. Whew! Systems management solutions automate this patching for larger organizations.
  3. Automatically updated desktop AV clients. Standard desktop anti-virus clients provide a level of protection from the malware payloads that are used in these attacks, but it is critical that the desktop client is kept up-to-date. Ideally, if you are in charge of security, you would have a way to enforce the use of the clients because users love to turn off AV when they perceive that it slows down their computer. And unfortunately, in some cases malware disables AV or uses advanced methods to avoid detection so this is just one layer in the overall security strategy.
  4. Internet/web content filtering. There are a wide variety of solutions on the market that allow an organization to filter the URLs that can be accessed by users inside the network. Filtering in many cases will block the redirect to the malware server, and is a standard feature on most next-generation firewalls.
  5. Botnet filtering. Deep packet inspection also provides the ability to determine if connections are being made to or from botnet command and control servers. Many next-generation firewalls have continuously updated lists of these servers. Botnet filtering is a layer of security that will block communications to and from already compromised computers participating in botnets from behind the firewall.
  6. GeoIP filtering. Another feature of next-generation firewalls that can be useful in preventing bots from communicating with their command and control server is to restrict communications based on geography. GeoIP data includes the country, city, area code and much more. This is useful if an organization can exclude geographies that are known cyber-security risks such as Russia or China.
  7. Outbound email protection. Attackers will often use the computers that they are able to exploit as spambots to send spam mail as part of a larger spam campaign. These computers are often called zombies because they are remotely controlled by another person, in this case the spam botmaster. Email security solutions can scan outbound mail for signals that the computer has been compromised and determine that a system has been compromised.

Security professionals realize the complexity of the risks posed by compromised websites. Unfortunately, there is no magic bullet to preventing exploits, but a layered approach to security can minimize the risk to your organization.

The “Aha” Moment. Say Yes to Security and Collaboration.

/0 Comments/in /by

In survey after survey, IT executives continue to say that security is one of the top challenges they face. No one has to tell us about the risks. The stories of data theft and breaches are in the media every day. We are intimidated by the rapidly changing threat environment. New malware is being written every day and some of it is being written using a variety of methods that defeat existing security technologies. And too often the way that we protect our organizations is to add a myriad of approaches, tools and solutions, creating a tremendous amount of complexity that becomes hard to understand let alone manage.

But if you dig down one level, what you find is that security concerns create a barrier to doing what IT really needs to do, which is implement cool new initiatives that move the business forward.

Everybody wants to be seen as a hero, the clever one who can take on challenges, solve problems and make an impact on the business. Unfortunately, the security concerns become the reason they can’t do it. At SonicWall Security, we are working to help out with the security equation.

What are the initiatives that organizations are trying to deploy? One of the biggest areas of opportunity comes from all of the innovation that is going on in the cloud. Moving your work to the cloud streamlines the ability of your workers to collaborate and share information in real time. Tools like Microsoft Office 365 and DropBox allow employees to collaborate in a way that is changing the workplace.

This really hit home for me a couple of weeks ago when my 11-year-old daughter was assigned a big project in her fifth grade class. She and her teammate needed to create a report and a presentation. The night before the project was due, I came into her bedroom and she had her iPod setup to FaceTime her partner. They were both working together on the report using Google Docs and on the presentation using Google Sheets. They were oblivious to me, so I watched for a few minutes as they talked through ideas, added and edited text and pictures, and generally created and fine tuned the deliverables.

For this project, there was no need for them to meet, or even call each other. Collaboration tools enabled the entire project. This was an “aha” moment for me, because I realized then and there that these kids were demonstrating the future of work. What they take for granted is sadly often not possible in the work environment for a variety of reasons, but I couldn’t stop thinking that security is a big stumbling block to achieving the productivity new collaboration tools offer.

So, what is on your IT wish list? Do you want to move your CRM to the cloud? Or streamline your customer service delivery, or give your team access to data analytics no matter where they are? Or are you looking to eliminate paper and go all digital? Whatever it is, don’t let security be a barrier. If you want to learn how to turn IT security into the Department of Yes, contact SonicWall Security.

New SonicWall Email Security 8.2 w. Cyren AV

/0 Comments/in /by

The foundation of email threat protection has long been anti-virus technology and IP reputation databases. Threat research teams across the globe are hard at work analyzing email, identifying spam and malware, and building anti-virus and IP reputation database libraries to help combat threats. Experts agree that for best threat protection, email security solutions should not rely on a single anti-virus engine or reputation database, but should integrate multiple sources to maximize security effectiveness.

To deliver best-in-class email threat protection, SonicWall Email Security 8.2 includes multiple anti-virus technologies, including SonicWall Global Response Intelligent Defense (GRID) Anti-Virus, SonicWall Time Zero, and premium anti-virus technologies, including McAfee, Kaspersky, and now, Cyren Anti-Virus.

Cyren AV is now included with SonicWall Hosted Email Security and, for customers that prefer an on-prem solution, available with Email Security appliance and software release 8.2, when purchased with the Total Secure subscription service. The SonicWall Email Security offers seamless set-up for IT administrators and provides immediate results.

“Since replacing our Barracuda appliance with SonicWall, we achieved a 95 percent reduction in spam reaching user mailboxes,” saidGary Walker, network administrator, City of Alexandria.

With SonicWall Email Security solutions, our GRID Network performs rigorous testing and evaluation of millions of emails every day, and then reapplies this constantly updated analysis to provide exceptional spam-blocking results and anti-virus and anti-spyware protection.  SonicWall Time Zero Virus Protection uses predictive and responsive technologies to protect organizations from virus infections before anti-virus signature updates are available. Suspect emails are identified and immediately quarantined, safeguarding the network from the time a virus outbreak occurs until the time an anti-virus signature update is available. Moreover, premium anti-virus technology from industry-leading, anti-virus partners including McAfee, Kaspersky, and Cyren provides an additional layer of anti-virus protection, resulting in protection superior to that provided by solutions that rely on a single anti-virus technology. In addition to the multi-layer threat protection and ease of use, the SonicWall solution is affordable and provides low TCO.

“With SonicWall, we have easily saved $30,000, and will save an additional $15,000 each year,” said Walker.

Learn More about SonicWall Email Security

For more information about SonicWall Email Security, please visit our website, refer to the SonicWall Email Security 8.2 release notesor contact a SonicWall representative at 1.888.557.6642, or emailsales@sonicwall.com

LEARN MORE