Posts

Simple Tips for Network Sanity: Patch Tuesday, Exploit Wednesday and Uninstall Thursday

Today I’d like to talk a little bit about our partnership with Microsoft and patch management. In a previous life I was a network/sysadmin. A brief description of that role was “If it has a blinking light on it, I am responsible for it,” which meant on most days I felt like I was living in the middle of a sci-fi movie, surrounded by demanding technology.

When you live in a hair-on-fire environment like that, keeping up with Microsoft patches can be painful. You can set them to automatically download and install and you should be good, that is unless the patch breaks something or even worse – it breaks everything.

When you have business-critical applications that are legacy or just plain old, patching can break them. If that app in question is the bread and butter of the business, patching can bring down the entire company. On the other hand, not patching for known vulnerabilities can be just as bad, if not worse.

There is an old saying: Patch Tuesday, Exploit Wednesday, and Uninstall Thursday.  Microsoft normally releases patches on the second Tuesday of the month, so Exploit Wednesday is when the cyber criminals have analyzed the details from Tuesday and deliver code to exploit the systems that haven’t been updated. Uninstall Thursday is the day you finally figure out that it was the Tuesday patch that broke your mission-critical system and you need to uninstall it to get things back to normal.

To say it is a Catch-22 would be an understatement. How do you stop the insanity? We, SonicWall, have partnered with Microsoft in a program call MAPP. Microsoft gives us  advance knowledge of what will be patched prior to Tuesday so that we have signatures in place to protect our customers who just can’t patch on Tuesday.

Should you patch on Tuesday? Yes, you should absolutely patch on Tuesday or any other day Microsoft releases a patch. But if there are times you just can’t, we can help protect you until you can. Assisting with patches is one of the many little things we have been doing quietly in the background for years that most people are unaware of. Now you know we have you covered when you are stuck in this Catch-22. The biggest take away is that you should patch. I can’t stress that enough: patch, patch, patch! But if you can’t, know that we are already behind the scenes, helping to keep your network safe.

Visit SonicWall GRID Threat Network for MAPP bulletins.

For the Security Advisories for MAPP, you can click here.

Critical Business Threats: Ransomware and Employee Online Shopping

According to a recent PWC survey, 54 percent of respondents buy products online every month. And millions of employees shopped online yesterday with their work devices on business networks. The critical business threat: Will any of your business computers or networks get infected with malware when employees make personal online purchases?

We believe so, and our SonicWall Global Response Intelligent Defense (GRID) network research backs this up.

Good News: Chip Cards Are Working

Research gathered through the SonicWall GRID Network indicates that the new chip-and-sign credit cards and point of sale (POS) systems are more effective than legacy technologies in detecting and blocking breaches. After big data breaches at retailers like Target and Home Depot, many retailers upgraded to chip-based POS systems.

Whenever new malware is discovered, we create a software signature set that is automatically propagated to all of our customers’ firewalls, to help keep their systems safe from attack. In 2014, before the new chip cards and POS systems, our team released 14 new POS-related malware signature sets.

In 2015, this number decreased to nine new POS malware signature sets. And in 2016 to-date, after the broad adoption of chip-based cards and readers, we have only had to release a single new signature.

Bad News: SPAM Is Now a Huge Business Threat

As POS systems have become harder to hack, the bad guys are looking for more efficient ways to steal online. Falling back on the tried and true email-based phishing attacks, personal shopping phishing emails are now a real threat to your business systems and networks.

Our email security research team observes that SPAM email usually increases in volume significantly during Cyber Week, starting the week before Black Friday, then drops off after Cyber Monday. Our numbers show a dramatic 2x increase in SPAM this year from 2015. In the run-up to Thanksgiving and Black Friday we saw 110 percent growth, increasing to 143 percent growth through Cyber Monday.

One of our SPAM honeypots collected the following data for Cyber Week:

  • Average number of SPAM messages 2015: 33,725 a day
  • Average number of SPAM messages 2016: 82,888 a day

More Bad News: Ransomware Targets Businesses

Increasingly we are finding that if malware makes it into your business network, it will be ransomware. First released in 1989, ransomware can infect your system and lock out users from accessing devices or files. When the victim pays a ransom (usually electronic money or bitcoins) the device can be unlocked by the hackers. Needless to say, ransomware can put your business-critical data and systems at risk.

Network Security Must-Haves

Online shopping will only continue to grow, especially over holidays, so it’s important to be proactive to keep your business systems protected. Along with monitoring employee access and updating policies, here are some must-haves.

  • Ensure your firewall is next-generation with content filtering on, including encryption scanning and packet filters; your goal is to monitor and inspect all incoming data and stop ransomware
  • Consider a cloud-based protection service like our Capture Advanced Threat Protection Service; a good one will speed up your response time, leverage the power of multiple engines to stop zero-day attacks, and automate remediation
  • Manage network bandwidth to limit or stop streaming; streaming is one of the easiest ways to let malware in
  • We strongly recommend EV SSL certificates for every external business website
  • Vet your SSL certificates and sources, to ensure they are publicly rooted and aren’t bringing in malware from the dark web
  • Audit your SSL certificates regularly to ensure they are up to date
  • It goes without saying but back up your data regularly; if ransomware does infect your network you will need to quickly access business-critical data

Online Shopping Safety for Consumers

  • If you don’t have one yet, upgrade to a chip-based credit card
  • Always look for an EV SSL certified logo on sites you shop
  • Use mobile devices (tablets or phones) and shop with store apps from businesses you know and trust; these apps are vetted and tested
  • Avoid shopping on sites with a Windows-based laptop; Windows is the most targeted operating system (OS) for hackers
  • Remain on the site until you complete a transaction; don’t follow redirects
  • Stay current with the latest OS software updates on your devices so you have the latest security patches; always update from the trusted site of the software provider, not a third-party site or a pop up
  • Update your apps regularly, especially ones that you provide sensitive data to: credit card numbers, banking and health information
  • Create complex, hard-to-crack passwords and keep them in a secure place
  • Change your passwords often and keep them hidden ­– not on sticky notes on your computer