It’s our pleasure to introduce Emma, an F-Secure Marketing Specialist who works in Global Marketing. She specializes in corporate protection that keeps businesses thriving. With the launch of our new Software Updater solution for business, we’re going to be focusing more on corporate security in the future so we thought we’d start by introducing Emma and giving you her thoughts on the challenges our corporate customers face.
We started off by asking Emma what it is she likes most about her job.
“It’s quite difficult to pinpoint one single thing that I most enjoy at work,” she told us, “since one of my favorite things about my job is the variety of tasks. However, one of the best parts of my job is definitely creating content. Telling stories is fun, and I hope that we also succeed in communicating in ways and about topics that are relevant and of interest to our target audience.”
That audience is made up of F-Secure partners —some of the best and brightest business minds around the globe.
Like many of us at F-Secure, Emma enjoys the unique opportunity to work with and around some of the world’s foremost experts in digital threats.
“During my time at F-Secure, I have had the chance to learn not only a whole lot of new things about marketing, but also about the industry and the threat landscape,” she said.
Her job also puts her in touch with the current challenges that exist in securing the workplace.
“There’s no single threat that most affects businesses,” she told us. “Rather, organizations of all sizes are affected by cyber crime in all it’s different forms and variations, but one clear purpose: to steal money and confidential data. Even small businesses are increasingly becoming the target of these attacks, as many of them lack the resources and expertise to protect their irreplaceable assets.”
The threat landscape is always evolving but one aspect that is increasingly scary to businesses is software vulnerabilities.
“Recently, we’ve seen an increasing amount of attempts to gain access to a computer through vulnerability exploitation – the art of finding a security hole in any software and using that as a way to infect the machine. Vulnerabilities in Java and Internet Explorer have been all over the news, and criminals haven’t left these opportunities unused.”
That’s where F-Secure comes in, of course.
Emma explains: “Our portfolio covers a whole range of customer needs, from organizations willing to manage their solution on their own to a fully outsourced solution where IT security is managed by a trusted partner. We protect all layers of the organization from desktop PCs, laptops and mobile phones to file servers and email servers. In addition, our advanced management tools make it possible to monitor and manage a network.”
F-Secure was the first security company in the world to offer security as a service. Many businesses find that by relying on us for the best protection in the world doesn’t just save them time and money. It frees them up to concentrate on what matters most.
“Security as a Service has proven to be a success and it is increasingly popular among businesses. Outsourcing security to a partner means worry-free and reliable protection that is always backed up by F-Secure’s world class technology,” Emma told us. “When professionals take care of security, you can focus on your core business. Security as a Service is a great solution especially for those businesses, large and small, that don’t have the necessary expertise.”
How can F-Secure affect your workplace?
“Ensuring high-quality protection ensures uninterrupted work and keeps an organization running. Actually, the challenge with security is that it is only noticed when something negative happens,” she said.
But for Emma, security that works best is security that you don’t notice.
“Security is paramount for business but it should not come at the cost of usability. Our objective is to offer our customers the best protection without unnecessary impact on performance or distraction.”
When this happens everyone performs better.
“At best, IT security can improve productivity,” she said. “Think about email, for example. Email is a vital business tool for companies, but spam email traffic can reduce employee productivity and burden the IT infrastructure. Effective and accurate virus and spam filtering saves internal network bandwidth and increases productivity.”
Most businesses have had email security in mind for years but forward-thinking businesses are thinking ahead. Optimal software performance prevents online crime and keeps businesses functioning optimally when it matters most.
“Another example could be updating software. Keeping software up-to-date fixes holes in security,” Emma told us, “but can also keep software and applications running smoothly and reliably during critical times.”
For business, those critical times are the last moments when you want to think about security. And that’s why Emma and F-Secure are here, so you don’t have to.
Last week, F-Secure Labs published a new study that provides a detailed analysis of a hacking group called “the Dukes”. The Dukes are what’s known as an advanced persistent threat (APT) – a type of hacking campaign in which a group of attackers is able to covertly infiltrate an organization’s IT network and steal data, often over a long period of time while remaining undetected. The report provides a comprehensive analysis of the Dukes’ history, and provides evidence that security researchers and analysts say proves the various attacks discussed in the report are attributable to the Duke group. Furthermore, the new information contained in the report strengthens previous claims that the group is operating with support from the Russian government. Mikko Hypponen has said that attacker attribution is important, but it’s also complex and notoriously difficult, so the findings of the report have considerable security implications. I contacted several people familiar with the report to get some additional insights into the Dukes, the research, and what this information means to policy makers responsible for issues pertaining to national cybersecurity. Artturi Lehtiö (AL) is the F-Secure Researcher who headed the investigation and authored the report. He has published previous research on attacks that are now understood to have been executed by the Dukes. Patrik Maldre (PM) is a Junior Research Fellow at the International Center for Defense and Security, and has previously written about the Dukes, and the significance of this threat for global security. Mika Aaltola (MA) is the Program Director for the Global Security research program at the Finnish Institute for International Affairs. He published an article of his own examining how groups like the Dukes fit into the geopolitical ambitions of nations that employ them. Q: What is the one thing that people must absolutely know about the Dukes? PM: They are using their capabilities in pursuit of Russian strategic interests, including economic and political domination in Central and Eastern Europe, as well as the Caucasus region, and a return to higher status at the international level. AL: They are a long-standing key part of Russian espionage activity in the cyber domain. MA: The geopolitical intention behind the vast majority of targets. Q: We now know the Dukes are responsible for a number of high profile attacks, and seemingly target information about politics and defense. But what kind of information might they obtain with their attacks, and why would it be valuable? AL: They might obtain information like meeting notes, memos, plans, and internal reports, not to mention email conversations. In essence, the Dukes aim to be a fly on the wall behind the closed doors of cabinets, meeting rooms, and negotiating tables. PM: The targets of the Dukes include government ministries, militaries, political think tanks, and parliaments. The information that can be gained from these organizations includes, among other things, sensitive communication among high-level officials, details of future political postures, data about strategic arms procurement plans, compromising accounts of ongoing intelligence operations, positions regarding current diplomatic negotiations, future positioning of strategic military contingents, plans for future economic investments, and internal debates about policies such as sanctions. MA: The targets are high value assets. Two things are important: data concerning the plans and decisions taken by the targeted organizations. Second, who is who in the organizations, what are the key decision-making networks, what possible weaknesses can be used and exploited, and how the organization can be used to gain access to other organizations. Q: The Dukes are typically classified as an APT. What makes the Dukes different from other APTs? MA: APT is a good term to use with the Dukes. However, there are some specific characteristics. The multi-year campaigning with relatively simple tools sets Dukes apart from e.g. Stuxnet. Also, the Dukes are used in psychological warfare. The perpetrators can even benefit from they actions becoming public as long as some deniability remains. AL: The sophistication of the Dukes does not come as much from the sophistication of their own methods as it comes from their understanding of their targets’ methods, what their targets’ weaknesses are, and how those can be exploited. PM: They are among the most capable, aggressive, and determined actors that have been publicly identified to be serving Russian strategic interests. The Dukes provide a very wide array of different capabilities that can be chosen based on the targets, objectives, and constraints of a particular operation. They appear to be acting in a brazen manner that indicates complete confidence in their immunity from law enforcement or domestic oversight by democratic bodies. Q: There are 9 distinctive Duke toolsets. Why would a single group need 9 different malware toolsets instead of just 1? AL: The Dukes attempt to use their wide arsenal of tools to stay one-step ahead of the defenders by frequently switching the toolset used. MA: They are constantly developing the tools and using them for different targets. Its an evolutionary process meant to trick different “immunity” systems. Much like drug cocktails can trick the HIV virus. PM: The different Duke toolsets provide flexibility and can be used to complement each other. For example, if various members of the Dukes are used to compromise a particular target and the infection is discovered, the incident responders may be led to believe that quarantines and remediation have been successful even though another member of the Dukes is still able to extract valuable information. Q: Many people reading this aren’t involved in geopolitics. What do you think non-policy makers can take away from this whitepaper? AL: This research aims to provide a unique window into the world of the Dukes, allowing people not traditionally involved with governmental espionage or hacking to gauge for themselves how their lives may be affected by activity like the Dukes. PM: It is important for people to understand the threats that are associated with these technological developments. The understanding of cybersecurity should grow to the point where it is on par with the wider public’s understanding of other aspects of international security, such as military strategy or nuclear non-proliferation. This knowledge is relevant for the exercise of fundamental liberties that are enjoyed in democratic societies, including freedom of speech, freedom of the press, freedom of association, as well as of basic rights such as voting in elections. MA: The geopolitical intent is clearly present in this activity. However, the developments in this realm affects other types of cyber-attacks. Same methods spread. There is cross-fertilization, as in the case of Stuxnet that was soon adapted for other purposes by other groups. F-Secure’s Business Security Insider blog recently posted a quick breakdown on how the Dukes typically execute their attacks, and what people can do to prevent becoming a victim of the Dukes or similar threats. Check it out for some additional information about the Dukes.
Despite Apple's stringent "walled garden" approach requiring strict approvals of all software that ends up in its App Story, dozens of apps infected with XcodeGhost malware apparently made it through the store and on to millions of users' devices. The malware allows the attackers remote access, which can lead to phishing or further exploitation of vulnerabilities. Our Labs initial take on this incident is that it appears to be another case of "convenience is the enemy of security". Reports suggest developers were using a Trojanized version of Apple's official tool for working on iOS and OS X apps called Xcode. Developers may have used third-party versions of Xcode to avoid long download times. Some developers also have disabled XCode's Gatekeeper, which would've prevented installation of tainted apps, because it takes too long to run, especially on older devices. These not-so secure practices likely led to a rare breach of iOS security. F-Secure Freedome is already blocking the command and control servers used by the infected apps. This will interrupt their ability to work properly or steal information from a Freedome-protected device. You should check to make sure you have not installed any of the infected apps, which include some of the most popular apps in China, and only install apps from developers that have a track record you can trust.
The first day of September may go down in internet security history -- and not just because it's the day when F-Secure Labs announced that its blog, which was the first antivirus industry blog ever, has moved to a new home. It's also the day that Google's Chrome began blocking flash ads from immediately loading, with the goal of moving advertisers to develop their creative in HTML5. Google is joining Amazon, whose complete rejection of Flash ads also begins on September 1. "This is a very good move on Amazon’s part and hopefully other companies will follow suit sooner than later," F-Secure Security Advisor Sean Sullivan wrote in August when Amazon made its announcement. "Flash-based ads are now an all-too-common security risk. Everybody will be better off without them." Last month, Adobe issued its 12th update in 2015 for the software addressing security and stability concerns. An estimated 90 percent of rich media ads are delivered through Flash. Having the world's largest online retailer reject your ad format is a significant nudge away from the plugin. But it would be difficult to overstate the impact of Chrome actively encouraging developers to drop Flash. About 1 out of every 2 people, 51.74 percent, who access the internet through a desktop browser do it via Chrome, according to StatCounter. This makes it the world's most popular web interface by far. Facebook's Chief Security Officer has also recently called for the end of Flash and YouTube moved away from the format by default in January. “Newer technologies are available and becoming more popular anyway, so it would really be worth the effort to just speed up the adoption of newer, more secure technologies, and stop using Flash completely," F-Secure Senior Researcher Timo Hirvonen told our Business Insider blog. So what's keeping Flash alive? Massive adoption and advertisers. “Everyone in every agency’s creative department grew up using Adobe’s creative suite, so agencies still have deep benches of people who specialize in this,”Media Kitchen managing partner Josh Engroff told Digiday. “Moving away from it means new training and calibration.” And Flash does have some advantages over the format that seems fated to replace it. "HTML5 ads may be more beautiful, and are perceived to be more secure, but the files can be a lot larger than Flash," Business Insider's Laura O'Reilly wrote. In markets, stability can breed instability and it seems that our familiarity and reliance on Flash has resulted in unnecessary insecurity for our data. Has Flash hit its moment when its dominance rapidly evaporates? We can have hope. "I sincerely hope this is the end of Flash," Timo told us. Cheers, Sandra [Image by Sean MacEntee | Flickr]