According to Verizon 2012 Data Breach Investigation Report, about 80% of all victims of malware attacks are targets of opportunity. With 94% of data compromised involving servers, it is essential to pay attention to server security. And as email is one of the tools that is used on a daily basis in any business, email security is of utmost importance.
A lot of attacks have used the Blackhole exploit URLs. According to the Threat Report H1/2012 by F-Secure Labs, as many as 1 out of 25 emails contain spam with such a malicious URL which is intended to deliver a malicious payload to a victim’s computer. The Blackhole exploit kit targets vulnerabilities in the operating system, old versions of browsers such as Firefox, Google Chrome, Internet Explorer and Safari as well as many popular plugins like Adobe Flash, Adobe Acrobat and Java.
As normal spam filtering may not catch these kind of threats, it is important to understand the new forms of the spam emails. Ordinary spam definition updates are too slow and usually do not protect you from the Blackhole exploits, so Real-time URL reputation check is a must to have.
Windows and Java continue to be the most popular targets. F-Secure Threat Report H2/2012 states that a vast majority of exploit attacks in general relate to four commonly known vulnerabilities in Windows or Java, and all of these already have security patches.
With this in mind, it is essential to protect servers and email efficiently enough from attack.
F-Secure E-mail and Server Security solution uses the same awarded DeepGuard technology as Client Security, which has been given the Approved Corporate Endpoint Protection certificate by AV-Test. Check out the latest supported platforms on our Downloads page.
E-mail and Server Security was the first product launch for which I was responsible for on the marketing side here at F-Secure. And this is my first blog post in Save and Savvy as well! Time seems to have been flying since I joined the company at the beginning of March, there are so many interesting things going on.
The first day of September may go down in internet security history -- and not just because it's the day when F-Secure Labs announced that its blog, which was the first antivirus industry blog ever, has moved to a new home. It's also the day that Google's Chrome began blocking flash ads from immediately loading, with the goal of moving advertisers to develop their creative in HTML5. Google is joining Amazon, whose complete rejection of Flash ads also begins on September 1. "This is a very good move on Amazon’s part and hopefully other companies will follow suit sooner than later," F-Secure Security Advisor Sean Sullivan wrote in August when Amazon made its announcement. "Flash-based ads are now an all-too-common security risk. Everybody will be better off without them." Last month, Adobe issued its 12th update in 2015 for the software addressing security and stability concerns. An estimated 90 percent of rich media ads are delivered through Flash. Having the world's largest online retailer reject your ad format is a significant nudge away from the plugin. But it would be difficult to overstate the impact of Chrome actively encouraging developers to drop Flash. About 1 out of every 2 people, 51.74 percent, who access the internet through a desktop browser do it via Chrome, according to StatCounter. This makes it the world's most popular web interface by far. Facebook's Chief Security Officer has also recently called for the end of Flash and YouTube moved away from the format by default in January. “Newer technologies are available and becoming more popular anyway, so it would really be worth the effort to just speed up the adoption of newer, more secure technologies, and stop using Flash completely," F-Secure Senior Researcher Timo Hirvonen told our Business Insider blog. So what's keeping Flash alive? Massive adoption and advertisers. “Everyone in every agency’s creative department grew up using Adobe’s creative suite, so agencies still have deep benches of people who specialize in this,”Media Kitchen managing partner Josh Engroff told Digiday. “Moving away from it means new training and calibration.” And Flash does have some advantages over the format that seems fated to replace it. "HTML5 ads may be more beautiful, and are perceived to be more secure, but the files can be a lot larger than Flash," Business Insider's Laura O'Reilly wrote. In markets, stability can breed instability and it seems that our familiarity and reliance on Flash has resulted in unnecessary insecurity for our data. Has Flash hit its moment when its dominance rapidly evaporates? We can have hope. "I sincerely hope this is the end of Flash," Timo told us. Cheers, Sandra [Image by Sean MacEntee | Flickr]
This is the sixth in a series of posts about Cyber Defense that happened to real people in real life, costing very real money. Chris, a very ordinary businessman, was on a very ordinary business trip when he received an urgent call from one of his business partners asking him to make a money transfer. Chris was waiting for a train at a station, but he was happy to have the opportunity to help out his colleague, so he quickly pulled his laptop out of his bag to make the transfer. The account for his company-owned mobile phone was maxed out, so he wanted to take advantage of the train station’s Wi-Fi while he had a chance. He booted up his laptop and started looking for a free connection. Fortunately, “Railway_Station_Name” was open to the public – no username, password, or registration required. “Phew! Caught a lucky break there,” thought Chris. Fueled by motivation to get the job done, Chris went ahead and connected to the seemingly trustworthy network. He noticed it was a little bit slow, and not wanting to risk missing his train, he closed all the background apps and processes, including his anti-virus software. He really wanted to use the opportunity to show his initiative to his team, and he didn’t want to risk missing his meeting or not finishing the transfer because his computer was slow. He figured that as long as he avoids opening emails or browsing the web, he wouldn’t have any problems. And just like he thought, it was all over in a couple of minutes. He completed the money transfer without any issues. He shut down his laptop and hurried off to catch his train, confident that he had done the right thing by taking a few minutes to help his business partner. “A job well done,” Chris thought to himself. Chris arrived back at his hotel later that evening and booted up his laptop again to send some emails and wrap up his day. But his computer wasn’t working properly. It was slow. Error messages were spreading over his desktop like flies on spoiled fruit. He tried running an anti-virus check, but even that wouldn’t work. He decided to take it into a computer store he had passed earlier to see if they could take a look at it for him. He only had to wait at the shop for a few minutes while the store’s staff checked his laptop. “The problem is your computer’s infected by a virus – several in fact,” said the clerk. “One of the viruses disabled your AV software, and you’ve also got a ton of spyware. We’ve cleaned it up for you so you should be good to go now, but try to be more careful in the future.” The satisfaction Chris had felt earlier was suddenly gone. Now he was plagued with doubt about whether or not his information was secure, and even worse, he was concerned that perhaps the bank account he had used earlier had been compromised. He’d heard of such things happening to other people working for other companies. He thought that maybe these other people had just been suckers, scammed by some spam emails or clicking random links they found online. But now he wasn’t so sure, so he decided to change all of the passwords for his online accounts. Chris retired to his hotel, feeling stressed, and with a lighter wallet from paying the guys at the computer shop for helping him out. He told himself that he would think twice before disabling his AV software in the future. But Chris’ doubts about what he’d done, and what kind of threats he had been exposed to, continued to linger. Chris didn’t realize that he’d fallen into a trap, and connected to a rogue Wi-Fi hotspot that a hacker had prepared at the train station. These kinds of opportunistic attacks are quite common because they capitalize on people taking Wi-Fi security for granted, and are quite easy and cheap for hackers to put together. As this video shows, it’s a small feat to trick people into connecting to public Wi-Fi hotspots that hackers can use to steal account credentials and intercept communications. [youtube https://www.youtube.com/watch?v=qk2RPOBpZvc&w=560&h=315] F-Secure Security Advisor Su Gim Goh recently conducted an experiment in Hong Kong to see how many people connect to Wi-Fi hotspots without verifying that the connections are safe. He put together a Wi-Fi hotspot for less than 200 U.S. dollars, and took it to different cafes and restaurants in Hong Kong. Goh was able to determine that 55% of people automatically connected to his hotspot, which was set up to spoof legitimate connections that people want to use. “Spoofing” legitimate Wi-Fi hotspots means that the bad Wi-Fi hotspots are able to trick devices into thinking they’re legitimate hotspots that have been used before, so anyone that’s used the legitimate (“spoofed”) Wi-Fi hotspot in the past, and has their device recognize it as a preferred or safe network, will be automatically connected to the “spoofing” hotspot. Goh and many other security researchers warn people against taking Wi-Fi security for granted. “Auto-connecting is typically bad for security, so you should disable that option on your phone, or even just keep your Wi-Fi off when you’re not using it. It’s really not that hard to toggle it on/off, and it’s better than learning the hard way.”
This is the fifth in a series of posts about Cyber Defense that happened to real people in real life, costing very real money. Kamil left a business meeting and immediately took out his phone to call a client. During the conversation the device buzzed with an incoming text message. After Kamil unlocked the screen, a text popped up: “Thank you for activating the WEATHER TODAY service. You will be receiving a text message with the forecast three times a day. The daily cost of the service is one Euro. If you want to cancel your subscription, please text us ‘STOP.A133’ at 92590.” Nothing of this made any sense to Kamil. He had never activated any service on that phone. It was a company phone, he used only to contact clients. In any case, he didn’t need any weather forecasts. In order to save his company money, he quickly followed instructions from the text and cancelled the service. “Done!”, he thought and went back to his car to return to the head office of his firm, a consulting company. But this was only the beginning of his troubles... “Came to my office immediately”, read the email Kamil got from his boss Jacek two weeks later. “This must be about the contract with the bank that I finally closed,” thought Kamil and rushed upstairs to see his supervisor. “Are you out of your mind?! There an extra 500 Euro on top of your phone subscription fees because you’ve activated some extra services! You have everything you need to work, unlimited calls, online access. But I will not burn the firm’s money for some stupid extras!”, Jacek fumed. “Boss, I got a strange text about some weather forecast service, but I immediately blocked the subscription, I didn’t know there was any problem”, explained Kamil, surprised. He agreed to pay the fees out of his own pocket and immediately explain the whole situation. Jacek seemed to cool down a little, but promised that he would place a note on Kamil’s file if the issue wasn’t solved by the end of the month. “This time, I’m gonna keep it off-record, but I’m watching you”, the manager warned Kamil. Startled and confused, Kamil decided to do some online research about WEATHER TODAY. As he saw the first browser hits, he already knew he found what he was looking for. An article on a professional computer security portal reported that the activation message was a ruse used to wrangle money out of unaware recipients of the text message. It was precisely the STOP.A133 message that cost Kamil 500 Euro. He followed the article author’s advice and decided to install mobile security software that protects against spam. Having compared available options, he chose the best app from a reputable developer and never risked his job over an SMS message again. Is there anything you can do to protect yourself besides installing mobile security and not responding to unsolicited texts from unknown senders? "Some mobile operators will let you opt out of or disable billing through SMS messages," F-Secure Security Sean Sullivan explained. "It is very surprising to me that many businesses don’t demand bulk disabling by default for their employer provided plans." To get an inside look at business security, be sure to follow our Business Insider blog.