vulnerabilities

If you think that you and your company are not a target for malware attacks, think again

vulnerabilitiesAccording to Verizon 2012 Data Breach Investigation Report, about 80% of all victims of malware attacks are targets of opportunity. With 94% of data compromised involving servers, it is essential to pay attention to server security. And as email is one of the tools that is used on a daily basis in any business, email security is of utmost importance.

A lot of attacks have used the Blackhole exploit URLs. According to the Threat Report H1/2012 by F-Secure Labs, as many as 1 out of 25 emails contain spam with such a malicious URL which is intended to deliver a malicious payload to a victim’s computer. The Blackhole exploit kit targets vulnerabilities in the operating system, old versions of browsers such as Firefox, Google Chrome, Internet Explorer and Safari as well as many popular plugins like Adobe Flash, Adobe Acrobat and Java.

As normal spam filtering may not catch these kind of threats, it is important to understand the new forms of the spam emails. Ordinary spam definition updates are too slow and usually do not protect you from the Blackhole exploits, so Real-time URL reputation check is a must to have.

Windows and Java continue to be the most popular targets. F-Secure Threat Report H2/2012 states that a vast majority of exploit attacks in general relate to four commonly known vulnerabilities in Windows or Java, and all of these already have security patches.

With this in mind, it is essential to protect servers and email efficiently enough from attack.

F-Secure E-mail and Server Security solution uses the same awarded DeepGuard technology as Client Security, which has been given the Approved Corporate Endpoint Protection certificate by AV-Test. Check out the latest supported platforms on our Downloads page.

E-mail and Server Security was the first product launch for which I was responsible for on the marketing side here at F-Secure. And this is my first blog post in Save and Savvy as well! Time seems to have been flying since I joined the company at the beginning of March, there are so many interesting things going on.

Cheers, Eija

More posts from this topic

682390157_3d1f46917e_b

Cyber Defense – A Cat and Mouse Race

F-Secure Chief Research Officer Mikko Hypponen appeared on the BBC recently to talk about cyber security, data breaches, and “dadada.” [youtube=https://www.youtube.com/watch?v=o19KaRl2ihQ&w=560&h=315] During the interview, Mikko described the current state of cyber security as a “cat and mouse race between the attackers and between the defenders.” It might not be as exciting as watching Formula 1 or a marathon, but it’s not as dull as writing some software that stops computer viruses. It’s about actions and reactions - it’s a race. So where do the defenders go to talk shop? Well, this week they’ll be congregating at the annual CyberDef-CyberSec Forum in Paris. CyberDef-CyberSec is an annual event that brings together various stakeholders in the cyber security and cyber defense fields to share knowledge and discuss issues. This year’s event is expected to be massive, with 55,000 industry professionals from 143 countries, as well as 173 official delegations and 700 journalists, slated to attend. F-Secure’s joint sponsoring this year’s event, and sending some of our cyber security experts, including Mikko to share their insights on the threat landscape facing people, companies, and governments. Mikko will be giving a 45-minute talk called “The Cyber Arms Race” that explores the evolution of online threats into weapons for cyber warfare. Also making an appearance is F-Secure’s cyber security guru Erka Koivunen, and F-Secure Regional Head of Corporate Sales Olivier Quiniou. Both will touch on how today’s cyber threats are wreaking havoc on the cyber security of companies. Erka’s talk, entitled “Data Breaches eat CEOs for Breakfast”, may be particularly poignant in the aftermath of the recent firing of the CEO of FACC – an aircraft component manufacturer that was hit by a cyber attack earlier in the year. Olivier, meanwhile, will be giving a 15-minute speech about the chaos cyber attacks can cause for companies. You can check out the program for the conference for dates and times. [Image by dougwoods | Flickr]

June 13, 2016
BY 
F-Secure fellow in Cyber Security Services

7 Questions for Javier, an F-Secure Cyber Security Expert

You know you're a technical security consultant when you can say the best part of your job is breaking things. Javier Moreno is passionate about improving enterprise security - and to make a technology better, he breaks it first. The thrill of figuring out a software's weakness drives Javier, but also the knowledge that he's providing secure technology to the customer. As a Senior Security Consultant, Javier is one of our experts in F-Secure's Cyber Security Services (CSS) unit. CSS helps organizations enhance their overall security to protect against cyber attacks. (And they're hiring! Interested in joining them as they strive to be the leading and most trustworthy security assessment team in Europe? Check out our open positions.) So what's it like to work in CSS? I asked Javier about his job, what he likes about F-Secure, and how he ended up here in the first place.   What do you in your role? I perform security assessments of all sorts of technologies. In short, either break them or know where they will break, and then help improve those technologies. Fortunately, our internal processes are quite optimized so we don't have to deal with much bureaucracy. That means I can focus on the work that I am most interested in. For me, that's reading code, disassembling binaries, thinking about how a framework will break or will be misused, and programming small tools to aid my process. It takes patience! I really enjoy figuring out new things. What is Cyber Security Services all about? CSS is about establishing a trust relationship with our customers and challenging them to improve their security, while providing them with the necessary information and tools to have an advantage. We perform technical assessments for our customers, and also advise the C-level and counsel them on security and risk management. We've grown to cover many topics: application and network security, incident response, embedded systems, transportation security and more. What do you like about working in Cyber Security Services? For me the best part of CSS is the people on the team. We all rely on each other, learn from each other, and in the end we provide the best results to our customers. Our team in CSS is big and skilled enough to cover many facets. We really love security.   "End users should not be expected to understand the consequences of technologies, so it's our task to provide them with things that are secure and safe by default."   What is the most exciting part of your job? As a security consultant, I have to say it - it's when something breaks! It's the thrill of working on something that is obscure and difficult to understand at first, and how that untangles to the point where you can control it. Do you feel like you are making a difference in the world? The technologies the modern world is built on require security to run properly. Whether we like or not, end users should not be expected to understand the consequences of technologies, so it's our task to provide them with things that are secure and safe by default - built-in! I am not a savior of anything, but I sure like to do my job well and put a lot of effort into it. Our passion is what makes the difference for our customers and users. What is your ultimate dream job? I don't think there's an "ultimate" job. I try to do the best I can in every area: offensive, defensive, designer, builder, breaker, conceiver of next step. I always try to mix consulting with research and the latter is what is more interesting to me. What path brought you to this position with F-Secure? My background, rather than being in computer science, is in telecommunications engineering. The University in Spain was much more theoretical than practical and it covered a lot of topics, so I ended up with quite a multidisciplinary profile, something in between hardware and software. I started in the space field, but infosec was my hobby for a long time and soon I started doing it full time, moving away from the typical engineering path. In any case, in this field, degrees and certifications generally mean nothing - they are just enablers, a jumpstart. Infosec is a very broad field of work and requires passion, maybe even obsession, if you want to cover enough aspects and be good enough. In 2010, I moved to Germany to pursue a more interesting security market and have been part of F-Secure's CSS Germany team for over a year now.   Want to learn more about a career with F-Secure Cyber Security Services? View our various open positions in sales, risk/security management, technical consulting, and people management.    

June 3, 2016
BY 
Could the Sony and Hacking Team hacks have been detected sooner?

Hacks in the Headlines: Two Huge Breaches That Could Have Been Detected

The Sony hack of late 2014 sent shock waves through Hollywood that rippled out into the rest of the world for months. The ironic hack of the dubious surveillance software company Hacking Team last summer showed no one is immune to a data breach - not even a company that specializes in breaking into systems. After a big hack, some of the first questions asked are how the attacker got in, and whether it could have been prevented. But today we're asking a different question: whether, once the attacker was already in the network, the breach could have been detected. And stopped. Here's why: Advanced attacks like the ones that hit Sony and Hacking Team are carried out by highly skilled attackers who specifically target a certain organization. Preventive measures block the great majority of threats out there, but advanced attackers know how to get around a company's defenses. The better preventive security a company has in place, the harder it will be to get in…but the most highly skilled, highly motivated attackers will still find a way in somehow. That's where detection comes in. Thinking like an attacker If an attacker does get through a company's defensive walls, it's critical to be able detect their presence as early as possible, to limit the damage they can do. There has been no official confirmation of when Sony's actual breach first took place, but some reports say the company had been breached for a year before the attackers froze up Sony's systems and began leaking volumes of juicy info about the studio's inner workings. That's a long time for someone to be roaming around in a network, harvesting data. So how does one detect an attacker inside a network? By thinking like an attacker. And thinking like an attacker requires having a thorough knowledge of how attackers work, to be able to spot their telltale traces and distinguish them from legitimate users. Advanced or APT (Advanced Persistent Threat) attacks differ depending on the situation and the goals of the attacker, but in general their attacks tend to follow a pattern. Once they've chosen a target company and performed reconnaissance to find out more about the company and how to best compromise it, their attacks generally cover the following phases: 1. Gain a foothold. The first step is to infect a machine within the organization. This is typically done by exploiting software vulnerabilities on servers or endpoints, or by using social engineering tactics such as phishing, spear-phishing, watering holes, or man-in-the-middle attacks. 2. Achieve persistence. The initial step must also perform some action that lets the attacker access the system later at will. This means a persistent component that creates a backdoor the attacker can re-enter through later. 3. Perform network reconnaissance. Gather information about the initial compromised system and the whole network to figure out where and how to advance in the network. 4. Lateral movement. Gain access to further systems as needed, depending on what the goal of the attack is. Steps 2-4 are then repeated as needed to gain access to the target data or system. 5. Collect target data. Identify and collect files, credentials, emails, and other forms of intercepted communications. 6. Exfiltrate target data. Copy data to the attackers via network. Steps 5 and 6 can also happen in small increments over time. In some cases these steps are augmented with sabotaging data or systems. 7. Cover tracks. Evidence of what was done and how it was done is easily erased by deleting and modifying logs and file access times. This can happen throughout the attack, not just at the end. For each phase, there are various tactics, techniques and procedures attackers use to accomplish the task as covertly as possible. Combined with an awareness and visibility of what is happening throughout the network, knowledge of these tools and techniques is what will enable companies to detect attackers in their networks and stop them in their tracks. Following the signs Sony may have been breached for a year, but signs of the attack were there all along. Perhaps these signs just weren't being watched for - or perhaps they were missed. The attackers tried to cover their tracks (step 7) with two specific tools that forged logs and file access and creation times - tools that could have been detected as being suspicious. These tools were used throughout the attack, not just at the end, so detection would have happened well before all the damage was done, saving Sony and its executives much embarrassment, difficult PR, lost productivity, and untold millions of dollars. In the case of Hacking Team, the hacker known as Phineas Fisher used a network scanner called nmap, a common network scanning tool, to gather information about the organization’s internal network and figure out how to advance the attack (step 3). Nmap activity on a company internal network should be flagged as a suspicious activity. For moving inside the network, step 4, he used methods based on the built-in Windows management framework, PowerShell, and the well-known tool psexec from SysInternals. These techniques could also potentially have been picked up on from the way they were used that would differ from a legitimate user. These are just a few examples of how a knowledge of how attackers work can be used to detect and stop them. In practice, F-Secure does this with a new service we've just launched called Rapid Detection Service. The service uses a combination of human and machine intelligence to monitor what's going on inside a company network and detect suspicious behavior. Our promise is that once we've detected a breach, we'll alert the company within 30 minutes. They'll find out about it first from us, not from the headlines. One F-Secure analyst sums it up nicely: "The goal is to make it impossible for an attacker to wiggle his way from an initial breach to his eventual goal." After all, breaches do happen. The next step, then, is to be prepared.   Photo: Getty Images

May 31, 2016
BY