sony key

Do you have your door open for malware attacks?

The number of exploit attacks against known vulnerabilities continues to increase. The target is to install malware into the targeted system and to gain benefits for the criminals behind the attack.

According to F-Secure Threat Report H1/2013, the majority of Top 10 detections from the last six months involved exploits. Java is the most popular entry point and therefore, disallowing Java plug-ins might make sense.  Java vulnerabilities have allowed attackers to use even classic forms of attack, known for about ten years already.

Image

The table clearly shows that the users do not seem to understand the importance of security patches since exploits can target vulnerabilities that have had a patch for over 5 years!

On the other hand, exploit kits find their way to the market unbelievably fast – the F-Secure Threat report tells: “Java vulnerability CVE-2013-2423; a Metasploit module targeting this was first published on April 20th, and a day later we noticed in-the-wild attacks against it had already gotten underway by the CrimeBoss exploit kit”.

Why is it so hard to keep pace with the critical security updates then?

First, the number of patches releases is huge. For example, Microsoft alone recently published 13 patches against 47 bugs in its Patch Tuesday security update. Add to that the Java updates, Adobe updates, and all the rest of the products, and the number of necessary updates in a business environment can be devastating. Second – would the IT administrator always know which software is installed on which machine?

F-Secure Software Updater, an automated patch management tool integrated in the security clients, can help manage the huge task of keeping on top of the critical security updates. It follows the philosophy: find it, fix it, and forget it.

Cheers, Eija

More posts from this topic

Best Protection 4 Years in a Row, AV Test, F-Secure

MMMMMMMMM! The sweet taste of history

What smells so good? Could it be history? On Tuesday, F-Secure's corporate security team traveled to Dresden to pick up its fourth straight Best Protection award from AV-Test.org. We are now the only vendor in the history of the award to win the honor four years in a row. “Since 2011, F-Secure's security product has been a guarantee of high protection in corporate environments,” says Andreas Marx, CEO of AV-TEST. That's four years straight of the industry's best protection in a solution that provides the technology that's the basis for all of our security solutions. Success like this doesn't just mean we're good once in a while. It means we're the best every day, as the award goes to the solution that provides the most consistent protection throughout the year. We blocked 955 out of 958 real-world threats -- a 99.67 percent blocking rate --  and 112,059 out of 112,090 wide-spread malware with an astounding 99.97 percent blocking rate. That means we're about 2.67 - 2.97 percent above the industry standard. All this means if you don't use F-Secure, you could be exposing your business to thousands of more possible infections every month. You can compare these results to our competitors here. How do we do it? It's kind of like building the perfect sandwich. F-Secure Client Security layers antivirus on top of firewall on top of antispyware on top of rootkit scanning. We slather on the browsing protection to block dangerous websites. But it's not enough to block the threats we know about. That's where the secret sauce comes in. Our DeepGuard engine provides protection that reads criminals minds. As AV-Test's Andreas Marx said, “F-Secure is secure, innovative, and straightforward.” Excuse us. This is making me very hungry. We need to take a bite. Cheers, Sandra      

Feb 19, 2015
Sony Pictures

5 obvious things your business needs to know about the Sony hack

Since news of the now infamous "Sony hack" broke, some experts have been skeptical that the government of Kim Jong Un was directly behind what appears to be the "worst hack any company has ever publicly suffered." Before the hackers dumped emails designed to humiliate the company then posted a note on Pastebin threatening the release of the "The Interview" with the ominous line “Remember the 11th of September", our Security Advisor Sean Sullivan posited a theory. He suggested that "the attack was an attempted shakedown and extortion scheme." Few companies are as vulnerable to public acts of humiliation -- thus as vulnerable to extortion -- as a global media company. But nearly every company risks potential massive financial damage from the exposure of confidential data. So what does that mean for you and your business. Here are five simple takeaways that may seem obvious to you but may not have seemed so clear to Sony: 1. If your business' network is going to be breached, it's probably going  start with an employee clicking on an email attachment. "It’s interesting that, while the array of tools is diverse, the basic methods of gaining access to a victim’s environment are not," Verizon noted in its most recent Data Breach Investigations Report. "The most prolific is the old faithful: spear phishing. We (and others) have covered this ad nauseam in prior reports, but for both of you who have somehow missed it, here goes: A well-crafted and personally/professionally-relevant email is sent to a targeted user(s), prompting them to open an attachment or click a link within the message. Inevitably, they take the bait, at which point malware installs on the system, a backdoor or command channel opens, and the attacker begins a chain of actions moving toward their objective." With the wealth of information available about executives online, targeting an infected email attachment to a specific user remains the most reliable method of penetrating a network. Most of us have been using email long enough to know that a message with a file included that reeks of unprofessionalism may be dangerous. But if the email seems crafted and personal, we still may be fooled. Security education will never cure the plague human error, which is why your IT department is working overtime to break the "delivery-installation-exploitation chain". Still the basic caveat applies: Never open an attachment you weren't expecting. 2. Don't store your passwords in a folder called "Passwords". Seems obvious. But it appears Sony may have done just that. Verizon reports that credentials are the number one hacker target. With 62 percent hacks not discovered until months after a network has been hacked, the intruders will have plenty of time to poke around. Don't make it easy. 3. Plug the holes. Keep all of your system, application and security software patched and protected -- especially browsers. Don't use Java plugins. Or get protection like F-Secure Software Updater that keeps you patched seamlessly. 4. Links in email can be as dangerous as attachments. It turns out that years of indoctrination have has some effect. Users are more skeptical of attachments than of links in emails that can lead to "drive-by" web attacks and/or phishing scams -- but not skeptical enough. About 8 percent will click on an email attachment while "18 percent of users will visit a link in a phishing email. Users unfamiliar with drive-by malware might think that simply visiting a link won’t result in a compromise." 5. Remember that email is forever. Dance like no one is watching; email like it may one day be read aloud in a deposition. — Olivia Nuzzi (@Olivianuzzi) December 13, 2014 Cheers, Sandra

Dec 30, 2014
GAMEOVER ZEUS botnet
Aug 28, 2014
BY