The value of security

emmaMalware is becoming more sophisticated, actively resisting traditional detection technologies. This development is posing new challenges to security companies. According to independent test organizations, almost one out of ten malware attacks succeed.

One in ten – sounds like a lot, but what does this mean in practice?

One of our product managers illustrated the significance of a high threat detection rate with a practical example. On average, an employee faces two malware per year (depending on the Internet usage profile of the users and the other layers of the protection, of course). In a company of 500 employees, with a detection rate of 92%, 80 infections in total will pass the traditional malware protection. If the detection rate is 99%, only 10 attacks out of one thousand will succeed. A minor difference in percentage points can make up a major difference in practice.

With this in mind, we believe that detection rate is a key factor in the value of security.

With businesses spending sizable sums of money to clean up damage from malware, high malware detection rates take on greater importance. Have you ever wondered how much it costs to have your business down for one day? Companies are not only spending for malware cleanup, but costs are also incurred as a result of lost productivity, loss of data (such as trade secrets, intellectual property and private customer data), investigation, and post-incident management. And how about your company’s reputation – how much is it worth? Add all these together, and malware that has gone undetected can have serious ramifications to a business. And that’s exactly why even a one percent higher detection rate can save thousands.

Recent examples of attacks with possibly multifold consequences include the patient records of an Australian medical centre held to ransom, as well as Internet advertising network NetSeer suffering a hack that also affected any Web page that included an ad served from NetSeer’s servers – among others several high profile Web sites and news agencies. And these are only a tiny fraction of all the examples out there.

Cyber attacks are not only costly to large enterprises, but also affect small and medium sized businesses (SMBs). Small firms are increasingly popular targets for attacks, as they are not as likely to be adequately protected. In fact, according to Verizon 2012 Data Breach Investigation Report, 79% of data breach victims from the past year were targets of attacks mainly because they were found to possess an exploitable weakness rather than because they were pre-identified targets. In addition, the same study states that victims don’t usually discover their own incidents, but they’re typically discovered by third parties only weeks or months after the initial instance – when significant damage has already been done.

To stay on top of the latest threats, we are launching F-Secure Client Security 10 that provides proactive protection for corporate desktops and laptops. It offers enhanced security with DeepGuard 4 threat detection technology that has been tested by AV-TEST with top-notch scores against new malware. In these independent tests for preventing new “zero-day” malware attacks, DeepGuard 4 performs at 98 to 100%, while the industry average hovers around 90 percent.

So why does detection rate matter? The answer is simple: even a single incident can be one too many.

And that’s why our aim is to “Protect the Irreplaceable.”

More posts from this topic

ransomware gangs, cybercrime unicorn

Could Criminals Make A Billion Dollars With Ransomware?

Bitcoin has not only changed the economics of cybercrime by providing crooks with an encrypted, nearly anonymous payment system autonomous from any central bank. It's also changed researchers' ability to track how much money criminals are making. "Bitcoin is based on Blockchain, and Blockchain is a public ledger of transactions. So all Bitcoin transactions are public," explains Mikko Hyppönen, F-Secure's Chief Research Officer. "Now, you don’t know who is who. But we can see money moving around, and we can see the amounts." Every victim of Ransomware -- malware that encrypts files and demands a payment for their release -- is given a unique wallet to transfer money into. Once paid, some ransomware gangs move the bitcoins to a central wallet. "We've been monitoring some of those wallets," Mikko says. "And we see Bitcoins worth millions and millions. We see a lot of money." Watching crooks rake in so much money, tax-free, got him thinking: "I began to wonder if there are in fact cybercrime unicorns." A cybercrime unicorn? (View this as a PDF) A tech unicorn is a privately held tech company valued at more than a billion dollars. Think Uber, AirBNB or Spotify -- only without the investors, the overhead and oversight. (Though the scam is so profitable that some gangs actually have customer service operations that could rival a small startup.) "Can we use this comparison model to cybercrime gangs?" Mikko asks. "We probably can’t." It's simply too hard to cash out. Investors in Uber have people literally begging to buy their stakes in the company. Ransomware gangs, however, have to continually imagine ways to turn their Bitcoin into currency. "They buy prepaid cards and then they sell these cards on Ebay and Craigslist," he says. "A lot of those gangs also use online casinos to launder the money." But even that's not so easy, even if the goal is to sit down at a online table and attempt to lose all your money to another member of your gang. "If you lose large amounts of money you will get banned. So the gangs started using bots that played realistically and still lose – but not as obviously." Law enforcement is well aware of extremely alluring economics of this threat. In 2015, the FBI’s Internet Crime Complaint Center received "2,453 complaints identified as Ransomware with losses of over $1.6 million." In 2016, hardly has a month gone by without a high-profile case like Hollywood Presbyterian Medical Center paying 40 Bitcoin, about $17,000 USD at the time, to recover its files. And these are just the cases we're hearing about. The scam is so effective that it seemed that the FBI was recommending that victims actually pay the ransom. But it turned out their answer was actually more nuanced. "The official answer is the FBI does not advise on whether or not people should pay," Sean Sullivan, F-Secure Security Advisor, writes. "But if victims haven’t taken precautions… then paying is the only remaining alternative to recover files." What sort of precautions? For Mikko, the answer obvious. "Backups. If you get hit you restore yesterday’s backup and carry on working. It could be more cumbersome if it’s not just one workstation, if your whole network gets hit. But of course you should always have good, up to date, offline backups. And 'offline' is the key!" What's also obvious is that too few people are prepared when Ransomware hits. Barring any disruptions to the Bitcoin market, F-Secure Labs predicts this threat will likely persist, with even more targeted efforts designed to elicit even greater sums.  If you end up in an unfortunate situation when your files are held hostage, remember that you're dealing with someone who thinks of cybercrime as a business. So you can always try to negotiate. What else do you have to lose?

August 24, 2016
BY 
NanHaiShu_blogpost_image

Hadn’t We Figured the Whole Email Attachment Thing Out?

  F-Secure Labs recently released an analysis of the NanHaiShu Remote Access Trojan, which they believe was used to target "government and private-sector organizations that were directly or indirectly involved in the international territorial dispute centering on the South China Sea." So what does it look like when you're hit with a cyber attack that may involve some of the most powerful nations on earth? This: Pretty harmless, right? But click on that attachment and you've invited hackers -- possibly even attackers backed by a nation-state -- into your network. An attachment owning fools in 2016? The first piece of internet security advice you ever heard was probably, "Don't click on attachments you weren't expecting!"So who'd click on that?! Employees at prestigious international law firms, government agencies and possibly even the world's most powerful political parties. So how is this happening? Maybe it's a lesson that doesn't sink in, no matter how many times you've heard it. Or maybe cyber criminals have just gotten so good at tricking us with them that, like so many old threats, it's new again. Give that this method of infection is being used by attackers at the highest levels of cyber espionage, we have to assume the latter. Where attackers used to send mass emails out with infected attachments hoping to infect just a small percentage of the recipients, these new attacks utilize "spearphishing" techniques. "These are communications that appear legitimate — often made to look like they came from a colleague or someone trusted — but that contain links or attachments that when clicked on deploy malicious software that enables a hacker to gain access to a computer," The Washington Post explained. These emails are carefully crafted or "socially engineered" to seem relevant. Often, as in the case above, they play on our greatest desires, such as money in the form or salary or bonus information. One big reason attackers have gotten so much better at targeting us is that so many of us have decided to make details about our lives public via social media. This is why hackers love your LinkedIn profile. So should you scrub your profile and hide in a time capsule to avoid these attacks? You should definitely be mindful that strangers know more about you than ever and be wary of of strange email that seems overly eager to get you to click on a link or attachment. But these threats are so pervasive and potentially harmful, that they need to be addressed at an organizational level. Our Labs team put together a Threat Intelligence Brief with several recommendations for avoiding RATs like NanHaiShu, including disabling the opening of email file attachments sent from unverified sources as an enforced policy for all installed email programs. That way, you're unlikely to be the weak link that attackers are always looking for.  

August 11, 2016
BY 
Christine Bejerasco

Meet the Online Guardian Working to Keep You Safe

Every time you go online, your personal privacy is at risk – it’s as simple as that. Whether you’re creating an account on a website, shopping, or just browsing, information like your email, IP address and browsing history are potential targets for interested parties.   All too often, that information is sold on or sometimes even stolen without you even knowing it. And the threats to our online privacy and security are evolving. Fast.   As F-Secure’s Online Protection Service Lead, Christine Bejerasco’s job is to make life online safer and more secure.   “We’re basically online defenders. And when your job is to create solutions that help protect people, the criminals and attackers you’re protecting them against always step up their game. So it’s like an arms race. They come up with new ways of attacking users and our job is to outsmart them and defend our users,” Christine says.   Sounds pretty dramatic, right? Well that’s because it is. While it used to be that the biggest threat to your online privacy was spam and viruses, the risks of today and tomorrow are potentially way more serious.   “Right now we’re in the middle of different waves of ransomware. That’s basically malware that turns people’s files into formats they can’t use. We’ve already seen cases of companies and individual people having their systems and files hijacked for ransom. It’s serious stuff and in many cases very sad. If your online assets aren’t protected right now you should kind of feel like you’re going to bed at night with your front door not only unlocked but wide open.”   Christine and her team of 11 online security superheroes (eight full-time members and three super-talented interns) are on the case in Helsinki.   Here’s more on Christine and her work in her own words:   Where are you from? The Philippines   Where do you live and work? I live in Espoo and work at F-Secure in Ruoholahti, Helsinki.   Describe your job in 160 characters or less? Online guardian who strives to give F-Secure users a worry-free online experience.   One word that best describes your work? Engaging   How long is a typical work day for you? There is no typical workday. It ranges from 6 – 13 hours, depending on what’s happening.   What sparked your interest in online security? At the start it was just a job. As a computer science graduate, I was just looking for a job where I could do something related to my field. And then when I joined a software security company in the Philippines, I was introduced to this world of online threats and it’s really hard to leave all the excitement behind. So I’ve stayed in the industry ever since.   Craziest story you’ve ever heard about online protection breach? Ashley Madison. Some people thought it was just a funny story, but it had pretty serious consequences for some of the people on that list.   Does it frustrate you that so many people don’t care about protecting their online privacy? Yeah, it definitely does. But you grow to understand that people don’t value things until they lose it. It’s like insurance. You don’t think about it until something bad happens and then you care.   What’s your greatest work achievement? Shaping the online protection service in the Labs from its starting stages to where we are today.   What’s your idea of happiness? Road trips and a bottle of really good beer.   Which (non-work-related) talent would you most like to have? Hmmm… tough. Maybe, stock-market prediction skills?   What are your favorite apps? Things Stumbleupon   What blogs do you like? Security blogs (F-Secure Security blog of course and others – too many to list.) Self-Help Blogs (Zen Habits, Marc and Angel, etc.)   Who do you admire most? I admire quite a few people for different reasons. Warren Buffett for his intensity, simplicity and generosity. Mikko Hyppönen for his idealism and undying dedication to the online security fight. And Mother Theresa for embodying the true meaning of how being alive is like being in school for your soul.   Do you ever, ever go online without protection? Not with systems associated to me personally, or with someone else. But of course, when we are analyzing online threats, then yes.   See how to take control of your online privacy – watch the film and hear more from Christine.  See how Freedome VPN will keep you protected and get it now.

July 14, 2016
BY