Tag Archives: security

Avast for Business adds 75,000 new customers in just two months

Luke Walling, GM of Avast for Business, had confidence in the Avast for Business product all along. But the explosion of new customers has surprised and delighted even him. Avast for Business is the industry’s first free, easy to use, cloud-managed security offering that protects small-to-medium-sized business (SMB) from cyber attacks and data breaches. The new […]

The Florentine Deception: 100% thriller, 100% plausible, 100% for charity

Symantec’s Carey Nachenberg has published an exciting new cybersecurity novel, the proceeds of which will benefit some worthy charities.

Read More

Symantec’s essential guide to today’s threat landscape. Part 1 Out now

In 2014 , the foundations of Internet security were shook by the Hearthbleed bug, a vulnerability of human-built software that reminds us of the need for vigilance, better implementation and more diligent website security.

As part of that story, we saw criminals grow more professional, sophisticated and aggressive in their tactics to the detriment of businesses and individuals.  Poodle and Shellshock provided ways to criminals to use websites to access servers, steal data and install malware;  cryptoware – variant of ransomware encrypts a victim’s files – increased significantly  and  even social media and phishing scams took advantage of people’s fears around hacking to entice them into clicking.

Symantec  has the most comprehensive source of Internet threat data in the world and also maintains one of the world’s most comprehensive vulnerability databases. Spam, phishing and malware data is captured through sources including   Symantec.cloud and other Symantec security technologies; Our websites security solutions provides 100 percent availability and processes over 6 billion online certificate status protocol looks-ups per day.  These resources give Symantec analysts unparalleled sources of data with which to identify, analyse, and provide informed commentary on emerging trends in attacks, malicious code activity, phishing and spam.

The result is the Symantec Website Security Threat Report, which gives enterprises, small businesses, and consumers essential information to secure their systems effectively now and into the future.

Let’s start to point out some of the trends in cybercrime we saw last year:

Web threats

Web threats got bigger and much more aggressive in 2014 as holes in commonly used tools and encryption protocols were exposed and criminals made it harder to escape their malicious clutches.

With no doubt, Heartbleed was the most remarkable security event last year;  a vulnerability in the OpenSSL cryptographic software library meant attackers could access the data stored in a web server’s memory during an encrypted session. Although the response was swift and within five days, that event caused many more people to take note and improve standards in SSL and TLS implementation.

ShellShock and Poodle were other example of vulnerability that appeared last year.

Of all the websites Symantec scanned for vulnerabilities in 2014, around three quarters were found to have vulnerabilities – about the same as last year, however,  the number of websites actually found with malware was much lower than last year, having reduced from 1 in 566 to 1 in 1,126.

Ecrime & Malware

Every day, personal banking details are phished by fake emails and websites. Computers infected with malware are used to send out spam or contribute to distributed denial-of-service attacks. Perhaps the most unlucky see all their files encrypted and their computer made unusable by ransomware.

The underground black market is thriving. Criminals are moving their illegal marketplaces further from public gaze; they have become more professionals and have sophisticated their cybercrime techniques.

Malware – distributed by email- has declined in 2014 but it still reminds as a very dangerous tool of cybercrime or  Ransomware, alternative way of cybercrime-  used to encrypt the data on victims hard drives and demand payment to unlock the files; both are some examples of how criminals work.

Malvertising

During 2014, we saw ransomware and malvertising cross paths as the number of victims getting redirected to the Browlock website hit new heights.

Browlock itself is one of the less aggressive variants of ransomware. Rather than malicious code that runs on the victim’s computer, it’s simply a web page that uses JavaScript tricks to prevent the victim from closing the browser tab.  But iIt’s not just ransomware that malvertising helps to spread: malicious adverts also redirect to sites that install Trojans.

From the website side, it is hard to prevent malvertising, as they have no direct control over the ad networks and their customers. However, site managers can reduce risk by choosing networks that restrict ad functionality so advertisers cannot embed malicious code in their promotions. And of course, when selecting an ad network, due diligence goes a long way.

15948-Symantec-WSTR-403x403fb-V2_0.jpg

Download your free copy of the Symantec Website Security Threat Report Part 1 here: https://www.symantec-wss.com/uk/WSTR-2015-1/social

Discover more about today’s threat landscape in Part 2 of the WSTR. Coming soon.

Stay up to date on potential changes to RC4 encryption algorithm

Twitter Card Style: 

summary

index.jpg

All the major browsers provide “security user interface”, meaning visual elements to inform the user of the security of their connection to the web page they’re visiting. Up until now, those interface elements were tied to the use of SSL/TLS certificates served by the web site. For example, if you went to http://www.example.com, no special elements would be displayed, but if you visited https://www.example.com, you would see a lock icon indicating the presence of a trusted SSL/TLS certificate. You would also see in the address bar the name of the company responsible for the web site, if the web site used an EV certificate. Most browsers change user interface indicators for mixed content (when a secure page loaded scripts, images or other content from a non-secure site).

Some browser vendors are planning to warn users about potential weaknesses in RC4, a popular stream encryption algorithm used in various ciphersuites defined for SSL/TLS, by changing their security user interfaces.

Concerns about RC4 have led the Internet Engineering Task Force (IETF) TLS Working Group to declare that “RC4 can no longer be seen as providing a sufficient level of security for TLS sessions.”, even though it was the preferred method of defense against the BEAST attack years ago.

If your browser and the website you’re visiting negotiate to use a ciphersuite that includes RC4, browsers will warn you by a security user interface change. If the site has an EV certificate, the browser may decline to show the EV display. This is important to understand, since users may expect that security user interface warnings indicate a problem with the website’s certificate, but there may be nothing wrong with the certificate or its chain.

Perhaps more importantly, browser vendors are considering security user interface warnings if RC4 is used in any sub-connection used to build a page. Recall that most modern web pages are built on the fly from multiple sources: static images may be served by a Content Distribution Network (CDN), scripts may come from open source sites, and seal images may be served by the Certificate Authority that issued the website’s certificate. The use of RC4 in any of those connections could result in a broken lock icon or the loss of EV display.

We’re not arguing that it’s unwise to warn about RC4 in a sub-connection – we’re just concerned that many website owners may assume something is wrong with their certificate, and it’s very difficult to determine which sub-connection used RC4 and was responsible for the user interface downgrade. Browser vendors can help by developing enhanced error reporting that pinpoints the cause of the downgrade, allowing website owners to quickly remediate the problem. By the way, remediation would consist of re-configuring the offending web server to de-prioritize or remove those ciphersuites that use RC4. Modern alternatives exist that do not use RC4 and therefore are not affected by its weaknesses.

Symantec provides web-based tools like SSL Toolbox to detect problems with SSL/TLS certificates and chains. We’re also investigating tools and methods to locate websites that still use RC4, to help our customers address RC4-related issues and restore favorable security user interface indicators.

2015 ????????????????????????????

      No Comments on 2015 ????????????????????????????

第 20 期的賽門鐵克網路安全威脅研究報告 (ISTR) 顯示,網路攻擊者正透過綁架公司的基礎架構來滲透網路,同時也會透過一般使用者的智慧型手機和社交媒體從他們身上敲詐一筆。

Read More

2015 Internet Security Threat Report: Attackers are bigger, bolder, and faster

Volume 20 of Symantec’s Internet Security Threat Report (ISTR) reveals that cyberattackers are infiltrating networks and evading detection by hijacking company’s infrastructures, while also extorting end-users via their smartphones and social media.

Read More