Techie- Tech

Tuesday, April 20, 2021

PROTECTION AGAINST RANSOMWARE

The ransomware is not a new threat, although the advancement of technology has brought sophistication and diversification of the attacks. Until now, cybercriminals sent malware infections through malicious links or emails, hoping that some user would open the file and thus be able to encrypt a company's data.

But, despite the fact that this type of malware is still active, the current trend is marked by attacks on well-known software applications and large corporations, directly affecting backup. For this reason, more than ever, cloud storage for companies is being so important.

The types of infectious attacks

Today we can differentiate between three types of attacks.

Deletion of backup repositories in the cloud

They are implemented by remote desktop protocols in which cybercriminals steal domain credentials, encrypt data, and delete files from the backup repository.

Massive attacks

They have a great reach. They pick their victims at random, hoping that a user will click on a malicious link or download a file

Inclusion of 'malware' in the backup

It is not detected. The malware lays dormant and reinfects the system while the backup is being restored.

There are companies specialized in blocking and detecting any type of unauthorized malicious code that tries to penetrate the backup copies in the cloud for companies. This isolates the malicious file and all information is safely restored.

How to protect cloud backups for business?

The developers of these malicious programs are aware that backup in the cloud is a very effective defence and that makes them modify the malware in order to remove and track the backups.

Although ransomware was a great threat just a few years ago, evolution has been necessary and its creators take advantage of the latest vulnerabilities to take action. Using of an updated antivirus software is must for protection against ransomware. There are several families and when an exploit is used that infects a system, it can move laterally and create a larger target.

Infection in backups

It will delete any of the backups found along the way. One of the common tactics is to delete the automatic copies of files that Windows generates.

There are other variants that remove hidden backups and volumes. This version is not specific for backups, but it does put the simplest solutions at risk, such as those that result in data residing on shared file resources.

Opportunistic attacks

Not all current backups are vulnerable. Usually, the infectious file going after them is not a deliberate action, but an opportunistic one. Depending on the malware, the system is routinely scanned for specific files, and if it finds a backup file extension, it will almost certainly encrypt it. It tries to spread and infect as many systems as possible.

Is it possible to protect systems and backups?

Yes, it is possible to protect backup copies by taking a series of precautions such as the following.

Isolate backups

The more barriers between an infected system and its backups, the more difficult it will be for the malicious program to access it. One of the most common mistakes is using the same authentication method for backups in different places.

When it is detected that a user's account is compromised, the first thing the criminal wants to do is increase his privileges. If the backup system uses the same authentication, it will be easy to take control of everything.

To avoid this, it is convenient to have independent authentication systems, with different passwords, to make this step more complex.

Complete Windows backups with other additional and more tools. Additional backups and third-party tools that are not part of Windows' default settings can help us defend against ransomware by encrypting or deleting local file backups.

If things are not done the same way, the malware will not know which backups to delete. If an employee becomes infected with something, they can erase it and restore it from backup.

ADVANTAGE OF TELEWORKING IN COMPUTER SECURITY

ADVANTAGE OF TELEWORKING IN COMPUTER SECURITY

Teleworking is on the rise. But beyond its many practical aspects, what about IT security? Some tips and points of vigilance to avoid pitfalls.

Teleworking is attracting more and more employees in the private sector. Nevertheless, working from home inevitably raises the question of computer security. To avoid any danger, here are some cybersecurity measures to put in place for your teleworking employees.

Teleworking and cybersecurity: challenges to be met

The many advantages offered by working from home are actually tending to attract more and more workers. However, computer security issues still contribute to fuelling employers' reluctance to work from home.

To fully exploit the advantages of teleworking, it is therefore necessary to take the appropriate measures to best secure the data and anticipate the risks of cyberattacks. Ultimately, the challenge is to secure the workstations of teleworkers as well as the workstations installed in the company's premises.

In the office as in telework, priority to secure networks.

Although working from home is in a familiar environment, it is essential to pass work data through secure virtual private networks (VPN). VPN networks are designed to connect company computers directly to those of teleworkers. This precaution prevents data from being directly intercepted as is the case on unprotected internet networks.

In addition, the computers of teleworkers must benefit from the same protection measures as those of the company's IT equipment, with antivirus software and other threat detection tools.

Use a single, secure terminal for professional activities

To avoid risks in terms of IT security, it is essential that your employees work on their professional terminals, previously validated by your service provider or IT department. Indeed, the multiplication of non-compliant terminals in terms of security to access professional data increases the risk of cyber-attacks.

Access to data must also be strengthened. The use of an identifier and a password to secure the computer is necessary, so that no third party or person close to the teleworker can use this workstation.

Make teleworkers aware of risky IT behaviour

Finally, we must not forget that the best material protection will not be immune to faults of human origin. Raising teleworkers' awareness of good cybersecurity practices must therefore also be carried out at the same time for effective security.

Also make sure that your teleworking employees have direct, competent contacts available 24 hours a day, to whom they can turn if in doubt about the security of their IT system. In the event of a cyber-attack, contamination from one workstation to another, even remotely, can be extremely rapid. Another tip: set up an IT security charter to maximize the vigilance of teleworkers. It may include warnings about risky behaviour that could lead to security breaches.

By way of example, this IT security charter may thus include the following recommendations:

· Prohibit any sending of professional mails and / or files via personal messaging to reduce the risk of information leaks;

· Avoid any connection to unreliable public WIFI. It is also preferable to opt for a wired connection;

· Do not give access to your professional computer to those close to you to avoid the risk of improper handling;

· Take the time to regularly update the security settings;

· Avoid the use of external devices for data transfers knowing that USB drives and external hard drives can easily be infected with malware.

Just by adopting these best practices, many IT security risks can be avoided!

Ensuring Internet Safety by Parental Control

Ensuring Internet Safety by

Parental Control

Beyond academic connections and family video conferences, the Internet can be a dangerous place for minors. For this reason, we must know the main threats that exist on the Internet and implement the necessary measures to reinforce Internet safety for children.

WHAT ARE THE THREATS ON THE INTERNET FOR CHILDREN?

The dangers that most children face when surfing the internet can be grouped into three types of risks:

· Exposure to inappropriate content. Vulgar language, hate speech and violent images can have a detrimental effect on minors. More than 55% of children between the ages of 10 and 12 have been exposed to violent content on the Internet and almost 60% have encountered sexually explicit material.

· Cyber bullying. Cyberbullying is any intimidating activity carried out through any type of electronic communication (social networks, e-mail, etc.). Almost 34% of 12-17 year olds have experienced Cyberbullying at some point in their life.

· Online predators: Adults who use the Internet to attract minors for abusive purposes are considered online predators. Most of the victims of this type of bullying (78%) are girls.

INTERNET SAFETY TIPS FOR CHILDREN IN THE FACE OF INAPPROPRIATE CONTENT

The best way to keep children safe from exposure to inappropriate content is to teach them to protect themselves and take some preventive measures:

· Teach them to navigate safely. Make sure your kids know how to identify safe pages and block pop-up ads. Explain how to keep their mail safe, warning them not to open attachments or reply to messages from strangers.

· Limit their access to inappropriate content. Use a content filter, block all unsafe websites and hire a cybersecurity service that protects your digital life and that of your family with an advanced parental control system. Prepare to react. Develop a plan to put in place in case your child encounters any type of inappropriate content, preparing the appropriate responses to help him handle the situation.

How to protect minors from Cyberbullying

To protect your kids from cyber bullying, keep the following tips in mind:

· Teach them to spot danger and ask for help. Explain what Cyberbullying is and give them tools to detect it. Talk to them about what types of communication are acceptable and encourage them to ask for help with any interaction that makes them feel bad. Monitor their activity. Put your computer in a common space, use a shared email account, and if you let your kids interact on social media, make sure you have access to their accounts.

· Set limits. Explain to them what the risks of chatting and social media are and always follow the age restrictions. If you allow them to use these applications, put a time limit and establish rules of use.

HOW TO MAKE YOUR HOME A CYBER-SAFE PLACE

If you want to strengthen Internet security for your children, the cybersecurity service, which includes the ADT Alarm , has all the tools to transform your home into a cyber-safe place for your children: from an advanced parental control system to certification tools electronic for cases of digital violence.

In addition, the ADT Alarm includes the ADT Plus Protection service, in collaboration with Legálitas, to advise you and solve any legal aspect related to the safety of your family, Cyberbullying or online predators, and the protection of your home.

Difference between Firewall & Antivirus Software

Difference between

Firewall & Antivirus Software

Firewall and antivirus are mechanized to provide security to our system. Although the vulnerability is different in both cases. The main difference between Firewall and Antivirus is that a Firewall ac

Firewall and antivirus are the mechanisms to provide security to our systems. Although the vulnerabilities are different in both cases. The main difference between Firewall and Antivirus is that a Firewall acts as a barrier to incoming traffic to the system.

On the contrary, the antivirus protects against internal attacks such as malicious files, etc.

Firewall and Antivirus functions in different approaches like Firewall emphasize on inspecting the data flowing from the Internet to the computer. In contrast, an antivirus emphasizes the inspection steps for malicious programs, such as detection, identification, and removal.


Basis for comparison	Firewall	Antivirus

Implemented in	Both hardware and software	Software only
Operations carried out	Monitoring and filtering (specifically IP filtering)	Scanning of infected files and software.
Deal with	External threats	Internal and external threats.
The inspection of the attack is based on	Incoming packages	Malicious software residing on a computer
Counter attacks	Routing attacks and IP spoofing	Unable to perform counterattacks once malware has been removed

Definition of firewall

A firewall can be considered as a standard approach that protects local computing assets from external threats. A firewall is designed to filter out IP packets that come from the network to the computer. It is also an effective way to protect the local system as well as against the network, and you can simultaneously access the Internet or a wide area network.

Characteristics of a firewall

· First of all, it ensures that all traffic coming from the outside to the inside or vice versa is transferred through it.

· Only authorised traffic transfer is allowed through the firewall (as described in the security policy).

· It uses a reliable system with a secure operating system that makes it robust against penetration.

Firewall types

· Packet filters - Packet filters are also called as screening router and screening filter. The packet filter passes (forwards or drops) the packet after applying a set of rules and decides based on the result.

Although the security of packet filters can be breached through IP spoofing, source routing attacks, and small fragment attacks. The advanced type of packet filters is the dynamic packet filter and the stateful packet filter.

· Application Gateway - Also known as the proxy server. Since it behaves as a proxy or replacement and decides on the flow of traffic at the application level and hides the source IP from the outside world.

· Input circuit - It is similar to the application gateway, but has some additional functionality, such as creating a new connection between itself and the remote host. It is also capable of changing the source IP address in packets from the end user IP. This is how you hide the original IP address of the source.

Limitations

· Inside attacks cannot be blocked by the firewall and they are not preventing it either.

· It cannot protect against malicious attacks.

Definition of ANTIVIRUS

An antivirus is application software that provides security against malicious programs that come from the internet. However, it is extremely difficult or almost impossible to avoid them entirely from the internet connected world.

Antivirus follows an approach in which it performs detection, identification, and removal.

· Detection - On detection, the software is aware of the malware attack and locates the infected file or program.

· Identification - After detection, it recognizes the type of virus.

· Removal - Lastly, the antivirus takes steps to remove the infected file and all its traces restore the original backup file / program. If detection completes successfully and identification and removal are not possible, then Antivirus discards the infected file and reloads the infection-free backup version.

Several generations of antivirus have evolved due to the improvement in viruses and antivirus technology. Previously, this was not the scenario before viruses were simple snippets of code that were easily identified and removed.

Generations of antivirus.

1. 1st generation - These are simple scanners that necessarily needed the virus signature to determine the particular virus. This type of scan was limited to the specific virus of the firm. If any "wildcard" viruses arrive, they didn't work.

2. 2nd generation - These antivirus software programs did not rely on the virus signature but instead used the heuristic approach to search for the possible virus attack. The approach was to search for blocks of code that were generally related to viruses.

3. 3rd generation - This involves memory-resident antivirus software programs that recognize viruses based on their activities, rather than structure.

4. 4th generation - These software programs combine many antivirus techniques together, such as scanning, monitoring, etc. They are also known as behavior blocking software that is incorporated with the computer's operating system and watches virus-like actions in real time. Every time an uncertain action is detected, it is blocked, preventing further damage. Emphasizes virus prevention rather than virus detection.

Limitations

· The antivirus only supports CIFS (Common Interface File System) protocol, not NFS file protocol.

· It is practically not feasible to provide virus protection for files that are simultaneously read as they are written.

· It is not possible to perform an anti-virus check on read-only files.

· A firewall can be used in both software and hardware, while Antivirus can only be implemented in software.

· The antivirus performs a scanning operation that also involves detection, identification and removal. Rather, the firewall monitors and filters incoming and outgoing packets.

· Firewalls deal with external attacks only while Antivirus deals with both external and internal attacks.

· At the firewall, inspection of the attack relies on incoming packets by applying a set of rules. On the contrary, in antivirus, infected files and malicious programs are inspected / scanned.

· IP spoofing and routing attacks are the techniques that can violate security, especially in the case of packet filters (type of firewall). On the other hand, in antivirus, counterattacks are not possible once a malware is purged.

Conclusion

Firewall and Antivirus appear similar, providing a mechanism to protect a computer from external and internal threats. Although the type of attack may differ in both cases.

A firewall prevents untrusted and unauthorized programs from having access to communicate with the computer, but it does not perform detection, identification, and removal. Rather, it restricts and blocks incoming / outgoing traffic from reaching the computer. On the other hand, the antivirus detects, identifies and removes malware (malicious program) from the computer.

Reasons Of Having An Antivirus

Reasons Of Having An Antivirus

"Is it really necessary to have an antivirus installed on my devices?" Giving an affirmative or negative answer to this question, which is often heard in different environments, from the most technical and specialist to end users without much knowledge of technology, never takes a short time. It usually generates long discussions about the performance of the team, the usability of the security solutions, the privacy of the user and a number of other topics that often extend the conversation. I already know that when working in a security company like ESET, you will be thinking that my answer is going to be strongly biased towards yes, which is totally true; However, as a security professional who has been working on these issues for several years, I have learned a lot about threats and their ways of spreading. Therefore, I am going to list seven facts that will help you form an idea about what to do.

1. Diversity of threats

Today there are many types of threats that we find spreading and affecting users. Although the term "antivirus" was coined in the collective subconscious, this type of tools have evolved from detecting only computer viruses to becoming complete security solutions, which provide many other functionalities such as firewall , antispam and anti-phishing filters or scanning of memory, among others, that provide comprehensive protection to the system and allow you to navigate safely in the current context of threats.

2. Variety in the way of spreading

Undoubtedly, the use of Social Engineering is one of the main mechanisms used by attackers to spread their threats and many times user interaction is needed to run a file, open a document or download something on their mobile device. From there, the infection begins.

However, it is not the only thing that attackers use, as there are techniques that do not require a user to interact with the threat in order for it to be installed. For example, injecting an iframe into a vulnerable website can lead an attacker to install something on the user's device without the user being aware of what is happening. But a security solution will detect this malicious behavior.

3. Growth in the number of detections

A few years ago, when I started working at ESET, we talked about that on average around 200,000 different samples were processed every day; at the end of 2016 this number was close to 300,000. This without forgetting that, only from ESET, updates of several thousand signatures for malware targeting Windows are released every few days.

If to the above we add the fact that everything we see in ESET is not the only thing that can happen in the cybercrime ecosystem, these numbers may be higher.

4. Vulnerable technologies accommodate different threats

Computer threats not only take advantage of flaws and vulnerabilities in particular versions of an operating system, but also in applications, which opens the possibility of an infection regardless of the version of the operating system used. In addition, to the above is added the variety of languages used by attackers, which extend their possibilities of affecting systems: from compiled languages to scripting they are used to attack various platforms.

5. Affected platforms

Without a doubt, most malicious code is focused on affecting Windows operating systems, but it is becoming increasingly common to find threats to other systems such as Mac OS X or Linux , despite the fact that many continue to believe in their invulnerability. There is even malware for mobile systems like Android or iOS, so it's time to understand that there are no risk-free platforms.

6. Concentration of threats

It is a reality that a security solution will not stop all the attacks that a user may be a victim of, but it will serve to prevent infection in the vast majority of cases. Considering the growth in the amount of malicious code circulating, it is important not to leave protection to chance.

7. Use of the device

The use that is given to the device is essential to prevent infection. When it is shared, the chances of being a victim of a cybercriminal increase; For example, have you thought about what your son, cousin, uncle or girlfriend can download when you lend him your equipment so that he can be distracted for a while?

Beyond the discussion about who you should or should not lend your phone to, someone who gains control for a moment could execute something malicious by mistake or ignorance. And if we talk about strangers, the possibility increases and includes the potential intention to do harm.

It is true that having a security solution is not enough. Ensuring that we are going to be safe goes beyond just having an antivirus installed: knowing the threats and how they spread, in addition to making adequate use of technology, mainly keeping operating systems and applications updated , help to have real protection against all kinds of threats.

There are those who say that having an ANTIVIRUS SOFTWARE installed extends the possibility of an attacker to compromise a system, because they could take advantage of the vulnerabilities of these tools. And to a certain extent they are right: installing a new application on the system extends the attack surface. But, in this particular case, there are many more threats that it helps prevent than it could cause. Also, if we are talking about a product backed by a reliable security company with a track record in the market (that's right, I was also thinking about ESET) these problems are solved very quickly, preventing an attacker from taking advantage.