Author Archives: Panda Security

Cyber Security Glitch Puts an End to Google Plus

Google is the next technology conglomerate to fall victim of cybersecurity issues. Earlier this week, an investigation done by the Wall Street Journal confirmed that over the last few years a cyber-security glitch in the Google Plus social network has been exposing the personal information of nearly half a million people to third-parties.

The data has been exposed to developers in a way similar to how Facebook ended up sharing the details of millions of its users to Cambridge Analytica. The private information includes personal information of people from all over the world, including US citizens. Google came under fire as senior executives at the company confirmed that they have known about the breach for more than six months but have failed to disclose it. The search giant claims that even though the personal information of hundreds of thousands of people was exposed in the data breach, the leaked data has never been misused.

In a blog post, Google’s fellow and vice president of engineering Ben Smith confirmed that they had patched the bug back in March and the glitch did not cause a leak of sensitive information such as SSN and credit card details. The Alphabet-owned company also confirmed that no other parts of the company were affected by the breach and no other data from other Google services such as Gmail, Docs, Drive, Calendar was affected. According to the tech giant, the exposed data include names, gender, contact details, occupation, and age of Google Plus users.

Soon after the issue became public, the Alphabet-owned company confirmed that the data exposure is real and announced plans to shut down the consumer side of Google Plus for good. The social network was created as a response to Facebook but never managed to come even close to tackling down Mark Zuckerberg’s social media empire. Google’s social network will not be missed by many – according to Google, the consumer side of the social network currently has an extremely low usage – the sessions of only 10% of the people accessing the platform last longer than 5 seconds. Alphabet’s social media network will be closing over the next ten months.

What should you do?

Apart of hoping that the developers who had access to your personal information are not hackers who will try to take advantage of your leaked details, now is time to install anti-virus software and wave goodbye to the social network by deleting your Google Plus profile. To completely remove your account, you can go to your Gmail account and click on your profile picture that appears in the upper right-hand corner. Then you can go ahead and click on ‘Google+ Profile,’ and then go on your left to ‘Settings,’ and scroll all the way down to ‘Delete your Google+ profile.’ Better safe than sorry.

Download Panda FREE Antivirus

The post Cyber Security Glitch Puts an End to Google Plus appeared first on Panda Security Mediacenter.

Cryptojacking: A hidden cost for your company

Cryptojacking a hidden cost

In 2018, cryptojacking has become the leading threat to the security of electronic devices. However, unlike other cybercriminal trends, it has done so without making headlines around the world. It could even be the case that you’re being affected by it right now, without even noticing. But with a 4,000% at the start of the year, it is obvious that this is a serious threat, no matter now sneaky it is.

To keep cryptojacking from undermining your company’s reputation and putting you business’s continuity at risk, Panda Security presents the report, Cryptojacking: A hidden cost:

Download the whitepaper

What is it?

Cryptojacking is the unauthorized use of a user’s device to mine cryptocurrencies: attackers use malware to get onto computers, tablets or smartphones, and exploit part of their processing power to mine cryptocurrencies.

What effects does it have?

This attack has multiple negative consequences, which can include an extreme rise in your electricity bill, a serious slowdown in your computers, and even physical damage to devices.

To protect you from this threat, here at Panda Security we have the following tips:

  • Carry out periodical risk evaluations to identify vulnerabilities.
  • Analyze resources to make sure there is no unusual activity.
  • Thoroughly investigating any spikes in IT problems related to unusual CPU performance
  • Careful with your browser. If you suspect that cryptojacking is getting in via websites, install plugins to block these sites on your browser.
  • Regularly update all the company’s devices and systems.
  • Use an advanced cybersecurity solution that provides key characteristics such as detailed visibility of the activity on all endpoints, and which allows you to control all running processes. This is exactly what Panda Adaptive Defense does.

Find out more in the report A Hidden Cost, and don’t become the next victim.

Download the whitepaper

The post Cryptojacking: A hidden cost for your company appeared first on Panda Security Mediacenter.

Who is to blame for the majority of data breaches? 

Who is to blame for the majority of data breaches? 

The risk consulting firm Kroll recently published a report showing that in the United Kingdom the number of security incidents that have led to data breaches has grown by 75% in the last two years. The most affected sector is healthcare, with 1,214 registered security incidents, which represents a 41% growth in the period analyzed. This is followed by service companies, with 362 incidents; education and childcare, with 354; and local public administration, with 328. But, who is responsible for most of these data breaches? Is it always cyberattackers?

Internal responsibility

The analysis carried out by Kroll indicates that the number of security incidents caused by human error within organizations is far higher than those caused by external cyberattacks. Specifically, 2,124 incidents that can be attributed to human errors were registered, compared to just 292 corresponding to cyberattacks.

The most common incidents due to human error within organizations include data sent to the wrong recipient (447 incidents), loss of documents (438), and data left in an insecure location (164). The loss of theft of unencrypted devices such as pen drives is another frequent case shown in the report, with 133 incidents. In any case, Andrew Beckett,  Managing Director and EMEA Leader for Kroll’s Cyber Risk Practice, highlighted with the report that, “a big regulatory change is behind the increase in this reporting of incidents”. That is to say, the implementation of the GDPR.

Discover Panda Data Control

The impact of the GDPR

Beckett underlines the fact that “Reporting data breaches wasn’t mandatory for most organisations before the GDPR came into force, so the  recent rise in the number of reports is probably due to organisations’ gearing up for the GDPR. Now that the regulation is in force, we would expect to see a significant surge in the number of incidents reported”.

This focus coincides with a topic we discussed in a previous blog post: reports for apparent non-compliance have increased in several countries. In this sense, it is possible that some businesses overshot the mark, and, despite the fact that they were already compliant with the new regulations, decided to send out an email to their users asking for permission to receive notifications. But, in spite of this, it’s worth taking it seriously, since the consequences of breaching the GDPR are extremely serious for two reasons:

  • It has a strong negative impact on the company’s accounts, given that non-compliance can lead to penalties of up to €20 million or 4% of the company’s global annual turnover.
  • It seriously undermines the business’s credibility, since, both in the minds of the public and within the sector, the company’s image will be associated with this violation.

How to avoid data breaches

The first step, as ever, is awareness and prevention:  by law, it is necessary that all employees that manage personal information and data know the limits and obligations defined by the GDPR, as wells as the requirements that it demands for the processing, storage, and use of this data.

It’s also worth having company files that contain personally identifiable information audited, along with the users, employees or collaborators, and computers and servers that can access this information. It’s useful to carry out risk analysis for how data is treated within the company, establishing impact evaluations, and making sure the procedures for notifying the authorities of leaks are correctly implemented.

Finally, it is important for the company to have the capability to monitor and detect possible leaks or anomalous behavior in the use of files containing personal data in real time, with the aim of mitigating the breach as quickly and efficiently as possible once it has been detected. 

To this end, it is very good idea to use solutions like Panda Data Control, that are capable of discovering, auditing and monitoring unstructured personal data (data that isn’t in a database or that is stored in some other data structure) on all endpoints. This way, it is possible to avoid unwanted access to your company’s sensitive data, guaranteeing that all personal data is registered and traced, and simplifying compliance with regulations such as GDPR and PCI-DSS.

The post Who is to blame for the majority of data breaches?  appeared first on Panda Security Mediacenter.

What is Machine Learning – and how can it protect you?

Computers are not only becoming faster, but also smarter. A new technology called “Machine Learning” (or ML for short) is changing the way companies process and analyse information – but these developments have important implications for you too.

So, what is Machine Learning?

Computers that can teach themselves

In the past, computers have been very limited in what they can do. You fed information in, and some pre-configured software analysed that data using some very limited algorithms to generate useful insights. Very large companies could adjust and update those algorithms, but the process takes time, effort and cash.

Machine Learning changes the scenario slightly. Instead of having people build and adjust the algorithm, the computer is trained to do the job on its own. Data is fed into the system, and the ML engine searches for patterns and statistically important information automatically.

Once trained, the Machine Learning system can analyse huge amounts of data more quickly – and more accurately – than a human. Which means that businesses using ML can make decisions more quickly and improve the quality of service they offer to their customers.

What does that mean for you?

Machine Learning is already working behind the scenes at many companies, so you may have encountered it without even realising. Take the Google Translate service for instance. In the past, Google had to program the translation between two languages – like English and Japanese.

Using all the information gathered by their search engine, Google then built the Google Neural Machine Translation (GNMT) to translate between different language pairs. The system can now convert Japanese to Korean without ever having been “taught”. And because the ML teaches itself, the quality and accuracy of translation continues to improve.

Using Machine Learning to keep you safe

Machine Learning can be applied to almost any challenge – including keeping you safe online. Panda has now integrated artificial intelligence into the Dome product line to better protect their users for instance.

In the past, anti-malware products could only detect known viruses – and there was always a delay between malware being discovered, and a fix being developed. Until a fix is released, your computer was unprotected, leaving you at an increased risk of infection.

Our new artificial intelligence-driven system is a lot smarter. Panda Dome monitors every process running on your computer – including the ones you can’t see. It then detects every fluctuation and change, blocking anything suspicious before your computer can be infected.

Panda Dome is constantly learning – from your computer and all the others it is installed on across the world. This allows the anti-malware engine to learn to detect suspicious behaviour even more quickly, blocking malware before it has been officially recognised, categorised and patched. Total security is virtually instant thanks to the power of machine learning.

To learn more about ML-powered anti-malware – and to better protect your computer and smartphone right now – download a free trial of Panda Dome here.

The post What is Machine Learning – and how can it protect you? appeared first on Panda Security Mediacenter.

Online ads: a potential way in for XSS attacks

Online ads: a potential way in for XSS attacks

Pretty much nobody likes to see adverts when they browse the Internet. But the fact is that we’ve come to accept them as a necessary evil. Another thing is interstitial ads, or the banners that jump from one place to another covering up content, and which, without a shadow of a doubt, end up giving a bad user experience.

However, if only this were the only harm that these ads could cause; at times, the banners we see most often day to day can end up becoming a real cybersecurity problem and a lure for cybercrime, especially in the business environment.

A draw for XSS attacks

The researcher Randy Westergren has found one of these security bugs. As he has been able to demonstrate, there is a kind of ad that is particularly vulnerable: those that are activated using the iFrame Buster, which makes a banner expand when the cursor is passed over it.

Westergren affirms that a significant (but unspecified) amount of these ads allow iFrame Buster to trigger an XSS attack that can access the website in question’s cookies, as well as the DOM (Document Object Model – the structure that prioritizes the elements generated by the browser when it loads a website) and several other identification services. If this happens while the employee of a company is browsing the Internet, this malware could obtain information or a way into the company, all of which would put the whole organization’s corporate cybersecurity in serious danger.

A more wide-spread problem that it may seem

When we see this kind of threat, it’s always tempting to think that the attacks only happen on strange, fringe websites, or websites that no one in their right mind would trust. However, nothing could be further from the truth: Randy Westergren asserts that it has even infected ads managed by Double Click, Google’s own ad service.

And the fact is, as the expert puts it, the problem doesn’t necessarily lie in the ads themselves, nor in the browsers. The issue starts with advertising agencies, which often choose to develop their own iFrame Busters. This leads to them being incorrectly developed, giving rise to these points of entry being opened up.

Thus, the danger isn’t confined to just sporadic, marginal websites, but rather it is also found on large sites, many of which can be visited by any employee in a company, even if they are on the website for strictly professional reasons. It is therefore not a case of an employee spending their time browsing websites for their own enjoyment and endangering their company’s cybersecurity; the danger can even get in when someone is working effectively.

So the cybercriminals that make use of these tactics will have it easier than ever, since they won’t even need to keep employees busy with suspicious websites or activities; they’ll be able to reel in these employees when they’re browsing normal websites.

How to avoid these attacks

XSS attacks can cause serious problems for corporate cybersecurity, which means that companies of all kinds must be on the look out to keep cybercrime from knocking at their doors. They can do so in two ways:

1.- Raising awareness. We’ve said it on numerous occasions: most of the time, employees are the weakest link in the chain of cyberattacks, becoming the perfect victims because of their lack of knowledge about the potential risks they’re exposing themselves to. This is why it is so important that companies ensure at least a minimum of awareness about cybersecurity: making sure employees don’t trust suspicious websites, extending banners, sites that request more permissions than expected and so on. In any case, anyone can be a potential victim, which means, if they have even the slightest doubt, employees must refer any suspicion to the cybersecurity team to keep the attack from spreading to the rest of the company in the case of an intrusion.

2.- Cybersecurity solutions. Cybersecurity can never depend on employee awareness alone, so it’s vital that companies have cybersecurity services and solutions such as Panda Adaptive Defense, that not only act in case of an incident, but also work preventively, analyzing the possible risks, and constantly updating security protocols in the face of new threats. In the case of vulnerabilities in third party applications, as would be the case here, it’s also vital to have a specific solution that also automatically manages updates and necessary patches – a solution like Panda Patch Management.

Problems with corporate cybersecurity don’t necessarily have to get in using organized cyberattacks, nor with attachments in emails: they can happen even when browsing normally, so companies must stay vigilant to keep cybercrime from getting into their company.

The post Online ads: a potential way in for XSS attacks appeared first on Panda Security Mediacenter.

What would happen if an attack interrupted a country’s power supply?

What would happen if an attack on vital infrastructures interrupted a country’s power supply?

When we think about cyberattacks, we tend to imagine the loss of a large chunk of our data, or not being able to work for several hours. In the case of companies, the risk increases considerably, since they can lose confidential information and face serious cybersecurity problems, as well as problems for the running of their business. But what happens when a cyberattack affects a basic service? What if we’re suddenly left without power?

That is exactly what the US Department of Energy has set out to determine: in November of this year, it is going to simulate a cyberattack on the electrical grid to analyze the consequences of an event like this that could bring the whole country to a standstill.

During the drill, the American Government will mainly analyze three factors: firstly, where the attack is coming from and what its intentions are; secondly, how it has affected the supply, and how the service can be brought back; and thirdly, to what point the system can run using just its own internal resources.

Increasingly frequent attacks

The Department of Energy’s experiment is not something trivial: according to the report The State of Security in Control Systems Today, one third of critical infrastructures have been hit by an attack at some point. What’s more, crypto attacks are also on the up, and cyberattacks on industrial control systems (ICS) have doubled throughout 2018, according to a report from the Valencian International University.

For large companies and public administrations, this is nothing new. The Ukrainian Government experienced this a little under two years ago when several power stations were suddenly left unable to provide electricity. It was all down to the malware BlackEnergy, which, as well as attacking these critical infrastructures, prevented the computers from restarting.

The British Government is no stranger to this situation either. In this case it was the arrival of WannaCry, which took over the IT infrastructure of the NHS, causing operations to be cancelled and preventing nurses from providing emergency assistance.

But public administrations aren’t just on the receiving end of critical infrastructure attacks: they can also cause them. That is what the US Government did in 2010, when it launched the worm Stuxnet to disable 1,000 centrifuges in the nuclear plant that the Iranian Government owns in the Natanz region. This action demonstrated that those who carry out these attacks don’t necessarily have to be cybercriminals aiming to make a quick buck.

How to curb cyberattacks on critical infrastructure

Companies and public administrations face great risks for their cybersecurity, and this danger increases even more when we talk about critical infrastructure.  To help answer the question of how this kind of problem can be prevented, attacked, or solved, PandaLabs has launched its report, Critical Infrastructure: Cyberattacks on the backbone of today’s economy. It also presents a series of recommendations, such as:

1.- Detection of weak points. To act preventively, large organizations must protect their corporate cybersecurity by carrying out a complete analysis of their IT systems in order to detect any vulnerabilities or weak points. Not only must these points be protected, but they must also receive greater attention, or be isolated from the rest of the system if it is deemed that there is a high risk of attack.

2.- Protection of systems. When it comes to protecting different services, organizations must watch out for their security by outlining all possible attack scenarios and reinforcing the points of resistance of each of them even if it is just to slow down the attacker.

3.- Automatic reaction. Companies not only need to predict the arrival of a cyberattack, but they also need to know how to respond to one if it becomes inevitable. Here, swiftness is key: simple action protocols and rapid (and even automatic) responses must be designed to solve the problem as quickly as possible.

3.- Alternative channels If an attack affects a company or a public body, the normal course of action is to turn off the machines until it’s fixed. But what if the attack is on some kind of infrastructure that provides a basic service, such as electricity, that must be restored as soon as possible? In those cases, the organization needs to keep protecting their corporate cybersecurity, as well as having alternatives to restart the supply while they are fixing the underlying problem.

The post What would happen if an attack interrupted a country’s power supply? appeared first on Panda Security Mediacenter.

Ten useful tips for online security in Cybersecurity Awareness Month

Ten tips for Cybersecurity Awareness Month

October marks Cybersecurity Awareness Month, an annual awareness campaign intended to encourage greater safety and protection among all computer users. Launched in 2004 by the National Cyber Security Alliance (NCSA) and the US Department of Homeland Security (DHS), the initiative has now spread to Europe and Latin America, among other regions, as recognition of the importance of educating citizens about cyber-risks increases.

In Europe, events, campaigns and other initiatives are being held by The European Union Agency for Network and Information Security (ENISA), as well as at a national level, with special attention paid to digital skills, education, and emerging technologies. In the UK, there will be events such as the European Cyber Security Challenge 2018 in London, and Decisions and Disruptions: An Interactive Cyber Security Workshop in Bath.

Cybersecurity: a shared responsibility

In today’s interconnected world, it is no longer viable for cybersecurity to be the sole responsibility of cybersecurity professionals; it must become a shared responsibility, which requires efforts at all levels of organizations and, more generally, of society.

In the last few months, the need for close collaboration in the subject of cybersecurity has been reaffirmed in order to face, among other threats, cyber espionage activities carried out by certain countries. At the start of October, the British Government accused the Russian military intelligence agency, the GRU, of carrying out a series of cyberattacks. Shortly afterwards, it was revealed that a joint operation between the United Kingdom and the Netherlands had managed to stop a Russian cyberattack on the Organisation for the Prohibition of Chemical Weapons.

Now more than ever, the smallest actions can have the greatest positive impact. The events mentioned above attest this need. And at Panda Security we are aware of our responsibility as part of the cybersecurity sector.

This is why, in September, we joined The Cybersecurity Tech Accord, a key accord among a group of leading companies from around the world in the interest of defending an equitable, global cybersecurity — an accord that over 60 leading technology and security companies have already joined.

However, it is also important to recognize that it is difficult to know what to do if you are not a cybersecurity professional. With this in mind, the signatories of the Cybersecurity Tech Accord have prepared this survival kit for Cybersecurity Month, with ten simple measures that will help individuals and companies to protect their online security:

  1. Always change your default passwords, for each of your accounts, and change them at least once a year to keep your personal information safe;
  2. Use multifactor authentication whenever possible, as well as secure passwords, to confirm your identity when you log into your accounts;
  3. Use a firewall to block unauthorized access to computers and devices;
  4. Be sure to keep your operating system, browser, and other software up-to-date with security patches to minimize threats from viruses and malware;
  5. Limit what you do over public Wi-Fi and use software that creates a secure connection over the internet such as a Virtual Private Network (VPN) to safely connect from anywhere;
  6. Practice safe surfing and shopping, checking that the site’s address starts with “https”, instead of just “http”;
  7. Enable privacy settings and increase the default security settings of the software you use;
  8. Be selective when sharing personal information as this could be used by hackers to guess passwords and logins;
  9. Do not downloaded pirated software, as it that is not only illegal, but almost always includes some type of malware;
  10. Back up your data, either to an external hard drive or the cloud, as this is the easiest way to recover from a ransomware attack.

Cybersecurity Month also creates a unique opportunity to get more involved in the different initiatives all around the world that seek to generate greater awareness of cybersecurity.

Among these initiatives are official certification programs to guarantee the highest standards of protection and to help the consumer to have the most advanced levels of security. Panda Adaptive Defense has the “Common Criteria EAL-2” certification, the Centro Criptológico Nacional (National Cryptology Center) “Qualified IT Security Product” qualification and the “High ENS (National Security Framework)” classification, making it the only EDR solution with these certifications

Cyberattacks are expected to increase in frequency and complexity in the years to come. The Cybersecurity Tech Accord signatories agree with the sentiment that the Internet is a shared resource and securing it is a shared responsibility. If everyone takes collective action to protecting our online environment, the digital society that we live in can become stronger, safer, more resilient and more resistant from future cyberattacks.

The post Ten useful tips for online security in Cybersecurity Awareness Month appeared first on Panda Security Mediacenter.

Watch out! The risks associated with BGP, FTP, and NTP protocols

The risks associated with BGP, FTP, and NTP protocols

Most of the news about attacks that use basic Internet protocols focuses on the World Wide Web. This means that HTTP and DNS are usually the key players, and as such, many policies, and a lot of the cybersecurity software in use, are mainly focused on these protocols. However, there are also risks related to other protocols that can also be used by cybercriminals as attack vectors. These protocols are BGP, NTP and FTP. All three can mean real risks for a company’s information, and at times they don’t receive the attention they deserve given the potential threat that they can pose. Below, we’ll look into what each of them implies and how cyberattackers can use them.

BGP

The Border Gateway Protocol is used to exchange routing information between autonomous systems – that is, those groups of IP networks that have their own, independent policies. Essentially, it is a protocol used by large nodes on the Internet to communicate between themselves and convey a large quantity of information between points on the network. For this reason, one of the risks related to this protocol is that, for the vast majority of users, it is very complex, and companies only start to work directly with this protocol when they have their own large scale networks.

An example of an attack using this protocol was the leaking of information from cryptocurrency wallets, as the provider Cloudflare explained. In general, the cyberattacker manages to “trick” the network into redirecting companies’ or users’ IP prefixes, and when the network responds in order to send information, this information is leaked to the cyberattacker.

Diagram of attack with protocols
Diagram of the attack (Source: Cloudfare)

NTP

The Network Time Protocol (NTP) is mainly used to synchronize clocks on the computers on a network. However, older versions of the protocol on some networks also have a monitoring service that allows administrators to compile a list of the 600 hosts that have connected to the server, via a command called Monlist. The cyberattackers leverage this feature by carrying out a “reflex attack”: they send a package with a false IP address, through which they obtain the list from the Monlist command. Afterwards, they amplify it by carrying out a denial of service attack (DDoS) that can leave the connection of all addresses of the hosts on the list temporarily out of action.

FTP

Although HTTP is used more and more often to send files, the old file transfer protocol (FTP) is still present on many systems and in many companies. Given that it wasn’t originally designed to be a secure transfer protocol, it has many vulnerabilities that attackers can take advantage of. This is exactly what happened last year. The FBI warned of an attack on FTP servers belonging to hospitals and dental clinics that aimed to access patients’ medical records by exploiting a vulnerability that uses an anonymous mode of FTP: older FTP servers can be accessed with a common user name such as “anonymous” or “ftp”, with no need to introduce a password or user name.

How to avoid attacks via these protocols

As we commented before, these protocols are less common for cyberattackers than HTTP, but that doesn’t mean that they’re going to stop posing a risk to companies. This is why organizations must follow certain general guidelines to prevent attacks that use them.

  • Adoption of MANRS: The MANRS (Mutually Agreed Norms for Routing Security) are a joint initiative created by network operators and Internet exchange points (IXPs) with the aim of developing stronger routing security to avoid, among other things, BGP attacks. Any large company that has broad control over its networks and nodes should adopt them.
  • Updating networks and their protocols: the most common attacks over NTP protocols happen because outdated versions are being used. The same thing happens with FTP, since it is a primitive protocol that, by default, wasn’t designed with encryption for the exchange of files (for this, there are encrypted modes: FTPS). IT teams in companies should use the most up-to-date versions of these protocols in order to avoid potential cyberattacks.
  • Correct configuration of servers An incorrectly configured FTP can allow cyberattackers a way in if they connect in anonymous mode. A configuration of the FTP server that requires a secure password is already a more complex barrier for the attacker. In the same way, the NTP protocol can leave its list of hosts exposed if it doesn’t have its accesses correctly configured.
  • Advanced cybersecurity solutions: as well as all the above, it is vital that companies of any size have an advanced cybersecurity solution active on all endpoints – one that is able to prevent, detect, and neutralize attacks at all times.

The post Watch out! The risks associated with BGP, FTP, and NTP protocols appeared first on Panda Security Mediacenter.

Enrique Ávila: “Cybersecurity isn’t negotiable: the loss of resources can mean the end of your company”

Enrique Ávila guest post

Enrique Ávila has a privileged point of view from his position: he is the director of the Spanish National Center for Excellence in Cybersecurity (CNEC), a key organization when it comes to the subject of cybersecurity. It integrates three core capacities: the university as a center for generating knowledge, companies for providing economic support and innovation, and the national law enforcement agencies as the main users of technologies and knowledge in the fight against cybercrime. Our subject, then, knows the evolution of cybercriminality in Spain like the back of his hand, as well as the efforts of this country to fight it, and the struggle to make companies and citizens aware of this subject.

When we asked him whether there is an upwards trend, or to put it another way, whether cyberattacks are going to keep growing in 2018 and 2019, he didn’t have to think twice: “In 2019, in 2020… Unless there’s some kind of technological catastrophe, cybercrime will become more and more profitable, at least as long as the current circumstances don’t change: the lack of territoriality in cyberspace, the use of pseudonyms by the actors, and the asymmetry of the resources used to cause harm or to illegally make money are all behind the exponential growth in these kinds of activities”.

Ávila is no stranger to one of the most important Trojan horses for this kind of crime: carelessness and lack of awareness. And the fact is that “the perception of the risk is both low and poorly understood, both by citizens and companies”. In fact, in his opinion, “companies must work on resilience and risk mitigation”.

Enrique-Ávila-CNEC
Enrique Ávila of the Spanish National Center for Excellence in Cybersecurity (CNEC)

How can an SME protect its cybersecurity?

In any case, it is clear that many small companies may have trouble investing in their own cybersecurity, so “protecting SMEs, which generate the majority of jobs in our country, needs to be a State policy”, although it is true that “both the Government and the INCIBE (Spanish National Cybersecurity Institute) are making an enormous effort to create an ecosystem of services, contact networks, awareness campaigns and training courses aimed at SMEs. It is also their responsibility to know about and make use of these resources”.

But, moving beyond the abstract, how can a small company with very limited resources protect its corporate cybersecurity? For the director of CNEC, “the best thing would be to have an expert acting as an interface between the SME and the cybersecurity service providers. But if the cost of this kind of service means that it isn’t viable for you, it will always be more economical – and generally speaking more secure – to get these services from unmanned centralized infrastructures. However, with these shared infrastructures, there’s a risk that, if they are the target of a cyberattack, you could become a collateral victim, even if you’re not the main target”.

“Cybersecurity is not optional”

In any case, the context has also changed. Until recently, protecting corporate cybersecurity depended (for the most part) on each company’s wishes, and however they defined their own needs. Nevertheless, the definitive implementation of the GDPR, which imposes hefty fines on companies that aren’t diligent with their cybersecurity, has forced a change in attitude for companies.

Enrique Ávila is in no two minds: “Cybersecurity is not negotiable. Regulatory compliance when it comes to cybersecurity and the protection of personal data also affects companies. And, whether they like it or not, in our current society, the loss of IT resources is highly likely to mean the end of the company – whether it’s because the business can no longer operate, because of the loss of reputation, or because of administrative or even penal sanctions, with the economic and social cost that this represents for our country”.

Thus, in this respect, the director of the Spanish National Center for Excellence in Cybersecurity points in two directions: making things compulsory and raising awareness among the public, as well as among employees, because every company “has the obligation to invest in protecting their IT infrastructure, as well as training their employees in the subject, since a great deal of the company’s profits are derived from the use of this same IT infrastructure”.

 

The post Enrique Ávila: “Cybersecurity isn’t negotiable: the loss of resources can mean the end of your company” appeared first on Panda Security Mediacenter.

The Largest Facebook Hack Happened Last Week

The most massive hack in Facebook’s history happened last week. On late Friday, the social-media giant announced in a blog post that they discovered a cyber-security issue directly affecting nearly 50 million people, and causing problems to a total of 90 million people from all over the world. The affected Facebook users include US citizens.

Facebook learned about the issue on Tuesday last week and claimed to have resolved it by the end of Thursday. The hack forced Mark Zuckerberg’s team to reset the login tokens for another 40 million people ranking up the total of affected Facebook users to 90 million. While the first 50 million are known to have been directly affected, the token reset for the other 40 million has been done as a precaution by the social media conglomerate. As a result of the hack, roughly 90 million Facebook users have had to log back into Facebook, or any other apps that use the company’s login.

This means that if you’ve always been able to access your Facebook profile with only one click but over the last couple days you have been asked to suddenly type in a password when you are logging in from your phone, and you’ve seen a notification at the top of your News Feed explaining what happened, you are among the affected ones.

What happened?

A Facebook code vulnerability caused the data breach. Cybercriminals have been able to exploit the feature “View As” and steal Facebook access tokens. As you might already know, “View As” is a feature that lets Facebook users see what their profile looks like to someone else. The access tokens are similar to the digital keys that keep Facebook users logged continuously in so they don’t have to type in their password every time they want to access the app.

What was stolen?

Access to users’ Facebook accounts have been stolen, cyber-criminals have been able to get access to sensitive information such as the DOB of the affected people and their friends, Facebook activity history, full name, addresses and generally everything that you’ve shared on Facebook.

The incident has been reported to the authorities. Facebook apologized and confirmed that the breach has been massive and are still investigating that cause of the hack. It is currently unknown who is behind the attack and there is no concrete evidence about the country of origin of the hackers.

Should you change your password?

Facebook said that every affected platform user had been forced to log out and log back in. However, the social media platform confirmed that they are still investigating the issue and there might be new finding in the coming days. As a precaution, if you feel nervous, we advise you to change your password and keep changing it every three months. Sometimes it takes months, and even years, for companies to disclose data breaches. Last but not least, having an extra layer of security on all your connected devices is a must for everyone who is conscious about their online security.

The post The Largest Facebook Hack Happened Last Week appeared first on Panda Security Mediacenter.

3 types of attacks with ransomware: Cyber-theft, extortion, and sabotage

Three types of attacks using ransomware

2017 was the year of ransomware, the most significant threat in the cybersecurity sector both for large companies and SMEs, as well as users. Attacks like WannaCry and Petya held computers around the world to ransom and hit the headlines in newspapers in countries across the globe. In fact, last year the cost of ransomware hit around 5 billion dollars, making this Trojan the most powerful, sophisticated type of cyberattack around, and marking a 350% increase compared with 2016.

The report “No Kidnapping, No Ransom”, written by PandaLabs, Panda Security’s antimalware laboratory, compiles this data, alongside more information about ransomware, that we will explain below. Although we’ve seen the growth of other types of attacks in business environments – attacks such as cryptojacking – the effective results and the low risk involved for the cyberattacker make ransomware a constant threat that mustn’t be forgotten.

Businesses in the spotlight: How do these criminals attack?

Ransomware is a form of cybercrime that encrypts files on computers, blocking or denying access to them until the cyberattacker receives a ransom, generally in the form of bitcoin or some kind of virtual currency that allows the attacker to remain anonymous. The end goal of these kinds of attacks, therefore, is financial gain. The three most common incidents in which cybercriminals make use of ransomware are cyber-theft, extortion, and sabotage of civil or military infrastructure.

Cyber-theft is one of the tactics that criminals use to make money. A year ago, Equifax became the victim of what is to this day still one of the largest losses of personal data in the history of the Internet. The attack was carried out using a vulnerability in the company’s web applications that had previously been exploited with ransomware by the criminals, opening the door to the confidential information of 147 million people in the United States, including Social Security numbers, dates of birth, home addresses, and in some cases their driving licenses and credit cards.

Another the possible strategy is extortion, whether by force or with threats, to get something in exchange, which in the case of this kind of attack, is usually money. There are three recent examples of extortion that made a splash around the world: WannaCry, NotPetya, and BadRabbit. In this case (that isn’t the only case that demands a ransom), the cybercriminals access the files on a system, encrypt them, and finish their attack by displaying a ransom note to the user that demands remuneration in return for the safe return of their data. This situation has made thousands of companies tremble after seeing how they could lose their data if they didn’t cough up millions of dollars.

The final type of attack is sabotage of civil or military facilities. One clear example of this was the attack on Aramco, Saudi Arabia’s state-owned oil and gas company, that paralyzed exports for two weeks. The same software that brought activity to a halt was used again several years later to carry out a series of cyberattacks including a new module, this time containing ransomware. More recently, the city of Atlanta fell victim to the ransomware SamSam, which forced the city to freeze all digital processes. The inhabitants of Atlanta had to delay electronic payments, and city officials were forced to resort to writing their reports by hand. The attackers were demanding a $50,000 ransom in bitcoin to resolve the problem, and it is unknown whether the city handed over the money. However, the city has stated that it spent $2.6 million on recovering and responding to the incidents. This goes to show that, whether the ransom is paid or not, this form of attack can be very expensive for organizations of all types.

Recommendations for a ransomware-free company

To protect our companies from the constant threat of ransomware, here at Panda Security we’ve prepared this list of tips.

  1. Constantly creating backups to avoid the loss of data, and keep them up-to-date with system updates and patches.
  2. Training our employees, promoting awareness, and conveying the importance of detecting possible attacks that could target them, such as phishing.
  3. Carrying out security audits and vulnerability tests to know the points of entry for our systems.
  4. Having a multiplatform advanced cybersecurity solution such as Panda Adaptive Defense, which carries out real-time analysis and allows you to prevent, detect, and remediate this type of attack.

The post 3 types of attacks with ransomware: Cyber-theft, extortion, and sabotage appeared first on Panda Security Mediacenter.

Facebook: How to minimize the risk of vulnerabilities

Facebook: how to avoid the risks of vulnerabilities

In the last few months, the world’s most popular social network has faced several problems when it comes to data protection. In July of this year, the Information Commissioner’s Office (ICO) in the UK imposed a £500,000 fine on Facebook for its implication in the Cambridge Analytica case. This was the maximum possible fine, given that the incident occurred before the implementation of the GDPR.

Now, a new data protection scandal has rocked the Internet giant. Last Friday, as Guy Rosen, VP of Product Management explained, almost 50 million accounts were exposed to an attack that happened on Tuesday September 25. The attack was made possible thanks to a vulnerability in the video uploading function that also affected the “View as” function, that allows people to see what their own profile looks to other users. This vulnerability would have allowed the attackers to steal users’ access tokens – a kind of key that means that users don’t have to reenter their passwords every time they access the site. Theoretically, with these tokens, an attacker could gain access to any third-party app that uses Facebook to log in.

Facebook, the initial response to the attack

It didn’t take long for Facebook to react – they notified the Data Protection Commission (DPC) in Ireland, where the company’s European headquarters are located. Under the rules of the GDPR, a company is obliged to inform of a data breach within 72 hours of its discovery. However, the DPC has said that it needs more information about the attack, such as the number of European users affected and the risk that they face, in order to carry out their investigation.

Since the incident happened after the GDPR came into force, the social network could face a fine of up to 4% of the annual worldwide turnover of the preceding financial year, which, in the case of Facebook, would be $1.63 billion (€1.4 billion). But this economic sanction isn’t the only repercussion; we can also add the reputational damage that the firm will suffer, another key aspect in this kind of incident. Many users will lose confidence in the company thanks to this data breach, and this loss of confidence may turn into a loss of clients and money.

Personal data, fuel for companies

There’s no doubt that personal information is power, and means serious money. How companies process and use this data is varied and sophisticated, and is very lucrative. Business of this kind is very simple: we hand over information in return for a service. But the service is paid for with our personal data. And organizations are responsible for looking out for our safety when it comes to possible cybercrimes whose ultimate goal is to compromise our privacy, such as phishing, digital identity theft, or the exploitation of unpatched vulnerabilities, as was the case in this latest incident.

With all of this in mind, it seems that it is now easier than ever to be the victim of a cyberattack. While this is true to a certain extent, it is also true that prevention, detection, response and remediation systems are more and more efficient. Combining, as is the case with Panda Adaptive Defense, solutions and services to optimize protection, reduce the attack surface, and minimize the impact of these threats.

And the fact is that, with the number of documented glitches and vulnerabilities –  now up to 20,000 cases, a 38% increase compared to five years ago –  the first thing to bear in mind is limiting the attack surface. At tech giants such as Facebook, this may seem like a pipe dream. But keeping confidential information safe from theft or data kidnapping – even if it’s an exorbitant amount, as is the case with the 50 million Facebook profiles – today it is possible thanks to solutions such as Panda Patch Management, the new module of Adaptive Defense, that reduces the complexity of managing patches and updates in operating systems and hundreds of third party applications.

What’s more, Panda Patch Management helps companies to comply with the accountability principle. Many regulations such as GDPR, HIPAA and PCI, force organizations to take the appropriate technical and organizational measures to ensure proper protection of the sensitive data under their control, as is the case with Facebook. Thanks to real time updates, this module provides visibility of the health of endpoints in terms of pending vulnerabilities and updates for the system, allowing it to get ahead of exploits of these vulnerabilities.

How to protect your company

  • Hackers exploit vulnerabilities in unpatched programs. Keep your software and devices up-to-date.
  • Having an automatic vulnerability detection solution reduces the possibility of suffering a security breach by up to 20%.
  • Get absolute control of personal data and protect your pocket: with the GDPR, correct, speedy management by the DPO will save you economic sanctions and reputational damage.
  • The ability to efficiently and quickly compile detailed reports with the information about an incident of this type – how, when, and how much – is very important to facilitate the work of data protection agencies. The module Panda Data Control allows you to discover, audit and monitor unstructured personal data on the endpoints in your company.

The post Facebook: How to minimize the risk of vulnerabilities appeared first on Panda Security Mediacenter.

The consequences of not applying patches

The consequences of not applying patches

The digital transformation makes the task of reducing the attack surface more difficult, given the exponential growth of users, devices, systems, and third party applications that need to be updated. And as a consequence, the range of possible cyberthreats is considerably larger. The costs that these attacks suppose for businesses and users also add to the problem: it is estimated that by 2021 the cost of cybercrime will reach $6 trillion.

But as well as sharing a goal of making money, many of the most costly cyberincidents in the last few years have shared another characteristic: they have been made possible thanks to an unpatched vulnerability in an IT system.

Discover Panda Patch Management

In this article we’ve compiled some of the most infamous vulnerabilities and the problems they’ve caused for the IT systems where they’ve been found.

EternalBlue

One of the most problematic vulnerabilities of the last year is one that affects Microsoft Server Message Block (SMB). It is called EternalBlue, and it was allegedly developed by the US National Security Agency (NSA). It came to light in April 2017, when the hacking group the Shadow Brokers revealed that the NSA was collecting vulnerabilities of this kind. And the list of attacks that have been made possible by this vulnerability is extensive.

The most famous use was WannaCry, which affected over 300,000 companies all over the world, and cost a total of around $4 billion. The malware NotPetya, which came to light just a month later, was able to get onto systems thanks to this vulnerability, stealing passwords in order to take control of the network that it accessed.

And we’re not just talking about ransomware: shortly after the WannaCry attacks, we started to see a piece of malware called Adylkuzz, which used EternalBlue to download a series of commands onto infected computers. These commands were then used to mine and extract cryptocurrencies.

EternalRomance

Bad Rabbit, another ransomware, shared many elements of the code found in NotPetya. However, this time it exploited another vulnerability – also developed by the NSA and also in SMB – called EternalRomance. The attack mainly affected users in Eastern Europe and Russia.

At the start of this year, the Winter Olympics in Pyeongchang experienced a cyberattack. During the opening ceremony, attackers interfered with the Internet connection, the website of the games, and television services. In order to carry this out, those behind the attack made use of EternalRomance.

Recent cyberattack trends such as cryptojacking have taken advantage of these vulnerabilities to spread. The malware PyRoMine used EternalRomance to infect computers and use their CPU to mine the cryptocurrency Monero.

How could these attacks have been avoided? The answer is simple: there was a patch for these all vulnerabilities available months before the incidents. However, many organizations have trouble applying the right patches, or don’t have patching policies, which means that vulnerabilities of this kind may go unnoticed. What’s more, EternalBlue is still threatening unpatched systems

Web applications

In 2017, cybercriminals used a vulnerability in the software Apache Struts to launch a piece of ransomware called Cerber. According to some sources, they made over $100,000 in Bitcoin thanks to this ransomware. And this wasn’t the only use of this vulnerability in Apache Struts.

Personal data breaches

Though ransomware and malware may be the most attention grabbing results of an unpatched vulnerability, they’re far from the only consequences. Some of the most serious exfiltrations of personal data have been a direct result of unpatched IT systems.

In 2017, the US company Equifax revealed that it had lost the personal data of over 145 million people, in one of the largest breaches of this kind in history. The cause of this breach?  The same vulnerability in Apache Struts that had been used by Cerber. According to Equifax, the blame fell on an employee who didn’t apply the relevant patch – a patch that was available two months before the breach and would have been enough to stop it from happening.

This case is not the only one. The insurance company Nationwide Mutual Insurance agreed to a $5.5 million payout for a breach of the data of 1.27 million people in 2012 – a breach that was also made possible by a vulnerability in a web application for which a patch had been available three years before the incident.

The phone company Carphone Warehouse faced a £400,000 fine for a breach that it suffered in 2015, that was facilitated by a vulnerability in the version of WordPress that the company was using, which hadn’t been updated since 2009.

In fact, according to a study, over 80% of personal data breaches are the result of poor patch management. This means that a company can significantly reduce the risk of suffering this kind of incident by implementing an efficient patching policy.

The solution?

One of the reasons that companies have trouble finding and applying relevant patches is a lack of resources and time. What’s more, a lot of the time it is difficult to prioritize which patches to apply first.

However, although here we have seen just a few examples, the fact is that the majority of attacks and exploits take advantage of outdated systems and third party applications, exploiting known vulnerabilities. Vulnerabilities that have an update available weeks, or even months before the breach.

With Panda Patch Management you can be sure of always having the most relevant patches installed. Patch Management automatically searches for necessary patches to keep the devices on your system safe, prioritizing the most urgent updates. This way you can avoid incidents, systematically reducing the attack surface created by vulnerabilities, applying critical updates immediately from the cloud console.

Download the product sheet here

The post The consequences of not applying patches appeared first on Panda Security Mediacenter.

Intelligent Fake News Detection Becomes A Reality

The fight against fake news has taken a massive step forwards thanks to a new artificial intelligence tool. Built by researchers from the University of Michigan and the University of Amsterdam, the new algorithm has proven to be more effective than humans when it comes to detecting lies and untruths online.

What is fake news and why does it matter?

At the most basic level, fake news is articles, videos and social media posts that are fundamentally untrue. These stories are targeted at people online who share similar interests in the hope that they will be re-shared. And because people rarely check the sources or facts behind these articles, they can quickly go viral.

Some experts believe that fake news is created and circulated by foreign governments – particularly Russia. They suggest that fake news propaganda was highly influential in the most recent US elections, and in the UK’s Brexit referendum.

Fake news is also blamed for shaping people’s perceptions and attitudes, creating suspicion, distrust and causing them to reject factual truths. And very often these fakes news sites are infected with malware and viruses designed to steal your personal data.

Dealing with fake news

Social media platforms like Facebook and Twitter have come under heavy criticism for allowing fake news to be promoted using their services. But the fact is that their profits are closely tied to people reading and clicking through the stories shown on their networks – so there has been little incentive to deal with the issue properly.

In recent months Facebook has been trying to address the situation, even publishing a “how to” article for spotting fake news. Unfortunately, this has still not been as effective as hoped.

Artificial Intelligence to the rescue

The fake news detection algorithm mentioned at the start of this article could be an important tool to stop the spread of malicious and untrue content. Using a technology known as “Natural Language Processing”, the research team was able to train their system to analyse the text of an article and create a score based on whether the content was true or not.

To assess how effective this new algorithm really is, the team then tested it against real web users. Participants were asked to read a specific story and say whether they thought the it was fake news or not. The AI algorithm was set the same test using the same sample articles.

After several rounds of testing, it was found that the algorithm made the correct decision 76% of the time. The human assessors were not quite as good at spotting fake news with a 70% success rate. This means that the Artificial Intelligence platform still makes a relatively significant number of mistakes – but still outperforms people when it comes to being fooled.

A starting point for the future

Like all Artificial Intelligence algorithms, the fake news detector will become even more accurate with additional training and testing. It may be some time before the algorithm is ready for real-world use – but the good news is that technology is catching up with fraudsters, spammers and political agitators.

In the meantime, download a free trial of Panda Dome to protect yourself against the malicious links and malware shared by fake news outlets.

Download your Antivirus

The post Intelligent Fake News Detection Becomes A Reality appeared first on Panda Security Mediacenter.

Panda Security has signed the Cybersecurity Tech Accord

Panda Security signs the Cybersecurity Tech Accord
The Spanish multinational is joining a key accord among a group of leading companies from around the world in the interest of defending equitable, global cybersecurity, an accord that over 60 leading technology and security companies have already joined.

Protecting our digital world is in the interest of everyone. With this in mind, Panda Security announces that it is joining the Cybersecurity Tech Accord and its public commitment to act responsibly, protect, and empower users and clients, and in this way improve the security, stability, and the resilience of cyberspace.

Three months after the announcement of the creation of the Cybersecurity Tech Accord, there are already 61 companies from all over the world that have joined in order to defend users against malicious attacks. Panda Security is among the renowned organizations who have joined in the last few hours, along with Aliter, Anomali, Balasys, Billennium, Cognizant, Cyber Services, Hitachi, Imperva, Integrity Partners, Panasonic, Predica, Rockwell Automation, Safetica, SecuCloud, Swisscom and Telelink. All of them join an expanding community of like-minded companies that aim to improve the resilience of cyberspace against malicious activities, and that, as a group, reaffirm their commitment to empowering users, developers, and clients so that they can better protect themselves.

Called for by Microsoft, the accord establishes a scope for collaboration, and creates mechanisms for the periodic exchange of information related to incidents or other important aspects related to cybersecurity; it calls for the sharing of methodologies to improve IT security; sharing of knowledge in this area, and support for the training and education of users, professionals, and companies in this area.

“The main commitment of Panda Security is to allowing people and organizations to enjoy technology safely, and without risks. Safeguarding our clients’ digital lives using high performance, secure, efficient systems, that are capable of fighting any kind of threat,” states Juan Santamaría, Panda Security’s CEO. “Cybersecurity is a challenge that we must face in a coordinated way, and it is precisely for this reason that we have made official our commitment via this collaboration agreement,” he adds.

As well as a first rate relationship and coordination among the signatories, the Cybersecurity Tech Accord works to defend and promote digital technologies in society, to supervise important aspects of the world’s communications infrastructure, including cloud based client relationships, collaboration tools, and endpoint, data center, and encryption security. The principals of protection for everyone.

Every company that is a signatory of the Cybersecurity Tech Accord is committed to four areas:

Greater defense against cyberattacks

As part of this, recognizing that everyone deserves protection, the participants commit to protect all clients all over the world, independently of the motivation for the online attacks.

Protecting citizens and companies

The companies will not help governments to launch cyberattacks against innocent citizens or businesses, and will protect them against tampering with and exploitation of technology products and services during their development, design, distribution and use.

A scene of collaboration

The companies will do more to empower developers and the people and companies that use their technology, helping them to improve their capacity to protect themselves. This can include working together on new security practices and new features that the companies can implement in their individual products and services.

Collective action

The companies will build on existing relationships, and will establish formal and informal partnerships with industry, civil society, and security researchers, across proprietary and open source technologies to improve technical collaboration, coordinated vulnerability disclosure, and threat sharing, as well as to minimize the levels of malicious code being introduced into cyberspace.

Proof of this firm commitment to collective action can be seen in the recent support of MANRS, an association whose aim is to guarantee secure and resilient Internet access via the protection of routing infrastructure. Or the recent association with the Global Forum on Cyber Expertise a global platform for countries, international organizations and private companies to exchange best practices and expertise on cyber capacity building, while maintaining the values of a free, open and secure Internet.

The accord is open to considering new signatories, who must be previously approved by the other members of the accord, independently of the sector the company is from or its size, who are trusted and already have high cybersecurity standards and who adhere to the principals of the accord.

Efforts aimed at protecting users independently of where they are from, or their geopolitical situation.

The post Panda Security has signed the Cybersecurity Tech Accord appeared first on Panda Security Mediacenter.

90% of companies acknowledge that they are not cyber-resilient

90% of companies aren't cyber resilient

Many things are easier said than done. Businesses all over the world will tell you that cybersecurity is more important than ever, and that any self-respecting company, regardless of its size or sector, must be alert and ready for the risks that they could face.

But does this actually mean that these companies are reinforcing their corporate cybersecurity and implanting the measures needed to avoid those risks? Not necessarily: in fact, beyond mere rhetoric, it seems clear that there is still a lot to be done.

Cyber-resilience: unfinished business

This is something that is highlighted in IDC’s report, The State of IT Resilience, which gives an overview of the current situation. Among its findings is the fact that, although companies see cyber-resilience as vital to their digital transformation processes, only 10% believe they have managed to become cyber-resilient.

As such, the remaining 90% still have unfinished business: implementing, increasing or improving their IT security processes in order to make their corporate cybersecurity more robust  and, in this way, steer themselves towards a comprehensive and effective digital transformation. This is the only way to avoid security incidents with irreparable data loss (49% admit to having suffered this an incident of this type in the last three years).

The keys to corporate cyber-resilience

We could put this lack of adaptation down to a certain corporate laziness. However, the reality is that, if every company wants to be cyber-resilient but few have managed it, the problem may lie in the fact that they haven’t designed an ordered, integral plan to reach this goal. This leads to some alarming statistics. For example, as we can see in the IDC report, 77% of companies admit to having been a victim of an attack carried out by cybercriminals over the last 12 months.

Having a cyber-resilient company is vital these days. Therefore, it is worth going over the keys to completing this transformation. They can be found in the report Cyber-Resilience: the Key to Business Security, written by Panda Security.

1.- Cybersecurity as a business strategy Traditionally, in a significant proportion of large companies senior management didn’t get involved in corporate cybersecurity, and instead left it entirely in the hands of the technical department. However, in this day and age, the exponential increase in cyberattacks has forced businesses to place cybersecurity right at the heart of their corporate strategies, forming a vital pillar in the smooth running of the whole organization.

Companies must therefore be aware of the risks they could face on a daily basis. They also need to identify any material that must be kept from falling into the wrong hands, locate possible threats, and know how to work continuously so that cybersecurity can occupy an essential part in the company’s daily work. The key is, in essence, for companies to include corporate cybersecurity in their master plans and business strategies.

2.- Action protocols. Once cybersecurity occupies an appropriate position, it’s a good idea for companies to prepare for possible threats, and to design a series of action protocols so that, rather than improvising – an unwise course of action –, they follow a series of internal procedures in order to minimize, or even avoid, possible damage.

These protocols must be divided into four separate phases: prevention (before a possible attack), detection and proactive threat hunting (when an attack knocks at the door), containment and response (when an attack is underway, and you need to hinder the cybercriminal’s work), and reduction of the attack surface (when the attack is done and the effects need to be minimized). Companies that have action protocols divided into these four phases will be cyber-resilient and therefore will have visibly reduced the risks they face.

3.- Cyber-recycling. Any cybersecurity expert knows that no protection can fully stand the test of time. New threats increase at an exponential rate, which means that cyber-resilient companies must be up to speed with not only the current threats, but also those that could appear in the future, knowing how to identify new trends and the new strategies that are constantly being adopted by cybercriminals.

4.- Eliminate risks at all levels. As we mentioned before, corporate cybersecurity is no longer just a matter for technical departments, but is something that must concern every layer of the company, including management. And there is a particularly fragile layer of the company who are very often the targets of a large number of cyberattacks: employees. To keep this from being the case, it’s vital that companies provide cybersecurity awareness training, so that their workers don’t contribute, even involuntarily, to an increase in the number of risks.

But it is also a good idea for these tasks to be carried out using technology. To do so, companies must make use of technological solutions such as Panda Adaptive Defense, which not only acts against possible cyberattacks that are already underway, but also gets to work beforehand, cataloging existing threats and analyzing new trends. Thanks to a combination of all these factors, it is able to automatically predict new threats. At Panda Security, we have at our disposal the latest technology as well as the most highly skilled team of experts to help your company to become cyber-resilient, with a new security model that has all the answers.

The post 90% of companies acknowledge that they are not cyber-resilient appeared first on Panda Security Mediacenter.

850 million dollars in cryptocurrencies stolen in 2018 alone

Millions of dollars of cryptocurrencies stolen in 2018

The new trend of stealing cryptocurrencies shows no signs of letting up. In the last few hours, the cryptocurrency platform Tech Bureau Cop in Japan has fallen victim to this technique, which is affecting more and more companies. In this case, the cybercriminals made off with 60 million dollars’ worth of Bitcoin, MonaCoins and Bitcoin Cash. However, despite the multi-million dollar loot, this is not the most lucrative crypto-theft so far this year.

Sunday, January 28, 2018. A serious crisis rocks Japan. We’re not talking about a political debate, or a diplomatic conflict, or even any kind of trade wars. What happened was  that a cryptocurrency trading and storage platform was hacked.

The protagonist of this disaster was Coincheck, one of the best known in the sector. Suddenly, the platform’s operations were interrupted with little to no explanation. However, it wasn’t long before the worst fears were confirmed: the network had been hacked, and someone had stolen 540 million NEM, the cryptocurrency created in Singapore in 2015, which has become one of the main alternatives to Bitcoin and Ethereum.

For their troubles, the thieves of this cryptocurrency got away with around 535 million dollars, setting an unfortunate record: the largest theft in the history of cryptocurrencies. If anyone thought that assets of this kind would be safe forever, they were sorely mistaken.

850 million in 2018

Though the Coincheck incident is the most striking, it is far from being the only one. According to data compiled by Hackmageddon, in the first nine months of 2018, 854 million dollars’ worth of cryptocurrency has already been stolen worldwide, which gives some idea of the scale of this trend.

What’s more, these hacks mark the inception of a new battlefield: the cryptocurrency ecosystem, which has become a new target since it is no longer inhabited only by individuals; part of it is also made up of a growing number of large organizations, whose IT security may have all kinds of vulnerabilities.

The problem is that, in the end, while cryptocurrencies have unequivocally become an economic and financial trend, they have also become the ideal tool for many cybercriminals, who can take advantage of this boom, to steal data from companies, or even use their resources to mine said cryptocurrencies.

Here’s how cryptocurrencies are stolen:

The popularization of new technologies also implies more sophisticated robberies. In recent times, two strategies for stealing cryptocurrencies have gained special prominence.

1.- Hot wallets. If you currently have cryptocurrencies and you store them on one of these large platforms that offer ‘wallet’ services, it is fairly likely that they are in a hot wallet. A hot wallet is an online wallet whose contents are protected by a password. Hence, in this case, a breakdown in the security of the password would grant access to the wallet. This is exactly what the cybercriminals did in the case of Coincheck.

2.- Malware, phishing… The employees in a company can be recurring victims of this kind of theft, especially if the company operates on the cryptocurrency market or in decentralized environments. Let’s imagine that an employee downloads a program containing malware, which then manages to gain access to the password for a cryptocurrency wallet. In this case, the wallet is as good as gone. Malware doesn’t just get in through apps. In fact, its most likely point of entry is an email, making use of phishing tactics. In all these cases, not only will there be the theft of cryptocurrency, but a serious vulnerability will also be created, and the corporate cybersecurity of the whole company will be jeopardized.

… and this is how hacks can be avoided

No one can ensure that they will never fall prey to this kind of cybercrime, but there are certain measures that will certainly make it much more difficult.

1.- Cold wallets. Unlike hot wallets, which could be compared to the wallet you carry in your pocket, cold wallets are more like standard bank accounts. To begin with, a cold wallet is stored offline, with no kind of Internet connection. This makes accessing it much more complicated. What’s more, it will be subject to many more software security audits to avoid any kind of theft.

2.- Multisig wallets. Multisig, or multisignature, wallets require that any kind of transaction must be signed by several people along the chain. This way, although one of these people may succumb to malware or theft, as long as not all of them do, the contents of the wallet will be safe.

3.- Advanced cybersecurity. Employees in any kind of company must have sufficient understanding so as not to endanger the organization’s IT security.  Employees must therefore be prudent with what they do online, and, more importantly, with how they manage their emails: they must be sure not to download files without checking that they are safe; they mustn’t accept any requests if they aren’t sure that the person writing is who he says he is; they must have an action protocol to be able to communicate any incident or danger to someone in charge of cybersecurity. If we add to this an advanced cybersecurity solution, such as Panda Adaptive Defense, our company will be much better protected from cybercriminals.

The trend, therefore, is clear. As cryptocurrency environments become more popular, the possibility of theft also increases. For this reason, both individuals and companies must take appropriate steps to protect their security in the face of cybercrime.

The post 850 million dollars in cryptocurrencies stolen in 2018 alone appeared first on Panda Security Mediacenter.

5 Ways Consumer Electronics Are Shaping the American Lifestyle

The American home is starting to get shaped by consumer electronics. All sorts of equipment surround us in our homes, and this equipment is starting to affect our lives. Similar to the way electricity changed the life of the people in the early 20th century by paving the way for appliances such as washing machines and dishwashers, the introduction of affordable IoT powered products to the masses is starting to reshape the lives of millions.

Sophisticated home automation is no longer a thing only available for the rich – you no longer need an expensive smart home consultant if you want to make your home a smart one. Consumer electronics companies are flooding the market with gadgets that are meant to ease our lives. Technology is helping us raise our children, socialize, get entertained, and be more productive.

Technology and children

While consumer electronics products have always been able to entertain the little ones as they grow, the gadgets that started appearing on the market over the last couple years have been helping babies too.

Since the day babies are born, technology can help them sleep better and have stress-free first months in the new world. You no longer have to go through books with expert sleep strategies for babies and spend hours rocking your baby to sleep, you can just use one of those smart bassinets that do it for you while you focus on recovering from the exhausting pregnancy.

Online communications

Like it or not, smartphones are undoubtedly changing the way we communicate. While it may not feel as personal as real communication, social media platforms such as Facebook are helping billions of people stay connected.

Without Facebook, there would be billions of missed birthday congratulations! Social media also allows people to peek into the lives of others and is changing the way people communicate not only at home but at work and school too. It is hard to find a working person, or a student, who is not somehow included in a work or education related group chat.

Entertainment

Consumer electronics devices can keep you entertained. When the gaming industry initially appeared people thought that video games are just for children. Well, those children are adults now, and they still want to be entertained. Gaming consoles are in place to entertain not only your children but yourself too. There are games for every taste.

Watching movies has never been more comfortable too, you no longer have to keep your fingers crossed on your way to the movie-rental place hoping the film you want to watch tonight is available, now almost all the content in the world is just a few clicks away from you.

Security

Trackable smartwatches allow you to keep an eye on your little ones by always knowing their location, and video cameras installed around your house help you keep an eye on what is going on outside. You no longer have to go downstairs if you hear squeaking, all you have to do is open the app on your phone and see live camera feed on your kitchen or living room.

Face recognition locks have arrived too; some smart homes do not even have key locks – all you have to do is show up your face, and the door will unlock itself. Say bye to that nervous pocket key searching while both your hands are busy!

Appliances

Whether you want to start the washing machine couple hours before you leave work, or you want to set up the room temperature in your house at comfortable 76 degrees, or make sure the oven is pre-heated and waiting for you to throw that frozen pizza in, appliance control from smart devices is shaping the way we live. Voice recognition technology advances sometimes allow you to perform such activities hands-free while you drive. You no longer even have to remember if you have butter left in the fridge, you just have to take a sneak peek at your fridge live camera feed.

Undoubtedly the future has arrived, many of the things that we were dreaming about twenty years ago are now easily accessible. Almost every room on your home now has a high-tech environment. However, there is more to come – sometimes things are more complicated than they are supposed to so simplifying the processes can ease people’s lives.

Voice control is currently giving the humanity real freedom where you no longer will have to deal with complicated remote controls who ran out of battery, or looking for that white noise app on your phone while trying to put a baby to sleep. IoT brings a lot of positives but it could sometimes be dangerous too, protecting all your connected devices at home is a must.

In order to be prepared for the risks that the IoT could bring us, we must remember that it is essential to add a security layer that monitors our devices, but also all our connections to the Internet, in order to minimise these threats.

Download your Antivirus

The post 5 Ways Consumer Electronics Are Shaping the American Lifestyle appeared first on Panda Security Mediacenter.

6.4 billion fake emails a day: How can you avoid the risks

How to avoid the risks of fake emails

Employees send and receive dozens of emails every day and, although the majority are innocuous, buried among them, there are more and more fake emails that can damage companies in a myriad of ways. This is one of the findings of the report, 2018 Email Fraud Landscape, which has uncovered an alarming figure: 6.4 billion fraudulent emails are sent every day. If we also take into account the fact that, according to Cofense, 91% of all cyberattacks start with a phishing email, there can be no doubt that email is the highest risk attack vector for companies. Similarly, 81% of heads of corporate IT security have detected an increase in the number of cases of attacks getting in through this channel. But what are the most dangerous phishing scams, and how can we avoid them?

BEC: a costly scam

As we have previously explained on this blog a BEC (Business Email Compromise) scam is a type of phishing attack where cyberattackers pass themselves off as a client or supplier in order to try to get money. One distinctive feature of this type of email fraud is that around 60% of the emails involved in BEC scams don’t contain a link, making it harder for cybersecurity systems to detect them. At times, they make use of something as simple as writing an account number in order for the recipient to make a transfer.

Another aspect that makes it stand out from most phishing attacks is that, rather than being based on indiscriminate mass emailing, BEC scams usually seek very specific individual profiles. Following this pattern, there is an even more sophisticated version of the BEC scam, known as the “CEO fraud”. In this case, as the name suggests, the cyberattacker passes himself off as the head of the whole company. To do so, attackers employ spear phishing techniques; that is, they research the company and the employee, looking for news, and profiles on social networks in order to read up on the victim and make the email as believable as possible.

For all these reasons, this type of scam is especially dangerous and costly for companies: according to FBI figures, they have cost businesses over 12 billion dollars since 2013.

How can you avoid the risks of the most dangerous phishing attacks?

Finding vulnerabilities and security breaches is a complex task for cyberattackers who have their eye on companies: a lot of the time they come across firewalls or security systems that require an advanced level of skill to get through. This is why it is much easier for them to rely on deceit, and it is also the reason that phishing attacks are so common. BEC scams add a sense of urgency and authority to this kind of fraudulent activities, especially if they use a version of the CEO fraud, since nobody wants to put themselves in a compromising position in front of the boss. Cybercriminals know how to take advantage of this, which is what makes them so dangerous. For this reason, the first thing to bear in mind in order to avoid attacks is common sense and calm must prevail in order to avoid making a false step.

In this vein, here are some key recommendations to help avoid email attacks on your company:

  • Carrying out phishing drills so that employees can learn to identify them.
  • Detection of social engineering with the aim of getting employees to ask themselves questions before responding to an email.
  • Encrypting emails to keep sensitive information from being stolen.

Practices like this are also valid for BEC scams, but they are not enough. Since it is such a personalized type of phishing, it’s advisable to verify in any way possible the source of the email. To do so, there’s no better way than to teach employees not to rely exclusively on email. It is better that they check the content of the email with the workmate they suspect is being impersonated, or with the CEO, whether it’s on the phone or face to face.

Finally, as can be said of most cybersecurity problems, the risks related to being attacked over email can be avoided with a combination of human and technological factors: common sense and employee training in order to acquire experience and prevent and detect attacks, along with the use of advanced cybersecurity platforms that have the capacity to warn of any dangers that we may have overlooked.

The post 6.4 billion fake emails a day: How can you avoid the risks appeared first on Panda Security Mediacenter.

The future of security lies in quantum computing

The future of security in quantum computing

“Quantum” is a word that stirs in its wake a litany of questions. No one can deny that the future of computing is to be found in the unique features of quantum mechanics, the branch of physics that studies nature at an infinitely small scale. However, it seems hard to grasp how it could be that the sector that has most to gain from quantum computing is, in fact, the security sector.

What is quantum computing?

Computers currently work in bits. Traditional computing is conditioned by the amount of information that can be contained in these binary chains of zeros and ones. This also implies a limit in computing that sets a series of technological hurdles and some limits on what we can do.

But what if we were to expand this binary limit? Qubits which are the computation unit of these systems, not only consist of two values, but they can use a set of quantum states that include the superposition of this binary.

In other words, qubits can adopt a value to represent 0, 1, and 0 and 1 at the same time, or any quantum superposition of those two qubit states. This is caused exclusively by the characteristics of quantum physics. With appropriate adaptations, it allows a multiplying of the computing capacity to solve certain tasks which would otherwise be impossible to deal with.

What is quantum computing for?

Or rather, can it be used for everything? No; quantum computing isn’t intended to “substitute” current computing. At least, not for now. This is what Mikhail Lukin — co-founder of the Russian Quantum Center and creator of the first 51 qubit quantum computer — explained during last year’s International Conference on Quantum Technologies, ICQT 2017.

Because of the characteristics that grant it its special properties, quantum machines aren’t useful for carrying out many of the everyday tasks that our computers perform. But what they do allow is to do things that until now we thought impossible. Thus, the first quantum computers, just as we saw in ICQT 2017, will be applied to research, in order to process massive amounts of data; and to artificial intelligence, especially in self-driving cars; and, above all, to digital security.

The highest possible security

Are we really looking at impregnable systems? If we take into account the fact that no systems are 100% safe forever, we can’t make such a claim. But if we understand how quantum cryptography works, we can understand why it is so important for the future of security.

Quantum cryptography is a cryptological system that harnesses several of the properties of quantum mechanics to send messages securely. In fact, it’s the safest form that is known of to date.

Firstly, if a third party were to intercept the information during the creation of the secret key, the process would alter itself, meaning that the system would reveal the intruder before any information could be sent.

Secondly, quantum cryptography makes use of another property called entanglement, which can be used to send information safely without a means of transmission. This means that there is no way that a failure in the channel can cause an information leak.

To all of this can be added coding under the most secure conditions ever known due to the incredible processing capacity offered by quantum computing. Because of all this, this is the most promising system to safeguard privacy in the future of communication. A future that is almost upon us.

Quantum cryptography is already here

While it may seem like we still have decades of development before it can be implemented, the fact is that we have already seen several examples of how quantum computing and cryptography can be implemented. For example, during ICQT2017 Lukin announced the first computer with 51 real (not simulated) qubits, the most powerful up to that point. During the same conference, John Martinis, head of the Artificial Intelligence section of Google, explained the company’s plans to develop their own quantum computers.

According to the experts at the conference, in a few years’ time, we will have practical machines that are capable of fulfilling the requisites that will enable these computers to be used commercially. Security in companies will have to be adapted to the new possibilities associated with these super powerful computers.

Because, all of a sudden, passwords won’t be so secure unless we have quantum security measures. This leads us to the second question: quantum cryptography is much more advanced that we thought. In January this year, a joint China-Austria team showed that communication between continents with quantum encryption was possible.

The latest breakthrough achieved by this group consists of combining quantum communication from the Micius satellite with the fiber optic network in Beijing. It is the first practical proof that technology that allows networks to use quantum encryption is already available. How long will it be before we see a commercial application? Probably not long.

While we’re waiting for quantum computing and security to come to the business world, however, we need to continue to make sure we have the strongest measures against cybercriminals: a good security plan and a good security team; efficient tools like Panda Adaptive Defense, which allows us to have absolute control over what happens on the company’s systems and networks. We can even consider including new approaches to security, such as applying chaos engineering to our security plan.

The post The future of security lies in quantum computing appeared first on Panda Security Mediacenter.

5 ways to tell if you’re a victim of identity theft

Despite significant advances in security technologies and general awareness of cybercrime, the number of identity theft cases continues to grow. According to credit scoring specialist Experian, 179 million people had personal data stolen last year, and 32% of them went on to become victims of identity theft.

Unfortunately, confirming that you are a victim of identity theft is not always easy – or obvious. And the longer the thief goes undetected, the more money they can steal, creating other problems like damaging your credit score.

The problem is that it is not always easy to tell if someone is using your identity illegally. Here are some things you can check:

1. Unexpected transactions

You must check your bank and credit card transactions regularly, looking for anything unusual – especially payments that you don’t remember making. It’s not only the high value transactions that you need to watch either. Criminals will often make a tiny payment to check that the stolen card details work properly before making larger purchases – or emptying your bank account.

2. Unexpected bills and invoices

Your stolen identity can be used to set up credit accounts with retailers and lenders. Once billing begins, the paperwork will be posted or emailed to you, ready for payment. If you receive a bill you don’t recognise, you should follow-up with the retailer immediately. Just make sure the invoice is legitimate – not a phishing email – before clicking any links.

4. You receive emails and texts asking to reset your password

As they begin the process of stealing your identity, hackers will try and compromise all of your online accounts. If they can’t guess your passwords, they may try to reset them – which means you receive a number of password reset emails that you never asked for. If you use 2 Factor Authentication to login, you will also receive unexpected messages or push notifications on your phone.

5. You get a call from a debt collector

Most terrifying of all is a call from a debt collector about an unpaid bill for a purchase you never made. You should check your credit report immediately if you are contacted by a debt collector and alert them to any discrepancies. You will also need to file a police report as soon as possible.

Block the loopholes

Hackers and cybercriminals are becoming increasingly sophisticated with their identify theft attacks. Fraudsters will always target online stores and banks first, but your own devices are also at risk of hacking.
To better protect yourself, ensure that you use a “virtual vault” to protect sensitive personal information that could be used for identity fraud. These virtual vaults use antivirus software to block malware bots and are encrypted to keep the hackers out.

Download a free trial of Panda Dome today to test out our data shield – and to better protect yourself against identity thieves.

The post 5 ways to tell if you’re a victim of identity theft appeared first on Panda Security Mediacenter.

Panda Adaptive Defense 360 earns IT Pro Editor’s Choice Award.

Adaptive Defense 360 Editors Choice

IT Pro, one of the UK’s most influential tech websites, has awarded Panda Adaptive Defense 360 5 stars in its latest review of the advanced cybersecurity suite, stating that this “cloud endpoint protection service fills the gaps other security solutions leave behind.” Not only that, but it has also been awarded the website’s IT Pro Editor’s Choice Award.

IT Pro mentions how, since they “were bowled over by its tough security measures and rated it as the perfect cloud-based service” in their first test of Adaptive Defense 360 last year, “Panda has completely redesigned the product and added a wealth of new features”.

The review calls AD360 “smarter than your average protection solution”, drawing attention to the solution’s ability to classify all apps on endpoints and block unknown apps. “Only if they pass a barrage of tests, will it instruct the endpoint client to let them run.”

It goes on to mention how AD360 now allows up to five security profiles “for controlling proxies, endpoint security settings and Android devices.”

One new feature that IT Pro was impressed with is the two enforcement options, pointing out how Panda Adaptive Defense 360 is able to test all apps from external sources installed by users, and the fact that “’Lock’ mode stops all unknown apps from running until AD360 has deemed them to be safe.”.

It also underlines how “response times are now near instant”, something that the website tested by deliberately introducing malware and PUPs on some computers. They “saw the web console highlight them in around 10 seconds with email alerts flying in a minute later.”

Download the datasheet

Something that IT Pro noted was the ability of Panda Adaptive Defense 360 to automatically isolate infected systems “so only their local AD360 services can communicate with the network” to ensure that malware can’t spread, and again stressed that “It’s fast too, as when we isolated selected clients, network access was denied to them in 5 seconds.”

As for Panda Adaptive Defense 360’s new data protection module, IT Pro said that “businesses with GDPR on their mind will love” Panda Data Control, stressing the module’s ability to find, report on and provide forensics analysis of PII (personally identifiable information) on systems.

IT Pro summarised by saying, “We didn’t think AD360 could get any better but Panda proved us wrong – this latest version is packed to the gills with new features. Its improved management, remarkable range of endpoint protection services and top value ensures it earns a well-deserved IT Pro Editor’s Choice Award.”

“Independent evaluations are key to businesses selecting security solutions”, said Neil Martin, Marketing Manager for Panda Security UK, “and having the efficacy of Panda Adaptive Defense 360 confirmed by IT Pro, one of the most influential enterprise IT publications is gratifying”.

Panda Adaptive Defense 360 has also been officially recognised as a PC Pro A-List product in the magazine’s latest issue. You can read the full review in PC Pro issue 289 available now.

More information on Panda Adaptive Defense 360, including trial links can be found at https://www.pandasecurity.com/uk/business/adaptive-defense/

Read the full review here: http://www.itpro.co.uk/security/29593/panda-adaptive-defense-360-review

About IT Pro

IT Pro provides real-world insight and advice to guide business and technology decision makers through the maze of information and communication technology investment. IT Pro is fast becoming the essential place for all IT coverage in the UK, offering breaking IT news, along with analysis and comment, interviews, reviews, opinion, multimedia content and more.

IT Pro presents users with the most comprehensive resource for their business IT decision-making needs. It offers real-world advice and guidance for real-world IT decision makers.

The post Panda Adaptive Defense 360 earns IT Pro Editor’s Choice Award. appeared first on Panda Security Mediacenter.

North Korean hacker officially charged for the WannaCry attacks

Korean Hacker charged for WannaCry

Last month, we warned of the dangers that the FBI’s most wanted cybercriminals pose. Among these criminals are the perpetrator of the cyberattacks against HBO and the developer of the Zeus malware. And there is now a new name at the top of the list.

Park Jin Hyok, who has officially been charged by the US Department of Justice for carrying out the WannaCry attacks, among other cybercrimes.

According to the investigators, Park works for a company called Korean Expo Joint Venture, a front for the Korean government that, alongside illegal activities, also carries out legitimate software and IT support. Apart from working in this company, Park allegedly belongs to the hacking group known, among other names, as Lazarus Group – a group that has carried out numerous cyberattacks against South Korea.

One of the clues that helped track down Park was his use of free email services such as Gmail, which he used both for legitimate business at his company, and to carry out phishing attacks and other crimes.

As well as the criminal charges, the Treasury Department has announced that it will impose sanctions against Park and against the company. In a statement, it said, “North Korea has demonstrated a pattern of disruptive and harmful cyber activity that is inconsistent with the growing consensus on what constitutes responsible state behavior in cyberspace.”

While it is unlikely that Park will ever be handed over the the US authorities, according to Martyn Williams, a journalist specialized in North Korean affairs, it is a symbolic step from the American government: an official accusation against the North Korean government is a rare move.

A long criminal record

The most notorious cybercrime of which Park is accused is WannaCry, the 2017 global ransomware attack that affected computers in over 150 countries, and had an estimated cost of up to $4 billion worldwide.

Another accusation is that he was behind the 2014 hack of Sony Pictures. This attack was carried out using a piece of malware called Destover. During the incident, 100 terabytes of information was leaked, including personal emails, films, information about salaries, and scripts of future films.

Suspicions about this attack already fell on North Korea at the time, due in part to the fact that one of the attackers’ demands was the withdrawal of the film ‘The Interview’, in which two journalists attempt to assassinate the North Korean leader, Kim Jong Un.

Along with these cyberattacks, he is also accused of being involved in the 2016 robbery of the Bangladesh Central Bank. Using sophisticated malware to have visibility of the IT system, the attackers were able to observe how the bank’s operations worked. With this information, they carried out fraudulent transactions worth $850 million dollars. According to the FBI report, the malware could have got onto the system using a version of the BEC scam [p. 58 of the report].

Although the bank was able to recover a large part of the money –  it is estimated that the bank’s total loss was around $81 million – it was still one of the largest thefts of this type in history.

How to keep your company safe from the most wanted cybercriminals

One of the main reasons to hire a cybersecurity solution for your company is to gain time: having the right tools to be able to react immediately to a cyberattack can make the difference between being a victim and staying safe.

One way to do so is to have a cybersecurity suite that provides an active search for threats. This way, the company can stay ahead of cybercriminals and react before an attack takes place. This is exactly what Panda Adaptive Defense 360’s Threat Hunting service does.

This managed service from Panda provides visibility of all activity on the corporate network, so that you know exactly what is happening at all times. Adaptive Defense 360 classifies 99.98% of processes via machine learning, and the remaining 0.02% are classified by Panda’s expert cybersecurity analysts. Advanced technologies like this allowed Panda to protect all clients with Adaptive Defense installed in Lock mode from WannaCry. It is an advanced cybersecurity solution that is still protecting the endpoints of companies all over the world.

The post North Korean hacker officially charged for the WannaCry attacks appeared first on Panda Security Mediacenter.

What is the difference between sandboxing and honeypots?

Honeypots and Sandboxing

We’ve said it more than once on this blog: when it comes to cybersecurity, it’s not enough to simply act reactively: acting preventively is also vital, because the best way to defend against an attack is to get ahead of it, preempt it, and stop it from happening.

For this reason, in their eagerness to stay ahead, an increasing number of companies allocate part of their corporate cybersecurity resources to studying new trends, analyzing the latest cybercrime strategies, and, ultimately, to being able to protect their company’s IT security in a much more efficient way, avoiding problems before they even appear.

This is where we start to see two concepts that are very common in the sector: honeypots and sandboxing, two IT risk prevention strategies that, while they may seem similar, in fact differ in several ways.

What is a honeypot?

A honeypot is a cybersecurity strategy aimed, among other things, at deceiving potential cybercriminals. Whether it’s via software or human actions, honeypots are when a company pretends to have a few “ways in” to their systems that haven’t been adequately protected.

The tactic is as follows: In the first step, a company decides to activate a series of servers or systems that seem to be sensitive. Ostensibly, this company has left a few loose ends untied and seems to be vulnerable. Once the trap is set, the aim is to attract attackers, who will respond to this call, and attempt to get in. However, what the cybercriminal doesn’t know is that, far from having found a vulnerable door, they are being regulated and monitored the whole time by the company in question.

This gives companies a triple benefit: firstly, they can stop genuinely dangerous attacks; secondly, they can keep attackers busy, wearing them out and making them waste time; and finally, they can analyze their movements and use this information to detect possible new attack strategies that are being used in the sector.

Honeypots are similar to so called cyber counterintelligence, which also uses a strategy of placing cybersecurity bait that, because of its vulnerable appearance, lures attackers in and tricks them, thwarting their attempts, while at the same time spying on them, analyzing and monitoring their movements.

In fact, there are ways to make the tactic even more sophisticated: if the honeypot isn’t developed on unused networks, but rather on real applications and systems, this is when we start to talk about a honeynet, that will be able to further mislead the cybercriminal and make them believe without a shadow of a doubt that they are attacking the very heart of the company’s IT security.

Ultimately, honeypots are a strategy that can be very useful, especially for large companies, since these companies usually store a large amount of confidential information and, as a result of the volume of activity, are extremely tempting targets for potential attackers.

What is a sandbox?

Sandboxes, on the other hand, have several elements that set them apart from honeypots. This is a much less risky tactic, and is carried out when a company suspects that some of their programs or applications may contain malware.

In this case, the company totally isolates the process. Not only will it be carried out on another server and the possible ways in closed, but it will also be run on just one computer, making sure that at no time does this computer establish any kind of connection with other devices in the company.

So, while the goal of the honeypot is to attract attackers in order to avoid their attacks, making them waste their time, sandboxing is focused on evaluating possible infections that could already have affected the system, and running them in isolation so that they don’t affect the rest of the company.

Sandboxing is therefore a perfect strategy for companies that work with material downloaded from the Internet that could potentially compromise IT security. It is also very useful for when an employee, because of a lack of cybersecurity training and awareness, downloads an attachment that could be a threat to the company’s IT systems.

The fact is that there is one thing that needs to be made clear in companies: independently of their size, right now, all of them are susceptible to being attacked and falling victim to cybercrime. Therefore, in this context, it is vital to broaden the range of options when it comes to protecting cybersecurity using IT risk prevention.

The post What is the difference between sandboxing and honeypots? appeared first on Panda Security Mediacenter.

GDPR lands at British Airways: How did the hackers manage to get in?

Data Breach GDPR

A few days after British Airways suffered the worst cyberattack in its history, the airline still hasn’t revealed any technical details about the breach – beyond the official apology – to the over 380,000 users whose data was compromised after making purchases on BA’s website. As well as the ensuing official notification to the appropriate authorities and all the affected clients

Names, email addresses, and credit card details – including numbers, expiry dates and CVV security codes – have been stolen. A few hints that have allowed cybersecurity experts, such as Professor Alan Woodward, to get an idea of how the hackers were able to sneak onto BA’s website and app between August 21 and September 5. This was an attack similar to the one recently suffered by Ticketmaster, after a customer service chatbot was labeled as the potential cause of an infraction that affected over 40,000 users in the UK. In fact, in the last few hours, information has emerged that suggests that the perpetrators of this attack may also be behind the British Airways hack.

Money has wings…

Until a few months ago, companies would shrug their shoulders when faced with attacks of this type. The greatest concern during previous cyberattacks was the potential damage to reputations. But now, with the new General Data Protection Regulation and the fines that infringing it can lead to, there is a new threat for the coffers of companies that fall victim to security breaches like this, affecting both clients’ and investors’ pockets. And BA’s case has been no exception.

The most immediate consequence? Shares in IAG, the parent company of British Airways, fell around 3% on the Ibex and on the FTSE after the attack and its scope were revealed. This meant a 456 million Euro drop in in its market value on Friday, after it emerged that hackers had stolen the payment details of 380,000 clients.

British Airways’ chairman and CEO, Álex Cruz, hasn’t explained how the data was stolen, though he has denied that the attackers had managed to breach the company’s encryption. “There were other methods, very sophisticated methods, that criminals used to obtain that data,” he said in an interview with the BBC

However, Professor Woodward, in his statements, said, “You can put the strongest lock you like on the front door, but if the builders have left a ladder up to a window, where do you think the burglars will go?” The controversy is here.

How to avoid the fines

While it can’t be 100% categorically stated that it was a script attack that compromised British Airways’ security services, it does seem to be the most likely cause. However, other theories even talk about an expert within the company manipulating the website with malicious intent. The fact is that the airline is going through a rough patch as far as its IT system is concerned.

This incident has been a lesson, and has also underlined the need to invest in cybersecurity in order to demonstrate that enough is being done to safeguard sensitive data. Because the only way to avoid paying economic sanctions is to keep these security breaches from happening.

It has recently been shown that the difficulty experienced by large companies when it comes to locating the unstructured data in their systems could be a question of volume. In fact, 65% of companies collect so much data that they’re unable to categorize or analyze it.  If we take into account the nature of British Airways, the largest European airline, we can get an idea of the sheer amount of personal data managed by their systems.

These days, there are advanced cybersecurity solutions specifically designed to provide support for the whole IT team, with the aim of avoiding situations like the one that BA has gone though. One such solution is Panda Data Control.

What will happen with those clients who decide to request to have their data permanently deleted from one of these platforms? In this case, the companies must have a highly detailed inventory of where all their data is, a perfect chart of this information, and almost notarial control in order to be able to prove the complete deletion of the data from all systems. All of this is offered by Panda Data Control, to ensure that users can exercise their right to be forgotten with total transparency and be able to certify it.

This data protection solution, which is integrated into Panda Adaptive Defense, allows you to discover, audit and monitor unstructured personal and sensitive data on your company’s endpoints: from data at rest, to data in use and data in motion.

It identifies the files that contain personal data (PII) and records any kind of access to it, alerting in almost real time about leaks, use, and suspicious or unauthorized traffic.

Total visibility of files, users, devices and servers that access this information, so you can supervise any action carried out on the personal information that you store.

Because the most important thing when it comes to mitigating the risks related to data is to be extremely careful with how personal information is dealt with, and it is vital to know where data is stored and to know who has access to it.

The post GDPR lands at British Airways: How did the hackers manage to get in? appeared first on Panda Security Mediacenter.

How to bridge the cybersecurity skills gap

By 2021, there will be more than 3.5 million unfilled jobs in the cybersecurity sector.

The statistic from Cybersecurity Ventures published in June 2017, highlighted the growing structural deficit of security professionals. The cybersecurity skills gap continues to grow – but just how large and severe is it? And what can businesses do to mitigate the problem?

Bridging the cybersecurity skills gap is one of the biggest challenges organisations face today – and many are already struggling. Few organisations have the resources to deal with the growing threat posed by cyber criminals and advanced attacks. Viruses, malware and other threats are increasingly diverse and complex, and most organisations lack the staff and skill to deal with the threats appearing now, let alone the ones that will appear in the future.

  • Hire and train more talent

    Organisations need to acquire the best cybersecurity analysts and use them as mentors for talented but inexperienced cybersecurity trainees.

    The benefit is twofold. On the one hand, organisations benefit from the expertise that trained analysts can provide, and on the other, cybersecurity trainees learn from the best and can quickly get up to speed.

Only 1 in 10 organisations have cybersecurity experts on their teams

A study conducted earlier this year by Forrester Consulting for Hiscox, revealed that only 11% of the organisations reviewed actually had ‘experts’ on their security teams and were, therefore, well prepared to face cybersecurity challenges. On the other hand, nearly three-quarters of organisations (73%) fell into the novice category, suggesting they had a long way to go before they were ‘cyber ready’.

With skilled cybersecurity professionals in short supply, it’s expected that organisations will continue to struggle to fill cybersecurity positions with the right employees.

  • Outsource endpoint security management to specialist service providers or managed detection and response teams

    Gartner estimates that, by 2020, 50% of managed security service providers (MSSPs) will offer Managed, Detection and Response (MR) services.

    For organisations unable to hire or train cybersecurity analysts as quickly as possible, outsourcing cybersecurity management (or elements of it) to specialist service providers, or MDR teams is a viable option. This should reduce the risk with 24/7 threat monitoring, detection and response capabilities, and also give organisations access to the best cybersecurity professionals.

    With such an approach, organisations can augment their existing cybersecurity network, providing an additional layer of protection, as well as use the expertise provided by MDR teams to get insight, actionable advice, threat context and coverage.

Almost half of security alerts are not investigated

According the Cisco 2017 Security Capabilities Benchmark Study, 44% – almost half – of security alerts are not investigated.

The study found that, due to “various constraints”, such as resource, budget and lack of trained personnel, organisations can only investigate 56% of the security alerts they receive. Of the alerts investigated, only 46% are remediated, leaving 54% of those alerts unresolved.

The main problem is that security alerts need to be reviewed and remediated manually. Cybersecurity systems can flag threats, yes, but those threats also need to be manually verified and prioritised by analysts. As a result, the process takes significantly longer – and with so many threats being received on a daily basis, it’s no surprise that many go unchecked.

  • Invest in more robust and accurate cybersecurity systems

    A major challenge for organisations is the remediation and reprioritisation of threats. Cybersecurity systems can detect issues, but often those issues need to be resolved manually. According to our own research, more than half of the cybersecurity professionals we reviewed estimated that half of threat alerts are improperly reprioritised by systems and had to be fixed manually.

    With many organisations’ security teams stretched thin and responding to an overwhelming number of threats on a daily basis, systems need to be honed and adapted as threats evolve and increase. That is the only way to truly be cyber resilient.

Don’t make the mistake of treating cybersecurity as a “technical problem” and delegate it to the IT department. The reality is that cybersecurity is a business-wide issue. Defending an organisation from cyber-attack requires an understanding of what is at stake.

The IT department can resolve the issue, sure, but what’s the point if poor employee practice means that they face another problem as soon as one is fixed?

Wider business context and an appreciation of business risk, exposure and priorities is needed. Departments within organisations need to work together with the IT department, not as a separate entity.

If you want to learn more about the cybersecurity skills gap, the threats facing modern businesses, and how best to prepare for and combat those threats, download our report by clicking the button below.

Download the PandaLabs Anual Report 2017

The post How to bridge the cybersecurity skills gap appeared first on Panda Security Mediacenter.

From the year of ransomware to the year of cryptojacking

2017 was the year when the word ransomware stopped being a term exclusive to cybersecurity experts and IT departments. The enormous media attention that attacks such as WannaCry and Petya/GoldenEye received turned this type of cyberthreat into one of the key trends for businesses last year.

But the constant evolution of cybercriminality has found a new mother-lode: cryptomining. It is no coincidence that bitcoin was included on Fundéu BBVA’s shortlist for word of the year in 2017, highlighting the impact that virtual currencies are currently having. And if there’s one group that knows this more than anyone, it’s cybercriminals, who have been able to develop a strategy of attacking third party computers and using them without consent to mine cryptocurrencies for their own financial gain. This has given rise to the concept that has irrefutably defined cybersecurity in 2018: cryptojacking.

2018, the year of cryptojacking

Back in March, we at Panda Security warned of the rise of cryptojacking as a threat to businesses, given the large amount of IT resources found in companies. As we explained, using malware, cybercriminals are able to leverage part of a device’s processing power in order to covertly mine cryptocurrencies; the victim notices nothing more than the slowing down of the device — an occurrence that they will most likely put down to something other than a cyberattack.

The year kicked off with several notable cases where such well known IT programs and websites as Microsoft Word, GitHub and YouTube were affected. But illegitimate cryptomining continues. We’ve recently seen new massive attacks: 200,000 MikroTik routers in Brasil were affected by one attack; CMS Drupal by another; and in China, a criminal group that had infected more than a million computers with cryptojacking tools over two years was arrested.

In light of all of this, it is perhaps unsurprising that in the first half of 2018 alone, there has been a 4,000% increase in the number of cryptojacking attacks on Public Administration. Conversely the number of ransomware cases fell 2% in the same period, according to data from the CNI (Spanish National Intelligence Center).

Other European countries have also been witness to this astronomical growth. In the United Kingdom, 59% of companies have been affected at one time or another by this cyberthreat, and 80% of the attacks that have been detected happened in 2018.  This trend is also on the up in the Netherlands. The Dutch National Coordinator for Security and Counterterrorism warned that cryptojacking has become an “attractive and notable” cybercriminal strategy, and highlighted that criminals seek to illegally mine cryptocurrencies “more and more often”.

What to do in light of such a pessimistic landscape

First of all, don’t panic. By following a series of handy tips, your company can protect itself against possible incidents related to the cyberthreat de rigueur. Among the most indispensable tips on the list are:

  • Carrying out periodical risk evaluations to identify possible vulnerabilities.
  • Regularly updating all of the company’s systems and devices, and considering uninstalling software that isn’t being used.
  • Protecting web browsers on endpoints with the installation of specific extensions that stop cryptomining by blocking malicious scripts.
  • Thoroughly investigating any spikes in IT problems related to unusual CPU performance. If multiple employees report that their computers are slowing down or overheating, it could be a case of cryptojacking.

These actions need to be accompanied with the implementation of an advanced cybersecurity solution that provides key features such as detailed visibility of the activity on every endpoint, and that provides control of all running processes. This is what is provided by Panda Adaptive Defense, Panda Security’s cybersecurity suite, which is primed to protect all your company’s computers against any kind of cyberthreat, be it the classics, or the latest trends.

The post From the year of ransomware to the year of cryptojacking appeared first on Panda Security Mediacenter.

New Pokémon Go settings highlight importance of parental controls

Pokémon Go has been a massive success story for smartphone gaming. Simple to play, and with an emphasis on taking more exercise, the game is popular with adults and children alike.

In the past, anyone could create an account to play Pokémon Go using their Google of Facebook login details. But for many parents, this sign-up process was concerning.

All or nothing

By providing a Google or Facebook account to Pokémon Go, the developers of the game, Niantic, also gain access to those social accounts. Without any way to limit access, Niantic can “see” everything on that account, and to share it with their business partners.

Clearly this is undesirable – and unnecessary – for a kid’s game. But until now there has not been any way to control data sharing.

To address these concerns, Niantic has created the ‘Niantic Kids’ platform. Built with the assistance of ESRB Privacy Certified experts Super Awesome, Niantic Kids promises to help parents better protect their kids without ruining the game.

Niantic Kids is fully compliant with a range of international privacy laws, including GDPR in Europe and the Children’s Online Privacy Protection Act in the USA. By signing up for a Niantic Kids account, parents will be able to limit the amount of information shared with Pokémon Go – and better protect the privacy of their kids.

A lesson in smartphone safety

The reality is that Pokémon Go isn’t the only app harvesting potentially sensitive data from your child’s smartphone. Many “free” apps and games generate income by sharing the information they collect from your phone with advertisers, data aggregators and other partners.

The default settings on most apps will be to enable sharing – parental controls are almost never enabled as standard (even the parental controls in Panda Dome must be manually enabled). It is absolutely essential that you check each app installed on your child’s phone and use the parental controls to limit access to their information.

It is not just apps you need to check either. Apple’s iOS (installed on iPhones and iPads) has a number of additional privacy settings to give parents greater control over devices. Android devices have similar controls which need to be applied on your child’s phone.

Child safety applies to all devices

To properly protect your children you should enable parental controls on all of their devices. So if they have access to a laptop or desktop computer, you need to look at ways to protect their privacy, and to restrict access to adult or illegal content.

Again, Mac OS (installed on iMacs and MacBooks) and Windows come with basic parental controls as standard. But these tools tend to be quite limited in what they can do. Instead we recommend installing Panda Dome (free trial available here).

Panda Dome makes it easy to block unwanted websites and to see how the computer is being used. These reports provides clues about your child’s online behaviour, and provide a useful opportunity to discuss how to use the Internet safely.

Parental controls are not about stopping your kids from having fun online. They are designed to help your kids have fun online safely.

You can read more about keeping kids safe online in our Parental Controls media centre.

The post New Pokémon Go settings highlight importance of parental controls appeared first on Panda Security Mediacenter.

Cyber Security Tricks and Treats

When it comes to cybersecurity, there are very few treats to be enjoyed.

With internet usage at an all-time high, users are especially vulnerable to cyber attacks and hacks. These tricks can include phishing attacks, session hijacking and ransomware. And since it’s National Cyber Security Awareness Month, it’s the perfect time to brush up on cyber security knowledge, and find out how you can make a treat out of a trick this Halloween season.

This Halloween, keep your devices and personal information safe from hackers’ tricks. If something looks wrong or feels too good to be true, it probably is. Ensure all devices have the most current updates, install an antivirus and use a VPN when necessary.

Get started today.

Download Panda Free Antivirus, and defeat the evil gremlins who could turn your Halloween into a nightmare.

The post Cyber Security Tricks and Treats appeared first on Panda Security Mediacenter.

Panda Security, Silver Anti-malware certification from OPSWAT

Panda Security announces that Panda Adaptive Defense 360 has been certified as a Silver security solution by OPSWAT in their Anti-malware certification category.

OPSWAT developed the Certified Security Application Program in 2007, after compiling the compatibility requisites of over 50 OPSWAT OEM clients, including industry leading NAC, CASB, SSO, and SSL-VPN solutions from providers such as Citrix, Pulse Secure, Cisco, IBM, and Dell.  The program currently supports over 1,000 security applications, which are rigorously tested to guarantee their compatibility with the leading access control solutions.

The certification obtained by Panda Security in the OPSWAT Program certifies Panda Adaptive Defense 360 as a compatible advanced cybersecurity solution that incorporates Endpoint Protection and Endpoint Detection and response (EDR), along with 100% Attestation and Threat Hunting & Investigation services.

Panda Security is a leading provider of latest generation endpoint security. OPSWAT awarded Panda Security the certification after determining that its advanced cybersecurity solution, Adaptive Defense 360, met a series of strict compatibility criteria. This compatibility guarantees that a security solution can be detected, classified and shown on the network administrator’s management console from over 200 million endpoints.

Thus, Panda Security emerges as the leading European manufacturer of EDR systems, and also has OPSWAT’s distinguishing recognition as a certified provider. The products that receive the OPSWAT Silver certification, like Adaptive Defense 360, are highly compatible with market leading NAC and SSL VPN solutions, such as Citrix Access Gateway, Juniper Host Checker, and F5 FirePass®, among others. Silver certified products can be detected by these technology solutions, and some remediation and evaluation actions are supported. “We are very satisfied with this OPSWAT certification; it reinforces Panda Adaptive Defense 360 as a cutting edge solution for corporate endpoints, which must have the highest guarantees when it comes to allowing access to the network, and must ensure that the endpoints have latest generation protection,” states Juan Santamaría, Panda Security CEO.

OPSWAT recommends that all providers of security solutions get to know their certification program in more detail, and that they get the latest versions of their products certified before they are launched. IT administrators can also use OPSWAT’s list of certified security applications as a resource before acquiring a security solution.

About OPSWAT

OPSWAT is a global cyber security company providing solutions for enterprises since 2002 to identify, detect, and remediate advanced security threats from data and devices coming into and out of their networks. Trusted by over 1,000 organizations worldwide for this secure data flow, OPSWAT prevents advanced security threats across multiple channels of file transfer and data flow with flexible options of MetaDefender solutions and API-based development and threat intelligence platforms. With over 30 anti-malware engines, 100+ data sanitization engines, and more than 25 technology integration partners, OPSWAT is a pioneer and leader in data sanitization (Content Disarm and Reconstruction)vulnerability detectionmulti-scanning, device compliance, and cloud access control. To learn more about OPSWAT, please visit www.OPSWAT.com.

The post Panda Security, Silver Anti-malware certification from OPSWAT appeared first on Panda Security Mediacenter.

British Airways Website and App Compromised

The customer data of more than 380,000 people have been compromised. British Airways (BA), the largest airline in the United Kingdom, operating flights to almost every major city in the US, has been attacked by hackers.

Cybercriminals have stolen the personal and financial details of hundreds of thousands of BA customers. The data includes credit card details and other banking information, as well as names, addresses, and phone numbers of people who have used the website and the app between 22:58 BST August 21st, 2018 and 21:45 BST September 5th, 2018. According to British Airways, the stolen data does not include passport details. Currently is not known if the hackers have been able also to access saved cards on the website.

The data breach was announced earlier this week on the company’s blog. According to the statement released by BA, the breach is now resolved, and both the website and the app are safe to use. The airline carrier has hired a team of experts who currently are investigating the cause of the breach. BA has notified the police and all relevant authorities about the incident. It is still unknown who is behind the attack and if the stolen data has already been used for fraudulent transactions.

Alex Cruz, British Airways’ Chairman, and Chief Executive Officer said “We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers’ data very seriously.”

The UK airline has already started approaching the potential victims assuring them to keep an eye on their bank accounts and report any unusual account activities to the bank. If you’ve purchased anything from British Airways over the last few weeks, your identity and finances might be in potential trouble.

British Airways angered its customers by tweeting about the leak instead of approaching the victims directly. Even though BA is a company that bills itself as the world’s favorite airline, this is an excellent example that even companies that strive to take data protection very seriously sometimes fall victims to hackers and experience technical issues.

It is your responsibility to change passwords at least once every three months, monitor your bank statements, and have antivirus software installed on all your connected devices – hackers know that people will be expecting emails from BA and will start sending phishing emails.

Keep your eyes wide open and don’t fall victim!

Download your Antivirus

The post British Airways Website and App Compromised appeared first on Panda Security Mediacenter.

Five school cybersecurity questions you should ask on your next parent-teacher conference

The summer is officially over, and children are back to school! Whether you are at work or left home alone, you are probably feeling a mixture of relief and sadness. Even though you always keep them in mind, your precious bundles of joy are now away from you for the most of the day.

Children spend more time in front of the little screens than ever. We are sure that you’ve given them plenty of pieces of advice on how to stay safe in both the real world and the online one. You most likely already have full control over their digital life and have installed parental control software on their connected devices. However, sometimes the children are not the only ones who need some cybersecurity education, the school employees may need some guidance too. Even if you are one of the lucky parents who send their children to schools that ban the use of smartphones on learning grounds, there are a few questions concerning the safety of your children that you should raise next time you speak with the school administration.

What information do schools keep on your children and who has access to it?

The school system stores a lot of information about your children. It often includes standard directory information such as names, addresses, and phone numbers as well as more sensitive data such as SSN and DOB. All information is generally protected by the federal Family Educational Rights and Privacy Act (FERPA). However, many educational institutions sometimes grant access to such information to school employees who do not need it but can take advantage of it. It’s always worth asking the question!

What happens if the school becomes a target of a ransomware attack?

Educational institutions are targets of hacker attacks all the time. Sometimes the attackers request a ransom. Asking what would the procedure be if your children personal details get stolen is a must. Knowing more about what does the school do to prevent such attacks is also a good question. Educational entities are often underfunded and do not have the resources to take good care of their students’ cybersecurity needs. Knowing more about such procedures must be on your checklist every time you choose a school.

How often do children and school employees change passwords?

Following the right procedures for password maintenance is a must for educational entities that store such sensitive information and must be implemented on both students and employees. The last thing you want is for hackers to steal the identity of innocent children and ruin their lives before they even have a chance to defend themselves. SSNs generally never change so the information taken now might be used 5-10 years from now when the children become adults. Best practices say that passwords should never be reused and they must be changed every three months.

What data is kept after students and employees leave the school?

Educational entities are supposed to deactivate the accounts of former students and employees. However, this is not always the case as it is known that some accounts are often overlooked and left active for years. The IT departments either do it by mistake or do the students/employees a favor so they can continue taking advantage of the educational benefits – as you know some services, including Apple Music, provide discounts through educational email verification. Such unmonitored accounts could sometimes be used by hackers to get into the internal systems of educational institutions.

What steps does your school administration do to prevent school cyberbullying?

The fight against cyberbullying, access to inappropriate websites, online predators and dangerous games such as the Blue Whale Challenge starts at school – proper cybersecurity education would help both students and employees. Students will know how to not only protect themselves but also report inappropriate behavior, and pedagogues will increase their knowledge in spotting disturbing actions. This is questions that need to be discussed on a regular basis as technology trends change all the time and staying up-to-date is not an easy task, especially in underfunded and underperforming schools.

For some of the questions, there is not a right answer, nor a wrong one. However, raising the topics is vital as it will encourage educational institutions to always be on top of their game, and will give you the peace of mind you need.

Download your Antivirus

The post Five school cybersecurity questions you should ask on your next parent-teacher conference appeared first on Panda Security Mediacenter.