Author Archives: Panda Security

Panda Adaptive Defense put to the test by SANS Institute

SANS Institute

In the past, we have discussed the idea that 100% protection is unattainable.  However, there exist defense strategies that combine protection solutions, managed services and artificial intelligence. These are capable of increasing an organization’s capacities to detect and stop attackers. In this battle, it is vital to focus on defending the place where organizations keep their assets: the endpoint

SANS Institute evaluates Panda Adaptive Defense

SANS Institute (SysAdmin Audit, Networking and Security Institute), one of the most influential institutions in the cybersecurity world, which reaches over 165,000 professionals in the sector, has published a review of the advanced solution, Panda Adaptive Defense 360.

“SANS found Panda Adaptive Defense 360 to be easily deployable, with instant results in preventing malware and identifying targeted attacks. Within the platform, we found that tasks associated with large amounts of labor investment, such as tuning and patching, instead are automated or minimal. The solution brings synergy and success with groundbreaking preventive and detective capabilities.”

With this evaluation, Panda Security’s corporate cybersecurity solution joins the group of technologies recognized and certified by SANS Institute in the IT security ambit.

The SANS Institute review, step by step

In order to survive in a world where attackers deploy automatized malware and carry out targeted attacks, organizations need to secure their endpoints with platforms that provide automatized protection and mechanisms.

SANS Institute used Panda Adaptive Defense 360 for a month in order to evaluate its cybersecurity capacities. According to SANS, the evolution of malware requires better solutions, not more solutions. This is where Panda Adaptive Defense 360 comes in: it combines groundbreaking techniques designed to stop attacks immediately and provide detailed analytics to identify the most advanced attacks.

You can find out more about the how this study was carried out, as well as its findings, in the webcast on March 27 at 15:00 UTC.

Register for the webcast

Agent deployment and management capabilities

For SANS, it is vital that a platform of this type adjust to the organization that uses it, and not the other way round. This is exactly what Panda Adaptive Defense 360 did; it returned no false positives, saving the IT team a lot of time.

SANS was impressed with the capability of the Patch Management module to schedule the installation of necessary patches: “Endpoint suites that do not include patch management forget that a key control for the prevention of malware execution is to patch software vulnerabilities.”

Endpoint prevention capabilities

Another reality that we are facing is the fact that it is important – and often tricky – to find a balance between automatizing the protection/detection and how easy it is to maintain the solution.

Panda Adaptive Defense 360’s 100% Attestation service classifies all processes, and depending on this classification, allows it to run, or not, on the endpoint. To do this, the service applies machine learning techniques and gathers over 1000 data points in order to classify the files.

If it cannot be identified this way, the file is sent to Panda’s expert malware analysts, who are part of what makes the platform so special: the managed threat hunting service. This only happens in 0.015% of cases.

How were Panda Adaptive Defense 360’s capabilities tested? By launching malware samples; from ransomware and rootkits, to traditional viruses. All of these samples were deleted or failed to run. One of the samples used was Petya; it failed to run successfully, and was also registered correctly.

Endpoint detection and visibility

There is a big difference between dealing with malware and dealing with a malwareless attack. More and more companies suffer attacks that use a combination of malware and techniques that are resident in the memory – that is, that don’t use malware. To fight this, SANS praises Panda Adaptive Defense 360’s EDR capabilities, which are added to EPP – a combination that, when it was created, was a milestone in endpoint protection.

Taming the endpoint chaos within: A review of Panda Adaptive Defense 360

To find out more, we invite you to register for the live webcast on March 27 at 15:00 UTC. In this webcast, Justin Henderson (SANS Institute analyst) and James Manning  (Panda Security Pre-Sales Engineering team manager in North America) will discuss in detail the advanced cybersecurity solution.

In this link you can find more information about the webcast and a form to register.

You will learn about:

  • The importance of using endpoint protection, detection and response capabilities jointly in order to stop attackers before they can get a foothold on an endpoint.
  • The value of certifying 100% in order to reduce the number of incidents that need to be investigated.
  • How to understand the progression of endpoint protection, from auditing to blocking.
  • How to investigate attacks on endpoints via visualization tools.

Register  today to be among the first to receive the whitepaper written by Justin Henderson, SANS analysts and expert in endpoint security.

Register for the webcast

The post Panda Adaptive Defense put to the test by SANS Institute appeared first on Panda Security Mediacenter.

The Internet is at risk: why is ICANN pushing for the use of DNSSEC?


In the world of cybersecurity, there’s a concept that is well known to most experts: man in the middle. This, generally speaking, is when an intruder places himself between two elements in order to deceive the user.

The expression is usually applied to DNS attacks. In this kind of attack, the cybercriminal attacks a domain’s DNS in order to change the address to which it redirects. This kind of DNS attack can take a user to a malicious website, when in fact, they believed they were visiting a trustworthy site. This method can be used to harm users’ cybersecurity in many ways, but the most common is to steal passwords.

Security agencies on alert

This kind of incident is on the up. And it’s not just isolated incidents happening to one or two people; whole organizations and institutions are being affected. Towards the end of 2018, several cybersecurity companies became aware of something seriously troubling: a group of cybercriminals, most likely from Iran, were orchestrating a series of DNS attacks. These attacks were designed to breach the IT security of bodies such as the Lebanese and UAE governments.

And these aren’t the only examples: according to the Cybersecurity and Infrastructure Security Agency (CISA), several agencies in the United States have also been attacked with this method, putting them in a constant state of alert.

And this situation isn’t a passing trend. The Government of the United States, via the Department of Homeland Security, has acknowledged that it has detected “a pattern of multifaceted attacks that use different methodologies.” This includes DNS attacks where, by changing the digital signature, different websites are redirected to malicious portals.

The importance of DNSSEC

Given the current situation, the Internet Corporation for Assigned Names and Numbers (ICANN) has called on all large public and private organizations to reinforce their DNS security by using the Domain Name System Security Extensions (DNSSEC).

This protection system digitally signs data to assure its validity via verifiable chains of trust. It has been in development for around 20 years, and is one of the most effective measures when it comes to fighting this kind of cyberattack. However, its success in the business world and in the ambit of public administrations is more limited; it is estimated that only around 20% of organizations use this system, while among Fortune 1000 companies this figure falls to just 3%.

This data is rather worrying if we bear in mind the fact that the consequences of an attack of this kind can be extremely serious. In cases where similar large-scale cyberattacks have been carried out, the repercussions were serious enough to cause grave crises for those who were affected. We need look no further that 2016, when Dyn suffered the largest DNS attack in recent history. As a result, tech giants such as Twitter, Tumblr, Spotify, The New York Times and CNN all became unavailable for a period of time. In 2017, the power supply in Ukraine was brought down by a similar attack. As we can see, it is not just a case of the Internet going down in people’s houses; incidents of this kind can bring down a huge range of digitalized services, many of which are essential in the day-to-day of our companies. And even in the best case scenario, companies that have been attacked in this way will face million euro losses.

The implementation of DNSSEC and the kind of protection that it provides is therefore absolutely vital, especially for large organizations, be they public or private. The fact is that, as ICANN reminds us, having this kind of protection doesn’t guarantee 100% that a website won’t suffer any kind of attack. What it does guarantee, however, is that DNS attacks are impossible. As such, although there is never going to be total security against cybercriminal activity, the better protected corporate cybersecurity is, the harder it will be to break in. To this end, DNSSEC has become a vital layer of security in 2019.

The post The Internet is at risk: why is ICANN pushing for the use of DNSSEC? appeared first on Panda Security Mediacenter.

Javier Diéguez (BCSC): “To increase their cyber-resilience, companies first need to find a reliable partner”

Javier Diéguez

One thing that has become quite clear over the last few years is the fact that cybersecurity goes beyond the purely technological: it is a set of practices. According to Javier Diéguez, director of the Basque Cybersecurity Centre, we now understand that cybersecurity involves an element of best practices and enterprise risk management. This has given our discipline a much more transversal role. Security is now taken into accou-nt as a critical factor at a managerial level in businesses, and not just as a concern for the IT department.

Javier Diéguez
Javier Diéguez

Javier has over 15 years’ experience in the corporate and industrial security sector, and was chosen to set up the Basque Cybersecurity Centre. Diéguez also makes up part of the team of experts that collaborated with the National Center for the Protection of Critical Infrastructures (CNPIC) to help define the sectoral strategic plans for the electricity sector. Here’s what he had to say:

  • What does your job as the director of the Basque Cybersecurity Centre entail?

I was hired to create the BCSC from scratch, managing a series of short-term objectives such as organizing the centre itself and establishing relationships with other national and European agencies. I was also tasked with constructing basic services to increase the maturity of the Basque cybersecurity industry, fostering a corporate culture of protection and defense.

As well as having a particular awareness of how important it is to protect industry and to encourage competitiveness, the Basque Country has a rather important emerging cybersecurity sector. There’s no other place with such a high concentration of cybersecurity startups and technology products. At the BCSC, it’s our obligation to develop that ecosystem and encourage it to grow, to search for international connections and opportunities; as it is a digital business, it can’t remain merely at a local level.

  • In your opinion, what are the most serious threats around these days?

The majority of complaints that we receive are related to all kinds of different fraud: from indiscriminate phishing to highly targeted attacks, like impersonating the CEO. In a more industrial environment, as is the economic core of the Basque Country, there are another two important types of attack. The first of these is sabotage: disrupting operations, which is less common, but can take on a lot of different forms in an industrial environment. And a second threat, one that is far more difficult to spot, is cyber espionage. This kind of attack is mainly about stealing intellectual property in order to get a competitive advantage and endanger a potential business rival, as well as stealing information about commercial strategies

  • A lot of your career has been dedicated to critical infrastructures, especially electrical infrastructures. What are the most common risks that affect that industry?

Attacks on businesses were considered nigh on impossible, or at least extremely difficult, until just a few years ago. However, nowadays the systems used by critical infrastructures are increasingly connected to the Internet, opening up more points of contact with the outside, especially for maintenance work. There needs to be a high level of surveillance to make sure that the perimeter, that surface that is exposed to the Internet, is properly protected. It is also important to make sure that networks are separated within the company, differentiating between critical networks and those that are less important. In this area, there’s still a lot of work to do: segmentation isn’t always as it should be, perimeters aren’t always well defined, and nor are they well protected against unauthorized access, either intentional or accidental.

There is also a series of problems related to the longevity and diversity of the systems and lifecycles of the systems that support critical infrastructures. The lifecycles of the systems in electrical infrastructures last decades. We see cases where systems from entirely different generations work side by side; many of them are legacy systems. It’s not uncommon, for example, to come across a Windows NT 4.0 operating system, which is from 1996. Maintenance for this software just doesn’t exist, and patches for these systems are no longer manufactured.

A third problem comes from the nature of the technology and the support policy that the manufacturers of the equipment have. A company like Siemens or Honeywell usually sets limitations so that their customers, the infrastructure operators, can add independent or external control mechanisms to the package of solutions that the manufacturer has sold. This limits the evolution of the protections in our environment.

  • How can a company increase its cyber-resilience?

Organizations need to diagnose their risk profile, and give themselves a check-up. To do this, the first thing that a company must do is to find a trustworthy partner. It is in the company’s interest to choose a cybersecurity partner that is independent of the organization, guided by the company’s managers, who know the business’s priorities. This means that they are able to establish priorities and determine the most important assets and processes that need to be protected. Once this profile and these priorities have been defined, a company can start to take steps. There are also many basic measures that need to be applied.

The post Javier Diéguez (BCSC): “To increase their cyber-resilience, companies first need to find a reliable partner” appeared first on Panda Security Mediacenter.

PASS2019 will bring together almost 1000 cybersecurity experts from across Europe

Panda Security Summit 2019
Organized by Panda Security, the Panda Security Summit will be attended by professionals from leading companies and institutions in the European IT and technology sector.

#PASS2019 will cement its place as one of the unmissable events in the cybersecurity calendar. At this second edition, leaders from the European Commission, Gartner, Telefónica and CaixaBank, as well as the director of PandaLabs, will all share experiences and explain different cybersecurity trends in Europe.

Panda Security Summit will bring together in Madrid almost 1000 attendees from leading European companies and institutions, including CISOs, CIOs, heads of cybersecurity, experts in the field, and CEOs.

Register here

If you’d like to get a free ticket, ask your Panda salesperson for more information or send an email to:

The agenda

The European Cybersecurity Hub will emphasize how important it is to be proactive and to renew detection methods, given how challenging and volatile an industry cybersecurity is.

In five conferences, nine different speakers will discuss the leading trends in threats and cyberattacks, national cybersecurity strategies, and the protection needs of public and private institutions. Throughout the event, there will be a particular emphasis on threat hunting techniques. Because these days, digital risk management is a key task in any company, regardless of its size or sector. They need to know how to act proactively, and not limit themselves to preventing known attacks; they must also make time to get to know the new tactics that are being employed by the cybercriminals who want to endanger their security.

Many of these threat hunting tactics will be analyzed by the speakers in their respective conferences, all of which can be consulted here.

The speakers

  • Miguel González-Sancho, head of the Unit “Cybersecurity Technology and Capacity Building” at the European Commission will share his vision of the socio-political framework set out in National Security Strategies, as well as the needs that arise when transferring this framework to the European business environment.
  • Pete Shoard, senior Endpoint and Security Operations analyst at Gartner will show in detail the most important aspects of the analyses carried out by managed security service providers, security monitoring technologies and risk management in cybersecurity.
  • Alejandro Ramos, Global Chief Digital Security Officer, and Alejandro Becerra, CISO at Telefónica will give a conference on the development of threat detection strategies at Telefónica, from the point of view of the customer, a SOC and a service provider.
  • Lucas Varela, e-Crime and Security Analytics Manager at CaixaBank will explain how intelligence systems are used to detect threats in the banking sector. He will also provide information about efficiency in incident response, and will go over the latest malware and banking threat trends.
  • Pedro Uría, director of PandaLabs, Panda Security’s analysis and investigation laboratory, will discuss, among other things, the most advanced threat hunting techniques. He will underscore how important it is to discover the new ways that hackers are behaving, since most of the time, they use proprietary malware or legitimate applications and goodware in order to go unnoticed by the most common cybersecurity solutions.
  • José Sancho, president of Panda, Juan Santamaría, CEO of Panda, and María Campos, KA and Telecoms at Panda Security, will present #PASS2019, and will share their views on the main strategies for success against cyberattacks.

Workshops and an immersive experience

There will be five workshops at #PASS2019 where attendees will be abel to learn more about the subjects discussed in the conferences. You will also be able to experience first-hand how the different steps that make up the killchain of a cyberattack unfold.

We’ll get inside an infection to discover the routes followed by cybercriminals to get onto our networks. Here we’ll see the resources that have the capacity to take over our IT park, and how our network is affected as the infection advances. Get inside our Cyber-Kill Chain! You’re invited to share the experience of being the lead actor in a cyberattack.

These workshops will be run by Panda Security Specialists. They will explain in detail the advantages of including threat hunting services in business cybersecurity strategies. They will also share the fundamentals for investigating, locating and isolating attacks at any point along the killchain, all in real-time, and thus reduce the reaction time between detection and deactivation.

You’re invited! We look forward to seeing you at the Panda Security Summit.

Register here

The post PASS2019 will bring together almost 1000 cybersecurity experts from across Europe appeared first on Panda Security Mediacenter.

Facebook targets teens’ data – do they really know what that means?

Facebook is never far from the headlines recently – and most of the news is bad. The latest scandal involves the Research program, designed to track app usage and web browser activity.

The issue centres on an app called Research, and Facebook’s attempts to gather valuable personal data from Apple iPhone users – including those aged under 18.

Circumventing security

The Apple iPhone has a reputation for being more secure than Apple devices because of the way that personal data is protected on the device. Normally iOS apps are not permitted to access information from the Mobile Safari web browser; apps that break these rules are banned from the App Store.

App developers are permitted some extra flexibility with these rules however, allowing them to test various additional functions that are not normally available. And it is this flexibility that Facebook Research exploited.

Facebook users were encouraged to register for the Research program, and were then sent a special link to download the app. Because the app was designated as being for development use only, the usual security checks carried out by Apple were not applied.

And so it was that Facebook were able to harvest vast amounts of personal data – including encrypted communications – from Research program participants.

What is the problem?

Facebook clearly broke App Store rules about app design and personal data harvesting which is why the Research app is no longer available. They were also temporarily banned from the Apple Developer program, preventing them from updating any of their apps – including the Messenger and Facebook apps.

Facebook argues that everyone enrolled in the Research program gave their consent to have personal data collected, and that they were paid in return. However, analysis of downloads shows that nearly a quarter of registrants were aged 13 to 18.

Users aged under 18 were supposed to obtain parental consent before sign-up – but there is little evidence that they did. Most simply had to select a checkbox, allowing them to verify consent themselves.

Concerningly, most of these young users do not seem to have understood just how invasive the Research program was. Some will have realised that their web browsing activity was being recorded – but did they also know that virtually everything they did on their phone was being recorded and sent back to Facebook? Media reports suggest that they did not.

Concerning for parents

For parents, the Research scandal should be a wake-up call. Allowing anyone, including Facebook, to have unrestricted access to personal data is a dangerous precedent, and teens need to be educated about the potential risks.

Valuing and protecting personal data is a modern-day life skill, giving your kids greater control over their future. Helping them understand the risks of the Research app, and the importance of getting parental consent, will help protect them from unscrupulous marketers – and data thieves – as they get older.

You can kickstart the conversation – and start protecting them immediately – with the Panda Dome security suite. With tools to filter content, limit app downloads and restrict personal data sharing potential, you can help keep kids safe while you teach them how to make wise choice. Click here to start your free Panda Dome trial today.

The post Facebook targets teens’ data – do they really know what that means? appeared first on Panda Security Mediacenter.

Vulnerabilities in critical infrastructure increased 14% in 2018

Critical infrastructure

Any business sector is liable to suffer a cyberattack. But perhaps the most cautious in this respect is the industrial sector. A vulnerability in an industrial system can lead to serious economic losses, along with a loss of information, as well as damage to customers, providers, users and even to the company’s reputation.

And the fact is that critical infrastructure is the kind of infrastructure that suffers most from this cybercriminal activity. According to a Cybersecurity Ventures report, a ransomware attack will be carried out on a company every 14 seconds in 2019. And that doesn’t take into account cyberattacks on individual people, which will be the vast majority of cases.

The report also takes a look at the economic costs of these vulnerabilities: ransomware attacks will costs companies as much as $11.5 billion. And by 2021, all kinds of attacks on corporate cybersecurity could cost as much as $6 trillion. In any case, the increase in damages of this kind is to be expected; all companies in every kind of industry are undertaking a digital transformation, which means that it is only logical that the number of vulnerabilities grows while this digitalization is taking place.

Vulnerabilities in critical infrastructure increased 14% in 2018

228 vulnerability warnings in Spain

The danger is clear; in Spain, the Incibe-CERT (Spanish national CERT) underlines this fact. Every year, it registers the vulnerability warnings in Spanish companies and organizations. And its latest report shows a clear trend: incidents are on the up. According to Incibe, in 2018, there were no fewer than 228 vulnerability warnings in the critical infrastructure of industrial control systems (ICS) in Spain. This figure represents a 14% increase compared to the 199 warnings throughout 2017.

Attacks on infrastructure of this kind, which include everything from the most traditional desktop tools to the most cutting edge Internet of Things (IoT) devices, also have their preferences. As the report shows, the most frequent vulnerabilities are those related to obtaining confidential or sensitive data from companies. It also highlights the use of algorithms to steal passwords for computers and user accounts, and hence, access company information.

The worst thing is perhaps, upon analyzing the most affected computers, we discover that the most vulnerable are those that are multipurpose, used in a vast number of different industries. This, of course, means that very few sectors (if any) are safe. When carrying out an attack, there is no doubt that cybercriminals make use of the most common paths and devices.

And these aren’t small scale cyberattacks either: 45% of them have a high level of severity, while 33% were critical. That is to say, regardless of whether or not the attacks were successful, the intentions behind them were seriously worrying for these companies’ corporate cybersecurity.

2019 won’t be any better

On the other hand, just as in 2018 warnings increased compared to 2017, this year, the landscape doesn’t look any more positive. Incibe believes that the number of vulnerability warnings will continue to grow, especially if we consider the fact that sectors such as energy and healthcare will undergo more cyberattacks of this kind.

However, it is worth remembering that the the increase in the number of warnings can’t simply be put down to an increase in cybercriminal activity; the fact that companies often reinforce their own cybersecurity control systems could also have a hand in it.

How to avoid vulnerabilities in critical infrastructure

In any event, companies must take steps to properly protect their cybersecurity.

1.- Passwords. The use of brute force to try to crack passwords is on the up. This means that it is a very good idea to reinforce verification systems for devices. Although we’ve already discussed the fact that two-factor authentication isn’t foolproof, it will certainly make things more difficult for cybercriminals.

2.- Encryption. The goal of most of these cyberattacks is to gain access to sensitive or confidential information. As such, organizations need to ensure that they’re using appropriate encryption on this data so that, even if someone does manage to get their hands on it, decrypting it will be that much more complex.

3.- Control of processes. The best was to know if there is suspicious activity afoot in an IT system is to monitor what is going on at all times. Solutions such as Panda Adaptive Defense monitor all processes in real time, detect unusual activity and thus stop any threats before they can happen.

4.- Isolation. The Incibe warns that a significant proportion of vulnerabilities occur in infrastructures that cybercriminals can access remotely. It is therefore essential that the most sensitive processes and systems be properly isolated and, wherever possible, on networks with no Internet connection.

It is not possible for a company to be completely sure that it will never experience an attack that will threaten its cybersecurity. However, what it can do is to take appropriate measures to reduce the likelihood and to reduce the fallout from such an attack as much as possible. If we also bear in mind the impact that a cyberattack can have on a country’s critical infrastructure, any improvement in cybersecurity strategy is most welcome.

The post Vulnerabilities in critical infrastructure increased 14% in 2018 appeared first on Panda Security Mediacenter.

Are Children using Google Docs to chat and bully each other?

Many parents try to limit their children’s time on the internet by banning them from using popular social media apps such as Instagram, Facebook, Snapchat, and WhatsApp. However, children, especially the ones in their teenage years, are notoriously innovative in finding ways to communicate with each other even if their parents are very committed to remaining in control.

And sometimes parents are being outsmarted – next time you check your kids’ screen time, and you see that they have spent a few hours using Google’s office suite, they might not have been working on the latest school assignment but chatting with other kids. The most recent trend amongst the youngsters is to use Google Docs documents as chat rooms where they share links, photos, and memes.

Children can exploit Google docs by simply creating a document and adding all their friends as collaborators. Once all children have access to the same word doc online file, they can use it as a background to include text and communicate with each other. After they are done with the chat, youngsters tend to ‘destroy the evidence’ by deleting the online word doc. However, nowadays online behavior is no longer as anonymous as it used to be when the internet was born. Very often kids take screenshots or pictures of the chats as “evidence” and share it with friends and family. Youngsters are struggling to realize that online actions often lead to real-life consequences, as these screenshots could then be shared with anyone, including parents or teachers, and may even be posted on social media.

Children will be children. They would always find a way to utilize the power of technology to express themselves. While chats on a spreadsheet in an online word doc sound pretty innocent, sometimes things get a bit heated. Bullies know that those “chat rooms” are not being monitoring and are used by them to intimidate others or to share age-inappropriate content. It is essential for parents to explain that any type of suspected cyberbullying or harassment needs to be reported to an adult no matter the platform where this has happened.

Parents need to keep in mind that anti-virus software solutions often come with parental controls that allow them to have full control over their kids’ mobile devices. While this step is necessary, and the perfect way to stay in control of your children’s lives, mommy and daddy must remember that the forbidden fruit is always the sweetest.

Teaching children how to behave online is as important as teaching them how to act in the real world. Limiting children from social media and preventing them from seeing explicit content is essential, but highlighting why those restrictions are being imposed is a must. At the end of the day, the forbidden fruit may not sound that appealing if you can explain to your little ones that it is rotten from the inside.

Download your Antivirus

The post Are Children using Google Docs to chat and bully each other? appeared first on Panda Security Mediacenter.

How to avoid zero-day attacks

zero-day zero day

The IT team at an important company has just installed a vital update on all its corporate devices so that everyone can keep using them properly. The team and the organization’s management have every confidence in this new version. After all, why should they suspect that something could go wrong? Updates are standard procedure, and applying them is safe. What’s more, in many cases, they’re a vital part of cybersecurity.

However, something has caught the IT department off guard, and they send out a warning: a piece of malware has got through all their protections and has infected all the company’s computers. How could this have happened? A preliminary assessment points to that recently installed update. An investigation of the infection uncovers something worrying: the update contained a vulnerability that nobody, not even the software developers, had spotted. No one, that is, except the cyberattacker. This criminal is now well known on the Deep Web: he is the author of a new zero-day attack.

The window of opportunity

Coming across an unpatched vulnerability and using it to carry out an attack is the dream for many cyberattackers. Not only will a discovery of this type boost their standing in the cybercriminal community, but it also means that they will be able to personally benefit from the attack. This is precisely why zero-day attacks are so dangerous.

Time is not on the cyberattackers’ side: their window of opportunity between the discovery of the vulnerability and it being closed by cybersecurity providers or developers is limited. But not all attacks of this type are fixed so quickly. If the cyberattacker is discreet enough, companies can be exposed persistently through a vulnerability that they are unaware of. In previous blog posts we’ve talked about the risks posed by these advanced persistent threats (APT).

Insufficient cybersecurity to tackle the unknown

The fact that the cyberattacker needs to find that small vulnerability and act quickly and discreetly means that they are working in a context that has many limitations. This leads some organizations to the mistaken belief that zero-day attacks are not a very common occurrence. But they have become much more frequent over the last few years, and are now the most common incident registered. A study carried out by the consultancy firm Ponemon Institute shows that 76% of the companies that were surveyed that had suffered a cyberattack in 2018 say the type of attack was a new or unknown zero-day attack.

This percentage also highlights another aspect confirmed by the report: companies tend to prepare their cybersecurity plans to deal with known attacks, but pay less attention to unknown attacks. This goes some way to explaining the fact that, according to the study, 53% of companies dedicate more of their endpoint security investment to known attacks, while 47% spend more resources on unknown attacks.

Protect your company against zero-day attacks

Awareness in companies is vital when it comes to preventing unknown attacks. However, the very nature of zero-day attacks makes protection measures more complex. When faced with known threats, there are times when it could be enough to use traditional cybersecurity solutions that have successfully proven that they can remove threats. But what can companies do to protect against malware that has never been identified? Organizations need to take several measures, bearing in mind three essential aspects:

  • The right software: windows of opportunity are opened for cyberattackers every time a new piece of software is installed on the company’s computers and systems. This, however, doesn’t mean that the company must do away with the programs it needs. What it must do is to maintain a control policy that includes periodical revisions and uninstallation of programs that haven’t been used for some time.
  • In spite of the risks, the best option is always to update; as we mentioned, updates can contain new exploitable vulnerabilities. Nevertheless, developers try to correct errors and to apply new security measures in each version of their programs. It is therefore always worth keeping everything updated and using the latest versions of all software. To reduce the complexity of managing vulnerabilities, updates and patches for operating systems and applications, we recently launched Panda Patch Management. This solution makes it easier to respond to security incidents by patching all vulnerable computers in real time with just one click, all from a single security and management console.
  • Solutions based on behavioral analysis: The security model based on signatures is obsolete and inefficient against zero-day attacks. The way to fight these unknown attacks must therefore be based on the detection of suspicious behaviors.

This is the line followed by the most advanced cybersecurity solutions, such as Panda Adaptive Defense. It offers total endpoint security and complete protection against known malware. But that’s not all; it also classifies 100% of processes using machine learning techniques, which allows it to analyze all suspicious behaviors. This way it can increase the possibilities of detecting any kind of unknown malware. Panda Adaptive Defense combines EPP, EDR and 100% Attestation and Threat Hunting services, giving way to a new cybersecurity model that reduces the attack surface to the absolute minimum.

The post How to avoid zero-day attacks appeared first on Panda Security Mediacenter.

Coinhive, the Monero mining service, is closing down

coinhive cryptojacking

According to the 2018 PandaLabs report, between 2017 and 2018, detections of cryptojacking – the illicit use of a third party computer to mine cryptocurrencies – increased 350%. One of the most popular services for carrying out this activity is Coinhive.

Download our cryptojacking whitepaper

Coinhive was set up 18 months ago with the aim of providing a legitimate alternative to ads on websites. However, it didn’t take long for cybercriminals to appropriate this service to attack websites and make themselves some money.

Now, a year and a half after it began, the creators of Coinhive have announced that as of March 8, the service will be discontinued

It may come as a surprise, however, that the decision to close the service is not related to its incessant use in illegal activities. According to the Coinhive team, the fall in the hash rate of Monero, along with the crash of the cryptocurrency market, was the deciding factor.

Coinhive: a controversial history

The fact that Coinhive is closing up shop will come as a great relief for many companies, given that its code was discovered on almost 40,000 websites last year. Many globally renowned companies’ webistes were affected, including: The LA Times, the Australian government, government institutions in the UK and the US… It even affected the world’s second most visited website: YouTube. In this case, the advertising platform DoubleClick was the victim of an attack that hid the CoinHive cryptojacking code in YouTube adverts. All of these factors combined to make it one of the leading threats to users last year.

At the high point of its popularity, it is estimated that cybercriminals who used this service were pocketing around $250,000 a month.

Despite how far reaching the threat is, for many companies, cryptojacking is still not considered to be a serious threat to their cybersecurity. . One reason for this may be the fact that cryptojacking attacks are less showy than other threats, such as ransomware, which have immediate, disruptive effects. However, as we will see, cryptojacking can have serious negative consequences.

Don’t let your guard down

Coinhive was the most popular service for carrying out illicit cryptomining, but it was by no means the only one. Services such as Crypto-Loot, CoinImp, Minr and deepMiner are still very much active. And these scripts were discovered on almost 10,000 websites last year. This means that Coinhive’s closure isn’t the end of the road for cybercriminals who make use of cryptojacking scripts. In fact, one of these alternatives is very likely to become the most popular cryptojacking method.

What’s more, since Coinhive is closing down for financial reasons, we could even see it open its doors again, once more taking up its place as the most popular cryptojacking tool.

With all of this in mind, it’s worth going over the dangers that can stem from a cryptojacking attack:

  • High energy demand. One of the first indications of a cryptojacking malware infection is a significant increase in power consumption.
  • CPU use. Cryptojacking aims to make use of affected computers’ CPU in order to mine cryptocurrencies. So the presence of cryptojacking script in your company can cause low performance in computers.
  • Dangers for corporate cybersecurity. If cryptojacking malware has made its way onto your company’s IT network, that means that there is an open door somewhere. And this open door means that there is a way in for all kinds of threats – threats that can endanger your company.

How to avoid cryptojacking

As is the case with any cyberthreat, it is vital that your company protect itself against cryptojacking – be it cryptojacking that uses Coinhive or whatever the new star cybercriminal tactic may be.

1.- Analyze your resources. If you notice suspicious CPU usage, or if a number of employees report that their computers are slowing down, it may be that cryptojacking is behind it.

2.- Careful with your browser. One of the most popular points of entry for cryptojacking are websites. There are plugins that block suspicious websites.

3.- Carry out periodic risk evaluations. This way, you’ll be able to identify vulnerabilities that can endanger your company’s cybersecurity. Panda Patch Management searches automatically for the patches that are necessary to keep your company safe, and prioritizes the most urgent updates. Appropriate patching policies can reduce the attack surface by up to 80%.

There’s no doubt that the closure of Coinhive is good news for those who want to protect their cybersecurity. Cybercriminals now have one fewer weapon in their arsenal with which to threaten your company’s computers. However, if there’s one thing that defines cybercriminals, it is their adaptability, forever inventing new ways to get what they want. It is therefore essential that we stay vigilant.

The post Coinhive, the Monero mining service, is closing down appeared first on Panda Security Mediacenter.

How to not fall for viral scares

As outrage and panic around the Momo hoax reduces, it’s worth taking a few minutes to think about what happened before we all forget. By grabbing headlines across the world, Momo has shown just how quickly and easily we can be distracted from ‘real’ threats online.

What is a hoax?

Unlike malware or hacking, a viral hoax doesn’t cause any damage to your computer. And when handled correctly, a hoax is usually completely harmless.

Take Momo for instance. According to media reports, harmless YouTube videos like Peppa Pig had been ‘hacked’. Some unknown person had inserted footage of a woman-like figure singing a song containing threats to kill the child and their family. They were then encouraged to send a message to an anonymous WhatsApp account, triggering a series of increasingly violent and dangerous challenges.

The problem is that none of these compromised videos has ever been found on YouTube. There is one video of the ‘Momo song’, but this exists separately from YouTube – and it could only be found by deliberately searching for it.

But rumours about hacked videos spread like wildfire as panicked parents tried to find – and block – scary videos. Videos that didn’t exist.

Ultimately it was the fear of Momo, rather than Momo itself that caused the problems – and that is the hallmark of an internet hoax.

Protecting against hoaxes

The hallmark of a good hoax is that it sounds believable, much like fake news. We know that someone could embed scary clips into a YouTube video. And we know that some internet trolls may do exactly that.

It was no great leap of logic to believe early reports that people really were making Momo videos. Which leads us to the first protection – a pause.

Take a pause

The Momo panic quickly spiralled out of control because no one took time to check if the story was true. The Momo story has been circulating online since the middle of 2018– but most people hadn’t heard of it. A quick search of fact-checking websites like would have revealed that the Momo challenge videos were a hoax for instance.

So before you shut off your kids’ internet access, or start sharing official “warnings” on Facebook, take a breath and check the facts for your self.

Have “the talk”

It is a great idea to discuss internet safety regularly with your family. Technology and trends are under constant change, and your kids are probably plugged into much more than you realise.

You should encourage your kids to talk to you about what they see and do online. And they must be free to tell you when they run into problems, from scary videos, adult content or cyber-bullying.

Filter the worst content automatically

Some content – like pornography – will never be suitable for children. Rather than hoping they won’t be exposed (they will), you should use tools like Panda Dome to help block unwanted content automatically.

The automated filtering tools included with Panda Dome can block out dodgy websites and videos to keep your kids safe online. And because the filters are updated daily, they will also be protected against the next hoax that turns out to be a real threat.

To learn more about content filtering and how to protect your family, download a free trial of Panda Dome now.

Download Panda FREE VPN

The post How to not fall for viral scares appeared first on Panda Security Mediacenter.

Panda Security, earns “Recommended Rating” in NSS Labs’ 2019 AEP Group Test

NSS Labs Group Test AEP

At RSA 2019, Panda Security has received a NSS Labs Recommended rating in the 2019 Advanced Endpoint Protection Group Test.

Iratxe Vázquez, Product Marketing manager of Panda Security, expressed her satisfaction with the results, and stated that, “Throughout the long, intense evaluation process, Panda Adaptive Defense 360 and its integrated services have consistently demonstrated what we hear from our customers: that our solution is among the most efficient against any kind of cyberattack: with or without malware, known or unknown, with traditional techniques or next generation.”

Presentation of the recommended AEP solution prize by NSS Labs at Panda Security’s booth at RSA 2019

On top of the exhaustive EDR monitoring capabilities, two completely managed services are provided at no extra cost. These services are based on scalable cloud based machine learning technologies that automate and accelerate the process of identifying threats, without the need for customer intervention.

About Panda Security

At Panda Security we help companies to protect themselves against advanced threats and new attack techniques. Consistently maintaining our spirit of innovation, at Panda we have marked a number of historical milestones in the industry. Today, we are the leading European vendor of EDR systems, with 100% European shareholders, headquarters, technology and cloud platform.

Thanks to our visionary concept of the advanced cybersecurity model, which combines solutions and services, we are able to provide a completely detailed visibility of all endpoint activity, absolute control of all running processes, and the reduction of the attack surface.

According to Iratxe Vázquez: “We are one of the few endpoint security vendors that use advanced machine learning and deep learning techniques to classify threats via thousands of static, contextual, and behavioral attributes. All of this is done from the cloud, which provides a virtually infinite processing capacity, in real time and without cost to our customers.”

If you would like more information, get in touch with us.

More information

About NSS Labs:

NSS Labs, Inc. is recognized globally as the most trusted source for independent, fact-based cybersecurity guidance. Our mission is to advance transparency and accountability within the cybersecurity industry. Our unmatched foundation in security testing, along with our extensive research and global threat analysis capabilities, provide the basis for NSS Labs’ Cloud Platform for Continuous Security Validation.

This cloud platform empowers enterprises with objective, empirical data and allows them to gain continuous visibility, gather actionable insights, and rationalize investments in their cyber programs. The cloud platform lets enterprises know where they stand by continuously validating the effectiveness of their security products and assessing the impact of unmitigated risks to the enterprise stack. This gives business leaders the relevant information they need to substantiate their security investments.

CISOs, Chief Security Architects, SOC and Threat Analysts, and information security professionals from many of the world’s largest and most demanding enterprises rely on trusted information from NSS Labs.

The post Panda Security, earns “Recommended Rating” in NSS Labs’ 2019 AEP Group Test appeared first on Panda Security Mediacenter.