Author Archives: Panda Security

The danger of stolen data: credential stuffing attacks

credential stuffing

When we talk about cyberattacks, for companies, there is one word that normally comes to mind: malware, every computer’s nightmare, that can infect their systems and take with it not just the company’s most sensitive information, but also that of their users, clients, providers, employees, and so on.

However, malware isn’t always a cybercriminal’s tool of choice; in fact, in 2017 it started to give way to other kinds of attack, which are having similar levels of success at achieving the same goal: breaking through their victims’ corporate cybersecurity.

What is credential stuffing?

A credential stuffing attack is a kind of cyberattack in which, using details gathered from a data breach, the perpetrator manages to access user accounts on a platform by bombarding credentials until they hit upon the correct combination.

To carry out an attack of this kind, the cybercriminal must first get, steal, or buy a database made up of user accounts, with their login names and passwords. Their next step is to try to log in to the affected platform using these login details. As it is not always guaranteed that the details will coincide, the strategy is to launch multiple automatic logins until the details match up. What’s more, the identification processes are carried out by specialized botnets so that the platform believes them to be authentic. If it is possible to log in, the credential stuffing attack will have been a success.

The victims: Dunkin Donuts, Yahoo…

These cyberattacks are affecting an increasing number of companies.  The latest victim was Dunkin Donuts. In November, the company detected the theft of credentials and their subsequent use in an attack on the users of DD Perks, its loyalty and rewards program. The credentials stemmed from a data breach, although Dunkin Donuts stated that this breach didn’t happen on their system, rather on the system of a supplier, which gave access to third parties. Specifically, the user information came from a previous leak, and so the cybercriminals used this information both to access DD Perks accounts and to log in to other platforms that used the same credentials.

But there is, unfortunately, one incident that takes the crown for credential stuffing attacks: in 2016, around 500 million Yahoo accounts were seriously compromised by the prior leaking of a vast amount of information after another data breach. In this case, the breach had one more outcome: when Yahoo went public with the incident, many users received emails from people claiming to belong to the company, which contained a link to resolve the breach. These emails, however, were a phishing attempt by another group of cybercriminals.

Success rate and how to avoid them

When it comes to evaluating the potential damage of credential stuffing, it is important to get some perspective. According to a Shape Security study carried out in 2018, their success rate is usually, at best, 1%, a figure that may make this attack seem insignificant.

credential stuffing

However, we must bear in mind the fact that these cyberattacks usually use databases that can contain credentials of several million users. This means their success rate, though modest in relative terms, is large enough in absolute terms for the affected company’s reputation to be seriously damaged by the exposure of its corporate cybersecurity.

Companies must therefore take appropriate steps to avoid both data breaches and possible credential stuffing attacks.

1.- Two factor authentication? Two-factor authentication (2FA) is one of the most commonly used methods for companies and platforms that want ensure a secure login for their users. However, as we have already seen, two factor authentication is not infallible, since it can be broken by getting users to introduce their details on fake portals.

2.- Cybersecurity solutions. A company’s security cannot rely 100% on users correctly managing their passwords, especially since the attack very often comes first: i.e., data breaches are often a consequence of poor corporate cybersecurity management, rather than as a result of poor password management by users. This is where Panda Adaptive Defense comes in: it has a data protection module, Panda Data Control, that is able to monitor data in all its states, including when it is at rest, helping the solution to know at all times what processes are being run and what data is being used.

3.- Employee awareness Companies must also instill in their employees a series of prevention measures, as they are often the easiest point of entry for cybercrime. Employees must remain alert, as well as not giving out their credentials via email (to avoid phishing, tech support scams or BEC scams) and, if they come across any problems, report the incident to the company’s head of IT.

The post The danger of stolen data: credential stuffing attacks appeared first on Panda Security Mediacenter.

Panda Security is recognized as a 2019 Gartner Peer Insights Customers’ Choice for EDR Solutions.

The Gartner Peer Insights Customers’ Choice distinction is based on feedback and ratings from end-user professionals who have experience purchasing, implementing and/or using the product or service.

Gartner Peer Insights

Panda Security, a leading European multinational in advanced cybersecurity solutions and services, is delighted to announce that we have been named a January 2019 Gartner Peer Insights Customers’ Choice for Endpoint Detection and Response Solutions, thanks to our Panda Adaptive Defense.

 “Panda Security is honored to be recognized as a 2019 Gartner Peer Insights Customers’ Choice for Endpoint Detection and Response Solutions, as we strive to keep our customers protected against malware and non-malware attacks and turn endpoint activity data into insights and actionable intelligence.” Said Juan Santamaria Uriarte, CEO, Panda Security “We believe this recognition is a proof of our success in achieving our mission and we look forward to bringing new innovative solutions and services in the space of advanced threat prevention, detection, investigation and threat response to Panda Security’s and our Channel Partners’ portfolio.”

Being named a Customers’ Choice means that Panda Adaptive Defense is recognized on the powerful online platform, Gartner Peer Insights, on which reviews are written and read by IT professionals and technology decision makers within corporations.

As of January 17, 2019, Panda Security has received an overall rating of 4.6 out of 5 for the Endpoint Detection and Response Solutions market, based on 128 verified reviews. Some of the reviews that Panda Security has received include:

“By far the best, among all other EPP & EDR that I tested and can withstand direct or targeted attacks. No Antivirus or EDR and EPP solutions can offer 100% but, this is the closest.” – Infrastructure and Operations. Education. Gov’t/PS/ED <5,000 Employees. See the review here
“Quite Better Than Other EDRs. AD is a powerful tool and the advanced console integrated with ART is very useful. Panda is able to block and classify different malware and to make the user feel safe.” – Security and Risk Management. Communications. Gov’t/PS/ED 50,000 + Employees. See the review here
“We have now a lot of visibility related to the activity of the endpoints. We don’t have much noise from users by false positives being blocked. Furthermore, it has detected activity generated by red teams, giving us the availability to make threat hunting in the endpoints.” – Analyst. Construction Gov’t/PS/ED <5,000 Employees. Europe, Middle East and Africa. See the review here

Gartner defines Endpoint Detection and Response solutions as those that record and store endpoint-system-level behaviors, use various data analytics techniques to detect suspicious system behavior, provide contextual information, block malicious activity, and provide remediation suggestions to restore affected systems. According to Gartner, EDR solutions must provide the following four primary capabilities:

  • Detect security incidents.
  • Contain the incident at the endpoint.
  • Investigate security incidents.
  • Provide remediation guidance.

The concept of the distinctive security model offered by Panda Adaptive Defense is based on monitoring, classifying, and categorizing absolutely every running process (100%) on all endpoints on the corporate network. If anyone tries to perform any action, the Panda experts are aware of it immediately, and verify where it originated, how the attempt was made, and what its intentions were. As well as this, the response and remediation capabilities recognized by Gartner allow us to react even before any effects can occur.

And the fact is that Panda Adaptive Defense 360 is not a product; it is a cybersecurity suite that merges Endpoint Protection and Endpoint Detection and Response (EDR) solutions with 100% Attestation, and Threat Hunting and Investigation services, all provided with a single lightweight agent. The combination of these solutions and services provides a highly detailed visibility of all endpoint activity, an absolute control of all running processes, and the reduction of the attack surface.

Do you want to know how our cybersecurity solution works?

Live Demo

About Gartner Peer Insights:

Gartner Peer Insights transforms the way enterprise software is bought and sold by creating another source of trusted information in the software buying process.  Gartner’s review platform is a place for all IT buyers to find advice they can trust from fellow IT professionals.  Gartner Peer Insights includes more than 40,000 verified reviews in more than 190 markets.

For more information, please visit www.gartner.com/reviews/home

Required Disclaimer: Gartner Peer Insights Customers’ Choice constitute the subjective opinions of individual end-user reviews, ratings, and data applied against a documented methodology; they neither represent the views of, nor constitute an endorsement by, Gartner or its affiliates. Reviews have been edited to account for errors and readability.

The post Panda Security is recognized as a 2019 Gartner Peer Insights Customers’ Choice for EDR Solutions. appeared first on Panda Security Mediacenter.

What can we expect from the mobile industry in 2019?

When Apple records lower than expected sales of their latest handsets, it is easy to think that we have reached the limits of the smartphone. Although attractive, the new iPhone XR, XS and XS Plus have not proven to be enough of a technical leap forward for people to want to replace their existing handsets.

Similarly disappointing sales have been recorded by major Android manufacturers too. So have we finally reached peak smartphone?

Probably not. Smartphone vendors have several new technologies that they hope will restart the market. Here is what to expect during 2019.

Foldable smartphones

At the recent CES electronics show, there was significant buzz around new foldable smartphones. Using a brand-new bendable screen technology, manufacturers are building handsets that can transform from a phone to a tablet and back again.

Obviously this is quite a novel development. Larger screen phones are incredibly popular, but they are also quite unwieldy – it is very hard to fit a Samsung Galaxy Note or iPhone 8s Plus into a trouser pocket for instance. But with a bendable screen, it is possible to build a phone that opens like a book to create a small tablet.

Image © Samsung

Early reviews of folding smartphones have been mixed. The technology certainly shows potential, but it may be some time before these handsets become popular.

A smart flip phone?

Back in 2006, the coolest smartphone on the market was Motorola’s RAZR. The clamshell handset went on to sell more than 130 million units becoming the best-selling flip phone ever.

Since then the Motorola brand has fallen into obscurity, so it’s little surprise that there are plans to resurrect the RAZR product line. Working with notebook specialist Lenovo, Motorola hopes to bring a new RAZR flip phone to market later this year.

The new phone is widely expected to foldable, and to offer true smart functionality which was unavailable in 2006. The device will probably be built on the Android operating system and may even include a folding screen (see above).

There is one problem however – early reports suggest that just 200,000 units will be built, priced at $1500. Even more than Apple’s top-of-the-range iPhone XS Max handset.

Hole-punch screens

Many people were surprised when the iPhone X was released with its characteristic cut-out screen. The “notch” as it became known is vital for housing the camera technology that enables the FaceID security system – but the compromise was widely mocked. Ironically many Android manufacturers have since included notches in their own designs.

This year we will see a number of smartphones released which will see a return to normal rectangle screens. The flagship Samsung Galaxy S10 will sport an all-new “hole-punch” screen. Instead of fitting the front-facing camera above the screen, the Galaxy puts it behind the screen. The screen itself has a round hole to allow the camera to work.

Yes, we will see regular edge-to-edge screens making a comeback, but the picture on the screen will always have a small, round hole in the corner. Like bendable screens, it remains to be seen just how popular the hole-punch design is.

Seeing the future

Predicting the future is always difficult, even more so in the technology sector. But with the exception of the new RAZR handset, these mobile technologies are already on show by manufacturers. We will see these devices available later this year.

And no matter how smartphone hardware evolves, these devices will always need additional cybersecurity protection. Whether you own a bendable screen, a hole-punch Galaxy S10 or an older device, you can download a free trial of Panda Dome to protect yourself now.

Download Panda Mobile Security

The post What can we expect from the mobile industry in 2019? appeared first on Panda Security Mediacenter.

Troy Hunt: the largest data leak in history

The Details of at Least 773 Million People Surfaced on a Free Cloud Storage Service

The details of at least 773 million people surfaced on free cloud storage service last week, reported Troy Hunt, Australian web security expert, and administrator of Have I Been Pwned (HIBP) website. As you might already know, Troy has been collecting data from many data breaches over the last five years. He has been compiling it into a single database, so people have the opportunity to search across multiple data breaches and find out if their details have been compromised at some point in the past. The website allows searches by password and email.

When we heard the news about what Gizmodo calls the ‘mother of all breaches,’ we initially thought that Troy Hunt and his database had been hacked. However, this was quickly debunked as Troy himself confirmed that he is the one who actually found the pile of stolen data. He called the breach ‘Collection #1’ and highlighted that this is the ‘single largest breach ever to be loaded into HIBP.’

This incident shows that Troy Hunt was not the only one who has been piling up information from past data breaches. An anonymous hacker uploaded approximately 12,000 files containing 772,904,99 emails and 21,222,975 unique passwords into a single large database. Troy reported that the 87GB worth of stolen data was published on a free cloud service called MEGA. What makes this breach particularly interesting is that this is the first part of a much bigger database of stolen data. Troy Hunt reported that he is in possession of four more collections, and he is currently reviewing them. He will be making a call on what to do with them after investigating them further. MEGA has since deleted the database.

While most of the data included in ‘Collection #1’ was already in HIBP, the data in collections #2 through #5 may end up making this one of the biggest data breaches ever seen. It is currently unknown if collections #2 to #5 are as big as ‘Collection #1’. If the remaining four collections are as significant as the first one, this may end up exposing details of billions of people.

What should you do?

The database is compiled of old data breaches, so if the data comes from known breaches, you most likely have been notified either by the service or by HIBP to change your password a long time ago. However, quite often data breaches sometimes take years to be discovered, so regular password changes are strongly recommended. Avoid using the same password on multiple platforms. The cybersecurity budgets of some companies are significantly lower when compared to others – we are confident JP Morgan Chase spends more on developing stronger security when compared to a t-shirt store. But if the passwords you use at both organizations are the same, hackers can steal your details from the weak organization and use the login credentials to get unauthorized access to services such as your internet banking.

You can easily check if your passwords or email addresses have been part of ‘Collection #1’ or if they have been pwned in the pat. You can search if your emails have been pwned here https://haveibeenpwned.com/, and learn if your passwords are part of the breach by testing them here https://haveibeenpwned.com/Passwords.

Last but not least, have anti-virus software installed on all your connected devices. Most of the times high-quality anti-virus software comes with a password manager that will help you always know your password. Apart from the password management options, such software could also prevent hackers from stealing the missing piece from the puzzle that would allow them to make you a victim of cybercrime.

Download your Antivirus

The post Troy Hunt: the largest data leak in history appeared first on Panda Security Mediacenter.

How to use emerging technology in the fight against cybercrime

How to use technology in the fight against cybercrime

The digital transformation brings with it a litany of advantages and opportunities for all kinds of organizations, from an increase in productivity and efficiency, to larger markets in which to operate.

But these advantages and the breaking down of barriers for the sake of increased globalization go hand in hand with some drawbacks, one of which is the incredible increase in the amount of cyberattacks carried out. We need look no further than last year, when there were almost double the amount of cybersecurity incidents in companies compared to the previous year. What’s more, there were around 159,000 data breaches driven by ransomware or new attack methods. And the economic consequences of these incidents are staggering: the global cost of cybercrime is expected to exceed $2 trillion by 2019.

It is clear that in order to tackle figures like these, it is necessary to invest in qualified professionals. However, with the increase in the scale and sophistication of attacks, the development of cybersecurity professionals has been outstripped by the growth and the sophistication of cyberthreats.

In this context, it is clear that there is a lack of cybersecurity professionals; in fact, 22% of organizations report that their cybersecurity teams are not large enough to take on everything that is required of them. The Information System Security Certification Consortium, or (ISC)2, estimates there to be a skills gap of just under 3 million professionals.

Download the whitepaper

Addressing the shortage with technology

The boom of the Internet of things (IoT) means that there are ever more data points to track and more points of entry into systems. The use of machine learning and artificial intelligence (AI) can help address this problem, and at the same time mitigate the skills gap. These technologies can gather and analyze data, trace threats, search for vulnerabilities, respond to breaches, and thus reduce the IT team’s workload. At Panda Security, we make this technology a reality with our Threat Hunting and Investigation service, which allows the automatic classification of 99.98% of threats, leaving just 0.02% of them to analysts. This way we can focus on the really dangerous attacks.

Some of the advantages that technology can bring to our organizations are:

Prevention. With AI, systems can be developed to search for security flaws and deploy solutions in real time.

Detection. AI can help cybersecurity analysts to detect and analyze high risks incidents, and to investigate threats.

Response. Machine learning and artificial intelligence can segregate networks to isolate assets or to redirect attackers away from vulnerabilities or valuable data.

Choosing the right cybersecurity solution for my company: what does it need to have?

Panda Security leverages a combination of solutions and services for their customers to provide visibility of all endpoint activity, control of all running processes, and to reduce the attack surface. This includes device management and control features, EDR and EPP solutions, 100% Classification and Threat Hunting services, all the data gathered by its Collective Intelligence for more than 28 years, and external IOAs and IOCs, all perfectly synchronized. These advantages are grouped together on the security platform, Panda Adaptive Defense.

The Cybersecurity Tech Accord – the key accord in the interest of defending equitable, global cybersecurity of which Panda Security has been a member since last year – has prepared a whitepaper, “Addressing the Cybersecurity Skills Gap through Cooperation, Education and Emerging Technologies”. In it, you can discover what challenges the skills gap presents, what initiatives have been proposed to resolve it, and more details on how emerging technology can put a stop to this problem.

Download the whitepaper

The post How to use emerging technology in the fight against cybercrime appeared first on Panda Security Mediacenter.

The 10 year challenge is taking the Internet by storm

The first few days of the new 2019 started with a new social media craze that is making its way to the timelines of hundreds of millions of people across all major social media networks – the 10 year challenge. Unless you are one of the few people who does not use social media, you most likely have already noticed the new viral trend that consists of side-by-side memes of people from ten years ago and today. Millions of people have already participated, and a whole list of celebrities have shared their before-and-after memes with their followers. The challenge is about to blow out of proportion as more and more people are entering it by the second.

What exactly is the 10 year challenge?

The challenge consists of people posting then-and-now images of themselves. The old photos go as far as 2008 and are usually compared to recent photos uploaded to social media. The viral social media trend come in many forms. Some of the popular hashtags that reflect the hottest social media challenge are #10YearChallenge, #GlowUpChallenge, #2009vs2019, #HowHardDidAgingHitYou, and #agechallenge. The challenge is currently making its way through all major social media platforms including Facebook, Twitter, Instagram, etc.

Who is behind the challenge?

Currently, it is unknown if someone started the challenge intentionally. Multiple reporters have been speculating that this might be Facebook’s way to collect data that could be mined to train facial recognition algorithms on age progression and age recognition. Nicholas Thompson, the editor of Wired, succeeded in muddying the waters by tweeting “Let’s say you wanted to train a facial recognition algorithm on aging. What would do? Maybe start a meme like #10yearchallenge”. While this is a question that certainly gives you food for thought, it is still unknown if the challenge was ignited intentionally by a private company and if yes, what might have been its motives to do it.

Why did the 10 year challenge start now?

When Facebook was founded in 2004, the platform’s initial purpose was to be used as a networking tool for students in Ivy League universities. However, a few years after its launch, Facebook become open for everyone. Roughly 10 years ago, in 2009, Facebook started adding hundreds of millions of new users every day. Some say that the 10 year challenge is getting viral right now because of Facebook’s memories tool that brings images from the past to users’ timelines. Social media users are so fascinated by the difference between the 10 year old “memory” they see, and their current profile picture, that they decide to share it with friends and family.

Which celebrities have participated in the 10 year challenge?

The viral trend got popularized by some high profile celebrities such as Reese Witherspoon, Ellen DeGeneres, Nicki Minaj, Trevor Noah, Caitlyn Jenner, and Tyra Banks. Most of them jumped on the bandwagon to simply show how well they still look and how they haven’t aged at all.

How to enter the 10 year challenge?

If you want to enter the viral challenge all you have to do is dig out a 10 year old photo of yourself and splice it with a current one. The result should be a side-by-side photograph of yourself ten years apart similar to the before-after diet advertisements that we all see all the time on social media. If you want your side-by-side photo to get noticed, you can post it on any social media channels with the following hashtags #10YearChallenge, #GlowUpChallenge, #2009vs2019, #2008vs2018, #HowHardDidAgingHitYou, and #agechallenge.

Download Panda FREE VPN

The post The 10 year challenge is taking the Internet by storm appeared first on Panda Security Mediacenter.

Ten corporate cybersecurity New Year’s resolutions

corporate cybersecurity resolutions

New Year is a moment when many of us set ourselves a series of resolutions to try to improve some part of our lives. And one resolution that should be on everyone’s list is an improvement in cybersecurity habits. With this in mind, we’re sharing these 10 tips for online security that will help you to protect your digital life, as well as that of your company.

In our PandaLabs Annual Report 2018, we compiled many cases where cybersecurity went wrong. And the fact is that many of these incidents — and the serious consequences they entailed — could have been avoided by following some basic security tips.

Download the infographic

Good practices for 2019

  • One good habit to bear in mind is the use of firewalls to block unwanted access to our devices. In many cases, this solution is the first line of defense against cyberattacks. The most dramatic example of what can happen if we do away with firewalls is the case of Exactis. This US data broker left around 350 million records exposed in June last year. Anyone could have accessed details about hundreds of millions of US citizens. The cause? A lack of firewalls to protect this information.
  • Multifactor authentication. This method of confirming a user’s identity when logging in adds another layer of protection by asking for a code received on a mobile phone or on a computer. It means that, even if someone gets their hands on our password, accessing our account is more complicated. In July last year, the app Timehop gave us an example of what can happen if we don’t use multifactor authentication: the company blamed a data breach that affected 21 million users on a lack of multifactor authentication on a cloud account.corporate cybersecurity
  • Updating operating systems and installing patches helps to minimize the threats of malware and vulnerabilities. This is especially important if we consider one of the predictions found in our PandaLabs Report: in 2019, new catastrophic vulnerabilities will be discovered, similar to Meltdown and Spectre, which were discovered at the start of last year. Installing all necessary updates and patches is the only way to protect yourself against the vulnerabilities that may threaten corporate cybersecurity, and thus reduce the attack surface.
  • It is very important to be selective when it comes to sharing personal information on the Internet. This information could be used to guess passwords and logins. Discretion is particularly relevant for another of our predictions for 2019. The massive analysis of data, through readily available Big Data tools, allows detailed profiles of personal preferences and trends in many areas to be extracted. Personal information spread over different social networks (Facebook, Twitter, LinkedIn, etc.), correctly analyzed and correlated, can allow the development of highly sophisticated and personalized social engineering attacks with malicious intentions.

Discover the 10 corporate cybersecurity resolutions for 2019 in our infographic, and stay protected this year.

Download the infographic

The post Ten corporate cybersecurity New Year’s resolutions appeared first on Panda Security Mediacenter.

AI: New Trends and Threats

Artificial Intelligence (AI) technology continues to evolve at an astounding pace. This year we will see a number of new developments which could have implications for home users like yourself.

Trend: AI-enabled chips

Although impressive, Artificial Intelligence systems are somewhat limited by the physical design of current computer chips. Processors like those found in your laptop at home are built for general workloads – playing games, surfing the web, writing emails etc.

The demands of AI applications are remarkably different however, so existing processors are unable to provide optimal performance. In 2019, manufacturers like Intel, NVIDIA, AMD, Qualcomm and ARM are set to release new chips that are optimised for AI. They will be focused on specific demands, like speech recognition and natural language processing.

What it means for you

As these new chips begin to appear in consumer electronics we should start to see features like voice assistants (Siri, Google Now, Amazon Alexa) become a lot more intelligent and effective. We should also see AI appearing in other technologies like cameras too.

Like every new technology, there is potential for hackers to exploit these chips to steal information or to break into networks. This is particularly true of cutting edge technology which may have bugs or security loopholes that are yet to be identified and fixed by the manufacturer.

Automated Machine Learning “let loose”

At the moment, AI takes a relatively long time to set up. This is because the system must first be taught how to work using a process called “Machine Learning” (ML). Usually this involves feeding large amounts of data into the system, then training it to understand what the information means.

Take Google’s Deep Learning system which can help to diagnose cancer for instance. Researchers fed thousands of breast scan images into the program, and then taught the application which pictures were positive for the presence of cancerous cells, and those which were clear. Eventually the system learned how to read the images automatically without needing guidance.

The problem is that this Machine Learning process can take a considerable amount of time to get right. Deep Mind has been years in the making.

2019 will see the release of a new development called AutoML, a technology designed to speed up and automate the training process. In future, developers will be able to define their application and expected outcomes, and AutoML will take care of the training and learning. This will make it much quicker and easier to build and release smart applications.

What does this mean for you?

Examples like Google Mind show how AI and Machine Learning can change the world. But at the same time, if AI is left to train itself without any safeguards in place, it is very difficult to predict potential outcomes. There is nothing to say that every decision or outcome made by the system will be positive or healthy.

Traditional coding errors create software bugs that can be exploited by cybercriminals. Similarly, misconfigured AutoML systems could create their own security weaknesses if not closely monitored by AI developers. If your data is held in one of these AI applications, there may be a risk of information being leaked, lost or stolen.

2019 – an exciting year

Artificial Intelligence systems are finally maturing and beginning to have an effect on day-to-day life. In most cases we will never see AI at work – but we should all begin to benefit in the near future.

The post AI: New Trends and Threats appeared first on Panda Security Mediacenter.

Three cybersecurity tips to help train your employees

cybersecurity training

It’s typically believed that the most sophisticated and complex cyberattacks are the biggest threat to a business.

In reality, however, the biggest cybersecurity threat for many businesses is their own employees. In fact, four of the five top causes of data breaches are down to human or process error. This includes loss or theft of paperwork, data emailed to the wrong recipient and insecure web pages.

In an ever-changing digital-first landscape, where cyberattacks are becoming more and more sophisticated, keeping up with the methods used by cybercriminals and making sure employees are aware of the dangers have become significant challenges.

In this blog, we list three cybersecurity training tips for businesses looking to get employees up to speed and in turn keep business information protected.

Update cybersecurity policies and procedures and educate employees

Employees who aren’t aware of their cybersecurity obligations are more likely to ignore relevant policies and procedures, which could lead to unintentional disclosures of data or successful cyberattacks.

The fundamental issue here is that policies and procedures are never actively taught, shown or provided in context. Instead of showing how these policies and procedures protect the business in a real-life scenario, employees are instead handed the business’s cybersecurity handbook or tip sheet and told to remember it, often alongside the rest of the company’s policies (working hours, holiday protocol, dress-code, benefits, etc.) during induction. The policies and procedures can often be complex and confusing, may not have been updated properly, and could be difficult to apply.

Taking this into account, businesses need to carefully review their cybersecurity policies and procedures to make sure they are not only easy to understand and apply, but also up to date. For example, if a BYOD culture exists within the organisation and the cybersecurity policies have not been updated to take this into account, security holes are inevitable.

Similarly, if those policies have no information to govern how business devices are used – i.e. if the devices are specifically for business only – employees will naturally use them for personal activities and potentially expose crucial business information to cybercriminals.

The last thing businesses need to do to ensure employees are up to scratch is to run regular cybersecurity training courses. Show employees how these policies and procedures work to protect the business and get senior members of staff to champion and emphasise them to employees. This will ensure that a culture of cybersecurity is developed at every level within the business.

Underline the importance of password management

According to a study carried out by OneLogin in 2017, less than a third (31%) of IT decision makers require employees to rotate passwords monthly. Another report by OpenVPN revealed that 25% of employees admit that they use the same password for every enterprise system they access.

Evidently, password management is a major issue and challenge for businesses when it comes to cybersecurity. With employees disregarding basic password management and IT decision makers failing to remind those employees, there needs to be a drastic change in attitude if businesses are to improve cybersecurity practices.

Businesses need to take a more positive approach to the password management process. Not only should they implement more advanced password management tools – multifactor authentication or even PKI authentication – but they should also reward employees that follow the password procedures outlined in their cybersecurity policies.

At the same time, employees also need to realise their responsibility in the process – and this starts with senior business members and C-suite executives teaching the importance of this to the rest of the employees. At every stage they should sit down with employees and explain the business benefits of comprehensive password security in a way those employees can understand. Providing real-world examples such as identity theft and data theft, for instance, can help to get employees on board.

Help employees to understand phishing

Phishing is on the rise, and cybercriminals are getting better and better at it. More than 2,500 complaints were recently made about fake TV licence emails, while a US university was breached after two students fell for a phishing scam.

Cybercriminals have recognised the futility of targeting other attack vectors due to the sophistication of current solutions. Instead of attacking software, cybercriminals are going after the individuals and targeting endpoints – such as mobile phones and laptops – to get access to a business’ wider network.

The challenge is educating employees on phishing so that they can identify a phishing email – particularly if they are using an endpoint device such as a mobile phone or laptop – and follow through with reporting it.

On that basis, IT departments should run employees through the basics of spotting a phishing email; some of the things to look out for are:

  • Email address

Cybercriminals have methods to disguise fake emails and know how to trick victims into thinking a sender is legitimate. Businesses should have a process or solution in place to highlight unknown senders and block known fraudulent email correspondence. If employees spot a rogue email address, they should flag it with their IT department before proceeding.

  • Greetings in the email

Phishing emails are often automated and lack personal greetings. These emails have generic terms like “customer”, “employee” or “dear sir/madam” with no recognition of the recipient’s name. Employees should be cautious of these emails, especially if they are asking for personal information.

  • Grammar and style

Many phishing attacks come from other countries, so these emails are often written by non-native English speakers. These emails typically include grammar and stylistic issues. If an email comes from a supposedly reputable brand or company but includes spelling and grammar mistakes, it’s probably a scam.

  • Link destination

Before clicking on links in emails – employees should hover over them to check the link destination. If the website URL looks suspicious, is different to the sender’s supposed brand/company – employees should be cautious and check it online or flag it.

  • Calls to action

Emails demanding immediate action or response (and have a number of the issues mentioned above) are most likely scams. These emails are designed in such a way to scare people into taking action and/or giving up confidential information.

  • Images and logos

Don’t trust images and logos. They can easily be downloaded and replicated. Cybercriminals can insert any kind of visual content into emails to persuade victims that their emails are legitimate. Take them with a pinch of salt.

Getting employees to look at all of the above will help businesses to keep employees and data safe and secure. A good rule of thumb is if unsure of the legitimacy of an email – flag it.

Regular cybersecurity training and review of policies and procedures will help to build a culture of cybersecurity within a business. As employees come to appreciate the importance of it, they will follow process in everything they do – and teach the same to new employees.

The post Three cybersecurity tips to help train your employees appeared first on Panda Security Mediacenter.

The seven most serious data breaches of 2018

data breaches 2018 data leaks

Cybercrime grows every year, and 2018 was no exception. Cybercriminals can change their attack methods, their targets, or the way they act, but the challenge is always the same: breaking through companies’ corporate cybersecurity and getting access to as much data as possible.

Many companies, unfortunately, learn this lesson the hard way: Adidas, Ticketmaster, T-Mobile and British Airways are just a few. But, serious though these cases were, they didn’t top the list. The following are the seven most serious data breaches of 2018.

1.- Aadhaar: 1.1 billion records.

India has a serious cybersecurity problem. To be more precise, its national ID database, Aadhaar, which contains information on close to 1.1 billion citizens does. The database was leaked, and made available to anyone willing to invest (very little) money to get it.

In January, several Indian journalists discovered that throughout the country, there were circulating several WhatsApp groups in which anyone could buy the file of a specific citizen. The price, 500 rupees (a little under 6 euros), granted access to not only names and surnames, but also to personal data and bank details. Despite the fact that the government denied this leak, it went much further than this: researchers also discovered that, for a period of time, citizens who visited their own profile online could access other citizens’ profiles simply by changing their ID in the private URL on the Aadhaar website.

2.- Marriott: 500 million customers

Marriott is one of the largest hotel groups in the world, and its most serious weak point has just been discovered.  The company announced in November that the booking system for other hotel chains in its group had been hacked. The data leak had been in progress since 2014, and had affected no fewer than 500 million customers, whose bank details and personal data are now at the disposal of whoever wants to buy them.

3.- Facebook and its pact with Netflix, Microsoft…

One of the biggest scandals of the year, and yet another black mark for Facebook. The New York Times revealed that Mark Zuckerberg’s social network has, for years, shared its users’ data (without their knowledge) with over 100 tech giants. Among the companies that bought this information were some as important as Amazon, Bing, Yahoo!, and Netflix, all of which had access to users’ publications and even their private messages.

Data breaches 2018 infographic

4.- Exactis: 340 million records.

The plans of the American data broker Exactis were laid to waste last June. This time not because of theft, or even a cybercriminal act. So what had happened? The agency had left around 340 million records exposed on a public server.

In this case, there were none of the users’ bank details in the records, but they did contain 150 fields of information, with perhaps even more sensitive information: number of children in a house and their ages; the kind of payment card used by that person; an estimation of the value of their house; if they have shares in companies; their hobbies; the company with which they have their mortgage; their ethnic group; along with many others. The million dollar fines for GDPR infringement won’t take long to arrive.

5.- Under Armour: 150 million records.

If you use MyFitnessPal, one of the most widely used nutrition apps in the world, your data is at serious risk. The company that developed the app, Under Armour, was forced to admit in March that a cybercriminal had accessed the registration details of around 150 million users. Among the data stolen from each user are both the email address used to register and the password used to access the account.

6.- Panera Bread: 37 million records.

Is there anything worse than being the victim of information theft? Yes: ignoring those who have been telling you about it for eight months. This is exactly what happened to the restaurant chain Panera Bread, which had to announce that its website had exposed the registration details of at least 37 million customers. Now these customers know (or at least they should) that their names, email addresses, physical addresses and the last four digits of their credit cards have been at the mercy of whoever wanted to take or buy them.

7.- 35 million US voters

As if the elections in the States hadn’t suffered enough: suspicions of vote tampering, the spreading of all kinds of information using voter details… Then this: in October, it was discovered that a website was selling electoral records of around 35 million voters. This incident, which affected 19 states in the country, wouldn’t have allowed any alteration of votes, but it would have been enough to change voter lists at polling stations, stopping citizens from being able to vote correctly.

As we can see, many companies have been forced to make data protection the leading priority to protect their corporate cybersecurity. To fight this problem, there are tools such as Panda Data Control, the data protection module of Adaptive Defense. It stops uncontrolled access to the company’s personal and sensitive data by monitoring all system processes, sending out alerts in real time about leaks, use, and suspicious, unauthorized movements. Ultimately, it proactively and immediately detects any kind of threat, helping companies not only to protect their corporate cybersecurity, but also to comply with the GDPR and avoid its million euro fines.

The fact is that data has become the oil of the modern age, and this goes far beyond tech companies. Any kind of company, regardless of its sector or its size, can be exposed to cybercriminals. It is therefore essential that they know how to protect their greatest asset: their data.

The post The seven most serious data breaches of 2018 appeared first on Panda Security Mediacenter.

Android devices 50 times more infected with malware compared to iOS.

Android-powered connected devices are fifty times more likely to be infected with malware when compared to iOS.

Android devices are nearly fifty times more likely to be infected by malware than Apple devices, revealed Nokia’s latest threat intelligence report. According to the whitepaper, Android devices were responsible for 47.15% of the observed malware infections, Windows/ PCs for 35.82%, IoT for 16.17% and iPhones for less than 1%. We’ve compiled a list top three reasons that explain why almost half of all malware-infected devices are running the Google-created platform.

Market share

Cyber-criminals are aiming at the largest crowd. Currently, there are more than two billion devices operating the Google-created platform making it the most popular end-user OS in the world. Google claims Android managed to surpass the number of Windows-powered devices back in 2017. The continuously growing amounts of cell phones and tablets is the primary driver for the recent change. The more active devices are out there, the bigger the chances for human error are.

Android’s open source

The fact that Android is open source makes it a fantastic OS option for many vendors. However, granting companies with the ability to modify the Google-owned OS increase the chances for human error. Small tweaks in the OS can end up being potential security holes. And the fact that currently half of the world’s malware-infected devices are running Android means that betting that no one will ever find out about possible security issues is not a good idea. One way or another, someone finds out about the loophole and exploits it until a patch is released.

Updates

Apple is strict on getting its users to keep their OS up-to-date. Many are unhappy that Apple always finds a way to make them update and generally want to control everything that appears on the platform. However, it is a fact that if Android users were more diligent in updating their OS, Android-enabled devices would’ve not been topping the list of most malware-infected products in the world. Making sure that your OS is up-to-date is the first step towards securing your device.

Android Oreo, the eight major update by the Google-created OS, is undoubtedly a step forward towards better protection. Google is doing its best to decrease the number of possible vulnerabilities by making it not as open as its predecessors. However, vulnerabilities are still appearing, and hackers are not thinking of giving up. Even though Apple seems to be well ahead, the fact is that no matter what OS devices you operate, you will end up getting infected if you do not use them with caution and proper protection. End-users who wish to be fully protected must have quality anti-virus software installed on all their connected devices.

Download Panda Mobile Security

The post Android devices 50 times more infected with malware compared to iOS. appeared first on Panda Security Mediacenter.

Patches and data control: Keys to your organization’s security

emotet whitepaper patches

November 2018, Chile. The bank Consorcio de Chile discovers that it has become the victim of an advanced cyberattack, a dangerous and undesirable situation for any company. If we add to this the fact that the attack involved the Trojan known as the nightmare of global banking, and the fact that this particular nightmare managed to steal 2 million dollars from the bank’s funds, the outlook is extremely disheartening.

Download the Whitepaper

Analysis of EMOTET

The Trojan in question is called Emotet, and Chile is just the latest country on its list of victims—a list that already includes countries such as Germany, Switzerland and the United States. But what is Emotet, how does it spread, and what damage can it do?

Emotet is a polymorphic banking Trojan. Its main goal is to steal data such as user credentials, or to spy on network traffic. It is also frequently used to download other malware, including other banking Trojans.

The most common propagation method for this Trojan is email, whether via infected attachments or embedded URLs. One particularly dangerous feature of Emotet is that it takes over its victims’ email accounts. This helps to trick other users into downloading the Trojan onto their systems.

Emotet graphic

Once Emotet has infected a computer on a network, it uses the vulnerability EternalBlue to get to other endpoints on unpatched systems.

The most serious damage

The most serious consequences that an organization can experience as a result of an EMOTET attack include:

-Theft of personally identifiable information (PII).

-Leaking of financial and confidential information, which can be used for blackmail.

Theft of login credentials, making other accounts vulnerable

Long remediation periods for network administrators.

Loss of productivity of employees whose endpoints have to be isolated from the network

It is clear that this malware would be a serious danger for any company it managed to infiltrate. This is why at Panda Security, we recommend having the best preventative protection against any kind of malware, both known and unknown. This is what Panda Adaptive Defense does, since it stops all malware from running, as well as keeping endpoints updated.

In our whitepaper, Patches and data control: Keys to your organization’s security, you can find more information about the risks that this Trojan can entail, how it can get into your company, and how Panda can help you to avoid the most drastic damages.

Download the Whitepaper

The post Patches and data control: Keys to your organization’s security appeared first on Panda Security Mediacenter.

What is a firewall?

You’ve probably heard the word “firewall” a few times in recent years. There was even a 2006 Hollywood movie of the same name starring Harrison Ford, Paul Bettany and Virginia Madsen.

But what is a firewall, and why do they matter?

Keeping the bad guys out

At the most basic level, a firewall is a system that prevents unauthorised access to a network. The firewall acts like a bouncer at the entrance to the network, checking the identification of everyone who tries to enter. Any unauthorised access attempt is blocked automatically.

How does a firewall work?

Before you can properly understand why firewalls matter, you first need to understand a tiny bit about how data is sent between computers.

Say you email a document to a colleague. Your computer splits the document into tiny pieces called packets which are then sent one at a time to your colleagues computer. Each packet contains additional information that tells the recipient’s computer how to rebuild the document from the packets – and where the packets are coming from. This whole process can be completed in a matter of seconds.

Network data transfers aren’t fool proof though. Packets can get corrupted or lost during transfer. Or they can be intercepted and modified by hackers.

A firewall adds an important layer of protection into the data transfer mechanism. The firewall sits between your computer and the recipient’s, checking every packet that passes through. Any network traffic that has been faked, is coming from an unauthorised or unrecognised source, or is otherwise suspicious is blocked automatically.

The firewall does a lot more besides too. It monitors all network traffic, preventing hackers from breaking into your computer or other internet-connected devices.

Why do firewalls matter?

In a business environment, the firewall is installed at the edge of the network; all network traffic has to pass through the firewall, and is analysed in transit. And the same is true of application firewalls like those included with Panda Dome that are installed on home computers.

Effective network security works on the principle of blocking suspicious traffic before it reaches your computer. In a corporate network, that means stopping hackers before they can access the network. At home, you need to drop/block bad network traffic before it can reach the data stored on your computer.

A firewall is not the same as antivirus – it does not check to see whether incoming packets contain malware. But it does automatically block the most suspicious network traffic to keep criminals out. Like antimalware systems however, a good firewall is also regularly updated so that it is capable of blocking the latest threats and suspicious activities.

And this automated checking is an important tool for raising the overall level of protection for your home computer and data.

To learn more about firewalls, please take a look at the Panda knowledgebase. And if you’d like to protect your computer with a firewall now, please download a free trial of Panda Dome Security.

Download Panda FREE VPN

The post What is a firewall? appeared first on Panda Security Mediacenter.