Category Archives: advanced cybersecurity

Panda Security and the Paris Call: a commitment to trust and security in cyberspace

Panda Security and the Paris Call: a commitment to trust and security in cyberspace

On November 12, coinciding with the Internet Governance Forum (IGF) in the UNESCO headquarters, president macron launched the Paris call, in the context of the Paris Peace Forum, to increase trust and security in cyberspace. The date chosen is more than significant, being as it is a homage to the centenary of the end of the First World War and the fragile peace that followed. The initiative is clear: international cooperation is the key to tackling global challenges and ensuring durable peace.

At a time when international cooperation and collective governance are threatened by constant tensions among countries, the Paris Peace Forum aims to strengthen and improve time-tested solutions that work towards this desired world peace: multilateral institutions, norms and standards, and collective action.

In this framework of collaboration, Panda Security – as a private company and signatory of the Cybersecurity Tech Accord – supports this high level declaration in favour of shared principles that aim to provide cyberspace with greater security.

Conscious that in order to achieve world peace these days, it is vital to protect our digital world, last month Panda Security joined the Cybersecurity Tech Accord, a key agreement among over 61 leading companies from all over the world that have come together in the interest of the cyberdefense of online users.

Thus, as a member of the Cybersecurity Tech Accord, Panda is now joining the list of over 300 governments, civil society organizations, groups, and industry representatives in a commitment to stability, security, and trust in cyberspace.

Hence, those that support the Paris Call commit to work together in order to:

  • Intensify prevention and resilience in light of malicious online activities .
  • Protect the accessibility and integrity of the Internet.
  • Cooperate in order to prevent interference in electoral processes.
  • Work together to combat intellectual property violations via the Internet.
  • Prevent the proliferation of malicious online programmes and techniques.
  • Improve the security of digital products and services.
  • Take measures against cybercriminal activity and attacks carried out by state and non-state actors.
  • Reinforce international norms and create corresponding standards.

Support for the Paris Call highlights the commitment undertaken by Panda Security and the Cybersecurity Tech Accord in favour of a dialogue among multiple interested parties in order to ensure advancement in such a critical area as cybersecurity, which affects not only the signatories, but every citizen of the world.

The post Panda Security and the Paris Call: a commitment to trust and security in cyberspace appeared first on Panda Security Mediacenter.

The threats that have got Europol worried

The threats that have got Europol worried

Unfortunately, these days there are more and more threats that can put our company’s corporate cybersecurity in a bind: ransomware, cryptojacking, denial of service attacks, BEC scams… The range of possibilities is almost infinite, and the worst thing is, it keeps growing.

But, what are the most serious threats? Of all the possible options, which are the most frequent, the most difficult to tackle, and, above all, the most damaging for our IT security?

To find out, we turn to Europol. In their 2018 report, Internet Organised Crime Threat Assessment (IOCTA), not only does the agency offer data about the threats that are most dangerous, but also about those that are fastest growing or those that, while they didn’t use to pose a serious risk, have stepped up their game in the last few years in order to attack companies, public bodies, or educational institutions, among other organizations. The following are but a few examples:

1.- Ransomware

Without a shadow of a doubt, ransomware is still the absolute king of cybercrime, even though we have seen a striking evolution. While this kind of attack is still on the rise, its rate of growth is slowing somewhat. But in any case, it continues to be the most common method to attack companies for financial reasons, and as such its advance is still cause for concern.

It is no trifling matter: last year, the cyberattack on Equifax affected over 100 million users all over the world, and so the danger of ransomware is still a constant. Looking forward, Europol predicts that this kind of attack will begin to ‘relocate’, shifting its focus to mobile devices, both in the public and private domain.

2.- Cryptojacking

This trend is one of the most recent, and as such, is more dangerous, as it can be something of an unknown for companies and users. Cryptojacking isn’t necessarily out to steal our information, nor to access our bank details. What it aims to do is to use our mobile device to mine cryptocurrenties, a practice that ends up consuming our company’s IT resources without us even realizing.

Whether through malware or by hacking into the websites we visit, this practice can cause IT problems in the company, or can even seriously affect its corporate cybersecurity. The worst thing about this may well be that, since it is a recent threat, many companies don’t take measures against the damage it can cause.

What’s more, this threat is directly linked to another: the increase in the frequency with which cybercriminals turn to cryptocurrencies, whether to cover their tracks or to launder the money they earn from cyberattacks on companies and institutions.

3.- DDoS

Distributed denial of service (DDoS) attacks are surely among the most widely known attacks. But the fact that many people know of their existence hasn’t caused them to disappear. In fact, according to Europol, these cyberattacks are the second most common after ransomware.

Their success is due, above all, to the fact that it is increasingly simple and cheap to carry them out, and they can cause serious economic losses for the companies that experience them.

4.- Social engineering

Phishing continues to be another of the most common ways that cybercriminals attack, gaining access to company data that, logically, they should never have managed to reach. There are some particularly notable cases, such as BEC scams. Here, the cybercriminals pose as directors of a company in order to get confidential information or economic gain from employees. Another noteworthy case is that of tech support scams.

How to avoid these threats

1.- Prevention and cyber-resilience. Companies cannot wait until an attack comes in order to try to stop it. They must act preventively, as well as being up to speed with new cyberattack strategies, so that no new methods take them by surprise.

2.- Advanced cybersecurity solutions. At the same time, it is vital to have technological solutions that help to maintain corporate cybersecurity. Panda Adaptive Defense not only acts against foreseeable attacks, but, above all, it detects all kinds of possible threats beforehand, monitoring in real time the activity in each organization, staying ahead of the cybercriminals.

3.- Employee awareness As we always say, a lot of the time, employees are the most effective point of entry for cybercrime. This is why companies not only need to make their employees aware of what they must and mustn’t do; they also need to enact clear action protocols for the cases where these employees suspect that a possible threat may be at the doors.

The post The threats that have got Europol worried appeared first on Panda Security Mediacenter.

The risk of using phone numbers as authenticators for sensitive information

The risk of using phone numbers as authenticators for sensitive information

Large companies are exposed to vulnerabilities that can cause serious financial losses – and some of these vulnerabilities come from apparently secure procedures. This has been highlighted by a recent lawsuit against AT&T for the theft of a total of 24 million dollars from one of the company’s clients, the cryptocurrency investor, Michael Terpin. Far from carrying out a highly complex attack that got through the firewalls and security barriers in the cryptocurrency platform or the telecommunications company, the attackers used an extremely simple attack vector: the victim’s phone number.

SIM cards are vulnerable

Terpin is basing his lawsuit on the responsibility the provider has for the double attack that he suffered: the first of the attacks used a SIM swap hack that gave the attacker access to his phone, and thus to all his applications for online services. In this context, SIM cards are essential in two factor authentication (2FA) processes. In theory, there can’t be two SIM cards with the same number at the same time; as such, the authentication of an online account using a phone number is an apparently secure process: the owner of the account receives the tokens – that is the access codes for the online account – generally via SMS, straight to their mobile.

However, there are times when the SIM card may not be under the control of its owner, either when the card has been lost or otherwise physically disabled. At this moment, the data can be transferred to a device belonging to someone else, who has usurped the real owner, whether intentionally or by mistake. According to the lawsuit, after the first SIM swap hack, an AT&T employee must have shared with an attacker one of the tokens received by Terpin on his phone to reactivate the SIM card.

This is how the second attack would have taken place: the attacker, after gaining control of the SIM and, as such, all of Terpin’s online accounts with 2FA, was able to access the cryptocurrency platform and in this way, extract his money. Terpin believes that the provider is negligent, both for the employee complicit in the theft, and for not cancelling the connection between his data and the SIM quickly enough to get ahead of the attacker.

In any case, he is not the first victim of this kind of attack, since 2FA is one of the most commonly used procedures in large companies for their online services. For this reason, many experts have cast doubt on the security of 2FA via mobile phones.

Given that users are entirely in the hands of their own devices and of the security measures of the telecoms operator, if this authentication is the only control measure, it can also be dangerous for large companies. Especially if employees use corporate mobiles that give them access to sensitive company information. As we mentioned in a previous blog post, directors are the largest risk for a company’s mobile security, and if, in addition, it is a large company, the losses stemming from an attack could run into millions.

Size matters

While it may sound surprising, it is large companies (not SMEs) that act worst when faced with cyberattacks and vulnerabilities. This is what is shown by the data in the report Penetration Risk Report, written by the cybersecurity advisor Coalfire.

The study shows that of the vulnerabilities found in large companies, 49% were deemed high risk, compared to 38% in SMEs. Among the most common vulnerabilities mentioned in the study were insecure protocols. This last case includes the security risks related to corporate mobile phones, such as SIM swat hacking, as happened to Terpin.

How can large companies minimize their mobile security risks?

As 2FA has been shown to be insufficient, employees should use authentication apps for their corporate devices. These apps generate a temporary 6 digit tokens linked to chosen accounts, which are automatically regenerated every 30 seconds, thus significantly reducing the options for attackers to take control of apps and services, even if they have managed to take over the SIM.

Another key measure for improving mobile security is to protect the corporate network itself: heads of security must provide workers with encrypted connections so that employees can securely access corporate systems remotely, using virtual private networks (VPNs).

Finally, it is vital that large companies have advanced cybersecurity solutions that offer detailed visibility of all the activity on endpoints, total control off all running processes and a reduction of the attack surface. Having a partner like Panda for Key Accounts is a guarantee of avoiding risks. We are allies of Key Accounts, with a department dedicated exclusively to providing support and specific solutions, as well as creating a security strategies for companies with over 5,000 workstations. We focus on what is most important: our strategy is aimed at protecting the endpoint, where all the employees’ and the company’s critical information is stored. In this way, we manage to keep any kind of attack, no matter how complex it may seem, from endangering companies.

The post The risk of using phone numbers as authenticators for sensitive information appeared first on Panda Security Mediacenter.