Drowning, Ransoming — and Staying Safe (Pt. II)

Last week, we mentioned the new “Drown” security leak, a flaw in grandfathered internet protocols that is leaving, according to SC Magazine, over 600 frequently used cloud servers — the very nodes and providers businesses use to conduct business on — “vulnerable to attack.”

The article notes that Drown compares “with other SSL vulnerabilities of similar scope such as Heartbleed,” something they term “bad news for the 98.9 percent of enterprises who use at least one vulnerable service. As of today, the average organization uses 56 vulnerable services.”

Which means, if your IT department — or provider — isn’t on this right now, they need to be. Fixes can actually be relatively simple. “It was troubling that cloud providers had been slow to patch services against Drown,” the article said “which they can do simply by disabling SSLv2 support.”

And while it’s not clear yet whether the Drown attack has been used — the researchers who discovered the vulnerability weren’t going to release the code until there were fixes in the network — the UK’s Register finds that “Cyber-crooks now prefer ransomware to botnets. File-encrypting ransomware has eclipsed botnets to become the main threat to enterprises, according to Trend Micro.”

Unlike a bug or hack that seeks to root around your system and steal data, in order to make false accounts to charge goods (or to drain any monetary accounts where there’s access), the point of ransomware is to “kidnap” — digitally speaking — one’s system or data, and not release it until the ransom has been paid. “According to FBI statistics released last June, “ the article continues, “(ransomware software) CryptoWall managed to generate more than $18m for its creators in a little over a year. These revenues – traced by monitoring BitCoin wallets and similar techniques – provide evidence that a growing percentage of organisations affected by ransomware attacks are paying up.”

Don’t be one of those who gets drowned, ransomed, or anything else. Last week we presented the first part of our handy tips to help avoid being a ransomware victim. This week, we have additional steps you and your firm can take:

*Reduce or Eliminate Employee Error: An employee might click a link in an infected email, installing ransomware in your company’s system. Use the present moment to underscore your company’s safety and administrative policies, and retrain employees about “best practices” online. One good place to start with the employee training system in your Conformance PCI ToolKit – it has everything you need… and it’s free!

*Install and Update Virus/malware protection (yes!): Oddly enough, this is one of the least-done “easy” steps in the whole arsenal! Make sure anti-virus software is up to date. Have IT set it up so that all incoming and outgoing company email — and any newly connected devices on the network — are all automatically scanned.  

*Keep Data Backups That Aren’t Connected To Your Network: Keep data backups offline, or someplace where they are not part of the “main” network.  This step might seem “retro,” recalling the days when most data resided on paper, but it’s still an important step for other kinds of disaster readiness — such as in an earthquake or other event. And should you be “ransomed,” it will allow you to erase and restore your system very quickly — without paying up.

If you need any other kind of upgrading, even with “new basics” like EMV-ready devices (to protect your customers’ data and reduce  your own liability!) be sure to contact your AVPS Rep today! We’ll help keep you dry — and unshackled!

 

 

Tags: , , ,

No comments yet.

Leave a Reply

You must be logged in to post a comment.