Monday, June 9, 2014

Staying secure against Gameover and CryptoLocker

Gameover, also known as Gameover Zeus, Zeus, or Zbot, has been back in the news with headlines suggesting infected users have a small window of opportunity to remove this malware before the criminal’s botnet is reactivated.
Sophos customers have been protected since Gameover (Zbot) and CryptoLocker first came to light. Our free Sophos Virus Removal Tool can help identify and clean up any infected computers.
The threat
Law enforcement officers have taken down the botnet command and control servers that were behind the notorious Gameover malware. Gameover was used to steal banking credentials, infect victims with the CryptoLocker malware and more.
The servers will undoubtedly get rebuilt — they are too lucrative for the cybercriminals to drop — but in the meantime there is a short window for users to remove existing infections and make sure they are protected in the future.
For detailed information on these threats read our Naked Security article.
What to do if you are infected
Our FREE Sophos Virus Removal Tool is here to help. It detects and cleans up malware, including Gameover and CryptoLocker,* and you don’t have to uninstall your existing anti-virus first.
*Unfortunately, decrypting data that’s already been encrypted by CryptoLocker is much harder.
Sophos customers are already protected
Sophos has been detecting and blocking Gameover (Zbot) and CryptoLocker since their inception, keeping our customers secure.  We protect at both the endpoint and the network for total security:
  • Sophos Endpoint Protection — the threat prevention engine that powers all our endpoint solutions — automatically blocks devices from getting infected, and customers are given additional protection with live lookups, suspicious file protection,  runtime protection, web filtering and more.
  • Sophos Email Protection stops malicious emails (one of the main ways CryptoLocker is distributed) from reaching your end users.
  • Sophos Web Filtering prevents malware like Gameover and CryptoLocker being downloaded from infected legitimate sites.  It also stops the malware connecting back to the cybercriminals, which can prevent the malware delivering its payload (for example stopping it encrypting user data in the case of ransomware).
  • Built-in rootkit detection in Sophos Endpoint products helps reduce your exposure to new kernel-level rootkit variants of Gameover that make detection and removal harder.
  • Sophos UTM secures networks against advanced threats like Gameover with multi-layered protection including antivirus, Intrusion Prevention System (IPS) and UTM 9.2’s new Botnet and Command and Control server detection. Watch a short video on how we do it. Take a free trialtoday.
Tips to stay secure
Here are our top tips to keep your organization secure against Gameover, CryptoLocker and other threats:
1. Make sure you are running up-to-date endpoint security software and that it is enabled.
2. Ensure your computer is up to date and fully patched. Not just your operating system, but your web browser and third party applications like Java too.
3.  A lot of malicious code is distributed via links in emails or social media messages, so don’t click on suspicious links or attachments in email, even better use email filtering.
4. Use web filtering to prevent you browsing to websites infected with malicious code – 80% of infected websites are legitimate sites that have been compromised.
5. If you’re worried you aren’t secure, or think you may be infected, run a scan with a tool like the Sophos Free Virus Removal tool which will detect and remove any nasty code like Gameover.
6.  Keep regular backups of your important files and if you can, store them offline, where they can’t be affected in the event of an attack on your active files.
7.  Protect yourself on the network as well as the endpoint. Some malware, such as CryptoLocker, requires a network connection. Network security can pick up the attempt to access the command and control server and block it. The malware will still be on your system, but it won’t enable the nasty payload that encrypts all your information. Network security also helps you cover systems where the endpoint security is not installed (such as that printer running Windows XP you might have).
Threat deep-dive
SophosLabs, our global network of threat researchers, are experts in these types of malware. We have a number of free resources if you’d like to learn more:

Friday, January 10, 2014

Phishing Awareness

What is Phishing?


Phishing is a psychological attack used by cyber criminals to trick you into giving up information or taking an action.  This term has evolved from an email attack that would steal your password to almost any message based attack.

These attacks begin with a cyber criminal sending a message pretending to be from someone or something you know, such as a friend, your bank or a well-known store.

These messages then entice you into taking an action.  Click on the link, open an infected attachment or respond to a scam.  These messages are sent to millions of email addresses, with the hopes of a few falling prey to the scam.

These criminal also use social media and instant messaging to troll for unsuspecting victims.

What should you do?

·         Check for a valid email address. If you don’t know the sender, delete the email.

·         Be suspicious of emails addressed to “Dear Customer” or some other generic salutation.

·         Be suspicious of grammar or spelling mistakes.

·         Be suspicious of any email that requires “immediate action” or creates some sort of urgency.

·         Be very careful of links and only click on those that you are expecting.   

·         Be suspicious of attachments.

·         Be suspicious of messages that sound too good to be true

·         Just because you got an email from a friend doesn’t mean they sent it.  Their computer or smart phone could be infected.

If you are concerned about the security of your technology, give us a call.

My next blog will attempt to explain what can happen once you fall victim to an online scam.


Thursday, October 24, 2013

Sophos announced as leaders in Gartner’s MQ for Mobile Data Protection

Sophos is the only IT security company to be positioned as a Leader in these three Magic Quadrants: Unified Threat Management (UTM), Mobile Data Protection and Endpoint Protection Platforms.

Data Integrity strongly recommends that a health care covered entity implements encryption, data protection and other safe guards to meet the new Omnibus regulations.   Willful neglect can be extremely costly.  Solutions are not that expensive and can be easily implemented.  Sam

Tuesday, October 22, 2013

Breach round-up: Theft of unencrypted laptops exposes PHI

Three separate organizations recently reported the theft of unencrypted laptops, which resulted in the disclosure of PHI of numerous patients. Let’s take a look at each case:

Healthcare covered entities should consider implementing encryption on all devices.

Investigation Reveals Veterans Administration Privacy Breaches

Jaclyn Fitzgerald, Associate editor
Veteran’s Administration (VA) employees or contractors are responsible for 14,215 HIPAA privacy violations at 167 facilities from 2010 to May 31, 2013,according to a recent Pittsburgh Tribune-Review investigation. The violations affected at least 101,018 veterans and 551 VA employees, the newspaper reported.