Skip to main content

Security threats 2017 | Virus Attacks 2017 | Ransomware | Save your system from such attacks

This blog will highlight how you and your organisation can safe from such attacks as recently in 2017, Over 750,000 computers suffered from a ransomware infection and the number is steadily increasing.

Threat : The FBI are actually suggesting people should pay the ransom to have their files restored.

he following are some of the biggest security threats to watch out for in 2017, along with how to keep yourself safe.
  1. Medical Data Breach
    Data breaches are hardly a new threat. They've been one of the most well-known security threats since Target was hacked in 2013 and millions of customers had their information stolen. Yahoo is one of the most recent breaches as of late 2016 with 500 million accounts affected. This is a threat that will evolve in 2017 and beyond.
    It's expected that retailers will continue to suffer from major breaches, and there seems to be a real focus on hotels right now. Attacks were directed at Starwood, Hilton, and other hotels beginning in 2015 that continued into 2016. However hackers are likely to move on to easier prey following the introduction of point-of-sale terminals using EMV chips and mobile payments. These EMV chips are in the latest credit and debit cards and they go a long way to keeping you safe, as do mobile payment platforms.
    In 2017 it's expected that the problem could become medical data breaches. According to Modern Healthcare, the healthcare industry suffered a record 92 privacy breaches in the first 11 months of 2016. This trend is set to continue as hospitals and insurance providers have problems adapting to the latest digital security measures. To their credit though this is a new problem to them. "Even so", according to Xmedius Sendsecure CEO Sébastien Boire-Lavigne, "it doesn't mean much when you realize someone is selling your medical information on the black market."
    Money is the main reason that hackers will choose medical information. There is plenty of personal and financial information on the black market, so it doesn't sell for a lot of money. However there's much less supply and much more demand for medical information. With this comes an increased price tag. Many people are also keeping a closer eye on their financial information to discover fraud as soon as it happens, but barely anyone looks at their medical insurance records. So hackers can get a lot of mileage from your information before they are found.
  2. Ransomware
    Ransomware is when the files on your computer are encrypted and you are left with the choice to pay a fee to have the lock removed or lose your data, hence the name. The FBI are actually suggesting people should pay the ransom to have their files restored. Much like data breaches ransomware is hardly a new problem. It came to prominence with the emergence of the CryptoLocker virus of 2013.
    Ransomware is a very serious threat and things are only getting worse. This is because it can be picked up for free and hackers have the option of changing it up however they want to make it work for them.
    Ransomware can affect more than just one computer too. It can even lock up an entire network and bring down a whole company. Ransomware can even infect your mobile devices through the use of emails, texts, and even apps.
    The good news is that it can be stopped. Ransomware needs to be installed to work, so as long as you can avoid becoming a victim of a phishing email and avoid dodgy downloads you should be able to avoid ransomware.
    You should also get in the habit of keeping regular backups of your files. That way even if your computer does get locked down you can voluntarily wipe the drive yourself and still have all your files.
  3. Smart Phone Trojan Horse
    eMarketer reports that adults will spend an average of 25 hours online a week. Much of this time is spent using a mobile phone. As such you won't be surprised to learn that hackers are focusing their efforts on apps and smartphones. All it takes is an app download to get the party started.
    The main mobile threats in 2016 were advertising Trojans Horses able to obtain 'root' or superuser rights on an infected Android device - a level of access that allowed them to do pretty much whatever they wanted. This included hiding in the system folder, thereby making themselves almost impossible to delete, and silently installing and launching different apps that aggressively display advertising. They can even buy new apps from Google Play.
    One of the easiest ways to avoid these types of threats is to look at the reviews on the app, and check their privacy policy. The Apple app store is more secure than Google from the advertising Trojan Horse, but hackers will be going after both, so deciding to buy an iPhone over an Android isn't going to put a stop to the threat.

Keep One Eye Open!

It's important you understand that there will always be new threats and no one can tell for sure which threats will become a big issue. One of the latest trends to watch out for is bootkits. These viruses are particularly tricky to discover and stop after they start working and they are becoming a common hacking tool.
The good news is that bootkits are delivered just how every other virus is; through phishing scams and malicious downloads. Just keep an eye on what you click on and don't download anything suspicious and you should be fine. Some people go their whole online lives without ever needing a virus remover.
Security has moved from the IT department to the board room. It's not something you can simply ignore -- especially as your data continues to grow as one of your biggest assets in your company. If you haven't updated your security hardware and software for some time now, you might want to add talking to a security professional to your 2017 priority list.

 Major step to escape from such attacks. (Following prevention is better then cure)

— Maintain updated Antivirus software on all systems

— Check regularly for the integrity of the information stored in the databases

— Regularly check the contents of backup files of databases for any unauthorized encrypted contents of data records or external elements, (backdoors /malicious scripts.)

— Ensure integrity of the codes /scripts being used in database, authentication and sensitive systems

— Establish a Sender Policy Framework (SPF) for your domain, which is an email validation system designed to prevent spam by detecting email spoofing by which most of the ransomware samples successfully reaches the corporate email boxes.

— Keep the operating system third party applications (MS office, browsers, browser Plugins) up-to-date with the latest patches.

— Application whitelisting/Strict implementation of Software Restriction Policies (SRP) to block binaries running from %APPDATA% and %TEMP% paths. Ransomware sample drops and executes generally from these locations.

— Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.

— Don't open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organization's website directly through browser

— Follow safe practices when browsing the web. Ensure the web browsers are secured enough with appropriate content controls.

— Disable remote Desktop Connections, employ least-privileged accounts.

— Restrict users' abilities (permissions) to install and run unwanted software applications.

— Individuals or organizations are not encouraged to pay the ransom, as this does not guarantee files will be released. Report such instances of fraud to CERT-In and Law Enforcement agencies

— Block the attachments of file types, exe|pif|tmp|url|vb|vbe|scr|reg|cer|pst|cmd|com|bat|dll|dat|hlp|hta|js|wsfCarry out vulnerability Assessment and Penetration
— Testing (VAPT) and information security audit of critical networks/systems, especially database servers from CERT-IN empaneled auditors. Repeat audits at regular intervals.

Comments

Post a Comment

Popular posts from this blog

World largest data sets open to the public | Business Intelligence | Data Warehouse | Data Mining

World largest data sets open to the public | Business Intelligence | Data Warehouse | Data Mining Data Sets available for different sectors as follows: Science & Technology    - World largest data sets open to the public | Business Intelligence | Data Warehouse | Data Mining Agricultural Experiments:  agridat {agridat}  (R) Climate data:  Temperature data (HadCRUT4)  and ftp://ftp.cmdl.noaa.go v/ Gene Expression Omnibus:  Home - GEO - NCBI Geo Spatial Data:  Data | GeoDa Center Human Microbiome Project:  Microbial Reference Genomes MIT Cancer Genomics Data:  Page on broadinstitute.org NASA:  Obtaining Data From the NSSDC NIH Microarray data:    ftp://ftp.ncbi.nih.gov/pu b/geo/D...  (R) Protein structure:  PSP benchmark Public Gene Data:  Browse literature or sequence neighbours Stanford Microarray Data:  Page on stanford.edu Social Sciences   - World largest data sets open to the public | Business Intelligence | Data Warehouse | Data Mining General S
Post a Comment
Read more

Simple way 2 secure ur Privacy

Essential Checks Before Launching Your Website As ‘digital professionals’ –  Web Designers , Developers and Marketers – launching a new website is a daunting task, no matter how often you do it (like B.A.S.E. jumping). There’s lots that can go wrong, and the list of ‘ gotchas ‘ scales to the size and complexity of the project. This article is a checklist of common tasks that need to be completed before you hit the “GO” button.  A little preparation goes a long way  and could save you time and avoid unnecessary costs after you release your website. Upload a Favicon The ‘favicon’ appears to the left of the page title in the web browser, and your users will notice if your website doesn’t have one. They give your website credibility and help users navigate to your site when it’s open amongst their other tabs and bookmarks. Ensuring that your website has a favicon is probably the most basic of any task known to humanity, and yet it’s so frequently overlooked. STEP ONE: CRE
3 comments
Read more

AWS Cloud Architecture for Web Hosting | Key Components of an AWS Web Hosting Architecture

Security Architecture of AWS | Amazon Web Server Working of AWS Architecture. Content Delivery Edge caching is still relevant in the Amazon Web Service cloud computing infrastructure. Any existing solutions in your web application infrastructure should work just fine in the AWS cloud. One additional option, however, is made available when using AWS, which is to utilize the Amazon CloudFront service1 for edge caching your website Like other Amazon Web Services, there are no contracts or monthly commitments for using Amazon CloudFront – you pay only for as much or as little content as you actually deliver through the service. Managing Public DNS  Moving a web application to the AWS cloud requires some DNS changes to take advantage of the multiple availability zones that AWS provides. To help you manage DNS routing, AWS provides Amazon Route 534 , a highly available and scalable DNS web service. Queries for your domain are automatically routed to the nearest DNS server and th
1 comment
Read more