Ransomware and Cybersecurity: Where You Stand Depends on Where You Sit

Optical illusion created by clay columns forming shapes of two ladies talkingDo you see two facing profiles or three clay columns? Well, that depends…

One of the more fascinating aspects of the recent presidential election in the US has been the delineation of sharp differences in points of view among the electorate. Those doing well celebrate indicators of economic and social improvement, while those struggling see little to no evidence of such things.

Or, as my wise mother liked to say, “Where you stand depends on where you sit.”

Similar dichotomies exist when the focus shifts to cybersecurity in general, and ransomware in particular. And some of them are disturbing at best and threatening to the ability of businesses to do business at worst.

Ransomware

Research conducted by IBM X-Force and reported widely in December found that 40 percent of spam emails sent in 2016 contained ransomware, and that one in two executives surveyed have experienced a ransomware attack at work. Yet just 31 percent of surveyed consumers had even heard of ransomware—yet.

Law enforcement encourages those who suffer ransomware attacks to report those attacks. Many also argue that paying ransoms just rewards and encourages criminals and future attacks. Yet IBM X-Force found that “Seventy percent of businesses hit by ransomware paid the hackers to regain access to systems and data.” Further, “Nearly 60 percent of business leaders said they would be willing to pay the ransom to regain access to financial records, intellectual property, business plans and consumer data,” HealthcareITNews.com reported.

Cybersecurity skills

Beyond ransomware, there are divergent views of the availability of skilled cybersecurity personnel. As reported by Computerworld in November, the US federal government argues that there’s no cybersecurity skills shortage, citing as evidence a successful job fair held by the Department of Homeland Security in July. But a study conducted by Intel Security and the Center for Strategic and International Studies and released the day before that job fair “pointed to a ‘talent shortage crisis’ of cybersecurity skills.”

Executive perception vs. reality

Perhaps the most troubling disconnect is between the perception of cybersecurity readiness among some business executives and the realities confronting their enterprises. As reported by DarkReading in November, Accenture “surveyed 2,000 top security execs representing companies with annual revenue of $1B or more, to gauge their perceptions of cyber risk and the effectiveness of current security efforts and investments.”

Accenture found that the enterprises they surveyed experienced about 106 coordinated attack attempts per year, and that approximately one in three such attacks resulted in a security breach. Yet 75 percent of those surveyed said they can sufficiently defend their organizations, while 70 percent said that their enterprises had “a strong attitude towards cybersecurity.” Further, “[t]he majority of respondents say internal breaches have the biggest impact; however, 58 [percent] prioritize developing perimeter security over focusing on high-impact insider threats,” DarkReading reported.

The bottom line

Regardless of your point of view regarding ransomware and other cybersecurity issues—or the viewpoints of others around you—some things are incontrovertible.

  • Ransomware and other threats are growing in number, sophistication, and scope.
  • These threats are not going away anytime soon.
  • Your enterprise, regardless of its size or primary business, grows more dependent upon its IT infrastructure every single day.
  • To survive and thrive, your enterprise needs the most modern and effective IT infrastructure and cybersecurity solutions and processes it can muster.

Resolve now to hit the ground running in 2017 with the solutions and processes your enterprise needs to modernize IT and protect itself effectively against even the most persistent and pervasive threats. Explore our LANDESK, AppSense, and Shavlik offerings online, or talk to your representative today, to see how we can help you to have a happy, secure, and successful New Year.

Blog-CTA-Whitepaper-527x150

Tips for Defending Against Winter Colds, Flus—and Cyber Threats

GettyImages-600171016If you haven’t yet had a serious cold or flu this winter, consider yourself lucky. And if you have, or are going through one right now, my heartfelt condolences.

While beginning recovery from one of my own worst colds since childhood—and helping my wife get over hers—some parallels began to occur to me between fighting these personal health threats and fighting off threats to cybersecurity.

Herewith, some tips for both. (Disclaimer: I am not a doctor or provider of healthcare in any official capacity, in case that wasn’t yet clear. The cold and flu tips offered below are based solely upon my personal experiences and research. That should keep our legal eagles happy.)

Prevent.

As the aphorism goes, “an ounce of prevention is worth a pound of cure.” And while no efforts to prevent infection are always entirely effective, each may help at least a little.

For colds and flus, this means it’s worth trying everything from over-the-counter supplements rich in vitamin C and zinc to foods high in antioxidants (including coffee—yay!) and probiotics (especially fermented goodies such as sauerkraut and kimchee). It’s also worth striving to avoid exposure to people and places where germs proliferate, such as your office or any family gatherings. Good luck with that.

For cybersecurity, prevention efforts are also never totally effective, but always nonetheless worthwhile. These can range from whitelisting and blacklisting specific types of applications and files to training users to avoid phishing emails and bogus Web sites. Locking down all network endpoints, refusing to support user-provided or mobile devices, or forbidding Web access may increase cybersecurity as well. However, such moves may also hobble user productivity, and motivate some to find and use work-arounds, with potentially catastrophic results.

Detect.

With colds and flus, the sooner you are aware that you’ve got something, the sooner you can take steps to fight it, and the more effective those steps are likely to be. This means paying close attention to things you might ordinarily ignore or take for granted, such as your breathing, your appetite, your body temperature, and new but apparently minor aches or pains. Taking over-the-counter or homeopathic symptom-alleviating remedies may help you get through your obligations, but be careful. They can also mask warning signs that you’re about to get worse.

Effective detection is critical to effective cybersecurity as well. You need timely visibility into every circumstance that might be an actual or attempted attack. “Symptoms” to watch for can include unusual resource access or admin privilege requests, unexpected spikes or dips in network traffic, appearances of unauthorized files or programs. To maximize security, you need to be able to monitor all of your endpoints, and all of their files and applications, for any and all suspicious activities. No pressure.

Remediate.

Despite your diligence and vigilance, unless you live in a completely germ-free environment, never leave it, and never have visitors, you will likely catch a cold, the flu, or both at some time. So in addition to your prevention and detection efforts, you need to be prepared to limit the effects of those germs that do get through to you. This is where over-the-counter, homeopathic, and even prescription remedies become critical allies.

If you’ve got a cough, add freshly grated raw ginger and raw, unfiltered honey to your tea of choice, and drink them several times a day. If you’re prescribed medicines, take them exactly as prescribed, and complete all of them to minimize the likelihood of a relapse. Just because you’re feeling better doesn’t mean the threat is entirely remediated.

Remediation in cybersecurity means limiting the effects of successful threats as quickly and completely as possible. This includes identifying and isolating all infected systems, killing any malware running on them, deleting that malware, and preventing its spread to other systems. Anything short of this set of goals leaves your organization vulnerable to follow-on and new threats.

A multi-layered approach is best.

Where colds, flus, and cybersecurity are concerned, there is no single “silver bullet.” There isn’t even a single weapon of choice. Instead, you need an arsenal of tools and processes that you can use in concert to prevent, detect, and remediate even the most aggressive threats.

Your healthcare provider(s) of choice and some online research can help you make giant steps toward successful prevention, detection, and remediation of cold and flu bugs. And LANDESK can definitely help you to do the same where your organization’s cybersecurity is concerned. Check out our past blog posts and other resources to learn more about fighting ransomware and malware. Then, check out our LANDESK, AppSense, and Shavlik security solutions online, or talk to your representative. The sooner you get started, the more protected you’ll be—from colds and flus, and from online threats to your IT resources, your users, and your business.

Blog-CTA-Whitepaper-527x150

The Cybersecurity Skills Shortage: Threat AND Opportunity for IT?

RET_005To paraphrase iconic singer/songwriter Donovan Leitch, who borrowed the idea from a Buddhist saying, “First, there is a cybersecurity skills shortage, then there is no shortage, then there is.”

A recent Computerworld article highlighted a US Department of Homeland Security (DHS) blog post, in which a DHS official argued that the much-publicized cybersecurity skills shortage is a myth.

In that post, the DHS official offered as evidence the 14,000 applicants, including 2,000 walk-ins, who attended a DHS job fair last July. “[W]hile not all of them were qualified, we continue to this day to hire from the wealth of talent made available as a result of our hiring event. The amount of talent available to hire was so great, we stayed well into the night interviewing potential employees.”

Perhaps unsurprisingly, the Computerworld article contrasts DHS’s interpretation of its job fair experience with the findings of numerous others outside of government. “For instance, a report released one day before the government’s job fair in July, Intel Security, in partnership with the Center for Strategic and International Studies (CSIS), pointed to a ‘talent shortage crisis’ of cybersecurity skills.”

Of course, the question isn’t whether there is or is not a cybersecurity skills shortage. The real question is, how can your company avoid the negative effects of such a shortage, now or in the future?

If skills are the question, technology is the answer

The right combination of skills, technologies, and processes can maximize the business value of the skills already in place at your organization. That combination can also help your organization to deal with any difficulties in expanding your cybersecurity team, by instead expanding the reach of the people you already have and the knowledge and experience they possess.

These benefits are equally applicable beyond cybersecurity. Technologies and processes that automate mundane tasks effectively and enable well-managed collection, sharing, and application of knowledge can aid your organization’s IT asset management (ITAM), IT service management (ITSM), and other efforts as well.

However, given the highly publicized challenges and risks associated with ransomware and other cybersecurity threats, cybersecurity may be the starting point that delivers the most benefits soonest.

LANDESK, AppSense, and Shavlik solutions—and the skills and experience of their developers, resellers, and partners—can help you to ensure that your business can do business safely and efficiently. No matter how the availability of skilled, experienced personnel may ebb and flow. Visit us online, or contact your representative, to begin implementing the solutions and processes that protect and enable your people and your business.

Plain Language: A Key Element of Friendly Business IT and Cybersecurity

hi

 

In my halcyon days of yore—known to most of you as the 1980s—I happened to get to consult with two of the greatest software visionaries you’ve probably never heard of. Here’s who they are, and why they matter to your IT and cybersecurity management efforts.

Two visionaries, one vision: simplicity

One was Paul Heckel. Paul wrote a book that I submit is still a worthwhile read if you can find it. It’s called “The Elements of Friendly Software Design.” Paul, who also worked at Xerox Corp.’s famed Palo Alto Research Center (PARC), turned many of the concepts from his book into a product called Zoomracks. The tool was an early personal information management system that used a then-innovative interface that mimicked filing cards in racks, a popular manual system at the time. It stored everything as plain text, and made it easy for users to scan racks and cards visually, then “zoom in” on the specific information they were seeking. In 1989, Zoomracks was named “Best Database” by Compute! magazine, but then faded into obscurity (and several contentious lawsuits about which you can read more at Wikipedia).

The other visionary was James Edlin. He co-created WordVision, one of the first fully-featured, visually oriented writing tools for the then-nascent IBM PC. The software used a colorful representation of playing card suits to group writing and editing functions logically, and did “WYSIWYG” (“what you see is what you get”) better than anything else at the time. WordVision was simple for even PC newbies to install and use. To quote a 1983 InfoWorld review from the Google Books archive, “You [didn’t] have to know your DOS from your elbow.” And it was priced at only $79.95.

Both Zoomracks and WordVision had one major common characteristic too many IT and cybersecurity tools and implementations lack today. Each was designed from the outset to interact with non-expert, non-technical users in plain, easily understood language, whatever task those users were attempting to perform. From “quick start” installation guides through on-screen prompts to error messages, each made it almost impossible for users to get lost, confused. I watched a lot of people noodle with each product, and never saw anyone be frustrated into the “rage quit” state all too frequently found in today’s video games—and, sadly, too many business applications.

Three things to do now

Here are three simple, effective steps IT and cybersecurity teams can take immediately to bridge the gap between plain language and confusing jargon. Steps like these can improve both user productivity and perception of those teams.

  1. De-obfuscate frequently encountered instructions and error messages. (Ask your users. They’ll be glad to tell you.)
  2. Create brief, clear “cheat sheets” that include all the steps for frequently performed tasks and tell users specifically where and how to get help if they need it. (“Read the manual” and “Call tech support” are just two examples of what not to tell those users.)
  3. Try to include at least one tip or trick in every non-emergency-related communication with users. Such as that coordinated, repeated cybersecurity training and outreach you’re already or about to start doing. (Some of those users can even provide guidance and contributions here, if asked nicely.)

Plain language. A powerful, underused tool that can improve users’ productivity, experiences, adherence to IT and cybersecurity policies, and perceived value of IT. Might even help to reduce helpdesk calls, too. Why would you not use it?

If you want to check out some good examples of communicating about cybersecurity and IT in plain language, start right here. Explore our posts on asset management, ransomware, security management, or systems management. Then explore the plain-language benefits of our solutions, online or by contacting your LANDESK, AppSense, or Shavlik representative.

Blog-CTA-Whitepaper-527x150

Cybersecurity: A Marketing Opportunity for IT

GettyImages-593296284The good folks at TechTarget operate multiple IT-related websites. One of these is the IT Knowledge Exchange, “a TechTarget Expert Community” that features questions and answers, discussions, and blogs posted by IT folks of various roles and levels of expertise.

Cybersecurity training

A recently posted discussion question asks this: “What systems and policies have you put in place to make business employees more IT proficient and self-sufficient?” I believe that cybersecurity training and outreach from IT can contribute greatly to making users “more IT proficient and self-sufficient,” and provide additional benefits to users, IT, and the business.

Most ransomware and other malware enters most enterprises via legitimate-looking but bogus phishing emails and website links. According to the Verizon 2016 Data Breach Investigations Report, more than 20 percent of phishing emails get opened. The report adds that more than 12 percent of those who open those emails click on the links to malware in the messages.

IT can and should provide training, content, and repeated contacts to help users to understand this and be more diligent in looking for, spotting, reporting, and not opening bogus emails. Doing so can help to transform those users from weakest links to first lines of enterprise cybersecurity defense.

Transforming the perception of IT

Such outreach can also help to transform the perception of IT by users and line-of-business leaders. These constituents often view IT as “the bad guys” who impose rules and tools that frustrate and annoy. Helping to make users more secure and more security-savvy can get more of them to see IT as enablers and accelerators of user productivity and business agility. Which can only be good for IT and the rest of the business.

If you’re in IT and already providing cybersecurity training and outreach, keep up the good work. Remember that cybersecurity is a marathon and not a sprint, and that repetition enhances retention and understanding. In other words, that one-time run-through of cybersecurity basics during employee onboarding and orientation is a beginning, not an end.

If you’re not already conducting coordinated, repeated cybersecurity training and outreach, start now. Share some of the resources in the LANDESK ransomware blog post archive with your users. Not all at once, of course. Maybe something new once a week or once a month, accompanied by any news you want to share about new cybersecurity-related applications, patches, processes, or tips. Maybe even content or inspiration you find at TechTarget’s IT Knowledge Exchange or other online discussion areas.

Of course, your training and outreach efforts can be made even more effective if you’re delivering the best possible cybersecurity protections behind the scenes. And of course, we can help you there as well. Check out our solutions online, or contact your LANDESK, AppSense, or Shavlik representative.

Blog-CTA-Whitepaper-527x150

Last Week’s Internet Outage: What Your IT Team Should Do Next

GettyImages-537812190As you have probably read—and may have directly experienced—there were major Internet outages on Friday, October 21, caused by a distributed denial of service (DDoS) attack on Dyn’s Managed DNS Infrastructure.

That resource provides Domain Name Service management for Web sites around the world, including some of the most popular, which is why those sites were inaccessible during the attack.

The next day, a statement was issued by Dyn regarding the attack and its aftermath.

What Dyn CSO Kyle York knew as of October 22:

“At this point we know this was a sophisticated, highly distributed attack involving tens of millions of IP addresses….The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations. We can confirm…that one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed tens of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.”

Others have already begun to try to sort through those possibly responsible and their motivations.

LANDESK experts weigh in

Meanwhile, here’s what some of our security-minded experts, including Chief Security Officer Phil Richards, VP of Engineering Rob Juncker, Principal Product Manager Eran Livne, and Senior Product Manager Chris Goettl, know and recommend:

  • Friday’s DDoS attack on Dyn was implemented with Mirai and variants of Mirai, which is readily available, “off-the-shelf” malware.
  • The attack succeeded largely by enslaving very large numbers of (largely residential/consumer) Internet-connected devices, from Webcams to “smart home” accessories, as well as poorly protected computers.
  • Those “Internet of Things” (IoT) devices were and are particularly vulnerable because many if not most come with default passwords users can’t change. (Some manufacturers have already announced recalls of compromised devices.)
  • Enterprise IT leaders and teams can’t do much about residential IoT devices. But those IT people should use the attack as a reminder and warning that they need strong passwords on every connected device that has a password that can be changed. IT also needs to implement tools and processes that help them to detect, prevent, and remediate malware, to keep their computers from becoming botnet slaves.

Solutions

LANDESK Password Central enables users to recover, reset, and synchronize their own passwords with no IT intervention required. The solution also ensures that passwords comply with company-defined policies and are strong enough to provide adequate protection.

LANDESK Security Suite includes multiple features designed to improve detection, prevention, and remediation of malware. And there are several other LANDESK, AppSense, and Shavlik solutions that can increase and improve patch management of client and server operating systems, virtual infrastructures, and third-party applications.

Visit LANDESK online, or talk with your LANDESK, AppSense, or Shavlik representative today. Together, we can help to ensure that your enterprise is as protected as possible from future attacks—even those that aren’t targeted directly at your enterprise.

Blog-CTA-Whitepaper-527x150

Malware in the News – and How to Beat It

GettyImages-459067087If there is a news topic generating more “F.U.D.”—fear, uncertainty, and doubt—than politics in the United States, it just may be cybersecurity.

According to an October 14 report on SC Magazine UK, a Dutch security analyst has discovered that more than 5,900 e-commerce sites contain malware that steals victims’ credit card details.

How did hackers gain access to and infect so many sites with malware? Through various unpatched software flaws.

In a blog post outlining his research, Willem De Groot provides some chilling and disheartening details.

Here are some highlights:

  • Online skimming is just like physical skimming. This involves replacing legitimate point-of-sale card-reading hardware with look-alike hardware that captures and diverts payment information to malefactors.
  • Online skimming is more effective because a) it is harder to detect and b) it is near impossible to trace the thieves.
  • [H]ackers gain access to a store’s source code using unpatched software flaws in various popular e-commerce software.
  • Victims vary from car makers (Audi ZA) to government (NRSC, Malaysia) to fashion (Converse, Heels.com), to pop stars (Bjork) to NGOs [non-governmental organizations] (Science Museum, Washington Cathedral).

De Groot also contacted several merchants directly to inform them of the results of his research. Here are three of the responses he got:

  • “We don’t care, our payments are handled by a 3rd party payment provider.” Remember that many high-profile, high-value security breaches of retailer environments gained access through third parties.
  • “Thanks for your suggestion, but our shop is totally safe. There is just an annoying JavaScript error.” De Groot responds, “If someone can inject JavaScript into your site, your database is most likely also hacked.”
  • “Our shop is safe because we use https” (HyperText Transfer Protocol Secure, a minimally secure Web communications protocol).

For those of us who are planning to do any online shopping this holiday season, news like this gives new urgency to the phrase caveat emptor (“let the buyer beware”). Meanwhile, those who are operators of online commerce facilities should adopt a complementary phrase—caveat venditor, or “let the seller beware.” They should also patch the operating systems and applications upon which their operations rely more consistently.

As important as they are, though, timely software patches and upgrades are only elements of a truly effective strategy for combating cyber threats such as online skimming. Such threats depend largely on being able to infiltrate and populate a network with rogue software.

An effective protection strategy must therefore accomplish three things:

  • Detection—Know as quickly as possible when malware attempts to infiltrate or infiltrates a network, wherever that attempt or infiltration takes place.
  • Prevention—Prevent as many attempted malware infiltrations as possible. (This is a primary role of effective, comprehensive patch and update management.)
  • Remediation—Stop malware that successfully infiltrates a system from running and spreading to other systems or networks, and protect resources from the effects of successful infiltrations wherever they take place across a network.

The need for a multi-layered approach to cybersecurity is exactly  why we created Endpoint Security Suite 2.0. This offering combines Shavlik Protect with AppSense Application Manager and AppSense Insight to deliver a solution that addresses all of the —software whitelisting, secure standard configurations, timely patching of applications and operating systems, and administrative privilege restrictions.

That same need is also why we’ve enhanced LANDESK Security Suite with multiple features that enable more and better detection, prevention, and remediation. It’s also why we created LANDESK Workspaces for the Security Admin. It provides consolidated, comprehensive information about vulnerabilities, threats, and available patches, via a flexible, visual interface.

Whether or not your company sells online, cyber threats are many, varied, and dangerous to your users, your critical information resources, and your organization as a whole. To begin improving your protections today, read my colleague Brent Bluth’s blog post, I.T.’s a Real Ditch Sometimes: Time to Make a Switch, which discusses the importance of patching to your multi-layered cybersecurity efforts. Then, learn more about our solutions, online or from your LANDESK, Shavlik, or AppSense representative. Together, we can make your enterprise more secure and resistant to even the most modern, powerful cybersecurity threats.

Blog-CTA-Whitepaper-527x150

I.T.’s a Real Ditch Sometimes: Time to Make a Switch

GettyImages-607604884I.T. can be a real ditch

if there’s a patching glitch.

Down in the trenches

amid all the stenches?

Time to make a switch.

Okay, I admit it. I love limericks. So much so that I’ve penned a few on the job about the world of I.T.

Take patch management for example. Even though patching and updating computers have been around for years, organizations of all sizes still struggle to patch systems effectively. Which provides some good grist to wax poetic.

Patching Is “Not a Solved Problem”

Whether computers are behind the firewall or remote, the challenge of patching the OS and applications in a timely fashion persists.

The US National Vulnerability Database, operated by the National Institute of Standards and Technology (NIST), says that as many as 86 percent of reported software vulnerabilities affect third-party applications, not operating systems. As IT environments become more heterogeneous, the vulnerabilities of third-party applications become larger threats to enterprise security and user productivity.

Whatever the mix of operating systems and applications in an environment, that environment needs protection from malefactors as well as from mistakes by legitimate users and system malfunctions.

At the October 2015 Gartner Symposium/ITxpo in Orlando, Florida, Marc van Zadelhoff, VP, IBM Security, presented on “Rethinking the Challenge of Security.” According to a Ponemon/IBM survey of some 200 customers who have been breached, “only 45 percent of the breaches are caused by malicious activities, and 55 percent are caused by mistakes, inadvertent errors [by legitimate users], or problems with systems—system glitches,” Zadelhoff said.

The challenges to delivering the protection IT environments and users need grow along with the heterogeneity of those environments. Perhaps the most pervasive example of the growth and evolution of that challenge is Microsoft’s Windows 10. With the release of that software, Microsoft replaced its traditional method of releasing patches and updates with a collective, “cumulative” approach. However, such an approach creates additional risk in some environments.

Controls Three and Four of the SANS “First Five”

Those who don’t possess effective methods for software updates open up serious vulnerabilities within their infrastructure.

In the John Pescatore-authored SANS white paper that you can download below, he writes that SANS has created a subset of the Center for Internet Security’s (CIS) Critical Security Controls, Version 6.0. This subset, known as the SANS “First Five”, delivers the highest payback in reducing risk from advanced targeted attacks:

  1. Software whitelisting
  2. Secure standard configurations
  3. Application security patching
  4. System security patching
  5. Minimization of administrative privileges

Let’s consider the third and fourth of the five controls, “Application security patching” and “System security patching,” and how the LANDESK and Shavlik family of solutions can help with continuous vulnerability assessment and remediation.

Application security patching

Patching operating systems is a common practice, but 86 percent of vulnerabilities attack third-party software not part of the OS. Shavlik® Patch™ for Microsoft System Center maximizes your organization’s investment in Microsoft System Center Configuration Manager (SCCM) to reduce security risks from unpatched non-Microsoft third-party applications. Shavlik delivers the latest software updates for hundreds of third-party apps, including Windows, Mac, and VMware.

Shavlik also offers several options to deliver software updates and ensure patch compliance, whether a system is on the network or air-gapped: agentless, agent-based, or cloud-based. It also performs hypervisor, offline virtual machine, and virtual template patching.

System security patching

LANDESK Security Suite scans for vulnerabilities that it can remediate with a patch and correlates its actions with vulnerability scanner output. Scan events are logged and can be audited. Vulnerability data is stored based on a first detection.

The LANDESK solution can also scan for vulnerabilities that it can remediate with a patch in authenticated mode with agents running locally. You can use a dedicated account. Role-based access controls ensure that only authorized employees have access.

Shavlik Empower is a cloud-based solution delivers patch management for and asset intelligence about Windows and Mac OS X devices. Empower sentinels scan for devices across your environment, then leverage Microsoft Active Directory to extract and map significant intelligence about your organization’s IT assets. Empower then deploys agents that enable comprehensive, flexible patching of Windows and Mac OS X systems, wherever they are. Shavlik Empower also produces reports that quickly highlight the status of your Windows and Mac devices, their third-party applications, and their patching profiles.

LANDESK assesses state and applies patches across the enterprise, allowing you to establish policies for when devices are patched, leveraging distribution technologies to reduce the impact on the network and disruption to the user. Rollout automation allows for an automated process from definition download through pilot and production rollout phases.

LANDESK uses multiple technologies to distribute patches quickly across the network. Integrated project rollout features can deploy patches at scale and at speed while optimizing bandwidth utilization and hardware resources. Risk rating is based on the vendor patch. Devices can be patched in and out of network.

SANS_BlogCTA_Banner

Fantom Ransomware: Looks Like Windows. Disrupts Like Hell.

Digital Internet securityAs if ransomware and Windows updates weren’t already challenging enough, a new threat pretends to be the latter but delivers the former.

If your organization has been in the process of deploying (or considering to deploy) Windows 10, then you already know about the issues regarding Microsoft’s shift to cumulative updates and the problems with third-party applications they’ve already caused at some companies.

Microsoft updates

Even if you’re not moving to Windows 10, you may still be affected by changes Microsoft is making to how it delivers updates to Windows 7 and Windows 8.1. And if you haven’t already, you should read the sagacious guidance offered in blog posts on these and related subjects by LANDESK Director of Product Management Stephen Brown and Senior Product Manager Chris Goettl.

In addition, you’ve doubtless heard and read about—or maybe even been affected by—ransomware.

Most ransomware infiltrates computer systems, locates and encrypts critical files, then demands payment of a ransom for access to the keys needed to restore access to those files. A recent variant, known as “Hitler ransomware,” threatens to encrypt critical files, but in reality, deletes them. (Read more about this variant in blog posts by me and Stephen.)

Fantom ransomware

And now, there’s Fantom. Once it gets into a system, it looks and acts like a legitimate critical Windows update. As reported by Lawrence Abrams of BleepingComputer.com and others, it even displays a realistic-looking screen that says the updates are being configured.

fantom

What’s really going on, though, is that the software is busily encrypting all the files it can find. It then displays a poorly written ransom note.

fantom2

Once that note appears, victimized users have no choice but to pay the ransom and hope that they receive the decryption keys promised by that ransom note. And that those keys actually restore access to all of their files, and that the malware infection doesn’t result in further mayhem.

This is only one recent variation on the ransomware theme. Others can be at least as disruptive to your users and your business, if not more so. A ransomware variant known as “Petya,” for example, ignores your files and goes directly after the master boot records and file tables that govern access to entire hard drives.

Ransomware webinar on September 14

All of this is why we’re having a ransomware update webinar on September 14, featuring Stephen Brown and Principal Product Manager Eran Livne. (Eran’s also written some sagacious and helpful guidance for combatting ransomware, as have other members of the LANDESK team. You can browse, read, and share these in our ransomware archive.)

It’s also why we continue to evolve our solutions for fighting ransomware. In the webinar, Stephen and Eran will describe some specific upcoming enhancements to LANDESK Security Suite that can help you to defeat even the newest ransomware variants, and keep your organization’s computers and users productive and operational.

Get and stay ahead of the bad guys developing and distributing ransomware. Protect your organization, its users, and its critical information. Start now by registering for the webinar today!

Also, be sure to get your free copy of our most popular white paper below.

Blog-CTA-Whitepaper-527x150

The Biggest Mistakes Users Make When Choosing a Password

passwordAccount information for millions of Dropbox users is being leaked online, more than four years since the file sharing service suffered a major data breach.

Fox News reports that as many as 68 million accounts were compromised, with email addresses and password data now being shared on the web.

Dropbox told FoxNews.com that even if the passwords were cracked, hackers wouldn’t be able to access those accounts because of a recent reset.

The cloud storage service says they reset passwords for users who signed up before mid-2012 and hadn’t bothered to change their passwords since.

Using the same password on multiple sites

The collateral damage from this data breach could be a more of a concern.

“The real risk for a breached user isn’t the site that leaked their user information,” said Rob Juncker, VP of Engineering at LANDESK. “It’s the fact that most users use the same credentials at multiple sites and hackers know this.”

Juncker, an expert in cybersecurity, says being lazy with your password exposes you and your company to the possibility of a full-on cyber onslaught.

“Having discrete credentials per site is a key aspect of securing yourself as a user,” said Juncker.

Users make common mistakes when it comes to generating passwords when creating new accounts.

Adding a number at the end

“Adding a number at the end of a password doesn’t qualify,” he said. “Realize that if all you did was add a number, or add one to an existing number on the site, you might as well have just left it the same.”

A lot of emphasis is placed on coming up with unique, hard-to-crack passwords; but Juncker says your usernames, and more importantly the email address you use when signing up, can be just as critical when it comes to protecting your sensitive information.

“With some sites like Facebook and Instagram, most users will trend towards their personal emails,” he said. “Corporate sites often are registered with corporate credentials.”

Using a work email address

Many users register for sites liked LinkedIn and Dropbox with email addresses linked to their employer’s domains. Juncker says this dangerous practice can open the door for hackers to access your businesses’ network.

“The problem this creates is your corporate security teams have no control over the password governance on these sites,” he said. “But it provides a link from a credential to a corporate network when you use a corporate email.”

Key takeaways

Juncker’s advice: stop using the same password, or a variation of, for everything, and think twice about using your work email address for online accounts. A little extra diligence can save you a lot of hassle when it comes to protecting your personal and proprietary information.

Are you guilty of any of these password blunders? Check out LANDESK Security Suite and be sure to get your free copy of our white paper on how to protect against ransomware—this year’s biggest cyber security threat—below.

Blog-CTA-Whitepaper-527x150