Tag: Malware

antivirus

A False Sense of Security: How Antivirus Can Fail

It’s pretty easy to think of computer viruses and malware as someone else’s problem. You hear about big attacks in the news, about the thousands of people who have had their information stolen and the businesses who have suffered mind-numbing losses in revenue. This isn’t something you have to worry about though, right? You know what a phishing link looks like, you avoid suspicious websites and you don’t open strange emails. Unfortunately, taking all the precautions in the world on your own isn’t enough, especially if you lack proper antivirus and malware protection. The odds of avoiding any form of malicious code is just too high – and those odds are only continuing to increase. The Difference Between Viruses and Malware

Read More »
BAI Security Audit

Malware Risk Management

Prevent, detect, and contain: that’s the National Security Agency (NSA) advice for mitigating the damage of malware attacks. The NSA’s new report, “Defensive Best Practices Against Destructive Malware,” provides a good proactive baseline for warding off attacks, along with advice on how to keep attackers from running amuck after they have gained some access to the network. Security experts have warned that 2015 will be the year of the particularly malicious hacker. Such attackers will wipe compromised networks after a successful attack in order to destroy forensic evidence. In other cases, as we’ve seen with the various “locker” ransomwares, data is encrypted and held for ransom. If demands aren’t met, the data isn’t released from its encrypted prison. “Defensive Best

Read More »

Insights From Verizon’s Data Breach Investigations Report

In early spring, while many people are anticipating the return of warm weather and blue skies, the information security industry is looking forward to the release of Verizon’s annual Data Breach Investigations Report (DBIR). Published since 2008, DBIR is a data security reference guide, playbook and bible. Global in scope, the report analyzes thousands of confirmed data breaches and security incidents, sorts out the trends, and provides best practice guidance that informs the industries’ approach to cyberthreats and digital security. This year’s report includes the obligatory alarming statistics, among the most eye-opening being that in 60 percent of investigated incidents attackers were able to compromise a target network within minutes. Equally interesting, the majority of the 79,790 incidents and 2,122

Read More »
Malware

New Retail PoS Malware Discovered

A new malware family targeting point-of-sale (PoS) systems, is infecting machines in order to scrape [payment card iinformation from memory. The malware, dubbed PoSeidon, was initially spotted by researchers from Cisco’s Security Solutions (CSS) team. PoSeidon, like most point-of-sale Trojans, scans the RAM of infected terminals for unencrypted strings that match credit card information. End-to-end encryption technology would protect payment card data from these sorts of attacks, but few PoS terminals have this capability right now. Cisco’s researchers say that PoSeidon is comprised of a keylogger, a loader and a memory scraper that also has keylogging functionality. As one would expect, the keylogger is designed to steal credentials for the LogMeIn remote access application. It deletes encrypted LogMeIn passwords and

Read More »
Breach

TARGET CORP DATA BREACH ISSUE MAY BE SPREADING…

One of the largest retail hacks in the United States, the breach on Target caught the attention of the world. The event itself proved how common these types of attacks are no matter the size of an organization. Just recently, the restaurant chain P.F. Chang’s China Bistro found themselves in a similar position as Target. Unfortunately, they had been too late and the payments breach had taken place before they were able to discover any suspicious activity. The breach had led to payment card fraud and subsequent poor headlines for the chain. Once an organization has a breach it must spend a great deal of money to launch an investigation as to what happened. There’s a long list of negative

Read More »
BAI Security Audit

THE NEXT BIG ADVANCE IN BREACH DETECTION & PREVENTION

Sears Holdings Corp. announced in March of this year (2014), it was investigating a possible security breach after a series of cyberattacks on other retailers have exposed the data of millions of consumers. The security review was still at an early stage as Verizon Communications Inc. (VZ)’s digital forensics unit and the U.S. Secret Service sift through the company’s computer data to look for traces of hackers and the extent of any incursion, according to two people familiar with the matter. Sears, which was already working to reverse 28 straight quarters of declining sales, could be faced with fighting a possible hacking attack with shoppers on edge after a flurry of retail data breaches tarnished the image of merchants including

Read More »