Using Geo IP Data to Tighten Rulesets

The ability to geo-block countries is a great way to limit malicious requests from entering your network or at the very least reduce the footprint of attack from the internet – it’s a great tool to keep in your security tool box. Take a look at my article for Algosec on using GeoIP data in your firewall to tighten rulesets and increase security. 

http://blog.algosec.com/2016/04/using-geo-ip-data-tighten-firewall-rulesets.html

TeslaCrypt Still on the Rise

We’ve seen the explosion of ransomware over the past year and it’s showing no signs of stopping anytime soon. Cyber extortionists are not only flocking to this method, they’re evolving it to fit their malicious needs. This is the reason we’ve seen multiple iterations of TeslaCrypt being produced, with each copy being independently developed by another group, to fit the needs of the particular developers or their clients.  You can find everything you need regarding TeslaCrypt in this well written blog post: http://soft2secure.com/knowledgebase/teslacrypt-3-0

With TeslaCrypt being used as a standard in many ways, it’s interesting to see how malicious developers have countered each version of TeslaCrypt to advance their malware with new “features”. These new features allow for the malware to: evade anti-virus, ransom files with better encryption, include additional file types, etc. As the opportunity exists for attackers to make money from this threat we’ll continue to see ransomware infect our networks. I personally don’t think this will be the end of their features and I’m concerned that we’ll start seeing other “data” or “access” ransomed in the near future.  Once the bad guys see a successful way to make money they evolve it, just like they do their tools, to fit their needs. We’re only seeing the tip of the iceberg with TeslaCrypt and other just like it. 

With this being said, the best way not to fall victim to this attack is backing up your files on a regular basis. If you have a recent backup of your data there’s no need to pay someone to get it back. Please, consider backing up your files. A service like SpiderOak is great for this type of “unmapped” backup, where new data is copied up to the cloud for backup right away. If you read the above article you’ll know that mapped drives are part of what TeslaCrypt and other ransomware variants crawl into right away. 

Ransomware is showing no signs of slowing, but if we back up our data, patch our systems and use some common sense with clicking links, we can limit it to an extent. As soon as it’s no longer viable for criminals to make money off this scheme, they’ll move on. It’s up to us to dissuade them.

Why Patching Will Never Get Old

I was asked to participate in Heimdal Security's "Round Up" of experts as to why "Software Patching is Key for Your Online Security". It's something overlooked by many as a first line of defense to protect systems from vulnerabilities.

You can read the responses from all contributors here: https://heimdalsecurity.com/blog/expert-roundup-software-patching/

WhatsApp Encrypts 1 Billion Users and Promptly Drops Mic

In attempts to find an analogy of the sheer amount of encrypted users using end-to-end encryption of phone, video, chat and images using WhatsApp, I came across this statistic:

To count to one thousand, counting one number every second continuously, it would take 17 minutes.  Counting to one million at the same rate, it would take 12 days (counting nonstop, day and night).  But counting to one billion would take 32 years! 

That's right, it would take 32 years to count the amount of users (today) that now have  end-to-end encryption using WhatsApp. That's freaking huge. 

I think we'll all remember the Apple vs FBI case as the spark that lite the fire, but in reality the work being done behind the scenes at WhatsApp took place long before the FBI bungled the San Bernardino iPhone. There has been a steady increase in encryption being pushed down to the consumer level, mainly due to privacy concerns with the mistrust of governments and organizations handling data, that has fueled this effort to become commonplace. 

What many will see is the FBI cracking one iPhone and WhatsApp turning on encryption two weeks later for 1 billion users. I don't think this was due to this case alone (the sheer design change would be massive), but needless to say, it didn't help. Once hearing this I can honestly say that I downloaded the app for the first time and will use it along side Whisper Systems, Signal App, for increased privacy and security. 

When thinking about the government requesting data from WhatsApp after encryption being enabled end-to-end, especially after they were starting to focus their attention on them previously, all I could think of was this GIF:

 

via GIPHY

How to Defend Your Network Against Ransomware

We've all seen the recent headlines of the sheer destruction that ransomware can bring upon your network, but we haven't seen many tips on defending against it. With many companies paying the ransom to criminals after being infected, it's only promoting them to use it more. If they weren't making money off this scheme they won't be using it, but unfortunately they are.

What I'd like to do with this article is spread some common sense in defending against ransomware and ways to assist with mitigating it once it's in your network. Here's the article I wrote for Tripwire explaining a few methods, since everything we do in security is based on layers, there's not a single defense that's going to stop ransomware by itself.

http://www.tripwire.com/state-of-security/incident-detection/creating-a-malwarerasomware-defendable-network/