It looks like the Meltdown and Spectre fiasco is only just getting warmed up. Security researchers at antivirus testing firm AV-TEST have discovered more than 130 samples of malware that attempts to leverage the Meltdown and Spectre vulnerabilities. The malware samples analysed by AV-TEST appear to be mostly Poof-of-Concept code, and still in the research phase, however, it is believed that cyber criminals will be similarly experimenting with malware that utilises these vulnerabilities.
Everyone’s talking about cyber security these days, and there’s a seemingly endless list of protective measures to be taken to prevent cyber attacks. It can be a bit daunting, and at times hard to secure the right budget, so is all this hype about security really necessary? The short answer is – YES. The long answer is that in order to understand why cyber security has taken over the forefront of IT for businesses, you must first understand that cyber criminals are no longer just bedroom hackers; they’re a fully fledged industry.
Cybercrime costs the economy an estimated $450 billion globally
Cybercrime-as-a-Service is on the rise in a big way, with criminals constantly developing more advanced ways to steal businesses’ hard-earned cash over the internet. The industry continues to evolve and adapt and is now highly organised. All one has to do is log onto certain sites on the Dark Web and they’ll be greeted with professional hackers offering ransomware, malware, phishing, DDoS and much more as-a-service.
Train staff, install Next Generation security and disable macros as the latest fileless malware exploits a lack of all three to steal data.
I’m afraid to say but gone are the days when just having standard security such as Anti-virus software was enough. Cybercriminals are now using complex clandestine techniques to exploit standard system tools and protocols that are not always monitored.
The latest example of such attack is DNSMessenger – a new Remote Access Trojan (RAT) that uses DNS queries to conduct malicious PowerShell commands on compromised computers – a technique that makes the RAT difficult to detect onto targeted systems. Just like their physical counterparts, without a trap in place (i.e a next generation security detection system) they won’t be caught and will end up causing untold damage.
Read on for what next generation security you need to protect your business from these advanced next generation threats. Read more
Ransomware virus DynA-Crypt causes a full blown data breach as it not only encrypts your data, but then steals and uploads it online.
What this means?
The EU mandated GDPR (General Data Protection Regulation) which comes into force on 25th May 2018 will penalise companies not prepared for such data breaches resulting in large fines (approx. 4% of turnover or up to 20 Million Euro whichever is greater). To reduce the chances of being fined to the full extent of this new law – companies will need to begin to work on putting in place the necessary data protection processes and procedures to be able detect when a breach happens/happened, identify what if any personally identifiable data was stolen and have a breach response plan that will ensure the breach is properly handled and reported to the Data Protection Commissioner within 72 hours of detecting the breach. Read more
Imagine a cyber threat that can evade the bank level cyber security…leave little trace of infection and bypass most Anti-Virus software.
Hundreds of companies around the globe including several major banks and financial institutions have reportedly been hit by a cyber security attack masquerading as a dangerous covert memory-based fileless malware. The malware has been detected in at least 40 countries worldwide (including UK, France, USA to name a few).