Monthly Archives: June 2016

Phishing Mails Lead the Way in Most Cases of Data Breach

The year 2015 and the first half of 2016 has witnessed an unprecedented increase in malware attacks, especially the comeback of ransomware threats with increased sophistication. Cybercriminals have reprogrammed the older versions of malwares to carry out these attacks, and although the scripts in the malicious content are rejigged, criminals’ modus operandi remains the same. Hackers still tend to victimize their targets through two major ways; password hacking and phishing emails.

A research that came out last month found that 89% of security breaches on an enterprise level happen mostly through phishing emails and data theft, such as stealing of login credentials. On the flip side – and equally scary – the research found that almost 9% of those attacks were carried out by from state-sponsored groups.

Phishing Mails -Data Breach

However, phishing emails based on “social engineering” tactics still seemed to take the lead by sending unique content to businesses that could easily surpass any security software in a network. Essentially, hacker groups are recoding older versions of malwares to make them undetectable to the network filters and deploy them stealthily to break through the security barriers. According to the finding, almost 70-90% of malwares affecting corporate networks were new and unique, as reported by security software vendors.

It’s noteworthy that although the groups behind such crimes changed the codes in the malwares – like changing the signatures or hashes to turn them new programs – the impact of the malwares followed the same pattern as their predecessors. Most of these unique malwares still aimed at encrypting files for ransom, capturing login data and so on. Also, the phishing emails have come a long way because compared to the obviously-fake looking mails that cybercriminals sent in the past, the malicious emails are impeccably designed to resemble a well-known brand or business that hackers are trying to impersonate. Add cybercriminals’ well thought out prudence to that and you have a cleverly crafted phishing mails each customized to fit their unsuspecting victims’ preference so that the latter are prone to download a malicious link without much thought.

One of such cases emerged last month, when a US federal agency fell prey to a spear-phishing attack carried out by a hackers that identify themselves as Sofacy group. Discovered by a California-based security company in its finding, the firm doesn’t disclose the identity or location of the federal body, but revealed that the government body fell for an email with malicious link sent by the hackers.

Spear-phishing is nothing new for US federal offices; they both have a long-standing tryst with each other which usually ends up in the government agency losing some precious data. However, the government has taken some stern measures in the recent years and vowed to punish culpable groups or individuals. They have also started educating their employee pool to become more alert of phishing mails and not clicking on links regardless of where they come from; instead, staffs are instructed to copy and paste URLs into the browser to avoid falling victim to links that redirects users to a malicious page.

The saddest fact about malware agents spreading their lasso to cripple more and more enterprises is that the attacks have grown in numbers within the past two years despite increased media awareness about phishing and hacking among the internet community.

A fundamental way to protect yourself from falling in the phishing (and possibly, hacking) trap is to install a trusted antispam software in your computer. Comodo KoruMail, an anti-spam solution from the leading antivirus vendor fits the bill perfectly when it comes to fighting spams, phishing emails and virus-infected attachments. The KoruMail, or Comodo Antispam Gateway (CASG) as it is also known, is configurable in any email system without any hassles and it works as a cloud-based email filtering solution to block unwanted email-borne mails from impinging any damage to the enterprise data.

Leave a comment

Posted by on June 28, 2016 in Anti-Spam, Internet Security


Tags: , ,

One Year of Android Security Rewards: Google raises cash reward amount

Google has announced raising the amount of Android Security Rewards on the occasion of the first anniversary of the Rewards. It was a year ago that Google had instituted the Android Security Rewards. In the course of one year, over 250 qualifying vulnerability reports from researchers were received and have been used to make Android and mobile security stronger. Yes, Google works round the year to come up with Android antivirus strategies for all.

A recent post in the ‘Android Developers Blog’ says- “A year ago, we added Android Security Rewards to the long standing Google Vulnerability Rewards Program. We offered up to $38,000 per report that we used to fix vulnerabilities and protect Android users.Since then, we have received over 250 qualifying vulnerability reports from researchers that have helped make Android and mobile security stronger.” The blog further says- “While the program is focused on Nexus devices and has a primary goal of improving Android security, more than a quarter of the issues were reported in code that is developed and used outside of the Android Open Source Project. Fixing these kernel and device driver bugs helps improve security of the broader mobile industry (and even some non-mobile platforms).”

Google Awards

Android antivirus strategies by Google are definitely going great. That’s what the statistics show. In the last one year Google has paid over $550,000 to 82 individuals (an average of $2,200 per reward and $6,700 per researcher). Google paid it’s top researcher, @heisecode, $75,750 for 26 vulnerability reports and paid 15 researchers $10,000 or more. All this happens when we Android users think being armed with Android antivirus itself is enough. Yes, Android antivirus is a must, for all Android devices; of course you should get a good, trusted Android antivirus as soon as you get an Android device.

The Google Vulnerability Rewards Program is being improved now. This is what the ” says about the improvement plans-

“We’re constantly working to improve the program and today we’re making a few changes to all vulnerability reports filed after June 1, 2016.

We’re paying more!

  • We will now pay 33% more for a high-quality vulnerability report with proof of concept. For example, the reward for a Critical vulnerability report with a proof of concept increased from $3000 to $4000.
  • A high quality vulnerability report with a proof of concept, a CTS Test, or a patch will receive an additional 50% more.
  • We’re raising our rewards for a remote or proximal kernel exploit from $20,000 to $30,000.
  • A remote exploit chain or exploits leading to TrustZone or Verified Boot compromise increase from $30,000 to $50,000.”

So next time you’re using an Android device and Android antivirus, just remember, there are lots of researchers out there who are working out real Android antivirus strategies.


Tags: ,

Mobile Endpoint is on the Rise, And So Are the Threats Surrounding IT

Endpoint security has come a long way to protect enterprise network and provide an infallible mechanism to set up IT policies and manage wireless devices. Not only does it make IT admins lives easier by leaps and bounds, but at its core functionality, an effective endpoint security management tool enforces policies that requires all connected devices to comply with network rules.

The endpoint technology is evolving, and so are the policies governing it. Experts are already forecasting the emergence of a new era in the enterprise security landscape, and that is of mobile endpoint management. With the increasing popularity of wireless technology such as BYOD policites, IoT and wearables, mobile device management has become a likely target for online attacks. And so, the need for appropriate IT security is also on the rise.

Malwares and viruses, online eavasdropping, unauthorised access and data theft are some of the major risks that networks connected with mobile devices run in their everyday operations. However, with the right endpoint management tool and a thought-out security policy, these threats can be fought against before they can inflict any damage to the network or the corporate data.

According to a survey conducted by SAMS Institute, many organizations are already proactive in spotting breaches in their corporate network. Their research found that 21% of respondents detected compromised networks in 2016, compared to only 16% in 2015.

Mobile device security is still emerging, and so, IT admins should be really thoughtful about the kind of understanding they put in implementing a proper endpoint management policy to manage connect devices. Essentially, the following five concerns should be considered when formulating mobile device management:

  • User access to device
  • Device ownership (corporate-owned vs. BYOD)
  • Lost/stolen device
  • Data access on the device
  • Level of security awareness in staffs

The new-age mobile security tools are so designed that they provide more security coverage to wireless gadgets, such as wearables, than traditional peripherals that are physically connected to the network, such as a printer. At the same time, a majority of enterprise IT admit that it is challenging for them to manage security for their network because of the increasing threats of malware on the mobile space.

Ponemon Institute, which carried out an independent research and published their results “2016 State of the Endpoint Report” in April, found that only 36% of those surveyed during the research felt that they had adequate resources to handle endpoint security properly, while 71% said that they faced obstacles in imposing effective network policies. The statistics clearly shows that despite their willingness, most of the corporate entities are finding it hard to invest on proper security budget owing to lack of money and other resources.

The frequent and rapid update in device softwares and new device adoption among users is another obstacle for companies to implement effective security plans.

On the bright side, companies are taking necessary measures to ramp up their security mechanisms and are laying out diligent plans to have strong security chains in place for the future. The IT department in every organization could optimize their security mission if they could involve everyone from their enterprise, and not only the IT security personnel, in formulating effective endpoint management policies.

To reiterate, the landscape of threats increase with the spike in technological diversification; the more gadgets your organization accommodates, the more likely your network is subject to online attack. The best bet for your IT is to identify a mobile endpoint management strategy that takes a unified approach to handle all kinds of device.

Security strategy for mobile networks should aim to protect its endpoints from unwanted third-party actors, at the same time keeping abreast of the rapid change in technology. So IT admins should invest their time to understand the specific nature of the network and its users in order to enforce a long-lasting, successful mobile endpoint strategy.


Tags: , , ,

Security software thwarting security of online transactions

This is news. Security software, like antivirus programs, intended to guarantee online security, could perhaps thwart the security of online transactions.

A new research conducted at the Concordia University, Montreal, Canada shows that security certificate might even make online computing less safe. 14 commonly used software programs were used for the research, conducted by Mohammad Mannan, assistant professor in the Concordia Institute for Information Systems Engineering (CIISE), and PhD student Xavier de Carné de Carnavalet. They found that these software programs, which claim to make systems safe by blocking virus and protecting data, “were doing more harm than good. “

As explained in a news release brought out by the university, “At the root of the problem is how security applications act as gatekeepers, filtering dangerous or unwanted elements by inspecting secure web pages before they reach the browser.” The news release further says, “Normally, browsers themselves have to check the certificate delivered by a website, and verify that it has been issued by a proper entity, called a Certification Authority (CA). But security products make the computer “think” that they are themselves a fully entitled CA, thus allowing them to fool browsers into trusting any certificate issued by the products.”

The research and its inferences would most likely make every computer user, especially those who carry out online transactions, sit up and think about the usefulness of having security software/antivirus that they have been using for long, on which they have bestowed maximum trust.

Says Xavier de Carné de Carnavalet, “Out of the products we analyzed, we found that all of them lower the level of security normally provided by current browsers, and often bring serious security vulnerabilities…While a couple of fishy ad-related products were known to behave badly in the same set-up, it’s stunning to observe that products intended to bring security and safety to users can fail as badly.”

The research was supported in part by an NSERC Discovery Grant, a Vanier Canada Graduate Scholarship and the Office of the Privacy Commissioner of Canada’s Contributions Program and the findings were originally presented at the Network and Distributed System Security Symposium 2016, held in February in California.

Mohammad Mannan is quoted (in the University release) as saying- “We reported our findings to the respective vendors so they can fix their products…Not all of them have responded yet, but we hope to bring their attention to these issues.””

The release also quotes de Carnavalet- “We also hope that our work will bring more awareness among users when choosing a security suite or software to protect their children’s online activities…We encourage consumers to keep their browser, operating system and other applications up-to-date, so that they benefit from the latest security patches”. He is also quoted as saying- “Parental control apps exist that do not interfere with secure content, but merely block websites by their domain name, which is probably effective enough.”

These findings would definitely be eye-openers to the vendors of online security products while they would also be informative for internet users across the world.


Tags: , ,