Connect with us

Security

Sophos Introduces Intercept X for Server Blocks Cyber Attackers from Hitting the Business Bullsey

Avatar

Published

on

Sophos announced Sophos Intercept X for Server, next-generation server protection with predictive deep learning technology that provides constantly evolving security against cyber threats.

 

Sophos’ deep learning neural networks are trained on hundreds of millions of samples to look for suspicious attributes of malicious code and prevent never-before-seen malware attacks. SophosLabs research indicates that 75 percent of malware found in an organization is unique to that organization, indicating the majority of malware is previously unknown.

A recent Sophos survey reveals that two-thirds of IT managers worldwide don’t understand what anti-exploit technology is, leaving their organizations vulnerable to data breaches. Once inside a network, cybercriminals can use persistent and lateral moves to target and takeover servers to access the high-value data stored there, such as personally-identifiable information (PII), banking, tax, payroll and other financial records, proprietary intellectual properties, shared applications – all of which can be sold on the Dark Web or used for other types of attacks and monetary gain. Servers can also suffer collateral damage from ransomware and run-of-the-mill cyberattacks. Attacks reaching servers can be more devastating to a business than attacks on endpoints, due to the critical data they hold.

Sophos demonstrates hacking and advanced exploit techniques that cybercriminals use in this Video of How Active Adversaries Attack in Real-Time (also found on Sophos.com/Servers).

“Servers are the bullseye for cybercriminals because they store valuable information and have a broader, system-wide organizational purpose than individual endpoints. An entire company could get potentially wiped out if cybercriminals infiltrate its servers with ransomware or malicious code, or exploit vulnerabilities to gain access. Once breached, attackers can get deep in the network and have the ability to do some serious damage, as well as exfiltrate data,”said Sunil Sharma, Managing Director Sales for Sophos India & SAARC. “Cybercriminals use stolen information for their own spear-phishing campaigns and crime sprees, or they could resell it at a premium price on the Dark Web or to a private network of buyers. Sophos threat experts have seen access to compromised servers for sale on the Dark Web, in addition to the poached data itself – a bonus for cybercriminals, but a double whammy for businesses.”

Attackers also use breached servers as proxies to redirect traffic to malicious websites and are now installing cryptominers on server farms and cloud accounts, so they can generate crypto-currencies by stealing a company’s CPU, RAM, electricity, and other resources. The motives of cybercriminals based on how servers are utilized, what’s stored there and what can be leveraged for multiple crimes underscores the need for predictive, server-designed security with advanced anti-exploit technology that helps protect even unpatched systems.

“According to The Dirty Secrets of Network Firewalls research conducted by Sophos, 89 percent IT managers in India opined that stopping malware threats have become harder over the last year and only endpoint or firewall is not sufficient to protect our data. It’s time we realize that servers are critical infrastructure, but they are often overlooked in the endpoint strategy of many companies,” said Sharma. “It’s not enough to simply install traditional endpoint protection on servers because they demand additional tools and features, such as cloud workload discovery, including Microsoft Azure and Amazon Web Services, and protection to mitigate risk from rogue or forgotten IT assets. The survey also said that 65% Indian respondents completely agree that their current defenses are not sufficient to block cyber threats – be it network, endpoint or server. Server-specific protection is necessary to a successful layered security strategy to reduce the risk of a data breach. Combined with Sophos’ Synchronized Security intelligence sharing and easy management from our Sophos Central dashboard, Intercept X for Server is a powerful addition that helps defend businesses from becoming the next victim.”

The need for server protection exists in organizations of all sizes, with smaller businesses being potentially at more risk than larger, better resourced enterprises as Frank Dickson, research vice president, Security Products with IDC commented, “The small- and mid-sized markets (SMBs) face challenges for server protection as they need the same level of protection as their enterprise counterparts, yet protection must be in an extremely easy to use offering. Additionally, sadly, SMBs are too often tempted to use underpowered, inappropriate PC endpoint offerings to protect servers as a way to save cost, forcing SMB server security vendors to provide compelling, affordable offerings that are also appropriate for a smaller or understaffed IT department.”

Regarding Sophos’ approach directly, Dickson continued, “Sophos addresses the ease-of-use factor by integrating their products on Sophos Central, so there’s one dashboard for Partners and customers to manage each security layer regardless of being on premise or in the cloud. The new Intercept X for Server significantly advances server protection with deep learning, anti-exploit and other key technology elements. The anti-exploit technology has a client right on the server, a necessary requirement based on the manner in which hackers leverage server vulnerabilities to breach systems. Given the readily available and inexpensive exploit kits for sale on the Dark Web, even cybercriminals with little expertise can launch powerful attacks, making sophisticated, server specific protection a fundamental requirement.”

Sophos partners familiar with the new product echoed Dickson’s observations:

“Sophos understands that servers need their own set of security criteria, like the lockdown feature in the current server solution, and the new ability to discover cloud workloads. Many of Riverlite’s clients, companies with under-staffed IT personnel, require us to keep cloud deployments secure and free from disruption,” said Simon Barnes, principal consultant at Riverlite in St. Neots, Cambridgeshire, UK. “Having assets in the cloud or migrating and using public clouds can be daunting to any business. It’s important that MSPs have the right security in place to protect these ‘invisible’ servers, which are easily forgotten from an overall security strategy. This type of exposure weakens a company’s security posture. If any unprotected server is attacked it can wreak havoc on an entire business. We’re looking forward to upgrading and adding Intercept X for Server to our customers’ security portfolios.”

Syndesi is a Managed Service Provider (MSP) with particular interest in the unique cyber security challenges faced by the education sector, including data theft, disruption of operations and compromised technology assets. “For attackers, K-12 schools are a particularly attractive target because they store and handle the personal data of students, parents and staff. Many school districts are vulnerable due to budgetary constraints or limited IT resources, making them an easy target,” said Paul Gibbs, vice president of Syndesi Solutions, based in Athens, Alabama. “An integrated, layered security system that stops ransomware, malware and data theft is paramount. We can now add Intercept X for Server with deep learning technology and Synchronized Security to strengthen the protection of sensitive assets stored on school servers and at other customer sites. We’ve already seen situations where Sophos Intercept X has blocked ransomware on endpoints almost immediately after its first appearance. If servers are hit with ransomware or malware, it’s devastating, so we’re excited for this quick response and the synchronized intelligence-sharing at the server layer as well.”

New features in Sophos Intercept X for Server include:

Deep Learning Neural Network

  • Leverages the deep neural network from Intercept X to detect new and previously unseen malware and unwanted applications
  • Once deployed, the model constantly updates and identifies critical attributes resulting in more accurate decisions between benign and malware payloads

Active Adversary Mitigation

  • Blocks determined cybercriminals and persistent techniques commonly used to evade traditional anti-virus protection
  • Credential Theft Protection prevents theft of authentication passwords from memory, registries and local storage
  • Code Cave Utilization detects the presence of malicious code deployed into legitimate applications

Exploit Protection

  • Prevents an attacker from leveraging known vulnerabilities
  • Protects against browser, plugin or java-based exploit kits even if servers are not full patched

Master Boot-Record Protection

  • WipeGuard expands upon Intercept X anti-ransomware technology and prevents ransomware variants or malicious code that target the Master Boot-Record

Root Cause Analysis

  • Detection and incident response technology provides forensic detail of how the attack got in, where it went, and what it touched
  • Provides recommendations on what to do next after an analysis of the attack

Cloud Workload Discovery for Server

  • Discovers and protects servers running on the public cloud, including Microsoft Azure and Amazon Web Services
  • Prevents risk exposure from rogue IT or forgotten assets

Availability

Sophos Intercept X for Server is available from registered Sophos partners worldwide. Additional information can be found on Sophos.com. To sign up for a free 30 day trial, click here.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Security

Airtel Payments Bank Rolls Out ‘Airtel Safe Pay’

Avatar

Published

on

By

To protect Airtel customers from the growing incidents of online payment frauds, Airtel Payments Bank launched ‘Airtel Safe Pay’ – India’s safest mode for making digital payments.

With ‘Airtel Safe Pay’, Airtel customers making UPI or Netbanking based payments through Airtel Payments Bank, no longer have to worry about money leaving their accounts without their explicit consent.

An India-First innovation, ‘Airtel Safe Pay’ leverages Airtel’s ‘telco exclusive’ strength of network intelligence to provide an additional layer of payment validation compared to the industry norm of two-factor authentication. This offers the highest level of protection from potential frauds such as phishing, stolen credentials or passwords, and even phone cloning that catches customers unaware.

Anubrata Biswas, MD & CEO, Airtel Payments Bank says, “As digital payments become the norm, especially in the post-pandemic world, we also have to solve for the challenge of frauds that are growing rapidly. We are happy to leverage Airtel’s core telco strengths to bring to market this unique capability that ensures that our customers have full control over their transactions. This sets a new benchmark in the Indian digital payments space by making security paramount.”

Using ‘Airtel Safe Pay’, Airtel Payments Bank customers can make secure digital payments across millions of merchants, online retailers and utilities, and even send money. Customers can open an Airtel Payments Bank account within few minutes with just a video call from the Airtel Thanks app and enjoy a range of benefits while they make fully secure digital payments.

Says Adarsh Nair, Chief Product Officer, Bharti Airtel: “Airtel Safe Pay is yet another innovation where our secure network and world-class digital platforms combine to solve a unique market problem. At Airtel, we are taking the lead in offering the most secure digital payments platforms to our users and making sure that the customer is always in control without a worry about rogue transactions.”  

Continue Reading

Security

ESET Rolls Out Latest Version of Its Windows Security Products

Avatar

Published

on

By

ESET has launched new versions of its Windows security products for consumers. The new versions upgrade the protection in ESET Internet Security, ESET NOD32 Antivirus and ESET Smart Security Premium. 

The wide range of security improvements cover malware detection, online banking, password security and smart home support – in line with ESET’s goal to create a safer digital world for everyone to enjoy. With the ever-increasing volume of reported cyberattacks, it is vital that users are secured in their online activities. These product updates address key issues, including online payments and banking-related threats, identity theft and leaking of personal information, stolen passwords and connected device security. 

ESET is continuously improving its solutions to ensure that users are equipped with the very latest technologies in cybersecurity while keeping a low system footprint. The updates bring fine-tuning of the Host-Based Intrusion Prevention System and Advanced Machine Learning modules, along with a significant reduction in the size of the Machine Learning module. 

Other key updates include the new Windows Management Instrumentation (WMI) and System Registry scanners capable of detecting malware that uses the WMI or the registry maliciously. The Connected Home module is also improved with better connected device detection and security issue troubleshooting.

Financial security is a top priority, and the upgraded Banking & Payment Protection features a special secured browser mode through which users can safely pay online. The new feature allows users to run any supported browser in secured mode by default. With secured mode on, the communication of the keyboard and mouse with the browser is encrypted to guard against keylogging. In addition, Banking & Payment Protection now also notifies users when Remote Desktop Protocol (RDP) is turned on to alert them about the danger of malware abusing RDP. 

Finally, ESET Password Manager has been completely rebuilt with new functionalities such as remote logout from websites and remote clearing of browser history, and is available via both browser extensions and native mobile apps.

Commenting on the updates, Matej Krištofík, product manager at ESET, said, “As cyberthreats continue to evolve in sophistication and frequency, it is vital that consumers and their devices are protected on every level. Technology is at the center of our lives, from online banking to connected homes, so it is more important than ever that our personal technology is safe and secure. We are proud to offer our latest Windows security product updates to consumers, reflecting our dedication to consistently improve and innovate in order to provide a safe digital experience for all.”

Continue Reading

Security

Critical Vulnerability Discovered in Instagram App by Researchers

Avatar

Published

on

By

Instagram is one of the most popular social media platforms globally, with over 100+ million photos uploaded every day, and nearly 1 billion monthly active users. Individuals and companies share photos and messages about their lives and products to their followers globally.  So imagine what could happen if a hacker was able to completely take over Instagram accounts, and access all the messages and photos in those accounts, post new photos or delete or manipulate existing photos.  What could that do to a person’s or company’s reputation? 

Earlier this year, Check Point researchers found a critical vulnerability in the Instagram app that would have given an attacker the ability to take over a victim’s Instagram account, and turn their phone into a spying tool, simply by sending them a malicious image file. When the image is saved and opened in the Instagram app, the exploit would give the hacker full access to the victim’s Instagram messages and images, allowing them to post or delete images at will, as well as giving access to the phone’s contacts, camera and location data. 

Here’s how we found the vulnerability, and worked with Facebook and Instagram to close it to keep users safe.

What are the apps on your phone permitted to do?
Wherever we go, our mobile phones usually go with us, to keep us in touch with families, loved ones and our work, too. Of course, this is also why mobiles are an attractive target for hackers.  Not only can they steal data and credentials from our phones, but they can also use them for spying on us: tracking our location, listening to conversations, and accessing our data and messages.

Fortunately, all modern mobile operating systems include several layers of protection against this type of malicious activity. These protections usually rely on the basic concept of ‘application isolation’ – even if someone was able to hack a specific application, they would still be confined to that application alone, along with its strict permissions, and would not be able to extend their hacking attempt any further.

The key term here is “strict permissions” – for example, a map application should be able to access your location, but should not have access to your microphone; a dating app should be able to access your camera and nothing else, and so on.

But what happens when we`re talking about an application that has extensive permissions on your device?  If the application is hacked, the hacker will have easy access to your GPS data, camera, microphone, contacts, and more. 

Fortunately, there isn’t a huge list of apps that have such extensive permissions on users’ devices.   One example is Instagram. Given its popularity and wide-ranging permissions, we decided to review the security of Instagram’s mobile app for both Android and iOS operating systems.

What did we find?
Our research revealed a critical vulnerability that might allow the attackers what is technically referred to as – remote code execution (RCE). This vulnerability can allow an attacker to perform any action they wish in the Instagram app (yes, even if it is not actually a part of the application logic or features). Since the Instagram app has very extensive permissions, this may allow an attacker to instantly turn the targeted phone into a perfect spying tool – putting the privacy of millions of users at serious risk.

Modus operandi

So how does such a popular application include vulnerabilities, when huge amounts of time and resources are invested in developing it?
The answer is that most modern app developers do not actually write the entire application on their own: if they did so it would take years to write an application. Instead, they use 3rd party libraries to handle common (and often complicated) tasks such as image processing, sound processing, network connectivity, and so on. This frees the developers to handle only the coding tasks, which represent the apps core business logic. However, this relies on those 3rd party libraries being completely trustworthy and secure.

Our modus operandi for this research was to examine the 3rd party libraries used by Instagram, And the vulnerability we found was in the way that Instagram used Mozjpeg- an open source project used by Instagram as its JPEG format image decoder for images uploaded to the service.

A bad image: hacking and taking over the user’s mobile Instagram account
In the attack scenario we describe in our research, an attacker can simply send an image to their target victim via email, WhatsApp or another media exchange platform. The target user saves the image on their handset, and when they open the Instagram app, the exploitation takes place, allowing the attacker full access to any resource in the phone that is pre-allowed by Instagram.

These resources include contacts, device storage, location services and the device camera. In effect, the attacker gets full control over the app and can create actions on behalf of the user, including reading all of their personal messages in their Instagram account and deleting or posting photos at will.  This turns the device into a tool for spying on targeted users without their knowledge, as well as enabling malicious manipulation of their Instagram profile. In either case, the attack could lead to a massive invasion of users’ privacy and could affect reputations – or lead to security risks that are even more serious.

At a basic level, this exploit can be used to crash a user’s Instagram app, effectively denying them access to the app until they delete it from their device and re-install it, causing inconvenience and possible loss of data. 

Responsible disclosure & Protection

We have responsibly disclosed our findings to Facebook and the Instagram team. Facebook’s advisory was very responsive and helpful, they have described this vulnerability as an “Integer Overflow leading to Heap Buffer Overflow” and issued a patch to remediate the issue on the newer versions of the Instagram application on all platforms.

The patch for this vulnerability has already been available for 6 months prior to this publication, giving time to the majority of users to update their Instagram applications, thus mitigating the risk of this vulnerability being exploited. We strongly encourage all Instagram users to ensure they are using the latest Instagram app version and to update if any new version is available.

Check Point’s SandBlast Mobile (SBM) provides full visibility into mobile risks, with advanced threat prevention capabilities. With the market’s highest threat catch rate, users of SBM stay protected from malware, phishing, man-in-the-middle attacks, OS exploits, and more. Intuitive to use, users only hear from SandBlast Mobile if they are under attack.

Continue Reading
Advertisement

Trending