Tuesday, July 28, 2020

Corporate Internet Users Watch Out For Conti Ransomware

Although you may not be familiar with the name, a strain of ransomware called "Conti" is surging in popularity on the Dark Web and seeing a rapidly growing number of installations, so it's definitely one to be on guard against.
Advanced intel's Vitali Kremez has been tracking this strain since it first appeared in late 2019.

According to Kremez, the code appears to be an offshoot of an older strain of ransomware called Ryuk. The number of active installs of Ryuk has been declining for a few years now, while the number of Conti installations increases at virtually the same pace.

Kremez, had this to say about the new ransomware threat:



"Based on multiple incident response matters and current assessment, it is believed that Conti ransomware is linked to the same Ryuk ransomware developer group based on the code reuse and unique TrickBot distribution. The same distribution attack vector is used widely by the Ryuk deployment group."

 While there are a number of interesting aspects to the design of Conti, one of the most interesting is the fact that it utilizes 32 threads during the file encryption process. While multi-threaded ransomware Florence SC isn't new or unique, Conti is the first to use 32 threads, which makes it stand out and allows it to encrypt a machine with blinding speed.

The advantage to the attacker here is that the attack might be over before a victim even realizes what's going on. On the other hand though, a wary, observant user might notice that the machine's performance takes a sudden nosedive, which is a red flag that something is wrong. That gives IT professionals a small window to deploy countermeasures and potentially stave off the attack.

The other interesting aspect of this code's design is the fact that it utilizes the Windows restart manager API to close open files. Again, while not unique, it is something not used by many malware strains, which sets Conti apart.

In any case, it's a serious and growing threat, and one your staff should be briefed on and prepared for.

Call SpartanTec, Inc. and let our team of IT experts set up effective cybersecurity measures that can keep ransomware and other possible online threats at bay. 


SpartanTec, Inc.
Florence, SC 29501
843-396-8762
http://manageditservicesflorence.com
Posted by at No comments:
Labels: , ,
Location: Florence, SC 29501, USA

Thursday, July 23, 2020

Is DIY Cybersecurity Possible? — SIEM Tools vs. Solutions


We’ve all done it before — searched for how-to instructions on something we feel like we should be able to do ourselves. Whether it’s how to tie a bow tie, how to change your oil, or how to repair a TV, people are constantly looking to do things themselves. There are activities that are beyond our actual ability to do, but can you blame any of us for trying? No, we have the information, resources, and always the desire to save money. That being said, one of the things that is likely beyond DIY abilities is combating cyberattacks for your business.

There are what feels like an uncountable amount of cybersecurity Florence SC services that are created to help the wide variety of companies protect the personal and financial information of their customer. These services are best supported by cybersecurity companies but far too often business owners and managers look to buy the tools and attempt to do it themselves. The problem is, can you really learn everything you need to about things like SIEM and then manage to fight off hackers?

This blog is created to explain why you not only need cybersecurity tools, but also cybersecurity companies to provide you with actual solutions.

SIEM Systems Need Constant Management



As you may already know, depending on the SIEM system, there are different kinds of emphasis for the different services. No matter if the SIEM tool is made by Intel, IBM or Fortinet, the overall goal of being notified of attackers is the same, however, one may have a larger range of coverage for devices and log types while another may have a specific log manager that picks up different readings. Whatever it may be, the system will collect information and present an analysis on the servers, but to optimize your security, there should be someone managing the system the entire time.

Look at it this way, let’s say you want to build a shed in your backyard to protect some equipment and toys from the rain, snow or sun, and you have a hammer, plenty of nails, wood, and a few other tools. Unfortunately, nothing will get done if you don’t pick up the hammer. While it is great that you have the necessary tools and supplies, you will never build a shed to protect/shelter your equipment and toys if no one is utilizing the tools. It is the same with these SIEM services, or tools — without a full-time individual, ideally from a professional cybersecurity company, you are at risk of missing critical notifications and real threats.

Why Cybersecurity is not a DIY Product

 Now, if you don’t necessarily think this is the case and you feel confident that you’ll be able to check up on the program every now and again, you might want to reconsider. If you didn’t already know, there were 668 million breaches in the U.S. just last year alone (the year before, there were over 1.5 billion breaches); this means that over 668 million times confidential information was exposed without authority. Also, 38 percent of the world’s cyberattacks are targeted at the United States. While it is a law to secure your customers’ information, these numbers alone are enough reason to understand the necessity to invest in a solid cybersecurity company’s services. So, with a constant attack from unseen sources, are you really all that confident that you’ll be able to manage it all yourself?

Let’s again assume you are adamant in doing this all yourself, are you proficient in programming Java or C/C++? Do you understand web application technologies? Linux Operation Systems? Telephony Technologies (Analog and IP)? Okay, well…maybe you don’t but you can learn, right? If that is the case, are you planning on learning on the fly from a couple of YouTube videos? It’s not that we want to discourage you from learning, but it’s just a matter of being realistic. Trying to install a SIEM program and then following a manual to figure out how to make everything work is about as easy as putting a 4th grader, who is now able to read decently well, into a college-level biology and expect them to do well. the information is right in front of them, but can you really expect that? The answer is obvious.

Maybe we aren’t giving you enough credit and you actually do understand all of these things — if that is the case, good for you for sticking with this blog and reading all the way to here — but can you handle reading all the analyzed data for every device for your entire company every day? That’s where the benefit of hiring a cybersecurity company to manage the entire SIEM system for you comes into play. Not only will you have a service that is linked to your server, but you will also have a team of experts constantly reviewing your system for dangerous activity. With just the SIEM tool at your disposition, you may be alerted when a breach is detected but what will you do from there? A team like this, will not only notify you but also provide you with a solution.

The wisest thing you will do when you are looking to increase your company’s cybersecurity is to not only purchase one of the many tools that are on the market, but make sure you also have a cybersecurity company on your side providing you with all the readings solutions you need. Need help? Contact SpartanTec, Inc. today!



SpartanTec, Inc.
Florence, SC 29501
843-396-8762
http://manageditservicesflorence.com
Posted by at No comments:
Labels: , ,
Location: Florence, SC 29501, USA
Subscribe to: Posts (Atom)