There’s a direct link between the amount of legacy applications and IT infrastructure any organization has installed and an organization’s overall security posture. The longer applications and IT infrastructure have been deployed the more likely it is that cybercriminals are exploiting some vulnerability. It’s even probable that vulnerability is a known exploit. The patch for that vulnerability, however, has been overlooked by an IT organization that is either overworked or simply uninformed.
Maybe it’s happened to someone you know, or maybe it’s already happened to you. You sit down to work, only to find that you can’t access your important files. Worse yet, a message appears on the screen to tell you that your data has been encrypted, and that you’ll only get the decryption key if you pay a significant ransom.
At this point, most people don’t know what to do. Business screeches to a halt while you search for advice, help, a way out. But the truth is, if you haven’t taken steps in advance to prepare for a ransomware attack, by the time it gets this far, you will likely just have to pay up.
Tax season is coming to an end, but unfortunately the IRS and tax-related scams are not slowing down. In this month’s Threat Spotlight, we discuss W-2 fraud and why it can be even more successful after tax day.
The Barracuda Email Threat Scanner scans and analyzes thousands of corporate mailboxes daily across the world, giving us an interesting view into some of the more targeted phishing and spearphishing attacks. Attackers continue to evolve their tactics to evade spam detections and target unsuspecting users.
W-2 Phishing Scam – attacker uses multiple techniques to trick someone into sending the employee W-2 forms
The words “defining cloud project” or “born in the cloud partner” can be scary terms for traditional VARs who don’t have a strategy to address their customers’ immediate and future cloud needs. The good news is that having the “cloud talk” with customers is something we’re doing quite often these days, and we’re eager to help Barracuda partners develop a strategy to address security and data protection in the cloud. As this trend continues to grow, there’s probably no one more qualified than VP of Channels, Ezra Hookano to elaborate on the importance of not only having the “cloud talk” with customers, but what partners will need moving forward to expand their businesses with cloud customers.
Amazon Web Services (AWS) is participating in a really cool event this week. On Wednesday April 26, NASA astronaut Peggy Whitson will take part in a panel on the role of advanced imaging and cloud technologies in scientific research and filmmaking.
Peggy Whitson is the commander of the International Space Station (ISS), and just broke the record for the most time in space. She’ll be joining the panel from the ISS, via the highest resolution video ever broadcast live from that location. You can watch the live stream here.
The high quality of the live stream is made possible by an encoder from AWS Elemental Media Services, which was delivered to the ISS by a Japanese cargo craft last December. The crew integrated it into the UHD-ready cameras that were already aboard the station.
The really empowering piece of the public cloud innovation story is that the cloud is so accessible, even individuals and the smallest organizations can use it. For example, this computer programmer used Amazon Polly and Raspberry Pi to build assistive technology for his son. This is an amazing story:
UK organisations of all sizes are under cyber attack from a persistent and dogged online enemy. They’re not alone in this, of course. But several new reports over the past few days have highlighted the sheer scale of the threat facing them. The British Chambers of Commerce estimated 20% of businesses have suffered an attack over the past year, while the government (pdf) put the figure at nearly half (46%). Both may be significantly underestimated given the current lack of mandatory breach reporting in the UK and the fact that many organisations suffer from a lack of visibility into key systems.
However, with strict new European data protection laws set to land in little more than a year, there’s no time to waste. UK firms urgently need to improve their defences. It will require a combination of people, process, and technology, but needn’t be overwhelming.
There’s generally not much love being lost between credit card companies and providers of retail services that rely heavily on credit card transactions. The credit card companies recently began embedding chips in their cards that forced every retailer to upgrade their point-of-sale (PoS) systems at great expense. The theory is that credit cards embedded with chips will result in better security because the data on the card is encrypted. However, regardless of whether a credit card has a chip every card still has a magnetic stripe on the back of the card. This was intended to make it simpler for retailers make the required PoS system upgrades over an extended time. After all, not everyone could be issued a new card overnight. It also turned out the PoS upgrade process has been deeply flawed.
As you can imagine, ransomware has become a big business for cybercriminals. Here are some quick numbers to give you a picture of just how big it has become:
- In 2016, the rate of ransomware infections increased 500% in 8 months.
- On average, a ransomware variant will infect between 30,000 – 35,000 devices in a month, with some variants reaching up to 150,000 infections.
- There were 50 new variants of ransomware developed each month during the first six months of 2016
- During that same time period, one unknown ransomware actor (individual or group) made $94 million in profit
- Cerber ransomware brought in $195,000 in payments in July 2016
- Ransomware profits are expected to reach $1 billion in 2017
Millions of people have turned to Office 365 and other public cloud solutions to meet their productivity and collaboration needs. Microsoft’s FY16 Q4 results revealed better-than-expected performance, with growth across multiple products and segments. For example, compared to prior year:
- Azure compute usage has doubled, and cloud revenue is up 102%
- Office and Dynamics (Microsoft Productivity) segment increased 7%
- Office 365 commercial seat growth is up 45%
- Microsoft Intelligent Cloud grew 7%
You can see more details in this earnings release from Microsoft.
The US Food & Drug Administration (FDA) has recently issued a final set of nonbinding recommendations on the digital security of medical devices. In a (pdf) document issued late last year, the FDA stated:
A growing number of medical devices are designed to be networked to facilitate patient care. Networked medical devices, like other networked computer systems, incorporate software that may be vulnerable to cybersecurity threats. The exploitation of vulnerabilities may represent a risk to health and typically requires continual maintenance throughout the product life cycle to assure an adequate degree of protection against such exploits. Proactively addressing cybersecurity risks in medical devices reduces the overall risk to health.
The FDA last issued set of recommendations for medical devices in October of 2014. Although the set of recommendations are nonbinding, the manufacturers are required to notify the FDA if a flaw in a device led to a patient being harmed.