Friday, December 2, 2016

How constant data breaches are making people lose trust in technology


“In today’s digital business environment, trust is built on two major components: ethics and security. Trust is the cornerstone of the digital economy.” - Accenture Technology 

The Internet Society (ISOC), expressed a concern that constant data breaches are seriously affecting people's trust in technology.

Digital trust is actually not a process but rather a result of  secure relationships  and communications 
between companies, end users, partners and employees.

Security experts are continuously underlying that empowering digital trust doesn't only mean investing in technology but rather in organizational's mindset, which constantly develops and adjusts to ever accelerating threats.

In the Global Internet Report 2016 released by ISOC it was highlighted that there should be more incentives for breached organizations in order for them to invest in cyber security otherwise the breaches will continue. 

In just first half of this year there was 3.04 million compromised records which means that 35 records were compromised every second. This fact about compromised data presents a failure in cyber-security investments.




Since the amount of data breaches are in an tremendous increase over the years, the logical and expected consequence is customers loosing trust in technology. According to a new research conducted by Centrify 66% of U.S., 75% of U.K. and 57% of German consumers are likely to stop doing business with a hacked organization.

Consumers admit that, nowadays, they are more likely to expect from a business to be hacked and not to be protected. On the other side, half say that businesses are taking care for their customer's online security.

Even thought investing in cyber security is a must for businesses, only 1 out of 3 organizations is actually planning to do so.

CEO, Olaf Kolkman, of The Internet Society (ISOC), highlighted few recommendations for organizations in order for them to avoid cyber attacks in the future and to keep digital trust stable.  One of them is related to transparency of data breaches. He believes that transparency about cyber security and incidents in this field should be a must and that people worldwide have to be aware about these matters.

He also refereed to the fact that businesses and government should work more in this field and come up with a strategic plan which will help decrease the data breach stats.

Organizations have to work on the company's mindset when it comes to cyber security. Besides securing their network, they need to keep their programs always up-to-date, their communication channels secure and most importantly to share awareness among the employees how to deal with online cyber threats and social engineering.

If this trend continues to grow it is clear that if businesses don't reduce the risk of a cyber-attack they will reduce the number of their customers. Loosing customers for a company also means loosing money. Better invest a small part of that money in cyber security and never experience a data breach again.

Stay safe.




Wednesday, November 16, 2016

Zemana AntiMalware is your #1 protection strategy against ransomware


As Cyber world grows bigger every day, cyber security problems grow with the same speed and in some cases even faster.

Ransomware has become one of the biggest problem in cyber world and number one security problem for organizations and individuals as well.

It doesn't request advanced hacking skills and the "pay" is good. Easy money in short.

This has brought that ransomware variants increase every year  massively and it doesn't show any signs of stooping.  Since December last year security researchers recorded a growth of 600% in new ransomware families.

With regards to pay outs,  in last year ransomware victims payed in ransom around 24 million USD. In the first quarter of this year victims payed closed to $209 million and security researchers estimated that by the end of 2016 it will reach up to 1 billion USD.

Here are some more facts about ransomware:

However, as much as it is important to share awareness on ransomware and the impact it can produce it is even more important to have good security tools in the market that can defeat any ransomware variant in the wild.

In October 2016, Avlab.pl tested and analyzed various security tools in the market in order to find the one that can provide the best ransomware protection and make individuals and organizations worry-free. The objective of the test was to check a real protection provided by security software against threats of crypto-ransomware to home users and small and medium businesses.

They have tested, various security tools which are available in the market, with default settings and in an identical test environment under same conditions and on the same basis.

For testing, Avlab.pl has used 28 malicious software files of crypto ransomware while among others there were: Cerber, CryptXXX, DetoxCrypto, Hitler Ransomware, HolyCrypt, Locky, Numecod, Petya, Jigsaw,Vipasana, Stampado and many others.

In the category for home users, Zemana AntiMalware is one of the applications that got the highest score in ransomware protection. You can read the full report here.


Just recently, also MRG Effitas, UK independent security test house, conducted a test where they have analyzed different kind of globally known security products and their ransomware protection feature. Zemana AntiMalware claimed the top spot and proved to be the best ransomware protection in the market. Read full report here.

Even though ransomware is on rise, the good news is there are security tools that can help you defeat ransomware. Besides, there are some must have tips to follow in order to avoid ransomware effectively.

Stay safe!



Friday, November 4, 2016

What are bootkits and rootkits and why are they so scary?


While its hip and trendy to write and talk about ransomware variants, we should also not forget to spread the word on malware that is located deep into a machine’s boot process or firmware and which can get unrestricted access to the entire computer. The ones that keep malware analysist bump their head on the wall and make them want to change their career and run far away from everyone and everything.


So, what are these nightmare viruses that make malware analysts go crazy?

They are called: Rootkit and Bootkit. Doesn’t say a lot so here is a little bit info.

A Bootkit infects the Master Boot Record (MBR) with its ability to get load into the Windows Kernel and bypassing full volume encryption, because the Master Boot Record is not encrypted. The master boot record holds the decryption software which asks for a password and decrypts the drive. The “special” feature of bootkit is that it cannot be detected by usual means of an operating system because all its components reside outside of the standard file systems. 

A Rootkit is a program and sometimes even a set of programs that hides and embeds itself deep into computers operating system and allows remote users to operate and control the computer's operating system.  While rootkit opens the door to areas which are forbidden to unauthorized users it also has the possibility to hide presence of its existence.  

"Root" stands for a UNIX/Linux term that's the equivalent of Administrator in Windows and “kit” refers to the software components.

They have been around for 20 years but once they have been found they didn’t have any malicious character but over a while cyber criminals found the nature of rootkits as very interesting and useful for malicious attacks. 


What is the biggest issue?

Due to their possibility to hide very deep and to embed themselves into the operating system in such a way that allows many legitimate and important function calls and data to be passed through their oversight it can be very hard to remove them. Some researchers made it simpler to understand by comparing it to a hard-water filter installed on your water pipe system right outside of the point where the water enters your house.  So, in case you remove this filter, a problem will emerge with your water correctly getting into your house.  The same goes with a rootkit. You cannot remove it that easily since you can break some vital functionality of the operating system and make create even worse damage. Removal is not easy and when dealing with  these kinds of infections removal may require specialized software tools

Zemana Labs spend a lot of time and invested years of experience in order to create the best possible rootkit and bootkit remediator. Due to the high malicious nature of the infection Zemana made it free to end users so they can effectively remove deep embedded rootkits and rootkits without damaging any vital functionalities of the operating system.

MRG Effitas defined it as the best rootkit remediator. 

Download Zemana AntiMalware Free here

To have proactive protection and never let any of these infections get near your PC install Zemana AntiMalware Premium and stay worry free. 

Stay safe!




Thursday, October 27, 2016

Protect your business from ransomware attacks by following these 5 simple steps


The rise of ransomware has financially damaged thousands of organizations and individuals worldwide in the last couple of years and it will only get worse. Herjavec Group stated in one of its reports that the cost of ransomware attack could reach up to $1 billion this year.

In the Hackerpocalypse: A Cybercrime Revelation report it is estimated that last year cyber-crime victims pay out $24 million to ransomware attackers. However, this year in just the first three months they pay out $209 million and it is estimated that the total cost will reach up to $1 billion by the end of 2016. In 2015 the overall annual cost of global cyber-crime was estimated to be $3 trillion but in 2016, as according to overall situation, it is estimated to double.

Having in mind that the cost of the ransomware attack could reach this much makes us overthink our actions. Many experts believe that organizations and individuals who think that there is no other option but to pay the ransom, have led to the massive popularity of ransomware attack among cyber-criminals.

Since ransomware itself has a profitable nature, cyber-criminals will not only continue deploying ransomware but they will also start attacking bigger and bigger targets in order to get more money. On the other hand, the safe net of the bitcoin has led to a safe and easy demand of money so the question that arises here is: Why would they stop?!

Well they won’t and because of that you have to plan your best defense strategies.

For a business getting attacked by a ransomware means losing sensitive data, money, time, reputation, productivity, corporate or personal finances, sensitive employee data, and other valuable content.
However, the good news is that there is a lot of practices a business can do to protect their data, their employees and their customers. Below you can find few of them:

SHARE THE WORD ON CYBER SECURITY IMPORTANTCE IN YOUR ORGANIZATION

While many organizations think it is needles to talk about the cyber risks an organization faces and analyze the consequences of taking the risk, we on the other hand cannot overstate the importance of this practice.

Here we are not talking only about ransomware attack but also about a growing number of advanced threats which are lurking around your business. By simply believing that the ransomware attack will not happen to your organization doesn’t help much.

The management of a company must understand the risk they are dealing with and come up with concrete ways how to overcome it.
Cybercrime is not a joke and people behind it are serious experts with a pretty much defined target list and goals.




DEVELOP BUSINESS SECURITY POLICIES AND FOLLOW THEM

Since many organizations have not yet developed and published detailed cyber security policies we strongly recommend that while you share the awareness on cyber security importance in your organization you should also focus on development of detailed and thorough policies.
These policies should cover every tool (social media accounts, web, emails, mobile and PC devices and etc.) that your IT department has deployed or that is used within your internal infrastructure.

They should include legal obligations to encrypt emails and other tools that contain sensitive data, to control any device that is connected to the organization’s system and to constantly check and monitor communications within organizations networks for a possible hidden malware.

Established policies will not 100% protect you from ransomware or any other cyber-attack but they will certainly be useful in limiting the number of tools that employees use when accessing organizations resources and they will also be useful in reducing the number of malware attempts which can access your network.

ALWAYS KEEP EVERYTHING UP-TO DATE

Every application, system and software that is used in your organization should be checked regularly for vulnerabilities and brought up-to-date using the latest patches from vendors since open system vulnerabilities can allow cyber-criminals to successfully intrude corporate loss defense system.

BACK UP, BACK UP, AND ONE MORE TIME BACK UP

The most common and best advice you can get is to back up and don’t just knock with your head after your read this. Do it!



Regular up-to-date backups are the most reliable method for recovering lost or infected data. In order to be more effective, Gary Warner advises that a backup must be “serialized”, with older versions of files available in case newer versions have been corrupted or encrypted.

Ransomware tries mostly to encrypt data on a connected network therefore the best would be to store the backed up data in an offline environment far away from ransomware attacker’s eyes.

DEPLOY PROACTIVE RANSOMWARE PROTECTION

Cyber criminals will easily find a way to attack an organization that doesn't do regular backups and failed to invest in need-to-have anti-ransomware solutions. It is always wiser to choose ransomware protection over expensive pay outs to hackers. Every organization should implement a cyber security solution with a specific emphasis on the ransomware protection capabilities.

Follow the above mentioned steps and you will never get in the situation to pay to cyber criminals. Remember to install a proactive ransomware protection that is always up-to-date and continue doing your business worry-free without worrying that any minute your data can be stolen.

Do an analysis of various ransomware solutions. Here you can find a report on best ransomware solutions that can help you out in making your decision.





Saturday, October 22, 2016

One of the largest DDoS attacks was recorded: Twitter and PayPal shut down while CNN experienced problems


Hundreds of thousands of devices such as web cameras and other digital recording devices were infected on Friday with the so-called. Botnet in order to affect loading of some of the most visited websites in the world.




The attackers had an obvious goal - to block or slow down global sites using everyday devices. Among the affected sites to find are Twitter, Paypal and Spotify, and all three are belong to Dyn from the United States, which plays the role of switchboard for Internet traffic, according to Guardian.

The attack took place first in the eastern part of United States, then began to spread to the rest of the country, while the effects are registered in some of European countries as well.

In addition to these pages, users have had problems with access to portals such as: Mashable, CNN, New York Times, Wall Street Journal and Yelp, including several pages owned by Amazon.

Hackers attack used by the web cameras and DVRs infecting them with botnet that can be described as an assistant in the creation of DDoS attacks. This type of attack, busy with certain internet service artificial traffic which impedes access to "normal" users.

Dyn has issued a statement in which he confirmed that the DDoS attack came from the millions of sources, which is classified as the one of the largest carried on the attack so far.

After the first wave of attacks was followed by a second and then a third that was recorded Friday night. The problem lasted for several hours.


Thursday, October 20, 2016

Arm your Android device with an anti-keylogger


Checking your Android device, from time to time, for a secret keylogger that is able to record whatever you do, will certainly not harm you. But doing nothing and letting an app do everything for you sounds even better. 

Secret spy in your device

Having your data stolen is definitely not your dream scenario. If we go back in the near past, we can localize few keylogger attacks on Android devices that made the security alerts for Android users go high up! 

The scene with Flash Keyboard was definitely among them. The app was actually among the most popular apps on Google Play Store if we look at the download rate, until cyber security companies revealed that the app was stealing users' data without their permission and then sending the info (GPS location, email address and etc.) to various servers located in China, United States and the Netherlands. Once found out Google removed the app from the store. 
Another keylogger attack scenario happened with the perfect legitimate Android Keyboard application – SwiftKey that was infected with a Trojan that turned the app into a keylogger.






Anti-keylogger – let’s keep private as private

Having in mind the above scenarios, which are not the only examples of keylogging attacks, and the fact that more and more advanced versions of keyloggers are coming to the surface – a security shield is highly needed.

Anti-keylogger feature for Android devices keeps your private data as private and besides a usual malware scanner and real-time protection that most of the security apps have, the anti-keylogger is an additional layer of protection which is specifically designed to detect and block the keylogger that may be lurking around in your device. 

It detects malicious keyboard applications, password managers and SMS applications that track everything you type, even legitimate keyboard applications which are modified by hackers.





Wolf in sheep's clothing

Downloading a security app is the first step in securing your device but what is even more important is the human factor which in many cases leads to these attacks. Advanced version of keyloggers have the ability to trick users worldwide, like a wolf in sheep's clothing, in order to get what they want. Simply by putting a nice mask, something that we are familiar with, they are covering their real malicious face. It is always good to download an app from reliable sources and to always review what is the app asking us to do. By simply clicking next, next, next and agree can lead to many unwanted situations. 


Scan the below code to download the app:




Tuesday, October 11, 2016

Zemana Hackathon



Güncelleme (Tarih 12.10.2016)

15 Ekim Cumartesi günü düzenleyeceğimiz Hackathon aşağıdaki adreste düzenlenecektir:

Yer     : Difose Uygulamalı Eğitim Merkezi
Adres : Ümit Mah. 2481.Sok. No:6 Ümitköy 06810 Çankaya-Ankara (Koru Metro Durağına 250 metre)

Tüm katılımcıların dizüstü bilgisayarlarına aşağıdaki uygulamaları kurmaları gerekmektedir:
- Microsoft Visual Studio Community 2015
- Google Chrome
- Google Chrome Postman

---------------------------------------------------------------------------------------------------

Merhabalar,

15 Ekim Cumartesi günü Ankara/Ümitköy'de ekibimize yeni dahil olacak takım arkadaşımızı seçmek için 12:00 - 16:00 saatleri arasında 4 saat sürecek bir Hackathon düzenleyeceğiz.

Detaylar hakkında bilgi alabilmek için cv@zemana.com adresine email atabilirsiniz.

Çevrenizde ilgilenen arkadaşlara bilgi verebilirseniz çok mutlu oluruz.

NOT: Kontenjanımız 18 kişi ile sınırlı. Şu anda katılacağını bildiren 8 aday var.