Tag Archives: phishing

Things That Lie In Wait

crocodile-small

There are many shows on cable today that portray instant recognition of a breach. To repeat what all others in the actual cyber industry say . . . not realistic.

Think of the scenario where an employee opens a file or accesses a malicious Web site. Step one is done. Nothing happens; the employee shrugs his or her shoulders and moves on. Nothing happened, so we are all good, right? Wrong. In reality, malware can happen behind the scenes with no visual effect at all at the time of being infected. The malware is just lying in wait. It either waits for an external signal–a preprogrammed time or until a specific action on the host computer is done. A hacker then would have access to look around, doing nothing noticeable, just checking things out . . . until the time that he finds what he wants.

Six months pass. All of a sudden, systems are breached, potentially causing loss of controls, data, or financial information. And no one knows where or how it happened until a thorough investigation finally points back to the past point in time.

It sounds unavoidable, right? No, it’s not unavoidable but the chances increase all the time that it will happen to your business. But if you take steps to protect and prepare as much as possible, the damage can be potentially avoided or at least somewhat overcome.

How? Here are 5 steps to try to avoid or quickly recover from a breach:

  1. BACK UP!!! Enough said. Think cloud, separate, secure, and frequent. Ransomware, a type of malware, takes over your files and holds them hostage. With a secure and separate backup, your business can go on operating.
  2. Train. Train your employees for anything that could happen. Teach them about current cyber threats; keep them informed. They can be considered an additional “firewall.”
  3. Use patch management. The days of worrying about how frustrating the changes will be from new updates are over. Patch consistently . . . because many of the patches today are security related and crucial to staying protected.
  4. Apply multiple layers of security. Your firewall will not protect you from a threat that originates internally. And yes, many happen using some form of an internal breach such as phishing and e-mails with malware links, or by way of privileged credentials whether internally or from a breach at a third-party contractor. Get a comprehensive employee Web-use security solution that will block access to malicious sites and links.
  5. Monitor. Watch it all. You will see trends, user behavior, and anomalies. Monitor network activity and the activity that accesses the Internet. Guest Wi-Fi networks, BYOD, and employee Web use should be included. Make sure you have visibility into what is going on with a solution that not only provides real-time monitoring, but also forensic-level detail reporting easily accessible by both IT and managers.

Overall, taking steps to ensure your business is protected is crucial, but know that you can still keep critical business operations functioning following any type of breach. Providing proactive solutions to protect, secure, and manage your business’s Web use in a cost-effective, agile, and customer-centric way is what we do. Let us help.

About Wavecrest Computing

Celebrating 20 years in business, Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and Cloud Access Security Broker products since 1996. Managed Service Providers, IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has clients worldwide, including General Electric, Lockheed Martin, Florida Department of Health, Siemens, Department of Homeland Security, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit https://www.wavecrest.net.

Potential Victims to Very Smart Thieves

cat paw stealing cookie

Employees need to know what their employers’ philosophy is behind technology. Does my employer want me to use whatever app I choose? Can I just store and share work information where it is most convenient for me? Will my employer listen when I explain how much my cloud app does to improve my workflow? If you as the employer listen, you could save your business from an incident or a serious breach.

It is amazing that the news is filled with data breach, data loss, ransomware, and spear phishing, and yet many businesses still think they are immune from an attack. If you are connected to the Internet, you are a highly susceptible victim. Do not take this to mean that you should not run your business with the highly efficient and collaborative tools that cloud services offer. It just means think and act to protect your enterprise assets and employees.

Let’s first cover where a major number of incidents start. Your enterprise weakness . . . the employee. It doesn’t matter if you have the best employees in the universe, they are human. Hackers perfect the way they attack; that is their job. They have become so good at what they do that good employees send out W-2s, transfer millions to banks in foreign countries, and hand out their logon credentials without question.

Now let’s talk about what you can do to help your employees to not become victims.

  • Educate them; make them a part of the process. Communicate. It is everyone’s fight.
  • Go ahead and make your most techy employee an honorary go-to person for others with questions.
  • Gain visibility with proactive monitoring tools. Trust me–this is not an employee privacy invasion. You need to know what is going on first; then make informed decisions.
  • Make sure there is a process in place for an employee who questions something. Make the process part of your Acceptable Use Policy (AUP).

And then the important basics we all know, but are worth repeating . . .

  • Back up regularly and make sure your recovery process is tried and true. Think ransomware attack recovery, so keep it where you can get to it but others can’t.
  • Patch – There is no longer an option to do updates. Many are for security, so just do it and do it consistently. It’s patch management, not patch whenever.
  • Passwords – Maintain, manage, and get creative. Use a password manager if needed.
  • Off-boarding – Make sure to purge all credentials for ex-employees or contractors. How do you know if they are still there? Monitor!!
  • Layered security – Get a firewall, but don’t expect all-in-one add-ons to be impressive. For example, don’t expect the firewall Web-use reporting feature to provide comprehensive and interactive reporting capability. Invest in the solution that means serious employee Web-use reporting business–no more wishy-washy reports that are useless.

Think and act to protect your enterprise assets and employees. Take some time to communicate with your employees about the exploits that they may fall prey to. It is not their fault; they are not an “insider threat” but a potential victim to very smart thieves.

About Wavecrest Computing

Celebrating 20 years in business, Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and Cloud Access Security Broker products since 1996. Managed Service Providers, IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has clients worldwide, including General Electric, Lockheed Martin, Florida Department of Health, Siemens, Department of Homeland Security, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit https://www.wavecrest.net.

Enhanced Malware Protection

Wavecrest Computing is pleased to announce an enhancement that delivers a tenfold increase in CyBlock’s ability to protect computer networks from malware and Cyfin’s ability to identify increasing security threats. Here is some background information.

Malware is the scourge of the Internet. The term “malware” includes computer viruses, worms, Trojan horses, spyware, adware, and other malicious programs that can disrupt computer operations, gather sensitive information, or gain access to private computer systems. For Wavecrest’s purposes, malware also includes Web sites that support hacking. Most malware originates and is spread from particular Web sites. Unfortunately, many thousands of such sites exist today, and to make matters worse, the number is growing steadily every day at distressingly fast rates.

The malware problem is not new to Wavecrest. For a number of years, companies have been using CyBlock and Cyfin products to protect against and identify automated invasions of malicious scripts and software, and unauthorized access to their internal networks–the two major problems caused by malware. CyBlock provided protection–under customer control–by blocking and reporting on employees’ attempts to visit sites in 3 of more than 70 URL List categories: Hacking, Phishing/Fraud, and Spyware/Malicious.

While this methodology was effective, it was not perfect. The difficulty lay in keeping the URL List up to date in the face of the relentless and rapid increase in the number of malware-spreading sites. This issue has been addressed with an enhancement that significantly improves the ability to keep the list current.

At the same time, three related categories, Hacking, Phishing/Fraud, and Spyware/Malicious, have been consolidated into one called Malware. This consolidation increases the ease of administration for customers.

This enhancement with its improved URL List is included in the latest release of CyBlock v.6.8.0 and Cyfin v.8.8.0. To realize its benefits as soon as possible, it is recommended that you upgrade your CyBlock or Cyfin product as soon as you can. Wavecrest will continue to update the enhanced list daily and make it available for download by customers. The download process remains unchanged.

You can schedule the list to be downloaded automatically every day, or you can download it manually at any time. In any case, as soon as it is downloaded, you will immediately begin to receive the added protection and see a significant reduction in the number of security threats to which you may be exposed.

To download the latest release, go to the Administration – Product Update screen in your CyBlock or Cyfin product. For additional assistance, please contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

Cyfin Release 8.8.0 and CyBlock Release 6.8.0 Now Available

We are excited to announce the release of two major enhancements in the new version of Cyfin and CyBlock. The first major enhancement is the new SSL Inspection feature that allows our CyBlock products to decrypt, analyze, and fully inspect all HTTPS traffic. In order to defeat security threats facing companies today, SSL Inspection is essential. The second major enhancement is an innovative technique for protection against automated invasion of malicious scripts and software and/or unauthorized access to internal networks. Enhanced Malware Protection automates the process of identifying large numbers of new malware-spreading sites daily. To facilitate identifying and blocking malware traffic, three security threat categories have been consolidated into a new Malware category.

Other enhancements in this release include the rebranding of our products, new product icons displayed after installation, and new product Help. We also have a number of corrections in this release. The details of the enhancements include the following:

  • Product Rebranding.The Wavecrest products have been rebranded as follows:
    • The products offered are CyBlock and Cyfin (formerly Cyfin Reporter).
    • Three deployment options are available for CyBlock:
      • CyBlock Software (formerly CyBlock Proxy)
      • CyBlock Appliance
      • CyBlock ISA/TMG
    • These changes are reflected on the Wavecrest Web site and the Forum. They will eventually transition to the products and associated documentation.
  • SSL Inspection.This includes the following changes:
    • Ability to view the full URL including path, embedded URLs, and parameters.
    • Domain, path, and parameter matching.
    • Ability to filter detailed HTTPS traffic by Web categories and Web content types and display blocking messages for both.
    • Safe Search blocking (where applicable).
    • Ability to view full URLs in the Real-Time Web Monitor.
    • Ability to view full URLs in the following reports (where applicable), not just domains:
      • Category Audit Detail
      • Category Audit Summary
      • Site Audit Detail
      • User Audit Detail
      • User Audit Summary
    • A new SSL Inspection screen that allows you to select groups and/or IDs and standard and custom categories to be inspected. To access this screen, go to Advanced Settings – Proxy Settings – SSL Inspection. For inspection to occur, you must select a group and/or an ID, and set a category to Inspected. The Financial category is set to Tunneled by default for privacy reasons, but this can be changed to Inspected.

Note:  Before using SSL Inspection, the Wavecrest Certificate must be installed. Refer to the Wavecrest Certificate Installation Guide for instructions on how to install/distribute the certificate. For more information on this enhancement, see the SSL Inspection Tech Brief.

  • Enhanced Malware Protection in URL List.This includes the following changes:
    • Extensive malware site additions were made to the URL List. You will receive the enhanced protection when the list is downloaded manually or automatically.
    • The Hacking, Phishing/Fraud, and Spyware/Malicious categories were consolidated into a new Malware category.
    • Custom URL entries categorized as Hacking, Phishing/Fraud, and Spyware/Malicious are now categorized as Malware.
    • The Hacking, Phishing/Fraud, and Spyware/Malicious categories were replaced by the new Malware category on appropriate screens and in all category drop-down boxes.
    • For CyBlock, on the Block Web Categories screen, the Malware category is set to “Block” in the Default policy in new installations by default. In existing installations, previous settings will not change when the product is upgraded, that is, the Malware category will be set to the previous Spyware/Malicious category setting.
    • The Malware category is displayed on the Help – Reporting – Check URL screen under URL Category Match when there is a category match.
    • Scheduled reports now report on the Malware category if they were set up to report on the Hacking, Phishing/Fraud, and Spyware/Malicious categories.
  • Product Icons. The Wavecrest product icon has been replaced with new CyBlock and Cyfin product icons on the Start menu and on the browser tab (favicon).
  • Product Help. The QR pages in the product have been replaced by a new searchable Help system. The Help system has a similar TOC as the product manual, but also includes an Index and a Search box. If a search result indicates “Web site,” you can right-click the entry to open the page in a new tab or window. You can also print a displayed Help topic by clicking the Print button.

To see the full release notes for your product, visit the Support Forum. You can download the latest release by going to the Administration – Product Update screen in your Cyfin or CyBlock product.

For additional assistance, please contact us.