This past Sunday, my family took the opportunity to visit a neighboring church. The church we attended also offers a Christian school where my kids are attending this year so we were curious to check things out. My wife and I really enjoyed the preaching, as the pastor was concluding a sermon series titled “Heartbroken” covering the book of Hosea. The main message centered on the theme of ‘Breaking Up Fallow Ground’, and the pastor reminded the congregation of a pledge they made back in January. As a visitor I am not aware of all the details, but from what I could gather, at the start of 2015, the church as a whole made a few commitments to better themselves and their relationship with the Lord- some of those included praying nightly with our spouses, getting into the Word daily, encouraging baptism, etc. To solidify their pledges, members of the congregation signed a huge banner and the banner was hung above the entrance to the main sanctuary. The (humbling) point the pastor was trying to make was that in looking back over the first nine months that have passed since these commitments were made (with likely 1,000+ signatures), little of what was pledged was actually carried out. After I heard this point being made, I was interested to review the security predictions we made back in January to see where things stand now, nine months later.
My reassessment of January predictions showed that we really emphasized three keys points:
1. High-Profiled Attacks Will Increase.
2. Mobile Malware Will Surpass Windows Malware
3. Ransomware Will Continue Its Dominance
High-Profiled Attacks Will Increase
The year 2014 ended with many online and big box retailers getting hacked or being on the wrong end of a security breach (think Target, Home Depot, etc.). We didn’t have to wait very long into 2015 to see this prediction come to true: We saw huge data and security breaches with JP Morgan Chase and then Anthem (and up to 80 million of its customers) in the first quarter alone. Regarding the Anthem attack which was rumored to have begun as early as December of the previous year, millions of names, birth dates, social security numbers, health care identification numbers, home addresses, email IDs, employment history, income details were stolen. While high-profiled hacking attacks continued through the spring, millions of additional Americans were impacted (lost Social Security numbers, health care records and other highly sensitive information) by a massive government personnel data hack this summer (some in Washington blame China), believed to be the biggest in U.S. history. And the latest hacking news has centered on the website Ashley Madison, a site that labels itself as “an online personals & dating destination for casual encounters, married dating, discreet encounters and extramarital affairs.” Given the nature of the website, the stolen data contained very sensitive and confidential information. In this case, the Hacker Group responsible for breaking into the Ashley Madison’s servers decided to dump all that information online for the entire world to see. Despite still having three months left in 2015, I think it is safe to say that this prediction came true: High-Profiled Attacks have increased!
Does this stuff fascinate you? (If only they would use their talents for Good instead of Bad!) To dig deeper, a great resource to visually see all the World’s biggest breaches is located here: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Mobile Malware Will Surpass Windows Malware
According to the collected and collaborated statistics of our Thirtyseven4 Virus Lab, the number of received Android based malware samples were already over 20% greater than their Windows based counterparts in the first Quarter of 2015. The number of Android malware only continued to increase in the second Quarter of 2015. Our Thirtyseven4 Virus Lab received well over 500,000 Android malware samples per month (during Q2). This staggering number represented a growth of 16% over the samples collected the previous Quarter. The most prominent Android sample so far in 2015 has been Android.Airpush.G. Android.Airpush.G, a form of Android Adware, amounted to approximately 45% of all detected samples. I think it may be important to note that mobile malware isn’t simply limited to Android: at the time of this writing the mobile malware generating the most awareness and buzz is called ‘KeyRaider’, a malware that affects “jailbroken” iPhones. Jailbreaking is a process of removing hardware restrictions on an iOS device. According to various reports, there are around 225,000 iPhones around the world that are currently vulnerable to the KeyRaider malware. Prediction #2 has proven itself true.
Here is a quick reminder of six simple steps to secure your smartphone.
1. Install a trusted mobile Total Security app.
2. Avoid accessing public Wi-Fi.
3. Armor your Android (or other mobile platform) with a password.
4. Never click on links or open attachments received in unwanted or unexpected emails and text messages.
5. Before installing a new app, read the required permissions carefully before proceeding.
6. Use extreme caution when downloading apps from an untrusted site.
Ransomware Will Continue Its Dominance
Again, as a quick refresher, ransomware is a form of malware developed to encrypt (prohibit access to) files on a computer with the sole intent of extorting money from its victims (paying a ransom to recover encrypted files). Since I have covered ransomware extensively in past columns (please feel free to check it out: http://thirtyseven4.com/ccmag_ransomware.html), I am not going to get deep into the details and back history of this form of malware. However, it is important to understand that ransomware continues to plague millions of individuals every month. According to an advisory released by the FBI's Internet Crime Complaint Center in June, the report stated that victims of ransomware suffered losses of $18 million over the past 15 months. The FBI announcement went on to say that the CryptoWall ransomware was the top threat being used to target U.S. businesses and individuals. This statement backed our Thirtyseven4 Virus Lab findings that found CryptoWall 3.0 to be the most predominant ransomware in both Quarter 1 and Quarter 2 of 2015. Our statistics show that Ransomware detections topped 1.25 million through June.
Here is a quick reminder on steps to help protect yourself from the threats of ransomware.
1. Don’t pay the ransom
2. Take regular backups
3. Avoid opening emails from unknown resources
4. Limit access to removable drives and shared drives (when possible)
5. Install strong Endpoint Security software
6. Stay up-to-date on Windows, Security software and other 3rd Party vendors
7. Limit Admin privileges to users (when possible) - this practice is to complement (not replace) additional layers of security.
You may get tired of hearing it, but the truth remains the same: prevention is always better than a cure. Thirtyseven4 provides deep levels and options of protection and management capabilities. Our product is updated and refreshed daily to combat the latest threats in the wild. We have an excellent team to assist in familiarizing you with our Thirtyseven4 Products, deploying them, or just to answer your questions along the way.
Can we clean up infected machines? Yes.
But do we PREFER that you are well-protected with Thirtyseven4 prior to a vulnerability or breach coming along? YES! Prevention is always better than a cure.
My wife and I enjoyed the sermon and worship. We all have our own “fallow ground” to work out with God. As we walked to the children’s ministry area to pick up our kids, 2 came to us with smiles and stories. But the third was pale and pink-eyed with tears trickling down his cheeks. His surroundings had been unfamiliar and he missed us he said. (Any of you with kids may be able to relate.)
The tears remind me of some calls that flow into our Thirtyseven4 Office. People look us up when they are in trouble. People (without Thirtyseven4, or a solid antivirus protection) get hacked or held ransom, and they feel vulnerable. They call us to fix them up, right their wrong, and salvage what we can. But I encourage you to do preventative maintenance. Get protected BEFORE you need it!
My best advice is to look at the predictions and their proven reality. Be someone who smiles when the rough waters come (and they will), not a crier.