Knowledge Is Power: Using Cyber Scrutiny To Defend Against Phishing Attacks

posted by: on October 23, 2014 5:00 AM

filed in: Cybersecurity, Malware, Threat Prevention, Web Security
tagged: ,

If you purchased an iPhone 6 recently, you probably received this email:

apple email

Some of you may have even clicked the “Verify Now” link and entered your Apple ID account information. I hope not, though, because this email is not from Apple. It’s a phishing email meant to trick recipients into giving sensitive information to the attacker who sent it.

This email illustrates two things: …Continue reading

Tracking New Ransomware CryptoWall 2.0

The latest development in the ransomware world is CryptoWall 2.0, a new version of this malware family that uses the Tor network for command and control.

F-Secure was the first to spot this new version on October 1, but since then the attacks have ramped up and new variants of the malware are emerging daily. Our WildFire analysis platform has picked up 84 CryptoWall 2.0 variants since September 30, delivered primarily through e-mail attachments but also through malicious PDFs and web exploit kits.

CryptoWall 2.0 is similar to other ransomware attacks that have plagued users and businesses for nearly a decade. Once it is running on a system, CryptoWall 2.0 seeks out document files and encrypts them using the RSA encryption algorithm. The attacker holds the key necessary to decrypt the files unless the victim agrees to pay a $500 ransom.

Unlike previous versions of CryptoWall, 2.0 communicates with its command and control (C2) server through the Tor anonymization network. This allows attackers to hide their communications and avoid having their C2 servers shut down, but also makes it easy for organizations to block the threat. CryptoWall isn’t the only threat that communicates over Tor and if your network doesn’t have an explicit reason to allow anonymization networks, you should consider blocking the application altogether with your firewall.

If your system has already been infected with CryptoWall 2.0, you’ll see a pop-up just like this one shortly after the malware has encrypted your documents.

…Continue reading

Got Advanced Endpoint Protection? Use Our New Documentation to Get Started!

Palo Alto Networks Advanced Endpoint Protection is a complete paradigm shift from identification to pure prevention. Our solution requires no definitions updates, protects unpatched systems, requires no hardware, is compatible with all physical or virtual Windows platforms including terminals, VDIs, VMs, and embedded systems, protects all processes including third party, and most importantly, doesn’t need prior knowledge of an attack in order to prevent it.

The Advanced Endpoint Protection solution uses a central Endpoint Security Manager to manage policy rules and distributes the security policy to endpoints in your organization. The Endpoint Security Manager communicates with the protection software, called Traps, that is installed on each endpoint in your organization.

To aid you in deploying Advanced Endpoint Protection in your network we have released the Advanced Endpoint Protection 3.1 documentation.

Advanced Endpoint Protection Release Notes

The Advanced Endpoint Protection Release Notes provide important information about Advanced Endpoint Protection 3.0 and 3.1 including new features, limitations, and known issues. …Continue reading

Older posts →