Secured Remote Workforce

Secured Remote Workforce for just S$1/day**

Unified Security Gateway with VPN Firewall  for SME

Secured Remote Access for your users anywhere

EasyGate (EG) Next-generation Unified Security Gateway is a multi-functional Cloud Managed Security Gateway product for various industries. Equipped with high- performance multi-core MIPS hardware architecture, the EG Gateway supports a wide range of features such as high-performance NAT, WAN load balancing, smart flow control, online behavior management, visualized IPsec VPN1, web authentication, etc .

EG Next-generation Unified Security Gateway is also supported by Central Cloud Management, altogether with switches and wireless access points, Cloud Management can provide a comprehensive secure networking platform for centralized management allowing for device monitoring, configuration as well as firmware management via web or mobile app.

 

EG2100 & EG3250

Highlights

  • Smart Flow Control & AAA Integration
  • User Online Behavior Management
  • VPN & Traffic Visualization
  • Wireless Controller Functions
  • FREE Cloud Management
  • App Caching for Download Acceleration
  • Built-in Power-Over-Ethernet
  • Integration Mobile App Dummy Provisioning
Easy Secured Gateway Topology

Call us at:

+65-69500600 (SG) / +603-79800943 (MY)

WhatsApp: +65-92771818 (SG) / +6012-6478868 (MY)

** Per user/day costing with min 5 users & other conditions applied

Ransomware: A Persistent Scourge Requiring Corporate Action Now – June 2019

From:

threatpost


ASCO is the latest headline-making organization to be hit by ransomware, prompting many companies to consider what to do to minimize their risk.

A ransomware attack on Belgian airplane manufacturer ASCO this week is the latest in a string of incidents that show the unique danger lurking in this type of malware campaign. The rise of ransomware has cost companies millions to remediate – both in making payments and in system restoration and downtime – and should be prompting organizations of all sizes to take preventative measures.

ASCO, one of the world’s largest airplane suppliers, said this week that it shut down production in its factories in Canada, Germany and the U.S. after a ransomware infection crippled its plant in Zaventem, Belgium. About 1,000 of its 1,400 workers have been given leave for the week as the company works to remediate the issue, according to German media outlets. Whether ASCO has paid the ransom is unclear, but the impact on its operations is clearly severe. 

“Airplane manufacturer ASCO being hit by ransomware continues [the] trend of cybercriminals focusing their efforts on industry and manufacturing as their targets – recognizing the hugely costly and disruptive effect such a shutdown will have on the business,” said Shlomie Liberow, technical program manager at HackerOne, via email. “Public understanding of ransomware is on the rise, so if ASCO reacts quickly and in a way that keeps relevant stakeholders informed, hopefully it will see no lasting damage to reputation.”

According to Verizon’s 2019 Data Breach Investigations Report (DBIR), ransomware attacks are still going strong, accounting for nearly 24 percent of incidents where malware was used. And according to the FBI’s Internet Crime Report,  1,493 ransomware attacks, resulting in losses of $3.6 million, were reported in 2018. And that represents only those attacks that were reported to directly to the FBI.

Also, while ransomware attacks are on the rise, so too is the scope of the attacks. Chris Dawson, threat intelligence lead at Proofpoint, said that recent incidents point to threat actors attempting to take advantage of deeper pockets and higher stakes to demand much larger ransoms – as opposed to previous campaigns, targeting individuals, that demanded hundreds of dollars to unlock an individual PC.

This is exemplified in a string of high-profile ransomware attacks on large municipalities, manufacturers and other companies over the past year, of which the ASCO incident is a continuation. In 2018, several Atlanta city systems were crippled after a ransomware attack extorted the municipality for $51,000. Although Atlanta officials were vocal about not paying the ransom, the city ended up spending $2.6 million to recover. These expenditures covered incident response and digital forensics, additional staffing and Microsoft Cloud infrastructure expertise.

The city of Baltimore is another recent victim of ransomware, which hit in May and halted some city services like water bills, permits and more. Like Atlanta, Baltimore officials refused to pay the $76,000 ransom – but ended up dishing out $18.2 million in restoration costs and lost revenue.

And in one of the most high-profile cases, Norsk Hydro fell victim in March to a serious ransomware attack that forced it to shut down or isolate several plants and send several more into manual mode. The attack ultimately cost the aluminum giant $40 million.

“The RobbinHood attack on the city of Baltimore fits with a theme that we’ve observed as ransomware in the malicious email space has largely dried up,” Dawson said in an email. “Instead of targeting individuals in high-volume email campaigns as we saw frequently in 2016 and 2017, threat actors are now using ransomware in targeted attacks against key targets for much larger ransoms. As with Norsk Hydro and other targeted organizations, it appears that threat actors make use of existing network and endpoint compromises to then load ransomware on vulnerable devices.”

That said, of course, in addition to these, plenty of non-household names are hit every day, too.

A ransomware attack will be costly and damaging, no matter the organization’s size: According to a SentinelOne report, the average cost of a ransomware attack is more than $900,000. This includes the ransom itself, downtime and lost productivity, remediation, legal costs and more.

“Businesses face numerous cyberthreats from hackers, but ransomware is particularly insidious and common,” Daniel Markuson, a digital privacy expert at NordVPN, told Threatpost. “When ransomware infects a server, it quickly spreads to encrypt all of the files on that server. Obviously, this can be disastrous for a business – all of its payroll, customer information, contracts and trade secrets all rendered inaccessible. Once it’s deployed, the hacker simply demands a ransom from the company before unlocking their files. That’s only if they’re honest, however.”

Regarding whether to pay, many organizations find themselves in a dilemma when hit by ransomware. The choice is often either to pay the ransom and hope the cyberattackers keep their word and deliver the decryption keys, or to pay a cybersecurity firm to perform remediation and cleanup, which can cost more than the actual ransom. The latter path is more ethical, avoiding sending money into criminal pockets. But the choice “to pay, or not to pay?” can be hard.

“It’s easy to say that companies should never pay, but it’s also quite unrealistic,” said Brett Callow, spokesperson for Emsisoft, in an interview with Threatpost. “The reality is that making payment may be the only option that will enable a company to become operational again within a reasonable period of time. It’s very much a case of ethics versus business necessity.”

He added, “it may be the only recovery option available. Second, some companies may believe that payment is the fastest route to becoming operational again. Third, in some instances, they may believe that making payment will enable them to avoid the matter coming to the attention of the public and their shareholders.”

Although some decryptor tools are available, remediation firms themselves often have no options to give their customers, if those customers haven’t fully backed up their data, according to at least one researcher.

“I have no doubt that there are many firms out there that offer ‘sophisticated tools and tactics’ to decrypt victims files for a hefty fee,” Tyler Moffitt, security analyst at Webroot, said by email. “It also doesn’t surprise me that the majority of the time all these firms do is pay the ransom and then charge the victim a premium. This is pretty much the only chance that these assistance firms would be able to actually retrieve files. Retrieving them without paying the ransom is very rare and again only available when criminals make mistakes, so for the most part getting these encryption keys is impossible without paying the ransom and dealing with the criminals directly.”

Ransomware can also have devastating effects on reputation, in addition to the hard costs associated with an attack. That’s something that payment won’t fix, but being transparent about what’s happened and why can go a long way to softening this particular blow, according to HackerOne’s Liberow.

For example, Norsk Hydro admitted the gritty details, such as the fact that it had to close down operations in several locations, and the fact that the incident cost it at least $40 million in the first week.

“Norsk showed the world that while ransomware is costly and devastating in the moment, it doesn’t have to have a lasting effect on reputation as the open and transparent way Norsk dealt with the attack resulted in a rise in share price,” Liberow noted.

Interestingly, Radiohead’s recent response to a ransomware attack  which involved releasing a trove of 18 previously unheard outtakes from their album “OK, Computer” rather than pay a $150,000 ransom demand  demonstrates the positive brand power of a non-negotiation philosophy in the face of cybercriminals, according to Peter Groucutt, managing director of Databarracks; it thwarted the criminals’ efforts while bringing good publicity.

“Releasing a collection of unheard songs, demos and outtakes, while unconventional, was a PR masterstroke by Radiohead,” Groucutt said. “This obviously isn’t a viable tactic for most businesses dealing with a ransomware attack, but we can learn from Radiohead’s defiance.”

The best approach to ransomware is to take your company off the target list. Basic security hygiene is the first step.

“Difficult as it may seem to prevent these attacks, when it comes to ransomware, prevention is always better than cure,” Liberow said. “This means ensuring all systems are up to date with the latest patches and that there are no security vulnerabilities or weaknesses which could leave an organization exposed to attackers.”

Another crucial aspect of preparing for an attack is simply to make sure you have an extra copy of your files available.

“To reduce the damage of any potential ransomware attacks, keep periodic secure backups of your data,” Markuson said. “This means that if a hacker breaks in and infects your business with ransomware, you can ignore their demands and rebuild your systems with the backed-up data (however, don’t forget that they may also have copied some of your data for themselves).”

The sheer pervasiveness of the ransomware scourge should be pushing all companies to invest in backups, Groucutt added.

“Given that ransomware attacks are becoming increasingly commonplace, there’s no excuse to be unprepared,” he said. “Agreeing to pay a ransom demand isn’t conducive to long-term security, and emboldens cybercriminals to continue to use this method. There is also a risk of looking like an easy target, potentially inviting further attacks.”

Lindsey O’Donnell also contributed to this report.

D-Synergy reposted 17th June 2019

NSA Warns Microsoft Windows Users: Update Now Or Face ‘Devastating Damage’

 

 

From Forbe.com Jun 7, 2019, 05:19am
Contributor

I can’t recall ever seeing the U.S. National Security Agency (NSA) jumping in and warning users of Microsoft Windows to check if their systems are fully patched and, if not, to update now or risk a “devastating” and “wide-ranging impact.” But that’s what has just happened.

In an advisory published this week, the NSA has urged “Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threat.” That threat being BlueKeep, which has already been the focus of multiple “update now” warnings from Microsoft itself.

The NSA warning comes off the back of research that revealed just under one million internet-facing machines are still vulnerable to BlueKeep on port 3389, used by the Microsoft Remote Desktop feature, with nobody knows how many devices at risk within the internal networks beyond. The potential is certainly there for this threat, if exploited, to be on the scale of WannaCry.

It’s hard to know exactly why the NSA has decided to issue this advisory now, especially as it hasn’t gone through the more usual U.S.-Computer Emergency Readiness Team (CERT) channel. “I suspect that they may have classified information about actor(s) who might target critical infrastructure with this exploit,” Ian Thornton-Trump, head of security at AmTrust International, told me, “that critical infrastructure is largely made up of the XP, 2K3 family.” This makes sense as although Windows 8 and Windows 10 users are not impacted by this vulnerability, Windows Server 2008, Windows Server 2003, Windows 7, Windows XP and Windows Vista all are.

John Opdenakker, an ethical hacker, agrees that it could well indicate the NSA is in possession of further threat intelligence regarding the BlueKeep threat. “If it’s actively being exploited, then I kind of understand why they would do it,” Opdenakker told me, adding, “it’s certainly not being exploited at scale though, otherwise we would have heard about it already.” The latter point being the important one as far as the “normal user” is concerned, in my opinion. There is little denying that, as Thornton-Trump puts it, “governments are more or less the ultimate authority; vetting, testing and intelligence all has to be assembled and internally red-teamed before an estimate of risk can be assigned.” Which leads to a time lag as intelligence agencies react to the dynamic nature of such exploit disclosures.

.end of article.

D-Synergy

We recommend all our customers to update all their Microsoft Windows installations for all their desktops and servers.  – June 2019

D-Synergy Tech Systems Pte Ltd New Address & Contacts Info

To All Customers & Partners

Please note our new office address and contact info as of May 2018 :

Singapore Corporate Office
D-Synergy Tech Systems Pte Ltd
67 Ubi Crescent, #05-09 , Techniques Centre
Singapore 408560
p: +65 69500600

Sales Enquiries : sales@d-synergy.com

General technical support : support@d-synergy.com

Feedback : feedback@d-synergy.com