For IT Pros Only

Lets be clear: this is for IT people. Not because IT people are better looking and drive cooler cars than the general populace (which is true: most IT departments look like extras from the set of The Fast and Furious), but because unless you're familiar with things like the dark blackness that grips your soul when you discover that two NICs have the same MAC address on your network - you probably aren't going to appreciate this at all.

Get Your Cards Now
Data Security

[Podcast] Our Post WannaCry World

After WannaCry, US lawmakers introduced the Protecting Our Ability to Counter Hacking Act of 2017, or PATCH Act. If the bill gets passed, it would create a Vulnerabilities Equities Process Review Board where they would decide if a vulnerability, known by the government, would be disclosed to a non-government entity. It won’t be an easy law to iron out as they’ll need to find the right balance between vulnerability disclosure and national security. Meanwhile Shadow Brokers, the…
Data Security

Is a ransomware attack a data breach?

Ransomware is a loss of control Most IT people equate exfiltration of data from their network as the point at which control is lost and a data breach has occurred. They think of it like “where are the bits” and if your user database is being passed around the internet via bittorrent and sold off for a .0001 BTC an account you clearly have lost control. What’s not so obvious is that ransomware (or any…
Data Security

EternalRocks leaves backdoor trojan for remote access to infected machines

What we know so far The WannaCry ransomware worm outbreak from last Friday week used just one of the leaked NSA exploit tools, ETERNALBLUE, which exploits vulnerabilities in the SMBv1 file sharing protocol. On Wednesday security researcher Miroslav Stampar, member of the Croatian Government CERT, who created infamous sqlmap (SQL injection pentesting tool), detected a new self-replicating worm which also spreads via several SMB vulnerabilities. This worm, dubbed EternalRocks uses seven leaked NSA hacking tools…
Data Security

Discover Sensitive Data with a Data Risk Assessment

In our recent 2017 Data Risk Report, we discovered that 47% of organizations had at least 1,000 sensitive files open to every employee. Our latest video shows what a data risk assessment is, why it matters, and how it works.  Check out a sample data risk assessment for a sneak peak of what you might find. A Varonis Data Risk Assessment doesn’t take long – a 90-minute software install lets you map access to your data…
Compliance & Regulation

[Podcast] Mintz Levin’s Sue Foster on the GDPR, Part II

In this second part of our interview with attorney and GDPR pro Sue Foster, we get into a cyber topic that’s been on everyone’s mind lately: ransomware. A ransomware attack on EU personal data is unquestionably a breach —  “accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access  …” But would it be reportable under the GDPR, which goes into effect next year? In other words, would an EU company (or US one…
Data Security
Image: Canadian Institute of Mining, CC-BY

Adylkuzz: How WannaCry Ransomware Attack Alerted The World To Even Worse Th...

Your garden variety ransomware, like Cerber, is the canary in the coal mine that rudely, but thankfully announces bigger security issues: insider threats and cyberattacks that take advantage of too much employee access to files. As disruptive as WannaCry has been to vulnerable organizations, this is their canary in the coal mine moment that should alert them to more deadly attacks that don’t announce their presence, like the cryptocurrency miner Adylkuzz. Researchers at Proofpoint have…
Data Security

[Podcast] Pick Up Music, Pick Up Technology

Last week, when the world experienced the largest ransomware outbreak in history, it also reminded me of our cybersecurity workforce shortage. When events like WannaCry happen, we can never have too many security heroes! There was an idea floating around that suggested individuals with a music background might have a promising future in security. The thinking is: if you can pick up music, you can also pick up technology. The Inside Out Security panelists –…
Data Security

How to use PowerShell for WannaCry / WannaCrypt cleanup and prevention

Explosive ransomware infection rates of WannaCrypt/WannaCry have IT groups trying to mass diagnose, update and protect their machines. Thing is, that’s just not practical to do manually – for pretty much any but the smallest of organizations. While there are a number of different PowerShell scripts that have been open sourced in the last three days to automate this (we link to the best one below), it’s quite likely that they won’t necessarily cover exactly…
Data Security

Why did last Friday’s ransomware infection spread globally so fast?

Quick ransomware background Ransomware is a type of malware that encrypts your data and asks for you to pay a ransom to restore access to your files. Cyber criminals usually request that the ransom be paid in Bitcoins: the #1 cryptocurrency (basically a distributed ledger) which can be used to buy and sell goods. By nature, Bitcoin transactions (e.g. ransom payments) are very difficult to trace. Historically, most ransomware infections use the attack vector –…
Data Security

WannaCry’s Accidental Hero

Quick update on the massive #WannaCry cyber attack. Before I begin, this is going to SOUND like good news, and it is, but please realize that the propagation of this malware can be restarted VERY easily, so please follow the instructions we laid out here to patch. Apparently there was a kill switch built into the malware. It attempts a HTTP GET on iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com. If the request succeeds, it stops propagating, as noted by Talos Intellgience: Earlier…
Data Security

🚨 Massive Ransomware Outbreak: What You Need To Know

Remember those NSA exploits that got leaked a few months back? A new variant of ransomware using those exploits is spreading quickly across the world – affecting everyone from the NHS to telecom companies to FedEx. Here’s What We Know So Far Ransomware appears to be getting in via social engineering and phishing attacks, though vulnerable systems may also be at risk if TCP port 445 is accessible. Unlike most ransomware that encrypts any accessible file…
Data Security

Planet Ransomware

If you were expecting a quiet Friday in terms of cyberattacks, this ain’t it. There are reports of a massive ransomware attack affecting computers on a global scale: in the UK, Spain, Russia, Ukraine, Japan, and Taiwan. The ransomware variant that’s doing the damage is called WCry, also known as WannaCry or WanaCrypt0r. It has so far claimed some high-profile targets, including NHS hospitals in the UK, and telecom and banking companies in Spain. Be…