Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label antivirus software. Show all posts

Zero Trust Endpoint Security: The Future of Cyber Resilience

 

The evolution of cybersecurity has moved far beyond traditional antivirus software, which once served as the primary line of defense against online threats. Endpoint Detection and Response (EDR) tools emerged as a solution to combat the limitations of antivirus programs, particularly in addressing advanced threats like malware. However, even EDR tools have significant weaknesses, as they often detect threats only after they have infiltrated a system. The need for a proactive, zero trust endpoint security solution has become more evident to combat evolving cyber threats effectively. 

Traditional antivirus software struggled to keep up with the rapid creation and distribution of new malware. As a result, EDR tools were developed to identify malicious activity based on behavior rather than known code signatures. These tools have since been enhanced with artificial intelligence (AI) for improved accuracy, automated incident responses to mitigate damage promptly, and managed detection services for expert oversight. Despite these advancements, EDR solutions still act only after malware is active, potentially allowing significant harm before mitigation occurs. 

Cybercriminals now use sophisticated techniques, including AI-driven malware, to bypass detection systems. Traditional EDR tools often fail to recognize such threats until they are running within an environment. This reactive approach highlights a critical flaw: the inability to prevent attacks before they execute. Consequently, organizations are increasingly adopting zero trust security strategies, emphasizing proactive measures to block unauthorized actions entirely. Zero trust endpoint security enforces strict controls across applications, user access, data, and network traffic. 

Unlike blocklisting, which permits all actions except those explicitly banned, application allowlisting ensures that only pre-approved software can operate within a system. This approach prevents both known and unknown threats from executing, offering a more robust defense against ransomware and other cyberattacks. ThreatLocker exemplifies a zero trust security platform designed to address these gaps. Its proactive tools, including application allowlisting, ringfencing to limit software privileges, and storage control to secure sensitive data, provide comprehensive protection. 

ThreatLocker Detect enhances this approach by alerting organizations to indicators of compromise, ensuring swift responses to emerging threats. A recent case study highlights the efficacy of ThreatLocker’s solutions. In January 2024, a ransomware gang attempted to breach a hospital’s network using stolen credentials. ThreatLocker’s allowlisting feature blocked the attackers from executing unauthorized software, while storage controls prevented data theft. Despite gaining initial access, the cybercriminals were unable to carry out their attack due to ThreatLocker’s proactive defenses. 

As cyber threats become more sophisticated, relying solely on detection-based tools like EDR is no longer sufficient. Proactive measures, such as those provided by ThreatLocker, represent the future of endpoint security, ensuring that organizations can prevent attacks before they occur and maintain robust defenses against evolving cyber risks.

Here’s Why UltraAV Replaced Kaspersky Antivirus Software

 

Late last week, cybersecurity firm Kaspersky began deleting its anti-malware software from PCs in the United States. As a replacement, the company downloaded antivirus software from UltraAV. 

If you use Kaspersky antivirus software, you may be aware that the Russian firm was added to the US government's Entity List early this year, resulting in a restriction on sales and upgrades in the US. As a result, the company informed BleepingComputer in July that it was closing its U.S. operations and laying off its American staff.

Although these developments are not a secret, it cannot be said that everyone was aware of them. Thus, many were taken aback by Kaspersky's abrupt and poorly justified decision to delete its software automatically. 

Customers were notified via email at the beginning of September that the company had partnered with UltraAV to offer security for them even after Kaspersky left the US. However, it was not made apparent in the emails that their computers would be automatically updated to include this ongoing security. The shift was even more of a surprise to those who, for whatever reason, missed the email.

Users on Reddit and other forums have expressed uncertainty about the situation, as well as distrust in the new UltraAV software. One poster was concerned that their desktop had been compromised when they woke to find their Kaspersky antivirus software gone and UltraAV in its place. 

This distrust is unsurprising given that nothing is known about the corporation other than its affiliation with other VPN companies such as UltraVPN, Hotspot Shield, and Betternet. According to online user reviews, many individuals are removing UltraAV because of this — and because it appeared on the devices in such a disruptive way. 

Following its withdrawal from the market, Kaspersky released an official statement in which it stated that it had taken this measure to ensure that its clients “would not experience a gap in protection.” The statement continued by stating that UltraAV's comparable features and product offerings to Kaspersky's led the organisation to select it. Users of Kaspersky's VPN service, for example, also had UltraVPN installed on their devices.

For many users, the explanation comes too late and is unlikely to stop them from replacing UltraAV with a more well-known antivirus software product.

How an IT Team Used Windows 3.1 to Mitigate a Massive CrowdStrike Outage

 

In an unprecedented event, a single update from anti-virus company CrowdStrike caused global havoc, affecting millions of Windows computers. This incident, described as the largest outage ever, disrupted numerous services and companies worldwide. As reports of the “Blue Screen of Death” (BSOD) flooded in, Microsoft was quick to clarify that this was a “third-party issue,” placing the blame squarely on CrowdStrike’s update to its Falcon virus scanner. 

The repercussions of this update were immediate and far-reaching. Millions of computers running Windows software experienced critical failures, bringing operations to a halt. Apple and Linux users were unaffected, which only highlighted the extent of the disruption within the Windows ecosystem. CrowdStrike’s response included a fix for the issue, but this solution required manual reboots in safe mode for affected machines. This task was easier said than done, especially for organizations with numerous devices, many of which were not easily accessible. 

Interestingly, an IT team found an unconventional solution to the problem. By leveraging the long-outdated Windows 3.1 operating system, they managed to navigate the crisis effectively. The story of this team’s ingenuity quickly became a focal point amid the chaos. Their ability to use such an old operating system to circumvent the issues posed by the update provided a glimmer of hope and a unique narrative twist to the otherwise grim situation. The CrowdStrike incident underscores the vulnerability of our modern, interconnected systems. 

With so much reliance on digital infrastructure, a single flawed update can ripple outwards, causing substantial disruption. It also serves as a poignant reminder of the resilience and resourcefulness often required in IT management. While it might seem archaic, the use of Windows 3.1 in this scenario was a testament to the enduring utility of older technologies, particularly in crisis situations where conventional solutions fail.  
CrowdStrike’s official statement, which notably lacked an apology, fueled frustration among users. However, CEO George Kurtz later expressed deep regret for the impact caused, acknowledging the disruption to customers, travelers, and affected companies. This incident has inevitably led to questions about the robustness of update deployment processes, especially given the scale of this outage. The timing of the update also came under scrutiny. 

As one computer scientist noted, pushing an update on a Friday is risky. Fewer staff are typically available over the weekend to address potential issues, leading to prolonged resolution times. Many large firms, therefore, prefer to schedule updates mid-week to mitigate such risks. For those impacted, CrowdStrike provided detailed instructions on its support website for fixing the issue. 
Organizations with dedicated IT teams coordinated widespread responses to manage the situation effectively. Unlike typical outages that might resolve themselves quickly, this event required significant manual intervention, highlighting the critical importance of preparedness and robust contingency planning. In conclusion, the CrowdStrike update debacle not only disrupted global operations but also showcased the adaptability and ingenuity of IT professionals. It reinforced the critical need for careful planning and the sometimes surprising utility of legacy systems in modern IT environments. 

As the world recovers from this incident, it serves as a stark reminder of our dependence on digital tools and the importance of rigorous update management.

AI Brings A New Era of Cyber Threats – Are We Ready?

 



Cyberattacks are becoming alarmingly frequent, with a new attack occurring approximately every 39 seconds. These attacks, ranging from phishing schemes to ransomware, have devastating impacts on businesses worldwide. The cost of cybercrime is projected to hit $9.5 trillion in 2024, and with AI being leveraged by cybercriminals, this figure is likely to rise.

According to a recent RiverSafe report surveying Chief Information Security Officers (CISOs) in the UK, one in five CISOs identifies AI as the biggest cyber threat. The increasing availability and sophistication of AI tools are empowering cybercriminals to launch more complex and large-scale attacks. The National Cyber Security Centre (NCSC) warns that AI will significantly increase the volume and impact of cyberattacks, including ransomware, in the near future.

AI is enhancing traditional cyberattacks, making them more difficult to detect. For example, AI can modify malware to evade antivirus software. Once detected, AI can generate new variants of the malware, allowing it to persist undetected, steal data, and spread within networks. Additionally, AI can bypass firewalls by creating legitimate-looking traffic and generating convincing phishing emails and deepfakes to deceive victims into revealing sensitive information.

Policies to Mitigate AI Misuse

AI misuse is not only a threat from external cybercriminals but also from employees unknowingly putting company data at risk. One in five security leaders reported experiencing data breaches due to employees sharing company data with AI tools like ChatGPT. These tools are popular for their efficiency, but employees often do not consider the security risks when inputting sensitive information.

In 2023, ChatGPT experienced an extreme data breach, highlighting the risks associated with generative AI tools. While some companies have banned the use of such tools, this is a short-term solution. The long-term approach should focus on education and implementing carefully managed policies to balance the benefits of AI with security risks.

The Growing Threat of Insider Risks

Insider threats are a significant concern, with 75% of respondents believing they pose a greater risk than external threats. Human error, often due to ignorance or unintentional mistakes, is a leading cause of data breaches. These threats are challenging to defend against because they can originate from employees, contractors, third parties, and anyone with legitimate access to systems.

Despite the known risks, 64% of CISOs stated their organizations lack sufficient technology to protect against insider threats. The rise in digital transformation and cloud infrastructure has expanded the attack surface, making it difficult to maintain appropriate security measures. Additionally, the complexity of digital supply chains introduces new vulnerabilities, with trusted business partners responsible for up to 25% of insider threat incidents.

Preparing for AI-Driven Cyber Threats

The evolution of AI in cyber threats necessitates a revamp of cybersecurity strategies. Businesses must update their policies, best practices, and employee training to mitigate the potential damages of AI-powered attacks. With both internal and external threats on the rise, organisations need to adapt to the new age of cyber threats to protect their valuable digital assets effectively.




Fraudulent Antivirus Software Faces FTC Lawsuit After Raking in Millions

 

The US Federal Trade Commission filed a lawsuit alleging that two antivirus software packages, Restoro and Reimage, are counterfeit goods that have defrauded customers out of "ten of millions" of dollars. 

FTC investigators apparently went undercover and purchased the alleged malicious software four times. They discovered that the software consistently lied, telling them that they had a slew of viruses and security issues on their machines when, in fact, they did not. 404Media and Court Watch were the first to report the news.

One Restoro scan reported to the FTC that their test PC had 522 vulnerabilities that needed to be repaired. A Reimage scan discovered 1,244 so-called "issues," which the software classified as "PC privacy issues," "junk files," "crashed programs," and "broken registry issues." According to the complaint, these flaws were part of a larger scheme to offer buyers fraudulent "repair" tools. 

After installation, the software prompted the user to call a phone number to "activate" the software. However, the FTC claims that this is also part of the scheme, as the phone call sends users to a person who attempts to upsell the customer on further computer "repair services" over the phone, the lawsuit alleges. 

The FTC claims that the two software programs, which originate from the same place in Cyprus, have successfully tricked clients out of "tens of millions" of dollars. Reimage was added to a risk-monitoring program in 2019 because so many customers used credit card chargebacks to demand refunds. A large number of people also complained online, claiming the products are a scam.

According to the lawsuit, Visa also claimed in 2020 that the developers of the programme were involved in "fraudulent activities." Due to the large volume of customer chargeback requests, Visa later placed one of the Restoro-affiliated companies on a watch list in 2021. 

Restoro and Reimage are now facing charges from the FTC for allegedly misrepresenting their products and breaking laws pertaining to US telemarketing. Concerning the possibility that the developers of Restoro and Reimage will "continue to injure consumers and harm the public interest" in the absence of action, it expresses concern that the threat actors behind it won't stop.

Rethinking Trust: The Case Against Blind Reliance on Antivirus Software

 


Most users would believe that the best antivirus programs are the most trustworthy type of software in the market, however, it turns out that perceptions can be deceiving and there is no such thing as a foolproof solution. 

As one of the most recognizable and widely used antivirus solutions for PCs, Avast has been found to have secretly collected and sold user data to third parties for the past six years to facilitate its revenue stream. 

Viruses on a computer are malicious pieces of software or hardware capable of replicating themselves on any drive that's similarly connected to your computer to actual viruses. A computer virus could slow down a user's computer as well as lead to its complete inability to function once it has been infected by one. 

The user's device may be infected with a virus if a removable media contains a virus, such as a USB stick, and they plug it into their device. As a result of sharing USBs with others or transferring files from an infected device to a user's device, the virus can also enter the device.

Furthermore, because software and applications are available for download from the internet, it is possible to infect their device with a virus. The bottom line is to ensure that when users transfer files from another device or the internet, they trust the source from which they received the files. 

It is also possible for a virus to infect a user's computer by opening a suspicious email, most likely from a spam folder, and clicking on a link or attachment on that email which contains a virus. Whenever users receive an email or attachment from a person they do not trust or have no idea about, make it a habit to not open it. 

After an investigation was completed, the US Federal Trade Commission (FTC) decided to fine Avast $16.5 cardinal for its violation of the law, and they banned them from doing the same thing in the future. 

If the user does not use Avast, their information may still have been compromised even if they do not have the software installed on their computer. In each autumn, there are distinct programs that are grouped together under the above umbrella to form the Arsenic locations.

It was reported by the Federal Trade Commission that Jumpshot, an Avast subsidiary (that had been "voluntarily closed" in February of 2020), was selling users' browsing information to a total of 100 different businesses between 2014 and January 2020. 

The FTC discovered that Jumpshot had acquired 8 petabytes (8.000 terabytes) of browsing data throughout its existence. In the information, there were things that not even a rogue antivirus would ever try to bring in front of corporations, including specific arsenic accusations regarding health and aesculapian status, beliefs about politics, government relations, finances, and others. 

In February, PCMag and Motherboard (Vice) published an investigation regarding Avast trading personification data in their publications, and the institution stated in their report that the identifying allegations were stripped from the data before it was sold on the market to third parties. Jumpshot, in addition, had engagements with prominent advertising entities like Lotame and Omnicom. 

These agreements allowed Jumpshot to correlate data from various sources, thereby facilitating the identification of individual users. Samuel Levine, who holds the position of Head of the Federal Trade Commission's Bureau of Consumer Protection, conveyed in an official statement, “Avast assured users that its products would safeguard the privacy of their browsing data; however, the reality was quite the opposite. 

Avast’s deceptive surveillance practices not only compromised consumers’ privacy but also contravened the law.” Gen Digital, the parent company of Avast, is associated with various products focused on internet and PC security. This product lineup encompasses Norton, Avast, LifeLock, Avira, AVG, Reputation Defender, CCleaner, Recuva, Speccy, and Defraggler. Apart from the imposed $16.5 million fine and stringent directives against selling or licensing collected user data for advertising purposes, Avast is obligated to notify affected users about the prior sale of their data.

Group Behind Ragnar Locker Ransomware Debunked

International law enforcement organizations have effectively dismantled the renowned Ragnar Locker ransomware gang, marking a huge win against cybercrime. This operation shows the value of international cooperation in the fight against digital criminal businesses and represents a turning point in the ongoing war against cyber threats.

The Ragnar Locker gang had been a formidable force in the realm of cyber extortion, targeting businesses worldwide with their sophisticated ransomware attacks. Their modus operandi involved encrypting sensitive data and demanding hefty ransoms for its release, often crippling the operations of affected organizations. 

The takedown operation was a joint effort between various agencies, including the European Union Agency for Law Enforcement Cooperation (Europol), the Federal Bureau of Investigation (FBI), and the UK's National Crime Agency (NCA). It was a testament to the power of international cooperation in combating cybercrime.

Europol, in a statement, emphasized the significance of this operation, stating, "The arrest of the alleged leader and the seizure of the infrastructure used by the group to conduct its malicious activities is a clear signal that Europol and its partners are actively targeting ransomware groups, their infrastructure, and the financial proceeds they extract from their victims."

One of the key achievements of this operation was the seizure of the Ragnar Locker gang's dark web portal, where they conducted their extortion activities. This move has disrupted their ability to continue their illegal operations and sends a powerful message to other cybercriminals.

The impact of this takedown is expected to be far-reaching. With the dismantling of Ragnar Locker's infrastructure, countless potential victims have been spared from falling prey to their malicious activities. This operation serves as a stark reminder to cybercriminals that the global community is united in its determination to combat cyber threats.

However, it is crucial to remain vigilant in the face of evolving cyber threats. As the digital landscape continues to evolve, criminals may adapt their tactics. Organizations and individuals alike must prioritize cybersecurity measures, including robust antivirus software, regular backups, and employee training to recognize and respond to potential threats.

An important step forward in the battle against cybercrime was made with the successful operation against the Ragnar Locker ransomware organization. It demonstrates the value of global cooperation and makes it quite obvious that cybercriminals will be hunted down and made to answer for their deeds. While this win deserves praise, it also highlights the necessity of ongoing watchfulness and investment in cybersecurity measures to guard against potential attacks.


Does Antivirus Detect and Remove All Malware?

Antivirus software has become an essential tool in safeguarding our system online and offline. However, the question often arises in our heads is whether these software programs provide us complete protection against all types of malware and viruses or not. 

It is worth investigating if antivirus software works 100% of the time and if it is capable of removing all malicious software from your devices or not. 

Antivirus software, also known as anti-malware software, is a computer program that is designed to prevent, detect, and eliminate malware from the system with the emergence of other types of cybersecurity threats such as worms, trojans, spyware, and adware, antivirus software has evolved to offer protection against a wide range of computer threats. 

Additionally, some antivirus software also provides features that guard against malicious URLs, spam, and phishing attempts to provide more comprehensive protection. Since we know cybercrimes do not have limits, there are thousands of hackers around the world looking to exploit victims, be it for their data or money, or both. 

Antivirus software scans your device regularly for potential threats in your devices and identifies potential threats coming from incoming files and apps such as malware and viruses. Either you can choose to conduct manual scans or have the program run scans automatically. 

The software uses a database of known dangerous code, files, and other content to better identify potential threats and keep your device safe. When an antivirus program identifies a malicious file or program, it isolates it to prevent further harm to the device. The program then checks the file or program for potential risks and removes it from the device if it is deemed harmful. 

However, how effective is this process; is it 100% risk-free? 

According to the data, no antivirus software can provide 100% protection in detecting, isolating, and removing all harmful files. Even top providers like Norton and McAfee may not be able to detect new malware that is not yet on their database. 

As we discussed, antivirus programs use a database of known malicious files and code to identify and delete them from your devices. However, if a kind of malware comes along that is not logged on the antivirus database, it will fail to work. 

Also, some malware and viruses are designed to avoid detection by antivirus programs, for instance, stealth viruses, which use code modification and encryption to bypass standard scans. These types of viruses may require more advanced software to be detected and deleted. 

However, not updating your antivirus programs will increase the chances of malware going undetected and leaving vulnerabilities for cyber actors to compromise. 

Nevertheless, Norton and McAfee have 99% success rates in protecting your system. Antivirus programs also offer additional security features like VPNs, firewalls, and, password managers.