Ransomware continues to be a major threat. This slidedeck looks at the first six months of 2017, examines why enterprises are being increasingly impacted by ransomware, and reviews the effect of high-profile incidents such as WannaCry and Petya.
For more on this area, read Symantec Security Response's blog and whitepaper: https://www.symantec.com/connect/blogs/businesses-most-risk-new-breed-ransomware
Symantec found evidence linking a recent campaign of cyber attacks on the energy sector in Europe and the U.S. to a group called Dragonfly, which was first seen in 2011. This "Dragonfly 2.0" campaign appears to have begun in 2015, with an increase in activity seen since the beginning of 2017.
Read more about this group in Symantec Security Response's blogs: https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group
Dragonfly 1.0: https://www.symantec.com/connect/blogs/dragonfly-western-energy-companies-under-sabotage-threat-energetic-bear
Shamoon is a a destructive disk-wiping malware that first emerged in 2012, before reappearing towards the end of 2016. This sophisticated malware appears to specifically target organizations in Saudi Arabia.
The WannaCry ransomware outbreak shook the world when it occured in May 2017.
This slidedeck looks at the attack, how it was carried out, and its success rate. It also attempts to figure out who was likely to have been behind this devastating cyber attack.
For more information on this outbreak, take a look at these additional resources:
What you need to know about the WannaCry Ransomware: https://www.symantec.com/connect/blogs/wannacry-3
WannaCry: Ransomware attacks show strong links to Lazarus group: https://www.symantec.com/connect/blogs/wannacry-ransomware-attacks-show-strong-links-lazarus-group
Can files locked by WannaCry be decrypted: A technical analysis: https://medium.com/threat-intel/wannacry-ransomware-decryption-821c7e3f0a2b
WannaCry/WannaCrypt Ransomware. Prepared by the SANS Technology Institute Internet Storm Center. Released under a “Creative Commons Attribution-ShareAlike” License: Use, modify and share these slides. Please attribute the work to us.
Introduction
What happened ?
What is Wannacry / Wannacrypt ?
How many Infections ?
What happens to the victim?
How to protect yourself ?
Will Paying the Ransom Help Us?
Conclusion
No company is safe from a Ransomware attack (malicious forms of software programmed to steal company data and hold it for "ransom"). However, technology has allowed us to mitigate these attacks by implementing proper recovery systems that can ensure that cyber criminals will never see a dime from your business.
Symantec found evidence linking a recent campaign of cyber attacks on the energy sector in Europe and the U.S. to a group called Dragonfly, which was first seen in 2011. This "Dragonfly 2.0" campaign appears to have begun in 2015, with an increase in activity seen since the beginning of 2017.
Read more about this group in Symantec Security Response's blogs: https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group
Dragonfly 1.0: https://www.symantec.com/connect/blogs/dragonfly-western-energy-companies-under-sabotage-threat-energetic-bear
Shamoon is a a destructive disk-wiping malware that first emerged in 2012, before reappearing towards the end of 2016. This sophisticated malware appears to specifically target organizations in Saudi Arabia.
The WannaCry ransomware outbreak shook the world when it occured in May 2017.
This slidedeck looks at the attack, how it was carried out, and its success rate. It also attempts to figure out who was likely to have been behind this devastating cyber attack.
For more information on this outbreak, take a look at these additional resources:
What you need to know about the WannaCry Ransomware: https://www.symantec.com/connect/blogs/wannacry-3
WannaCry: Ransomware attacks show strong links to Lazarus group: https://www.symantec.com/connect/blogs/wannacry-ransomware-attacks-show-strong-links-lazarus-group
Can files locked by WannaCry be decrypted: A technical analysis: https://medium.com/threat-intel/wannacry-ransomware-decryption-821c7e3f0a2b
WannaCry/WannaCrypt Ransomware. Prepared by the SANS Technology Institute Internet Storm Center. Released under a “Creative Commons Attribution-ShareAlike” License: Use, modify and share these slides. Please attribute the work to us.
Introduction
What happened ?
What is Wannacry / Wannacrypt ?
How many Infections ?
What happens to the victim?
How to protect yourself ?
Will Paying the Ransom Help Us?
Conclusion
No company is safe from a Ransomware attack (malicious forms of software programmed to steal company data and hold it for "ransom"). However, technology has allowed us to mitigate these attacks by implementing proper recovery systems that can ensure that cyber criminals will never see a dime from your business.
This presentation lets you understand about the biggest cyber-attack extortion in the history of the internet. It contains all details of what, how and whys of WannaCry Ransomware.
Recently a ransomware variant titled “WannaCry” has infected thousands of unpatched endpoints worldwide.This quick presentation will provide a synopsis of what this threat might mean for end users and what actions can be taken in response to this new information.
I presented this slides in the "Privacy Protection" subject, teached by Prof. Josep Domingo-Ferrer in the Master in Computer Security Engineering and Artificial Intelligence.
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...ClearDATACloud
Sophisticated ransomware attacks on healthcare organizations by ruthless cybercriminals are on the rise. Savvy HIT leaders are taking immediate action to protect their IT systems and data. During this webinar you’ll gain insight into the 5 most important precautions that healthcare providers should take and what steps should be followed in event your system is compromised to minimize the impact on patient care and restore your systems as quickly as possible.
In this presentation you’ll learn:
- 5 most important ways to protect your organizations from a ransomware attack
- What steps to take in the event your system is compromised by a ransomware attack
Link to On-Demand Webinar: https://www.cleardata.com/knowledge-hub/5-ways-to-protect-your-healthcare-organization-from-a-ransomware-attack/
- What is WannaCry?
- What are its Worm, Exploit, Botnet, Backdoor, Ransomware characteristics?
- WannaCry and the end of the world?
- Malware Prevention?
- Is it a big deal? Comparison with other malware
- WannaCry, a Military and Political Perspective
How to protect your business from Wannacry RansomwareKaspersky
Kaspersky Lab is teaming up with Comae Technologies to present an emergency webinar for businesses to help them understand and defend against the WannaCry ransomware. The malware has primarily affected business networks, and has claimed victims around the world in a wide range of industries.
Juan Andres Guerrero-Saade, senior security researcher in Kaspersky Lab’s Global Research and Analysis Team, will be joined by Matt Suiche from Comae Technologies to present the very latest information on how the ransomware breaches defenses and the subsequent stages of attack. They will independently explain how organizations can determine if they have been infected and the critical actions they need to take to secure networks and endpoints against this threat.
Full blog: https://blog.kaspersky.com/wannacry-windows-update/16593/
Cyber extortion is a crime involving an attack or threat of attack against an enterprise, coupled with a demand for money to stop the attack.
Cyber extortions have taken on multiple forms - encrypting data and holding it hostage, stealing data and threatening exposure, and denying access to data.
Malware locks out the user’s system and demands ransom.
Creates “Zombie Computer” operated remotely.
Individuals and business targeted.
This form of extortion works on the assumption that the data is important enough to the user that they are willing to pay for recovery.
There is however no guarantee of actual recovery, even after payment is made.
The first known ransomware was the 1989 "AIDS" trojan (also known as "PC Cyborg") written by Joseph Popp.
This presentation lets you understand about the biggest cyber-attack extortion in the history of the internet. It contains all details of what, how and whys of WannaCry Ransomware.
Recently a ransomware variant titled “WannaCry” has infected thousands of unpatched endpoints worldwide.This quick presentation will provide a synopsis of what this threat might mean for end users and what actions can be taken in response to this new information.
I presented this slides in the "Privacy Protection" subject, teached by Prof. Josep Domingo-Ferrer in the Master in Computer Security Engineering and Artificial Intelligence.
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...ClearDATACloud
Sophisticated ransomware attacks on healthcare organizations by ruthless cybercriminals are on the rise. Savvy HIT leaders are taking immediate action to protect their IT systems and data. During this webinar you’ll gain insight into the 5 most important precautions that healthcare providers should take and what steps should be followed in event your system is compromised to minimize the impact on patient care and restore your systems as quickly as possible.
In this presentation you’ll learn:
- 5 most important ways to protect your organizations from a ransomware attack
- What steps to take in the event your system is compromised by a ransomware attack
Link to On-Demand Webinar: https://www.cleardata.com/knowledge-hub/5-ways-to-protect-your-healthcare-organization-from-a-ransomware-attack/
- What is WannaCry?
- What are its Worm, Exploit, Botnet, Backdoor, Ransomware characteristics?
- WannaCry and the end of the world?
- Malware Prevention?
- Is it a big deal? Comparison with other malware
- WannaCry, a Military and Political Perspective
How to protect your business from Wannacry RansomwareKaspersky
Kaspersky Lab is teaming up with Comae Technologies to present an emergency webinar for businesses to help them understand and defend against the WannaCry ransomware. The malware has primarily affected business networks, and has claimed victims around the world in a wide range of industries.
Juan Andres Guerrero-Saade, senior security researcher in Kaspersky Lab’s Global Research and Analysis Team, will be joined by Matt Suiche from Comae Technologies to present the very latest information on how the ransomware breaches defenses and the subsequent stages of attack. They will independently explain how organizations can determine if they have been infected and the critical actions they need to take to secure networks and endpoints against this threat.
Full blog: https://blog.kaspersky.com/wannacry-windows-update/16593/
Cyber extortion is a crime involving an attack or threat of attack against an enterprise, coupled with a demand for money to stop the attack.
Cyber extortions have taken on multiple forms - encrypting data and holding it hostage, stealing data and threatening exposure, and denying access to data.
Malware locks out the user’s system and demands ransom.
Creates “Zombie Computer” operated remotely.
Individuals and business targeted.
This form of extortion works on the assumption that the data is important enough to the user that they are willing to pay for recovery.
There is however no guarantee of actual recovery, even after payment is made.
The first known ransomware was the 1989 "AIDS" trojan (also known as "PC Cyborg") written by Joseph Popp.
Ransomware has troubled many individuals and companies and it has been called the greatest malware threat of 2016. Learn how it works and how to protect yourself.
Cyphort Labs presents "Malware's Most Wanted: Ransomware Resurgence: Locky and Other “New Cryptolockers”
Like many viruses, botnets and malware families that we’ve seen over the past decade, hackers continue to find new ways of reinventing old threats. And this is no different for Ransomware.
Ransomware has come a long way from non-encrypting lockscreen FBI scare warnings like Reveton. In 2016 alone, there have been new ransomware families popping up and we expect that to only pick up steam over the summer.
In this edition of MMW, Nick Bilogorskiy, Senior Director of Threat Operations at Cyphort, will discuss:
Locky, the new “it” ransomware and how it works
A deep dive into a new family of ransom locker discovered by Cyphort Labs in March, that uses TOR Hidden Service
Other new ransomware families and why it’s becoming the preferred monetization method for attackers
Symantec (ISTR) Internet Security Threat Report Volume 22CheapSSLsecurity
Symantec’s Internet Security Threat Report (ISTR) demonstrates how simple tactics and innovative cyber criminals led to unprecedented outcomes in global threat activity.
Infiltration by the Maze malware is a two-way attack – a data breach and a ransomware attack. Read how security testing can help you tackle with the malicious ransomware attack.
Cyberthreats broke new ground with mobile devices, while reaching deeper into social media. Online criminals also stepped up attacks via email, web and other traditional vectors.
EverSec + Cyphort: Big Trends in CybersecurityCyphort
Advanced threats are changing so often it is getting harder and harder to keep up! In addition to new attacks, hackers are reinventing older ones, making it even more difficult to detect. In this webinar, we will discuss at a high-level some of biggest cybersecurity threats happening right now, including:
--The Resurgence of Ransomware - Locky and other new cryptolockers
--Malvertising, oh My! - No website is safe from unknowingly spreading malware to visitors
--I have RATs - How to defend against Remote Access Trojans stealing your data
IT-security. What has happened in 2H 2008 regarding IT-security. Read about Koobface discovery by Websense Security Labs.Websense Security Labs detailed report.
Trying to prioritize and roadmap effective cyber security investment—people and technology—without fully understanding the cyber threat landscape is like driving 70 MPH in the dark with the lights off while wearing sunglasses. Learn what trends and cyber threats CenturyLink sees globally and get ideas on how to shine a light on your corporation’s technical environment.
Rick Burger, Senior Solutions Architect, CenturyLink; Louie Hollmeyer, Moderator, ATC
How to Use Artificial Intelligence to Minimize your Cybersecurity Attack SurfaceSparkCognition
Cybercrime is an exponentially growing threat to the world’s businesses, governments, and citizens. Estimates of the annual impact of cybercrime on the global economy reach as high as $600 billion, and attackers have been easily evading signature-based antivirus solutions for years. Making matters worse, the exponential growth in both connected devices and malware is overwhelming the capacity of enterprise security teams. Organizations are being asked to secure IT, Mobility, IoT, and OT assets all while staying on top of the latest zero-day and polymorphic threats.
Fill out the form below to access our free on-demand version of the webinar
Brief study of Wannacry and the massive attack that took place on May 12, 2017, where the Spanish telecommunications company Telefónica was one of the first victims of this ransomware. The timeline of the events, the vulnerabilities of the company, the costs left by the attack and the possible prevention measures are reviewed.
Author: Sergio Renteria Nuñez
Similar to Ransomware 2017: New threats emerge (20)
ISTR 23 is Symantec's annual threat report about the cyber security threat landscape. Find out about the new trend of cryptojacking, what ransomware criminals are up to now, and why you still need to be mobile security aware.
Read the full report here: http://go.symantec.com/istr
Sowbug: Cyber espionage group targets South American and Southeast Asian gove...Symantec Security Response
A previously unknown cyber espionage group called Sowbug has been conducting highly targeted cyber attacks against organizations in South America and Southeast Asia and appears to be heavily focused on foreign policy institutions and diplomatic targets. Find out more in this presentation.
Further reading: https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and-southeast-asian-governments
Email threats 2017: Users encounter threats through email twice as often as o...Symantec Security Response
Email Threats 2017 casts a light on a threat landscape where attackers are actively spreading malicious threats, BEC scams, and a variety of spam through email.
While financial threats tend not to get as much news coverage as ransomware, maybe because they have a less visual impact, they are far more prevalent. With over 1.2 million annual detections, the financial threat space is 2.5 times bigger than that of ransomware.
Further Reading
Financial malware more than twice as prevalent as ransomware (https://www.symantec.com/connect/blogs/financial-malware-more-twice-prevalent-ransomware)
Financial threats review 2017 (https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/istr-financial-threats-review-2017-en.pdf)
There is increased discussion around threats that adopt so-called “living off the land” tactics. Attackers are increasingly making use of tools already installed on targeted computers or are running simple scripts and shellcode directly in memory. Creating fewer new files on the hard disk, or being completely fileless, means less chance of being detected by traditional security tools and therefore minimizes the risk of an attack being blocked. Using simple and clean dual-use tools allows the attacker to hide in plain sight among legitimate system administration work.
Further reading:
Attackers are increasingly living off the land (https://www.symantec.com/connect/blogs/attackers-are-increasingly-living-land)
Living off the land and fileless attack techniques (https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/istr-living-off-the-land-and-fileless-attack-techniques-en.pdf)
Malicious PowerShell scripts are on the rise, as attackers are using the framework’s flexibility to download their payloads, traverse through a compromised network, and carry out reconnaissance. Symantec analyzed PowerShell malware samples to find out how much of a danger they posed.
Further reading:
PowerShell threats surge: 95.4 percent of analyzed scripts were malicious (https://www.symantec.com/connect/blogs/powershell-threats-surge-954-percent-analyzed-scripts-were-malicious)
The increased use of PowerShell in attacks (https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/increased-use-of-powershell-in-attacks-16-en.pdf)
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.