Archives For fox news

foxJust Returned From An Interview With Fox News…Apple Has Been Hit!

Apple has finally been hit by ransomware. Here’s what you need to know…

The reporter had heard things like, Apple can’t be attacked by malware! Wow, is that wrong. True, Microsoft gets hit more often, but there are instances of Apple Malware out there. This is reportedly the first fully-baked ransomware attack on Apple – discovered over the weekend.

The first thing you need to know is, “your prospects think they’re protected by firewalls and passwords”. They’re not.

This attack has nothing to do with either. The only defense, had one of your clients downloaded the BitTorrent Software (Transmission) that was infected, would have been a managed data collecting type security program.

Arctic Wolf, out of Sunnyvale is a great example.  Some UTM firewalls, like Check Point Software, with the appropriate detection functions turned on would also have detected it. And you would have had 3 days to respond, if the technology didn’t block it.

What Software Are We Talking About?

The software is Transmission 2.90.  It’s a peer to peer software client that uses the BitTorrent protocol to move data.

Nearly 50% of the traffic on the Internet today is BitTorrent in some form or another. A lot of it is used for illegal stuff like pirating movies.  But it’s also used by Facebook, Twitter, Government Agencies, Video Game Companies, and more.  It’s only the Transmission version 2.90 that’s a problem, and the Transmission company has already released 2.92.

What’s important here?

It’s the detection / response message. Ransomware has been around for about 10 years. The past three have seen tremendous growth.  Three years ago there were about 100,000 instances reported. Last year that went to 600,000. The biggest ransom paid so far, that I know of, was the $17,000 dollars paid last month by Hollywood Hospital. Lives were at stake, so they paid it.  Most of these attacks target smaller businesses.

Statistically only about 3% of those infected pay, but experts agree that the number is much higher. That’s all that are reported. The hospital, by law, had to report this attack. Many small businesses will pay it and move on.

Your Opportunity Is Now

Get out to your clients now!

They have a couple of days before encryption happens if they’re infected, but chances are they use Microsoft, not Apple, on the desktop.

But even if they don’t use Transmission Software and Apple, it makes sense to recommend an assessment – chances are they have something urgent. You just need a reason to show them.

Remember, scanning isn’t enough. You need some data collection. Move them to UTM Firewalls, add ongoing monitoring services, and remind them, this was Apple and Transmission. Tomorrow it will be Microsoft and something they use every day.  When it hits, no one will be able to save them. They’ll either lose data or pay the fine. The more they pay the fine, the more criminals are going to do this.

© 2016, David Stelzl

 

 

Advertisements

foxThe Apple Encryption Dilemma  is a Bigger Issue Than Most Think…

Yesterday FOX News Interviewed Me on The Apple Phone Issue…Watch The Video!

The VIDEO REPLY (CLICK)

Here’s the Fox News Article: http://www.fox46charlotte.com/news/local-news/93368477-story

Trump said, “They must open it.” It sounds simple, but he’s wrong in my opinion – Yes, terrorists are hitting our country and planning more attacks. The San Bernadino Phone could provide information that would stop the other attack.  But have you read Tim Cook’s letter on the Apple Site?  News reports like Donald Trump’s Interview miss the main point of it all.

The court is ordering Apple to change their operating system to make it less secure.  What do you think Apple should do?

Some things to think about….

  1. Security Experts spend decades developing encryption that will meet FIPS standards, allow for online banking, investing, and money transfers – even Apple Pay!  The government is asking them to now create a backdoor to it all.
  2. Nothing digital is actually safe in the long run – who keeps the keys to the new back door?  Does apple or the NSA. What happened when RSA lost their encryption keys? Will this happen again?  Who do you trust with your phone as it becomes more and more the repository of your private life?
  3. This is Apple – what if the next terrorist uses Blackberry or Android?  So now there are no secure phones on the market. Do government officials now get a special phone that can’t be tapped into? What if the terrorist is in the government?  Hmmm.  Can that happen – have we seen any military personnel involved in shootings. Texas?

What About Stopping Terrorists…

  1. Is this the best next step? Did our government have some indication this couple was getting ready to do something? My understanding is that they did – through Facebook. But were called off by their superiors.  Is this better than some profiling measures?
  2. What about gun control? I know this is a hot topic. But the truth is, all good security is based on DETECTION / RESPONSE.  You can’t keep bad guys out. Was there a response plan in place once this couple was detected?  Not a good one – in fact all gun-free zones are targets and Apple Phone encryption won’t stop it.  The bad people are armed – Government can’t stop that. Are the good people able to respond?  Not without a response plan that include self defense and stopping the attacker.
  3. Could government issued malware be used, like it was with StuxNet? Is this a better solution that compromising the security our businesses depend on?  This is simply the next step in bugging a phone or staking out someone’s house under court order.

I’d love to hear what you think….

© 2016, David Stelzl