Dec 11, 2021 | Tech
Sophos, a global leader in next-generation cybersecurity, today released new findings on the Tor2Mine cryptominer, “Two flavors of Tor2Mine miner dig deep into networks with PowerShell, VBScript,” that show how the miner evades detection, spreads automatically through a target network and is increasingly harder to remove from an infected system. Tor2Mine is a Monero-miner that has been active for at least two years.
In the research, Sophos describes new variants of the miner that include a PowerShell script that attempts to disable malware protection, execute the miner payload and steal Windows administrator credentials. What happens next depends on whether the attackers successfully gain administrative privileges with the stolen credentials. This process is the same for all the variants analyzed.
For example, if the attackers manage to get hold of administrative credentials, they can secure the privileged access they need to install the mining files. They can also search the network for other machines that they can install the mining files on. This enables Tor2Mine to spread further and embed itself on computers across the network.
If the attackers cannot gain administrative privileges, Tor2Mine can still execute the miner remotely and filelessly by using commands that are run as scheduled tasks. In this instance, the mining software is stored remotely rather than on a compromised machine.
The variants all attempt to shut down anti-malware protection and install the same miner code. Similarly, in all cases, the miner will continue to re-infect systems on the network unless it encounters malware protection or is completely eradicated from the network.
“The presence of miners, like Tor2Mine, in a network is almost always a harbinger of other, potentially more dangerous intrusions. However, Tor2Mine is much more aggressive than other miners,” said Sean Gallagher, senior threat researcher at Sophos. “Once it has established a foothold on a network, it is difficult to root out without the assistance of endpoint protection software and other anti-malware measures. Because it spreads laterally away from the initial point of compromise, it can’t be eliminated just by patching and cleaning one system. The miner will continually attempt to re-infect other systems on the network, even after the command-and-control server for the miner has been blocked or goes offline. As cryptocurrencies continue to increase in value and support the ever-growing ransomware and cyberextortion landscape, we may well see more, and more aggressive, variants of other cryptominers emerge.”
Sophos researchers also discovered scripts designed to kill off a variety of processes and tasks. Almost all of them are related to crimeware, including competing cryptominers and clipper malware that steals cryptocurrency wallet addresses.
“Miners are a low-risk way for cybercriminals to turn a vulnerability into digital cash, with the greatest risk to their cash flow being competing miners discovering the same vulnerable servers,” said Gallagher.
Sophos recommends the following to help organizations protect their networks and endpoints against cryptominers such as Tor2Mine:
- Patch software vulnerabilities quickly on internet-facing systems, such as web applications, VPN services and email servers, as this will make them far less likely to fall victim to cryptominers
- Install anti-malware products – miners are usually easily detected by such technologies – particularly those that leverage Windows’ Anti-Malware Software Interface (AMSI) to spot scripts intended to shut down malware protection
- Monitor for unusually heavy use of processing power, reduced computer performance and higher than expected electricity bills, as any of these can indicate the presence of cryptominers on the network
Sophos detects Tor2Mine variants as the MineJob family (MineJob-A through E) and detects the script behaviors of each variant.
Indicators of compromise for the Tor2Mine variants discussed in the research are available on SophosLabs’ GitHub page.
Learn more about the Sophos analysis of Tor2Mine at SophosLabs Uncut.
Dec 11, 2021 | Tech
Global cloud-led, data-centric software company NetApp (NASDAQ: NTAP) today announced that it will be furthering its focus on India by enabling its Indian entity to conduct business locally and directly with its vibrant customer base in India via its strong partner network. This will ensure that NetApp customers are able to reap the benefits of the latest NetApp technologies without bearing import costs while also bringing in the pay as you go model that comes with NetApp Keystone. NetApp Keystone is a program that offers a seamless hybrid cloud experience, with lesser up-front investments. This allows NetApp customers to free up their cash flow and increase financial flexibility with the right mix of payment, subscription, and usage-based services.
“NetApp has been growing in India thanks to our hybrid multi cloud outlook, and our position as a trusted partner for our customers. We have had a double-digit percentage growth, year-on-year, in the All-Flash Array (AFA)[1] market segment in India , according to the IDC Worldwide Quarterly Enterprise Storage Systems Tracker, Q2 2021 (September 2021 release). This performance elevated NetApp’s position from third to first, quarter-on-quarter, in the local AFA segment, with a market share of 30.1 percent by vendor revenue. Be it the AFA which is a cornerstone of modern storage, or a partnership with AWS, Microsoft Azure, or Google Cloud, we are uniquely positioned to delivering towards our customers’ vision of a cloud-led future”, said Puneet Gupta, Vice President & Managing Director, NetApp India & SAARC.
NetApp has been in India since year 2000, for over 20 years now. In 2003, the company kickstarted R&D operations in Bangalore, India. Taking its commitment to the country many notches higher, in 2017, NetApp inaugurated its fully owned 15-acre campus in Bengaluru, built at a cost of INR 1000 crore. “Our R&D Centre in India is producing world class products to serve the global market and is contributing significantly to NetApp’s innovation engine. With over 500 patents filed, it holds a significant stake in our global innovation output.” said Gupta.
In 2018, furthering the promise to building innovation in the India ecosystem, the company launched NetApp Excellerator, the first ever startup accelerator program with a focus on data-driven startups globally. Since then, over 50 startups have graduated via this global program based in India and it continues to run successfully with its 9th cohort.
A leader in storage systems and software and an innovator in cloud services, NetApp’s Public Cloud segment revenue grew 155% y/y in Q1’22. Only NetApp offers the full range of capabilities that customers need to build and manage their unique data fabric to solve the financial, operational, and technical barriers to adopting hybrid multi-cloud environments.
“In today’s environment, cloud sets the benchmark for customer experience. The solutions we are introducing today are an extension of that philosophy – what data fabric has done to simplify and integrate data infrastructure; our new flexible consumption models do at the business level. With this new entity in place, and through NetApp Keystone, we will now be able to pass on greater benefits to our customers than ever before. Our partners will continue to help our journey towards customer success with new programs being rolled out shortly as well.” sums up Gupta.
Dec 11, 2021 | Business, Tech
In an era that is truly augmented by technology, very little innovation has happened in business email segment over the last two decades. As email is used by over 1/6th of the global population for work, innovation in professional email suites is crucial to help businesses and professionals to create richer, and more valuable connections with customers.
Of late, next-generation email features are allowing businesses to send out more interactive emails to clients, enabling them to build closer relationships with respective customers.
As emails pave the way for building deeper relationships with customers, providing a superior experience along the way is imperative. Here are some of the innovative email features that are built to delight professionals and businesses:
- Scheduled Send: Email overload is a real thing and most of us are waking up each morning to a full inbox. So if there are important business emails, users can’t just send them on your timeline and hope that they get read. It’s the reason why Send Time Optimization is a core principle of email communication. From prospecting new opportunities to sending deal proposals, a business’s livelihood is often carried out over email. With new Schedule Send feature, you can write emails at the time that works best for you and schedule the delivery when it works best for your recipients
- Follow-up Reminders: Most of the emails we send, are often followed by a follow-up or a reminder email. However, professionals can now use another innovative feature, follow-up reminder option to add reminders to emails. They can watch an email while composing it and get reminded of it later based on the chosen options. Also, it allows them to track their email-based work items, easily using the reminders
- Email Templates: New age email suites have features that enable users to develop email templates associated with their email accounts. Now, users can send an entire templated response in a matter of seconds with this feature! Users can use preloaded templates or create templates for frequently sent emails which they can save and reuse. This allows users to avoid retyping the same message.
- Signature Builder: Users can now add a signature to their emails and format the signatures to their liking, by using bold, italic, underlined text or hyperlinking to respective website or social profiles, and adding company logos. If they like to use a custom format, they can choose to edit as raw HTML, and once done they’re just required to click Save and their signature will be ready.
- Integrated Calendar: Integrated calendars allow users to stay on top of their schedule and never miss important events. Users can view all meetings at-a-glance, by day, week, and month, and also set up meetings from within the calendar.
Professional suites such as Gmail, Titan, Outlook, etc. are offering distinctive communication features and disrupting the enterprise communication market. For better customer and user experience, it is important to make sure that we continue to reshape our communication approach along with technological email innovations that these companies are bringing to the market. Integrating these unique email features to increase email deliverability, improve NPS in email through a reliable email service are essential for a great client experience.
Dec 11, 2021 | Tech
Druva Inc., today shared its predictions highlighting how organizations are likely to evolve their data resiliency and protection techniques to combat the evolving ransomware threat of tomorrow. Next year will see a dramatic increase in both the volume and complexity of ransomware attacks with cyber criminals increasingly trying to avoid detection as they seek to gain control, encrypt and exfiltrate critical data from business environments including edge devices, SaaS application such as Salesforce, Microsoft 365, virtual machines and cloud native applications.
Ransomware is one of the most popular methods used by hackers and malicious actors, and according to Sophos, the total cost of recovery from a ransomware attack has doubled in the last year to more than $1.85 million¹. Its lucrative nature has incentivized bad actors to expand the scope of their attacks, including the introduction of new variants designed specifically to encrypt or delete backup data, destroying organizations’ last line of defence and further incentivizing payment.
Today, cyber criminals are able to attack virtually any organization because ransomware has gone mainstream by becoming “as-a-service.” These attacks target users to penetrate security and once inside, silently spread through the environment. Considering this ongoing threat from ransomware, Druva’s industry experts expect the following technologies will be critical to helping businesses enhance resilience, respond to ransomware and recover with confidence.
- AI and intelligent automation will help fight back against ransomware
AI and intelligent automation will play a crucial role in the fight against ransomware in 2022. It is not the need for new AI/ML developments, but the need for data protection and resiliency solutions to collect, process, and analyse end-to-end metadata at scale using AI/ML at each step. Readiness, remediation, and recovery will empower the fight against ransomware.
- Businesses will have to strengthen data resilience to combat ever-evolving ransomware
In a multi-cloud environment, it is nearly impossible to defend the perimeter, so customers will invest more to protect what the attackers are trying to access – their data. Customers will explore technologies such as:
o Data resiliency to ensure that data will be automatically protected and recoverable, regardless of the attack
o Data classification to identify the type and location of data throughout the organization, so they can minimize the risk to their most sensitive data
o Data access governance to manage who and what can access data
o Data access analysis to monitor the patterns of who or what is accessing data
- Organizations will focus on securing and protecting the edge
With the advent of the “Work from Home” trend, employees are now working on laptops and are constantly connecting to unsecured networks which leads to several entry points that can potentially be exploited by cyber criminals. In 2022, companies must think about security and data protection to the edge, securing and backing up all these devices, as they currently contain some of the organization’s most valuable data.
- Emerging ransomware strains like Conti to be combated with the cloud and data-protection-as-a-service (DPaaS)
Ransomware gangs like Conti often cause customers hardship with ransomware attacks and not delivering on their promise of providing unencrypted data in return for the ransom paid. Organizations will need to plan for such ransomware scenarios in 2022, emphasizing secure cloud-based data-protection-as-a-service (DPaaS) backup systems that provide the required level of backup protection and isolation from threat actors. Thereby, organizations will look at increasing their emphasis on ransomware-specific disaster recovery scenarios and have playbooks and do testing to plan/ respond to such scenarios.
Additionally, such services will provide capabilities to extensively integrate into security operations workflows and tools. Security teams will be required to monitor the security posture of the backup environment and integrate backup into their security operations workflows. IT (backup) and security will need to collaborate to address this problem.
¹ Sophos, The State of Ransomware 2021. Published April, 2021.
Dec 11, 2021 | Tech
Writer Information, a unit of Writer Business Services, India’s largest and most comprehensive information management company, has announced its cyber security services partnership with Morphisec, to offer its cyber threat-prevention platform in the GCC region and Africa. This partnership aims at offering Morphisec ’s patented ‘Moving Target Defense technology’ across advanced endpoints, virtual desktops, cloud workload and servers.
Morphisec is the latest entrant into Writer Information’s compelling and complementing offerings in the cloud and data portfolio in cyber security, data, network and application management. It uses the power of moving target defense, a wholly innovative approach to prevent cyberattacks and threats. Morphisec solutions deliver operationally simple, proactive prevention unbound by the limits of detection and prediction. They protect businesses around the globe from the most dangerous and sophisticated cyberattacks.
Cyberattacks have become a menace globally and according. As per the UAE Government Cyber Security, UAE has seen at least 250% increase in cyberattacks during the pandemic period. In Africa, according to an Interpol report, 90% of African businesses are operating without necessary cybersecurity protocols and over 61% of companies have faced ransomware attacks in 2020, resulting in financial losses.
To combat an impending crisis, businesses are investing millions of dollars in boosting cybersecurity systems to prevent attacks, which they may experience. With this partnership, Writer Information’s customers in the GCC region and Africa will now be able to access solutions protection to businesses around the globe from the complex and sophisticated cyberattacks.
“We are delighted to partner with Morphisec and enable our customer’s access to their patented Moving Target Defense technology and Incident Response Services as part of our bundled offerings. Through Morphisec products, we can help our clients to have the best possible protection against unknown cyber threats of ransomware & malware. With the rising number of cyberattacks and higher priority given to cyber security, the business ecosystem will benefit from our best-in-class and proactive protection services,” said Mr. Satyamohan Yanambaka, CEO, Writer Information.
Mr. Ajit Pillai, Managing Director – India & SAARC, Morphisec, was excited about this association. He said,
“Writer Information has been a force in the markets they operate, and it gives us immense pleasure to be linked with a data lifecycle and data protection enabler that boasts of a rich ecosystem. Writer Information’s distinctive industry-focused strategies match perfectly with our product roadmap. We look forward to this alliance and believe that this would help to enhance our market position in the years to come.”
Dec 11, 2021 | Tech
South Coast Improvement Company, a design-build general contractor serving states in the eastern region of the United States from the Mississippi River to the Atlantic Ocean, recently began a renovation project at the Residence at Great Woods, a LCB Senior Living property located at 190 Mansfield Avenue, Norton, Mass. The Residence at Great Woods is an assisted living home, which also offers memory care services.
The Marion, Mass.-based South Coast Improvement Company began the design-build renovation of more than 110,000 square feet of occupied space in February 2021 and will complete work in late spring 2022.
“The acceptance of the design build approach was the key reason why this project is doing so well. The level of expertise we have in this space allowed us to take the leadership role in driving this project forward through design phase, while helping to coordinate the drawings to avoid risk later in project,” said Tom Quinlan, president of South Coast Improvement Company. “Through close coordination with the management team and staff, we have put a process in place that will get this project done and done well with minimal disruption to operations.”
The project features the conversion of 24 existing skilled nursing rooms into 24 new memory care resident units and four future units. Each room will receive new cabinets and countertops, as well as a new bathroom sink, toilet and shower.
Additionally, 59 assisted living resident apartments and nine assisted living rooms will be created. The common areas will receive finishes along with new back-of-house upgrades, including a new commercial kitchen.
LCB Senior Living team has been a leader in senior housing, development and operations for nearly three decades. In that time, LCB has been involved in the creation and/or management of more than 50 senior living communities throughout New England and the Northeast. For more information, visit https://www.lcbseniorliving.com/.
With its headquarters in Marion, Mass. and with an office in Reading, Pennsylvania, South Coast Improvement Co is a recognized leader in providing building and renovation services to a client base of senior living, healthcare, institutional and retail clients. For more information, please call 508-748-6545 or visit www.southcoastimprovement.com.
About South Coast Improvement Company:
South Coast Improvement offers a range of design, construction and management services across a variety of sectors—interiors as well as exteriors—including office buildings, health care facilities, educational institutions, commercial properties, assisted living facilities, and residential communities. South Coast Improvement’s services include: Preconstruction analysis; Construction management; General contracting; Design/build services; Capital improvement; Building envelope improvements; and Interior renovations.
For more information, visit https://www.southcoastimprovement.com or call 508-748-6545.
