Cisco includes Italtel’s enterprise SDN applicat... » Milan: Italtel has announced its Netwrapper application has been included in the official Cisco GPL ... InfinityQS upholds ISO 9001:2015 & ISO 27001:2013 ... » InfinityQS® International, Inc. (InfinityQS) has announced that it has successfully sustained its ce... New PT Application Firewall easier to deploy, co... » London: Cybersecurity expert Positive Technologies has announced a new version of its web applicatio... Logicalis acquires Packet Systems Indonesia to g... » London: Logicalis, an international IT solutions and managed services provider, together with Metrod... Revolutionary new AI event to launch in London -... » London: With discussion around artificial intelligence (AI) at an all-time high, MACHINA Summit.AI i... Basefarm acquires The unbelievable Machine Compa... » LONDON: Basefarm has announced their acquisition of the Berlin-based The unbelievable Machine Compan... PhishMe takes home SC Europe Awards 2017 » LONDON, UK: PhishMe® Inc. has announced that PhishMe Simulator™ and PhishMe Reporter® were recognise... Prevalent acquires Datum Security for SMB third-... » WARREN, NJ:  Prevalent, Inc. has announced the acquisition of Datum Security, the leader in Third Pa... LAST CHANCE TO GAIN RECOGNITION IN POWER PLAYERS... » There are just two weeks remaining for leading younger people (aged 39 or below) to enter this year’... LEADING BUSINESSES WIN TOP INDUSTRY AWARDS » An independent panel of judges, who included the ECA’s Paul Reeve (Head Judge), Philip Buckle, Direc...



Talking Point Banner

Recently it was reported: Nearly 9,000 malware-laden servers, compromised websites found in Singapore-based Interpol operation. As a response Sándor Bálint, Security Lead for Applied Data Science, Balabit said: "When most people think of the fight against malware, the first thing that comes to mind is installing anti-malware software on end-user computers. However, as this story points out, it is just as important to protect publicly available servers so they cannot be easily turned into command-and-control (C2) servers by cyber criminals, and used in subsequent attacks on other victims.


"Before this thought is quickly dismissed with the thought "Why should I care, I don't operate any server," it's worth remembering that countless people run a server without knowing it. Just think of smart devices, home automation, remote control apps, the much-hyped Internet of Things - many connected devices offer various services through the network (thus acting as servers). When connected, such services are often accessible from anywhere on the Internet... smetimes, such a server is even carried in a pocket.

"By offering services to the public, one is implicitly running the risk that others might use those services in unintended ways - including turning them into C2 servers. Whether or not this is going to happen depends on a number of factors: how securely the server component was programmed, whether the service uses any authentication, if there are known problems in the network protocols used, whether adequately strong passwords are being used, if the service is running 24/7 or only for short periods of time - and oftentimes, sheer luck factors in. And if unintended usage does happen, it could be a targeted attack against the server and its data, or the server can be used as a jump host to target others and to help cover the tracks of the criminal exploiting it - sometimes over an extended period of time.

"As a result, it is now easier to become an unwitting accomplice in cybercrime than ever before.

"Running a publicly accessible server is a responsibility. While it's not always possible to prevent any and all abuse, decreasing the attack surface (e.g. by turning off unneeded services) is essential, as is taking steps to detect and stop attacks, such as usingmonitoring solutions. Many services are able to generate usage logs, and this information can (and should) be collected and regularly reviewed. If possible, such data should be analyzed looking for signs of unusual patterns and changes in trends - preferably, the analysis should be automated.

"In some cases, the most malware defense is simply turning off unnecessary services - such as switching off your smart TV when you are not using it."