Home Tags NAS
Any discussion of ransomware should begin by reminding ourselves that the term denotes malware. The “ransom” element is a matter of impact, not a root cause. As a result, many of the strategies applied when protecting against common malware should also be applied to ransomware. Having said this, ransomware is one of the most common types of attack, given that it is easy to generate and distribute. A recent piece of research from Isaca shows that the threat is set to continue, with 20% of global IT security experts placing this type of attack in their top three threats for 2016. Once in the wild, a typical ransomware script will infect numerous environments very quickly, with the command and control structure designed to harvest small sums of money through anonymised payment mechanisms such as Bitcoin. Ransomware attackers rely on broad and indiscriminate dissemination of malware, without necessarily targeting any specific group of people or companies. Specimens such as TeslaCrypt, CryptoWall and TorrentLocker reveal a wide variety of ransomware, ranging from unsophisticated varieties embedded in Microsoft Word documents to fairly complex script-based infiltration. In this aspect, security managers should be conscious of the fact that ransomware often utilises channels that were thought to be extinct, such as macro virus infection. Steps to protect against ransomware There are a number of steps that organisations and individuals can take to increase their security and strengthen their defences: Promote awareness by communicating defensive capabilities against generic malware to users. It should be noted how phishing, social engineering attacks and suspicious websites can all pave the way for infection. Strengthen scan-and-detect defensive capabilities across the organisation. There are many tools that will identify, repel and neutralise malware, including ransomware. However, it is important not to rely on a single anti-virus or anti-malware system, but a wide range dedicated to different types of attack. Update and adjust target platforms such as Microsoft Office to include blocking mechanisms. All too often, infected Office-based documents and spreadsheets can slip through because defences have been disabled in favour of user convenience. Both organisations and individuals should consider where their data resides. Ransomware is usually restricted to local hard drives or locally available shares. Information assets should therefore be held in at least two air gapped locations, such as a portable hard disk for daily backups of important data, and an additional network-attached storage (NAS) for larger backup jobs. Even after ransomware infection, important files can then be recovered. For personal data, DVD or BluRay backups retain the advantage of read-only access. A fuller list of associated controls is available in the complimentary Threats & Controls tool from Isaca’s Cybersecurity Nexus (CSX). Attacks may lead to greater costs There is some considerable effort required to protect against ransomware, especially in complex enterprise environments. However, given the current level of helplessness – up to the point where official authorities have recommended giving in and paying the ransom – this extra work is a vital step towards saving time and money. To help your thinking as a business leader on how important it is to protect yourself against this form of attack, it is worth remembering that even one successful ransomware attack on your organisation or private IT environment is likely to be much more expensive than taking preventive measures. Rolf von Roessing is a past international vice-president of Isaca and president of Forfa. This was first published in February 2016
Virtual NAS Solution Offers Support for Amazon EC2PITTSBURGH, PA - November 5, 2014 - Avere Systems, a leading provider of enterprise storage for the hybrid cloud, introduced a virtual NAS solution that provides the ability to deploy and scale compute in the cloud while using both on-premises and cloud-based storage resources. Version 4.5 of Avere's flagship OS delivers Virtual FXT Edge Filers for use within the Amazon Elastic Compute Cloud (Amazon EC2). "With this software-only version of Avere's FXT Edge Filer series, companies can finally connect the dots between the compute cloud, storage cloud, and on-premises storage without sacrificing performance, worrying about security, or breaking the bank," said Ron Bianchini, president and CEO, Avere Systems. "Avere is excited that this virtual NAS solution will enable companies to take advantage of the flexibility and enormous scale of cloud computing with no radical changes to applications or storage infrastructure. For many customers, this enables them to realize the promised benefits of the cloud." Addressing Big Data and the Compute CloudCloud computing is rapidly gaining acceptance by enterprises that require efficient and highly scalable compute resources. Enterprises can benefit from the unique flexibility to permanently move their IT infrastructure to the cloud or temporarily add resources at peak times; however, the compute cloud also presents challenges for big data applications. Application data is massive and typically stored on the customer premises or in the storage cloud, both of which have high latency to the compute cloud. Avere is changing this with a virtual NAS solution that delivers its record-setting Edge Filer technology in a software-only product that runs in the compute cloud alongside the applications, providing low latency access to the active data and enabling applications to run at maximum performance. Avere's Virtual FXT Edge Filers are simple to install and manage, provide best-in-class NAS functionality (including NFS and SMB/CIFS), and cluster to deliver high availability, scalable performance and capacity. Cloudbursting SupportThe Virtual FXT can also be used for burst computing in the cloud at peak times with no hardware purchases or long-term commitment to software licenses, allowing companies to provision compute on a pay-as-you-go monthly basis."As more businesses turn to the cloud not just for storage but also for compute power, solutions like Avere's are a viable option for helping organizations store data wherever they need, whether on premises or in the cloud, and still instantly harness the compute power their current business demands wherever those resources may be available," said Terri McClure, senior analyst at Enterprise Strategy Group. "Avere is bringing data to the compute resources without data migrations, providing real value in terms of giving enterprises true flexibility in sourcing compute resources."Availability The Avere Virtual FXT is generally available and can be purchased directly from Avere Systems and authorized resellers and deployed by customers as an Amazon Machine Image (AMI) within AWS EC2. End-user software pricing starts at $2.50/hr and the software can be licensed on a monthly or yearly basis.Additional ResourcesAvere Cloud Bursting White PaperAvere FXT Edge Filer Series Data SheetAbout Avere SystemsAvere is radically changing the economics of data storage. Avere's hybrid cloud solutions give companies—for the first time—the ability to end the rising cost and complexity of data storage and compute via the freedom to store and access files anywhere in the cloud or on premises, without sacrificing the performance, availability, or security of enterprise data. Based in Pittsburgh, Avere is led by veterans and thought leaders in the data storage industry and is backed by investors Lightspeed Venture Partners, Menlo Ventures, Norwest Venture Partners, Tenaya Capital, and Western Digital Capital. For more information, visit www.averesystems.com. ### Media Contact: USA:Bhava Communications for Avere SystemsAmber Winans510firstname.lastname@example.org Rest of World:Omarketing for Avere SystemsRose Ross+44-208-255-5225 email@example.com Source: RealWire
Shellshock is getting NASty. The vulnerability is being exploited in network-attached storage devices, FireEye reports. Shellshock, the vulnerability in the Bourne Again Shell (Bash), is taking a new twist and is now being actively exploited in network-attached storage (NAS) devices, according to a new report from FireEye. The Shellshock vulnerability, first reported Sept. 24, could enable an attacker to inject arbitrary commands into a system where Bash is used. Bash is widely deployed on Linux operating systems, which are found in a wide variety of embedded devices, including NAS boxes. FireEye reported that, starting on approximately Sept. 26, it began noticing Shellshock-related attacks against NAS devices. The attackers were not just scanning for vulnerable systems; they were also actually attempting to inject code that would allow them to retrieve files. Currently, FireEye is only aware of a single NAS vendor being targeted: QNAP. While the QNAP NAS devices are targets, James T. Bennet, a staff research scientist at FireEye, told eWEEK that QNAP has already issued a patch. While FireEye has discovered the attacks, it hasn't sat idly by and let customer data be stolen. Although FireEye has seen the Shellshock NAS attack attempt to deliver backdoor code, "as far as we can tell, no data was stolen since FireEye blocked the attack from successfully completing," Bennet said. "If the attacker had been successful, they would have access to any file on the file system—we have no info on what they were after specifically." The attacks monitored by FireEye were against universities and research institutes in Korea, Japan and the United States. Determining whether a NAS devices has been infected via Shellshock is currently somewhat of a manual process. "We are not aware of any scanner or script to do this for you; however, it is actually fairly easy for a system administrator to know if they have this particular backdoor installed on their NAS," Bennet said. He recommended steps a NAS administrator can take to find a NAS Shellshock infection: 1. Check if the following Secure Shell (SSH) key was added to the file at /root/.ssh/authorized_keys: AAAAB3NzaC1yc2EAAAADAQABAAABAQCmm9yrZmk82sex8JLLeWs/y4v6iI4cxgqm6Y3sDkT/d5WJZ39pm6k6x8Z7mTKyVWJUSV2MOcwzfUuk10jmaT9PO0Og0mAEv5ZQwFKPZaMvXkI/6B/LQx//RkCWLA7l68/8kKeTV/1bU/iLu/kK4xVFVTQFDh4H72cGCuovslTzqaSZjDDkrDx2uGkWXFejoOBCeGm8aDjZchcekAJBlnHhc56N6vjjwNlDi2gw1pmD+gmNafUYQoimbGPPfKK84TZIBlnNdFIBfz/YbAn4Vib/5HJb9JdFVt+sKiVzm4EPVrY4WwRIvhugmPwlazGcYFZQpB6FFJ2FDmlQAQUugyiv root@nova2. Check for the existence of any of the following files:onceterm_i686term_x86_64 3. Check for a process named term_i686 or term_x86_64 listening on a TCP port or having an established TCP connection to another host. Aside from patching for Shelldhock and then making sure a device has not already been infected, NAS administrators can take other steps to limit risk. "The best thing you can do, aside from patching is to not leave your NAS directly exposed to the Internet; it is asking for trouble," Bennet said. "At a minimum, restrict access to only IPs/networks you trust, disabling unneeded services as well as monitoring access logs for unauthorized activity." Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.