What Is Unified Threat Management?

Unified-Threat-Management
Reading Time: 2 minutes

Unified Threat Management (UTM) For Your Enterprise Security

Unified Threat Management simplifies enterprise security by providing IT administrators with the provision of monitoring as well as managing several security applications and the related infrastructure components through a single management console. The primary objective of Unified Threat Management is to reduce the complexity associated with enterprise security management by making itself a single point of contact for all things related to enterprise security.

Security Tools Part Of Unified Threat Management (UTM)

UTM is a collection of several network security tools like antivirus, anti-spyware, network firewall, intrusion detection, spam and content filters etc. Some UTM(s) even come equipped with VPN support. These security tools are more like plugins which when plugged into enterprise networks will protect them against various security threats.

Advantages Of Using Unified Threat Management

1. No Need for Individual Security Products: When using UTM, enterprises won’t have the need for employing individual security tools like antivirus, antimalware, endpoint protection or others, as they come integrated into unified threat management solution. Therefore you won’t even be needing that free best antivirus doing rounds in the market.

2. Enhanced Security: This is pretty obvious. With a number of different security solutions integrated together, the security system would be equipped enough to handle various types of security threats – even zero-day attacks.

3. Ease Of Use: This is the primary objective of UTMs. Implementing security tools can be pretty complex stuff. UTM makes things easier for enterprises by combining various security tools and presenting them via an easily understandable (as well as usable) user console.

About Comodo Unified Threat Management

Comodo Unified Threat Management, also known as Comodo Korugan, comes equipped with a set of impressive security features that make it one of the best-unified threat management solutions available in the market. What’s more is the fact that it comes packaged with a free UTM version as well – known as Korugan LITE. Enterprises can also make use of the other two priced editions – Korugan Appliance and Korugan VM – which offer enhanced security.

Security Features Offered:

  • Comodo Antivirus – Comodo antivirus which protects many PC(s) across the globe is a part of Comodo UTM.
  • UTM Firewall/Next Generation Firewall – advanced firewall capable of thwarting different types of malware and zero-day attacks.
  • Comodo Endpoint Manager – endpoint manager which actively protects well over 80+ million endpoints across the globe is also packaged into Comodo UTM.
  • Email Protection – Comodo UTM also offers enterprise mails protection against spams and other mail related issues via virus scanners. Other features like virus blacklisting too are available.
  • Intrusion Prevention – enterprises are also secured against intrusion based attacks with the help of 24/7 updated virus signatures.
  • Comprehensive Web Filtering – using Comodo UTM enterprises are also protected against various harmful websites available on the internet.
  • Advanced Threat Protection – offers protection against advanced threats, malware attacks and zero-day threats emerging from cybersecurity threat landscape.

Use Comodo Unified Threat Management (UTM)
Stay Secure Against Security Threats

How Anti-spam Solution Help Your Business

phishing scams
Reading Time: 2 minutes

As spam continues to evolve, conventional on-premise anti-spam solutions are failing to keep up with the ever-evolving spam issue. These anti-spam products often struggle to handle large spam volumes due to fixed hardware space limits. Once the amount of spam exceeds the threshold limits, these anti-spam solutions quickly become overloaded and lag.

These on-premise anti-spam solutions also fail to stop spam before it enters the corporate network. With no barriers in place, the company will be exposed to a steady stream of spam emails.

A few years ago, spam was the domain of text or HTML-based emails. Spammers used Simple Mail Transfer Protocol (SMTP) to deliver spam messages anonymously. When the popularity of open SMTP relays faded, spammers moved to proxy servers, dial-up services.

Spammers design personalized spam email templates and then distribute it through bulk mailing software.

To block spam emails, email service providers and organizations often relied on keyword detection. They drew up a list of keywords that commonly appeared in most of the spam emails.

While a lot of spam emails blatantly contain the same keywords, spammers are also using newer techniques to evade spam filters. Spam has now become a dangerous threat to businesses with sophisticated and diverse attacks.

Let us discuss the benefits of using an antispam solution for your business.

Increased Productivity and Email Management

With a proactive anti-spam solution, spam emails sent by unknown sources can be filtered out effectively. It saves a lot of time which would have been wasted with the selection and disposal of unwanted spam e-mails.

Protection Against Phishing Attacks

One of the most significant forms of email threats are phishing attacks. Phishing attacks are a type of cyber attack in which cybercriminals pose themselves as a genuine person or organization to get access to data from the user and the company. By using Antispam, companies can considerably enhance their security as it prevents the spam emails even before they reach the inbox.

Safeguards Your Reputation with Outbound Mail Scanning

Almost every successful organization has an effective email marketing strategy in place and, if you don’t, you should form one. Outbound mail scanning that comes with anti-spam solutions can help you deliver your newsletter to a large number of people.

Apart from automatically quarantining the spam emails and ensuring your inbox is spam free, there are many benefits associated with the use of the antispam solution. Comodo Dome Antispam is an enterprise-class antispam solution that zealously protects your inbox by preventing spam emails even before they reach the inbox.

Most anti-spam solutions are signature-based in which new and unknown forms of malware go undetected since there is a time gap between the time these new forms of malware threats are released and the time anti-spam software vendors have identified them and updated their signature file. Comodo Dome Antispam comes with Containment technology which wraps unknown files in a container until a verdict is found. While files are in the container, end-users can still operate as usual with zero risk of infection.

If you are in search of a strong anti-spam solution for your company, look no further and get Comodo Dome Anti-spam today!

Dome Antispam

Best Cloud Anti-spam Solution for your business

Anti-Spam Software
Reading Time: 2 minutes

In today’s digital era, Email and Web have become the most common form of business communications. Emails have a very high impact on every aspect of an organization as enterprises use them for their primary communications between management, staff, clients, vendors, etc.

Email-based threats such as viruses, spam, Trojans, spyware, phishing attacks are also on the rise since most of the hackers target organizations using email-based attacks.

Email threats, unsecured communications, and uncontrolled Web access not only hinder an organization’s ability to demonstrate self-regulation, but they also damage business relationships and brand image.

To prevent such attacks and to comply with the growing demands of corporate regulations, organizations are in dire need of an anti-spam solution which can prevent all kinds of email-based attacks.

If you are in search of an anti-spam solution, choose Comodo Dome Antispam which is the only enterprise cloud anti-spam solution that has containment technology built-in. It uses advanced spam filters, and content analysis engines to identify and prevent unsolicited emails from entering your network.

Let’s examine the features and benefits of Comodo Dome Antispam to see how it stacks up against other antispam solutions.

Some anti-spam solutions allow you to report spam back to the company supplying the program. It helps that company to develop the new type of filters based on the analysis of the reported spam. Comodo Dome is one such cloud anti-spam solution which reports unknown files for human analysis.

Benefits of Comodo Dome Antispam Gateway:

Most of the anti-spam solutions are signature based that use their signature file (blacklist) to detect and respond to the new type of Malware. In such signature-based anti-spam software, new and unknown types of Malware goes undetected since there is a time gap between the time these new type of Malware threats are released and the time anti-spam software vendors have identified them and updated their signature file. This is where Comodo Dome’s Containment technology comes into play.

Containment technology works by keeping the threats or harmful files under control or within certain limits. The harmful files are processed in a restricted operating system environment, thus controlling the resources and the spread of infection.

With human file analysis platform (Valkyrie) for reviewing unknown files and Containment technology, Comodo Dome Antispam is the best solution to protect your enterprise network even from zero-day attacks.

When you consider all of the features and benefits of Comodo Dome Antispam, especially the built-in containment technology, other cloud anti-spam doesn’t stand a chance against Comodo Dome. If you are in search of a good anti-spam solution, look no further get Comodo Dome Anti-spam today!

Dome Antispam

This Tick Can Fly Through Airgaps

malware attacks
Reading Time: 4 minutes

An airgapped machine is a computer that is so heavily secured that it has no physical or digital connections to any networks. They’re usually also heavily physically secured in datacenters and server rooms with carefully monitored physical access. To put new data into an airgapped machine, typically a cybercriminal would have to physically breach the facility that it’s in and use some sort of external or removable media for their attack, such as an optical disc, a USB drive, or an external hard disk. Using airgapped machines is really inconvenient, so computers are usually only airgapped if they handle very, very sensitive data. That makes them especially attractive targets for attackers. If an airgapped machine was a purse, it would be a Hermès white Himalaya crocodile diamond Birkin bag whereas a typical client machine would be one of my beloved Tokidoki bags. (I much prefer my Tokidoki bags, by the way.)

Palo Alto Networks Unit 42 discovered signs of a new attack for airgapped machines. Tick is a cyberespionage group that has targeted entities in South Korea and Japan. There’s a Korean defense contractor which makes USB drives according to very niche IT Security Certification Center guidelines for Korean public sector and private sector enterprise clientele. Unit 42 discovered that at least one of the USB drives have very carefully crafted malware on them. But Unit 42 researchers haven’t physically possessed any of the compromised USB drives. It should be difficult for an external party to get malware on one of those devices in the first place. Unit 42 calls the malware SymonLoader, and it exclusively exploits Windows XP and Windows Server 2003 vulnerabilities.

So Tick has been trying to attack airgapped machines with versions of Windows which haven’t been supported for a long time. Do a lot of these airgapped machines run legacy operating systems? It’s highly probable that Tick carefully fingerprinted their targets before they started developing SymonLoader.

Here’s the attack scenario that Unit 42 hypothesizes. Tick somehow acquired and compromised some of these heavily secured USB drives. They put their SymonLoader malware on them whenever they can acquire access to them. Once a compromised drive is mounted into a targeted airgapped Windows XP or Windows Server 2003 machine, SymonLoader exploits vulnerabilities which only pertain to those operating systems. While SymonLoader is in memory, if more heavily secured USB drives are detected as mounted to the file system, it’ll try to load the unknown malicious file using APIs designed for file system access. It’s the cycle of very specifically designed malware for very specific targets! It’s custom tailored haute couture Windows malware! It’s too exclusive for little people like me! (I use currently supported Linux Mint anyway.) Because Unit 42 doesn’t have any of the compromised drives in their possession, they can only speculate how the drives have been infected and how they’re delivered to their targets.

Tick has been known to turn legitimate applications into Trojans. Here’s what Unit 42 wrote about HomamDownloader last summer:

“HomamDownloader is a small downloader program with minimal interesting characteristics from a technical point of view. HomamDownloader was discovered to be delivered by Tick via a spearphishing email. The adversary crafted credible email and attachment after understanding the targets and their behavior…

In addition to the social engineering email technique, the attacker also employs a trick to the attachment. The actor embedded malicious code to a resource section of the legitimate SFX file created by a file encryption tool, and modified the entry point of the program for jumping to the malicious code soon after the SFX program starts. The malicious code drops HomamDownloader, then jumps back to the regular flow in the CODE section, which in turn asks the user the password and decrypts the file. Therefore, once a user executes the attachment and sees the password dialog on SFX, the downloader dropped by the malicious code starts working even if the user chooses the Cancel on the password window.”

Now it’s time to return to SymonLoader. Once a USB drive with SymonLoader is mounted into one of Tick’s targets, it tries to have the user execute it by using a Trojanized version of some sort of software that the user would want to install in their environment. Once executed, SymonLoader looks for other secured USB drives if and when they’re mounted into the file system.

SymonLoader extracts a hidden executable file from a special secured USB drive and then executes it. Unit 42 researchers haven’t had a copy of the file to examine for themselves. But they’re pretty confident that Tick is behind this attack because they’ve found shellcode which resembles shellcode the group has previously been known to use.

SymonLoader checks the machine for its version of Windows and if it’s newer than Windows Server 2003 or Windows XP, then it stops trying to do anything else. Windows Vista is its kryptonite, I guess. If the machine’s OS is Windows XP or Windows Server 2003, then a hidden window is executed which continuously checks for mounted drives as they become part of the file system. SymonLoader uses the SCSI INQUIRY command to verify if any of the newly mounted drives are of the specifically secured device model they’re looking for. If the parameters are ever matched, SymonLoader then extracts an unknown file from the USB drive.

Not a lot else is known about how SymonLoader behaves or why, but Unit 42 wrote this:

“While we do not have a copy of the file hidden on the secure USB, we have more than enough information to determine it is more than likely malicious. Weaponizing a secure USB drive is an uncommon technique and likely done in an effort to compromise airgapped systems, which are systems that do not connect to the public internet. Some industries or organizations are known for introducing air gapping for security reasons. In addition, outdated version operating systems are often used in those environments because of no easy-update solutions without internet connectivity. When users are not able to connect to external servers, they tend to rely on physical storage devices, particularly USB drives, for data exchange. The SymonLoader and secure USB drive discussed in this blog may fit for this circumstance.”

That’s some MacGyver-level malware development and distribution. It would be fascinating and illuminating to know who Tick’s specific targets are, because it’s clear that they really, really want something from them.

TRAI and Apple at deadlocks over the anti-spam mobile app

anti-spam mobile application
Reading Time: 2 minutes

The rift between TRAI (Telecom Regulatory Authority of India) and Apple deepens over the development of a government anti-spam mobile app with the Cupertino tech giant raising concerns about the user privacy. India is one of the fastest growing smartphone markets in the world, the conflict with TRAI may gravely impact on Apples plans to set up a manufacturing unit in the country. Besides that, Apple also has plans to set up its own Apple Stores in major cities.

DND or Do Not Disturb app is an anti-spam application that allows users to report details of unsolicited calls and text messages with the agency. Thus, the collected data will be sent to mobile operators by TRAI to block the spammers. Even though TRAI intentions prove right here; the iPhone maker felt that allowing broad access to users call and message logs would compromise the privacy. Last year TRAI sent out the consultation paper on privacy, ownership, and security of data to telecom networks on custody of customer data.

Back in October, Apple agreed to offer some help to TRAI in building the DND app by allowing the regulator to tap into iOS new features. However, Apple withdrew after it felt, the anti-spam app would violate the company’s Privacy Policy. The differences between both sides deepened after TRAI pushed for its DND app on the Apple’s app store.

The disagreement is a display case of the challenges confronted by technology companies while handling requests from governments and other regulatory bodies to access user data on devices. Notably, in the mid of 2017, Apple went ahead and removed numerous apps from its Chinese app store that allowed users to surf the online space privately to abide to a new Cyberlaw.

Apple is not willing to abide by the demands of the regulatory authority. Both the parties haven’t discussed the matter since last November and the Indian regulator asserted the Apple authorities that it was waiting for basic clarifications. Last week, Apple told Reuters the DND anti-spam mobile app “as envisioned violates the privacy policy” of its App Store. This is not the first time the technology giant has come into conflict with Indian authorities.

Dome Antispam

How Secure is Your Network Against Internet-Based Attacks?

Online Security
Reading Time: 2 minutes

All You Need to Know About Network Security

Protecting an organization’s network from Internet-based service attacks has become a serious concern in the recent years. New threats outplay the existing defense mechanism and it is getting complex day after day. Understanding the real purpose of cybersecurity has become more than necessity. Security experts are on their wheels to create new and effective security techniques to protect business networks from security breaches.

Network-based attacks use multiple devices to target the network server bombarding with a heavy flow of network traffic. It also requests too many services at a time that the target network cannot address the actual demands.
Host Intrusion Prevention System and firewalls are some of the preventive measures that can be implemented to completely deny network-based attacks. The security approaches identify malware interference by deploying various techniques to understand the pattern and if there is a clear difference in the pattern they are instantly denied from entering the network.

The Current Scenario of Network Security

Most of the cybersecurity attacks that happen today are mainly due to the ignorant practices of the employees that make the organizations’ network vulnerable to attacks. The following are the reasons why the current day’s business network is vulnerable to attacks
–> There is a use of outdated anti-malware software
–> Employees implement the use of easy passwords
–> Applications or the software are not updated with security patches
–> There are no proper backup of data
–> Employees unwittingly click on a malicious attachment
These are some of the most common vulnerabilities as hackers find to exploit to gain access to the technology network causing destructive data breaches.

Network Administrators can implement three preventive measures to stay away from network attacks.

  • Host-based Mitigation
  • Network-based Mitigation
  • Proactive Measures

Network Based Mitigation
Implement the use of Intrusion Prevention System
Use firewall, to limit any suspicious files from reaching the internal server. It will entitle the admin to monitor the server so as to understand where to block traffic.
Reach out to the Internet Service Provider by contacting the management team to terminate the possible attacks from reaching the organization’s network.

Host-Based Mitigation
Define a logical time limit for HTTP open sessions.
Frame a sensible time limit for TCP timeout
Implement host-based packet firewall to deny HTTP threads from spreading the attack data packets

Proactive Preventive Security Measures
Install the use of Comodo one – Remote Monitoring Management to ensure constant watch over of the network and the devices connected to it. It also helps to keep all the software, applications and programs required for the system up-to-date staying ahead of security breaches and attacks.

What is Email Spam?

ransomware
Reading Time: 5 minutes

Email spam is not only annoying but also dangerous to users. So, what is email spam? Email spam is nothing but junk email or unsolicited bulk emails sent through the email system.

It refers to the use of an email system to send unsolicited emails especially advertising emails to a group of recipients. Unsolicited emails mean the recipient did not grant permission for receiving those emails.

The use of spam emails has been growing in popularity since the last decade and is a problem faced by most email users. Email IDs of users who receive email spam are usually obtained by spambots (automated software that crawls the internet for email addresses).

Email spam is still a problem even today, and spammers still approach it the spam way. Spam accounts for billions of emails sent every day which makes up 98% of all emails. Spam causes businesses billions of dollars every year.

Even though antivirus software has come a long way, infected PCs, trojans and bots are still the major sources of spam. There are billions of public IPs available for use; each one could have thousands of PCs behind it including potentially infected trojans and bots.

With new computers being infected on a regular basis, even some of the best reputation lists such as the SpamRats list with its 70 million listed IPs can only target a small fraction of those billions of addresses.

In the time it takes for spam filters to analyze the content of the email message, find out the source of the email and then submit the IP for blacklisting, you would have already allowed email spam into your system.

Email spam is also termed as junk email, these are suspicious messages sent in bulk through emails. Most of the email spam messages are commercial in nature. They contain links that look genuine and convincingly familiar however the links leads to phishing websites that hosts malware.

Email Spam

It was first in the early 1990’s the concept of spam emails started. Reports reveal that malware infected network of computers or the botnets are used to send spam emails. Spambots are used by spammers to obtain email addresses of the target victims and send malicious emails to the obtained email list. Though the spammer sends mails to millions of email addresses, only a small number will respond or communicate with the message.

Types of Email Spam  

Email spam come in different types. The most common of all is the spam mails that are disguised marketing campaigns for business promotions. It can be promotion of weight loss programs, job offers and even any clothing brand with unbelievable offers.

Spammers use spam mails to perform email frauds. Fraudulent spams come in the form of phishing emails mostly like a formal communication from banks or any other online payment processors. Phishing emails are crafted to direct victims to a fake organization’s website that is malicious while the user ends up sharing all the personal information like login credentials, financial details to spammer who is having access to the malicious website

Preventing Email Spam

Method #1:

The most common form of spam protection is setting up a filter in front of your mail server. When an email is delivered, it first must pass through the filter before reaching the spam filter. From there (email server), it goes to the client server. In this stage, the email server knows nothing about the source of the spam and the filter doesn’t know what the client wants to do with the spam. It means that the filter must be one size fits for all.

Method #2:

Another common form of spam protection is by setting up the filter directly in the mail server. It requires a much bigger pipeline to the mail server causing more bandwidth, and there are other problems. Spam emails cannot be bounced back in this method.

Using a spam content filter can be very expensive, as the filter must accept the whole message and then apply a certain set of rules to the content that continuously changes. Relying entirely on spam filters is a constant game between the filtering software and the spammer. You set up a rule until a spammer finds a way around it. Before your spam filtering rules can be updated to accommodate the new strategy, you have already allowed lots of email spam onto your server. It’s a constant game, and it requires a better solution.

There should be a faster, more reliable solution for email spam. This is where the Comodo Dome Antispam solution comes into play. Before the spam email even enters your system, the Comodo Dome Antispam solution can detect whether or not it is coming from a legitimate configured mail server.

Comodo Dome Antispam can detect when the trojan is masquerading as a real mail server. It means better zero-day protection, no backscatter or reduced overhead costs.

Comodo Dome Antispam is the only enterprise anti-spam solution that has containment technology built-in. It uses advanced spam filters, and content analysis engines to identify and prevent unsolicited emails from entering your network.

How to Stop Spam Email With Comodo Dome Antispam

Comodo Dome Antispam delivers a combination of spam filters, content analysis engines, phishing prevention techniques to deny unsolicited emails from entering the users’ network. Dome Antispam equips to fight against the latest unknown and zero-day threats with its advanced level of protection mechanism it offers.

Comodo Antispam solution is developed to be compatible with all the Mail Transfer Agents. It is also equipped to integrate with already available email structures and is scalable to all types of users. Comodo Dome is robust and efficient in providing the filtering algorithms to provide accuracy rates through content classification and identification of spam

It provides the following capabilities to equip users to filter out the spam much effectively

Security and usability: Users, though unsure if the emails are genuine or suspicious, still have the privilege to open the attachments without having the risk of infection from malicious files.

Granular control: It give a centralized console to manage and provide a granular level of control through group-based email policies and therefore enhanced security.

Flexible and Easy deployment: It is made available in Cloud, Dedicated On-premises and Hosted Cloud.

Comodo Dome Antispam can detect when the trojan is masquerading as a real mail server. It means better zero-day protection, no backscatter or reduced overhead costs.

Comodo Dome Antispam is the only enterprise anti-spam solution that has containment technology built-in. It uses advanced spam filters, and content analysis engines to identify and prevent unsolicited emails from entering your network.

If you are in search of a good anti-spam solution, look no further and get Comodo Dome Anti-spam today!

Dome Antispam

Related Resource:

Anti-spam Software and its Applications

email security
Reading Time: 3 minutes

Spamming refers to sending unsolicited messages through electronic messaging systems. Besides consuming the corporate email bandwidth, unwanted or unsolicited emails also negatively impact employee productivity. Enterprises will thus have to keep the spamming problem in check. If this is not done, then spam can indeed result in a number of problems.

The problem of receiving an increasing number of unrequested and unwanted emails has reduced to a large extent over the past 15 years. Antispam forces, until recently, assumed that there was no way to catch an adequate number of unwanted emails to bring about a difference. With anti-spam software becoming increasingly popular, the wave of spam has indeed slowed down.

Working of a Coordinated Anti-spam Effort

ISPs and Spam

Anti-spam protection for a regular computer commences with an Internet Service Provider (ISP) such as AT&T, Cox Cable, etc. They use refined software on their email servers to instantly catch spam, thus attempting to prevent the spam from ever reaching the individual.

Anti-spam software is included by several ISPs offering email accounts for their users. However, it is not as robust as that needed by individuals. This is where anti-spam software plays a major role. This software functions from the email program, whether that is Outlook, Gmail, or various other programs. With anti-spam software, emails that have suspicious content are flagged and then immediately sent into a spam folder, instead of going into the regular inbox. These emails are thus set aside for later investigation.

Content Filtering

Content filtering is an approach in which anti-spam software analyzes an email’s subject line and body along with the words contained in a message. The headline is examined against a wide internal database of terms and words used by spammers. Some of the most obvious terms or words include:

  • Millionaire
  • Free
  • Extra cash
  • Rolex discounts

Anti-spam software plays a vital role in this approach by altering the spelling of words and employing several other tricks to prevent getting blocked so that they will be able to sneak their messages to the user. Content filters, on the other hand, just block emails containing flagged, “spammy” words, word phrases and word combinations.

Bayesian Filtering

A Bayesian spam filter is a more sophisticated and highly complex approach used for detecting spam. While analyzing an email, this filter calculates the probability of that message that is being spammed and then grades its “spamicity”. That specific message and word will be flagged as spam if the spamicity exceeds a threshold. Furthermore, the Bayesian spam filter is also capable of building a custom database by learning to choose words that are considered to be spam and those that do not fall under the spam category. This selection is based on words selected by email customers. Frequently used in the open source community, this method is capable of filtering more than 99% of unwanted messages.

Blacklisting

The IP address of the spam sender’s computer is first identified by a real-time blacklist, and this is followed by advising its subscribers’ ISPs to block emails sent from that address. This method is considered to be extremely effective, however it inevitably leads to a cat-and-mouse game between blockers and spammers – and it could also be possible for legit messages to get bounced sometimes.

Profiling

Heuristic analysis software searches for bugs, invalid message IDs, and various other telltale spam traits. It then develops a numerical score for every single email that comes in. The email gets blocked if the score hits a designated limit. At times, authorized messages also get velvet-roped.

Labeling

Labeling allows senders to just mark messages as spam or legit. Labeling of spam by senders is an existing requirement by more than 25 states.

Eliminating

Distributed identification allows a community of peer-to-peer users to flag spam for one another. Once adequate recipients object to a specific message, it then gets automatically transferred to everyone’s spam folders. This approach was pioneered by SpamNet, an Outlook add-on from Cloudmark of San Francisco.

Learn how you can eliminate spam from accessing your end-users here: https://cdome.comodo.com/antispam.php?track=9764&af=9764

Dome Antispam

Related Resource:

$31 Million Worth of Cryptocurrency Stolen in Cyber Attack

Cyber Attacks
Reading Time: 3 minutes

If you trade in cryptocurrency, your funds probably aren’t safe in a public exchange.

On June 19th, Bithumb, one of the largest cryptocurrency exchanges in Asia, changed their wallet system. They announced that they would temporarily suspend deposits while they changed wallets. Up until then, there were no known indications of cyber-attacks.

Twelve minutes after the wallet change, Bithumb made a shocking discovery. About $31 million USD worth of cryptocurrency was stolen! They paid all applicable accounts back the money that was stolen from them, but all of a sudden the company had a multi-million dollar loss and a cybersecurity incident to respond to.

The company tweeted:

[Notice for the suspension of all deposit and withdrawal service]
We checked that some of cryptocurrencies valued about $30,000,000 was stolen. Those stolen cryptocurrencies will be covered from Bithumb and all of assets are being transferring to cold wallet.

— Bithumb (@BithumbOfficial) June 20, 2018

Soon afterwards, the company deleted their tweet and retracted the statement. Weird. They may have been advised to take the statement back while they investigated the incident. But on June 21st, they acknowledged the cyber-attack publicly:

“After the incident occured on June 20, Bithumb quickly followed the procedure to immediately report [the] incident to KISA announcing that about 35 billion Korean Won worth amount of cryptocurrency was stolen. However, as we undergo recovery process on each cryptocurrency, the overall scale of damage is getting reduced. Hence, we expect that the overall damage will be less than the amount we initially expected.”

The Korean public sector has been assisting Bithumb with their incident response. They have been working with the Korean Ministry of Science and ICT’s Korea Internet & Security. Bithumb may be able to recover some of the stolen funds.

Once again, the company has assured investors who were affected by the attack that they will be fully compensated, no matter what.

“Bithumb has been administering company’s asset and customers’ asset, and all customers cryptocurrencies, as well as KRW asset, are safely stored on cold wallet and bank respectively. Moreover, we would like to ensure that Bithumb currently has about 500 billion KRW worth of company’s fund. The amount of damage that occured this time will be fully covered by Bithumb’s own company fund.”

If you invest in any cryptocurrencies, public exchanges may not be safe places to store your money. They generally aren’t as secure as conventional bank accounts of fiat currency.

Villanova University finance professor John Sedunov said, “Bitcoin and other cryptocurrencies have risen dramatically in popularity and value over the past few years. This fast run-up may have caught some exchanges off-guard, and they may not have had the capital on hand, time, or even the technical ability to ramp up security features fast enough to ward off potential attackers.”

“Cold” wallets are more difficult to attack than “hot” wallets. A “cold” wallet is a place to store cryptocurrency which is inaccessible to customers and also completely disconnected from the internet. A “hot” wallet is accessible to customers by being connected to the internet, which opens a major attack vector. Cryptocurrency money moves between “hot” and “cold” wallets all of the time.

It’s possible for you to maintain your own private “cold” wallet. Your “cold” wallet can be stored on an external hard disk or USB drive, which you should only have mounted to a computer that’s connected to the internet when you have to use it. Maybe the best approach is to put some of your cryptocurrency funds in your private “cold” wallet, and the rest in a “cold” wallet that belongs to an exchange. But you’ll need to check the exchange to see if they would transfer your “cold” wallet funds to a “hot” wallet, when and how. And even “cold” wallets aren’t completely safe from cyber-attack; they’re just generally much safer than “hot” wallets.

Or you could be like me, have no cryptocurrency, withdraw cash from your conventional fiat checking account, and store it in a fireproof safe that only you would have physical access to. But some people would think that I’m a bit eccentric.

It’s possible that during the June 19th wallet change, one of the wallets Bithumb handled contained malicious code that was the payload. More news may become public about this attack as more becomes known.

Bithumb’s a pretty big player in the world of cryptocurrency. It’s typical for them to trade over $200 million worth of funds in a day. As 2017 ended, Bithumb said that they had over a billion dollars’ worth of cryptocurrency holdings, and a net profit of about $300 million for the year. Uncle Scrooge would be proud.

Related Resources:

How To Improve Your Company’s Cyber Security Readiness

Why you’re putting your network at risk with a defensive approach to malware

The Seven Advantages of Hiring a Cyber Security Provider

Comodo products win three ‘Best+++’ awards in latest security tests from AVLab

Reading Time: 4 minutes

Awards confirm Comodo as only free product to provide 100% protection against zero-day malware.

Comodo’s Internet Security, One and Cloud Antivirus products have each been awarded ‘Best+++’ in the latest round of tests from security testing firm, AVLab. Significantly, Comodo scored 100% protection score against ransomware and cryptominers, confirming the strength of Comodo’s containment technology against two notorious threats that many experts consider unsolvable. The awards follow hot-on-the-heels of Comodo’s stellar performance in recent tests by AV-Test, where Comodo also won ‘Best Product’ in all three categories.

Best Antivirus Award

 

Both sets of tests were conducted in severe conditions which imitated real-life attacks.

AV-TEST results

AV-TEST publishes its research every 2 months to ensure its results are the most up-to-date statement about the protection offered by a solution. The researchers pit each product against a range of real-world attacks and rate each on protection, performance and usability:

  • Bulletproof protection. Comodo scored a 100% protection rating against zero-day malware attacks, inclusive of web and e-mail threats. The result repeats Comodo’s 100% performance in the firm’s February survey.
  • Superior Performance. Scoring 5.5 out of 6, Comodo beat industry averages in 3 out of 5 categories and offered extremely fast load-times when launching popular websites on high-end PCs.
  • Outstanding Usability. With another 6/6 rating, Comodo collected a perfect score of zero false-positives in 3 out of 4 categories. And with just one false-positive out of 1,615,677 scanned files, Comodo beat the industry average 10 times over in the remaining category.

You can find more details on the AV-test results here: https://www.av-test.org/en/antivirus/home-windows/

 

 

AVLab results

  • AVLab is an independent organization that conducts tests on security software for corporate networks and individual user devices. The round of tests they ran in May had a very specific aim, to test how well each product performed against the most notorious types of malware around – ransomware, cryptominers and bashware.
  • AVLab were clear that each product should be tested against living, real-world threats. To guarantee the freshness of their malware samples, they placed honeypots in multiple locations around the world. From the catch, the researchers selected 43 unique ransomware samples, 35 cryptocurrency miners, and one bashware sample.
  • Comodo Internet Security, Comodo One and Comodo Cloud Antivirus passed all tests with the highest score possible. Earning BEST+++ awards in all categories, Comodo products were the only free-for-life offerings to achieve 100% protection against both ransomware and cryptominers. More details on the AVLab test results are available here.

Containerization technology is at the heart of Comodo’s range of home and enterprise security products. Under the technology, all files which have a trust rating of ‘Unknown’ are automatically run in a secure, virtual environment known as the container. Applications in the container are isolated from the host, write to a virtual file system and registry, and are not allowed to access user data. This means untrusted (but harmless) applications can be used as normal but genuinely malicious programs are prevented from causing damage. This provides smoothest user experience possible while offering 100% protection again zero-day threats.

The faithful guard of your digital assets

This constant chain of awards hardly surprises millions of users around the world who already understand the advantages of Comodo Internet Security. They know it offers a variety of useful tools that many paid antiviruses don’t have. Comodo Internet Security delivers not only high-end protection with cutting-edge antimalware technologies but also great usability for both novices and expert users. CIS features include a powerful antivirus, firewall, automatic containment, host intrusion prevention, website filtering, protection for online banking and shopping and much more besides.

It acts as a faithful guard carefully monitoring all processes on your computer. If a suspicious event happens, it will handle it and notify you immediately.

One more advantage is its universality. It’s designed for both non-techy users and IT professionals. The former can easily install-and-forget. The software will run in the background and care of any security concerns. The latter will find a powerful range of tools that let them delve into granular configuration of the product.The icing on the top is the containment technology. The technology is the exclusive Comodo solution to beat any kind of malware. The unknown files are automatically opened in an isolated environment, so they can’t harm your machine in any way.

Team Comodo is on your side

Of course, one question we get all the time is “Why give this high-class security for free?”

“We in Comodo see creating secure cyberspace as the important part of our mission. And security of the total cyberspace depends on security of every user present there,” says Fatih Orhan, The Head of the Comodo Threat Research Labs. “So it’s extremely important to equip as many people as possible with best means of protection. That’s why Comodo Threat Research Labs (CTRL) division of Comodo Cyber Security with constant support from other Comodo departments has been aimed at creation of security products that would always outperform even paid competitors on the market. Everyone who works on Comodo Cyber Security products is inspired by the idea of providing top-tier security for everyone in the world, regardless of the ability to pay. No fees. No hidden charges. Free-for-life.

Creating and developing our endpoint products while keeping with high security and high usability is a hard challenge. It’s one that requires many factors and nuances to meet at the right time in the right place. You need to standardize operations, align processes and product visions, and get high-level commitments and support from top-level executives.

And the results are awards like the ones we mentioned today – a source of pride for every employee in Comodo. Indeed, every user in any corner of the cyberspace now is able to download the multiple independent test-proved best free security solution in the world and feel totally protected against the most cunning types of threats”.

Live secure with Comodo!
What is Endpoint Protection?

Related Resources:

How To Improve Your Company’s Cyber Security Readiness

Why you’re putting your network at risk with a defensive approach to malware

The Seven Advantages of Hiring a Cyber Security Provider