PETR CHALOUPKA NAMED TO NE100

GREYCORTEX is happy to announce that CEO and Co-Owner Petr Chaloupka was named to the New Europe 100 (NE100). The list is made up of individuals selected by the Financial Times, Google, the Visegrad Fund, and Res Publica.

Now in it’s fourth year, the 2017 New Europe 100 “is a list of central and eastern Europe’s brightest and best citizens who are changing the region’s societies, politics, or business environments and displaying fresh approaches to prevailing problems. The aim is to raise the profile of changemakers in emerging Europe and to build connection among those in the vanguard.”
Previous editions of the NE100 have included such well-known business leaders as Vaclav Muchna, CEO of Y Soft.
You can read more about the NE100 here: http://ne100.org/news/show/new-europe-100-challengers-2017,5a166ff03228719568984a76


About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

MENDEL PARTNERS WITH BRNO UNIVERSITY OF TECHNOLOGY (VUT)

GREYCORTEX is happy to announce that our MENDEL network security tool is now part of the Brno University of Technology (VUT) cybersecurity program. MENDEL is used as part of the compulsory Bachelor’s course called “Information and Communication Technologies Security 2”, offered in the Faculty of Electrical Engineering and Communication specifically the Information Security Program.
The course teaches extended information and communication security knowledge of secure network device configuration, secure configuration testing, and penetration testing. MENDEL is used in laboratory exercises as a visualisation tool for various scans, exploits, and other tests practised by students.
VUT is in the top 5 % of world universities, and offers wide range of education programs. The 30 students in the course as well as the Lecturers are happy that MENDEL’s advanced security tools are available to them. They were especially interested in MENDEL’s intuitive filter and full network visualization. GREYCORTEX is happy to work with the next generation of Security Analysts and to provide the right tools to ready them to participate in the future of network security.

 

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

AV-Comparatives Names ESET Endpoint Security Solution as the Lightest on the Market

Today, global IT security vendor ESET has been awarded top marks by AV-ComparativesESET Endpoint Security has been named the lightest endpoint security solution on the market by the world’s leading security software testers AV-Comparatives. Following a series of performance tests on a number of endpoint security solutions, ESET Endpoint Security was commended for its low system impact.


Using one of the largest sample collections in the world, AV-Comparatives provides the most accurate test by creating a real-world environment and replicating the scenarios faced by everyday users.

ESET Endpoint Security provides businesses comprehensive IT security via multiple layers of protection including trademark NOD32® detection technology combined with machine learning. It protects networks from malware and phishing attacks and stops harmful malware from breaching your system. It provides complete data access protection and fully adjustable scanning, including cloud-powered scanning.


“ESET’s business solution made an impressive run in another of our Business performance tests, reaching the lowest impact score of all tested solutions,” commented Andreas Clementi, CEO at AV-Comparatives.


AV-Comparatives rated ESET’s product at an industry high, with a total score of 98.3 in the industry recognized PC Mark tests. The software was praised as ‘very fast’ for browsing websites, launching applications, installing and uninstalling applications, downloading files, as well as archiving and unarchiving files.


“We pride ourselves on developing products that give the most robust protection to enterprises without slowing down their systems,” said Michal Jankech, Business Product Manager. “AV-Comparatives is the most renowned testing organization out there so it’s great to see that ESET Endpoint Security software has scored as the lightest on the market. Business and consumers can rest assured their systems won’t be impacted and will continue to run at high speeds, all while maintaining the highest level of protection.”

You can read more about ESET Endpoint Security and request a free trial here.

Read the whole report by AV-Comparatives here.
 

About Version 2 Limited

Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET

Founded in 1992, ESET is a global provider of security software for enterprises and consumers. ESET’s award-winning, antivirus software system, NOD32, provides real-time protection from known and unknown viruses, spyware, rootkits and other malware. ESET NOD32 offers the smallest, fastest and most advanced protection available, with more Virus Bulletin 100 Awards than any other antivirus product. ESET was named to Deloitte’s Technology Fast 500 five years running, and has an extensive partner network, including corporations like Canon, Dell and Microsoft. ESET has offices in Bratislava, SK; Bristol, U.K.; Buenos Aires, AR; Prague, CZ; San Diego, USA; and is represented worldwide in more than 100 countries. 

NetJapan releases ActiveImage Protector 2018: NetJapan’s flagship Backup and Recovery solution now includes Virtual Standby Availability (VSA)

Tokyo – NetJapan, Inc. publisher of disk imaging backup, system disaster recovery, and virtualization software, announces the release of ActiveImage Protector™ 2018. NetJapan’s virtual standby availability technology, vStandby™, is now integrated into ActiveImage Protector. Combining both image backup and VSA provides greater value by incorporating the convenience of point-in-time switch-over, and dynamic recovery in a single solution.

NetJapan’s Virtual Standby Availability Technology, creates and maintains dormant point-in-time Virtual Standby Replicas (VSR) of physical or virtual source machines in Hyper-V or VMware environments, and are ready for use; ensuring business continuity. ActiveImage Protector 2018 includes task tools for verifying backup integrity and bootability, and consolidating backup images, via post-backup processing. NetJapan’s BootCheck™ provides confidence that your backup images are bootable, whether restoring or virtualizing.

New features

  • Post-backup processing including BootCheck™ and consolidation
  • Virtual Standby Availability • Updated and improved P2V, V2P, P2P, and V2V processing
  • Enhanced Full-state file recovery retains access rights
  • Supports Windows 10 Fall Creators Update

ActiveImage Protector 2018 will be made available as following platforms: Server, Hyper-V Enterprise, Cluster, Virtual, IT Pro, Desktop, and Linux editions. ActiveImage Protector 5 will be available for home and small office users.


About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Actiphy
Actiphy founded in 2007, focuses on developing and offering innovative backup and disaster recovery solutions for complete protection of all your systems and data. ActiveImage Protector backs up Windows, Linux machines on physical and virtual environments and restore systems and data fast for you to be up and running with minimal downtime and data loss. Today Actiphy hold 20% of the image backup market in Japan and are expanding our services in the Asia/Pacific and North American regions, as well as in Europe, the Middle East and Africa.

Bad Rabbit:勒索病毒Not-Petya變種重現

最新資訊(中歐時間10月27日15:35時):一份新報告指出,美國國家安全局所洩露的駭客工具之一“EternalRomance”,已被利用來在網路上傳播Diskcoder.D。我們透過安裝微軟公司緊急漏洞修復MS17-010(用以彌補美國國家安全局洩露駭客工具所利用的系統漏洞)來確認此訊息,並從而阻止該惡意程式借助IPC$共用資料夾方式進一步散佈。

一款新的勒索病毒於10月24日爆發,已攻擊包括歐洲大部分地鐵系統,其中也包含烏克蘭部分重要基礎通訊設施。有關這一新變種的詳細介紹,請見下文。

藉助對知名網站進行Watering Hole(水坑)攻擊,使使用者在不察覺的情況下自動下載

Bad Rabbit的散佈途徑之一,就是在使用者毫無察覺的情況下自動下載。一些知名網站已被攻陷,HTML文本或某個.js檔之中被植入了Java腳本。

植入腳本後的樣本如下所示:

該腳本向185.149.120[.]3回饋資訊,目前該位址暫無回應。

  • 瀏覽器使用者代理
  • 引用頁
  • 已訪問網站的cookie
  • 已訪問網站的功能變數名稱

透過攻擊伺服器端邏輯運算,認定訪客是否具有攻擊價值,之後再把內容添加到頁面之中。此時可看到彈跳視窗,頁面中央顯示請使用者下載Flash播放機更新版的提示資訊。

點擊“安裝”按鈕後,便開始啟動來自1dnscontrol[.]com的可執行檔下載進程。可執行檔名為install_flash_player.exe,實際就是W32/Diskcoder.D下載器。

最終電腦會出現下列勒索資訊:

 

付款方式頁面如下:

藉助SMB散佈

Win32/Diskcoder.D能夠藉助SMB散佈。與一些公開說法不同的是,該勒索病毒並不像Win32/Diskcoder.C(Not-Petya)爆發時那樣,利用“EternalRomance”漏洞。它會首先掃描內網,查找開放的SMB共用記憶體。目標共用帳號如下:

  • admin
  • atsvc
  • browser
  • eventlog
  • lsarpc
  • netlogon
  • ntsvcs
  • spools
  • samr
  • srvsvc
  • scerpc
  • svcctl
  • wkssvc

在已被攻陷的電腦上啟動Mimikatz,擷取用戶名和密碼。常見容易被攻擊帳號密碼組合如下。



當找到適當組合後,便會在Windows資料夾中釋放infpub.dat檔,通過SCManager和rundll.exe執行。

加密

Win32/Diskcoder.D是Win32/Diskcoder.C的變種,已修復了原有的檔加密缺點。現採用DiskCyptor加密,用於全硬碟加密的一種合法開源軟體。金鑰通過CryptGenRandom生成,並採用RSA 2048位公共金鑰保護。


如同前身一樣,使用了AES-128-CBC演算法加密。


散佈區域


據ESET資料中心統計,烏克蘭只受到攻擊佔總數的12.2%。具體統計資料如下:

  • 俄羅斯:65%
  • 烏克蘭:12.2%
  • 保加利亞:10.2%
  • 土耳其:6.4%
  • 日本:3.8%
  • 其他:2.4%

這與被植入惡意Java腳本的受害網站分佈情況大致吻合。那麼為何烏克蘭相比其他國家受害情況更嚴重呢?

值得一提的是,所有這些大公司都是同時遭受攻擊的。很可能駭客已滲透進公司網路,同時發起Watering Hole(水坑)攻擊以掩人耳目。再沒有什麼比“Flash更新”令其受害更具說服力。ESET目前仍在著手調查,我們將第一時間發佈相關資訊。

樣本

c&C伺服器


付款網站:http://caforssztxqzf2nm[.]onion

植入網址:http://185.149.120[.]3/scholargoogle/

散佈網址:hxxp://1dnscontrol[.]com/flash_install.php

被攻陷網站列表:

hxxp://argumentiru[.]com

hxxp://www.fontanka[.]ru

hxxp://grupovo[.]bg

hxxp://www.sinematurk[.]com

hxxp://www.aica.co[.]jp

hxxp://spbvoditel[.]ru

hxxp://argumenti[.]ru

hxxp://www.mediaport[.]ua

hxxp://blog.fontanka[.]ru

hxxp://an-crimea[.]ru

hxxp://www.t.ks[.]ua

hxxp://most-dnepr[.]info hxxp://osvitaportal.com[.]ua hxxp://www.otbrana[.]com

hxxp://calendar.fontanka[.]ru

hxxp://www.grupovo[.]bg

hxxp://www.pensionhotel[.]cz

hxxp://www.online812[.]ru

hxxp://www.imer[.]ro

hxxp://novayagazeta.spb[.]ru

hxxp://i24.com[.]ua

hxxp://bg.pensionhotel[.]com

hxxp://ankerch-crimea[.]ru

ESET資安產品及企業解決方案能主動偵測已知(如WannaCryptor、Petya)、未知病毒及勒索軟體,抵禦網路攻擊或資安威脅,協助您打造良好的資安環境。

原文出處: https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/

關於Version 2 Limited
Version 2 Limited是亞洲最有活力的IT公司之一,公司發展及代理各種不同的互聯網、資訊科技、多媒體產品,其中包括通訊系統、安全、網絡、多媒體及消費市場產品。透過公司龐大的網絡、銷售點、分銷商及合作夥伴,Version 2 Limited 提供廣被市場讚賞的產品及服務。Version 2 Limited 的銷售網絡包括中國大陸、香港、澳門、台灣、新加坡等地區,客戶來自各行各業,包括全球1000大跨國企業、上市公司、公用機構、政府部門、無數成功的中小企及來自亞洲各城市的消費市場客戶。

關於ESET
ESET成立於1992年,是一家面向企業與個人用戶的全球性的電腦安全軟件提供商,其獲獎產品 — NOD32防病毒軟件系統,能夠針對各種已知或未知病毒、間諜軟件 (spyware)、rootkits和其他惡意軟件為電腦系統提供實時保護。ESET NOD32佔用 系統資源最少,偵測速度最快,可以提供最有效的保護,並且比其他任何防病毒產品獲得了更多的Virus Bulletin 100獎項。ESET連續五年被評為“德勤高科技快速成長500 強”(Deloitte’s Technology Fast 500)公司,擁有廣泛的合作夥伴網絡,包括佳能、戴爾、微軟等國際知名公司,在布拉迪斯拉發(斯洛伐克)、布里斯托爾(英國 )、布宜諾斯艾利斯(阿根廷)、布拉格(捷克)、聖地亞哥(美國)等地均設有辦事處,代理機構覆蓋全球超過100個國家。