「WannaCry 」加密勒索軟件應對以及解決方案研討會

為了讓更人人了解怎樣用ESET NOD32防毒軟件偵測並攔截WannaCry加密勒索軟件,Version 2 Limited於上周五舉辦了「WannaCry 」加密勒索軟件應對以及解決方案研討會,反應相當熱烈,出席人數超過120人。
 

高級產品及銷售經理盧惠光先生表示,雖然惡意軟件很懂得掩飾自己,但當進行攻擊的時候,行為模式其實不會有大分別,ESET NOD32 除了會不斷更新病毒資料庫,讓會為系統進行監測和分析不同軟件的行為,一旦發現有軟件進行一些非正常活動,例如,企圖為檔案進行加密,或是從一些不明網絡中企圖下載一些不明程式,或其他具有攻擊性的行為,ESET NOD32 便會立即採取阻截行動,避免系統受到惡意軟件的侵擾。

作為使用者亦應該從三方面入手而減低電腦被攻擊的機會。首先,就是記得為電腦系統進行更新,以減低系統因為出現重大漏洞而被攻擊。第二,就是為防衛軟件進行更新,以確保防衛軟件能為系統提供最佳的保護。第三,就是定時為電腦的重要資料進行備份。而所謂的備份,並不是單單把資料抄寫到流動硬碟就好。因為萬一當電腦被勒索軟件入侵,接連電腦的流動硬碟其實也無法倖免。所以在完成備份後,記得將流動硬碟退出。

售後服務顧問 (企業) Nathan Man 表示,勒索軟件會針對除了 Windows 系統以外的所有檔案及應用程式,為檔案進行加密,迫使受害人支付贖金才為電腦解鎖。而支付贖金,或者可以讓系統解鎖,但其實是在縱容及資助駭客的攻擊行動,所以他們並不建議受害人繳付贖金。而萬一電腦,真的出現問題,建議先將有問題的電腦離線,避免進一步的感染。用戶可以考慮重安裝電腦的作業系統及防衛軟件,然後將已備份的檔案重新抄寫到電腦上。又或者利用另一部已經安裝了防衛軟件的電腦,接連被侵害電腦的硬碟機,然後將檔案抄寫到新電腦上。 

關於Version 2 Limited
Version 2 Limited是亞洲最有活力的IT公司之一,公司發展及代理各種不同的互聯網、資訊科技、多媒體產品,其中包括通訊系統、安全、網絡、多媒體及消費市場產品。透過公司龐大的網絡、銷售點、分銷商及合作夥伴,Version 2 Limited 提供廣被市場讚賞的產品及服務。Version 2 Limited 的銷售網絡包括中國大陸、香港、澳門、台灣、新加坡等地區,客戶來自各行各業,包括全球1000大跨國企業、上市公司、公用機構、政府部門、無數成功的中小企及來自亞洲各城市的消費市場客戶。

關於ESET
ESET成立於1992年,是一家面向企業與個人用戶的全球性的電腦安全軟件提供商,其獲獎產品 — NOD32防病毒軟件系統,能夠針對各種已知或未知病毒、間諜軟件 (spyware)、rootkits和其他惡意軟件為電腦系統提供實時保護。ESET NOD32佔用 系統資源最少,偵測速度最快,可以提供最有效的保護,並且比其他任何防病毒產品獲得了更多的Virus Bulletin 100獎項。ESET連續五年被評為“德勤高科技快速成長500 強”(Deloitte’s Technology Fast 500)公司,擁有廣泛的合作夥伴網絡,包括佳能、戴爾、微軟等國際知名公司,在布拉迪斯拉發(斯洛伐克)、布里斯托爾(英國 )、布宜諾斯艾利斯(阿根廷)、布拉格(捷克)、聖地亞哥(美國)等地均設有辦事處,代理機構覆蓋全球超過100個國家。 

MENDEL 2.5 RELEASED

GREYCORTEX has just released MENDEL 2.5. In this most recent version, we have made several additions to further improve performance, including a new detection method for forbidden services, faster pattern processing for IDS rules (requires Intel architecture), and HTTPS traffic decryption capabilities (with imported private key). The full changelog for MENDEL 2.5 is provided below.

Additional Features

  • Added a new detection method for forbidden services
  • Added faster pattern processing for IDS rules (requires Intel architecture)
  • Added new traffic direction types for better filtering
  • Added system self-reporting for additional functionality support
  • Added HTTPS traffic decryption capabilities (with imported private key)

Improvements

  • System components have been upgraded to their newest versions
  • VoIP protocol parsers have been included for better performance
  • Improved system hardening
  • Improved query performance in the Flows tab

Bugs Fixed

  • Fixed IDS stability problems
  • Fixed IP address settings for new interfaces
  • Fixed disabling parsing IDS rules and DPI
  • Fixed issues with system log rotation, maintenance, and removal
  • Fixed truncated application requests within flow data
  • Fixed ICMP codes reporting in flow records
  • Fixed the reporting service type in outlier analysis methods
  • Fixed upgrade log downloading via the GUI
  • Fixed false positive matching for countries
  • Fixed issues in Incident Management
  • Fixed displaying colored, blacklisted IP addresses on the Peers tab
  • Fixed support for IPv6 filtering
  • Fixed computation functionality in the Peers graph
  • Fixed the computation of severity in the Toplists dashboard
  • Fixed invalid filter value handling
  • Fixed an issue with user rights in the reporting module
  • Fixed autocomplete in Host filtering
  • Fixed time limit for false positive application
  • Fixed status monitor event information
  • Fixed filtering by timestamp in event lightboxes
  • Fixed filtering false positives in “Table by Service or Port”

User Note

To further improve performance, it is strongly suggested that users turn off unused ports.

 

 

 

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

GREYCORTEX IN CYBER DEFENSE MAGAZINE

Martin Korec’s article “Integration May Answer Questions in Machine Intelligence” has been published in the most recent edition of Cyber Defense Magazine’s “Cyberwarnings Newsletter.” A .pdf of the issue is available here. We have included the full article below.

Integration May Answer Questions in Machine Intelligence

 

Introduction

You are probably familiar with terms “Artificial Intelligence” and “Machine Learning,” i.e. the idea that computers can be taught to learn, and then make predictions based on the data they are given. Artificial Intelligence/Machine learning tools present huge opportunities in many areas, especially in cyber security. The UK government considers it technology which is the engine of the digital revolution. But, some are skeptical. Gartner put Machine Learning (a subset of Artificial Intelligence) at the “Peak of Inflated Expectations” in its 2015 Hype Cycle. Simon Crosby of Bromium considers these tools to be a “pipe dream.”

What Are Artificial Intelligence and Machine Learning?

Machine Learning is a subset of Artificial Intelligence, and both address the capability of machines to be taught to make predictions based on “learned” data. Both are popular terms in marketing materials, and are often confused. Deloitte has decided that a better term is “Machine Intelligence” – describing it as “an umbrella term for a collection of advances representing a new cognitive era. We are talking here about a number of cognitive tools that have evolved rapidly in recent years: machine learning, deep learning, advanced cognitive analytics, robotics process automation, and bots, to name a few.” We’ll use Machine Intelligence here (partly because “Artificial Learning” didn’t work as well) to mean the use of data analytic/predictive tools in the network security context.

The Benefits of Machine Intelligence

The essential benefit in Machine Intelligence is that it can take truly massive amounts of data, analyze it in real time, and identify anomalous or malicious behaviors invisible to manual review, or which would not be accurately identified through static detection rulesets (which are also a hassle to set up). Of course, the more data a Machine Intelligence solution has, the more effectively it can do its job. Some have claimed prediction can be improved by over 90%. If the solution has limited data from only Netflow, it is limited in its effectiveness. If input data comes from the every layer of the network, then it can identify anomalies at each layer, and each device within each layer. This means the Machine Intelligence solution identifies behavior – like advanced persistent threats or insider attacks – that may be limited or very well hidden among massive volumes of network traffic, and which would be missed by a security team pre-programming logic in SIEM systems, even well thought-out ones (a limitation of SIEM systems), or working with an IDS ruleset alone.

Some Claim Machine Intelligence has Drawbacks

Advanced analytics have been around for 20 years or more, there must be something wrong with them, or we’d all be using them. Right? Naturally, as with anything created by humans, Machine Intelligence solutions can be defeated by other humans. However, there are several existing approaches, including classification algorithms, proven to successfully mimic security analyst behavior which can be used in design and testing to avoid defeat by new threat samples. A second criticism of Machine Intelligence solutions is that they are not “plug and play,” e.g. that they need analyst time to filter out false positives/e.g teach the system what is a threat and what isn’t. Failure to do so leads to excessive false positives and alert fatigue. Alert fatigue is a problem. A recent article suggests that over half of security professionals are missing alerts they should address. However, MIT research indicates that human/Machine Intelligence collaboration is actually beneficial and can reduce false positives by close to 85%. Furthermore, while Machine Intelligence solutions may not be “plug and play,” their implementation time is much lower as compared to SIEM systems (hours vs. months) and training the machine on false positives requires a very small actual time commitment (minutes a day).

Bringing Solutions Together

Is it possible to have the benefits of Machine Intelligence technology, but minimize the hassles? Is it possible to use Machine Intelligence in such a way that this technology is used for truly advanced analysis, reducing false positives and saving the security team’s time? Integrating several features/technology types into one solution mitigates several issues with Machine Intelligence technology, and creates a more efficient system. Specifically, integrating with IDS rules and network performance monitoring is an efficient means of improving network security by joining complimentary features and data sets.

Advantages

In such an integration, detection is more effective and false positives are reduced. Less time training the system is required, and information that is “trained” starts from a more accurate position.

Integration with an IDS ruleset specifically brings two benefits: The first is that the IDS, a list of existing rules and known signatures, helps the Machine Intelligence tools function more efficiently, by determining early in the data analysis that certain traffic matches known malicious code or patterns, creating a deeper chance for analysis of events that do not trigger an IDS alert. Secondly, this type of integration has the added benefit of identifying for the Machine Intelligence tools what particular viruses/malware/trojans, etc, look like. This means that the predictive analysis tools have more, and more accurate data upon which to build their analysis. This data is also available much more quickly than if the solution was completely self-educating, or assisted only by the security team.
This also applies to adding a performance monitoring capability. A more informed and more efficient Machine Intelligence solution exists because traffic data is integrated to help it spot things like too many communication partners, services which haven’t been used before, exceptional netw
ork application delays, changed MAC addresses, or new devices or services in the network.
Integration also benefits the security team, because integrated IDS data increases efficiency. Not only does the team spend less time training the system (see above) but it also means more accurate results, resulting in less risk of alert fatigue. Alerts that actually matter are less likely to be missed as a result of the process.
In summary, Machine Intelligence technology, despite what its detractors suggest, is here to stay. Though all providers may not be using its full capabilities, its potential is too great, and its benefits in terms of detection of advanced threats too tangible for it to be given up. But, it can be improved. An integrated approach; featuring several different types of input and analysis helps to streamline Machine Intelligence data analysis, making it more effective and improves the functionality of the integrated tools. This means more effective and more efficient network security, and more family time for security analysts.


About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

PowerDVD 17 免費升級公告

服務對象:

凡於2017-04-01至2017-04-30(以發票時間為準)期間購買「PowerDVD16」版本(盒裝版)之用戶。
 

活動適用區域:香港
 

免費升級辦法:

凡於上述期間購買「PowerDVD16」任一零售版本(含極致藍光版),可享免費升級至PowerDVD17新版本服務(升級至對應版本)。若經銷商/門市人員及消費者有升級需求及問題諮詢,請若經銷商/門市人員及消費者有升級需求及問題諮詢,請逕行洽詢訊連科技香港代理 – VERSION 2 LTD 技術支援部((852) 2893 8186)或email至 support@version-2.com.hk客戶服務人員針對符合升級資格並主動提出申請之消費者,進行個別免費升級服務。

免費升級流程

1. 消費者主動洽詢訊連科技香港代理 – VERSION 2 LTD技術支援部((852) 2893 8186)提出升級服務,且透過e-mail收到申請單。

2. 消費者詳填申請單後e-mail至VERSION 2 LTD技術支援部 support@version-2.com.hk

3. 經審核通過後,訊連科技客服部將於二週內透過e-mail提供PowerDVD17升級版下載連結與安裝序號。 

 

PowerDVD 17 免費升級公告

企業及教育授權用戶免費升級服務服務對象:服務對象:凡於2017-04-01至2017-04-30(以發票時間為準)期間透過經銷商購「PowerDVD16」授權版本之企業、政府及教育單位
 活動適用區域:香港
 免費升級辦法:凡符合本活動免費升級資格之採購單位,請貴單位或由經銷商備妥訂單影本及授權書影本,並填妥申請表各欄位資訊,掃描電子檔e-mail至support@version-2.com.hk 即可。收到本申請表後經訊連科技查驗資格無誤,將於申請日起兩週內寄發新授權書、升級版下載連結及安裝序號至貴單位。

關於Version 2

Version 2 Digital 是立足亞洲的增值代理商及IT開發者。公司在網絡安全、雲端、數據保護、終端設備、基礎設施、系統監控、存儲、網絡管理、商業生產力和通信產品等各個領域代理發展各種 IT 產品。透過公司龐大的網絡、通路、銷售點、分銷商及合作夥伴,Version 2 提供廣被市場讚賞的產品及服務。Version 2 的銷售網絡包括台灣、香港、澳門、中國大陸、新加坡、馬來西亞等各亞太地區,客戶來自各行各業,包括全球 1000 大跨國企業、上市公司、公用事業、醫療、金融、教育機構、政府部門、無數成功的中小企及來自亞洲各城市的消費市場客戶。

關於CyberLink
訊連科技創立於1996年,擁有頂尖視訊與音訊技術的影音軟體公司,專精於數位影音軟體及多媒體串流應用解決方案產品研發,並以「抓準技術板塊,擴大全球行銷布局」的策略,深根台灣、佈局全球,展現亮麗的成績。訊連科技以先進的技術提供完美的高解析影音播放效果、以尖端的科技提供完整的高解析度擷取、編輯、製片及燒錄功能且完整支援各種高解析度影片及音訊格式。產品包括:「威力導演」、「PowerDVD」、「威力製片」、「威力酷燒」等。

MS VULNERABILITIES EXPOSED BY GOOGLE

Google has disclosed the latest of several unpatched flaws in Microsoft software. GREYCORTEX MENDEL’s advanced machine learning and predictive analysis can identify these attacks.

Google’s “Project Zero” team recently disclosed a second unpatched Microsoft Windows security flaw, after Microsoft failed to fix the bug within Google’s set 90 day window. The vulnerability is identified as CVE-2017-0037, and is classed as a “type confusion flaw” in a module of Microsoft Edge and Internet Explorer. This flaw can lead to arbitrary code execution, and be used to crash IE or Edge, and allow hackers to execute code and gain administrator privileges on infected systems.

Advanced hackers may have either already exploited this flaw or they may soon exploit it. Network security solutions like GREYCORTEX that identify anomalous behaviour within your network are especially important in this situation. These solutions mean your IT team can identify malware by its anomalous movement within the network, and identify it as it replicates. GREYCORTEX MENDEL identifies such anomalous behavior, offers deep network visibility, and differentiates between human and machine behavior, meaning you can find infected devices within your network and secure your company’s data and reputation even without relying on Microsoft to fix vulnerabilities in its browsers.

You can read more about the vulnerability here: http://thehackernews.com/2017/02/google-microsoft-edge-bug.html