Clients      Employees

November 24, 2014

No Comments


Why You Should Consider Outsourcing Software Development

Software developers are in demand. Sometimes viewed as the “creatives” of the IT department, software developers typically create the applications that make it possible for employees to perform their jobs and for organizations to innovate, gain competitive advantages, and better serve their customers. Every organization needs expert developers to succeed. This explains why unemployment for software developers is about half that of the national average.


Clearly, it’s a seller’s market. Software developers are able to ask for the moon and pick and choose from organizations that are in desperate need of their services. Hiring a full-time employee or contractor tends to be a long, expensive process. Organizations that lack in-depth understanding of software development risk prolonging the process by making the wrong choice. From a cost perspective, there is much more to consider than the employee’s compensation package. You have to purchase hardware, software, tools and licenses that the employee will need to do the job.


If you hire a software developer and that person leaves six months later, who will be able to handle those tasks? When talent is in demand, you have to be prepared for them to move on to the next opportunity, and have fresh talent ready to assume those responsibilities. Hiring in-house software developers can easily turn into a never-ending cycle of rehiring and retraining that drains time and resources and hampers the innovation that you were hoping to enable.


You can eliminate most of these challenges by outsourcing software development. Instead of looking for, relying upon and struggling to retain one superstar, you get a whole team with redundancy in skills and expertise. That means you only pay for the services you need, and you don’t have to worry about gaps in skill sets that often result in project delays and internal finger-pointing.


The firm you hire is also responsible for providing their software developers with the tools and infrastructure required to perform their jobs, which can dramatically reduce your capital and operational costs. Because each project is typically managed according to predefined milestones and objectives that are spelled out in a contract, outsourcing software development adds a layer of accountability and keeps projects on schedule.


In the next post, we’ll discuss what factors you should consider when contracting with an outsourced software development firm.

November 18, 2014

No Comments


Are You Prepared for Cryptowall 2.0 Ransomware?

In a previous post, we discussed how sophisticated forms of malvertising have become more prevalent and dangerous. Modern malvertising threats have attacked users of reputable websites by infiltrating the advertising networks that deliver ads to those sites, using granular targeting criteria to focus on specific locations, organizations and users. A device becomes infected with malware when a page with a malicious ad loads, which means the device can be compromised even if the user doesn’t click the ad.


One of the worst threats associated with malvertising is Cryptowall, “ransomware” that encrypts all data on the hard drive of the user device and essentially holds it as ransom. Users are told that the only way to recover their files is by paying a fee to have their data decrypted. If the fee isn’t paid by a certain deadline, their data will be lost forever.


The ad networks compromised in a high-profile Cryptowall malvertising campaign in September and October of this year have addressed the issue. But are they – and your organization – prepared for Cryptowall 2.0?


Primarily delivered via email attachments, Cryptowall 2.0 has been enhanced in recent months to fortify “deficiencies” that allowed security professionals to stop the ransomware. Simply put, enhancements to Cryptowall 2.0 make it more difficult for users to recover data and easier for hackers to compromise computers and receive ransom payments.


Cryptowall 2.0 copies and encrypts data and securely deletes the original data files, forcing users to recover data from backups or pay the ransom. Cryptowall 2.0 also assigns user-specific bitcoin payment addresses for each victim, which prevents victims from stealing another victim’s payment and using it to pay their own ransom. Gateway servers through the Tor anonymization network are now being used for ransom payments in order to stay hidden and control access.


There are a number of steps organizations can take to prevent ransomware from compromising devices and minimizing damage. Block the download of .exe files without user permission, and block the use of Tor software unless it is essential to business operations. Prevent widespread file encryption by controlling user access to network shares. Deploy sophisticated security tools such as an advanced detection system to analyze incoming files and an endpoint protection system to prevent vulnerabilities from being exploited. If a device is infected, regular scans can remove the infection, and frequent backups can allow you to restore files without making a ransom payment.


Let ICG assess the state of your network security and backup processes. We can help protect your organization from ransomware such as Cryptowall 2.0 and develop procedures that enable you to quickly recover from a breach with minimal disruption to business operations.

November 10, 2014

No Comments


How Malvertising Has Become More Dangerous

Ads have been widely accepted as a part of the user experience, from television and radio to websites and mobile applications. However, online advertising has become more than a minor nuisance in recent years as Internet criminals have ramped up their efforts to spread malware through ads.


Malvertising is the practice of hiding malicious code into seemingly safe online ads, causing the user’s computer to be infected with malware. Although malvertising has been happening for years, these attacks have become more sophisticated. Previously, malware could only be spread if a user clicked an ad. Modern malvertising campaigns can spread malware when the web page loads. This kind of “drive-by download” doesn’t require the user to click, making it extremely difficult to detect. The malicious ad then uses a browser exploit kit to search for and exploit vulnerabilities and deliver ransomware, spyware and other dangerous malware.


Malvertising used to be limited to somewhat disreputable websites, but recent attacks have been launched on trusted, high-traffic websites. In many cases, the websites themselves aren’t hacked. Instead, the advertising networks that deliver ads are compromised. This allows criminals to microtarget specific industries, such as defense and banking, or even specific organizations and users. Malvertisers use precise targeting criteria to zero in on certain zip codes, IP address ranges or users with certain browsing habits. They then leverage real-time ad bidding to guarantee delivery of their ads for minutes at a time to prevent detection.


According to the Online Trust Alliance, the number of malicious ad impressions rose to 12.4 million in 2013, a 225 percent jump from 2012. Although microtargeting is becoming a bigger problem, most malvertising campaigns are more widespread as criminals seek to infiltrate as many devices, networks and organizations as possible.


A recent malvertising campaign compromised three major ad networks in September and October of this year. Proofpoint, a corporate security solutions provider, estimates that more than 3 million users of websites such as Yahoo, AOL, and The Atlantic were attacked with malware each day. Although the issue has been addressed, millions of user computers may be infected with Cryptowall, a form of ransomware that prevents access to data unless the user pays hundreds or even thousands of dollars.


Prevention of malvertising attacks begins with a secure web gateway that inspects traffic multiple times, including before, during and after an attack. Before an attack, URL filtering can block known threats and certain categories of URLs, while web reputation filtering assesses a URL’s reputation based upon how long the URL has been free of malware. Because malware has been known to slip past these tools, real-time malware scanning should be used to block known threats before they reach user files and alert administrators. Retrospective security should continue after an attack to track, contain and remediate infected files.


An enhanced, more insidious version of the malware, Cryptowall 2.0, was just released several weeks ago. In a future post, we’ll discuss the specifics of Cryptowall 2.0 and steps you can take to protect your network from future attacks.