Blog

Friday, 29 July 2016 00:00

Transparent encryption with identity control

Written by  sealpath

transparent encryption

 

Starting from SealPath version 3.0, we offer the ability to encrypt all types of files, so that only users who have permission can access the contents of the files. We offer the same identity encryption and control as the standard products, without digital rights management. Users with permission over the file can save the file unencrypted by saving a copy (“Save as …”) from the viewing or editing program being used. It is a type of content protection similar to that which a PKI or PGP system offers.

The same interface that SealPath offers for controlling digital rights can be used to encrypt a file:

  • Drag the file over a policy in SealPath Desktop.
  • Select a file or folder and apply a policy with the right button on the desktop.
  • Apply a policy or custom protection for recipients from the Outlook plugin.
  • Apply an automatic protection rule to a folder.

The SealPath protection system determines whether the file being protected belongs to the list of file types on which digital rights can be controlled. If the file is not on this list, encryption with identity check is applied.

In the encryption mode, the rights are not taken into account at the same level as in the digital rights mode. When SealPath opens, it takes into account whether the user has any permission or none, regardless of the type of permission. If the user does not have any permission, the opening is cancelled. If the user does have permission, the file will be opened and decrypted temporarily in the user’s personal directories and the application corresponding to the file extension will launch to show the decrypted file.

On the other hand, the opening of the file is transparent; it is not necessary for the user to manually unprotect it or to open the protected file from a special container. When the user double-clicks the file the operating system launches the SealPath application container. The container extracts the file protection policy and queries the SealPath server to determine whether or not the user has permission to open the file. If the user does not have permission, the opening is cancelled.

The user accesses the file within the corresponding editor, the same as if it were any other unencrypted file. Since it is protected with simple encryption mode, no actions within the editor are limited to the user.

Once the file has been opened, the application container continuously checks whether the file has been modified. When it detects that the file has been modified, it protects the modified content. Therefore, the encrypted file is managed transparently. It opens like any other file and the changes are saved in the encrypted file when the program used to work on the file is closed.

Which are the advantages of this type of encryption?

  • Encryption can be applied to any type of file.
  • Encrypted files open transparently, the same way that unencrypted files are opened.
  • The modifications made when editing an encrypted file are saved automatically in the original encrypted file when the application being used is closed.
  • The user who encrypts has tracking of the openings of the encrypted file, can revoke access to the file and can add expiry dates to the encrypted files.
  • Automatic folder protection applies digital rights protection on all the files supported and encryption on the files on which digital rights control is not supported. In encryption mode, SealPath guarantees that all files within the folder are at least encrypted. Therefore, the files are inaccessible for users without permissions and the files are stored or can be copied or transported with complete security. Files such as “msg”, “zip”, etc. are encrypted.
  • When the user protects an e-mail message, the protection applies to all files attached to the message. Therefore, the files are only accessible by the users present on the policy with which the e-mail is protected or by recipients. The sender also has the possibility to block the message and the attached files in case an error was made in sending to a recipient erroneously. The recipient cannot access any of the attached files, which are protected with digital rights or with encryption.
  • The encryption accompanies the file wherever it goes, it is not linked to the hard disk or the machine on which it is stored.
  • Encryption can be applied to local or remote folders. It is also integrated in SealPath FileServer for folders on file servers. The encryption in FileServer, the same as for the protection of Digital rights, can be applied to remote servers if the communication is made over SMB 3.0.
Read more...
Saturday, 18 June 2016 11:55

SealPath Information Rights Sandbox

Written by  sealpath

SealPath IRS v2

We present in this blog article our new SealPath Information Rights Sandbox technology available in the new 3.0 version.

Through this technology, SealPath is capable of ensuring that the digital rights established in relation to a file are respected by applications that have been developed with no IRM related characteristics. With Information Rights Sandbox technology developed by SealPath, it is possible to now apply the protection of digital rights for the following applications:

  • Access and Microsoft Office Visio (Project and OneNote shall be incorporated shortly).
  • Industrial Formats: AutoCAD and Solidworks.
  • Word processing files, Excel sheets and LibreOffice and OpenOffice presentations.

SealPath adds encryption, usage permissions, auditing and remote destruction capabilities for these types of files both simply and flexibly. SealPath Information Rights Sandbox creates a protective cover around the file and allows writing controls, send to printer, clipboard and other low level actions, achieving compliance with the digital rights established for a file in applications that goes a lot further than the standard SealPath protection.

IRM is a growth technology that covers companies' needs relating to the protection of information irrespective of where it may be. At SealPath we know that this growing demand means, on a par with great opportunities, a market that demands rapid evolution throughout diverse lines. With the SealPath Information Rights Sandbox, SealPath is a leader in file formats' support.

SealPath Information Rights Sandbox is another example of the results achieved by SealPath focussed on the integration of original tools with those that users work with every day, instead of developing limited viewers. This type of security is integrated in Autodesk AutoCAD, Dassault Systems SolidWorks, Microsoft Visio and Microsoft Access, as SealPath has always employed Adobe, Foxit, Nitro, and Nuance for PDF files and Microsoft Office with Word, Excel and Powerpoint.

SealPath IRS samples

In the development of this technology, we have also remained faithful to our commitment to provide maximum ease of use: this component does not require the recipients to have installed heavy components that require administrator permissions. The user does not have to be an administrator in order to install SealPath Desktop or SealPath Lite with the SealPath Sandbox module. A user with normal permissions can carry out this installation.

The protection that the SealPath IRS allows to be applied for new formats includes:

  • Persistent file coding and encryption.
  • Capacity to add rights: Only see, edit, print, copy and paste, add users.
  • Possibility of setting file expiry dates.
  • Possibility of monitoring who gains access and with which permissions.
  • Possibility of seeing if anybody has attempted to gain access without permissions, if anybody has unprotected the file.
  • Possibility of removing user access (any file) or file (any user).
  • Possibility of protecting the file for individual users, domains, sub-domains or even giving file access to any user while maintaining control and monitoring.
  • Ease of use both for protector users as well as external collaborators that may access documents without installing heavy components that require administrator permissions.
Read more...
Friday, 03 June 2016 10:11

SealPath will be at Infosecurity Europe 2016

Written by  sealpath

infosecurity ingecom ENG

 

SealPath will be for the first time at InfoSecurity Europe in London next week from the 7th to the 9th of June.

SealPath will be showcasing their new releases of IRM solutions at stand S05 of the XXI InfoSecurity Europe Event. There will be a number of demos for visitors highlighting how to protect critical corporate information as well as its management.

In addition, amongst the programmed activities for the InfoSecurity Event, SealPath shall be participating in a presentation at the Spanish Pavilion Booth F210 on Tuesday the 7th of June at 16:15. The presentation shall showcase their products, will analyse the latest news relating to data loss, and will explain how SealPath aims to provide effective solutions in an environment where information requires new forms of protection.

SealPath will also be at the Networking event held in the Spanish Hall on Tuesday the 7th of June from 13:00 to 15:00. Rodolf Schmit VP of Sales EMEA will be at the event and will be happy to share his experience and plans in relation to sales channels, as well as making contact with new possible partners that will allow us to expand the SealPath channel, both in the UK and throughout the rest of the EMEA.

InfoSecurity Europe is the number one information security event in Europe. This event also offers the largest free access training programme, which results in a wide range of presentations, round table discussions, workshops and product presentations by around 260 experts from all over the world.  

At the 2015 InfoSecurity Europe edition, the event received some 16,000 professional visitors from the information security sector from 80 different countries, a number that is expected to be exceeded during this year edition.

 

Read more...

clay

In the game, in the test, things do not need to be any easier, but they do need to be more flexible, more malleable, and we are sure there are no irreparable consequences. Imagine that you can protect what is most important with a clay wall that you can move, raise and displace as you wish, with no stress, that with SealPath it becomes an impassable concrete wall for whoever you choose.

SealPath protects your documents flexibly. Today you position the shell and this grows and shrinks as you wish, remotely, when the document is already out of your hands, so nobody can take the document of that shell wherever it is.

At SealPath we are now going a step further in the degree of flexibility. We have said that the document obeys your orders, but sometimes the responsibility of always having to give specific orders can be tiresome, in other words, indicating that “this document can be opened this person, that person and the other”. We protect the document at the start of its route, but sometimes it is too much to ask to decide the whole route from the start: it's like we hear our laziness complaining, “I'm too far away, don't ask me to imagine the destination before getting there”.

We see various situations where someone already knows that what they are generating is sensitive, but they still do not know exactly where this impassable wall is going to have to be placed; perhaps they will never know.

  • You want to share something, you know you don't want everybody to have it, you don't know who is really going to need it.
  • You want to share something with a group of people in a company, but you don't mind exactly who accesses it, as long as they are from the company in question and they cannot distribute it freely.
  • You share information with people from various companies in a project and these people are changing depending on the stages or priorities. There is no way to anticipate this and, if there were, it would not be manageable.
  • Other times you are thinking about publishing something for everyone, but you do not want that information to be modified or you do not want other people to take that information and incorporate it freely as if it were theirs.

Have you found yourself in any of these situations? Now we are going to see how we convert clay into concrete and concrete into clay. Protection with generic addresses of the type *@company.com, *@* are a solution that enables you to start with a flexible solution that you can refine as the situation becomes more precise. It is also a solution that will enable you to work safely in situations where you never have enough knowledge to be able to establish precisely defined protection.

  • At the time you share the documentation, do you know who is going to need it? You start putting an “*@*” or an This email address is being protected from spambots. You need JavaScript enabled to view it. into the protection policy and when you know, you remove it and put the people who really need access to the information you are sharing. Those who have initially accessed your documentation, but whom you have finally decided should not be among the recipients, will no longer be able to access the documentation they received.
  • Are you working with a company, but you don't want to worry who is accessing the documentation, to be sure they are from the company and that they cannot forward it outside of the company without your permission? Put an address like *@company.com, *@marketing.company.com or * This email address is being protected from spambots. You need JavaScript enabled to view it. in the policy, the latter two options in the event the group you are working with can be specified in the email addresses.
  • Do you want to publish something for a large, heterogeneous group of people and you want to ensure nobody can modify this information or appropriate it for their own use without your permission? Protect the information with an address “*@*” or  This email address is being protected from spambots. You need JavaScript enabled to view it. . With read-only permissions for these addresses, nobody can modify the information you have sent them.

We know that you often have to start quickly, you cannot stop to analyse things too much. But starting quickly cannot entail you sacrificing doing a minimum of things how they should be done, or in your haste you forget something essential, as essential as the protection of sensitive, critical information. This characteristic of SealPath gives you this option: To protect a document and keep it under control, without having to think beforehand which specific people should access it.

Read more...
Wednesday, 25 May 2016 10:34

Join us at Infosecurity Europe 2016!

Written by  sealpath

infosecurity blog

 

SealPath will be present at Infosecurity Europe 2016 in booth S05. Do you want to know the latest features and innovations of the most user-friendly and powerful market IRM solution? Visit us and we'll show with a demo how to protect your important information and keep it under control in a simple and convenient way for both users and IT administrators. You can talk to our specialists who will show you how other companies are securing with SealPath their confidential documentation and review with you your needs in the area of data protection. Book an appointment with us at This email address is being protected from spambots. You need JavaScript enabled to view it. . Come and see us!

Read more...

legal sealpath

In recent weeks Panama has been on everyone’s lips as a results of the so-called ‘Panama Papers’ scandal, which concerns more than 11.5 million documents - e-mails and records - of the Panamanian law firm, Mossack Fonseca, which show how thousands of people hid their assets through offshore companies in tax havens.

The documents that have come to light contain information relating to more than 214,000 “offshore” businesses, rocking all of those involved, who range from international leaders such as the Russian president, Vladimir Putin, the Argentine president, Mauricio Macri, to actor Jackie Chan and footballer Leo Messi, among a long list other prominent figures from the worlds of politics, culture, sports, economy, high society, etc.

On 29 March, the Wall Street Journal itself went public with regards to the Cravath and Weil Gotshal law firms, which, among others, were attacked by hackers who managed to break into their corporate networks. Crain’s Chicago Business reported that 48 law firms were among the targets of a Russian hacker who was searching for information about businesses’ mergers and acquisitions agreements. He was discovered seeking the assistance of other hackers in order to break into the firms’ systems.

In recent years, the most common attacks have targeted banks, in order to obtain credit cards numbers and e-mail addresses which could then be used to make fraudulent purchases or defraud customers. However, these most recent attacks on law firms are looking for more sophisticated types of information: confidential information of corporate clients, which may included business mergers and acquisitions still under negotiation.

Presumably in relation to these attacks, the FBI has recently notified law firms that a group associated with cyber-crime is targeting international law firms with the aim of obtaining private information, they would then sell that information to a criminal, with stock market experience, who knows how to strategically plant purchase and sale offers and gain significant profit.

The attacks on these firms are raising levels of concern among clients and, therefore, the companies are feeling pressure from those clients to strengthen their defences. Some clients are even sending their own security auditors to the firms to carry out inspections.

The law firms possess sensitive client information and are responsible for its monitoring and safekeeping. Law firms also need to have as much information as possible about their clients in order to be able to do their job well. For that very reason, these types of businesses are forced to adopt the most advanced technology in terms of information security if they don’t want all of the work they do on behalf of their clients to unravel.

Although, in the world of sport they say “Attack is the best form of defence”, that is why, whether it is a law firm or any other type of business, they must all have a security system that covers, at the very least, the most basic requirements. Hackers are aware of, and take, every measure available to gain entry into systems and, once inside, there is nothing to stop them taking every piece of information they want. Perimeter security is not enough. It is vital that security strategies involve an approach centred on the information, with the files taking security with them wherever anyone, good or bad, wants to take them.  As such, every single type of file and piece of corporate information must remain guarded at all times and from any device, that is why solutions such as IRM (Information Rights Management) are an absolute necessity.

Read more...

email protection

In this blog we present you the new email and attachment protection plugin from SealPath. SealPath for Outlook is an optional add-on for the SealPath Information Rights Management platform. Available to all Microsoft Outlook users, SealPath for Outlook adds encryption, permission controls, audit capabilities, and remote data removal, to bring you a simple, flexible and cost-effective way of protecting e-mails and attachments. With SealPath for Outlook businesses can protect their confidential information through simple user controls within the interface of the e-mail client itself.

Data leaks over e-mail

E-mail remains the most widely used tool for exchanging documents among corporate users. There are in the region of 205 billion e-mails sent each day, and business users receive an average of around 122 e-mails a day. Depending on the industry, it is common to send confidential documentation via e-mail on a daily basis, or to send information that should be protected (e.g. patient information, financial information, etc.). According to reports by Radicati Group, 53% of business users have received e-mails or attachments containing decrypted sensitive corporate information, and 21% had sent decrypted confidential information. Further information from Osterman Research shows that 22% of businesses experience some form of e-mail based data leak, either malicious or through negligence, on a yearly basis. As a result of being one of the most widely used means of communication in the corporate world, e-mail represents one of the channels through which businesses can be most affected by information leaks.

Current barriers to using encryption technology via e-mail

For many corporate users, sending encrypted documentation in e-mail attachments continues to be an issue. Having to exchange public keys with other users - and with those concepts lacking accessibility for users with a limited technological background - makes the job of encrypting an e-mail an uphill struggle for certain users. For others, having to upload a document to a cloud or a document manager, and then needing to send a link, also entails taking extra steps that lie outside of their regular workflows. When it comes to applying security measures to e-mail information in a corporate environment, ease-of-use plays a key role.

SealPath for Outlook

Microsoft Outlook remains one of the most popular e-mail clients in the corporate environment. SealPath for Outlook allows users to protect their e-mails and attachments in a straight-forward way. In just one click, users can choose to protect attachments for all recipients and provide, for example, permission to view and edit, whilst still preventing recipients from printing or using copy and paste.
SealPath includes a guidance signature at the foot of the e-mail which gives the recipients a simplistic explanation of what to do in order to open the documents. The signature is configurable and can include the company’s logo or styling in such a way that the recipient will know who is providing the protection.
SealPath for Outlook offers some very exciting e-mail protection features. Faced with mitigating the problem of inadvertently sending sensitive information to others, SealPath allows you to “destroy” or revoke access to documents and e-mails if they have been protected by SealPath. You will be able to see if the user has opened the message and attachments they have received. You can also add expiry dates to messages.

email protection v2

 

SealPath’s functionality lets you:

Limit e-mail and attachment usage authorisations.

  • Encrypt e-mails and attachments containing confidential or sensitive information.
  • Include expiry dates and watermarks on attachments.
  • Keep your business cost-effective and flexible with the ability to implement it in a certain department, project, or the whole business.
  • Open protected attachments and messages without having to use Outlook (Works with any client) and on any device (Windows, Mac, iOS, Android).
  • Available in both the Cloud and On-Premise versions of SealPath.
  • Add a configurable signature to e-mails indicating that they are protected.

With SealPath for Outlook you can overcome one of the main barriers to protecting e-mailed documentation: Complexity or the need for technical expertise. Upon attaching a file, users will see an icon which will let them add protection in a user-friendly manner. The recipient receives instructions, in the e-mail itself, which outline the steps to follow when opening the protected documents. It’s no longer necessary to use password protection and then send the password in a separate e-mail, or manage public/private keys in order to send sensitive information, etc. Once you are logged into the system, exchanging both protected and unprotected documents will be a similar experience.

Availability

SealPath for Outlook is now available on the SealPath Enterprise SaaS and On-Premise versions of SealPath, through annual subscriptions based upon the number of users who protect e-mails or attachments. It is available at a highly affordable cost on monthly or yearly subscriptions. Interested clients and channel partners are invited to trial SealPath for Outlook, contact us at http://www.sealpath.com/en/about-us/contact-us

Read more...
Tuesday, 25 August 2015 12:26

Ashley Madison and "guaranteed" privacy

Written by  sealpath

seguridad-dating-citas

One of the most prominent marketing themes of the recently hacked “Ashley Madison” was that it guaranteed privacy. Despite the padlock logos and the other commercial messages on the website trying to reflect the high level of security it employed, it is important to remember that it is an Internet-based service, and therefore has vulnerabilities in its ability to keep its "secrets" safe.

With the most recent security breaches (Sony, Anthem, Target, Adobe, and others) we are seeing how vulnerable our data and secrets are on the Internet. In the Ashley Madison case, the effects were personal as well as merely corporate or business-based as seen in previous cases, although even this case has involved the publication of several gigabytes of information, e-mails, attachments and documents pertaining to the company's CEO. After the publication of several gigabytes of personal data (so far data from some 32 million users has been published) from this extramarital dating website whose slogan was "life is short, have an affair", we can but imagine the millions of broken families and careers destroyed by scandal that could ensue if the effects of an information leak began to expand.

As well as the e-mails and password hashing, the information made public included specific information from dating web sites such as height, weight, etc. It also included addresses and GPS coordinates. It is probable that many users created false accounts with false identities, but the GPS coordinates that their applications transmitted are real. From what we have seen in recent days, the data has been confirmed as legitimate, both in terms of e-mail addresses and the last digits of credit cards. It should be remembered that the web site did not verify e-mail addresses during the registration process, which means a large number of these addresses may be false.

Attacks such as this make us more aware of the vulnerability of our data on the Internet. Without realising, we use dozens of applications on our mobile phones and computers, which upload and store large amounts of personal details on the Internet and we do not worry about how secure these details are. Although in the corporate sphere, businesses are aware of the need to protect data in general terms, we are slowly beginning to realise the importance of the need for security and privacy in the personal sphere.

On the other hand, this attack seems to have different motivations to other recent incidents. Until now, the reasons were often economic, based on stealing financial information, patient details, blackmail and even political motivations. The motives behind this attack are said to be moral objections to the site, but who is to say it was not done for pure entertainment?

The consequences in either case are very different: Public shame for those affected, potential breakdown of relationships, but also blackmail to extract payment in return for not revealing information (now public in any case) to those the user would rather keep it secret from such as their family or work. It has also been claimed that a large number of the e-mail addresses correspond to government domains and military institutions. Might there be the possibility for a different kind of blackmail in these cases? Another possibility now being discussed is that the millions of e-mail addresses made public can now be targeted by malware in the form of phishing, exposing these addresses to new attacks.

According to Ashley Madison, they were victims of a directed attack despite using advanced technological tools. In comparison to other security breaches, Ashley Madison seems to be taking things more seriously than others have done in the past, hashing passwords with bcrypt, tokenising card transactions and storing only the final digits of cards, separating the e-mail address tables from the passwords, and so on.

Although the technique or techniques used (phishing? SQL injection?) are not known, the protection measures used to date have not been sufficient. We should not however get things out of perspective: The more locks and different types of security measures used, the more difficult it is for someone to carry out an attack. It is clear that Ashley Madison's most valuable information was in its databases. Would the attack have been possible if the site had used transparent encryption on the database or encryption on more points? The simple act of using bcrypt would have made it virtually impossible to access the published user passwords if the users had employed a long password.

For any company working with sensitive information which it needs to protect, it is important they ask themselves Where is my most valuable data? The theft of which information would pose the greatest risk? Is it in my database, in my documents, my document manager or with my project data? This is where we should concentrate our efforts by trying to implement different measures to protect our "crown jewels".

Methods such as TDE (Transparent Database Encryption) can be useful for protecting databases by encrypting their contents. If the threat is to documentation, then IRM (Information Rights Management) tools such as SealPath can ensure our documentation is encrypted and only accessible by those we give access to. We use document protection or folders in document managers or file servers if that is where the most valuable information is located or a CASB (Cloud Access Security Broker) if we need to increase the security of our Cloud applications.

It is important to stress the need to protect different points; although we may have the perimeter protected with a firewall, the devices protected with an anti virus or IDS to protect against intrusions, is our database secure? What about the documents we store on our PC and servers? When we apply access control to these elements we are elevating the security level of our systems and making them less vulnerable. We are therefore making good use of our technical and financial resources as we have raised the level of protection for our most valuable assets.

Read more...

autocad

 

This blog post provides information on a publication from this week relating to protection with AutoCAD:

SealPath takes a further step towards integration with different software and announces protection for design files in the AutoCAD suite, version 19.1, 20 and 20.1, following its R+D strategy of protecting versions that different manufacturers launch onto the market.

With this integration, SealPath extends its robust protection of RMS for CAD files, maintaining the protected designs, already stored on disk or in transit, allowing collaboration with third parties or limiting what collaborators can do once these designs are open.

With this new facility as part of the SealPath Enterprise suite, both for SaaS and On-Premise versions, a range of design companies, manufacturers and industry, engineers, construction companies and local councils involved in civil projects can control and audit the intellectual property of their designs.

The collaborators will be able to open the protected AutoCAD documents and work with them using AutoCAD software, rather than viewers or specific editors which limit their user experience and force a change in the usual working methods.

"We receive constant requests from our customers and we are aware that this feature is necessary as on many occasions designs need to be exchanged with third parties outside our company network, but without changing the daily routine. As well as keeping the documents encrypted at rest and in transit, with SealPath, users can ensure the documents remain protected by monitoring who accesses them, when they are accessed and detecting blocked access attempts and so on. Users can add expiry dates to their designs and "destroy" them in real time if necessary, even if they are on a partner's network, at an employee's house and so on" states Luis Angel del Valle, SealPath CEO.

SealPath uses the powerful Microsoft Rights Management Services (RMS) to encrypt and restrict access to AutoCAD files, expanding the number of formats it can support and following SealPath's philosophy of allowing users to work with original applications (MS-Office, Adobe and now AutoCAD) instead of using specific viewers.

Read more...
Tuesday, 30 December 2014 09:01

What we can learn from the latest APTs

Written by  sealpath

sony hack


It has been more than a month since the data leakage suffered by Sony Pictures Entertainment (SPE). There is no doubt that this is one of the most devastating attacks of recent times. The Federal Bureau of Investigations (FBI) formally stated that they have connected the North Korean government to the cyber-attack. It is speculated that the trigger could be the production of the film "The Interview" about a plot to assassinate North Korean leader Kim Jong-Un, although some experts have expressed doubts on this.

 

A hacker group going under the moniker “Guardians of Peace” (GOP) was the responsible of the shutdown of the SPE’s computer network. This group informed that they had in their hands confidential information from SPE that was going to be published if the company didn´t cooperate. Among the information stolen (attackers claimed that they had more than 100 TB), according to a Reddit thread or even in the wikipedia, there are personal identifiable information about employees, e-mails between employees, information about executive salaries at the company, copies of unreleased Sony films, passwords, financial documentation, employee performance reports, etc.

 

In several articles published we can find details of the stolen data:

  • Excel spreadsheets with the latest layoffs in 2014 including their reasons.
  • Performance reports of hundreds of employees.
  • Information about salaries and comparison with the ones of other competitors.
  • Excel spreadsheets with names, social security numbers.
  • Scripts of films such as the latest one of James Bond 007. 

Other examples of the lists shown in the Reddit post show several Word documents, Excel spreadsheets, and PDFs that, by the name of the file, refer to username and passwords (i.e. FTP passwords malaysia.xls, Login and Passwords.xls, etc.). There are also files with names that refer to confidentiality agreements, information about films, etc.

On the other hand it has been recently discovered the Regin malware that has been spying to private companies, governments, research institutes and individuals in 10 countries since 2008. The 28% of the targets is related to telecommunication companies, with other victims among energy companies, airlines or research institutions.

Although the reason behind more traditional APTs (Advanced Persistent Threats) is usually obtaining specific information (i.e. Intellectual Property), Regin goes further, trying to gather data and performing continuous monitoring of their targets for a long time, while unnoticed.

Again, one of the main purposes of these attacks has been to obtain sensitive information in the corporate sectors. Protection tools against APTs, perimeter protection solutions, anti-malware, etc. try to detect these threats that tries to break into the corporate network. But now, more than ever, it is critical to have a layered protection in the corporate systems to add security measures to protect not only the network and the hosts or devices, but also the information itself.

Some of the measures that we can consider to try to protect our business against such attacks are:

  • Make backups so we can have it protected against possible deletions, or over-writing, to ensure business continuity.
  • Isolate the critical information, the “crown jewels”, keeping it protected, encrypted and under control.

Would it have been possible to minimize in any way these confidential information leaks? Could it have been prevented that the Excel documents, Word documents or PDFs with sensitive information were accessible once stolen? Imagine that this information would have travelled with a protection shell that goes with the data wherever it is, with an access control embedded that can decide in real time who can and cannot access. This type of protection, information rights management could have avoided that certain information were accessible once outside the company network. Maybe due to the nature of these attacks can be complex avoiding that this information is extracted from the system, but if the protection travels with the document, we certainly will be putting the things much more difficult for the attacker.

Moreover, such attacks demonstrate the economic impact of a severe data breach. A break or idle time on computers has economic consequences for the company, but nothing comparable to those derived by the publishing of extremely confidential information that can lead to internal incidents (salaries, internal communications, performance evaluations, etc.) or external losses (data prematurely filtered, financial information, breaking of agreements with third parties, competitive information, etc.).

Read more...
Page 1 of 5