Enterprises with fleets using Windows as an operating system can now take advantage of Microsoft’s native BitLocker disk encryption tool using Prey! Let us introduce you to our new Disk Encryption action. This tool allows you to easily activate BitLocker’s disk encryption remotely on compatible devices (Windows 10 Pro, Enterprise, or Education) and protect the data on their hard drives!

BitLocker is a native encryption tool that comes with Windows 10 Pro, Enterprise, or Education and doesn’t need to be installed or bought separately.

This new tool has been added to our Enterprise plan, and it is the next step into better helping organizations secure their data. Encryption is a key risk mitigator! Data theft, data breaches, or device loss won’t result in compromised data if said information is encrypted.

How to use the Disk Encryption Tool

This action will be available on any Windows 10 device using a Windows Pro, Enterprise, or Education version and with hardware that possesses the TPM (Trusted Platform Module). To turn on BitLocker:

1) Find a compatible Windows device on your Prey control panel, and access its individual view by clicking it on the device list. Once there, you can find the Disk Encryption action on the right-hand action bar.

2) Click on the action’s button to begin the process. You will need to select the drives on the computer that you want to encrypt with BitLocker.

3) Select the encryption method you want to apply. Selecting ‘Full Disk’ takes longer, but protects the complete disk (unused, and used). This is ideal for computers that are in active use; on the other hand, selecting the ‘Used Space Only’ will be faster, but doesn’t protect unused space. This is ideal for brand new computers that haven’t had data stored yet.

4) Finally, select the encryption standard. AES_128 is ideal for fixed internal drives, and XTS_AES128 is ideal for removable drives like a flash drive. This option represents the type of encryption applied.

5) Click Start Encryption to apply!

What will happen next?

Prey will reach out to the device and, once connected, will request BitLocker to begin the encryption process. You can click the action to see a progress bar and follow the encryption process as it protects the selected drive.

Note that the encryption process is not instant, as Windows will need to encrypt all available data as a whole. The completion time will vary according to the computer’s specifications and the disk’s data size. 

The encryption process is ongoing and the device can be used continuously even when encrypting, and when completed all newly generated data will be encrypted by default. This, however, does mean that the computer’s performance will be slightly modified as a minor part of processing power will run this continuous encryption process. The recovery key (or encryption key) and disk password will be available on the devices’ hardware details in your account.

How to Decrypt a Disk Encrypted With Prey

The decryption process is fairly straightforward. You can find the Decrypt option in the same action as before, Disk Encryption. 

1. Find a Windows device on your Prey account that had been previously encrypted using the same platform, and click on it to access its individual view.
2. Open the Disk Encryption tool, and select the target disks to be decrypted.
3. Click decrypt and Prey will initiate the process.

What will happen next?

Prey will connect to the Windows device and disable BitLocker, commencing the decryption of the selected disks. This process takes anywhere from 20 minutes to a couple of hours depending on the disk’s size, and the computer’s characteristics. If the device is turned off, it will be interrupted and resumed when turned back on.

Try it out!

If you have an Enterprise plan, the Disk Encryption action has already been added to your account and you can manage BitLocker on any compatible Windows device. Full device encryption is one of the easiest and most encompassing prevention actions you can take to avoid data theft, and enabling BitLocker has never been easier at Prey.

If you need to know more about how to encrypt and decrypt your devices, feel free to check out the documentation about Prey and BitLocker on our help site.

If you don’t have an account yet, start a free 14-day trial today! You’ll be able to test Prey’s encryption, tracking, and inventory on your fleet.

We’re near the end of a very rocky year. COVID-19 was the tip of a very unique iceberg, full of political turmoil, deathly fires, and the economy almost collapsing. What wasn’t unique were the thousands of cyberattacks around the world that seem to get worse every year. And 2020 wasn’t the exception to the rule.

In recent pieces, we predicted certain patterns for top cybersecurity threats, based on research from all around the world. As we arrive at the last quarter of 2020, we decided to check on those predictions, as a sort of malicious software evaluation.

Learn More About Cybersecurity!

Get those security measures ready, folks. It’s time for threat intelligence.

Phishing Attacks, RATs, and Malware

If there ever is a race for the most complex and rapidly-growing cyber threat of the year, the clear winner would be phishing. Always looking for the weakest link, phishing has become the avenue of choice for most hackers looking for financial gain or an entry point to larger organizations.

But why? Security researchers agree that the social climate was “a perfect storm” for social engineering attacks, phishing, and enterprise malware. As the COVID-19 pandemic spread, several things happened in the workplace. Workers left their safe office environments to coexist in unprotected, vulnerable networks. In some cases, BYOD (bring-your-own-device) policies were put in place. Remote workers with a lack of cybersecurity training became vulnerable to phishing attacks expertly crafted to resemble office logins, emails, and software.

As for the common user, the outlook wasn’t different. Cybercriminals are using machine learning to learn about user behavior, triggering emotional distress with complex attacks. For example, phishing email or SMS campaigns, related to the COVID-19 pandemic or to the tense political climate in the US. 

The malicious payloads in these attacks are even more complex, too. RATs (Remote Access Trojans), especially in phones, have been growing exponentially. Malicious software that needed a deep understanding of code is now in the hands of anyone who can pay it, based on a MaaS (malware-as-a-service) model. RAT attacks are able to exploit RDPs to gain access to endpoints, opening the gates for the phishing flood.

The last trend in cyber threats is the use of the browser. The family of HTML/Phishing attacks –and their relatives HTML/scrinject and HTML/REDIR– have been affecting thousands of websites and browsers worldwide. Hackers are attacking unprotected web traffic, just as workers are dropping corporate, protected networks to work from home. This is a trend that security researchers are expecting to see in 2021, too.

Ransomware

Easy to deploy and a pain in the back to remove, ransomware attacks are more common than ever. As the DBIR suggested, at least one in four cases of malware were ransomware, and the number was expected to grow. As we enter the last quarter of the year, we know the threat of ransomware is growing in scope and sophistication.

The main reason behind the growth of ransomware is how easy it is for hackers to acquire the tools to perform an attack, buying it on a dark web marketplace. In the same way that threats like Cerberus offer themselves to hackers, ransomware like Sodinokibi or Phobos are making huge amounts of money with little effort. RaaS (ransomware-as-a-service) is relatively cheap for inexperienced hackers and can lead to massive profits in cryptocurrency if successful.

Certain ransomware variants are becoming more aggressive, taking notes from the Petya and GoldenEye books. Variants like CoViper have been found to write the Master Boot Record (MBR) of the machines before encryption, a heavily destructive tactic.

The era of State-Backed Attacks

This year, the news cycle has been full of headlines like “state-backed attack”, “hacked by the [insert nation-state here] government”, “cyber warfare” and “cyberterrorism”. And it’s no joke or bad reporting either. Every organization –private or otherwise– that researches cybersecurity threats, agree: nation-state actors are a serious issue. And it all comes down to the rising threat of backed APTs.

APTs, or Advanced Persistent Threats, are like hurricanes. They don’t hit too often, but when they do, expect a trail of destruction behind them. In this case, hacking groups specialized in deep and complex cyberattacks to big organizations are playing the same game of chess between the world powers. Groups in India, China, Russia, Iran –and one can only guess, the US– are hacking strategic targets more than ever, aligned with political and economic goals of their “backing” countries.

Reports from companies like Microsoft have shed some light on how state-backed cyberattacks have been changing their scope this year. Coordinated groups and APTs are targeting health care institutions and organizations in the US, with the objective to perform espionage on its citizens. On the same page, research groups related to the COVID–19 vaccine all over the world have reported attacks from state-backed hackers.

As you may have guessed, these hackers aren’t performing data breaches for petty cash or a couple of credit card numbers. They aren’t using “noisy” methods, either. State-backed APTs prefer a subtle approach, almost like a parasite, accessing foreign systems in a non-obtrusive way. The goal is to exfiltrate as much sensitive information –confidential, financial, private– as possible without being detected. A successful attack also leaves no way to trace it to the nation-state who backed it in the first place, to maintain “plausible deniability” if accused.

IoT Attacks 

As we said, the changes in the workplace caused by the pandemic have been difficult for organizations. Millions are working from home, and the sensitive data that lived in secure work networks is now vulnerable to malicious actors attacking the unprotected devices in our house. And if your company decided that a BYOD policy was the way to go, it’s very probable that certain endpoints aren’t protected either.

Even if these protections are implemented –such as antivirus software or firewalls– as IT managers we can’t meddle too much on the devices our employees use in their homes. The so-called “internet of things” has become not only the latest fad in technology but a cybersecurity trend as well. IoT usage has skyrocketed since the pandemic started, and as new devices rely on our local wi-fi networks to connect, malicious actors rely on their vulnerabilities to access our computers and networks.

A trend is therefore surfacing: IoT devices being breached for malicious purposes. This year, reports of vulnerabilities in these devices show that almost 98% of all internet IoT traffic is unencrypted, and more than half of all Internet of Things devices available on the market are vulnerable to attacks from medium to high severity. This due to the fact that most devices aren’t patched when vulnerabilities are found.

This opens the door to dangerous practices, such as your devices becoming botnets, or performing DDoS attacks (distributed denial of service). Botnets like Mirai, Dark Nexus, Mukashi or LeetHazer are widespread, and one of your IoT devices may be vulnerable to one of them.

Cryptojacking

Dubbed “the silent cybersecurity threat” by many, Cryptojacking is the most important security trend related to cryptocurrency.

Cryptojacking is the unauthorized use of a machine to mine cryptocurrency. It doesn’t have to be a widely used crypto like Bitcoin, Monero, or Ethereum, although it seems to be closely related to them. Cryptojacking attacks have been experiencing a steady rise since 2019, tied to the rise in the price of Bitcoin during 2020.

A cryptojacking attack is usually massive, subtle, and widely distributed. There even is a chance that you mined crypto for someone else without knowing, using the same browser you’re using to read this post. In spite of that possibility, cryptojacking can be much more complex, and tied to the same devices we talked about in the previous section. In fact, IoT devices can be used for cryptojacking, as long as they’re vulnerable.

An attack of this nature –for example, using XSS– is so ubiquitous that can be performed in almost every modern computer language. Cryptojacking attacks can be performed or adapted to Javascript, Python, Golang, Shell, Ruby, and many more. As long as the device can execute commands and spare a little processing power, it can be attacked. 

It’s also very hard to catch: antivirus software isn’t the best in identifying “malicious processing”, or at least differentiating what cores are being used legitimately, and which ones are mining crypto.

If the rising trend of crypto prices keeps going forward, cryptojacking will keep growing too.

Takeaways

Despite the fact that most trends in cybersecurity were similar to 2019, it’s undeniable that the pandemic changed the scope considerably. Malware attacks, ransomware, and phishing are tied to the changes in our behavior, and as we flock to our homes, malicious actors follow and try to enter themselves.

On the topic of threat intelligence, we must be prepared for everything. Data security and encryption are more important than ever. Multiple factors of authentication for all members of our organization is key. We must try to extend the network security we have in our offices to our employees as well.

And as users, we have a duty to stay informed about cyber threats around the world. A proactive mentality against threats is the way forward. Strong passwords, the installation of security solutions in our devices, and taking precautions with our personally identifiable information are good first steps. Remember: anyone can be a victim of cyberattacks.