Wave Systems Corp. (fka WAVXQ)

[Genz2]

2.3B Files Currently Exposed via Online Storage

Digital Shadows researchers scanned various online file-sharing services and concluded the number of exposed files is up 50% from March of 2018.

https://www.darkreading.com/threat-intelligence/23b-files-currently-exposed-via-online-storage/d/d-id/1334843

More than 2.3 billion files are exposed across misconfigured online file storage technologies, marking an increase of 750 million files – or a 50% jump – from 1.5 billion in March 2018.

Researchers with the Digital Shadows' Photon Research Team thought last year's 1.5B figure alone was "incredible," they say in the aptly named "Too Much Information: The Sequel" report. Files with sensitive and insensitive data were found via SMB file shares, misconfigured network-attached storage (NAS) devices, FTP and rsync servers, and Amazon S3 buckets.

The United States exposed the most data (over 326 million files), though France (151 million) and Japan (77 million) each had the highest in their geographies. The United Kingdom exposed 98 million, and countries throughout Europe collectively exposed more than one billion files.

There's "a lot of really good work" being done to try and contain this wealth of compromised information, says Harrison Van Riper, strategy and research analyst at Digital Shadows. "However, the fact is that businesses are continuing to expand their footprint online, beyond their own networks and, more importantly, their own storage devices," Van Riper explains.

"The same kinds of access controls and safeguards that businesses put on their own data within their networks should be implemented on those systems existing outside as well," he adds.

"The same kinds of access controls and safeguards that businesses put on their own data within their networks should be implemented on those systems existing outside as well," he adds.

Server Message Block (SMB) protocol exposed the most data (46%) of all technologies analyzed. That's more than one billion files exposed via SMB file shares, a 547.6 million jump from March 2018. FTP was next-highest at 457.4 million (20%), followed by rsync at 386.7 million (16%), Amazon S3 at 182.1 million (8%), webindex at 163.5 million (7%), and NAS at 65.4 million (3%). FTP-hosted files increased by over 54 million, cancelling out rsync's decline of 53.7 million files.

The researchers aren't entirely sure why SMB-enabled file shares nearly doubled in the past year, though they call the statistic troubling. One potential reason is in June 2018, Amazon AWS Storage Gateway added SMB support, giving file-based applications built for Microsoft Windows a means to store and access objects in Amazon S3. Another is in November 2018, Akamai discovered attackers were opening SMB ports 139 and 445 for malicious reasons.

SMB is one of the main ways Windows users can facilitate file shares, Van Riper notes, and Microsoft adoption of the protocol surely drove its popularity. It's not a bad thing, he points out; technology is supposed to simplify the ways we live our lives and conduct business. However, he adds, the Internet has changed what we thought we knew about these systems and how they interact. It's time to rethink new ways to implement old protocols, he says.

"As businesses continue to digitize older systems and [processes], and more and more Windows systems that have SMB installed get spun up, the more chances there are for these exposures to occur knowingly," he explains.

In the report, researchers point out that in early 2018, Microsoft stopped preinstalling SMBv1 in Windows 10 and Windows Server. However, it's hard to confirm the full impact of this as researchers included SMB v1, v2, and v3 in the study.

Amazon S3 bucket misconfigurations, which have inadvertently exposed data for years, may also slow thanks to "Amazon S3 Block Public Access," introduced in Nov. 2018. The move locked down default security controls for S3 buckets so users can set global block rule for private data.

The standard advice for companies preparing for ransomware attacks is to back up their files. If they're hit and their files are encrypted, they can use saved data to get back up and running.

But what happens if the same ransomware variant also encrypts backup files? The researchers at Digital Shadows notice this is a growing trend, with more than 17 million ransomware-encrypted files across file stores used for backups. They specifically note NamPoHyu ransomware, an update to the MegaLocker variant that targets Samba servers. Samba is the open-source implementation of the SMB protocol; it runs on Unix systems and allows for file communication to Windows. Since April 2019, more than two million files have been encrypted with the .NamPoHyu extension.

"Obviously, WannaCry is the other big ransomware variant that comes to mind when we think about SMB and we are still seeing new files be encrypted by it," Van Riper says. "The trend has definitely picked up steam with the addition of a new variant in NamPoHyu."

These days, data is not only kept internally and businesses should protect their information wherever it resides. Oftentimes that means working with third parties to ensure they have a security strategy in place: for example, researchers point to a small IT consulting company in the UK that exposed more than 212,000 files containing company and client information.

When it comes to third parties, Van Riper says businesses should be asking the same questions they ask of their own security teams. Where is data stored? How are we storing it? Is it encrypted? Who has access to it? "These questions shouldn't only be asked internally, as these days data is not only kept internally," he explains.
=================================================================
Scrambls is in retirement, and appeared to be ahead of its time. The article above shows a strong reason for 'Scrambls for files' to be helping a problem that has been in existence for awhile!! Privacy is important as Apple's CEO continuously points out, and Scrambls could bring privacy to many users, companies and markets!
=================================================================
Protect Content in the Cloud with Scrambls for Files

Scrambls Brings Privacy & Control to Social File Sharing with Instant Encryption

https://www.wavesys.com/buzz/pr/protect-content-cloud-scrambls-files

Palo Alto, CA -

November 13, 2012 -

Today scrambls announced Scrambls for Files as the next enhancement to the free service designed to allow you to control your social media, manage your online privacy, and decide who to share with. Scrambls for Files brings the power of scrambls into Microsoft Windows, for easy encryption of all types of files and folders before they are sent over the open Web.

Cloud storage and social media services have become increasingly prevalent in the market, with consumers quick to embrace the benefits. Yet there are vulnerabilities in the current model of uploading information into the cloud, and then trusting third parties to apply the proper privacy, security and authentication policies. Scrambls for Files brings a more secure method of data transfer for sharing files and folders anywhere you happen to be on the Web. With scrambls, users even maintain control to change who can read messages and files even after the fact.

“This is an important solution to consider for anyone that wants to safely and securely use cloud storage services like Dropbox™ or Microsoft SkyDrive™. Only members of your specified scrambls groups are aware of and can access the content, and you maintain the dynamic control to change those permissions anytime,” said Michael Sprague, scrambls co-creator. “Cloud storage and social media services see only the encrypted data, and we don’t even see it here at scrambls—we only manage the keys and groups as a trusted third party.”

The power lies in the dynamic groups offered by scrambls. Users choose exactly who can see and read anything scrambled, by forming groups (based upon email address, Facebook contacts/groups, etc.). With the same simplicity of scrambls text messages, users just choose what individuals or groups are permitted to read a file. Scrambls will decrypt and display both text and files. Retract messages and/or files by changing the groups or individuals authorized; schedule a specific time for messages and files to appear or expire; and much more.

“Scrambls can be used to encrypt your posts and files for enterprise-caliber protection wherever they travel across the networked social web,” continued Sprague. “Secure what you place in cloud storage and take control over who can read sensitive information. The keys to unlock your encrypted data remain separate from the content, only to be brought back together when the people you authorize look to pull that message down from the cloud. Everyone else will only see scrambled text.”

While encryption concepts are not new, they’ve traditionally been a burden to use. The simplicity and power of scrambls’ groups mechanism sets it apart. Sharing scrambled files does not require circulation of a password or management of enterprise encryption key servers. Users simply choose who is authorized to read anything and those people or groups are granted rights—all they need is a scrambls account of their own.

Scrambls is a platform that can be used with any service, to add the protection of scrambls into any web service and infrastructure you already know and use (Facebook, DropBox, email, Active Directory, etc.). The new model of information sharing supports file and folder encryption for all Microsoft Windows platforms.

Introducing Scrambls Professional for Power Users:
Scrambls continues to introduce more functionality, expanding what users can do with their groups & connections. Scrambls for Files is the latest of these innovations, following the recent Facebook Integration for login and group creation and several mobile apps.

With Scrambls for Files, a premium offering of scrambls will be introduced for heavier usage that brings added benefits to scrambls’ most active users. Scrambls is committed to keeping basic use free for any consumer to secure their social communications over the open Web. The professional version allows unlimited use of Scrambls for Files, along with more features and functionality that are yet to come.

During an initial free trial period, every scrambls user will be given one free year of the professional offering (both new and existing users). Visit www.scrambls.com to sign up for free today.

Build scrambls Into Your Next App:
Scrambls also serves as a platform for integrating security and control for third-party solutions, protecting users’ interactions with the social web. App developers and social media providers interested in augmenting the privacy and security of their own applications and services can leverage scrambls’ software developer kit. The SDK enables third-party apps and sites to integrate directly with scrambls, for a comprehensive and reliable solution backed by enterprise security veteran Wave Systems. For more information, visit: http://developer.scrambls.com.

About Scrambls
Scrambls is a service developed by Wave Systems Corp. (NASDAQ: WAVX) that makes online sharing simple and safe. All you need is the scrambls plug-in added to your browser toolbar. You can make any post private with just one click, even if you’re publishing to different groups of contacts spread across multiple social networks. Scrambls lets you decide what the privacy policy will be for each post that you share. Scrambls makes online sharing smarter, with control over what you are sharing and whom you are sharing it with.