Tag Archives: ransomware

[Webinar On-Demand] Why Do You Need Security Awareness Training?

Posted on by
Reply

Hosted by Gerard Brown at NetUtils and joined by guest speakers Ollie Pech, Channel MSP Manager and Javvad Malik, Security Awareness Advocate from KnowBe4 and known blogger and YouTuber within the infosec industry.

The title of this webinar poses a critical question all organisations should be asking themselves in this ever-changing world. While a layered security infrastructure is an absolute must to protect against the growing variety of threats organisations face today, there’s a hidden threat that is often-overlooked. What is this hidden danger… IT’S YOUR USERS?

The facts from NetUtils

Did you know, more than 90% of successful hacks and data breaches, all start with phishing scams? That’s a huge number considering the sheer volume of data breaches you hear about in the news on a daily basis.

According to the APWG Phishing Activity Trends Report for Q3 2019, phishing scams have reached the highest level in just three years, this level not seen since 2016! Below is a snapshot of the stats over the past year. What makes the chart of interest is the 46% increase of phishing sites detected between Q2 and Q3 of this year. And an almost 100% increase in phishing sites detected in Q4 of 2018, this time last year. *

Phishing attacks reach the highest level in 3 years!

* APWG Phishing Activity Trends Report Q3 – 2019

8 reasons why we partner with one of the best Security Awareness Training vendors in the industry

To help our customers educate their end users and to keep security top of mind!

  1. The world’s largest integrated Security Awareness Training and Simulated Phishing platform, founded in 2010
  2. With over 28,000 customers and 9.5million users KnowBe4 helps organisations manage an ongoing problem of social engineering
  3. The ‘last layer’ of security is the Security Awareness layer, only really been taken into consideration over the last few years i.e. your human firewall
  4. KnowBe4 have developed tremendously as a business from a “nice to have” within organisation to be a “must have”
  5. Over a thousand training modules that are pre aligned to the platform that are all around security awareness and includes some HR modules and over 80 compliance modules
  6. A simulated phishing platform with an iterative process; train, phish and analyse, all of the time
  7. The KnowBe4 console helps organisations see where their end users are having trouble understanding security, this is backed up with over 1000 training modules to support learning. Not used to name and blame
  8. Assists organisations in reducing malware infections, data loss and potential cyber threat, whilst increasing user productivity
Train, phish and analyse with the KnowBe4 phishing platform

Empowering Your Human Firewall

Always remember as a business you are dealing with human beings and to do that, you have to understand behaviour and how to influence that behaviour. Ultimately, the goal is, to move your staff from insecure behaviours to better behavioural patterns so they can take a risk-based approach to any actions they take.

There are 3 realities of Security Awareness:

  1. Just because I’m aware doesn’t mean I care
  2. If you try to work against human nature, you will fail
  3. What your employees do is way more important than what they know

Take the book by Daniel Kahneman called Thinking, Fast & Slow – there are 2 types of systems he outlines; System 1 called Fast Thinking, this is the way a person reacts to everyday routine, they don’t really think about the actions as this is just natural behaviour i.e. making a cup of tea. However, when we look at System 2 thinking referred to as Slow Thinking, this is used to solve specific problems when necessary, it’s more complicated and requires thought.

Daniel Kahneman book called Thinking, Fast & Slow.

When it comes to Security Awareness and your organisation you actually start with System 2, the Slow Thinking, to try and get people really thinking. The more you do this the more it becomes a System 1 way of thinking. That is why continuous awareness and training is vital. The goal, to make Security Awareness a natural behaviour within your organisation, like making that cup of tea, make it a habit over time and get that way of thinking embedded into your company culture.

Your awareness program should NOT focus only on information delivery. Do you care more about what your people know or what they do?

During our webinar Javvad revealed an interesting take away from Dr. BJ Fogg, known in the field of ‘Behaviour Design’ and The Fogg Behavior Model.

“Behaviour happens when three things come together at the same time: Motivation, Ability, and a Prompt to do the behaviour.”

  1. Motivation – are your users sufficiently motivated to an action
  2. Ability – do they have the ability to do that action
  3. Prompt – the nudge to get them to do that action

Take these behaviours into consideration when designing your training programs so all boxes are ticked. Get specific as to what behaviours you want to change and target them.

Get specific with the behaviours you want to change and target them.

Here at NetUtils we partner with KnowBe4 to help our customers educate their end users and keep security top of mind. Security Awareness Training should be part of your cyber security strategy and embedded into your cultural fabric especially when human error is still one of the leading causes of data breaches today.

To help you on your way we’ve got some cool FREE tools to get you started!

  • Free Phishing Security Test – Find out what percentage of your users are Phish-prone. Get yours here.
  • Free Email Exposure Check – Find out which of your users’ emails are exposed before the bad guys do. Get yours here.
  • Free Domain Spoof Test – Find out if hackers can spoof an email address of your own domain. Get yours here.
  • Free Phish Alert Button – Your employee’s now have a safe way to report phishing attacks with one click. Get yours here.
  • Ransomware Simulator – Find out how vulnerable your network is against ransomware attacks. Get yours here.

DISCOVER THE 14 CORE CAPABILITIES YOU NEED FOR DEFENCE-GRADE SECURITY

Posted on by
Reply

The following 14 core technical capabilities were created to help guide and prioritise cybersecurity investments.*

With cyber threats constantly evolving, it’s important to identify the gaps in your security posture and being prepared for cybercriminals to get through your defences in this changing environment is essential. You need to determine where to start and what is most important.

1. Asset Management

Identify assets by leveraging automated tools and discovery solutions (to also discover rogue systems), including:

  • Installed software (including on endpoints, mobile (leverage Mobile Device Management (MDM or EMM) solutions) and servers)
  • Deployed hardware (including endpoints, mobile, cloud and “on- premise” systems)

2. Network Segmentation

Ensure networks are properly segmented, particularly separating the business side from the infrastructure networks.

Focus initially on high value assets and critical systems. Move away from solutions that focus only on “on premise” segmentation and deploy network segmentation solutions, such as Software Defined Perimeter that allows for granular role-based segmentation of on-premise and Cloud-based systems, including legacy systems. Additionally, leverage Network Access Control (NAC) when possible.

3. Network Security

Leverage intrusion detection and prevention systems (IDS/IPS) across enterprise and system enclave boundaries (including ingress, egress points), including using cloud-based appliances whenever possible to monitor cloud traffic.

  • Select solutions that can protect both on-premise and cloud-based traffic and consolidate alerts/logs on a single dashboard
  • Consider leveraging Deep Packet Inspection/Packet Capture (DPI)
  • Consider deploying cloud access security brokers (CASBs) at cloud boundaries
  • Leverage Domain Name Server Security (DNSSEC) to secure your Domain Name Server (DNS)
  • Consider specific distributed denial of service (DDoS) protections to protect servers, applications, and networks
  • Consider solutions that protect communication systems against telephony denial of service (TDoS) and DDoS attacks

4. Identity Management

Manage user access and roles by:

  • Deploying a centralised identity management solution with access control management and identity proofing
  • Leveraging a Single Sign-On solution across the enterprise and its applications
  • Deploying multi-factor authentication across the organisation, particularly for critical systems and privilege access
  • Using identity management best practices to ensure “need to know” and “least privilege”
  • Properly disabling or deleting accounts according to the organisation’s policy requirement

5. Privilege Access

Privilege access management solutions should be deployed to manage and control critical infrastructure systems’ administrative accounts, including:

  • Requiring multi-factor authentication for all administrative accounts, including on servers and endpoints
  • Using solutions, such as Software Defined Perimeter, to enforce multi-factor authentication policies across the enterprise while implementing patching, need to know, and least privilege, among others

6. Patching and Vulnerability Management

  • Conduct proper monitoring and patch installation, including testing prior to patch deployments
  • Prioritise patches based on risk and critical impact
  • Regularly perform automated scanning (daily ideal or weekly), including credentialed, passive, internal, and external scans. Include database configuration and web services configuration scans
  • Install agents on servers and endpoints to facilitate scans whenever possible
  • Scan applications both statically and dynamically
  • Perform source code review when necessary

7. Continuous Monitoring

Continuous monitoring is recommended 24 hours a day, 7 days a week, including:

  • Employ alerts and Security Information and Event Management (SIEM) solutions with a customised dashboard to monitor critical systems using proper log management
  • Create/manage a security operation centre (SOC) to continuously monitor critical systems

8. Endpoint Protection

Employ endpoint protection solutions to:

  • Mitigate against viruses, ransomware, and malware using solutions such as Application Segmentation (Micro Virtual Machine isolation), Advanced Endpoint Protection, and Antivirus/Anti-malware
  • Deploy these solutions across all endpoints and servers, including mobile devices
  • Leverage a File Integrity Solution to protect against file tampering/rootkits etc.

9. Public Key Infrastructure (PKI)/Key Management

Deploy both symmetric and asymmetric encryption key management solutions, including:

  • Managing public and private keys used for application programming interfaces (APIs), email signing, and encryption using a PKI solution
  • Employing key management solutions to store keys, including Secure Shell (SSH) keys and other encryption keys

10. Log Management

Centralise, correlate and consolidate logs, including:

  • Ingress and egress logs
  • Application logs
  • Endpoint protection logs
  • Firewall logs
  • Security logs such as authentication failure, misuse, unauthorised access, insider threat
  • Server logs
  • Database logs
  • Webserver logs
  • IDS/IPS logs

Ensure proper timestamp by leveraging Time Synchronisation (Network Time Protocol (NTP)) solutions across every system.

11. Phishing Protection

Implement phishing training and plugin solutions, including:

  • Mandating regular phishing training for all employees, including senior executives
  • Deploying email validation system (Domain-based Message Authentication, Reporting and Conformance (DMARC), Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM)) to detect and prevent email spoofing
  • Deploying phishing plugin solutions on email servers and endpoints to allow phishing email detection, prevention, and reporting
  • Conducting real-life phishing campaigns to all your employees to measure openings/clicks, and target training to employees opening those emails

12. Configuration Management

Adopt a configuration management solution to properly enforce configuration requirements on servers and endpoints, including:

  • Prioritising solutions that can synchronise logs with SIEM and that support multiple operating systems
  • Leveraging application whitelisting solutions to limit access to necessary applications on endpoints and mobile devices. Whitelisting is recommended instead of blacklisting because new malicious software is too difficult to track

13. Application Security

Application security is the use of software, hardware and procedural methods to prevent vulnerabilities in applications and protect sensitive information from external threats. Applications may include desktop, server, and mobile technology. Software security should be built into applications during their development phase:

  • Fuzz testing (fuzzing) should be leveraged as a quality assurance technique, using a software tool called a fuzzer to discover coding errors and security loopholes in software, operating systems or networks. The technique involves inputting fuzz (massive amounts of random data) to the test subject to make it crash, find vulnerabilities, and identify potential causes
  • Dynamic analysis can be used as the testing and evaluation of a program by executing data in real-time to find errors in a program and flaws in the source code while it is running, rather than by repeatedly examining the code offline. Dynamic code analyser software finds security issues caused by the code’s interaction with other system components like SQL databases, application servers or Web services to debug a program in all the scenarios for which it is designed
  • Static code analysis is also available as one of the security tools the enterprise can use to identify flaws and malicious code in applications before they are bought or deployed. The process provides an understanding of the code structure, and can help to ensure that the code adheres to industry standards
  • Leverage Web Application Firewalls (WAF) solutions to secure your web applications

14. Data Security

Implement solutions to secure data, including:

  • Properly protect data, in particular, personally identifiable information (PII), personal health information (PHI), payment card industry (PCI), and sensitive, classified, and/or financial data, by using Data Loss Prevention solutions:
    • Leveraging solutions to detect and prevent data leaks and massive data exports on servers, databases, and endpoints, when possible
  • Deploying backup solutions across the organisation endpoints, servers, databases, and critical systems
    • Establishing off-site backup, whether in a separate datacentre or on the cloud
  • Mandating encryption for all PII, PHI, PCI, sensitive, and confidential data whenever possible. Examples include:
    • Requiring full disk encryption solutions for mobile devices, laptops, and removable media
    • Using encryption on databases and files whenever required

* 2018 Cybersecurity Guide – originally provided by Bromium featuring Nicolas Chaillan.

Application Isolation and Control – A Modern Defense for New Threats

Posted on by
Reply

By Fraser Kyne, EMEA CTO, Bromium

The detection method for preventing malware is fundamentally flawed, yet it is still the de facto standard in cybersecurity. Day after day, organizations scramble to protect against a growing number of threats, but all it takes is one piece of malware to go undetected to wreak havoc on IT systems.

Ironically, this was predicted by Alan Turing more than 80 years ago. His work proved no standard algorithm could ever predict an outcome for every possibility without falling into a logical paradox because of the halting problem. The halting problem proves that an algorithm cannot predict from a general description of a program and an input whether the program will finish running or execute forever.

The same logic applies to malware detection. A standard algorithm cannot be relied on to correctly identify every single threat that comes knocking because the volume of threats is large and varied, with previously unseen threats emerging every day.

A detection-based approach deployed by IT teams is akin to casting out a net, where the net will either be so large that it tangles itself, or it won’t be cast wide enough and will invariably allow some things to be missed. IT teams are trying to solve this problem by adding more layers to their detection solutions, but all this is doing is casting more nets plagued by the same problems.

Detection-based solutions can Over-complicate security landscapes

Hackers are resourceful, utilizing new tactics – such as polymorphic malware and zero-day exploits – to bypass detection-based software and break into critical IT systems. For example, in the Locky ransomware campaign, hackers customized the malware to execute after the fake document was closed, making it much harder to spot and bypassing the majority of detection-based AV solutions.

Instead of focusing on detection, organizations that are serious about security are starting to rely on segmentation. By segmenting networks and applications, businesses are seeing that they can prevent malware from causing harm and keep data and networks safe.

Segmentation offers businesses protection, but it relies on PCs or applications only having access to limited areas on the network. Early iterations failed to achieve a great uptake because adding new PCs to this system can be incredibly expensive and time-consuming during deployment.

Segmenting IP and sensitive data could also still leave users at risk if they don’t isolate the applications that are being used to access this data. Without a solution to these problems, network segmentation has largely failed to get off the ground and detection has persisted as the leading cybersecurity approach.

By focusing on isolation, security Is simplified and end users are protected

Everybody wants to be able to use technology to do more with less. In this instance, it means deploying more effective and reliable cybersecurity solutions. However, detection involves the complex process of “preventing, detecting, and responding”, where multiple layers of security are deployed to identify malware before it hits. However, these layers simply aren’t sufficient to protect against the volume and sophistication of the ransomware and targeted phishing attacks that are prevalent today. As you might expect, it also creates a tremendous expense.

While there are a few choices available that provide isolation, solutions that do this using virtualization are effectively bullet-proof. While no one can promise 100% protection, virtualization that starts on the chip, stops Meltdown, dramatically limits Spectre and works online or offline, can protect what’s targeted the most: endpoints.

Real solutions with a virtual defense

Isolation through virtualization works by allowing applications to open and carry out each task in its own self-contained virtual environment. This means that every tab that is opened in a browser, every Office or PDF document attached to an email, or any file that runs an untrusted executable, will be opened in an entirely isolated virtual environment that’s running on the hardware itself. The result is that any threat caused by an action in this environment won’t have access to anywhere else on the system and can be easily removed by simply destroying the virtual environment.

This allows users the freedom to download files and open documents, safely, knowing that they are no longer the last line of defense – giving users the ability to click with confidence. In fact, end users can let the malware run, because it doesn’t do any damage, and it allows IT teams to get detailed threat analysis. Users can get back to work; recruiters and HR teams can open emailed CVs, marketers can carry out research even if they click on a phishing link, and R&D teams can share downloaded resources without the fear of being stung by malicious files or links.

For organizations using this new approach, there is less worry. Virtualization-based security is being adopted by the giants: HP and Microsoft now use virtualization-based security to protect users. This is just the tip of the iceberg and marks the beginning of a virtualization revolution in security, where users no longer fear opening links and attachments and organizations can let their teams focus on innovation without worrying about making a security mistake.

About the Author

By Fraser Kyne, EMEA CTO, Bromium Fraser’s role has encompassed a wide range of both engineering and customer-facing activity. Prior to joining Bromium Fraser was a Technical Specialist and Business Development Manager at Citrix Systems. He has been a speaker at various industry events on topics such as virtualization, security, desktop transformation, and cloud computing.

Source: Cyber Defense Magazine
http://www.cyberdefensemagazine.com/application-isolation-and-control-a-modern-defense-for-new-threats/

Read more from Fraser:

Webinar: Prepare for tomorrow’s cyber threats today!

Posted on by
Reply

Watch our on demand webinar and take a dive into today’s data and cyber security threat landscape with our Principle Technology Strategist; Malcolm Orekoya and hear about:

  • The evolution of ransomware
  • How to boost cyber security awareness within your organisation
  • Data portability in your organisation
  • The importance of encrypted data visibility
  • How to prepare for the impact these cyber threats will have on your organisation

Network Utilities’ Services puts your business first, reduces your risk and helps you ensure your network is safe, secure, fast and compliant.

10 Things You Need to Know About Ransomware

Posted on by
Reply

Some cyber security experts call ransomware attacks an epidemic.

In 2016, the FBI estimated that ransomware attacks resulted in over $1 billion in income for cybercriminals*. Experts attribute the ransomware epidemic to people’s carelessness in clicking on phishing emails and infected advertisements.

Here are 10 things organisations should know about ransomware:

  1. Ransomware was first reported in 1989
  2. Ransomware doesn’t discriminate when it comes to platforms and devices
  3. Ransomware can be distributed through various channels
  4. Ransomware often goes undetected
  5. Organisations should change their mindset from a reactive-based model to a prevention-oriented one
  6. Organisations should develop a prevention and response plan
  7. Organisations should identify a prevention and response team
  8. Organisations should perform a compromise assessment
  9. Organisations should complete a security tools assessment
  10. Organisations should respond and future-proof

Download the full infographic here – Infographic courtesy of Cylance Consulting

As threatening as ransomware sounds, damage can be avoided with increased user awareness coupled with the right security practices. Businesses need to be aware of the risks and take adequate precautions to minimize the impact in the event of an attack.

See Cylance in action for yourself? Register here to join our workshop at The Metal Box Factory in London on the 25th May and see the capabilities for yourself.

*Source: CNN

 

Phishing attacks are evolving – what you need to know to stay one step ahead

Posted on by
Reply

Guest blog by Greg Atkins, InfoGuardian

Views expressed in this post are original thoughts posted by Greg Atkins. These views are his own and in no way do they represent the views of the company.

Over the past 3 to 4 years, there has been a shift in focus by cybercriminals away from reasonably basic, generic phishing attacks designed to get individuals to part with a relatively small amount of money to today’s more targeted attacks aimed at specific individuals or groups of individuals within specific organisations, designed to earn the cybercriminal much more money.

In its report “The evolution of phishing attacks 2011-2013“, Kasperksy identified an 87% increase between 2012 and 2013 in the number of attacks, with over 37 million individuals targeted.

These types of attack, which some call spear-phishing and others call targeted attacks, have seen a number of high profile victims, including Microsoft, Google and RSA. However, please do not be misled; this could happen to any organisation as the following story demonstrates.

At the end of last year members of the finance department of a small manufacturing company, with fewer than 200 staff, in the North West of England, received what they believed to be a legitimate email from a respectable authority. But as the content of the email seemed to be more relevant to another department, the email was forwarded to HR and 2 members of that team, who, unaware of the hidden threat, opened the attachment. Clicking on the attachment resulted in both members of staff installing the Cryptolocker Ransomware. This proceeded to encrypt files on their machines using different 256-bit RSA keys, then on network drives and finally on other machines connected to those network drives. Compared to the remediation costs and loss in productivity for the company, the ransom figure demanded for supplying the keys to decrypt the data was relatively small. As you can see, this is not a high profile company in a lucrative financial sector. It is one of many thousands of UK companies carrying out its normal business, as your organisation is probably doing.

Whilst more expensive for the cybercriminal to set up, spear and targeted phishing attacks are far more lucrative in terms of results. The objective of the attack is to dupe the targeted individual or group into clicking on an attachment or a link to a fake website containing malicious code, where clicking on a link or button will result in the individual unknowingly installing malware on his device. As in the case above, this could be blatant ransomware or it could be a more sinister Trojan, used to make a point of contact within the targeted organisation from which the attacker can gather more information which will help him to his objective.

It is commonly accepted that overall spear-phishing attacks have a high success rate of 20%, compared to less than 5% for general phishing attacks. Various sources report that as many as 70% of targeted individuals are likely to open such an email. Trend Micro has reported that 91% of all successful data breach attacks in 2012 started with a spear phishing email, and in 2013 Allen Paller, director of research at the SANS Institute reported this figure to be 95%.

Why are Targeted Phishing Attacks so effective?

Any specific email used to launch an attack is likely to come from a known or trusted source, using authentic logos etc. The attack is made simpler for the attacker by the various social media sites and information about individuals readily available on the Internet. In a recent high profile case, the target was identified on LinkedIn. All the information required is nicely packaged for the cybercriminal.

What can be done to stop these attacks?

One of the problems with these types of attack is that they are quite individual, meaning that email security systems have a difficult job identifying them.

Dealing with it technically is certainly a challenge. It is commonly accepted that users are the greatest threat to any organisation’s security. No matter how big the security budget or level of security compliance, it may take only one user to make a mistake, which could cause huge financial damage.

While user education must certainly be part of the solution, opinion seems to be divided on the effectiveness of IT security awareness training for non-IT users. Essentially we have been trying to educate users about security for the past 20 years, but how much really sticks and at what real cost to the organisation? In the past most awareness programmes were to tick the box to meet compliance requirements. As a result, these bare-minimum awareness programs are a PowerPoint presentation once a year or security newsletter once a quarter. To effectively reduce security risks of targeted email attacks, you will need to start changing user behaviour.

William Pelgrin, director of New York’s Office of Cyber Security, organised a fake spear-phishing exercise in which 10,000 state employees were prompted to link to a password checker. 15% of the targeted employees clicked on the link, denoting failure. One month later a second email was sent where staff were asked to enter personal information. Click results showed a 40% reduction of people clicking on the links in a single month over only 2 emails. The effectiveness of this type of “live situation” training is enormous. Pelgrin was able to use common user behaviour to educate and bring about positive behavioural change to reduce the risk of targeted attacks.

To speak to a Netutils security expert about how to protect your organisation against attack please get in touch. sales@netutils.com 020 8783 3800