Tag Archives: ransomware

3 Facts About Cyber Security to Factor into Your Strategy Now

Posted on by
Reply

Last week I read this blog titled 3 Big Facts About Cybersecurity In 2020 To Remember For 2021 which talks about phishing, ransomware and The Dark Web. Whilst I agree with these 3 threats, it’s important to remember that a layered security approach for any organisation is key to the sustainability of growth and development. Yes, last year saw a rise of the distributed workforce, the fast adoption to the cloud and a massive increase in COVID related scams, which are still being executed by cyber criminals, thus making your company and all your employees more susceptible and an easy target especially when security most certainly was not and is not top of mind. 

For many the need for business continuity and getting up and running as soon as possible those few days before lockdown announcement number 1 massively outweighed concerns over networking and security. And why wouldn’t it! However now we face being in lockdown number 3, with no real idea of when we will be normal again or what normal might look like and still you’ve not addressed those ‘pesky’ security concerns.

So, following on from the blog mentioned above here are 3 key takeaways so you can start to take your cyber security back into your own hands. Remember cyber security is companywide and not just and IT issue.

1. Phishing Rules the Roost

Most of today’s nastiest threats have a common denominator: phishing. More than 80% of all cyber attacks are phishing based. That means that an essential part of keeping your business safe from cyber crime is keeping your business safe from phishing. Phishing attacks skyrocketed by over 600% in 2020, and that’s not going to go away. 

How to mitigate the risk?

People are a critical layer within your cyber security posture and with greater reliance on email communication, the dangers of phishing are even more apparent for businesses, especially in the form of ransomware. 

By committing your company to Security Awareness Training in this ever changing world will help protect against the growing and varying threats organisations face today. Don’t let those criminals leap to the golden opportunity that increased email usage creates for them to launch phishing attacks – and they’re branching out with more attempts through voice, text, messaging, and SMS.

2. Ransomware is Here to Stay

Ransomware was the most devastating and disruptive single threat type in 2020, and that looks set to keep going through 2021. More than 50% of businesses were impacted by ransomware in 2020. It’s become a favoured tool of hackers from sophisticated nation-state groups to cyber criminal gangs on The Dark Web. Experts estimate that a ransomware attack will take place every 11 seconds in 2021.

Cyber criminals aren’t just using ransomware to steal data anymore. In 2020 there’s been a trend towards ransomware being used to disrupt operations at businesses, manufacturers, essential services, infrastructure targets, and hospitals plus many organisations in other sectors worldwide. Just before the COVID-19 vaccine news started rolling in, cyber criminals were deploying ransomware against hospitals, pharmaceutical developers, laboratories, even cold storage trucking companies. They weren’t trying to steal data, they were trying to disrupt operations at critically needed organisations in order to score a big, quick payday, and they were successful in many cases.

How to mitigate the risk?

  • Don’t click links in emails
  • Scan emails for malware
  • Firewall and endpoint protection
  • Keep data backups, regular
  • Protect your information

3. Dark Web Danger is Real and Growing

The Dark Web is a complicated place, and just like everything else in the world, the chaotic nature of events in 2020 impacted the way it operates too. It hasn’t stopped growing – Dark Web activity has increased by more than 300% in the last 3 years. While it hasn’t been as much of a newsmaker as flashier things like nation-state hacking, make no mistake – it’s still an enormous threat to all businesses, and that threat is only growing larger with time.

The proliferation of information gathered in data breaches, especially in last year’s record-breaking year, provides ample fuel for cyber crime like credential stuffing and spear phishing. An article published on the 3rd February 2021 states more than 3 billion unique pairs of cleartext emails and passwords were leaked online from previous data leaks.

The growth of the cybercrime-as-a-service sector of the Dark Web economy also puts companies squarely in the crosshairs of bad actors. Plus, in a challenging economy, even cyber criminals are feeling the pinch and looking for new ways to rake in cash.

How to mitigate the risk?

Dark Web monitoring solutions are a security essential because it provides your company with something incredibly precious: time. By having your business credentials monitored 24/7/365 with our expert human and machine-powered analysis, you’re making it possible for you to find out if you’ve been a victim of credential compromise fast. Which gives your IT team time to address vulnerabilities before the bad guys even find them.  

No Company Can Afford A Cyber Security Nightmare.

Let NetUtils help you add strong cyber security protection at a price that won’t keep you up at night. To get you started we’d like to offer you a complimentary Dark Web scan and we’ll show you how our solutions can help you secure yours and your clients’ systems and data against today’s (and tomorrow’s) biggest threats fast.

Sources:

[Webinar On-Demand] Security Awareness During Times of Disruption

Posted on by
Reply

A recent report reveals a massive 667% increase in spear-phishing attacks due to the current pandemic, with over 9000 phishing attack campaigns, related to COVID-19, being detected in March versus just over 1100 in February and only 137 in January. These attacks are taking on all forms including; brand impersonation, business email compromise, scams and even blackmail. *

Organisations like yours have asked traditional office-based employees to work from home. The potential for cyber criminals to get your users to react to these types of spear-phishing attacks is high due to the coronavirus theme being exploited and all organisations need to ensure their users remain vigilant.

Is your newly formed remote workforce armed with the knowledge to keep themselves and your network safe? Watch our webinar below and learn:

  • About the tactics the bad guys are using now to exploit COVID-19
  • Why remote workers are an easy target for cyber criminals
  • How to enable your last line of defence with tools and training
  • Why security awareness training is critical within your security strategy

Now more than ever Security Awareness Training is vital for your remote employees and your network.

* Source: Barracuda Sentinel [https://blog.barracuda.com/2020/03/26/threat-spotlight-coronavirus-related-phishing/]

2020 Phishing by Industry Benchmarking Report from KnowBe4

Posted on by
Reply

As cybercrime continues to surge, security leaders must understand that there is no such thing as a perfect, fool-proof, impenetrable secure environment. Many organisations fall into the trap of trying to use technology as the only means of defending their networks and forgetting that the power of human awareness and intervention is paramount in arriving to a highly secured state.

Every security leader faces the same conundrum: even as they increase their investment in sophisticated security orchestration, cybercrime continues to rise. Security is often presented as a race between effective technologies and clever attack methodologies. Yet there’s an overlooked layer that can radically reduce an organisation’s vulnerability: security awareness training and frequent simulated social engineering testing.

Verizon’s 2019 data breach investigation report shows that phishing remains the #1 threat action used in successful breaches linked to social engineering and malware attacks.

These criminals successfully evade an organisation’s security controls by using clever phishing and social engineering tactics that often rely on employee naivety. Emails, phone calls and other outreach methods are designed to persuade staff to take steps that provide criminals with access to company data and funds.

Each organisation’s employee susceptibility to these phishing attacks is known as their Phish-Prone™ percentage (PPP). By translating phishing risk into measurable terms, leaders can quantify their breach likelihood and adopt training that reduces their human attack surface.

Do you know how your organisation compares to your peers of similar size? Download the KnowBe4 benchmarking report to find out! 

You will learn more about:

  • New phishing benchmark data for 19 industries
  • Understanding who’s at risk and what you can do about it
  • Actionable tips to create your “human firewall”
  • The value of new-school security awareness training

Exponential growth of COVID-19 themed phishing attacks. Are your users prepared?

Posted on by
Reply

A new report reveals a massive 667% increase in spear-phishing attacks due to the current pandemic, with over 9000 phishing attack campaigns, related to COVID-19, being detected in March versus just over 1100 in February and only 137 in January. These attacks are taking on all forms including; brand impersonation, business email compromise, scams and even blackmail. *

Many organisations like yours have asked traditional office-based employees to work from home and while technology allows that to happen, is your newly formed remote workforce armed with the knowledge to keep themselves and your network safe?

The potential for cyber criminals to get access to your users and to elicit a response to these types of spear-phishing attacks is high due to the coronavirus theme being exploited and all organisations need to ensure their users remain vigilant.

Now more than ever Security Awareness Training is critical for your remote employees.

  • Cyber-attacks focus on employees as targets – Phishing attacks remain the single-most used attack vector to allow the bad guys direct access to your organisation’s endpoints, credentials, applications, and data. If a phishing email is presented to one of your employees, it means your security solutions haven’t detected it as malicious, leaving the employee to be your last line of defence.
  • Employee’s aren’t thinking about organizational security – Think about it; your average remote worker is sitting at a make-shift desk, trying to balance helping their kids with distance learning assignments and attending online meetings. They’re learning new digital workplace platforms, applications, and processes before they even shower for the day. Security is the last thing on an employee’s mind.
  • Attacks and scams are increasingly aligning with remote working – Cybercriminals conjure up scams that seem familiar to users. The use of shipping, billing, and banking stories, as well as the use of impersonated domains, business, and people, all have traditionally worked in favour of the bad guy. But, new scams are being moulded around the current work circumstances. For example, we’ve recently seen the massive growth in Zoom-related attacks simply because of Zoom’s increase in popularity for business use. Organisations should expect this to trend.

*Source: Barracuda Sentinel https://blog.barracuda.com/2020/03/26/threat-spotlight-coronavirus-related-phishing/

[Webinar On-Demand] Social Engineering. Is the Worst Yet to Come?

Posted on by
Reply

Did you know that 77% of successful social engineering attacks start with a phishing email?

Social engineering attacks include phishing, spear phishing, CEO fraud, ransomware and more. Learn about different attack methods and how you can manage this ongoing problem in your organisation.

Watch our webinar on-demand to discover:

  • Common techniques used by hackers
  • Real world examples
  • Social engineering red flags
  • How to prevent attacks

There’s no substitute for preparation when it comes to dealing with cybercriminals, take the steps needed to future proof your organisation against these types of attacks.

Social engineering tip sheet

The below infographic will show your users what to watch out for in emails. We highly recommend you print it out, it’s a great at a glance reminder.

Download the Security Awareness Training datasheet to discover more!

What Is CEO Fraud?

Posted on by
Reply

CEO Fraud is a scam in which cybercriminals spoof company email accounts and impersonate executives to try and fool an employee in accounting or HR into executing unauthorised online transfers or sending out confidential tax information.

Also known as “Business Email Compromise” and BEC is defined as “a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorised transfers of funds.”

The Four Attack Methods

Understanding the different attack vectors for this type of crime is key when it comes to prevention. This is how the bad guys do it: 

1. Phishing

Phishing emails are sent to large numbers of users simultaneously in an attempt to “fish” sensitive information by posing as reputable sources—often with legitimate-looking logos attached. Banks, credit card providers, delivery firms, law enforcement, and the IRS are a few of the common ones. A phishing campaign typically shoots out emails to huge numbers of users. Most of them are to people who don’t use that bank, for example, but by sheer weight of numbers, these emails arrive at a certain percentage of likely candidates.

2. Spear Phishing

This is a much more focused form of phishing. The cybercriminal has either studied up on the group or has gleaned data from social media sites to con users. A spear phishing email generally goes to one person or a small group of people who use that bank or service. Some form of personalisation is included – perhaps the person’s name, or the name of a client.

3. Executive Whaling

Here, the bad guys target top executives and administrators, typically to siphon off money from accounts or steal confidential data. Personalisation and detailed knowledge of the executive and the business are the hallmarks of this type of fraud.

4. Social Engineering

Within a security context, social engineering means the use of psychological manipulation to trick people into divulging confidential information or providing access to funds. The art of social engineering might include mining information from social media sites. LinkedIn, Facebook and other venues provide a wealth of information about organisational personnel. This can include their contact information, connections, friends, ongoing business deals and more.

Who Are The Main Targets?

The CEO isn’t always the one in a criminal’s crosshairs. There are four other groups of employees considered valuable targets given their roles and access to funds/information:

Finance

The finance department is especially vulnerable in companies that regularly engage in large wire transfers. All too often, sloppy internal policies only demand an email from the CEO or other senior person to initiate the transfer. Cybercriminals usually gain entry via phishing, spend a few months doing recon and formulate a plan. They mirror the usual wire transfer authorization protocols, hijack a relevant email account and send the request to the appropriate person in finance to transmit the funds. As well as the CFO, this might be anyone in accounts that is authorized to transfer funds.

HR

Human Resources represents a wonderfully open highway into the modern enterprise. After all, it has access to every person in the organisation, manages the employee database and is in charge of recruitment. As such, a major function is to open résumés from thousands of potential applicants. All the cybercriminals need to do is include spyware inside a résumé and they can surreptitiously begin their early data gathering activities. In addition, W2 and PII scams have become more commonplace. HR receives requests from spoofed emails and ends up sending employee information such as social security numbers and employee email addresses to criminal organisations.

Executive Team

Every member of the executive team can be considered a high-value target. Many possess some kind of financial authority. If their email accounts are hacked, it generally provides cybercriminals access to all kinds of confidential information, not to mention intelligence on the type of deals that may be ongoing. Thus, executive accounts must receive particular attention from a security perspective.

IT

The IT manager and IT personnel with authority over access controls, password management and email accounts are further high-value targets. If their credentials can be hacked, they gain entry to every part of the organisation.

Here Are Eight Prevention Steps

Many steps must dovetail closely together as part of an effective prevention program:

  1. Identify Your High-Risk Users
  2. Institute Technical Controls
  3. Set A Security Policy
  4. Develop Standard Procedures
  5. Cyber-Risk Planning
  6. Training For All Users
  7. Continuous Simulated Phishing
  8. Stay Aware of Red Flags

What is social engineering?

Posted on by
Reply

Social engineering is the art of manipulating, influencing, or deceiving you in order to gain control over your computer system. The hacker might use the phone, email, snail mail or direct contact to gain illegal access. 

Phishing, spear phishing, and CEO Fraud are all examples.

What is a social engineer?

OK, so who are these people? It could be a hacker in the USA who is out to do damage or disrupt. It could be a member of an Eastern Europe cybercrime mafia that is trying to penetrate your network and steal cash from your online bank account. Or, it could be a Chinese hacker that is trying to get in your organisation’s network for corporate espionage. 

Top 10 techniques used by social engineers

Understanding the different attack vectors for this type of crime is key when it comes to prevention. This is how the bad guys do it:

  1. Pretexting – An invented scenario is used to engage a potential victim to try and increase the chance that the victim will bite. It’s a false motive usually involving some real knowledge of the victim (e.g. date of birth, Social Security number, etc.) in an attempt to get even more information.
  1. Diversion theft – A ‘con’ exercised by professional thieves, usually targeted at a transport or courier company. The objective is to trick the company into making the delivery somewhere other than the intended location.
  1. Phishing – The process of attempting to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity using bulk email which tries to evade spam filters. Emails claiming to be from popular social web sites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public. It’s a form of criminally fraudulent social engineering. Also see Spear Phishing.
  1. Spear phishing – A small, focused, targeted attack via email on a particular person or organisation with the goal to penetrate their defenses. The spear phishing attack is done after research on the target and has a specific personalised component designed to make the target do something against their own interest. 
  1. Water-holing – This technique takes advantage of websites people regularly visit and trust. The attacker will gather information about a targeted group of individuals to find out what those websites are, then test those websites for vulnerabilities. Over time, one or more members of the targeted group will get infected and the attacker can gain access to the secure system.
  1. Baiting – Baiting means dangling something in front of a victim so that they take action. It can be through a peer-to-peer or social networking site in the form of a (porn) movie download or it can be a USB drive labelled “Q1 Layoff Plan” left out in a public place for the victim to find. Once the device is used or malicious file is downloaded, the victim’s computer is infected allowing the criminal to take over the network.
  1. Quid pro quo – Latin for ‘something for something’, in this case it’s a benefit to the victim in exchange for information. A good example is hackers pretending to be IT support. They will call everyone they can find at a company to say they have a quick fix and “you just need to disable your AV”. Anyone that falls for it gets malware like ransomware installed on their machine.
  1. Tailgating – A method used by social engineers to gain access to a building or other protected area. A tailgater waits for an authorised user to open and pass through a secure entry and then follows right behind.
  1. Honeytrap – A trick that makes men interact with a fictitious attractive female online. From old spy tactics where a real female was used.
  1. Rogue – Also, Rogue Scanner, rogue anti-spyware, rogue anti-malware or scareware, rogue security software is a form of computer malware that deceives or misleads users into paying for the fake or simulated removal of malware. Rogue security software, in recent years, has become a growing and serious security threat in desktop computing. It is a very popular and there are literally dozens of these programs.­

Attacks

You may have heard of Norton antivirus, published by Symantec. The technical director of Symantec Security Response said that bad guys are generally not trying to exploit technical vulnerabilities in Windows. They are going after you instead.

“You don’t need as many technical skills to find one person who might be willing, in a moment of weakness, to open up an attachment that contains malicious content.”

Only about 3% of the malware they run into tries to exploit a technical flaw. The other 97% is trying to trick a user through some type of social engineering scheme. This means it does not matter if your workstation is a PC or a Mac. The last line of defence is… you guessed it: YOU!

How can you prevent attacks?

We’ve pulled together some resources to help you defend against social engineering attacks. A good place to start is ensure you have all levels of defense in depth in place. Keep reading below to find out how you can make yourself a hard target, get additional content for yourself and your users and stay up to date with social engineering in the news via our blog.

Social engineering attacks, including ransomware, business email compromise (BEC) and phishing, are problems that can never be solved, but rather only managed with a focus on security awareness training.

  1. Start with a baseline phishing security test to assess your organisation’s baseline Phish-prone™ percentage
  2. Step users through interactive, new-school security awareness training
  3. Run frequent simulated social engineering tests to keep users on their toes with security top of mind

Did you know that 77% of successful social engineering attacks started with a phishing email?

Find out what percentage of your employees are Phish-prone™ with your free Phishing Security Test. Plus, give them point-of-failure training using our Social Engineering Indicators feature. Go Phishing Now!

Social engineering tip sheet

The below infographic will show your users what to watch out for in emails. We highly recommend you print it out, it’s a great at a glance reminder.

Download the Security Awareness Training datasheet to discover more!

[Webinar On-Demand] Why Do You Need Security Awareness Training?

Posted on by
Reply

Hosted by Gerard Brown at NetUtils and joined by guest speakers Ollie Pech, Channel MSP Manager and Javvad Malik, Security Awareness Advocate from KnowBe4 and known blogger and YouTuber within the infosec industry.

The title of this webinar poses a critical question all organisations should be asking themselves in this ever-changing world. While a layered security infrastructure is an absolute must to protect against the growing variety of threats organisations face today, there’s a hidden threat that is often-overlooked. What is this hidden danger… IT’S YOUR USERS?

The facts from NetUtils

Did you know, more than 90% of successful hacks and data breaches, all start with phishing scams? That’s a huge number considering the sheer volume of data breaches you hear about in the news on a daily basis.

According to the APWG Phishing Activity Trends Report for Q3 2019, phishing scams have reached the highest level in just three years, this level not seen since 2016! Below is a snapshot of the stats over the past year. What makes the chart of interest is the 46% increase of phishing sites detected between Q2 and Q3 of this year. And an almost 100% increase in phishing sites detected in Q4 of 2018, this time last year. *

Phishing attacks reach the highest level in 3 years!

* APWG Phishing Activity Trends Report Q3 – 2019

8 reasons why we partner with one of the best Security Awareness Training vendors in the industry

To help our customers educate their end users and to keep security top of mind!

  1. The world’s largest integrated Security Awareness Training and Simulated Phishing platform, founded in 2010
  2. With over 28,000 customers and 9.5million users KnowBe4 helps organisations manage an ongoing problem of social engineering
  3. The ‘last layer’ of security is the Security Awareness layer, only really been taken into consideration over the last few years i.e. your human firewall
  4. KnowBe4 have developed tremendously as a business from a “nice to have” within organisation to be a “must have”
  5. Over a thousand training modules that are pre aligned to the platform that are all around security awareness and includes some HR modules and over 80 compliance modules
  6. A simulated phishing platform with an iterative process; train, phish and analyse, all of the time
  7. The KnowBe4 console helps organisations see where their end users are having trouble understanding security, this is backed up with over 1000 training modules to support learning. Not used to name and blame
  8. Assists organisations in reducing malware infections, data loss and potential cyber threat, whilst increasing user productivity
Train, phish and analyse with the KnowBe4 phishing platform

Empowering Your Human Firewall

Always remember as a business you are dealing with human beings and to do that, you have to understand behaviour and how to influence that behaviour. Ultimately, the goal is, to move your staff from insecure behaviours to better behavioural patterns so they can take a risk-based approach to any actions they take.

There are 3 realities of Security Awareness:

  1. Just because I’m aware doesn’t mean I care
  2. If you try to work against human nature, you will fail
  3. What your employees do is way more important than what they know

Take the book by Daniel Kahneman called Thinking, Fast & Slow – there are 2 types of systems he outlines; System 1 called Fast Thinking, this is the way a person reacts to everyday routine, they don’t really think about the actions as this is just natural behaviour i.e. making a cup of tea. However, when we look at System 2 thinking referred to as Slow Thinking, this is used to solve specific problems when necessary, it’s more complicated and requires thought.

Daniel Kahneman book called Thinking, Fast & Slow.

When it comes to Security Awareness and your organisation you actually start with System 2, the Slow Thinking, to try and get people really thinking. The more you do this the more it becomes a System 1 way of thinking. That is why continuous awareness and training is vital. The goal, to make Security Awareness a natural behaviour within your organisation, like making that cup of tea, make it a habit over time and get that way of thinking embedded into your company culture.

Your awareness program should NOT focus only on information delivery. Do you care more about what your people know or what they do?

During our webinar Javvad revealed an interesting take away from Dr. BJ Fogg, known in the field of ‘Behaviour Design’ and The Fogg Behavior Model.

“Behaviour happens when three things come together at the same time: Motivation, Ability, and a Prompt to do the behaviour.”

  1. Motivation – are your users sufficiently motivated to an action
  2. Ability – do they have the ability to do that action
  3. Prompt – the nudge to get them to do that action

Take these behaviours into consideration when designing your training programs so all boxes are ticked. Get specific as to what behaviours you want to change and target them.

Get specific with the behaviours you want to change and target them.

Here at NetUtils we partner with KnowBe4 to help our customers educate their end users and keep security top of mind. Security Awareness Training should be part of your cyber security strategy and embedded into your cultural fabric especially when human error is still one of the leading causes of data breaches today.

To help you on your way we’ve got some cool FREE tools to get you started!

  • Free Phishing Security Test – Find out what percentage of your users are Phish-prone. Get yours here.
  • Free Email Exposure Check – Find out which of your users’ emails are exposed before the bad guys do. Get yours here.
  • Free Domain Spoof Test – Find out if hackers can spoof an email address of your own domain. Get yours here.
  • Free Phish Alert Button – Your employee’s now have a safe way to report phishing attacks with one click. Get yours here.
  • Ransomware Simulator – Find out how vulnerable your network is against ransomware attacks. Get yours here.

DISCOVER THE 14 CORE CAPABILITIES YOU NEED FOR DEFENCE-GRADE SECURITY

Posted on by
Reply

The following 14 core technical capabilities were created to help guide and prioritise cybersecurity investments.*

With cyber threats constantly evolving, it’s important to identify the gaps in your security posture and being prepared for cybercriminals to get through your defences in this changing environment is essential. You need to determine where to start and what is most important.

1. Asset Management

Identify assets by leveraging automated tools and discovery solutions (to also discover rogue systems), including:

  • Installed software (including on endpoints, mobile (leverage Mobile Device Management (MDM or EMM) solutions) and servers)
  • Deployed hardware (including endpoints, mobile, cloud and “on- premise” systems)

2. Network Segmentation

Ensure networks are properly segmented, particularly separating the business side from the infrastructure networks.

Focus initially on high value assets and critical systems. Move away from solutions that focus only on “on premise” segmentation and deploy network segmentation solutions, such as Software Defined Perimeter that allows for granular role-based segmentation of on-premise and Cloud-based systems, including legacy systems. Additionally, leverage Network Access Control (NAC) when possible.

3. Network Security

Leverage intrusion detection and prevention systems (IDS/IPS) across enterprise and system enclave boundaries (including ingress, egress points), including using cloud-based appliances whenever possible to monitor cloud traffic.

  • Select solutions that can protect both on-premise and cloud-based traffic and consolidate alerts/logs on a single dashboard
  • Consider leveraging Deep Packet Inspection/Packet Capture (DPI)
  • Consider deploying cloud access security brokers (CASBs) at cloud boundaries
  • Leverage Domain Name Server Security (DNSSEC) to secure your Domain Name Server (DNS)
  • Consider specific distributed denial of service (DDoS) protections to protect servers, applications, and networks
  • Consider solutions that protect communication systems against telephony denial of service (TDoS) and DDoS attacks

4. Identity Management

Manage user access and roles by:

  • Deploying a centralised identity management solution with access control management and identity proofing
  • Leveraging a Single Sign-On solution across the enterprise and its applications
  • Deploying multi-factor authentication across the organisation, particularly for critical systems and privilege access
  • Using identity management best practices to ensure “need to know” and “least privilege”
  • Properly disabling or deleting accounts according to the organisation’s policy requirement

5. Privilege Access

Privilege access management solutions should be deployed to manage and control critical infrastructure systems’ administrative accounts, including:

  • Requiring multi-factor authentication for all administrative accounts, including on servers and endpoints
  • Using solutions, such as Software Defined Perimeter, to enforce multi-factor authentication policies across the enterprise while implementing patching, need to know, and least privilege, among others

6. Patching and Vulnerability Management

  • Conduct proper monitoring and patch installation, including testing prior to patch deployments
  • Prioritise patches based on risk and critical impact
  • Regularly perform automated scanning (daily ideal or weekly), including credentialed, passive, internal, and external scans. Include database configuration and web services configuration scans
  • Install agents on servers and endpoints to facilitate scans whenever possible
  • Scan applications both statically and dynamically
  • Perform source code review when necessary

7. Continuous Monitoring

Continuous monitoring is recommended 24 hours a day, 7 days a week, including:

  • Employ alerts and Security Information and Event Management (SIEM) solutions with a customised dashboard to monitor critical systems using proper log management
  • Create/manage a security operation centre (SOC) to continuously monitor critical systems

8. Endpoint Protection

Employ endpoint protection solutions to:

  • Mitigate against viruses, ransomware, and malware using solutions such as Application Segmentation (Micro Virtual Machine isolation), Advanced Endpoint Protection, and Antivirus/Anti-malware
  • Deploy these solutions across all endpoints and servers, including mobile devices
  • Leverage a File Integrity Solution to protect against file tampering/rootkits etc.

9. Public Key Infrastructure (PKI)/Key Management

Deploy both symmetric and asymmetric encryption key management solutions, including:

  • Managing public and private keys used for application programming interfaces (APIs), email signing, and encryption using a PKI solution
  • Employing key management solutions to store keys, including Secure Shell (SSH) keys and other encryption keys

10. Log Management

Centralise, correlate and consolidate logs, including:

  • Ingress and egress logs
  • Application logs
  • Endpoint protection logs
  • Firewall logs
  • Security logs such as authentication failure, misuse, unauthorised access, insider threat
  • Server logs
  • Database logs
  • Webserver logs
  • IDS/IPS logs

Ensure proper timestamp by leveraging Time Synchronisation (Network Time Protocol (NTP)) solutions across every system.

11. Phishing Protection

Implement phishing training and plugin solutions, including:

  • Mandating regular phishing training for all employees, including senior executives
  • Deploying email validation system (Domain-based Message Authentication, Reporting and Conformance (DMARC), Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM)) to detect and prevent email spoofing
  • Deploying phishing plugin solutions on email servers and endpoints to allow phishing email detection, prevention, and reporting
  • Conducting real-life phishing campaigns to all your employees to measure openings/clicks, and target training to employees opening those emails

12. Configuration Management

Adopt a configuration management solution to properly enforce configuration requirements on servers and endpoints, including:

  • Prioritising solutions that can synchronise logs with SIEM and that support multiple operating systems
  • Leveraging application whitelisting solutions to limit access to necessary applications on endpoints and mobile devices. Whitelisting is recommended instead of blacklisting because new malicious software is too difficult to track

13. Application Security

Application security is the use of software, hardware and procedural methods to prevent vulnerabilities in applications and protect sensitive information from external threats. Applications may include desktop, server, and mobile technology. Software security should be built into applications during their development phase:

  • Fuzz testing (fuzzing) should be leveraged as a quality assurance technique, using a software tool called a fuzzer to discover coding errors and security loopholes in software, operating systems or networks. The technique involves inputting fuzz (massive amounts of random data) to the test subject to make it crash, find vulnerabilities, and identify potential causes
  • Dynamic analysis can be used as the testing and evaluation of a program by executing data in real-time to find errors in a program and flaws in the source code while it is running, rather than by repeatedly examining the code offline. Dynamic code analyser software finds security issues caused by the code’s interaction with other system components like SQL databases, application servers or Web services to debug a program in all the scenarios for which it is designed
  • Static code analysis is also available as one of the security tools the enterprise can use to identify flaws and malicious code in applications before they are bought or deployed. The process provides an understanding of the code structure, and can help to ensure that the code adheres to industry standards
  • Leverage Web Application Firewalls (WAF) solutions to secure your web applications

14. Data Security

Implement solutions to secure data, including:

  • Properly protect data, in particular, personally identifiable information (PII), personal health information (PHI), payment card industry (PCI), and sensitive, classified, and/or financial data, by using Data Loss Prevention solutions:
    • Leveraging solutions to detect and prevent data leaks and massive data exports on servers, databases, and endpoints, when possible
  • Deploying backup solutions across the organisation endpoints, servers, databases, and critical systems
    • Establishing off-site backup, whether in a separate datacentre or on the cloud
  • Mandating encryption for all PII, PHI, PCI, sensitive, and confidential data whenever possible. Examples include:
    • Requiring full disk encryption solutions for mobile devices, laptops, and removable media
    • Using encryption on databases and files whenever required

* 2018 Cybersecurity Guide – originally provided by Bromium featuring Nicolas Chaillan.

Application Isolation and Control – A Modern Defense for New Threats

Posted on by
Reply

By Fraser Kyne, EMEA CTO, Bromium

The detection method for preventing malware is fundamentally flawed, yet it is still the de facto standard in cybersecurity. Day after day, organizations scramble to protect against a growing number of threats, but all it takes is one piece of malware to go undetected to wreak havoc on IT systems.

Ironically, this was predicted by Alan Turing more than 80 years ago. His work proved no standard algorithm could ever predict an outcome for every possibility without falling into a logical paradox because of the halting problem. The halting problem proves that an algorithm cannot predict from a general description of a program and an input whether the program will finish running or execute forever.

The same logic applies to malware detection. A standard algorithm cannot be relied on to correctly identify every single threat that comes knocking because the volume of threats is large and varied, with previously unseen threats emerging every day.

A detection-based approach deployed by IT teams is akin to casting out a net, where the net will either be so large that it tangles itself, or it won’t be cast wide enough and will invariably allow some things to be missed. IT teams are trying to solve this problem by adding more layers to their detection solutions, but all this is doing is casting more nets plagued by the same problems.

Detection-based solutions can Over-complicate security landscapes

Hackers are resourceful, utilizing new tactics – such as polymorphic malware and zero-day exploits – to bypass detection-based software and break into critical IT systems. For example, in the Locky ransomware campaign, hackers customized the malware to execute after the fake document was closed, making it much harder to spot and bypassing the majority of detection-based AV solutions.

Instead of focusing on detection, organizations that are serious about security are starting to rely on segmentation. By segmenting networks and applications, businesses are seeing that they can prevent malware from causing harm and keep data and networks safe.

Segmentation offers businesses protection, but it relies on PCs or applications only having access to limited areas on the network. Early iterations failed to achieve a great uptake because adding new PCs to this system can be incredibly expensive and time-consuming during deployment.

Segmenting IP and sensitive data could also still leave users at risk if they don’t isolate the applications that are being used to access this data. Without a solution to these problems, network segmentation has largely failed to get off the ground and detection has persisted as the leading cybersecurity approach.

By focusing on isolation, security Is simplified and end users are protected

Everybody wants to be able to use technology to do more with less. In this instance, it means deploying more effective and reliable cybersecurity solutions. However, detection involves the complex process of “preventing, detecting, and responding”, where multiple layers of security are deployed to identify malware before it hits. However, these layers simply aren’t sufficient to protect against the volume and sophistication of the ransomware and targeted phishing attacks that are prevalent today. As you might expect, it also creates a tremendous expense.

While there are a few choices available that provide isolation, solutions that do this using virtualization are effectively bullet-proof. While no one can promise 100% protection, virtualization that starts on the chip, stops Meltdown, dramatically limits Spectre and works online or offline, can protect what’s targeted the most: endpoints.

Real solutions with a virtual defense

Isolation through virtualization works by allowing applications to open and carry out each task in its own self-contained virtual environment. This means that every tab that is opened in a browser, every Office or PDF document attached to an email, or any file that runs an untrusted executable, will be opened in an entirely isolated virtual environment that’s running on the hardware itself. The result is that any threat caused by an action in this environment won’t have access to anywhere else on the system and can be easily removed by simply destroying the virtual environment.

This allows users the freedom to download files and open documents, safely, knowing that they are no longer the last line of defense – giving users the ability to click with confidence. In fact, end users can let the malware run, because it doesn’t do any damage, and it allows IT teams to get detailed threat analysis. Users can get back to work; recruiters and HR teams can open emailed CVs, marketers can carry out research even if they click on a phishing link, and R&D teams can share downloaded resources without the fear of being stung by malicious files or links.

For organizations using this new approach, there is less worry. Virtualization-based security is being adopted by the giants: HP and Microsoft now use virtualization-based security to protect users. This is just the tip of the iceberg and marks the beginning of a virtualization revolution in security, where users no longer fear opening links and attachments and organizations can let their teams focus on innovation without worrying about making a security mistake.

About the Author

By Fraser Kyne, EMEA CTO, Bromium Fraser’s role has encompassed a wide range of both engineering and customer-facing activity. Prior to joining Bromium Fraser was a Technical Specialist and Business Development Manager at Citrix Systems. He has been a speaker at various industry events on topics such as virtualization, security, desktop transformation, and cloud computing.

Source: Cyber Defense Magazine
http://www.cyberdefensemagazine.com/application-isolation-and-control-a-modern-defense-for-new-threats/

Read more from Fraser: