Guest Post, Author at Cyber Secure Forum | Forum Events Ltd - Page 5 of 14
Posts By :

Guest Post

The rise of Ransomware-as-a-Service and how organisations can protect themselves 

960 640 Guest Post

By Keith Glancey, Head of Solutions Architect at Infoblox

Over the years, ransomware has become an increasingly popular attack method for hackers looking to make a large return on investment. The COVID-19 pandemic only accelerated this problem further, opening up new opportunities for cybercriminals to cause disruption and find vulnerabilities.

As businesses continue to struggle with securing the new remote and hybrid working landscape, cybercriminals will continue to use it to their advantage. In fact, today it is estimated that there is at least one ransomware attack on a business every 11 seconds. These attacks are not just frequent. They are also damaging, with recent research discovering that the average ransomware recovery costs for businesses have more than doubled in the past year, rising from $761,106 in 2020 to $1.85 million in 2021. And that’s without the long-term reputational damage.

Whilst tried and tested ransomware distribution tactics – such as malicious websites, email campaigns and even USB memory sticks – are still very much in use, over the last year or so other, newer methods have also increased in popularity. One such method – which is quickly becoming the number one headache for security teams and business leaders – is Ransomware-as-a-Service (RaaS).

A new era in ransomware

RaaS is changing the game. A subscription-based model that enables users to use pre-developed ransomware tools to execute attacks, RaaS gives everyone the power to become a hacker. There’s no technical knowledge required; all individuals need to do is sign up for the service.

RaaS platforms are closely modelled after legitimate SaaS products. They include support, community forums, documentation, updates, and more. Some even offer supporting marketing literature and user testimonials. Users can choose to sign up for a one-time fee or for a monthly subscription. There are also special features which you can pay for, such as a status update of active ransom infections, the number of files encrypted, and payment information.

Although deploying this new type of ransomware requires no specific skills, it still enables threat actors to develop highly targeted attacks on large organisations, where they can ask for large ransoms. In these highly targeted cases, threat actors use carefully researched social-engineering tactics, such as well-crafted emails to entice targets to click dangerous URLs or open malicious attachments. In other cases, threat actors may target a vulnerability that is particular to or commonly used by their target victim group.

It’s no surprise that RaaS is becoming so popular. In fact, research discovered that almost two-thirds of ransomware attacks in 2020 used RaaS tools. It has also been behind some of the most notorious attacks this year, including those on the Colonial Pipeline and JBS. The size and sophistication of these attacks should concern all cybersecurity professionals, and their successes highlight how the RaaS market is only likely to grow moving forward.

Future proofing with DNS

When it comes to ransomware, failing to prepare really is preparing to fail. More often than not, attacks are successful when victims do not have an effective strategy in place. Therefore, businesses need to expect attempted ransomware attacks and prepare accordingly.

Getting detection and prevention right can help businesses to gain the upper hand. This is where Domain Name System (DNS) tracking comes in. DNS is a core network service, which means that it touches every device that connects to a company’s network and the wider internet. What’s more, some 90% of malware, including ransomware, touches DNS when entering and exiting the networking, making it a powerful tool in the cyberdefense toolkit. When applied to security, DNS can help protect against ransomware attacks by detecting and blocking communication with known C&C servers that distribute malware, helping to stop an attack before it even starts.

To take DNS-based security to the next level, businesses can merge DNS with DHCP (Dynamic Host Configuration Protocol), and IPAM (IP Address Management). This combination of modern technologies – known as DDI – can pinpoint threats at the earliest stages, and paired with DNS security, can identify compromised machines and correlate disparate events related to the same device.

With RaaS becoming so established, organisations battling against ransomware need to level up. As with most complex issues, there’s no silver bullet for cybersecurity. However, by focusing on detection and prevention and using core infrastructure like DDI, security teams can get the upper hand.

Cybersecurity priorities: Why AI-powered threat detection should be in your plans

960 640 Guest Post

By Atech Cloud

The changed world we’ve found ourselves living in since the global pandemic struck in 2020 has been particularly helpful to cybercriminals. Nothing illustrates this so well as the SolarWinds hack, described by Microsoft president Brad Smith as the most sophisticated cyberattack of all time, the reverberations of which have been felt throughout 2021.

Homeworking, the ongoing digitalisation of society, and the increasingly online nature of our lives mean opportunities are about for phishers, hackers, scammers, and extortionists. As we head into 2022, there is, unfortunately, no sign of this letting up. This is why it’s essential for individuals and organisations to be aware of the ever-growing avenues of attack as well as what can be done to mitigate the risks.

So let’s take a look at the most important and significant trends affecting our online security in the next year and beyond while throwing in some practical steps we recommend taking to avoid becoming victims:

AI-powered cybersecurity

Similar to the way in which it is used in financial services for fraud detection, artificial intelligence (AI) can counteract cybercrime by identifying patterns of behaviour that signify something out-of-the-ordinary may be taking place. Crucially, AI means this can be done in systems that need to cope with thousands of events taking place every second, which is typically where cybercriminals will try to strike.

A product we recommend and work with is the Azure Sentinel Solution for all cloud security needs.

To find out why cloud-native security operations is the hot button topic for this year and how to deliver it, read the rest of this article on our blog.

Salesforce security: 5 ways your data could be exposed

960 640 Guest Post

By Varonis

Salesforce is the lifeblood of many organizations. One of its most valuable assets-the data inside-is also its most vulnerable. With countless permission and configuration possibilities, it’s easy to leave valuable data exposed.

That, coupled with the fact that most security organizations aren’t very familiar or involved with Salesforce’s administration, opens organizations up to massive risk.

Here are five things every security team should know about their Salesforce security practices to effectively gauge and reduce risk to data. 

5 Questions You Should Ask:

  1. How many profiles have “export” permissions enabled? 

Exporting data from Salesforce makes it a lot easier for someone to steal information like leads or customer lists. To protect against insider threats and data leaks, export capabilities should be limited to only the users who require it.

  1. How many apps are connected to Salesforce via API? 

Connected apps can bring added efficiency to Salesforce, but they can also introduce added risk to your Salesforce security.

If a third-party app is compromised, it could expose internal Salesforce data. You should know exactly what’s connected to your Salesforce instance and how to ensure that connection doesn’t expose valuable information.

  1. How many external users have access to Salesforce? 

External users, like contractors, are often granted access to Salesforce. Surprisingly, 3 out of 4 cloud identities that belong to external contractors remain active after they leave the organization.

Salesforce security teams should ensure all contractors are properly offboarded from all SaaS apps to prevent data from being exposed.

  1. How many privileged users do you have? 

Privileged users have a lot of power within Salesforce. They can make configuration changes that have dramatic effects on how information can be accessed and shared.

Salesforce security teams need the ability to audit privileged users, be notified when changes are made, and understand exactly what changed to assess risk.

  1. Are your Salesforce Communities exposing internal data publicly? 

Misconfigurations are one of the easiest ways to unintentionally expose sensitive data. For security teams that aren’t intimately familiar with every configuration within Salesforce (of which there are many!), it’s easy to miss critical gaps.

Check to see if settings for Salesforce Communities, meant to share information with customers, are inadvertently making data accessible to anyone on the internet.

Improve your Salesforce security with DatAdvantage Cloud

With Varonis DatAdvantage Cloud, it’s easy to answer these and other critical security questions about Salesforce and other SaaS apps in your environment, like Google Drive and Box.

DatAdvantage Cloud keeps valuable data in Salesforce secure by monitoring access and activity, alerting on suspicious behavior, and identifying security posture issues or misconfiguration.

Click here to view the full article and visit the Varonis website.

Prepare for Battle in 2022: How hackers and the new world of work are shaping security models

960 640 Guest Post

By Atech

The main challenge in 2022 is data loss prevention (DLP) and it’s clear to see already from vendors’  such as Microsoft’s compelling propositions for compliance solutions. We are moving towards detecting data loss in real time. As we understand more about the human element in breaches and develop smarter controls and human-like detection of anomalies, we have the power to implement solutions that give us eyes and areas across our whole end user organisation. This extends from owned platforms to external platforms such as social media.

For example, organisations can monitor mentions of confidential projects and get notifications and visibility of messages related to it, including scenarios where any data has been shared on social platforms.

This increases the accountability within an organisation, and this is a fundamental shift in the new world of work. Organisations trust end users with a wealth of information, and we are expected to take care of it. We have smarter controls, and the AI behind this is human-like in detecting anomalies. Finding the right balance between security and privacy means that DLP is a key challenge for all business leaders.

Last month, the world saw hackers making thousands of attempts to exploit systems with a flaw in Log4j.

This flaw in Log4j, a Java library for logging error messages in applications, is the most high-profile security vulnerability on the internet right now and comes with a severity score of 10 out of 10. The library is developed by the open-source Apache Software Foundation and is a key Java-logging framework.

It is widely used in many applications and is present in many services as a dependency. This includes enterprise applications, including custom applications developed within an organisation, as well as numerous cloud services.

An application is vulnerable if it consumes untrusted user input and passes this to a vulnerable version of the Log4j logging library.

Read on about what Atech is doing to protect its customers, including the favourite weapons our team take to battle.

Are you still worried about your security posture? Reach out to atech.cloud and we will help you to implement military-grade security in your business.

Download your complimentary copy of the 2021 Gartner Market Guide for Email Security

960 640 Guest Post

By Tessian

Big News! Tessian has been recognized as a Representative Integrated Cloud Email Security (ICES) Vendor in the 2021 Gartner Market Guide for Email Security.

Learn more about the changing threat landscape, Gartner’s recommendations, and what sets Tessian apart.

This report states that “Email continues to be a significant attack vector for both malware and credential theft through phishing…security and risk management leaders must ensure that their existing solution remains appropriate for the changing landscape.”

Gartner predicts that by “2023, at least 40% of all organisations will use built-in protection capabilities from cloud email providers rather than a secure email gateway (SEG)”.

WHAT’S INSIDE THIS MARKET GUIDE?

  • Insights from Gartner on how to define your enterprise email security strategy
  • Email security market direction and analysis
  • Deep dive into each of the 3 types of email security solutions
  • Why is email a prevalent attack vector?
  • A list of Representative Vendors recognized by Gartner in the email security space

Download Guide

Cloud applications put your data at risk — Here’s how to regain control

961 639 Guest Post

By Yaki Faitelson, Co-Founder and CEO of Varonis

Cloud applications boost productivity and ease collaboration. But when it comes to keeping your organisation safe from cyberattacks, they’re also a big, growing risk.

Your data is in more places than ever before. It lives in sanctioned data stores on premises and in the cloud, in online collaboration platforms like Microsoft 365 and in software-as-a-service (SaaS) applications like Salesforce.

This digital transformation means traditional security focused on shoring up perimeter defenses and protecting endpoints (e.g., phones and laptops) can leave your company dangerously exposed. When you have hundreds or thousands of endpoints accessing enterprise data virtually anywhere, your perimeter is difficult to define and harder to watch. If a cyberattack hits your company, an attacker could use just one endpoint as a gateway to access vast amounts of enterprise data.

Businesses rely on dozens of SaaS applications — and these apps can house some of your organisation’s most valuable data. Unfortunately, gaining visibility into these applications can be challenging. As a result, we see several types of risk accumulating more quickly than executives often realise.

Three SaaS Security Risks To Discuss With Your IT Team Right Now

Unprotected sensitive data. SaaS applications make collaboration faster and easier by giving more power to end users. They can share data with other employees and external business partners without IT’s help. With productivity gains, we, unfortunately, see added risk and complexity.

On average, employees can access millions of files (even sensitive ones) that aren’t relevant to their jobs. The damage that an attacker could do using just one person’s compromised credentials — without doing anything sophisticated — is tremendous.

With cloud apps and services, the application’s infrastructure is secured by the provider, but data protection is up to you. Most organisations can’t tell you where their sensitive data lives, who has access to it or who is using it, and SaaS applications are becoming a problematic blind spot for CISOs.

Let’s look at an example. Salesforce holds critical data — from customer lists to pricing information and sales opportunities. It’s a goldmine for attackers. Salesforce does a lot to secure its software, but ultimately, it’s the customer’s responsibility to secure the data housed inside it. Most companies wouldn’t know if someone accessed an abnormal number of account records before leaving to work for a competitor.

Cloud misconfigurations. SaaS application providers add new functionality to their applications all the time. With so much new functionality, administrators have a lot to keep up with and many settings to learn about. If your configurations aren’t perfect, however, you can open your applications — and data — to risk. And not just to anyone in your organisation but to anyone on the internet.

It only takes one misconfiguration to expose sensitive data. As the CEO of a company that has helped businesses identify misconfigured Salesforce Communities (websites that allow Salesforce customers to connect with and collaborate with their partners and customers), I’ve seen firsthand how, if not set up correctly, these Communities can also let malicious actors access customer lists, support cases, employee email addresses and more sensitive information.

App interconnectivity risk. SaaS applications are more valuable when they’re interconnected. For example, many organisations connect Salesforce to their email and calendaring system to automatically log customer communication and meetings. Application program interfaces (APIs) allow SaaS apps to connect and access each other’s information.

While APIs help companies get more value from their SaaS applications, they also increase risk. If an attacker gains access to one service, they can use these APIs to move laterally and access other cloud services.

Balancing Productivity And Security In The Cloud

When it comes to cloud applications and services, you must balance the tension between productivity and security. Think of it as a broad, interconnected attack surface that can be compromised in new ways. The perimeter we used to defend has disappeared. Endpoints are access points.

Now consider what you’re up against. Cybercrime — whether it’s malicious insiders or external actors — is omnipresent. If you store sensitive data, someone wants to steal it. Tactics created by state actors have spilled over into the criminal realm, and cryptocurrency continues to motivate attackers to hold data for ransom.

Defending against attacks on your data in the cloud demands a different approach. It’s time for cybersecurity to focus relentlessly on protecting data.

Data protection starts with understanding your digital assets and knowing what’s important. I’ve met with large companies that guess between 5-10% of their data is critical. When ransomware hits, however, somehow all of it becomes critical, and many times they end up paying.

Next, you must understand and reduce your SaaS blast radius — what an attacker can access with a compromised account or system.

An attacker’s job is much easier if they only need to compromise one account to get access to your sensitive data. Do everything you can to limit access to important and sensitive data so that employees can only access what they need to do their jobs. This is one of the best defenses, if not the best defense against data-related attacks like ransomware.

Once you’ve locked down critical data, monitor and profile usage so you can alert on abuse and investigate quickly. Attackers are more likely to trigger alarms if they have to jump through more hoops to access sensitive data.

If you can’t visualize your cloud data risk or know when an attack could be underway, you’re flying blind.

If you can find and lock down important data in cloud applications, monitor how it’s used and detect abuse, you can solve the lion’s share of the problem.

This is the essence of zero trust— restrict and monitor access, because no account or device should be implicitly trusted, no matter where they are or who they say they are. This makes even more sense in the cloud, where users and devices — each one a gateway to your critical information — are everywhere.

This article first appeared on Forbes.

YAKI FAITELSON

Co-Founder and CEO of Varonis, responsible for leading the management, strategic direction, and execution of the company.

Is cryptojacking hurting your network performance?

960 640 Guest Post

By Anthony Chadd, Neustar

With the global cryptocurrency market experiencing steady growth, cryptojacking attacks have exploded in popularity. These attacks look to embed cryptomining malware in the targeted network to hijack servers and steal processing power, diminishing the capabilities of IT resources.

Cryptojacking attacks can be carried out in numerous ways, but watch these two vectors closely:

  1. Utilizing a DDoS attack as cover: One of the most common techniques, it’s the digital equivalent of a pickpocket team where one robber jostles you while the second lifts your wallet. While the attack dominates the attention of your IT security team, bad actors use the turmoil to insert cryptomining malware. These malicious scripts might even include code to enlist infected server(s) as part of a botnet to participate in future DDoS attacks on other systems.
  2. DNS Hijacking: Where the attacker directs your DNS traffic to a malicious site – either via cache poisoning or taking over a legitimate site commonly visited by your users or systems – that appears legitimate but inserts malware into your network.

How can cryptojacking attacks be detected?

Cryptomining malware conceals itself, so you won’t know you’re infected unless you regularly:

  1. Monitor utilization of servers: If you’re hit, you’ll likely see a sudden and sustained increase in server utilization.
  2. Monitor electricity consumption: For most enterprises, IT power usage is consistent and tends to fall in patterns related to regularly recurring computing demands. An unusual spike in consumption could indicate a cryptomining script.

How can they be prevented?

There are several steps your organization can take to prevent cryptojacking:

  1. Deploy an ‘always on’ DDoS mitigation service that constantly monitors traffic to ensure threats of all sizes are detected, managed, and diffused. Immediate detection and response reduce the opportunity for cryptomining malware to make its way into your network.
  2. Use a WAF to protect your web apps from leading vulnerabilities.
  3. Work with a managed DNS partner to help implement DNSSEC. This can help to prevent attacks like cache poisoning and DNS hijacking by validating DNS addresses and providing end-to-end integrity checks to ensure confidence in each connection.

www.security.neustar

WEBINAR: The next generation of secure digital communications – Why now and why it matters

960 640 Guest Post

By Zivver

Regulatory reforms, digital transformation, hybrid working… The business landscape continues to evolve and the need for secure and compliant digital communications solutions is higher than ever. The current state of communications security cannot keep pace.

Join our webinar to get practical insights from our panel of industry leaders, security experts and end-users as they discuss the impact and value of a new generation of digital communications security. We’ll discuss how new solutions can empower secure work with maximum effectiveness and minimal disruption, as well as:

  • The evolution of 3rd generation secure digital communications: Why now and why it matters
  • Creating an empowering ‘secure-first’ lifestyle: How to enable employees to succeed through smart technology, while alleviating pressure and reducing the need for training

We will also investigate Zivver’s perspective on this and how it is shaping our innovation today and in the future.

What you’ll take away

Find out how your organization can embed security into everyday workflows to empower effective working, and gain actionable insights on how to enable people to secure their digital communications with minimal disruption.

When? Thursday 9th December, 10am GMT / 11am CET

Register here: https://bit.ly/3o3U7nM

Is application isolation the future of endpoint security?

960 640 Guest Post

The endpoint is the new frontline in the battle against enterprise cyber-risk – considering the increasing volume and complexity of threats, and the growth of unmanaged endpoints during the pandemic, it’s no surprise that the vast majority (91%) of global IT decision-makers interviewed recently by HP now believe that endpoint security has become as important as network security.

The question is how to mitigate the risks posed by insecure devices, error-prone users and a cybercrime economy worth trillions.

For some, part of the answer lies with application isolation, a novel approach gaining traction in the industry, which applies zero trust principles and hardware virtualization to help neutralize threats.

In this article, Phil Muncaster investigates what application isolation has to offer for enterprise CISOs.

Click here to read more.

 

The freedom to focus on what matters most

960 640 Guest Post

By Rapid7

Today’s cyber security cannot follow the old playbook designed for detecting and mitigating attacks. The push for digitisation across industries and sectors has expanded the threat surface exponentially. The latest spike in ransomware attacks, data breaches, IP theft, bear testimony to that. Things have changed and need to be revamped and redesigned, keeping the latest attack vectors and attack surfaces in mind.

Therefore, it’s crucial to find a more holistic approach to threat detection, response, and mitigation beyond traditional endpoints, covering network and cloud. This is where Extended Detection and Response (XDR) comes in. XDR unifies and transforms relevant security data from your modern environment to detect real attacks and provide security teams with high-context and actionable insights. By aggregating threat detection and response across multiple controls, XDR can improve response efficacy and efficiency.

But did you know there’s probably something else worrying your security teams? After countless conversations with customers, we consistently hear one thing: what eludes security teams is not attackers; it’s time. Teams don’t have the time or resources to do it all, and forced trade-offs create opportunities for attackers to get in.

That’s why we purpose-built InsightIDR to give teams time to focus on successful, proactive and complete threat detection and response programs. InsightIDR is cloud-native and SaaS-delivered to eliminate the distractions of months-to-years-long deployments and configurations. With a focus on flexibility, intuitive UI, and a highly contextualised view of the environment ‘out of the box’, InsightIDR helps teams level up resources and see value on day one.

To sum it up, when your team is up against an attack, every second matters. With detailed, correlated investigations, a complete timeline of an attack and all relevant information they need in one place. With expert and community-driven playbooks and containment and automation built-in, your security analysts are empowered to eliminate threats faster—before attackers can succeed.

Find out more about how XDR can help your security team gain contextualised insights and streamlined SecOps.