Stuart O'Brien, Author at Security IT Summit | Forum Events Ltd
  • Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Security IT Summit Security IT Summit Security IT Summit Security IT Summit Security IT Summit

Posts By :

Stuart O'Brien

WEBINAR REWIND: Solorigate/SUNBURST – Chronology of a supply chain nightmare

960 640 Stuart O'Brien

Don’t worry if you missed last week’s essential webinar from SentinelOne and ReliaQuest about the SUNBURST incident – you can now rewatch the entire session online!

SUNBURST was one of the most devastating cyberattacks in recent years and has sent shockwaves like no other attack before. Solorigate/SUNBURST impacted more than 420 of the Fortune 500 companies and thousands of government and commercial organizations. The attack on the ‘digital supply chain’ was uncovered in December 2020, although the foundation was made at the end of 2019 with the first organizations being infected in the second quarter of 2020.

Despite the widespread use of threat intelligence and EPP / EDR solutions, how did this happen? Why did the attack go undetected for so long? 

During this webcast, the course of the attack campaign will be traced and discussed by Elliotte Weng of SentinelOne and Martin Cook of ReliaQuest.

It will also explain how SentinelOne protected their customers from SUNBURST and how ReliaQuest responded immediately to protect their customer base with targeted threat intelligence, detection logic and automated enterprise wide retroactive threat hunting to surface and respond to any evidence of attack.

Click here to watch the webinar again in full

World Password Day: Security advice from McAfee, Nuance and more…

960 640 Stuart O'Brien

Thursday (May 6th) marks the annual World Password Day – an awareness event designed to promote better password habits. This year, with so many of us working from home and cybersecurity stretched to the limit, safe and secure passwords are more important than ever before. With that in mind, we spoke to several experts to find out how consumers and businesses alike can ensure that their passwords stand up in today’s climate. Here’s what they had to say:

Brett Beranek, Vice-President & General Manager, Security & Biometrics Line of Business, Nuance

“World Password Day represents a reminder that PINs and passwords are an archaic tool, no longer fit for purpose. Passwords are being sold on the dark web, exploited for fraudulent activity and have even cost unfortunate individuals vast sums of money in terms of forgotten passwords to safeguard cryptocurrencies. 

“Indeed, new UK research from Nuance has found that over one in five (22%) consumers have admitted to relying on the same two or three different passwords or similar variations of them. A similar number (20%) say they receive notifications their passwords have been compromised on at least a monthly basis. This could leave those individuals at an increased risk of fraud, and it is the enterprises that must take responsibility to address this by strengthening their customers’ security with more modern solutions. 

“Given the same poll has found that on average victims of fraud lost over £3,200 each in the last 12 months – three times higher than two years ago – it is high time PINs and passwords are confined to the history books, so that technology – such as biometrics – can be more widely deployed in order to robustly safeguard customers.  Biometrics authenticates individuals immediately based on their unique characteristics – taking away the need to remember PINs, passwords and other knowledge-based credentials prone to being exploited by fraudsters and providing peace of mind, as well as security, for end-users.”

Raj Samani, Chief Scientist and McAfee Fellow:   

“When it comes to online safety, password hygiene has never been more relevant. Over the past year alone, we’ve seen a massive surge in online activity, with the pandemic leaving many Brits reliant on conducting daily activities such as shopping and banking online.  

“Passwords are of course a key part of our digital lives, enabling people to gain quick access to a variety of online platforms, accounts and devices.  However, it can be easy to take them for granted and forget the basics of password hygiene during our busy lives, particularly now as we have so many accounts to keep on top in order to get on with our day-to-day activities. 

“Passwords which include personal information, such as your name, or pet’s name, make them easier to guess. This is especially true when we share a lot of personal information online, making it easier for online criminals to make guesses about your password. You should also never share a password, even with a close relative. While this may seem harmless, sharing these details could result in critical personal information falling into the wrong hands. In fact, McAfee recommends changing your passwords about every three months at a minimum. This is so that if a password has been shared or compromised, the safety of your online information has a higher chance of being kept safe by making this change. 

“World Password Day is an excellent time to highlight the importance of password safety to consumers. But it is just as important to ensure password hygiene remains top of mind at all times and not just for one day.”

Krupa Srivatsan, Director of Product Marketing at Infoblox

“The average person manages anywhere between 60 and 90 password-protected accounts–a number that goes up for IT professionals. In an ideal world, each password would be a unique set of randomly generated characters and numbers. But that doesn’t really happen. 

“Weak passwords represent a cybersecurity threat for organizations already struggling with security compliance during remote work and the blurring of personal and professional spaces. In fact, more than 80% of data breaches involved brute force or stolen credentials. 

“Organisations need to take a few extra steps to ensure that they don’t compromise on security while their employees are working at home. Improved last-mile endpoint security solutions paired with password best practices can help improve network security.

“For example, Organisations can leverage the benefits of a DNS-first approach for a wide variety of detection and protection purposes, both on and off-premises. Because it sits at the core of the network and touches every device that connects to it, DNS is a powerful tool that can be used to catch the more than 90% of malware that uses it to enter or exit a network.”

John Smith, Solutions Architect at Veracode

“As businesses continue to operate remotely, and companies deploy their infrastructure into online environments, it’s clear that password hygiene should be a big focus. Hackers have the ability to crack a 7-character password in 0.29 milliseconds, which is why it’s time to focus on application authentication. A simple static password will not suffice, and companies should avoid using predictable passwords to avoid damaging password spraying attacks. Passwords should always be unique, not recycled, and stored in a secure password safe. 

“Although businesses are conscious of the role that software security plays in keeping data protected, banks and other industries need to take more ownership of application authentication to help detect fraudulent account access. This World Password Day, I urge businesses to empower developers by training them on best practices in secure coding and providing the right tools to prevent users being more exposed to data breaches from hackers who will continue to look past passwords for weak points in the application layer.“

Ramsés Gallego, International Chief Technology Officer, CyberRes, a Micro Focus line of business: 

“As digital-first approaches and distributed workforces become the status quo for many industries, raising awareness around the importance of password security has arguably never been more important. And with recent NCSC research finding that people are using passwords which are an easy target for hackers, it’s clear more needs to be done by businesses to provide the technology and training to ensure better cyber-resiliency across the board.

“It is imperative that we secure systems and infrastructure to ensure that the right people have the right access to the right assets at the right time. No more, no less. Importantly, we now live in an era where we do not need passwords alone – or sometimes at all – to enable trusted access. Multi-factor authentication is a useful tool, using more personal attributes, such as biometric data in someone’s voice, or devices, such as a code sent to an individual’s watch, to replace or augment passwords.

“Yet despite these advances, there is no doubt that, for now, passwords aren’t going anywhere anytime soon. What’s more, boosting password security – and cyber-resiliency more widely – cannot be achieved by technology alone. Businesses must ensure they are educating their employees on best practice cybersecurity hygiene, beginning with how to create strong passwords and the importance of using different ones for different applications and services. Not only that, they must make sure workforces understand the various tactics used by hackers to target unsuspecting users, from phishing to fake websites. Crucially, increasing awareness among staff on how they could potentially be putting their organisation’s data at risk is key, especially as workforces continue to access systems remotely during and after the pandemic.”

INDUSTRY SPOTLIGHT: The UK Cyber Security Association (UKCSA)

960 640 Stuart O'Brien

The UK Cyber Security Association (UKCSA) is a membership organisation for individuals, small businesses, SME’s and corporate companies who are involved in the cyber security industry or who want to gain access to information to help them be more cyber aware.

Members receive a wide range of benefits including access to the latest cyber security industry news, networking events (virtual at the moment of course),  a yearly conference (also virtual at the moment), training, discounts on cyber security software products, insurance and much more.  

The UKCSA also raises awareness of cyber security awareness, cyber skills, training and best practice as well as helping more women enter careers in the industry neurodiversity in cyber security, the cyber skills gap and education as to the importance of cyber security and why businesses should take it seriously. 

Twitter – @ukcybersecassoc
LinkedIn – https://www.linkedin.com/company/uk-csa/
Facebook – https://www.facebook.com/ukcybersecassoc 

www.cybersecurityassociation.co.uk.

Call for Speakers: We need your expertise!

960 640 Stuart O'Brien

We’re looking for industry thought leaders to participate in the seminar programme at the upcoming Security IT Summits, which take place on June 29th and November 4th this year.

The Summits are highly-focused events that attract senior professionals in a variety of cyber security verticals for unrivalled networking, learning and debate.

So if you have experience in the world of IT security and would like to share your knowledge with peers through either a talk or by participating in a panel session, contact James Howe on 01992 374067, or email j.howe@forumevents.co.uk.

ManagedXDR Combines Talent and Technology to Deal with Microsoft Exchange Threat

960 640 Stuart O'Brien

By Carolyn Reuss, director, product management at Secureworks & Pierre-David Oriol, senior consultant, product management at Secureworks

The explosion of data and devices is expanding the attack surface from the core to the edge. Cyber threats continue to rise, and cybercrime continues to accelerate. To achieve better security outcomes, security administrators need broad visibility across multiple sources and over time, to identify unknown threats.

The following outlines how Secureworks’ ManagedXDR coupled with Incident Response, detected malicious activity as Microsoft Exchange servers attempted to run a version of China Chopper web shell. 

The most effective cyber defenses combine talent and technology. The two are not mutually exclusive. As the integrated response to this particular incident will demonstrate. 

Early Monday, March 1, Secureworks Security Operations Center (SOC) analysts contacted the Secureworks Counter Threat Unit (CTU) researchers to report that Secureworks Taegis XDR (Extended Detection and Response) detected malicious activity via its endpoint telemetry across several customers as Microsoft Exchange servers attempted to run a version of China Chopper web shell. 

Initial Response and Findings

The SOC’s note initiated a routine response, engaging CTU researchers, Incident Response (IR) Teams, and engineers to collect critical, relevant intelligence such as initial attack vector, attack failures and successes, impacted customers (by looking back over a year’s worth of event data), and importantly, understanding the intent. This demonstrates that while XDR’s detection capabilities stand on its own for an individual instance, ManagedXDR working in concert with other systems and human resources amplifies the “network effect” when observing an event that impacts multiple organisations, and the whole XDR community benefits. 

In this event, endpoint telemetry was critical to detecting and understanding the threat. Looking across customers’ endpoint telemetry, the team identified related intrusion activity across the affected businesses. 

The next day, once we had a comprehensive understanding of the threat, we released CTU TIPS to inform customers of the targeted campaign and provide initial recommendations. This was followed by automated XDR notifications about the threat at log-in. Additionally, Microsoft released out-of-band patches for on-premises Microsoft Exchange Servers that organisations with vulnerable systems needed to apply ASAP.

Dealing with Vulnerabilities  

Vulnerability management is another vital element to this coordinated detection and response. Secureworks Taegis VDR (Vulnerability Detection and Response) helped affected businesses quickly identify and prioritise vulnerabilities in their environment. In this case, we automatically factored in specific vulnerabilities heightened by recent incidents and public interest into VDR, and delivered detections for CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 as details about this vulnerability continued to surface. 

VDR provides businesses with the ability to search specifically for certain software (e.g., <software:“Microsoft Exchange”>) to accelerate their VM cycle outside of their regular scans and identify existing vulnerable assets. The contextual prioritisation engine allows businesses to easily identify which vulnerabilities create the highest risk in their environment. That risk is always subject to each organisation’s internal context, from which VDR continuously learns.

In this case, as the attack was exploiting unpatched on-premises Exchange Server versions 2013, 2016, and 2019, as such, VDR helped those organisations that were impacted to understand which of the occurrences of the above CVEs to address first, saving security experts critical triaging time. Businesses can either search specifically for Microsoft Exchange, (as shown above), or work from reliable detections for these CVEs, to confirm the finding is, or is not, a priority in comparison to other vulnerabilities within their environment. 

Incident Response & Engagement Support 

Working in tandem with their other colleagues, the IR team immediately started working with customers who had seen exploitation of their Microsoft Exchange servers from this activity, providing guidance on the remediation steps and identifying any further activity. 

Additional Steps You Can Take

The threat is still live, so we recommend the following steps, if applicable, to keep your organisation safe:

  • If you have on-premises versions of Exchange with the vulnerability, and you have concerns, invoke your incident response, whether it’s through our team, internally or through your Managed Security Services Provider (MSSP), to investigate whether access has been leveraged by the threat actor that Microsoft is currently referring to as HAFNIUM.
  • Organisations using affected on-premises versions of Exchange Server should apply updates immediately, if possible. Please note that Exchange Online is not affected.
  • Organisations should also closely monitor Exchange Server logs for relevant threat indicators, ensure a good EDR product to detect behaviors and apply indicators (e.g., Secureworks endpoint agent or one of our endpoint partners), and consider restricting access to the Microsoft Exchange Control Panel (ECP). 
  • If you are an existing VDR customer: Search for <software“Microsoft Exchange”> for a specific scan and continue to prioritise the highest risk in your environment.

Call for Speakers: Security IT Summits 2021

960 640 Stuart O'Brien

We are looking for industry thought leaders to participate in the seminar programme at the Security IT Summits, which take place on June 29th and November 4th this year.

The Summits are highly-focused events that attract senior professionals in a variety of cyber security verticals for unrivalled networking, learning and debate.

So if you have experience in the world of IT security and would like to share your knowledge with peers through either a talk or by participating in a panel session, contact James Howe on 01992 374067, or email j.howe@forumevents.co.uk.

Do you specialise in Advanced Threat Dashboards? We want to hear from you!

960 640 Stuart O'Brien

Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – and in May we’re focussing on Advanced Threat Dashboard solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re an Advanced Threat Dashboard solutions specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Chris Cannon on c.cannon@forumevents.co.uk.

Here’s our full features list:

May- Advanced Threat Dashboard
Jun – Browser/Web Security
July -Authentication
Aug – Penetration Testing
Sep – Vulnerability Management
Oct – Employee Security Awareness
Nov – Malware
Dec – Network Security Management

Agari Report: New BEC scam 7X more costly than average, bigger phish start angling in

960 640 Stuart O'Brien

Sophisticated threat actors, evolving phishing tactics, and a $800,000 business email compromise (BEC) scam in the second half of 2020 all signal trouble ahead, according to analysis from the Agari Cyber Intelligence Division (ACID).

After attacks on Magellan Health, GoDaddy, and the SolarWinds “hack of the decade,” one thing is distressingly clear. Phishing, BEC, and other advanced email threats continue to be one of the most effective attack vectors into organisations. And it’s getting worse.

Throughout the second half of 2020, ACID uncovered a troubling rise in eastern European crime syndicates piloting inventive forms of BEC. Indeed, the state-sponsored operatives launching attacks from pirated accounts in the SolarWinds attack were just a few of the sophisticated threat actors moving into vendor email compromise and other forms of BEC.

But in November, a sudden surge in the amount of money targeted in BEC scams could be tracked back to the resurgence of one particular source—the threat group we’ve dubbed Cosmic Lynx.

After sewing chaos with COVID 19-themed scams earlier in the year, the group’s tactics shifted toward vaccine ruses. More alarmingly, the group’s emails also started requesting recipients’ phone numbers in order to redirect the conversation. It’s unclear if the request is designed to disarm recipients or if actual phone messages or conversations are now part of the con.

The second biggest driver behind the late-year increase in the amount sought in BEC scams is a potent new pretext—capital call investment payments. Capital calls are transactions that occur when an investment or insurance firm seeks a portion of money promised by an investor for a specific investment vehicle.

In emails to targets, BEC actors masquerade as a firm requesting funds to be transferred in accordance to an investment. Because of the nature of such transactions, the payments requested are significantly higher than the average $72,044 sought in wire transfer scams during 2020. The average payout targeted in these capital call cons: $809,000.

To learn more about the latest trends in phishing, BEC scams and advanced email threats and how to stop them, request information at https://www.handd.co.uk/agari-secure-email-cloud/.

5 Minutes With… Veriato’s Chris Gilkes

960 640 Stuart O'Brien

In the latest instalment of our IT security industry executive interview series we spoke to Chris Gilkes (pictured), Director EMEA at Veriato, about the company and its solutions, key challenges posed by a remote workforce, the importance of innovation and why you should never stop listening to customers…

Tell us about your company, products and services.

Veriato was founded as a software company in Florida in 1998. We have roughly 40,000 customers in over 100 countries worldwide. Our primary focus is Insider Threat Detection, Employee Monitoring and compliance solutions.

What have been the biggest challenges the IT security industry has faced over the past 12 months?

The new remote world has ushered in new security problems, with teams across the globe scrambling to find solutions that extend the corporate security framework beyond just the office. A key success factor in going remote is maintaining visibility into your workforce. 

Often, visibility is achieved by extracting information from disparate data sources like network and log data in the hopes of compiling a digital landscape of your remote workforce. The problem with many of these solutions is that they don’t offer granular visibility into the endpoint and Network analysis is not enough. This is where our flagship product, Cerebral can help.

How does Veriato help companies adapt to the new challenges inherent with a remote workforce? 

From a security perspective, Veriato utilizes AI-driven micro-agents that sit on the endpoint, monitoring, and recording all user activity. Veriato proactively watches for signs of insider threat. The platform will send immediate alerts as well as provide risk scoring for the entire workforce. Because Veriato I son the endpoint and is not network-dependent it maintains visibility, and records all actions, to maintain compliance standards. Additionally, it can provide productivity reporting critical for managing remote employees.

What is the biggest priority for the IT security industry in 2021?

Maintaining corporate security, productivity and compliance while workers are remote.

What are the main trends you are expecting to see in the market in 2021?

Companies will continue a hybrid work model and continue to scale down their physical operations leading to a higher reliance on monitoring and analytics technology like Veriato.

What technology is going to have the biggest impact on the market this coming year?

Any type of technology that improves how employees work remotely.

Which person in, or associated with, the IT security industry would you most like to meet?

Brian Krebs, I’ve heard him speak at multiple events and he’s an interesting person with a great perspective on IT security.

What’s the most surprising thing you’ve learned about the IT security sector?

That the average number of tools an IT Security teams uses is 75, that’s absurd.

What’s the best piece of advice you’ve ever been given?

Never stop innovating and listen to your customers.

Security IT Summit: Registration now open for June 2021

960 640 Stuart O'Brien

The Security IT Summit is a unique event that has been created to help you build business connections with the latest innovative and budget-saving suppliers in the industry.

Date & Venue: 29th June – Hilton London Canary Wharf

You can attend this one-day event entirely for FREE.

BOOK YOUR PLACE HERE
(Virtual attendance options are available) 

What does your free pass include?

Our cutting-edge software will create your bespoke itinerary that allows you to meet innovative suppliers for 1-2-1 meetings, based on mutual agreement and matched requirements.

You will also gain access to a series of seminar presentations, focusing on the current issues and future challenges within the industry.

Lunch and refreshments throughout are also included.

Secure your free pass via our short booking form here.