The goal of National Cyber Security Awareness Month, in the US and throughout Europe, is to educate individuals and organizations on how to detect and avoid cyberattacks. Lastline is pleased to contribute our expertise to accomplish this very important goal.
The Lastline Daily Dose will deliver a specific tip or piece of advice every business day throughout October, drawn from our extensive experience in detecting malware and network breaches. We will add the new tip below, along with additional background and resources.
51% of data breaches are caused by malware, and 66% of malware is installed via email attachments. So, email is an attack vector that must be secured.
The best and most efficient way of detecting malicious emails is to implement technology that analyzes each email and attachment to identify any suspicious or potentially malicious behavior. For example, there’s no reason why a benign attachment to an email would be programmed to change security settings or try to avoid being detected.
This article describes ten specific malicious email threats to help you understand how criminals are using email, and therefore what you need to do to defend yourself.
This adds another level of security to yesterday’s tip about avoiding weak passwords. Two factor authentication is a method of computer or account access control in which a user is granted access only after successfully presenting a second piece of evidence to confirm their identity, and has been demonstrated to decrease the risk of a system or personal account being compromised.
A password typically is the first factor, and the second factor is something the user knows (e.g. answer a question about where you were born), something they have (e.g. provide a code texted to your smartphone or a code generated by a token), or something they are (e.g. biometric identity such as a fingerprint or voice scan).
If you’re curious about what companies support 2FA, twofactorauth.org maintains a list online.
It only takes one password, particularly if it belongs to a privileged user, to start an attack sequence that can lead to the capture of thousands or even millions of user accounts and records.
The list of the most popular passwords hasn’t changed much over the past 5 years, with “123456” (and similar number sequences), “password” and “qwerty” still at the top. Criminals know this, and they use these to compromise accounts. And people often reuse passwords, so compromising a less sensitive account, such as an online meeting service, could lead to compromising a bank account.
Password managers can automatically generate unique, strong passwords without requiring the user to remember each one.
In the Business Email Compromise (BEC) scam, criminals spoof the email of an executive to instruct someone lower in the organization to do something that benefits the criminal, like wire funds to their account. The emails typically have a similar tone, urging secrecy and expedience. So, flagging key words, such as “payment”, “urgent”, “sensitive”, or “secret” can detect this scam.
The scam also depends on spoofing the executive’s email address, typically with a domain name that is very similar to the real one, for example “123abccompany.com” instead of “123abc-company.com”, or “abccornpany.com” instead of “abccompany.com’ (can you spot the difference? – using “rn” instead of “m”). Simply double checking with the executive who is making the request, by typing their email address, not replying to the original email, is the best way to foil this scheme.
Learn more about the BEC scan and how to detect it.
Criminal can demand ransoms because victims are worried about losing their data. But if you have your information backed up, then the criminals lose their leverage.
What makes this a bit tricky is that some of your files may already have been encrypted by the ransomware and then backed up, so if you simply restore everything from your most recent backup, some files will still be encrypted. Versioning enables you to restore earlier versions of your data, before anything was encrypted.
Many organizations that experience a breach won’t learn about it for months, or even years. During that time, today’s fast-paced cyberattacks can cause significant damage to a company and its customers.
Staying up to date on the latest attack schemes and techniques, and leveraging readily available threat intelligence are among our advice for improving breach detection. Our recent blog post explores these further and offers five more tips to help enterprises quickly detect a pending or actual data breach before it causes widespread harm.
The WannaCry attack earlier this year is a particularly visible example of the importance of patching. It exploited a vulnerability in the Windows SMB service, which had been patched, but many companies did not install the patch. And the list of additional vulnerabilities is seemingly endless – and these are just the known vulnerabilities.
Given the number of systems and applications that IT departments manage, keeping everything patched is understandably a challenge. Using Patch Management software can ease the burden. TechTargets recent article is helpful for understanding how these work and selecting the version that fits your needs. If you’re a Gartner client, they also published a helpful report on patch management solutions.
In a large-scale study by Verizon, 23 percent of recipients immediately opened phishing messages, and 11 percent of them went on to click on a link or open an attachment. You can be sure that all of those people have been warned about phishing.
Just as interesting, and worrisome, is that it happens fast. It takes an average of only 82 seconds from the time an attacker launches a phishing campaign, until the first victim takes the bait and clicks a malicious link. And the users are completely unaware that anything bad is taking place. This isn’t just occurring with personal accounts. It also takes place at businesses and government agencies where the consequences can be dire.
Keeping employees, and therefore your company, safe involves carrots and sticks. Here are 11 suggestions for how to prevent a successful phishing attack.
It’s not enough for senior management to merely accept investments in security, they need to demand highly effective security. In order for them to do that, they must understand the risks, such as tarnished brand, financial loss, and customer churn, but they also need to understand the business benefits, the ROI on their investment. These can include competitive advantage that increases revenue as you pick up clients who abandon competitors after their data breach is exposed.
You might be interested in our recent blog post about the progress that is being made, admittedly slowly, toward board room awareness and support for security investment.
Our adversary is formidable, supported by organized crime and state sponsored crime rings. Crimeware is evolving at an astonishing speed. It’s just not possible to defeat tomorrow’s threats using yesterday’s technologies. It’s surprising how many corporations are using decades old security technologies.
There is no shortcut when it comes to cyber security. Too many organizations approach it as a checklist item they have to hurry through, resulting in half-baked policies and plans. Bad plans lead to bad results.
Here are some additional roadblocks to adequate, effective security that many enterprises face.
As you migrate more business functions to the cloud, understand that cloud providers are not security experts. Yes, they provide some level of security, but you have to plan with the expectation that what they’re doing will be inadequate against todays skilled cybercriminals. To emphasize the point, this InfoWorld article highlights 12 specific security risks associated with using cloud-based applications.
The simple truth is that your data is now outside your corporate perimeter, so you have lost some control over how it is secured. Understand your cloud providers security capabilities and know what you need to do to supplement it. Or press the providers to fill the gaps in their security architecture, either on their own or by partnering with and integrating security technologies.
As criminals continue to increase the sophistication and pervasiveness of attacks, your ability to respond – quickly and effectively – becomes critical for mitigating potential loss and avoiding brand-damaging public exposure of a data breach. When you’re attacked, it’s essential to have the right skills immediately available, which is not always an option with in-house staff. As a result, many large organizations are now outsourcing Incident Response.
IR specialists, like MSSPs, have the right tools, they have more awareness of current techniques due to their supporting multiple companies, and they have the deep expertise often required. A skilled IR team will ensure you’re prepared for an attack.
This Forbes article recommends 5 security functions to outsource, including Incident Response.
Smart phone operating system developers are doing what they can to ensure the security of their devices, but given the volume of apps available on their platforms, they simply can’t vet everything. They need to rely on the app developers to secure the connections and data each manages.
Despite developers’ best efforts, we anticipate that the risks presented by mobile devices will get worse before they get better given users’ increasing reliance on them for an ever-increasing range of activities and engagement. They simply are too attractive of a target for criminals, inviting their utmost creativity and innovation. Recently a scheme has been discovered where criminals release apps that initially are benign, and then once they get traction and adoption increases, they turn on the malicious capabilities or add them via upgrades.
Most malware detection and prevention technologies work by examining files such as downloads or attachments. However, browser-based threats don’t necessarily use files, so conventional security controls have nothing to analyze. Unless organizations implement advanced tools that don’t rely on analyzing files, browser-based attacks will likely go undetected.
Learn more in our recently authored article on this topic.
Many smartphone users are still getting accustomed to the fact that their phone is now a computer, connected to the Internet, and therefore vulnerable to malware. Now apply that concept to the exponentially larger number of IoT devices.
Unsecured IoT devices – webcams, Web-connected music players like the Amazon Echo, even e-thermostats – present the risk of the device being use to spread malware and infect other devices or launch a DDoS attack. If consumers are paying ransoms now to free their encrypted files, what will they pay when a pacemaker or self-driving car is taken over?
Manufacturers need to improve the security of their devices, and users – businesses and consumers – need to understand the risk and secure their IoT devices.
If job security is important to you, then there are few fields with more opportunity than cyber security. Everyone agrees that there are not enough candidates with even rudimentary skills to fill the available openings. The only disagreement is how many openings need to be filled – estimates range from 1.8 to 3.5 million by 2020. With that many openings, security professionals can pretty much pick their industry, company, and location. And should one position not work out for whatever reason, there are many, many other openings from which to choose. And salaries easily reach six figures. This recent article in Forbes magazine summarizes the situation well.
If you’re thinking that IT and info security are not particularly flashy or cool, stay tuned for our other reasons throughout this week that may change your mind.
Coming Oct 30th