Category: Enzoic

The cybersecurity landscape is constantly evolving, with bad actors finding new and creative ways to exploit weaknesses. The threat from Malware continues to escalate with infostealers, an increasingly popular variant. Research found that 24% of malware is now infostealers, and it’s now one of the most popular topics on the cybercriminal underground. The malicious software allows cyber criminals of limited means and technical knowledge to deploy it and start accessing networks and stealing data.

Infostealers Snapshot

Infostealers is a type of malware-as-a-service (MaaS) that extracts data from infected devices. Unlike ransomware, where information is held hostage, these attacks happen covertly, and the growth has been driven by the explosion in connected devices coupled with the ease of trading information on Dark Web sites.

The MaaS model has lowered the barrier to entry, driving up the risk. Bad actors lease malicious software from the Dark Web to carry out cyber-attacks. Once installed, the infostealer stealthily gathers data, including usernames, passwords, date of birth, home address, bank account numbers, credit card information, cell number, cookies and session IDs. The information is then sold and published as logs on the Dark Web.

The threat from info stealers shows no signs of slowing, and hackers are continuing to expand their tactics to infect machines. These include:

  • Phishing emails that entice people to open an attachment with the software embedded in the document.
  • Adding the code to an application such as a mobile app, a web browser, or a browser extension and then making that app available for download from popular app stores
  • Advertising on Google and Facebook Ads to dupe people into downloading the malware. This tactic is so effective the FBI issued a PSA warning against it.

Hybrid Work Environments Increasing Vulnerabilities 

Hybrid work introduces new risks as many people rely on one device for professional and personal. Therefore, an employee might download infostealer malware via a gaming site that would then expose all of the corporate data contained on the device.

This is partly why infostealers are so difficult to prevent because they exploit the weakest link in cybersecurity – human behavior. Instead of relying on complex multi-step attacks to compromise a system, they wait for the user to open the door for them!

The Password Manager Problem

Once a device is infected, password managers are the most valuable target. The malware can exploit vulnerabilities in these solutions, gaining access to all saved credentials and monitoring and stealing new ones as they are entered. In addition, password managers link the URL where the respective credential is used, so infostealers expose the credential in not only plain text but also all of the websites and services associated with it. This can then ignite credential stuffing and password spraying attacks. Additionally, the pervasive problem of password reuse means that if a manager is used for personal accounts, it’s very likely that the credentials are shared with work accounts.

MFA is not Bullet Proof

When it comes to infostealers, multi-factor authentication (MFA) is far from a failsafe. For example, MFA is often bypassed if a device has logged into an account before and is trusted–which is done by dropping a cookie. These cookies can then be stolen by the infostealer and reused by threat actors, thereby rendering MFA ineffective. In addition, active login session IDs can also be stolen using this method.

Threat Intelligence Key to Preventing Infostealer Attacks

With infostealers, organizations must remain vigilant and modernize their security strategies to enhance and strengthen their defenses against the ever-changing cyber threat landscape. Monitoring the Dark Web provides enterprises with the intelligence to stay in front of the latest trends. Early detection is essential as any delay can result in the compromise of important accounts and, from there, the exposure of sensitive data.

With the risks from the malicious software showing no sign of slowing, it’s essential that companies integrate a proactive threat intelligence solution to strengthen their security posture. This will help mitigate the risks and ensure that if sensitive information or credentials are exposed in third-party breaches or infostealers logs, they can take quick action to prevent a breach.

Enzoic’s Approach 

Enzoic offers a proprietary Dark Web monitoring solution that combines its dynamic threat database with extensive Dark Web research capabilities. This gives companies an automated and intelligent way to prevent credentials or other sensitive information from being used for financial gain, fraud, or account takeover.

Enzoic’s solutions combine the most comprehensive, complete, and actionable threat research data with automated remediation to help every enterprise strengthen its security posture. Critically, through its proprietary Dark Web monitoring capabilities, Enzoic can collect infostealers logs as soon as they are posted, allowing companies to stay a step ahead of threat actors.

The post Why Infostealers are Stealing the Security Spotlight appeared first on Cybersecurity Insiders.

Compromised credentials stand as the predominant cause of data breaches, underscoring the urgency for organizations to bolster their defenses. It’s crucial to acknowledge that, often, the only barrier separating an attacker from an organization’s most precious resources is the strength and security of its passwords. These compromised passwords not only pose a security risk but also jeopardize regulatory compliance, leading to potential operational and reputational damage.

Enzoic for Active Directory addresses this pressing issue head-on. It enhances initial and ongoing password security to meet compliance standards like NIST 800-63b, thereby mitigating risks and elevating an organization’s overall security stance. This solution review explores how Enzoic serves as a foundational tool for organizations, focusing on an often-underestimated vector of cyber vulnerability.

What negative consequences have organization experienced due to unauthorized access to sensitive data, applications, or systems in the past 12 months? In the State of Authentication Security Report, cybersecurity professionals reported that the reallocation of IT resources for incident response and remediation was the most immediate negative impact (28%), followed by system or service downtime (26%) and increased helpdesk workload (24%).

Enzoic for Active Directory goes beyond traditional password filters and security measures by offering a real-time, dynamic solution for maintaining password integrity within an Active Directory (AD) environment. By integrating directly with your existing AD infrastructure, it offers an additional layer of security that is often missing. What sets it apart is the power of an in-house threat intelligence team backed by machine learning, which continuously updates a massive database of compromised credentials.

Traditional password security solutions, such as Microsoft’s Entra ID, typically focus on enforcing strong password policies at the time of password creation, but they often miss the forest for the trees. The real issue is keeping up with the ever-changing landscape of compromised credentials, and this is where Enzoic shines. Their solutions fills a critical gap by continuously monitoring and validating not just newly set passwords, but also existing ones, thus securing the very foundational layer of your cybersecurity framework. This feature is a prerequisite for meeting leading compliance standards.

KEY FEATURES

Enzoic offers a cutting-edge solution for safeguarding your credentials with a range of exceptional features. Let’s explore how Enzoic stands out with continuous credential security, broad threat intelligence, and a seamless user experience.

1 – Continuous Credential Security: Enzoic sets itself apart by offering continuous screening against a database containing billions of compromised username and password pairs found on the Dark Web. This not only addresses newly created passwords but also identifies and remediates any existing vulnerable passwords that become compromised over time.

2 – Expansive Threat Intelligence: A dedicated in-house threat research team utilizes proprietary, powerful tools to scour the surface internet and Dark Web. This allows Enzoic to capture the most in-depth data sets, making its threat detection one of the most robust in the market. Moreover, this database is continually updated, ensuring that users can remediate swiftly before breaches occur.

3 – Great User Experience: While some solutions add friction at the user and admin level by incorporating more layers of authentication, Enzoic operates invisibly behind the scenes. This not only enables users to select stronger, more secure passwords but also reduces the workload for help desk support.

KEY BENEFITS

Enzoic’s continuous scanning and automated alerting system ensures that compromised or weak passwords are identified in real time. This contributes to a tangible enhancement in the overall security posture, fulfilling both compliance requirements and internal security benchmarks. The real power of Enzoic for Active Directory is in its simplicity and efficiency.

Within minutes of deployment, it starts offering:

• Streamlined Compliance: Companies striving to meet NIST 800-63b, HITRUST, or other leading industry compliance standards can automatically enforce compliance within their environment using Enzoic.

• Proactive ATO Prevention: By continuously monitoring passwords against a live database, Enzoic actively prevents Account Takeover (ATO) attacks, one of the leading causes of data breaches.

• Audit Efficiency: Real-time reports and alerting make it significantly easier to comply with auditing requirements.

• Resource Optimization: By automating the most labor-intensive aspects of password security, IT departments find a significant reduction in the time and resources needed for maintenance.

SOLUTION DELIVERY

The Enzoic solution is offered as a software-based plugin that integrates seamlessly into existing AD Domain Controllers. Optional endpoint agents are also available that provide users with specific instructions during password resets. If a user attempts to set a password that doesn’t meet policy requirements, they are guided on what adjustments need to be made for their password to align with policy, thereby enhancing the user experience and ensuring compliance.

In most cases, Enzoic for Active Directory can be up and running in under an hour, a testament to its userfriendly design. Enzoic for Active Directory operates on a subscription model, including a self-serve option with a free startup plan covering up to 20 users. The subscription cost is directly tied to the number of accounts that need protection. For specific pricing, you can refer to the official pricing page.

FINAL THOUGHTS

In a rapidly evolving cybersecurity landscape, Enzoic for Active Directory offers an agile, robust, and user-friendly solution to the ever-present challenge of compromised credentials. Its standout features like continuous credential security, expansive threat intelligence, and a minimalistic approach to user experience make it a highly recommended choice for any organization looking to fortify its first line of defense—passwords.

ABOUT ENZOIC

Enzoic is an enterprise-focused cybersecurity company committed to preventing account takeover and fraud through threat intelligence monitoring. Organizations can use Enzoic solutions to screen customer and employee accounts for exposed passwords, credentials, and PII to identify accounts at risk and mitigate
unauthorized access.

Learn more about Enzoic at: info@enzoic.com | www.enzoic.com

The post SOLUTION REVIEW: Enzoic for Active Directory appeared first on Cybersecurity Insiders.

By Mike Greene, CEO, Enzoic

Companies are evaluating artificial intelligence and other emerging technologies to combat cyber threats, with IDC predicting the AI cyber security market will top $46 billion by 2027.

While there are numerous vendors clamoring to capitalize on this spending, it’s a mistake for companies to assume these technologies are the quickest path to protection against cyber threats.

In fact, Verizon’s 2023 Data Breach Investigations Report (DBIR) found once again that the top methods employed by threat actors exploit the most basic security measures. As the DBIR authors put it, “…exploiting vulnerabilities, using stolen credentials and phishing are very similar to previous years’ findings, and let’s face it, they are straight out of InfoSec 101.”

This begs the question, what should organizations be doing to strengthen foundational security? Some of the most pressing considerations include:

Protecting the Password Layer: Stolen credentials were the chief means by which hackers infiltrate organizations, with their use involved in 86% of breaches studied. The challenge with password security comes down to human behavior.

Born out of a desire for convenience and efficiency, people typically select simple, easy-to-remember passwords and employ them across numerous accounts and services. One study found that employees reuse a single password an average of 13 times.

Companies have historically attempted to address credential security by enforcing complexity requirements, periodic resets, and similar practices, yet the password vulnerability problem persists. In fact, NIST now recommends against many of these approaches, advising instead that companies screen for exposure against an updated list of compromised or easy-to-guess credentials. It’s imperative that organizations overhaul their authentication security through credential screening and other modern practices if they wish to eliminate passwords as a threat vector.

A related security misstep is falsely believing that MFA offers complete protection. While it’s an important consideration as part of a layered security approach, it’s no magic bullet—as evidenced by Microsoft’s warning late last year over hackers finding ways to bypass it. According to NIST, using MFA does not negate the need to maintain an updated list of compromised passwords and use this list to enforce strong credentials throughout the organization. It’s critical that more companies embrace this approach; otherwise, viewing it as comprehensive authentication protection will continue to leave a door open to threat actors.

Avoiding the Phishing Line: Phishing is another persistent problem identified by the DBIR. Campaigns have grown increasingly sophisticated in recent years, with a KnowBe4 report deeming that 33% of employees are likely to fall for these scams.

Organizations need a combination of technology and training to combat these threats; according to KnowBe4, the latter can help reduce the likelihood of falling victim to a scam by 83%. While phishing awareness programs may not receive top prioritization on the average security budget, investing resources in this area can help reduce it as a threat vector.

Deploying web filters to stop employees from accessing malicious websites is another key step. In addition, it’s important to ensure that internet browsers, apps, and operating system software are all kept current with the latest security patches and updates. Finally, companies should confirm that regular backups are scheduled to help recover data should a successful phishing scam occur.

Protecting the Expanding Endpoint: With a recent report finding that 79% of IT teams have witnessed an increase in endpoint security breaches, detecting these threats is another foundational element companies can’t afford to ignore. The hybrid work environment contributes to the challenge, as the perimeter is extended by more employees using their devices for work.

Every personal computer, tablet or smartphone represents a potential entry point that hackers could exploit to access sensitive corporate data or conduct a range of other nefarious activities. That’s why it’s critical that endpoint security strategies address every type of operating system on the company’s network, not just the traditional Windows or Linux options.

In addition to OS concerns other critical endpoints include servers, printers, IoT devices, and point-of-sale systems. Essential security considerations to protect these include encryption, intrusion detection tools, device firewalls, and application controls. It’s important that organizations ensure they have the right strategies and tools in place to protect the expanding endpoint and stay a step ahead of hackers.

Security from the Bottom Up 

You can’t build a resilient house without a strong foundation and the same is true for enterprise security. The latest AI solutions will ultimately fail to deliver on their potential until companies address the basics. Now more than ever, it’s imperative that organizations ensure that foundational security elements are permanently eliminated as a threat vector.

 

Image by rawpixel.com on Freepik

The post Foundational Security is the Enterprise’s Weakest Link appeared first on Cybersecurity Insiders.

Cyber threats have grown increasingly sophisticated in recent years, with an expanding attack surface, today’s hybrid work environment and new vulnerabilities introduced by the IoT are a few of the challenges. Despite this evolving landscape, most organizations have yet to modernize their authentication security to effectively prevent password-based attacks and related vulnerabilities. With the most recent DBIR finding that compromised credentials are behind more than 50% of breaches, it’s imperative that companies act now to bolster authentication security.

To understand more about this issue, Enzoic recently commissioned a survey of over 480 cybersecurity professionals. The State of Authentication Security Report underscores that—despite the passwordless hype—username and password combinations remain the primary authentication mechanism, with nearly 70% of companies utilizing this method. By contrast, only 12% of organizations are deploying passwordless strategies.

Legacy Approaches Weakening Password Security

Unfortunately, many companies are failing to evolve password management to reflect the current threat landscape. What’s more, the majority of those surveyed continue to follow legacy practices that have actually been found to weaken credential security.

For example, 74% of companies require forced resets every 90 days or less. Not only does this generate more work for employees and IT alike, it also fails to align with NIST’s updated password policy recommendations. The latter, along with Microsoft and other leading organizations, have found that employees typically select easy-to-remember credentials or swap out one letter or character when faced with frequent resets—resulting in a weak credential that threat actors can easily exploit.

The Dark Web Dilemma

Password reuse is another problem contributing to authentication security challenges, with Google finding that employees reuse a single password an average of 13 different times. The volume of breaches means that the Dark Web has become a treasure trove of this information; hackers can easily find and obtain lists of compromised credentials to fuel ongoing password-based attacks.

Our research highlights that most companies are aware of this vulnerability, with 84% of respondents concerned about weak and compromised passwords. However, many fail to grasp the extent of the threat—46% estimate that less than 1/5 of their passwords could be found on the Dark Web, while another 26% are unsure what percentage might be available there.

The Case for Credential Screening

This underscores the importance of modernizing authentication security to incorporate screening for compromised credentials—something that less than half of the respondents in our survey are currently doing. Enzoic helps companies protect against this threat by screening password and username combinations against its proprietary database of billions of exposed credentials. We maintain the latter using a combination of proprietary automated processes, submitted contributions, and research from our threat intelligence team. Because our database is automatically updated multiple times per day, organizations can be assured that their password security reflects the latest breach intelligence.

Another key benefit of our credential screening solution is that it eliminates the IT helpdesk burden of frequent resets and other legacy approaches while offering a more frictionless user experience. Because the screening happens automatically in the background, non-compromised users gain efficient access to their accounts and services. Should a compromise be detected, organizations can automate their response with a range of actions, including the immediate disabling of the account in question.

The Path Forward

While there are many unknowns in cybersecurity, there is one universal truth: hackers will continually hunt for new ways to exploit companies for financial gain and other nefarious purposes. With the DBIR and other studies repeatedly pointing to compromised credentials as a common threat vector, it’s imperative that organizations act today and shore up authentication security.

You can read more about this issue and other findings from the State of Authentication Security Report here.

The post Bringing Authentication Security Out of the Dark Ages appeared first on Cybersecurity Insiders.