Category: Detect

Read the previous blog on Governance of Zero Trust in manufacturing in the series here.

Manufacturers are some of the most ambitious firms on the planet when it comes to harnessing the power of edge technology to modernize their businesses. As they make plans in 2023 to  enhance business outcomes through the use of technologies such as 5G and IoT, manufacturers should also increasingly be called to innovate in the spheres of governance and cyber risk management.

OT-IT convergence drives manufacturing modernization

The convergence of operational technology (OT) on the factory floor with information technology (IT) is nearly synonymous with manufacturing modernization. OT-IT convergence enables new digital processes, remote connections, and smarter operations. It's a business outcome-oriented transformation that executive stakeholders have future success pinned upon.

Recent studies from AT&T show that manufacturers are investing in initiatives  such as smart warehousing, transportation optimization and video-based quality inspection at such a rate that the industry is advancing ahead of energy, finance, and healthcare verticals when it comes to edge adoption today.

But to reap the business benefits from these investments, manufacturers need to recognize and attend to the cyber risk realities that are part and parcel with this inevitable convergence.

Cybercriminals are increasingly targeting industrial control system (ICS) technologies that are the bedrock of the OT ecosystems. Attackers have learned to take advantage of ICS hyperconnectivity and convergence with the IT realm to great effect. Last year's warning from the federal Cybersecurity and Infrastructure Security Agency (CISA) attests to this, as do high-profile attacks last year against tire manufacturers, wind turbine producers, steel companies, car manufacturers, and more.

Reducing risk through Zero Trust

One of the most promising ways that manufacturers can begin to reduce the risk of these kinds of attacks is through the controls afforded by a Zero Trust architecture. From a technical perspective, Zero Trust unifies endpoint security technology, user, or system authentication, and network security enforcement to prevent unrestrained access to OT or IT networks—and reduce the risk of unchecked lateral movement by attackers. With Zero Trust, access is granted conditionally based on the risk level of users (or machines, or applications). It's a simple, elegant concept that requires careful execution to carry out.

Thus, when looking at building a zero-trust strategy, ZTNA 2.0 solutions have a role to play in helping apply more effective controls at the application level that are responsive to account takeover attempts. ZTNA 2.0 combines fine-grained, least- privileged access with continuous trust verification and deep, ongoing security inspection to protect all users, devices, apps, and data everywhere – all from a simple unified product.

Most importantly, too, is that Zero Trust requires business stakeholder input and collaboration to get right. Just as business stakeholders in manufacturing drive the push to the edge and the push for all nature of digital transformation and OT-IT convergence, they've got to be intimately involved with Zero Trust initiatives to spur success.

“Technology can come and go, but what manufacturers are really after are business outcomes,” says Theresa Lanowitz,  head of cybersecurity evangelism for AT&T. “That's where we need to focus when it comes to Zero Trust—at its core it needs to be driven by the business, which really sets the North Star for Zero Trust governance.”

Zero Trust should be owned by business stakeholders

At the end of the day, Zero Trust projects should be owned by the business, agrees Dharminder Debisarun, worldwide industry security architect for manufacturing, Internet of Things and transport at Palo Alto Networks, who says that when his group is approached by manufacturers interested in building out Zero Trust infrastructure, the team always turns conversations back to the business basics.

“People bring us in and say 'We want to do Zero Trust, how can you help?'” Debisarun says, explaining that they're usually starting with very technical deployment questions about elements like Secure Access Service Edge (SASE) and remote access management. “We usually take a step back then and ask, 'Why do you want to do Zero Trust? What's the business goal for it?'”

Similarly, Debisarun says they try to involve business stakeholders into collaborative risk discussions before getting into the meat of architectural design. That step back will hopefully get a manufacturer focused on doing risk assessments and other business alignment activities that will shape the way risk is managed—based on business goals, rather than narrow technical specifications. It will also get the entire team thinking about how the value of OT and IT assets are determined and establish the roadmap for where and how Zero Trust security technologies are deployed over time.

Business stakeholders have the most prescient and intimate knowledge of the emerging business conditions, regulatory demands, partnership agreements, and supply chain considerations that are going to impact risk calculations. This is why business ownership is the cornerstone and foundation for Zero Trust governance.

When manufacturers direct the security team with an eye toward  business outcomes, these technical executors are less likely to take a tools-only approach to technology acquisition to engage in reactionary spending based on the latest breach headlines. Incremental improvements will be built up around security controls that manage risk to the most critical operational processes first, and also around the processes and systems most put at risk by new innovations and business models.

The post Governance of Zero Trust in manufacturing appeared first on Cybersecurity Insiders.

We’re so excited to announce our 2023 Partner of the Year awards. These annual awards recognize AT&T Cybersecurity partners that demonstrate excellence in growth, innovation, and implementation of customer solutions based on our AT&T USM Anywhere platform.

AT&T Cybersecurity’s 2023 Global Partner of the Year award goes to Cybersafe Solutions! Cybersafe Solutions experienced incredible growth in 2022 and we’re thrilled to be partnering with their team to help customers orchestrate and automate their security.

In addition to Cybersafe Solutions as our Global Partner of the Year, we’re proud to recognize seven other partners who demonstrated excellence in 2022. See below for the full list of winners and their feedback regarding their partnership with AT&T Cybersecurity.

Global Awards:

Global Partner of the Year: Cybersafe Solutions

“I am humbled and honored to accept AT&T's 2023 Global Partner of the Year Award. Throughout our partnership, we have worked together to develop a comprehensive solution that enables Cybersafe to continuously monitor our customers' networks to identify and mitigate threats rapidly. Sincere thanks to the entire AT&T team on contributing to this success.  We are truly excited for what the future holds!”

-Mark Petersen, Vice President of Sales

Growth Partner of the Year: Xerox

New Partner of the Year: Arete Advisors

“Arete is honored to be named AT&T Cybersecurity’s New Partner of the Year. Our complementary partnership combines unique threat intelligence from AT&T’s USM Anywhere SIEM platform with Arete’s XDR platform to provide our clients with faster threat detection and greater clarity. We look forward to a future of continued growth together as we work to transform the way organizations prepare for, respond to, and prevent cybercrime.”

-Joe Mann, CEO

Distributor of the Year: Ingram Micro

“The cybersecurity threat landscape is growing in complexity—calling for greater collaboration across the IT channel ecosystem and between MSPs and their customers to stay secure. Together with AT&T Cybersecurity we are empowering channel partners with the knowledge and solutions needed to better protect their house and their customers from cyber attacks. It is an honor to be recognized three years in a row as AT&T Cybersecurity’s Distributor of the Year.”

-Eric Kohl, Vice President, Security and Networking

Regional Awards

These awards recognize partners that had the highest sales bookings in each of the 4 regions during last year.

North American Partner of the Year: Coretelligent

“We are honored to be recognized as AT&T Cybersecurity’s North American Partner of the Year and look forward to our continued partnership and delivering leading-edge security solutions to our shared clients. Coretelligent and AT&T Cybersecurity are a best-in-class pairing that provides the robust and secure cybersecurity management and monitoring that enterprises need to defend against the extreme threats of today’s cyber landscape.”

-Kevin J. Routhier, Founder and CEO

EMEA Partner of the Year: Softcat

“We are thrilled to be announced as AT&T’s Cybersecurity EMEA Partner of the year for 2023. We’ve thoroughly enjoyed working with AT&T of the course of the past year and we’re so thankful that our dedication has paid off. We’d love to thank everyone at AT&T and Softcat who has worked with us on various projects during this period.”

– Aoibhín Hamill, Cyber Managed Services Advisor

APAC Partner of the Year: Vigilant

“We are thrilled and honored to receive the prestigious AT&T Cybersecurity APAC Partner of the Year award! This recognition is a testament to our team's hard work and commitment to delivering exceptional cybersecurity solutions to our clients. At Vigilant Asia, we strive to be at the forefront of innovation and this award affirms our efforts. Here’s to more partnership success!”

-Victor Cheah, CEO

Latin American Partner of the Year: GMS

“GMS is thrilled to be named Latin American Partner of the Year for 2023. Having previously garnered this distinguished award, our partnership with AT&T Cybersecurity only gets stronger as time goes on. AT&T’s continued innovation is central to our value proposition, and we feel privileged to work so closely with a company that shares our commitment to providing optimal security for our customers throughout the Andean region.”

-Esteban Lubensky, Executive President

The post AT&T Cybersecurity announces 2023 ‘Partner of the Year Award’ winners appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Integrating Cybersecurity in UX design

The digital landscape has ensured a wider range of businesses has access to a truly global marketplace. On one hand, this helps bolster a thriving entrepreneurial ecosystem. However, it also means there is a significant amount of competition. If your company’s website or mobile application doesn’t provide a stellar user experience (UX), consumers are able and willing to go elsewhere.

Yet, in the online environment, UX is not your only consideration. There are various threats your business and consumers face from cyber criminals. Therefore, when developing your online tools, you need to adopt effective protections. Unfortunately, many businesses struggle with implementing strong security that doesn’t also disrupt the UX.

Your best approach here is usually to integrate cybersecurity with UX design. So, let’s explore why and how you can achieve this.

How are UX and Cybersecurity related?

One of the mistakes too many businesses make is assuming that UX and cybersecurity are separate aspects of the digital infrastructure. They can certainly have independent intentions to an extent with different goals and actions to achieve these goals. Yet, understanding how they are closely related is the first step to effective integration.

In some ways one can’t — or, at least, shouldn’t — exist without the other. A good example of this is the application of web design in high-stakes sectors, like telehealth care. There are two core types of telehealth services; asynchronous care and synchronous (live) care. While there is a difference here in how patients interact with the medical professional, both types involve the collection and storage of sensitive data. It’s certainly important from a UX perspective to make both asynchronous and live processes as simple and convenient as possible for patients. Yet, this simplicity shouldn’t sacrifice the security of the data.

Clear and strong security protocols give consumers confidence in the system and the company they’re interacting with. This applies to not just healthcare industries but also eCommerce, education, and supply chain sectors, among others. Similarly, consumers may be more likely to adopt more secure behaviors if they can see how it feeds into the convenience and enjoyment of their experience. This means that the UX development process must involve security considerations from the ground up, rather than as an afterthought.

How can you plan effectively?

As with any project, planning is essential to the successful integration of cybersecurity and UX design. An improvisatory approach that involves tacking security or UX elements onto your site or app doesn’t result in a strong development. Wherever possible, your best route is to bring both the UX departments and cybersecurity professionals together in the planning process from the outset. Each department will have insights into one another’s challenges that benefit the project as a whole.

Another key part of your planning process is researching and analyzing your users’ behavior concerning the types of online tools you’re developing. Work with business analytics professionals to understand in what ways security factors into your target demographic’s preferred online experiences. Review what the common security behavior challenges are with your consumers and what experiential elements prevent them from implementing safe actions. This then enables you to create the most apt UX and security arrangements to meet your consumers’ needs.

Importantly, your team needs to plan with balance in mind. They need to make certain that as far as possible, security doesn’t interfere with UX and vice versa. For instance, you may be able to design multiple layers of encryption that require minimal user interaction to activate. Whatever you approach, you must build thorough testing into the planning process. This shouldn’t just be to review efficacy and strength, but also to establish whether there are imbalances that need to be corrected.

What tools can you use?

You should bear in mind that integrating UX and cybersecurity isn’t just a case of developing a unique site or app. Finding this balance is a challenge that businesses have been seeking to address throughout the rise of our digital landscape. This means that there are some existing tools that you can incorporate into your more tailored approach.

Artificial intelligence (AI) is increasingly popular here. Even small businesses can access AI tools that take care of many elements of a website and mobile application development. These tools not only save companies time in coding, but they can also make more secure sites by mitigating the potential for human error. Indeed, AI-driven security monitoring software can scan networks in real-time, responding to threats quickly and effectively without disturbing the user experience.

Aside from AI, adopting a single sign-in, multi-factor authentication is a common tool to adopt. This approach provides maximum security by requiring users to authenticate using more than one device. However, it's important not to disrupt the user flow by ensuring this is a one-time action that allows them to access various aspects of your online space. You should require further authentication only when they navigate away from the site, utilize a new device, or attempt purchases over a certain threshold.

Conclusion

Integrating UX and cybersecurity is not always easy. It’s important to understand that these elements need to coexist to achieve the most positive outcomes. From here, thorough planning that involves collaboration from both security and UX professionals is key to achieving a good balance. Remember that tools like AI and multi-factor authentication can bolster your ability to create a safe service that users enjoy interacting with.

The post Integrating Cybersecurity in UX design appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

When strategizing a security approach for the coming year, many solutions will cross a CISO’s desk, all useful in covering some part of the network. Organizations must scrutinize every layer and each solution to make sure their security stack runs efficiently while still boasting a Defense-in-Depth approach. There cannot be an overload of alerts, the learning curve must be worth the cost, and all solutions must integrate with each other. Not surprisingly, the search can be tedious, complex, and confusing.

Broadly speaking, cybersecurity defends the network and the devices on that network. Both are key and must be protected. Endpoint security and response includes “not only the automated monitoring and detection of threats on the endpoint, but also a combination of autonomous and manual investigation, remediation, and response.” While not every tool will make the cut, here are seven reasons why Endpoint Detection and Response (EDR) should not be ignored.

1. Cybercriminals aren’t ignoring endpoints. It’s not surprising that in a recent study, 76% of IT decision-makers reported their company use of endpoint devices has gone up. This can include workstations, servers, tablets, smartphones and a host of IoT devices like cameras, smart speakers, and lighting. However, it is equally unsurprising that bad actors have capitalized on this gain, and consequently, 79% of IT teams have seen a rise in endpoint-related security breaches.
2. The cyber talent crisis creates the need for autonomous response on the endpoint. With an increase of both endpoints and endpoint-related attacks, a proportional increase in endpoint security measures is needed; unfortunately, the ongoing cyber talent deficit hamstrings those efforts and makes whatever qualified cybersecurity experts are available difficult to attain for many small to medium-sized businesses. Endpoint security solutions use automatic investigation and monitoring techniques to spot threat 24/7/365 and often respond autonomously to mitigate them. This cuts back significantly on the work remaining for already-strapped security teams to do.
3. EDR offers cloud-based security for end-user devices. One of the primary security problems facing fast-expanding, digitally native, and mid-transition companies is how to secure both on-premises and cloud-based assets. Endpoints, while not in the cloud, connect to it and bad actors can use vulnerabilities in device software to pivot to the rest of your network. State of the industry endpoint security platforms can deploy patches and run reboots from the cloud and offer enterprise-wide centralized cloud management.
4. Remote device security trends downward as workers mix personal with professional. The rise of BYOD has been significant and ubiquitous in the wake of the remote-work migration, and a study by Gartner revealed that over 50% of workers used their own laptop or smartphone for work activity. Interestingly, a Ponemon study indicated that 67% of respondents reported that personal mobile devices have negatively impacted their company’s security posture, and 55% cite smartphones as the most vulnerable endpoint in their organization.
5. EDR secures email. As many as 91% of all breaches begin with a phishing email. Email servers are a widely exploited endpoint. Endpoint security solutions can clean email messages before they reach the network, isolate and investigate links, and alert users when sensitive data is about to leave the organization.
6. Firewalls are not foolproof. While having a firewall is a best practice, it only represents one part of a defense-in-depth approach. Firewalls are susceptible to misconfiguration, and their signature-based policies miss new exploits that recompile their code or use fileless malware. Additionally, freshly spun-up domains can cause many malicious sites to slip by undetected, and the popularity of this method is rendering firewalls even more ineffective. Not having an additional layer of defense directly on the endpoint device can be problematic as these trends continue.
7. EDR can proactively prevent zero days from entering your network. Macros used to be the loose cannon of inboxes, infecting the victim device directly upon opening. While Macros are largely disabled by default now, malicious code (largely HTML) still lurks in attached documents that only require a bit of social engineering to get the user to click. By sandboxing email attachments and vetting them for safety prior to opening, email security tools can prevent zero days from detonating on your network.

Remote work leaves endpoints more exposed than ever, vulnerable to human error and consumer-side attacks. Cybercriminals continue to target firmware, and the shortage of qualified cybersecurity professionals can leave various parts of the network at risk. Struggling SOCs can offload some of the burden of network monitoring as EDR solutions autonomously investigate and respond to incidents on the endpoint. Next-generation EDR tools can aid ongoing security measures by collecting data at the source.

Keeping EDR an integral part of a Zero Trust security strategy will be ever more imperative as time goes on and threats continue to evolve. Cybercriminals aren’t lessening their attention to the endpoint, so organizations shouldn’t either.

The post 7 reasons why Endpoint Security and Response shouldn’t be ignored appeared first on Cybersecurity Insiders.

In 1999, the United States began to shape its QIS strategy. The first document on file is a Scientific and Technical Report (STR) entitled: “Quantum Information Science. An Emerging Field of Interdisciplinary Research and Education in Science and Engineering.” This is the first report of an assortment of publications that help establish the US QIS strategy. To date, 55 publications contribute to the overall US strategy to advance QIS and quantum applications. These documents consist of Scientific and Technical Reports (STR), Strategy Documents, Event Summaries, and the National Quantum Initiative Supplement to the President’s Budget.

To begin, STRs are fundamental sources of scientific and technical information derived from research projects sponsored by the Department of Energy. On an annual basis, the US has released roughly 3.5 QIS reports (on average) since 1999; consequently, these publications make up 65% of the strategic documents related to QIS. Scientific and Technical Reports describe processes, progress, the results of R&D or other scientific and technological work. Additionally, recommendations or conclusions of research, original hypotheses, approaches used, and findings are also included. Scientific and Technical Reports have proven to be highly beneficial to researchers. STRs regularly include more comprehensive or detailed information than scholarly papers or presentations since STRs include experimental designs and technical diagrams.

Continuing, released in 2009, the National Science and Technology Council (NSTC) released the first QIS Strategy Document entitled “A Federal Vision for Quantum Information Science.” NSTC has the aim of articulating clear goals and a vision for federal service and technology investments, focusing on information technology, and strengthening fundamental research. This interagency document set conditions to coordinate federal efforts in QIS and other related fields. Furthermore, the strategy documents establish clear national goals for service and technology investments in information technologies and health research industries.

Additionally, in 2018, a Summary of the 2018 White House Summit on Advancing American Leadership in Quantum Information Science was published as an Event Summary. Event Summaries are published by the National Quantum Coordination Office (NSQO). Event summaries provide an executive summary of key engagements related to QIS. With six summaries published to date, the current theme revolves around events that promote leadership, education, outreach, and recruitment in the field of QIS. The summaries prove to be very advantageous since they provide a read-out document that can be archived to capture event background, discission topics, key takeaways, agency funding/research award announcements, next steps, and an event conclusion.

Furthermore, the National Quantum Initiative (NQI) Act, which became law in 2018, ensures the annual release of the National Quantum Initiative Supplement to the President’s Budget. This is the final document to reference which contributes to the US QIS strategy. The supplement details the current year’s efforts, progress, and budget for the National Quantum Initiative Program, along with, projecting a budget for the next fiscal year. The supplement also provides an analysis of the progress made toward achieving the goals and priorities of the NSTC Subcommittee on Quantum Information Science (SCQIS).

Since 1999, the US began charting a way to address QIS. Vision, strategy, R&D, agency coordination, funding, and QIS promotion efforts have been consistent. The strategy has also accelerated in the last five years. As advances in Quantum Science materialize, the US continues to make strides in coordinating across the Federal government, academic institutions, and industry. 21 different agencies in addition to Nobel Laureates and international partners are invested in the US strategy to address all aspects of Quantum Science. With certainty, there is a race to clearly understand all aspects of QIS and the impact it can have on our society. The US displays an inclusive, wide reaching, firm, and consistently accelerated strategy due to developments in QIS. US strategy and efforts toward QIS places the US on a path to lead the world in QIS. Simply put, the US strategy encompasses a whole of government approach, along with, collaborating with industry, academic institutions, and allies worldwide to bring to life the remarkable potential in how QIS can change the way citizens live, work, and understand the world.

“As new technologies continue to evolve, we’ll work together with our democratic partners to ensure that new advances in areas from biotechnology to quantum computing, 5G, artificial intelligence, and more are used to lift people up, to solve problems, and advance human freedom.” – President Biden

 

SECDEF Executive Fellowship Homepage

US Army Homepage

Army War College Homepage

Find Your Army Career

The post Guiding publications for US strategy on Quantum Information Science (QIS) appeared first on Cybersecurity Insiders.

Ransomware is a form of malicious software (malware) that restricts access to computer files, systems, or networks until a ransom is paid. In essence, an offender creates or purchases ransomware, then uses it to infect the target system. Ransomware is distributed in several ways including, but not limited to, malicious website links, infected USB drives, and phishing emails. Once infected, the offender encrypts the device and demands payment for the decryption key. Figure 1 provides a simplistic overview of the ransomware timeline.

Figure 1. Ransomware timeline.

The earliest recorded case of ransomware was the AIDS Trojan, which was released in the late 1980s. Now, in 2023, ransomware is considered the greatest cybersecurity threat due to the frequency and severity of attacks. In 2021, the Internet Crimes Complaint Center received over 3,000 ransomware reports totaling $49.2 million in losses. These attacks are especially problematic from a national security perspective since hackers aggressively target critical infrastructure such as the healthcare industry, energy sector, and government institutions.

If ransomware has been around for over 40 years, why is it now increasing in popularity? We argue the increase in ransomware attacks can be attributed to the availability of ransomware sold on darknet markets.

Darknet markets

Darknet markets provide a platform for cyber-criminals to buy, sell, and trade illicit goods and services. In a study funded by the Department of Homeland Security, Howell and Maimon found darknet markets generate millions of dollars in revenue selling stolen data products including the malicious software used to infect devices and steal personal identifying information. The University of South Florida’s (USF) Cybercrime Interdisciplinary Behavioral Research (CIBR) sought to expand upon this research. To do this, we extracted cyber-intelligence from darknet markets to provide a threat assessment of ransomware distribution. This report presents an overview of the key findings and the corresponding implications.

Threat assessment

While drugs remain the hottest commodity on darknet markets, our threat intelligence team observed a rise in ransomware (and other hacking services). 

The study was conducted from November 2022-February 2023. We began by searching Tor for darknet markets advertising illicit products. In total, we identified 50 active markets: this is more than all prior studies. We then searched for vendors advertising ransomware across these markets, identifying 41 vendors actively selling ransomware products. The number of markets and vendors highlight the availability of ransomware and ease of access. Interestingly, we find more markets than vendors. Ransomware vendors advertise their products on multiple illicit markets, which increases vendor revenue and market resiliency. If one market is taken offline (by law enforcement or hackers), customers can shop with the same vendor across multiple store fronts.

The 41 identified vendors advertised 98 unique ransomware products. This too shows the accessibility of various forms of ransomware readily available for purchase. We extracted the product description, price, and transaction information into a structured database file for analysis. In total, we identified 504 successful transactions (within a 4-month period) with prices ranging from $1-$470. On average, ransomware sold on the darknet for $56 with the best-selling product being purchased on 62 different occasions at $14 per sale. A screenshot of the best-selling ransomware advertisement is presented in Figure 2. This product is listed as fully customizable, allowing the customer to choose their target and ransom amount. These findings illustrate that ransomware sold on the darknet is both affordable and user-friendly.

Figure 2. Ransomware advertisement found on a darknet market.

Purchases on the darknet are facilitated using cryptocurrencies that anonymize the transaction and ensure both the buyer and seller's protection. Bitcoin is the favored method of payment, but some vendors also accept DOGE, Bitcoin Cash, Litecoin, and Dash.

Our final goal was to understand which words are associated with ransomware distribution. Using the product description, we created a word cloud (presented in Figure 3) to depict the most common words used when selling ransomware. The most commonly used words include ransomware, encrypt, systems, urgency, decryption, victims, and software. Knowing the words associated with ransomware distribution allows for the development of machine learning algorithms capable of detecting and preventing illicit transactions.

Figure 3. The most used words in a ransomware advertisement.

Implications

The security concerns posed by ransomware and darknet markets have been independently identified by researchers, government agencies, and cybersecurity companies. We expand the discussion by assessing the synergetic threat posed by ransomware distributed via darknet markets. Our findings suggest the uptick in ransomware may result from product availability, affordability, and ease of use. Cyber-criminals no longer need the advanced technical skills required to develop unique forms of ransomware. Instead, they can simply purchase customizable ransomware on the darknet and launch an attack against their victims.

Acknowledgements

            This research would not be possible without the students and faculty associated with CIBR lab. Specifically, we thank Taylor Fisher, Kiley Wong-Li, Mohamed Mostafa Abdelghany Mostafa Dawood, and Sterling Michel for their continued involvement on the cyber-intelligence team. For more cutting-edge cybersecurity research, follow Dr. C. Jordan Howell, Lauren Tremblay, and the CIBR Lab on Twitter: @Dr_Cybercrime, @DarknetLaur, and @CIBRLab.

The post An assessment of ransomware distribution on darknet markets appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

More and more, people are completing the entire real estate transaction process online. From searching for properties to signing documents, online convenience can make the process easier and more efficient. However, with all of this activity taking place on the internet, it is important to be aware of the potential security risks that come along with it. Here are the eight common cybersecurity issues that can arise during the purchase of real estate online and how you can protect yourself against them.

1. Cybercrime

This is, unfortunately, the world we live in – and it makes sense, given the large sums of money involved. Cybercriminals may attempt to hack into the system and gain access to private information. They may even try to interfere with the transaction process itself, delaying or preventing it from taking place at all.

To combat this threat, make sure you are using a secure online platform when completing the transaction and be sure to only provide personal information when necessary.

When you are completing a real estate transaction online, a lot of your personal information will be requested. This can include anything from your address and phone number to your bank account information. If this information is not properly secured, it could be at risk of being accessed by cybercriminals.

To keep yourself safe, it is important to know what to look out for. You should watch for the commonly attempted ways that remote real estate buyers might be targeted and understand what you should do in the event of a breach.

2. Data breaches

Buying real estate remotely involves a number of different tools, like online payment gateways and other web services. All of these tools can be vulnerable to data breaches, which means that hackers could gain access to your personal information stored on their servers. To protect yourself, research a service’s security standards before providing any sensitive information or look for an alternative if the security measures are inadequate.

Always make sure you are observing best practices during and after an online purchase, which include doing things like updating your passwords as appropriate and monitoring your credit cards for any suspicious activity. By following these tips, you can help ensure that your online real estate transaction is secure.

3.  Phishing scams

These are attempts to obtain your personal information by pretending to be a legitimate source and they are on the rise. Be sure to only provide your information on secure websites and look for signs of legitimacy, such as “https” in the web address or a padlock icon in the URL bar.

Phishing scams that target real estate buyers might include emails, text messages, and voicemails asking you to provide your credit card details or other personal information to make a purchase. Make sure to always look for signs of legitimacy before providing any sensitive information.

They might also include bogus emails from lawyers or other professionals with malicious links or attachments. Be sure to only open emails from verified sources and never click on suspicious links.

4. Malware threats

Malicious software can be used to steal your personal information, such as banking credentials and passwords, or to install ransomware that locks you out from accessing your own files. To protect yourself from malware, make sure to install trusted antivirus and anti-malware software on your computer. Additionally, make sure to always keep your operating system up to date with the latest security patches.

5. Identity theft

Identity theft is a growing problem online and can be especially dangerous for real estate buyers. Hackers may use stolen information to gain access to your bank accounts or other financial resources, making it important to protect all your personal information from potential thieves. Make sure to use secure passwords, avoid public Wi-Fi networks, and never provide sensitive information over email.

This is especially pressing in an age where people are so much more mobile and global than they ever have been. Real estate transactions can be conducted from airports, coffee shops and all manner of unsecured wireless networks, which demands extra vigilance when it comes to cybersecurity.

6. Website hacking

Hackers can also gain access to websites and steal information stored on them, including user data. To protect yourself from website hacking, make sure that the websites you use have strong security protocols in place. Additionally, look for signs of legitimacy such as a padlock icon in the URL bar and verify any third-party links or attachments before clicking on them.

If you are dealing with a real estate agent that uses a website, make sure it is secure and they have taken proper precautions to protect your data.

7. Social engineering attacks

Social engineering attacks are when hackers use psychological tactics to get you to reveal confidential information or take some sort of action. For example, they may send fraudulent emails that appear to come from a real estate agent asking for your personal details or credit card numbers. Make sure to always verify the source of any emails before taking any action.

The best way to identify a social engineering attack is to look for suspicious language, attachments, or links in the email. If anything looks out of the ordinary, it's best to delete the message and report it to your security provider.

You can always take extra steps to protect yourself, like using two-factor authentication when logging into accounts or working with a cybersecurity professional. By staying vigilant and taking proactive measures, you can help ensure that your online real estate transactions are secure.

8. Having weak passwords

Another common cybersecurity issue is having weak passwords. Make sure to use strong passwords when creating any accounts associated with your real estate purchase. You should also change your passwords on a regular basis and never reuse old passwords or share them with anyone else.

Using a password manager can also help you keep track of all your different passwords and store them in a secure place. If you're dealing with an agent, ask them to use strong passwords as well, and make sure that they keep all of your personal information safe.

Conclusion

Real estate transactions are increasingly taking place online, which can create potential security risks if proper precautions aren't taken. By following best practices and being aware of the common cybersecurity issues associated with purchasing real estate online, you can help ensure that your transaction is secure. With a bit of extra effort and knowledge, you can rest assured knowing that your online property purchases are safe and secure.

The post 8 Common Cybersecurity issues when purchasing real estate online: and how to handle them appeared first on Cybersecurity Insiders.

In today's world, cybersecurity is an ever-growing concern for businesses. With the rising threat of cyber threats and data breaches, it can be difficult for companies to keep up with the latest security technologies and stay ahead of the curve. Managed Security Services Providers (MSSPs) provide comprehensive security solutions to clients. They offer various services, from monitoring and threat intelligence to incident response. MSSPs are ideal for businesses looking for an all-in-one security solution tailored to their specific needs. MSSPs offer a wide range of services to help protect businesses from cyber threats. Here are some initiatives that MSSPs should consider when looking to help customers in 2023.

Making Zero Trust attainable

As the global landscape continues to test our resiliency, staying focused on a security-first mindset is critical. Organizations must consider the most significant risks and take a proactive approach to address cyber risk concerns. This means assessing the current state of their cybersecurity, understanding their attack surface, and rethinking their security strategy with a Zero Trust model. By taking a risk-based approach to vulnerability management, implementing cloud security measures, and developing third-party risk management solutions, organizations can ensure they are prepared to adapt to the ever-changing digital landscape and remain resilient in the face of cyber threats.

The traditional perimeter as we know it is no longer viable due to the shift to remote and hybrid working. To keep our networks secure, Zero Trust architecture is essential. Zero Trust reduces the risk of security breaches by authenticating and authorizing every person and system before granting access. Nowadays, the security industry is figuring out how to apply Zero Trust practically. Established companies are using the term Zero Trust in their product portfolios to capitalize on the opportunity. Ultimately, Zero Trust will become more prominent with measurable results.

Risk-Based vulnerability management

Managing vulnerabilities inside your environment are challenging. New attack vectors for threat actors to breach your network are identified daily. Organizationally, the attack surface is constantly changing due to IT device and platform lifecycle issues, changing operational priorities, and the adoption of emerging technologies. With every change comes the risk that a new flaw or configuration issue will provide a threat actor with the final link in their attack chain, resulting in an impact on your users, operations, and customers.

Your network is expanding in the traditional sense and with the ever-increasing role of endpoints, devices, and the Internet of Things. Each year you see the amount of data multiply exponentially, the threat of attacks become more sophisticated, and the challenge of minimizing risk and optimizing operations grow more challenging. It can feel like a never-ending battle, yet identifying, prioritizing, and managing vulnerabilities through remediation is not only possible—it can be simple.

Vulnerability management is an established function of information security, but with technology configurations constantly evolving and cloud and container infrastructure expanding, the complexities of vulnerability management persist. Today's best vulnerability management platforms have been designed with visibility, remediation automation, and improved vulnerability prioritization.

Vulnerability and patch management are essential for any organization, as is the need for risk reduction. With the right risk reduction strategy, organizations can improve their cyber resilience and reduce their risk. To help ensure that organizations keep their IT infrastructure up-to-date and secure, they should focus on strengthening the fundamentals of vulnerability and patch management, risk reduction, and Managed Extended Detection and Response (MXDR). By implementing these strategies, organizations can reduce risk and improve security posture.

Security Mesh, Zero Trust, and SASE (Secure Access Service Edge)

These are three technology trends converging to allow organizations to consolidate and optimize their Zero Trust initiatives. Security Mesh provides a cloud-based fabric that enables organizations to connect to users, applications, and data in a secure and unified fashion. Zero Trust is a security model that eliminates the concept of trust assumptions based on internal network boundaries.

And SASE is a cloud-delivered service that combines network and security functions, including secure access, cloud security, and network security, into a single integrated solution. These technologies can be used together to reduce complexity and help organizations to implement their Zero Trust strategies quickly and effectively. By consolidating and optimizing Zero Trust initiatives, organizations can gain the security, agility, and scalability needed to accelerate their digital transformation.

The biggest challenge for SASE adoption is the split decision between networking and security components. While the two technologies have their strengths and weaknesses, their integration is the most critical factor for successful SASE deployments. Enterprises need to evaluate both solutions' performance, scalability, scalability, reliability, and cost to determine which is best suited for their needs. Additionally, at the same time, they need to consider the synergies between both solutions to make sure that the combination of them will yield the best results. The primary benefit of SASE is the integration of networking and security services, which simplifies the provisioning and maintenance of both solutions.

Additionally, the service provider can offer more tailored solutions to its customers, allowing them to customize their SASE deployments to meet their specific needs. This makes the solution more attractive to enterprises and increases the likelihood of adoption. Ultimately, the split decision between networking and security components is a challenge that SASE must overcome to remain relevant in the future. Enterprises need to weigh both solutions' pros and cons and ensure they invest in the right technologies. By doing so, they can ensure that they get the most out of their SASE deployments and guarantee that their solutions remain up-to-date and secure.

Cyber Resilience

As MSSPs look to offer a Cyber Resilience service that leverages expertise to enhance protection, detection, and response capabilities while driving an organization's ability to recover in the event of a malicious attack rapidly. MSSPs can help shift an organization's model from reactive to proactive, helping the team prepare for potential cyberattacks by implementing a resilience model. This end-to-end service capability helps reduces risk holistically and supports an organization's ability to identify, protect, detect, respond, and recover from malicious activity. Cyber Resilience service is a customized strategy to enhance your current people, processes, and technology based on comprehensive strategic and tactical evaluations across an enterprise.

The post Building blocks for Cyber resilience:  MSSPs can lead the way appeared first on Cybersecurity Insiders.

Firewall optimization (also known as firewall analysis) is the process of analyzing and adjusting the configuration and policy set of a firewall to improve performance and security. This process involves reviewing and corelating log data and device configurations, identifying potential vulnerabilities and weaknesses, and providing recommendations for remediation. Performing these processes is complex, which is why tools like firewall analyzers are useful. They offer automation, visualization, and alerting to provide recommendations that can be used to reduce the risk of attack.

What is the business impact of firewall optimization?

Firewall optimization is important because it can help organizations improve their overall security, performance, and compliance, while also reducing costs and improving decision-making. This can ultimately contribute to better overall business performance. Firewall optimization can have a positive impact on a business's overall network security and performance.

Some of the key benefits include:

• Improved security: Analyze configurations and log data to identify potential vulnerabilities and threats in the network and provide recommendations for remediation. This can help to reduce the risk of successful cyber-attacks and data breaches.
• Better performance: Improve overall network performance by identifying and addressing bottlenecks and inefficiencies in the firewall configuration. This can result in faster network speeds, more reliable connectivity, and better overall performance.
• Compliance: Comply with relevant regulations and standards, such as PCI DSS and HIPAA, by providing regular compliance reports and identifying potential compliance issues.
• Cost savings: By identifying and addressing inefficiencies and bottlenecks in the firewall configuration, firewall optimization can also help reduce costs associated with network maintenance and troubleshooting.
• Improved decision-making: Have a better understanding of the network security posture and the capabilities of the firewall. This allows organizations to make more informed decisions about their security strategy, and to better allocate resources for security initiatives.

How is firewall optimization different from firewall management?

Firewall optimization uses software tools like a firewall analyzer to find weaknesses and vulnerabilities in network attached devices. The inspection includes analyzing configurations and log data from security devices, such as firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS).

The primary features of a firewall optimization include:

• Log analysis: Review log data to understand utilization trends over time and recommend ways to enhance the performance of the firewall without compromising security.
• Configuration analysis and compliance reporting: Review running configurations of firewall devices regularly and include features for generating reports that show compliance with relevant regulations and standards, such as PCI DSS and HIPAA.
• Security analytics: Analytics capabilities allow users to visualize and analyze data from firewalls. This can help to identify trends and patterns that may indicate potential security threats.
• Alerting: Alerting features that notify users when potential threats or vulnerabilities are detected.
• Integration with other tools: Some firewall analyzers can be integrated with other security tools, such as vulnerability scanners or intrusion detection systems, to provide a more comprehensive view of an organization's security posture.
• Multi-vendor support: Firewall analyzers can support multiple firewall platforms. This can be useful when migrating from one firewall platform to another, to help clean the ruleset of any vulnerabilities and test configurations prior to deployment.

A firewall management platform, on the other hand, is a comprehensive tool that helps organizations to manage, configure, and monitor their firewalls. It includes features like firewall policy management, threat detection and management, asset discovery, and security analytics. The primary features of a firewall management platform include:

• Policy management: Allows users to create and manage firewall policies, which define the rules for allowing or blocking network traffic.
• Asset discovery: Discover and inventory assets on a network, including servers, workstations, and other network attached devices.
• Security analytics: Analytics capabilities that allow users to visualize and analyze data from firewalls. This can help to identify trends and patterns that may indicate potential security threats.
• Monitoring: Monitor network traffic and alerting users when potential threats or vulnerabilities are detected.
• Integration with other tools: In addition to firewall analyzers, some firewall management platforms can be integrated with other security tools, such as a Security Incident and Event Manager (SIEM) to provide a more comprehensive view of an organization's security posture.

One of the main differences between firewall optimization and the firewall management platform is the scope of their capabilities. Firewall optimization is focused on the performance and configuration of the firewall, by analyzing the running configuration and log data from firewalls, even in environments with multiple vendor firewalls.

Another difference is the level of control on a device that the tools provide. A firewall analyzer provides insights, recommendations, application traffic flows, and may even have device configuration and management capabilities. A firewall management platform, on the other hand, provides granular control over firewalls, including the ability to create and manage firewall policies and to monitor network traffic.

How does firewall optimization work?

Firewall optimization uses a firewall analyzer tool to provide visibility into the security posture of a network by identifying potential threats and vulnerabilities, and by providing recommendations for remediation.

The process of firewall analysis typically involves the following steps:

• Data collection: The firewall analyzer collects log data and device configurations from the security devices on the network. This data may include information on network traffic, firewall rules, and security events.
• Data analysis: The firewall analyzer then analyzes the collected data to identify potential vulnerabilities and threats in the network. This may include identifying open ports, misconfigured firewall rules, or unusual network traffic patterns.
• Reporting and visualization: The firewall analyzer generates reports and visualizations that provide a detailed overview of the network's security posture. These reports may include information on compliance with relevant regulations and standards, as well as recommendations for remediation.
• Alerting: The firewall analyzer may also include alerting features that notify security teams when potential threats or vulnerabilities are detected.

Some firewall analyzers can also be integrated with other security tools, such as vulnerability scanners or intrusion detection systems, to provide a more comprehensive view of an organization's security posture.

Firewall optimization best practices

It is not uncommon for organizations to question if both a firewall analyzer and firewall management platform are necessary for improved network security. Firewall analyzers provide a strategic and operational view of the network security environment across multiple vendors. This contrasts with the firewall management platform’s operational and tactical capabilities which are vendor specific.

In addition, firewall analyzers can provide value for non-operational roles in an organization, such as auditors. Auditors can collect the information they need without having to access the firewall management platform directly or involve the operations teams who administer the platform.

Conclusion

Overall, firewall optimization using firewall analyzer tools and firewall management platforms are important for the network’s health and security. While they serve different purposes, they also complement each other with their unique capabilities. Organizations that need visibility into the performance of the network along with recommendations for improving the firewall security should consider a firewall optimization strategy that incorporates both capabilities.

AT&T Cybersecurity Consulting has more than 20 years of experience increasing network security and performance using its firewall optimization programs. Learn more about the benefits and best practices of implementing a firewall optimization strategy that incorporates both firewall analyzer tools and firewall management platforms. Contact us today to get started.

The post What is firewall optimization? appeared first on Cybersecurity Insiders.

NTDLL.dll API hooking is a technique used by anti-malware engines to detect and flag suspicious processes on Windows by monitoring APIs that are known to be abused by threat actors. The method involves using assembly instructions to invoke the necessary Windows API function to allocate memory and inject arbitrary shellcode into that location via process hollowing. GuLoader's “redundant code injection mechanism” is designed to avoid these NTDLL.dll hooks, making it more difficult for EDR solutions to detect and flag the malware.

One of the ways that GuLoader evades detection is through its use of legitimate websites and services such as C2 servers. This means that it uses websites that are not known to be malicious as a means of communicating with its command-and-control (C2) center. This can make it difficult for security researchers to identify the C2 servers being used by the malware, as they are not typically flagged as malicious.

Also, GuLoader has also been observed using JavaScript malware strain RATDispenser to drop the malware via a Base64-encoded VBScript dropper. This allows the malware to bypass security measures and gain access to infected systems.

About Perimeterwatch

The post GuLoader – a highly effective and versatile malware that can evade detection appeared first on Cybersecurity Insiders.