Category: Detect

This blog was written by an independent guest blogger.

A key share of growing technology is blockchain. Blockchain technology permits entities to share information quickly and firmly while not compromising on security.

The engineering blockchain has hit the marketplaces everywhere nowadays. And it’s because blockchain has many applications that deliver higher output and reliability than the traditional network. Now that many businesses have begun to experiment with the blockchain, a full new sort of marketplace is developed.

What is BaaS & what are its benefits?

Blockchain-as-a-service (BaaS) is the third-party creation and management of cloud-based networks for companies in the business of building blockchain applications. These third-party services are a relatively new development in the growing field of blockchain technology. The application of blockchain technology has moved well beyond its best-known use in cryptocurrency transactions and has broadened to address secure transactions of all kinds. As a result, there is a demand for hosting services, per Investopedia.

BaaS could be a cheap methodology for businesses of all sizes to use blockchain technology. BaaS can permit enterprises to get blockchain provider’s services at the lowest price to develop blockchain apps.

Since blockchain remains largely the domain of cryptocurrencies, it’s not common to use this technology at a business scale. Most people also lack the experience to calculate a ROI for its enterprise usage.

BaaS industry specific solutions

All the solutions offered within the name of blockchain-as-a-service can have domain knowledge. center. These solutions use the important traits of blockchain to prevent cyber stealing and reassure to its customers. Here are 4 most prominent areas where BaaS is being explored.

1. Automotive
2. Healthcare
3. Fintech
4. Transportation

Importance of BaaS:

An organization’s operations area unit is driven by data. As a technique of providing that data, blockchain can be best, since it provides immediate, shared, associated clear data held on an immutable ledger that may solely be accessed by allowed members of the network.

The adoption of blockchain technology is progressively being explored by IT organizations in a very wide selection of industries. Despite this, the inherent technical complexities, an absence of domain experience, and the operational overhead prices of developing, operating, and maintaining the blockchain typically hamper plans for adoption. BaaS, however, is presently being seen as a doable resolution to the present downside.

The right BaaS supplier will ease businesses transition to blockchain technology by giving them access to blockchain developers, It may also provide method and governance specialists. This would provide needed cloud infrastructure with less fear about startup and overhead prices.

A notable BaaS supplier also will provide an upscale supply of expertise and knowledge that may be leveraged to upgrade the protection of the systems. As a result, it can considerably reduce the amount of risks that may need to be addressed if it had been developed in-house.

How does BaaS work?

BaaS is when an external provider sets up for a customer all the mandatory “blockchain technology and infrastructure.” By paying for BaaS, a customer pays the BaaS manufacturer for the establishment and maintenance of blockchain connected nodes. The dynamic backend for the user and their company is handled by the BaaS provider.

The BaaS operator ensures the preservation and management of vital objects and services associated with blockchains. To boot, it can regulate information measures, allot capability, assess storage desires and determine security risks.

Think about BaaS as a web hosting provider. It takes you simply a few minutes to style an online page that reaches ample folks daily. In fact, you'll run your own website from your own workplace, use your own computer/server and either will do the work yourself or rent a support team.  

A good example of blockchain technology is Hyperledger violoncello, that could be a utility system and toolkit for blockchain modules that's kind of like a BaaS platform. The Hyperledger violoncello (HLC) system could be a distributed computing platform that helps folks manage and use blockchain systems with efficiency.

Conclusion:

Blockchain as a Service can be the catalyst for the wide-scale adoption of blockchain throughout varied industries and companies – any size of firm will currently merely “outsource” their technological advanced tasks so that they can concentrate on their core business instead of managing and developing their own blockchains.

BaaS not only makes blockchain technology accessible to a wider audience, but also conjointly supports the rising use cases of the technology. This can effectively increase your business scope. But be careful as it is a new technology – always calculate the ROI before adopting it.

The post Blockchain as a Service (BaaS) appeared first on Cybersecurity Insiders.

This blog was written by an independent guest blogger.

The banking and financial sector is known for its dependence on third-party vendors that help provide customers with quality financial products and services. It is one of the most interconnected sectors, making it one of the most vulnerable to cyberattacks. And because third parties operate through the banks they are contracted with, any losses are the bank's responsibility. 

The interconnectivity and shared data of embedded finance enable banks to provide more effective solutions and better financial products. But because numerous systems and processes are intertwined across networks and organizations, there are many avenues for attackers to wreak havoc on banks and their customers. 

There are several third-party services that are necessary for banks to operate efficiently, but there are many risks that come with the territory. What are the risks? And how can banks reduce the impact of vulnerabilities from third-party vendors? Let’s discuss some of the top risks associated with outsourced banking services and how banks can protect themselves. 

Common third-party vendors

Relationships with third-party vendors are highly valuable for banks and financial institutions. Using third parties enables banks to offer their customers a wide variety of services to increase revenues, reduce overhead costs, and expand the institution’s ability to reach new customers. When third-party relationships are managed effectively, they can be an essential piece of a larger business strategy. 

Here are some examples of services provided by third parties:

• Mortgage lending
• Credit cards
• Overdraft protection
• Auditors
• Brokerage services
• Auto dealer relationships
• Flood insurance 

But services are not the only place that banks use third parties. Companies often use software and other technologies like CRM, invoice generators, communications tools, and more. 

And with new services being added all the time, banks also use third parties to educate workers and customers about new products and services. Third-party service providers allow banks to innovate and stay ahead of the curve, giving them an edge over the competition and improving customer experiences. 

You might never have thought to deploy a crypto 101 module, but cryptocurrency banking is an up-and-coming service. One day we may all require a crypto account. Third-party vendors make shifting to new technologies and rolling out new service offerings simple for everyone involved. So what’s the problem with third-party vendors?

Risks of outsourcing to third-party vendors

Despite the benefits of working with third-party vendors, banks are up against numerous risks when they choose to outsource a service:

Regulatory risks

Privacy is a key issue involved with third-party vendors. Banks are required to maintain regulatory compliance to protect consumer data, or else they could face steep fines and penalties. If a bank experiences a data breach, it’s highly likely that they were not in compliance with data privacy regulations. Not only does this affect consumers, but it could have serious impacts for national security as well.  

Reputation risks

Working with third-party vendors can sometimes mean putting a bank’s reputation on the line. Aligning with the wrong vendors can lead to inconsistencies that have a domino effect on an organization. If there is a negative public image of a third-party service provider due to a security breach, regulatory violations, or bad press, the bank could experience some pushback as well. When banks use poor judgment in choosing service partners, they run the risk of dissatisfied customers, unexpected financial losses, and even public backlash.

Operational risks

Unsecure or immature third-party vendors can also cause banks to suffer from operational risks. Many banks use third-party services that integrate with their own processes. Some implement third-party services to run a certain program or financial offering. Even the systems that control daily operations are built on third-party platforms. But if internal systems are affected by a third-party failure, operations could come to a halt. 

Financial risks

There are also several financial risks associated with working with third-party vendors. Banks and vendors typically enter into legally binding contracts that detail performance expectations and financial obligations. But the financial condition of all vendors can immediately affect banking institutions. If the third party doesn’t adhere to the contract agreement, originates loans outside of approved limits, or lacks the ability to mitigate financial losses, the bank could end up paying. 

How to reduce third-party risks in banking

Outsourcing financial programs and services can help banks improve customer experiences, reach new customers, and increase revenues. Still, the risks can leave organizations open to data breaches, financial losses, and operational failures. When banks enter relationships with third-party vendors, they absorb the consequences of failures, data breaches, and costs. 

According to the Federal Deposit Insurance Corporation (FDIC), there are 5 steps that banks can take to reduce the risks of working with third-party vendors:

Conduct thorough risk assessments

Before entering an agreement with a third-party vendor, banks should conduct a thorough risk assessment to evaluate the potential of their alignment. A vendor risk assessment should include oversight for fourth-party applications and services, risk vs. reward analysis, and ensuring that the relationship aligns with the bank’s strategic business goals.

Perform adequate due diligence

In addition to a thorough risk assessment of potential third-party vendors, banks should also perform adequate due diligence. Gathering the correct information can help management address more specific details about vendors' capabilities. Surprises about operational factors, business limitations, and financial obligations can create serious legal and regulatory problems. 

Review contracts carefully 

Once a decision has been made to move forward with a particular vendor, the bank must ensure that all documentation is carefully examined. Specific expectations should be lined out from the beginning for both parties before any services operate through a third party. Management, executives, and the board must all approve contracts before they are offered to vendors. Legal counsel is important at this stage to reduce any legal risks associated with the third party. 

Ensure proper oversight

Banks can ensure proper oversight of third-party activities through specific workflows dedicated to the flow of approvals and reviews. The board should initiate the approval of the third parties’ activities and conduct regular reviews of these arrangements, especially when there is a change to the program. Banks can implement continuous monitoring activities through the company’s compliance systems to ensure that vendors are operating according to federal and state laws. 

Implement robust cyber security processes

Finally, banks, third-party vendors, and fourth-party vendors should all perform regular reviews of network security processes. Companies must have end-to-end transparency across all vendor activities while at the same time protecting their perimeter from data loss. The key is that organizations have a plan to implement changes, patch management protocols, and vulnerability mitigation in addition to detection and response processes. 

Final thoughts

Third-party service providers enable banks to offer various services to meet customer needs. But vendor management is complex and comes with several risks that can damage a bank’s reputation, credit, and ability to perform. 
A reactive approach to changes in regulations, technology requirements, and vendor abilities leaves banks vulnerable to risks. But standardized methodology, vendor requirements, and ongoing oversight can help maintain positive vendor relationships. Plus, a proactive approach to third-party management can help reduce security risks and keep attackers at bay.

The post Risks that third-party vendors pose to outsourcing banks appeared first on Cybersecurity Insiders.

As energy and utilities companies strive to use the edge to innovate new solutions for delivering more efficient and resilient services, cybersecurity risks to carrying out those business missions loom large. Ransomware attackers and other cybercriminals have increasingly found energy and utilities organizations a profitable target, lobbying high-profile attacks in the last few years that have threatened safety and uptime in the process.

Operational and security experts at these companies are well aware of the balancing act they must achieve under these conditions, according to a new industry breakout of the AT&T Cybersecurity Insights Report. Released this week, the AT&T Cybersecurity Insights Report: Focus on Energy and Utilities shows that technologists in these organizations are called upon by the business to roll out edge use cases such as remote-control operations, self-healing assets, and intelligent grid management. At the same time, they must ensure these deployments are done with cybersecurity as a central component, as the impact of attacks against this vertical's edge-connected assets could have drastic consequences for companies tasked with delivering the most vital resources for modern living.

Rapid rate of energy and utility innovation

One of the key areas examined by the AT&T Cybersecurity Insights Report is the rate of adoption of edge computing, the use cases in play, and their stage of maturity. This was tracked across six major sectors. This latest industry report dives into the trends for companies that provide services and resources such as electricity, oil and gas, water, and sewer. The study shows that some 77% of energy and utilities respondents worldwide are planning to implement, have partially implemented, or have fully implemented an edge use case. The study dug into nine industry-specific use cases and examined their stage of adoption across the energy and utilities sector.

Combining the mid-stage and mature stage adoption rates reveals that the use of edge computing in infrastructure leak detection has the highest combined adoption maturity (82%) among survey respondents. Some examples of how this looks in action includes using sensors to gauge the flow of water in a municipal water system and using the low latency of edge connections to monitor that data in real time for drops or spikes in pressure that could indicate the need for preventive maintenance or immediate servicing of equipment. This is of course a single example in a broad range of use cases currently under exploration in this sector.

Edge computing has opened up tremendous opportunities for energy and utilities companies to solve tough problems across the entire value chain, including the safe acquisition of energy supplies on the front end of the supply chain, the proper monitoring of consumption of energy and resources on the back end, and the efficient use of facilities and equipment to run the functions between the two phases. Some additional examples most commonly cited were:

• Remote control operations
• Geographic infrastructure exploration, discovery, and management
• Connected field services
• Intelligent grid management

Interestingly, in spite of many energy companies engaged in proof-of-concept and insulated projects, overall the sector's rate of mature adoption was the least prevalent compared to all other sectors, sitting at about 40%. Survey analysis indicates this isn't from a lack of interest, but instead a product of the justifiably cautious nature of this industry, which keeps safety and availability top of mind. The fact that this market segment had the highest level of adoption in mid-stage compared to other industries offers a clue that these companies are all-in on edge deployments but taking their time considering and accounting for the risks—including those on the cybersecurity front.

Compromise worries grow

The study shows that 79% of energy and utilities respondents believe there is a high or very high likelihood of a compromise in one of the use cases intended for production within the next three years. When respondents were asked about the impact that a successful compromise would have, energy and utilities industry respondents were the most concerned of all industry respondents. This is hardly shocking given the grave real-world, physical consequences that can stem from a loss of control or safety over operational technology (OT) assets that run the power plants and pipelines within this industry.

 Given the media attention surrounding very public ransomware attacks in this sector recently, it's no surprise that ransomware is one of the top cybersecurity concerns for technology leaders in this space. However, it is nevertheless not the number one cybersecurity concern for technology leaders in the energy and utilities space, sitting instead as number two behind the more pressing issue of potential sniffing attacks against radio access networks (RAN). Also tied for second alongside ransomware were attacks against 5G core networks, and attacks against user/endpoint devices.

An interesting point to note about this industry is its heightened level of concern over physical attacks against technical components such as IoT devices. The industry rated this concern much higher than the average respondent. This is likely a function of the industry's growing reliance on remote sensors, devices, and endpoints in low-latency (and often far-flung) environments.

The unique cyber considerations in energy OT environs

Protecting the ability of an organization to safely provide reliable electricity, accurate bills, and safe pipelines will increasingly require cyber controls be applied to the external assets that deliver the benefits of edge computing use cases.  Fortunately, energy and utilities leaders are investing accordingly in cybersecurity controls around the edge.

The study shows that the energy and utilities sector has the second-highest commitment to major security investments baked into edge use cases compared to the others, lagging only slightly behind the US public sector. Approximately 65% of energy and utilities firms are allocating 11% or more of their edge funding directly for security.

One of the challenges in applying that funding is the so-called IT-OT security gap that face industrial sectors like this one. Energy and utilities firms can't rely on many classic cybersecurity controls like other industries, due to the limitations in technology and operational factors not found elsewhere. For example, many OT systems can't be patched in a timely fashion due to the operational risks posed by a failed update and the fact that many OT devices may run months or even years between scheduled maintenance windows. Operators in this sector have an extremely low tolerance security actions that potentially risk bringing down an entire oil refinery or wastewater treatment facility. This is why when the report examined the effectiveness rating of security controls in this industry, patching ranked dead last, as compared to a relatively high rating in all other industries.

Further, it may be challenging to collect and normalize data for monitoring purposes given the increase in data across merged IT/OT networks. OT networks cannot be monitored in the same way that IT networks are, due to unique protocols and also similar risk problems that the security 'cure' may be worse than the disease. For example, active scanning techniques can often disrupt or take down OT networks. This is likely why intrusion detection solutions were rated to have the highest total cost of ownership (TCO) within this particular sector.

As energy and utilities companies strive for the right balance of innovation and security at the edge, we recommend a careful approach that accounts for the fact that traditional endpoint-centric controls like patching can't always be the go-to solution. Proactive controls such as micro segmentation, passive vulnerability scans, and threat hunting should be considered for these more difficult use cases. These organizations should consider getting professional guidance from service providers on the front end to evaluate road maps for current and proposed use cases. The experts at these providers have already tread this ground and can best advise on the potential hazards that an organization may face along the way.

The post AT&T Cybersecurity Insights Report: Focus Energy and Utilities appeared first on Cybersecurity Insiders.

Executive summary:

SocGholish, also known as FakeUpdate, is a JavaScript framework leveraged in social engineering drive by compromises that has been a thorn in cybersecurity professionals’ and organizations’ sides for at least 5 years now. Upon visiting a compromised website, users are redirected to a page for a browser update and a zip archive file containing a malicious JavaScript file is downloaded and unfortunately often opened and executed by the fooled end user. 

An AT&T Managed Extended Detection and Response (MXDR) client with Managed Endpoint Security (MES) powered by SentinelOne (S1) received an alert regarding the detection and mitigation of one of these JavaScript files. The MXDR Threat Hunter assigned to this client walked them through the activity resulting from the execution of the malicious file, as well as provide additional guidance on containment and remediation of the host involved in the incident.

Investigation

Upon detection of the follow up activity of the malicious file executed by the end user, S1 created an Incident within the S1 portal. This in turn creates an Alarm within the USM Anywhere platform, where the MXDR SOC team works, reviews, and creates Investigations for client notification as necessary. Since this activity was observed all within S1, this analysis will be out of there.

The best way to start looking into a S1 event is to go to the Storyline of the Incident within Deep Visibility.

Once we have all the events related to the Incident, we can also create a new Deep Visibility search for all activity related to the affected host from about an hour before right up to the first event for the incident. This will let us try to see what happened on the host that lead to the execution of the malicious JavaScript file.

Reviewing the events from both the overall logs on the host and the events related to the Storyline, we can build out a rough timeline of events. Note there are close to 15k events on the host in the timeframe and 448 events in total in the Storyline; I’m just going over the interesting findings for expediency sake.

1. 12:07:08 The user is surfing on Chrome and using Google search to look up electricity construction related companies; we see two sites being visited, with both sites being powered by WordPress. The SocGholish campaign works by injecting malicious code into vulnerable WordPress websites. While I was unable to find the injected code within the potentially compromised sites, I see that one of the banners on the page contains spam messages; while there are no links or anything specifically malicious with this, it lets us know that this site is unsafe to a degree.

1. 12:10:46 The user was redirected to a clean[.]godmessagedme[.]com for the initial download. It likely would have looked like this:
   
   We can assume the URI for the request looks like the /report as seen in VirusTotal and described in open-source intelligence (OSI). Note that the subdomain “clean” has a different resolution than the root domain; this is domain shadowing performed by the attackers by creating a new A-record within the DNS settings of the legitimate domain:
   
   
2. 12:12:19 Chrome creates on disk: “C:Users[redacted]DownloadsСhrome.Updаte.zip”.
3. 12:13:11 User has opened the zip file and is executing the JavaScript file inside: “C:Users[redacted]AppDataLocalTempTemp1_Сhrome.Updаte.zipAutoUpdater.js”. The first thing that triggers is a POST request to hxxps://2639[.]roles[.]thepowerofgodswhisper[.]com/updateResource – this is the first check in.
   
4. 12:13:15 The script follows up commands to pull system information, such as the Computer Name, Username, User Domain, Computer Manufacturer, BIOS information, Security Center status and Antispyware Product, Network Adapter information, MAC address, and OS version. There is a POST request again, but this is to pull down additional JavaScript that it will evaluate and execute:
   
   The information is collected to build the URI:
   
5. 12:13:20 POST request goes through to hxxps://2639[.]roles[.]thepowerofgodswhisper[.]com/updateResource.
   A new URL is now leveraged: hxxps://2639[.]roles[.]thepowerofgodswhisper[.]com/settingsCheck
   
6. 12:13:23 Additional commands are now flying through:
   
7. 12:13:24 We see whoami as one of the commands leveraged. Whoami.exe is run on the host and the information is written to “radDCADF.tmp” in the Temp folder for exfiltration.
   
8. 12:31:36 Commands for nltest /domain_trusts to tmp file:
   
9. 12:34:19 nltest /dclist:[redacted] observed:
   
10. 12:37:36 Command to pull domain information into the path tmp file and POSTed up observed:
    
11. 12:48:39 Commands to create “rad0A08F.tmp”, which is a data stream on the C2 server. The file is then renamed to 81654ee8.js and executed with wscript.exe:
    
    The activity that follows is a mix of this new script and the previous script.
12. 12:49:11 Creation of a file from a data stream to “C:ProgramDatarad6598E.tmp” then rename “rad6598E.tmp” to “jdg.exe”.
    
    Activity by the attackers ends there as S1 has prevented additional actions related to this Storyline and pivoting across the environment with the executable name and hash yields no additional results. The client has since removed the host from the network and rebuilt it.

Response

Customer interaction

The MXDR SOC created an Investigation within USM Anywhere and notified the customer about this incident. The Threat Hunter assigned to the customer then followed up to provide them with additional context, findings, and recommendations for containment and remediation.

The host in question was removed from the network and rebuilt, and the user’s credentials were reset. Domains and IP addresses related to the compromise were provided to the customer and were promptly blocked on the proxy and firewall. While unlikely we will see the same file hashes again, the hashes of all files related to the incident were blocklisted within S1.

Protecting against SocGholish

Death, taxes, and SocGholish are certainties in life but there are steps organizations can take to prevent infections. Of course, partnering with the AT&T MXDR service, especially with the MES would be a great way to protect your organization and users, but here are steps to consider to not only prevent SocGholish but to reduce your overall attack surface:

• Educate employees on the following sorts of social engineering attacks:
  • Fake browser or operating system updates
  • Fake operating system errors or messages telling them to call in for assistance
  • Phishing and vishing attacks where the employee is asked to download tools or software updates
• Turn off “Hide Known File Extension” across the environment via Group Policy
  • The JavaScript file inside the zip archive has a higher chance of being clicked by a user because they cannot see the file is a .js file, versus an executable. Of course, this is a moot point if the attacker file is an executable to start, but this setting across the user base can help more savvy users recognize potential double extension trickery or icon manipulation.
• Prevent execution of .js files
  • Removing the file association of JavaScript files, as well as other common attack file formats such as .iso, .cab, .wsf, and others can prevent users from just executing files that are uncommonly used.
• Implement rules within EDR platform or application blocking software
  • Detection of wscript.exe activity where the command line contains .zip and .js
  • Detection of nltrust.exe and whoami.exe from cmd.exe where the parent process is wscript.exe
  • Detection of executables running out of the ProgramData folder directly, e.g. C:ProgramDatajdg.exe
    • Execution of executables out of other uncommon folders as well, such as Public, Music, Pictures, etc.
  • Detection of POST requests for URI: /updateResource and /settingsCheck
  • Detection of when URIs contain information such as hostnames matching your organization’s format, MAC addresses, and other information related to your domain, such as domain controller hostnames

The post Stories from the SOC:  Feeling so foolish – SocGholish drive by compromise appeared first on Cybersecurity Insiders.

This blog was written by an independent guest blogger.

It is easy to think of cybercrime as a phenomenon only impacting the digital space. However, as trends are showing, digital attacks have a very real and very physical impact. According to the FBI, there has been a surge in rental and real estate property scams conducted via digital means, whether that’s the insertion of rogue actors into the property purchase chain, or hijacking of legitimate websites to promote false, money scamming listings. With the real estate market in such a state of volatility, with house prices seemingly rising or falling in lurches from week to week, it’s an especially prosperous time for criminals. Protection is key.

Staying safe online

The most common real estate scams are focused on the scammer impersonating the role of the real estate agent. This can be done through exploiting improper security protections on the website itself or through the scammer inserting themselves into the process of purchasing through, for instance, SQL injection. Older styles of scams, such as selling homes by someone impersonating the homeowner, are becoming increasingly digitized too.

The key here is in cyber security and awareness from anyone involving themselves in the real estate business. Firstly, choose a realtor with a professional reputation, and ensure they have a distinct and established local profile. Google NAM data will help to further establish their legitimacy. Secondly, by using a high-quality browser – such as Edge, Firefox or Chrome – you’ll quickly be able to see just how well protected a website is. This is crucial; according to CISA, a huge number of websites simply do not have the requisite level of protection to be secure. Ensure anything you work with does.

Practicing enhanced due diligence

Every house sale or real estate exchange is subject to a significant level of due diligence. Both the seller and the buyer need to ensure they are meeting various levels of control; this prevents fraud, smooths the transfer of funds, and ensures that every party within the transaction has the peace of mind and financial information to be satisfied that they are getting what they’ve paid for; or that the buyer is legitimate. For this reason, with digital attacks in the offing, it’s important to be diligent. This can admittedly be difficult, due to the sense of expedience that’s currently being felt in the real estate world. Staying slow is key from a security perspective.

Understanding the risk

When it comes to the realty industry, there is, according to Deloitte, an overriding sense that real estate agents don’t need to worry about cybercrime. This is because they have, relatively speaking, lower volumes of customer protected data. Most cybercrime seeks to obtain data, given its inherent value; this is something that real estate businesses generally doesn’t have in great amounts.

However, even small attacks, where successful, can yield big returns for cyber criminals. The amount of money being exchanged in real estate, in addition to the sheer variety of payment types, means there are plenty of points at which a single attack can result in a big financial win. With long-term, concerted attacks, which aren’t unheard of, serious damage can be caused. Accordingly, the real estate firms themselves need to undertake sufficient protection.

Just like every other industry with significant levels of digitization, real estate is at risk of cybercrime. The attacks seek to create financial harm by deceiving either party. Staying safe is chiefly about education; all parties in the real estate chain; but technical knowhow has a part to play, too, chiefly on the part of realtors.

The post Amid real estate volatility, cybercriminals are profiting appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

The majority of today's web applications contain dangerous vulnerabilities. To analyze their security, one cannot do without a dynamic scanner. DAST (Dynamic Application Security Testing) tools allow you to detect and evaluate security problems quickly. Let me tell you what to look for when choosing such a tool.

According to various studies, 70% of vulnerabilities have to do with errors in the code. Using vulnerabilities in your web application code, hackers can distribute malware, launch cryptojacking attacks, employ phishing and redirect users to malicious sites, hack a phone remotely, or steal personal data using social engineering techniques. 

Yes, sure, it is impossible to create perfectly secure software, but it is quite possible to reduce the number of vulnerabilities and increase the level of product security. To do this, you can rely on DevSecOps – a process that links development and security and where software is checked and tested for vulnerabilities at every stage of its creation.

The DevSecOps process is very voluminous; it may include numerous information security tools. In this article, I want to talk about DAST and how to choose the right scanner for dynamic application analysis. Together we will figure out what tool characteristics and parameters you need to pay attention to and what product types are currently available on the market.

What is DAST, and how does it work?

Dynamic application security testing is one of the secure development practices where an automated analysis of a deployed and functioning application is carried out. The dynamic scanner checks all access points via HTTP, simulates external attacks using common vulnerabilities, and simulates various user actions. The tool determines which APIs the service has, sends verification requests, uses, where possible, incorrect data (quotes, delimiters, special characters, and more).

The dynamic scanner sends and analyzes a large number of requests. The analysis of the sent request and the received response, as well as their comparison with a regular request, allows you to find different security problems.

Most scanners have similar functions and modus operandi. Their main components are a crawler and an analyzer.

The crawler traverses every link on every page it can reach, examining the contents of files, pressing buttons, and going through a dictionary of possible page names. This process allows you to estimate the size of the attack surface and possible attack vectors taking into account the existing ways of interacting with the application.

The analyzer checks the application directly. It can work in passive or active mode. In the first case, the analyzer studies only information that the crawler sends to it. In the second, the analyzer sends requests with incorrect data to the points found by the crawler and to other places that are not currently present on the pages but can be used in the application. It then infers the presence of a vulnerability based on the server's responses.

What should you pay attention to when choosing a DAST tool?

• Scan quality

This is the ratio of found and missed vulnerabilities. It is impossible to immediately understand how well the scanner analyzes. To do this, you should at least approximately understand ​​what vulnerabilities can be there and compare your estimates with the scan results. There are several ways to evaluate a tool:

1. If you have an application and have already checked it for vulnerabilities through a bug bounty program or penetration testing, you can compare those results with the results of the scanner.
2. If there is no application yet, you can use other pre-vulnerable software, which is created, as a rule, for training. You need to find an application that is close to your development environment in terms of the technology stack.

The number of false positives plays a decisive role when assessing the scan quality. Too many false positives clog the results. Besides, real errors can be missed. To determine how well the tool scans, you should analyze the report, parse the responses, and calculate the number and proportion of false positives.

• Crawling

If there is no information about the application and you need to analyze it from scratch, it is important to understand how many paths and transitions you can collect, that is, how accurate the crawling will be. To do this, you can look at the DAST product settings. You need to find out if it can monitor requests from the front-end to the back-end, parse, for example, Swagger or WSDL applications, find links in HTML or JS. It is also worth studying the process of obtaining information about the application.

Before scanning, you can, for example, find out which APIs are used. This will help you understand what the tool needs to perform a full program scan. When choosing a scanner, it is helpful to make a list of what each tool can import and see if it can be built into the development process.

• Scan speed

This parameter is also important, especially if checks are integrated into the development process. Scanning can slow down the process and, as a result, lead to a waste of time and money. Scan speed largely depends on how quickly the application responds to requests, how many simultaneous connections it can handle, and several other factors. Therefore, in order to compare the speed of different DAST tools, you need to run them with the same software under approximately the same conditions.

• Advanced settings

Automatic analysis tools must have detailed settings. They will allow you to remove unnecessary requests and limit the scan area. This will increase the quality of the process and the speed of analysis. To set tasks for the tool appropriately, you must have all available options and settings.

There are “smart” scanners that adapt themselves to applications. But such tools still have to be manually configured since the goals of the checks are different. For example, sometimes you need to scan an application in several ways, starting with a full scan and ending with a superficial analysis; in this case, the manual mode will definitely come in handy.

When choosing a tool, you need to pay attention to the total number of possible parameters, as well as how easy it is to configure them. To compare the work of different tools, you can create several scan profiles in each of them: fast and shallow for initial analysis, full and maximum for a full-fledged one.

• Integration

To make the dynamic analysis as effective as possible, it is worth integrating this practice into the development process and periodically running the scanner during the build. It is necessary to form a list of what is used in the CI/CD process in advance, draw up an approximate plan for launching the tool.

This will help you understand how easy it will be to integrate it into the development process and whether it is convenient to use its API.

• Technology

Choosing a scanner, you should consider the technologies your company uses in development. To do this, you can analyze applications and create a list of technologies, languages ​​, and frameworks that are used. The list can get quite extensive, especially if the company is big. Therefore, it is appropriate to choose only a few critical parameters as criteria for evaluating scanners:

1. The number of technologies and frameworks that the tool covers.
2. The ability to support key technologies the company uses in its critical services.

• Login sequence recording

Recording the login sequence is extremely important for dynamic scanners since authentication is required to enter the application. There are many pitfalls in this process, such as hashing the password before sending it or encrypting it with a shared key on the front-end, etc. Therefore, you must check in advance whether the tool will cope with all such nuances. To do this, you need to select as many different applications as possible and see if the scanner can go through the login stage in each of them.

It is also good to check how the tool behaves when logged out. The scanner sends a lot of requests during the analysis process. In response to some of them, the server can “throw the user out” of the system. The tool should notice this and re-enter the application.

• Tool updates

Technology is constantly evolving, so when choosing a tool, it is vital to consider how often its updates or new versions of signatures/patterns or analysis rules are released. It is worth studying this information on the product website or requesting it from the vendor. This will show whether the developer is following trends and how up-to-date your database of checks will be.

It is desirable to find out if you can influence the development of the product and how the developer handles requests for new features. This will show how quickly the functionality you need will appear in the product and how communication with the vendor is arranged as part of the options update.

Which tool to choose?

There are plenty of tools on the market offered by such companies as Netsparker, Acunetix, Nessus, Rapid7, AppScan, and others. Let me briefly describe two instruments that I use.

• BurpSuite Enterprise

This tool was developed by PortSwigger. The product has a full-fledged REST API for interacting and managing scans, sending reports, and much more. The scanning agent is the classic BurpSuite. It is launched in “headless mode” but has limitations. For example, you can interact with it only through control commands from the head portal, and you will not be able to load your plugins. Generally, if the tool is configured correctly, it can provide excellent results.

• OWASP ZAP (Zed Attack Proxy)

This popular tool was created by the OWASP community, so it is completely free. It has different SDKs and APIs for different programming languages. You can use OWASP options or your own plugins.

The product has extensions for various CI/CD tools. It can be run in different modes and controlled programmatically. You can easily insert the tool into your development process. At the same time, the scanner has its drawbacks. Since it is an open-source solution, the quality of scans is lower than that of enterprise solutions. Also, the tool's functionality is not very extensive and deep, but it can be extended and improved.

Conclusion

When choosing a dynamic analyzer, you can use the criteria noted above in this article, but they must be applied correctly. Each company is unique and has its own nuances and features – all this must be taken into account in conjunction with all the selection criteria. It is also good to define your needs in advance and understand what results you want to receive from the tool. Not to make a mistake, it is advised to conduct full-fledged testing of various options, compare them with each other and choose the best solution.

The post Choosing a DAST solution: What to pay attention to? appeared first on Cybersecurity Insiders.

This blog was written by an independent guest blogger.

The impact of ransomware attacks on healthcare is as alarming as it is under-addressed.  The United States healthcare system alone faces an annual burden of nearly $21 billion due to these attacks. It pays well over $100 million in ransoms, and is beginning to acknowledge the tragic realities of impacted patient care, including higher patient mortality rates. For every headline related to cyberattacks, there are likely hundreds more that go unreported.

In a study released in 2021, IoT/IoMT devices were revealed to be the attack vector for 21% of ransomware attacks.  In May 2022, CISA Senior Advisor Joshua Corman further documented the rising risks during a Senate HELP Committee hearing.

And in August 2022, the Ponemon Institute dove even deeper into the impact of insecure medical devices on hospitals and patients in their Insecurity of Connected Devices in Healthcare 2022 report. Statistics from the report show:

• 43% of respondents experienced at least one ransomware attack.
• 88% of cyberattacks involve an IoMT device.
• The average data breach cost is well over $1 million.
• Tragically, 24% of attacks result in increased mortality rates.

Seven out of ten respondents (71%) believe that very high security risks are created by these otherwise overwhelmingly beneficial marvels of modern medicine. Recognition of risk is a step in the right direction, although it is unfortunately more of a talking point than one of action.

Over half (54%) of respondents did not report senior management requiring assurances of properly addressed IoT/IoMT device risk. Even more concerning, two thirds (67%) don’t believe their devices are being patched in a timely manner – the most basic, widely accepted and often required action for nearly any healthcare environment.

The current landscape of most hospitals – battling an epidemic with exhausted staff, strained resources, limited cybersecurity expertise and massive bullseyes – makes them easy targets.  A consolidated effort to improve hospital security is needed; AT&T, in partnership with Ivanti Neurons for Healthcare, offers specific solutions to support risk reduction through actionable guidance.  

Reports demonstrate before-and-after security status, reflecting the improvements gained by taking action.  Network segmentation recommendations integrate with existing NAC solutions, adding intelligence and visibility to the process. Dashboards quantify risks by device, manufacturer, hardware type, and OS, providing a strategy to fight cybercriminals who leave morbid results in their ceaseless drive for ransoms.

In as little as five days, a proof of value engagement will demonstrate a reduction in risk for your healthcare organization. For more information about Ivanti Neurons for Healthcare, and how it can be part of a unified security approach with AT&T Cybersecurity visit us. There's also a nice e-book available to learn more.

The post Alarming attacks on Internet of Medical Things (IoMT) appeared first on Cybersecurity Insiders.

Wayne Bridgeman II, a Senior Manager on AT&T’s Network Cybersecurity team, offers a 5-point checklist for businesses in 2022 alongside tidbits of often overlooked tactics that can strengthen security.

Wayne Bridgeman II is no stranger to the fighting ring. He fought professionally in the martial arts community for 5 years and has since transitioned to helping businesses combat the growing risk of cybercrime. Although the specifics differ, Wayne approaches his fights with the same strategic mindset. In both the ring and in cyberspace, success begins with knowing your own vulnerabilities. For the past 10 years, Wayne specialized in Network Technology and Cybersecurity, where he identified the needs of businesses and customized solutions to secure their networks. When asked about common misconceptions regarding cybersecurity, Wayne identified one pitfall many small business owners fall into: underestimating their potential to be victims. 

“Put yourself in the shoes of a criminal and pretend you’re breaking into a car with a limited amount of time. Which is more appealing: the expensive car with the newest locks, or the late model car with rolled-down windows and a purse in the seat? Criminals often choose the option with less deterrence,” Wayne said, “One of the biggest traps small businesses fall into is thinking that they aren’t as appealing to cybercriminals because they’re smaller and have less to offer. Cybercriminals are opportunists with a keyboard, looking for low-hanging fruit. It’s not necessarily what the businesses have that’s appealing, but what they have exposed. By not keeping up to date on security and practicing ‘cyber hygiene’, businesses are making themselves easy targets.”

Wayne offered a few immediately applicable tasks for businesses of any size to get started, “Ultimately, the goal is to take your business from being an easy target to a hard target. But you don’t have to throw a bunch of money to form the basics. First, practice password hygiene. Update regularly and enable a multifactor authentication. Second, utilize the principle of least privilege. Only give people access to things that they absolutely need to perform their job. Third, regularly backup data onto your network so that in the event of an outage, you are secure. All of these are steps you can take now to make yourself a harder target.”

While these steps will give business owners a head start, proper cyber hygiene may require an even deeper cleaning. Wayne continued, “Nowadays, there are many cybersecurity options out there. But not all dollars you invest in cybersecurity are created equal. There are strategies that will mitigate risk more than others, and you can waste funds by investing in the wrong places. It’s important to ask the right questions first.”

According to Wayne, here are five of the most critical questions business owners can ask themselves in 2022:

1. Are the people trained?

Oftentimes, people are the number one targets for hackers, “Human beings are inherently fallible. Finding ways to masquerade and attack through an email or phone call is the primary vehicle a hacker will utilize because it is scarily effective,” Wayne said. Hackers need an entry point into a network, and far too often it’s the untrained workers who accidentally give them the keys. “We must educate our employees and help them be aware that these things are coming to them. You can do this by investing in security awareness training. When employees are aware of potential attack strategies, it’ll be a lot harder for hackers to get in.”

2. Are the endpoints secure?

Endpoints are the physical devices that connect to networks, and the first step to securing them is to protect the entry points. “Every home has a door, and every network has a front door as well. We know them as firewalls. Firewalls allow us to securely detect threats that attempt to come into the network and lock them at that edge.” Wayne continued, “Firewalls have evolved over the years, and nowadays it’s best to utilize multiple layers of protection. One type of layer to consider is web traffic filtering. These filters protect employees that use the internet and defend them from accidentally getting phished on bad websites. You can also consider adding layers that inspect encrypted traffic. Most traffic on the internet today is encrypted and hackers use that to bypass traditional firewalls, get into the network, and cause damage.”

As technology evolves, Firewalls need to stay up to date, and this takes time and expertise. One solution is to utilize managed firewalls that can automatically detect and respond to activity on endpoints.

3. Have we addressed the vulnerabilities?

“All networks have vulnerabilities,” Wayne said. “The question is how critical these vulnerabilities are and if the business has taken action to mitigate them or put in controls to prevent them from being used in an attack.” The two-part step to assess vulnerabilities is as follows:

1. Know what’s on your network (known as asset identification) and know what you must protect.
2. Know what vulnerabilities are present on those assets.

“This is a process known as vulnerability management, and businesses would be best served to practice it in a quarterly (or more) rhythm. They must understand what’s on their network, the vulnerabilities that exist, and how to patch them up. This helps minimize opportunities for hackers to exploit vulnerabilities on the network.”

4. Have we factored in edge security?

As hybrid workforces become the standard for many businesses, employees are increasingly working outside of the network. Wayne talked about the dangers this can pose. “While it can be nice to work from a coffee shop or from home, mobile employees don’t get the benefit from being behind a firewall. Mobile employees need to be protected, and the firewall needs to ‘follow’ them somehow. Layering firewalls with solutions such as secure web gateways that protect users while they’re outside of the network is one solution. This is where layering endpoint security can really come into play.” 

5. What is our incident response plan?

“When it comes to cyberattacks, it’s no longer a matter of ‘if’ but ‘when’. It may sound cliché, but it’s a reality today,” Wayne warned. “The difference between recovery and failure in the event of an attack is having a plan. Businesses of all sizes must have an incident response plan that should be tested from time to time. Preparation may include partnering with a third party or instant response services if they don’t have the resources themselves so that experts can engage on their behalf in the event of a critical business-impacting cyber-attack.”

“Oftentimes, small businesses take the hardest hit. Small businesses that get attacked often go out of business because they haven’t built a plan of how they’ll respond to those events. Having a written incident response plan where owners of the business know who does what in the event of an attack, paired with access to third party experts, can be critical for recovery. Your ability to respond to an attack will be dictated by how well you plan to respond.”

When asked about the trending shift from Copper to Fiber and Fiber’s effect on security, Wayne offered some insight. “Cybersecurity is often measured by the acronym CIA: Confidentiality, Integrity, and Availability. The Fiber network moves at the speed of light and has higher availability, meaning that its uptime is better. When you can’t get to your data, your network is less secure. By having a Fiber connection with higher availability, you’re hitting one part of the triad. Notice the contrast with Copper, that has lower availability due to issues with degradation and the frequent need for repair. But note that copper and fiber are just the physical layers of connectivity and what you layer with your network is just as crucial.”

Ultimately, knowing the state of your network and preparing adequately is the key to protection. When it comes to successful defense, Wayne found many parallels between martial arts and cybersecurity. “In the event of an attack, I’ve learned in both the martial arts community and cybersecurity world that people revert to their training. In martial arts, we say that ‘everyone thinks they have a plan until they get punched in the face’ and it’s just as true when protecting your network. The key is to train and prepare well before the attack occurs.”

The post Attention business owners: Top 5 Cybersecurity questions to ask in 2022 appeared first on Cybersecurity Insiders.

This blog was written by an independent guest blogger.

The value of digital payment transactions is growing as the world's payment environment moves more and more away from cash. Over the past few years, BFSI (Banking, Financial Service, and Insurance) firms have continued to be a top target for hackers. In fact, the Sixth Annual Bank Survey found that more than 70% of fintech companies named information security as their top issue.

According to VMware's Modern Bank Heists study, since the COVID-19 epidemic, there have been 238% more cyberattacks on companies in the financial sector. Artificial intelligence (AI) and self-learning malware are making cyberattacks more sophisticated. While ransomware assaults are the most profitable for cybercriminals, phishing attacks prey on unsuspecting and defenseless consumers. Thus, it should come as no surprise that 39% of financial industry executives think that the overall network security threat to BFSI sector companies has increased significantly.

Financial and banking firms in the US must put cybersecurity first above all else given the volume of sensitive data that the BFSI sector must manage. Leading analytics company GlobalData predicts that rising demand for cybersecurity would cause worldwide security revenues in the retail banking industry to climb from $7.9 billion in 2019 to $9.8 billion in 2024.

What are the biggest concerns facing the financial sector in the United States for 2022?

Reimbursing cyber scams

As banks are under pressure to compensate their scammed consumers, rising cybercrime rates translate to rising costs for the industry. More than half (58%) of those who conduct their banking online encounter scams via email or SMS at least once per week, and 23% report having fallen victim to a cyberattack.

Banks currently reimburse authorized push payment (APP) fraud at an average rate of 46%. Although many banking institutions are refusing reimbursements for online fraud, this is due to change soon, or else the situation will backfire. For example, measures supported by the UK government will require banks to reimburse everyone. This is only one illustration of the fact that if banks are to secure their consumers and their business line in 2022, they must prioritize cybersecurity more highly.

To exchange efficient strategies, banks will need to collaborate with governments and industry organizations. The public must continue to get education on preventative measures, but ultimately it is the banks' responsibility to establish security models that will give them and their clients the greatest level of safety.

Maintain compliance with strict privacy regulations

The use of social engineering and account takeover fraud will increase over the next years. Financial institutions must not only conduct comprehensive data checks beyond document verification at account opening to fight this but also keep track of customer identities throughout the customer lifecycle.  

Banks must decide how to manage sensitive personal data like biometrics as GDPR and other privacy regulations are being established throughout the world. As a result, many institutions believe that finding a partner that can protect this sensitive personal information is more practical than modernizing internal systems and processes.

Finally, the public is becoming more concerned about how technology corporations utilize personal data. More difficult questions will be raised as a result, and any responses must pass a strict ethical standard. The application of AI to compliance and fraud will need to be explained by banks. Ascertaining whether their partners and vendors have complete control over the technology they provide will also have an impact on vendor onboarding. Every bank will need to be able to justify decisions made to regulators and the broader public.

Leveraging AI to combat cyber fraud

Instead of being a subset of financial crime, banking fraud now coexists with ransomware, phishing, and other types of cybercrime. Fraudsters are functioning methodically, getting more skilled at spotting loopholes in the automated systems that financial institutions are putting in place, and getting better at learning through repetition.

For example, banks and mortgage lenders have started to link more of their fraud charges to the fact that their clients are doing more transactions using mobile banking apps. According to a LexisNexis survey, more than half of the respondents who worked for US banks and credit lenders say that mobile channel fraud has increased by 10% or more this year.

Today's fraudsters collaborate with criminal gangs that provide crime as a service. As a result, frauds and forgeries become increasingly sophisticated, making them impossible for humans to detect without artificial intelligence (AI) to support their decision-making.

Decentralized currencies are at the center of attacks

Meanwhile, cryptocurrency has become a primary target of cyberattacks. Huge sums of money are frequently present on cryptocurrency exchanges and wallets, making them a powerful attraction for attackers trying to make money from their attacks.

These are sometimes straightforward social engineering attacks, and other times they are far more sophisticated technically. We expect to see more cyberattacks on decentralized currencies given the amount of money that can be stolen in a single successful attack (possibly reaching millions of dollars). For example, in December 2021 criminals stole nearly $200 million from the crypto trading platform Bitmart.

However, we should anticipate law enforcement and governments to become more actively involved in both the investigation of cryptocurrency assaults and the use of cryptocurrency vulnerabilities. For example, government agencies like the Securities Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) may try to regulate cryptocurrencies more strictly as they regulate traditional currencies.

Attacks bypassing MFA

Although multi-factor authentication is a prerequisite for enabling strong customer authentication, the latest attacks against Cisco and Uber have profoundly demonstrated that fraudsters can bypass MFA. Using sophisticated tactics and tools like auto-diallers, criminals have managed to intercept one-time passwords (OTP) and compromise banking accounts. Automating the process and creating what is known as MFA fatigue they force customers to give up OTPs to malicious bots.

OTP interception is now trivial compared to what it has been historically, and that innovation fundamentally shifts the economics in the favor of the attackers. The LexisNexis report highlighted this concern saying that balancing fraud detection with customer friction is a top challenge for banks. Banks need to embrace phishing-resistant MFA methods that eliminate the risk of being defrauded while offering a superb customer experience for all possible use cases and authentication journeys.

A bigger attack surface and higher attack sophistication levels are a result of the rising use of complicated technologies and interaction with third-party systems. Today, maintaining a strong cybersecurity posture entails more than merely defending sensitive systems and data from damaging external attacks. Additionally, it entails better data privacy, identity protection, and vulnerability management. Banks and financial institutions can outsource part of the burden of staying compliant with regulations and securing customer financial data by partnering with a trusted managed services provider. These companies aggregate experience and expertise to help banking institutions stay one step ahead of their adversaries.

The post The biggest concerns within the US Financial Sector in 2022 appeared first on Cybersecurity Insiders.

Multiple reports in the media, including in Bloomberg US Edition, allege that Russian-associated cybercrime group Killnet is responsible for a series of distributed-denial-of-service (DDoS) attacks during the week of October 6 that took several state government and other websites offline. While most of the websites were restored within 48 hours, these volumetric attacks can leave even the most secure sites paralyzed and susceptible to further damage.

AT&T Alien Labs, the threat intelligence arm of AT&T Cybersecurity, suggests politically motivated cyber strikes such as the ones that hit web sites in October are nothing new. Killnet has a long history of successfully attacking both public and private organizations and businesses.

Research Killnet on the Alien Labs Open Threat Exchange (OTX),
among the largest open threat intelligence sharing communities in the world.

Figure 1: OTX pulse on Killnet.

“We have been following Killnet for years and have seen a marked increased activity in the last few weeks. Their attacks, however, appear to be opportunistic DDoS campaigns aimed at attracting media coverage,” says Research Director Santiago Cortes Diaz. “Their efforts seem to be coordinated with the Russian government as part of their FUD (fear, uncertainty and doubt) campaign around the geopolitical conflict.”

Aside from a temporary takedown that can disrupt operations, there is also a reputational cost to DDoS attacks. Moves against government websites potentially aim to destroy faith among voters that U.S. elections are a secure and insulated process. And, though the election process is mostly separated from the Internet, consecutive attacks of this nature could also negatively impact confidence in the United States’ digital defenses.

DDoS attacks, though typically short-lived, succeed in getting the public’s attention by causing a digital flood of information on websites with an otherwise regular flow of traffic. A botnet, a group of machines infected with malware and controlled as a malicious group, generates bogus requests and junk directed at the target while hiding within a site’s usual traffic patterns.  DDoS attacks are not to be underestimated. They will likely continue to proliferate as hackers acquire access to more botnets and resources allowing them to commit larger attacks — and the resources will come with the next era of computing.

As organizations continue to deploy edge applications and take advantage of 5G, the threat of DDoS attacks is potentially compounded. To this point, in a survey of 1,500 global respondents for the AT&T Cybersecurity Insights Report: 5G and the Journey to the Edge, 83% believe attacks on web-based applications will present a big security challenge.  

Why? Because along with the improvements in speed, capacity, and latency of 5G and edge computing, there is also going to be an explosion in connected devices. For example, in the same Insights Report, the top three use cases expected to be in production within three years for edge computing include: industrial IoT or OT, enterprise IoT, and industry-oriented consumer IoT functions — all of which are driven by applications that can be connected to the internet.  This increase in devices and network quality as well as explosion in applications serve as fertile ground for targeted attacks from bad actors.

Though these recent attacks appear to have political motivation, businesses should be considering pro-active DDoS protection if they do not already have it in place. The relatively cheap and frequent nature of DDoS attacks are what make them very dangerous and costly to business continuity.

To learn more about AT&T’s DDoS service solutions, click here.

The post Do the recent DDoS attacks signal future web application risks? appeared first on Cybersecurity Insiders.