Category: threats

In an age where cyber threats loom large, ransomware attacks have emerged as a significant concern for individuals and organizations alike. These malicious attacks, which encrypt valuable data and demand a ransom for its release, can wreak havoc on businesses, causing financial losses and reputational damage. To safeguard against such threats, it’s essential to adopt a robust and comprehensive security posture. Here’s how to frame an airtight defense against ransomware:

1. Implement Multi-Layered Security Measures: A strong defense begins with a multi-layered approach to security. This includes deploying firewalls, intrusion detection systems, and antivirus software to detect and prevent ransomware attacks at various entry points. Additionally, consider implementing advanced threat detection technologies that can identify and mitigate emerging threats in real-time.

2. Regularly Update Software and Systems: Outdated software and operating systems are often vulnerable to ransomware attacks. To minimize risk, ensure that all software applications and systems are regularly updated with the latest security patches and up-dates. Automated patch management tools can streamline this process and help keep your infrastructure secure.

3. Educate and Train Employees: Human error is a common entry point for ransomware attacks. Educate employees about the risks of ransomware and provide training on best practices for cybersecurity, such as recognizing phishing attempts and avoiding suspicious links and attachments. Regular security awareness training sessions can empower employees to be vigilant and proactive in protecting against ransomware threats.

4. Enforce Strong Password Policies: Weak passwords are an open invitation to cyber-criminals. Implement strong password policies across your organization, including requirements for complex passwords and regular password changes. Consider implementing multi-factor authentication (MFA) for an added layer of security, which can help prevent unauthorized access to sensitive systems and data.

5. Backup Data Regularly and Securely: One of the most effective defenses against ransomware is a robust backup strategy. Regularly backup all critical data and ensure that backups are stored securely, preferably offline or in a separate, isolated network. This ensures that even if ransomware encrypts your primary data, you can restore it from backups without paying the ransom.

6. Monitor and Respond to Threats: Proactive monitoring of network traffic and system activity can help detect ransomware attacks early on, allowing for swift response and containment. Implement security incident response procedures to outline the steps to take in the event of a ransomware attack, including isolating infected systems, notifying stakeholders, and initiating recovery processes.

7. Engage with Security Experts and Partners: Cybersecurity is a constantly evolving landscape, and it can be challenging for organizations to keep pace with emerging threats. Consider partnering with cybersecurity experts or managed security service providers (MSSPs) who specialize in ransomware defense. These experts can provide valuable insights, threat intelligence, and assistance in developing and implementing effective security strategies.

By adopting a proactive and comprehensive approach to ransomware defense, organizations can significantly reduce their risk exposure and minimize the potential impact of ransomware at-tacks. With a strong security posture in place, businesses can focus on their core operations with confidence, knowing that they are well-equipped to withstand the ever-present threat of ransomware.

The post Crafting an Airtight Security Posture Against Ransomware Threats appeared first on Cybersecurity Insiders.

Four years on from the SolarWinds hack, supply chains should still be top of mind for businesses. Warnings from the NCSC have reinforced this message, but in the UK just 13% of business decision-makers describe supply chain security as a top priority.

Perhaps they don’t realise how fragile and vulnerable software supply chains can be? A report from ReversingLabs found almost 11,200 unique malicious packages across major free and open-source software (FOSS) platforms in 2023, thirteen times as many as 2020. With FOSS a common part of many commercial software products, organisations need to better understand this threat, and the strategies they can use to mitigate it. 

Understanding FOSS in supply chains

According to Synopsis, around 97% of commercial codebases use FOSS to some degree. Why, if it’s so vulnerable? The answer is that the benefits of FOSS can far outweigh the risks: it reduces the cost of ownership, maintenance, upgrades, and support fees, and reduces the problem of vendor lock-in. Many businesses not only use FOSS, they contribute too, part of the give-and-take that makes open-source so useful.

It’s unlikely that organisations will stop using open-source software, given they would need to rewrite many core components of their product. In order to protect against attacks, security professionals need to “know their enemy”. The most common tactics used to compromise FOSS include: 

  • Code injection—The threat actor inserts a backdoor into software updates. In most cases, malicious code is injected into a piece of software that is then distributed, allowing the attacker access to multiple organisations.

  • Code substitution—Attackers replace code with malicious code, either by compromising the source code repository or by tampering with the software distribution channel.

  • Code compromise—Exploitation of a vulnerability or a misconfiguration in the software development or delivery process, compromising the code. To illustrate, the NotPetya attack involved hackers exploiting a vulnerability in the M.E.Doc accounting software to deliver ransomware to Ukrainian organisations.

Creating a strategy for protection

Once they fully grasp the risks, security teams will need to do a lot of work to get a handle on the situation. However, it’s not an impossible task and in all likelihood, they’re not going to be starting from scratch—many will already have policies and tools in place that can be improved and built on. 

SBOMs: Software Bills of Materials (SBOMs) play an increasingly important role in enhancing supply chain security. SBOMs list the components and dependencies of a software product, such as open-source libraries, third-party software, and licences. It helps to identify and manage security risks in the software supply chain, such as vulnerabilities, malware, or outdated versions. It’s also necessary from a compliance perspective as the UK begins to enforce its cybersecurity strategy. 

Create a culture of security: It’s also necessary to establish a security-first culture and educate staff on risks and best practices. At a high level, this means understanding the risk an organisation faces, and a better appreciation for security. From a technical perspective, this includes how to use and deploy code safely, and how organisations can use authoritative sources and repositories to download or update open-source software to ensure security.

Patch, patch, patch: IT teams also need to be strict on their cyber hygiene, mainly in regards to patching. Everyone knows that patching is important but it’s also the bare minimum. To remain secure, organisations should work more proactively and regularly scan software components and dependencies for malicious code.

Limit access: A key component of Zero Trust is to never trust anyone and always verify. Dev teams can take this a step further and apply the “principle of least privilege” to software components and users, limiting their access to the minimum necessary resources and permissions. This can include implementing strong encryption and digital signatures to protect the confidentiality and integrity of software components and data is also imperative.

Stricter rules for vendors and suppliers: As an end user, third-party software audits should be a critical component of a strategy for protection. This includes performing due diligence on third-party vendors and suppliers and verifying their security policies and practices. It’s critical to establish clear contracts and service level agreements (SLAs) with third-party suppliers and define the roles and responsibilities in the supply chain.

 

It’s important to keep in mind that this is all reactive, a minimum of what should be done to keep organisations safe. Building on this with a more proactive approach will offer even better protection. This means continually monitoring and auditing the software supply chain for any suspicious activity. Only then can security teams be confident that they are doing enough to stay safe from supply chain attacks.

The post Mitigating the biggest threats in supply chain security appeared first on Cybersecurity Insiders.

In today’s digital age, Microsoft Office has become a staple in offices and homes worldwide, facilitating communication, productivity, and document management. However, this widespread usage has also made MS Office software a prime target for cyber-criminals.

Cyber attacks arising from Microsoft Office software have gained prominence in recent years, posing significant threats to individuals, organizations, and governments alike. This article delves into the evolving landscape of cyber attacks associated with MS Office software and explores ways to mitigate these threats.

The Microsoft Office Suite Vulnerabilities

Macro-Based Attacks: One of the most common methods used by cyber criminals is the exploitation of macros within Office documents. Macros are scripts that automate tasks, but they can also be used maliciously to deliver malware. Users are often tricked into enabling macros, unknowingly infecting their systems.

Malicious Email Attachments: Cyber criminals frequently send phishing emails with malicious Office attachments. These attachments may contain malware or lead to malicious websites designed to steal sensitive information.

Malicious Links: MS Office documents can include embedded links that direct users to malicious websites. Clicking on these links can result in drive-by downloads or the installation of malware.

Fileless Attacks: Modern cyber attacks often exploit vulnerabilities in MS Office applications themselves. These fileless attacks don’t rely on traditional malware files, making them harder to detect.

 Zero-Day Exploits: Cybercriminals search for and exploit vulnerabilities in Office software that haven’t yet been patched by Microsoft. These zero-day exploits are highly sought after and can be used to compromise systems before patches are available.

Mitigating MS Office Software Cyber Threats

Keep Software Updated: Regularly update Microsoft Office software to patch known vulnerabilities and reduce the risk of falling victim to zero-day exploits.

Disable Macros: Disable macros by default in Office documents and only enable them from trusted sources. Educate users on the risks associated with enabling macros.

Beware of Email Attachments: Exercise caution when opening email attachments, especially if they come from unknown or unexpected sources. Verify the legitimacy of the sender before opening any Office files.

Email Filtering: Implement robust email filtering systems that can identify and quarantine suspicious emails containing Office attachments.

User Education: Educate employees, family members, or colleagues about the dangers of phishing emails and the importance of safe email and document handling practices.

Security Software: Install reputable antivirus and anti-malware software to detect and mitigate threats arising from MS Office documents.

 Network Segmentation: Implement network segmentation to isolate critical systems from potential threats originating from Microsoft Office software.

Conclusion

Microsoft Office software remains an essential tool for productivity and collaboration, but its widespread use has made it a prime target for cyber-criminals. To safeguard against cyber attacks originating from MS Office, users and organizations must stay vigilant, keep software up to date, and educate themselves about the evolving threat landscape. By adopting a proactive approach to cybersecurity, individuals and organizations can minimize the risks associated with this ubiquitous software suite and protect their valuable data from cyber threats.

The post Cyber Attacks Arising from Microsoft Office Software appeared first on Cybersecurity Insiders.

Technology companies in recent times have asked most of their employees to stay home because of the fast-approaching recession or by other factors. But security analysts say that such kind of knee-jerk reactions could spell trouble for the organizations as employees leaving the firm could turn into insider cyber threat out of frustration or anger.

Twitter, Facebook, Amazon, HP, Wipro, Oracle, RingCentral, Intel, Microsoft and Cisco have shown the door to most of their senior level employees in the past few weeks. And as human brains are often treated as susceptible links to security breaches, the above listed companies should see that they are proactively ready to face the worst.

Supporting this theory is the research carried out by the Ponemon Institute that claims to have witnessed a 44% rise in threats from insiders in the past two years. And researchers from the institute state that costs per incident are up by two-third account to $15.38 million, up from just $5.6 million in the year 2019. Remember, the year 2020 was left unaccounted as the whole of the world was suffering from lockdowns and immense business losses.

Deactivation of remote devices, changing account passwords as soon as worker gets laid off or deleting their accounts and revoking access to online and offline processes might save a lot from falling deep into a business embarrassment.

Coming to disgruntled employees, cyber actors can make the best use of the mind-set of laid-out workers and so employees must keep a tab of employment satisfaction scale in office environments and try their best to cut down the list of disgruntled employees. A fat pay, half yearly increment, bonuses is all that needs…. isn’t?

And unfortunately, if anyone is desiring to leave the organization, then they should be first relieved of their duties and then asked to submit all the credentials that they were possessing. Then an audit of IT infrastructure must be conducted and then the employees must ask to leave.

 

The post Insider Cyber Threats rise by Tech Layoffs appeared first on Cybersecurity Insiders.

Organizations and businesses must use a range of measures, protocols, and tools to protect their databases from cybercriminals. If breached, malicious actors can gain access to sensitive information that they can use for financial gain. Security teams must adapt and constantly improve to protect against ever-evolving security threats, and maintain the integrity of a database. […]… Read More

The post Major Database Security Threats & How You Can Prevent Them appeared first on The State of Security.

In today’s online landscape, it is crucial for organizations to stay on top of the threats that put their enterprises at risk. Agari and PhishLabs have put together their Quarterly Threat Trends & Intelligence Report detailing their analysis of phishing and social media attacks this quarter. The report presents statistics regarding the volume of attacks, […]… Read More

The post Top Phishing and Social Media Threats: Key Findings from the Quarterly Threat Trends & Intelligence Report appeared first on The State of Security.

For the past 3-4 years, North Korea has been funding Kim Jong’s Nuclear ambition by launching cyber attacks leading to data breaches, stealing cryptocurrencies from exchanges and individual wallets, selling illegal arms to internationally acclaimed criminals such as terrorists, and conducting money laundering crime.

In order to put a full stop to all such crimes, the United States Department of State Rewards for Justice program is offering a $5 million reward to those who offer credible information on the crime conducted by the Democratic People’s Republic of Korea.

A Federal Cyber Threat Advisory was issued on this note against North Korea leaders and supporters who indulge in crimes such as Money Laundering, Cyber Crimes, and Sanctions Evasions.

According to an analysis conducted by Chainalysis, North Korea gained $400 million in the year 2021 by launching cyber attacks on cryptocurrency exchanges and siphoning money from individual accounts. Their aim is to target victims by launching phishing attacks, inducing code exploits, and malware such as ransomware that ensures payment in one way or the other.

As per a joint operation launched by American Intelligence in association with UK’s GCHQ, Lazarus Groups has turned super-active in recent times, despite sanctions pressed on it by the West.

In the year 2017-18 the Department of Justice also imposed a ban on the activities conducted by Lazarus on worldwide note. The ban was imposed as the said North Korea group of hackers were found apparently involved in the spread of Wannacry ransomware, resulting in the operational disruption of over 250,000 computers on a global note.

Despite stringent actions, the criminal group Lazarus and its affiliates haven’t slowed down in attacking their victims by different means.

For this reason, the Fed is now offering a reward to those who offer credible information about those involved in the attacks.

US DoJ is also ready to offer lucrative rewards to persons who offer tip-offs. And they can channel their inputs Via Signal, Telegram, or WhatsApp on the following number: +1-540-760-5089. Personal details of the person contacting the department will keep as a secret (100%).

 

The post United States offers $5 million rewards for Information on Cyber Attacks launched by North Korea appeared first on Cybersecurity Insiders.

When you read your favorite cybersecurity blog, do you often wonder what it would be like to sit down with the authors and get their real thoughts about some of the topics they write about?  Most blogs and articles are so carefully curated, edited, fact-checked, and linked to supporting evidence that they can seem somewhat […]… Read More

The post Pub Talk: IT/OT convergence, Frameworks and prevailing cybersecurity threats appeared first on The State of Security.