Defend Your Infrastructure As Identity Thefts Surge And Malware Infections Out Of Control – Charles Leaver

Charles Leaver Writes:

In a report it was revealed that breaches of consumer data implies that there are more and more identity thefts being performed these days. This is extremely worrying for all of us.

The report was conducted by the National Consumers League and it reveals that in the year 2013, around 33% of consumer data breaches caused identity fraud, and this means that the figure has actually tripled since the year 2010. This worrying rise can be explained by some clear factors. Cyber bad guys are using a lot more sophisticated methods now and there is an absence of cyber attack laws that force companies to reveal when they have had an attack. To make matters worse there are not many companies utilizing endpoint detection and response systems to secure their data. All of this means that we are entering a climate where customers are discovering that their data is constantly under attack by deceitful hackers.

John Breyault, who is a member of the National Consumers League, specified that cyber attack breach legislation like the one operating in California can help with the minimization of breach fall outs by mandating the companies that have been infiltrated to rapidly get the word out.

He went on to state that after a breach prompt notice is needed so that people can perform a “harm analysis” once they learn about a breach. This is everyone’s right and at the moment the kind of issue that would set a notification in motion remains really broad.

Sadly, it is not just identification theft that is under the spotlight. Another report highlighted that malware is now more widespread than it ever was.

 

Every Third Computer Has A Malware Infection Revealed In A Report

 

The Anti Phishing Workers Group released a report specifying that malware was likely to be present in up to a third of the computer systems across the world by the last quarter of 2013. This is a considerable increase when compared with the previous quarter says Tech News World. The technical director of a security lab that examines cyber attacks, Luis Corons, said that brand-new malware strains are being developed at a very fast pace and that malware infections could rise even further.

He mentioned that the development of brand-new malware samples has just escalated and it has doubled from the last quarter of 2013 to the first quarter of 2014.

The findings of these two reports highlights that there is no space for complacency in organizations when it pertains to security. Every organization needs to sure up its endpoint detection and response systems or face the fact that a cyber attack is significantly more likely to be coming their way.

 

Don’t Face Fines For Breaches And Malware Get Defenses Now – Charles Leaver

With malware becoming more stealth and the fines that enterprises face when they suffer a breach from it makes the case for installing endpoint detection and response systems even more vital than it was in the past. Without the right defenses executed there is not only the risk of a significant cyber attack, but also fines and suits that can be extremely damaging to a company. If a business believes that it is immune to cyber attacks then they are being arrogant and ignorant. The cyber bad guys out there are making their attacks practically undetected these days.

Severe Malware Risk Now Evading Detection

Embedding a secret message into something unforeseen is called steganography and is not something brand-new that has arrived with the Web. In the 1600’s, Gaspar Schott created a book which discussed how a secret message could be hidden in a musical score which could be decrypted by those that understood about it. The technique used was the notes on the score would correspond to a letter of the alphabet and for that reason the message could be checked out.

This practice has some distressing ramifications as it offers a practically sure-fire way of concealing information that should not exist. Cyber crooks have actually been using steganography for a number of years now. It was reported in a Federal Plan Cyber Security which was published by the National Science and Technology Council in 2006, that steganography represents an especially sneaky method for terrorists to infiltrate U.S. systems.

The report mentioned that these tools are inexpensive and extensive making steganography an enabling technology for the enemies of the United States.

These days cyber security attacks are rampant and hackers are leveraging steganography to carry out attacks that are practically undetectable and really sophisticated. In a paper on the hazards of steganography, it was mentioned that there is momentum gathering in its use amongst cyber bad guys who can utilize the approach to breach networks without detection. The report went on to say that Web based steganography has actually ended up being a lot more advanced and will just become more so in the years to come.

While steganography does present a huge threat it can be mitigated by implementing an endpoint detection and response system. This system will carefully see all areas where a cyber bad guy might gain access and it is recommended that all organizations take this crucial action.

The Penalties Are High For Organizations That Suffer A Malicious Breach

The threat of a steganographic attack should definitely be enough for you to install an endpoint detection and response system however if it isn’t really then the considerable fines that your organization can face for a breach should be. Any company is vulnerable to attacks and fines. As an example of this the Women and Infant Hospital in Providence, Rhode Island, needed to pay $150,000 as a result of a cyber attack which saw the info of 12,000 individuals jeopardized. The Modesto Bee specified that the data that the healthcare facility lost consisted of Social Security numbers, dates of birth as well as ultrasound imagery.

The corporate world can also suffer at the hands of a malicious breach. eBay dealt with a lawsuit from a consumer in Louisiana after they were infiltrated according to Computerworld. Colin Green, who filed the lawsuit, is not alone in being dissatisfied and represents millions of people who were not delighted that their personal data was exposed when the cyber attack took place at eBay. The prospective fines and law suits make the investment in a tested endpoint detection and response system really rewarding.

Hiding Cyber Attacks Is Not Recommended – Charles Leaver

From The Desk Of Charles Leaver

A business suffers a cyber attack. The system administrators learn about the attack, they want to know more about it, they send their IT group to try and stem the attack and recoup lost data. This is what happens after lots of companies have actually been breached, however then business frequently fails to take the next essential step: the proactive notifying of their consumers that they have experienced a cyber attack. There have been many cases where it has been hard to obtain a business to connect to its consumers and it takes a lot more time and threat than it should do.

There is a tendency now that enterprises that have actually been breached just do not wish to tell those that have been affected by the attack– their customers– that the attack occurred according to the Portland Press Herald. The reason that businesses do not want to tell their clients is completely self-centered. They are worried that the reputation of their company will be harmed if they tell the world about the attack so they constantly want to keep this news in house. Both Target and Neiman Marcus did this and waited far too long to inform their consumers that they had been victims of a cyber attack.

It Is Simply Detrimental To Keep Cyber Attack News Away From Your Consumers

It is totally irresponsible to hold back on telling your customers about a cyber attack and it can likewise work against you. If there is a long gap between the attack taking place and businesses admitting that it took place then it can appear that the business is being dishonest and is not proficient enough to safeguard consumer data. In spite of this, companies that have actually experienced an attack continue to withhold this information from their clients. JP Morgan Chase was an example where there was a delay of around four months before they told their clients that they had actually suffered a significant cyber attack. U.S. Public Interest Research Group consumer program director, Ed Mierzwinski, said there is a great deal of work to do when it pertains to informing customers that a breach has actually taken place.

He stated that clearing your name was a “pain in the neck”. He likewise stated that it takes a lot of time and the company does not make money for doing this.

In spite of the time and effort involved, it is necessary that companies adopt a full recovery procedure and that they inform their consumers about the cyber attack every step of the way. If the idea of telling your customers that you have been breached does not appeal then you can prevent attacks from occurring in the first place. If a stringent endpoint detection and response system is installed then a business can safeguard their network and make sure that they will not be subject to a cyber attack and put their consumer data at risk.

 

You Need Endpoint Detection And Response In Your Business Or The Losses Could Be Huge – Charles Leaver

Written By Ziften CEO Charles Leaver

Companies should be taking every possible action to secure their computer network with the present danger of cyber security attacks and it is intriguing that they are refraining from doing this. Their data is important to them however they are taking no action. Posting for bobsguide, guest poster Torgny Gunnarsson– who operates a business that provide data solutions – made the point that at a time when all businesses are always trying to take advantage of new technology, they appear to be reluctant to put the defensive measures in place, such as endpoint detection and response. While it is good that businesses are utilizing the current technology, they are at the same time ending up being susceptible to a new world of risks that include information loss, breaches of passwords and ransomware.

A few of these companies might not really understand the risk of cyber security and virtual crime, after they are hit with this problem there will be a variety of consequences to this. Gunnarson references attacks on Target and Adobe in his post and comments that these were examples of shortfalls in security which led to big financial losses. With the Adobe attack there was a loss of 38 million users. Alerting 38 million users about this would definitely come at a high price states Data Breach Insurance, then there are the expenses of recovering the situation as well as that. Reuters stated that Target needed to pay more than $60 million as a result of the information breach, and also suffered with a loss of business as a result of the cyber attack.

You would believe that these kinds of high profile losses would have all businesses rushing out to safeguard themselves with an endpoint detection and response system and take other measures that they could to prevent cyber crime. However the reality is different and many companies think that there is no way that their infrastructure will ever be under attack. This is a very risky strategy and very short sighted in this present environment of cyber attacks.

Secure Your Company Now With These Actions

It is an overwhelming possibility to believe that there are a variety of cyber wrongdoers who want to access your information. You do not have to be the next victim of this just because there are a lot of hackers out there. By taking these steps listed below you will make a substantial impact on keeping hackers far from your infrastructure:

1. You need to implement an endpoint detection and response system. Absolutely nothing else is more important when it concerns protecting your business from a cyber attack. When you install enterprise endpoints you will have the comfort that there will be no attempted attacks on your network without you knowing it.

2. You have to make certain all of your workers know the risk of cyber security. Don’t just leave it to your IT team to be up to date with the most recent cyber security hazards. You must comprehend that a cyber attack can be launched from anywhere in the world and these hackers can target any business. When you keep your employees up to speed about these cyber threats you add another level of defense by making sure that workers practice safe computing and do everything that they can to keep the hackers out.

3. You need to constantly keep an eye on security. It should be a leading concern to take care of your cyber security so ensure that it is. Be sure that your endpoint detection software application is up to date and put cyber security on the program at every conference. There is no place for complacency with cyber security.

 

Don’t Risk Your Organization Security With Adobe Flash – Charles Leaver

Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO

Are you Still Running Apple QuickTime and Adobe Flash for Windows? Didn’t You Get the Memo?

With Independence day looming a metaphor is needed: Flash is a bit like lighting fireworks. There might be less dangerous methods to do it, but the only sure method is simply to prevent it. And with Flash, you needn’t combat pyromaniac surges to avoid it, just handle your endpoint setups.

Adobe1

Why would you want to do this? Well, querying Google for “Flash vulnerability” returns thirteen-million results! Flash is old and finished and ready for retirement, as Adobe put it themselves:

Today [November 30, 2015], open standards like HTML5 have matured and offer much of the abilities that Flash introduced… Looking forward, we encourage content creators to develop with new web standards…

Run a vulnerability scanner throughout your endpoint population. See any Flash indication? Yes, in the typical business, zillions. Your hackers know that likewise, they are depending on it. Thanks for contributing! Just continue to disregard those annoying security blog writers, like Brian Krebbs:

I would advise that if you use Flash, you must highly consider removing it, or a minimum of hobbling it until and unless you need it.

Ignoring Brian Krebs’ suggestions raises the chances your business’s data breach will be the headline story in one of his future blogs.

Adobe2

 

Flash Exploits: the Preferred Exploit Kit Ingredient

The unlimited list of Flash vulnerabilities continues to extend with each brand-new patch cycle. Nation state enemies and the better resourced groups can call upon Flash zero days. They aren’t difficult to mine – launch your fuzz tester against the creaking Flash codebase and view them roll out. If an offending cyber group can’t call upon zero days, not to worry, there are lots of newly issued Flash Common Vulnerabilities and Exposures (CVE) to bring into play, before business patch cycles are brought up to date. For exploit package authors, Flash is the gift that keeps giving.

A current FireEye blog exhibits this normal Flash vulnerability development – from virgin zero-day to newly hatched CVE and prime business exploit:

On May 8, 2016, FireEye detected an attack making use of a previously unidentified vulnerability in Adobe Flash Player (CVE-2016-4117) and reported the issue to the Adobe Product Security Incident Response Team (PSIRT). Adobe launched a patch for the vulnerability in APSB16-15 simply 4 days later on (Published to FireEye Risk Research Blog on May 13, 2016).

As a quick test then, check your vulnerability report for that entry, for CVE-2016-4117. It was employed in targeted attacks as a zero day even before it became a known vulnerability. Now that it is known, popular exploitation sets will find it. Be sure you are ready.

Start a Flash and QuickTime Obliteration Campaign

While we have not spoken about QuickTime yet, Apple got rid of support for QuickTime on Windows in April, 2016. This summarily triggered a panic in corporations with great deals of Apple macOS and Windows clients. Do you get rid of all support for QuickTime? Including on macOS? Or just Windows? How do you discover the unsupported versions – when there are numerous drifting around?

 

Adobe3

By doing nothing, you can flirt with catastrophe, with Flash vulnerability exposures swarming throughout your client endpoint population. Otherwise, you can begin a Flash and QuickTime eradication project to move towards a Flash-free enterprise. Or, wait, perhaps you inform your users not to glibly open e-mail attachments or click on links. User education, that constantly works, right? I do not believe so.

One issue is that a few of your users work function to open attachments, such as PDF invoices to accounts payable departments, or applicant Microsoft Word resumes to hiring departments, or legal notices sent to legal departments.

Let’s take a closer look at the Flash exploitation described by FireEye in the blog post mentioned above:

Attackers had actually embedded the Flash exploitation inside a Microsoft Office document, which was then hosted on their web server, and used a Dynamic DNS (DDNS) domain to reference the doc and payload. With this setup, the assailants could share their exploitation through URL or email attachment. Although this vulnerability lives within Adobe Flash Player, risk actors created this specific cyber attack for a target using Windows and Microsoft Office.

Adobe4

Even if the Flash-adverse enterprise had completely purged Flash enablement from all their numerous internet browsers, this exploitation would still have succeeded. To fully remove Flash needs purging it from all internet browsers and disabling its execution in embedded Flash objects within Microsoft Office or PDF documents. Definitely that is an action that needs to be taken as a minimum for those departments with a job function to open attachments from unsolicited e-mails. And extending outwards from there is a worthwhile setup solidifying objective for the security conscious enterprise.

Not to mention, we’re all awaiting the first post about QuickTime vulnerability which collapses a major business.

ziften-flash-diagram-700x257

DBIR Report 2016 From Verizon Carries The Same Message – Charles Leaver

Written By Dr Al Hartmann And Presented By Charles Leaver, Ziften CEO

The Data Breach Investigations Report 2016 from Verizon Enterprise has been released examining 64,199 security events resulting in 2,260 security breaches. Verizon specifies an incident as jeopardizing the integrity, confidentiality, or availability on an information asset, while a breach is a confirmed disclosure of data to an unapproved party. Because avoiding breaches is far less painful than enduring them Verizon offers several sections of recommended controls to be employed by security-conscious businesses. If you don’t care to read the full 80-page report, Ziften offers this Verizon DBIR analysis with a focus on Verizon’s EDR-enabled recommended controls:

Vulnerabilities Recommended Controls

A strong EDR tool performs vulnerability scanning and reporting of exposed vulnerabilities, including vulnerability direct exposure timelines showing vulnerability management efficiency. The direct exposure timelines are essential since Verizon stresses a systematic method that highlights consistency and protection, versus haphazard convenient patching.

Phishing Advised Controls

Although Verizon suggests user training to prevent phishing vulnerability, still their data indicates nearly a 3rd of phishes being opened, with users clicking the link or attachment more than one time in 10. Not good odds if you have at least 10 users! Provided the unavoidable click compromise, Verizon recommends placing effort into detection of irregular networking activity indicative of rotating, C2 traffic, or data exfiltration. A sound EDR system will not just track endpoint networking activity, but likewise filter it against network threat feeds determining destructive network targets. Ziften goes beyond this with our patent-pending ZFlow technology to augment network flow data with endpoint context and attribution, so that SOC personnel have vital decision context to rapidly resolve network alerts.

Web App Cyber Attacks Recommended Controls

Verizon recommends multi-factor authentication and tracking of login activity to prevent compromise of web application servers. A strong EDR system will monitor login activity and will apply anomaly inspecting to spot unusual login patterns a sign of compromised credentials.

Point-of-Sale Invasions Recommended Controls

Verizon recommends (and this has actually likewise been highly recommended by FireEye/Mandiant) strong network segmentation of Point of Sale devices. Once again, a solid EDR system ought to be tracking network activity (to determine anomalous network contacts). ZFlow in particular is of great worth in offering critical decision context for suspect network activity. EDR solutions will also address Verizon’s suggestion for remote login tracking to POS devices. Together with this Verizon recommends multi-factor authentication, but a strong EDR ability will enhance that with extra login pattern anomaly checking (considering that even MFA can be defeated with MITM attacks).

Insider and Privilege Abuse Suggested Controls

Verizon recommends “monitor the heck out of [employee] authorized day-to-day activity.” Continuous endpoint monitoring by a strong EDR product naturally provides this capability. In Ziften’s case our product tracks user existence periods of time and user focus activities while present (such as foreground application usage). Anomaly checking can determine unusual discrepancies in activity pattern whether a temporal anomaly (i.e. something has modified this user’s normal activity pattern) or whether a spatial abnormality (i.e. this user behavior pattern differs considerably from peer habit patterns).

Verizon also suggests tracking use of USB storage devices, which solid EDR systems provide, considering that they can act as a “sneaker exfiltration” path.

Miscellaneous Errors Advised Controls

Verizon recommendations in this area focus on keeping a record of past errors to serve as a caution of errors to not repeat in the future. Solid EDR products do not forget; they preserve an archival record of endpoint and user activity going back to their first release. These records are searchable at any time, possibly after some future event has uncovered an intrusion and response groups have to go back and “discover patient zero” to decipher the incident and recognize where mistakes may have been made.

Physical Theft and Loss Recommended Controls

Verizon suggests (and many regulators need) full disk encryption, specifically for mobile phones. A strong EDR system will verify that endpoint configurations are certified with business file encryption policy, and will alert on offenses. Verizon reports that data assets are physically lost 100 times more often than they are physically taken, however the effect is essentially the same to the impacted enterprise.

Crimeware Advised Controls

Again, Verizon emphasizes vulnerability management and consistent comprehensive patching. As noted above, appropriate EDR tools determine and track vulnerability direct exposures. In Ziften’s case, this keys off the National Vulnerability Database (NVD), filtering it versus procedure image records from our endpoint tracking. This shows a precisely updated vulnerability evaluation at any time.

Verizon also advises recording malware analysis data in your own business environment. EDR tools do track arrival and execution of new binaries, and Ziften’s system can acquire samples of any binary present on business endpoints and send them for in-depth static and vibrant analysis by our malware research study partners.

Cyber-Espionage Advised Controls

Here Verizon particularly calls out use of endpoint threat detection and response (ETDR) tools, describing the security tool segment that Gartner now terms endpoint detection and response (EDR). Verizon likewise suggests a variety of endpoint setup hardening actions that can be compliance-verified by EDR tools.

Verizon also advises strong network protections. We have actually currently gone over how Ziften ZFlow can considerably improve conventional network flow monitoring with endpoint context and attribution, supplying a blend of network and endpoint security that is truly end-to-end.

Finally, Verizon suggests tracking and logging, which is the first thing 3rd party occurrence responders request when they get on-scene to help in a breach crisis. This is the prime function of EDR tools, considering that the endpoint is the most regular entry vector in a significant data breach.

Denial-of-Service Attacks Advised Controls

Verizon suggests managing port access to prevent enterprise assets from being used to take part in a DoS attack. EDR products can track port usage by applications and employ anomaly checks to recognize unusual application port usage that could show compromise.

Enterprise services migrating to cloud companies likewise require protection from DoS attacks, which the cloud service provider may supply. Nevertheless, looking at network traffic tracking in the cloud – where the business may lack cloud network visibility – options like Ziften ZFlow supply a method for collecting improved network flow data directly from cloud virtual servers. Don’t let the cloud be your network blind spot, otherwise opponents will exploit this to fly outside your radar.