Data is at risk from the second that a key is pressed on an endpoint to the point when it reaches the corporate cloud and is stored. In fact, the most vulnerable point in the entire process is at the very beginning when the user presses a key, and this is where protection needs to be prioritised.
At the beginning of the Covid-19 crisis, I predicted that cyberattacks would increase by 30-40%, and it gives me no pleasure to see this happening before my eyes. We carried out a survey in the latter half of April amongst 1550 UK employees working remotely due to the crisis which found that 42% had received suspicious emails and 18% had already tackled a security breach since lockdown began. Continue reading
For those that can, remote working is becoming the norm as we learn to adapt to restrictions imposed by the coronavirus crisis. But while we take measures to protect ourselves physically, when it comes to protecting ourselves and the businesses we work for, or manage, from cybercrime, the battle is only just beginning.
The corporate cloud is accessed by endpoints in a variety of environments – from within the corporate physical environment (managed devices), employees accessing remotely (such as from home or a café or hotel), and from customer and supplier environments: Continue reading
There have been ample warnings about phishing emails capitalizing on the coronavirus outbreak, as phishing attacks tend to employ current fears to entice users. That much should be well understood as it occurs each time there are new widespread fears.
As business confidence in the security of the cloud continues to grow, Office 365 usage becomes more and more prevalent. Today, the Office 365 suite is used by just about every organization on the planet. It allows users to access their files from anywhere (such as from home) and from multiple devices (thin client, laptop, tablet, mobile), and it empowers collaboration. This improves work productivity and efficiency.
Many families of malware (such as those used in APTs), as well as botnets used for DDoS attacks, periodically contact their Command & Control server (C2) in order to receive instructions, downloads of updated code, or to exfiltrate stolen data. C2 servers can also be used to provide attackers remote access to a compromised system. If the malware developer hardcodes the domain name (or a static list of domain names) of the C2 server, then a security company could reverse engineer the malware code to discover the domain name. Security organisations could then blacklist the C2 domain or authorities could take it down, a process known as sinkholing. Once C2 traffic is blocked, the malware controller can no longer communicate with any of the malware installations, and cannot receive any data.
Each year around 2-3 billion credentials (username/password logon details) are stolen in data breaches. This is known as credential spillage, because legitimate credentials which rely on being known only by the user and (generally a representation) known by the online account provider, now become known to the attackers and subsequently to a wider audience.
Fileless attacks are becoming more and more prevalent. The Ponemon Institute estimate that 35% of all attacks during 2018 were fileless. And more importantly, they conclude that fileless attacks are 10 times more likely to succeed than any other form of attack. The reason for this haunting reality is simple: traditional anti-virus protection relies on file scanning, and with these attacks, no files are stored on the hard drive. Another reason for the popularity of this specter is that they leave no footprint, making forensics after the event difficult. The inclusion of fileless methods in many exploit kits contributes to their prevalence.