Remote workers face onslaught of malicious cyber threats

At the beginning of the Covid-19 crisis, I predicted that cyberattacks would increase by 30-40%, and it gives me no pleasure to see this happening before my eyes. We carried out a survey in the latter half of April amongst 1550 UK employees working remotely due to the crisis which found that 42% had received suspicious emails and 18% had already tackled a security breach since lockdown began. Continue reading

Never has a security blanket been more needed

For those that can, remote working is becoming the norm as we learn to adapt to restrictions imposed by the coronavirus crisis. But while we take measures to protect ourselves physically, when it comes to protecting ourselves and the businesses we work for, or manage, from cybercrime, the battle is only just beginning.
Continue reading

Protected endpoint applications provide common security posture for enterprise cloud ecosystems

The corporate cloud is accessed by endpoints in a variety of environments – from within the corporate physical environment (managed devices), employees accessing remotely (such as from home or a café or hotel), and from customer and supplier environments: Continue reading

Coronavirus work-from-home policy introduces heightened security risk

There have been ample warnings about phishing emails capitalizing on the coronavirus outbreak, as phishing attacks tend to employ current fears to entice users. That much should be well understood as it occurs each time there are new widespread fears.

Continue reading

Top 3 ways to make Office 365 endpoints more secure

As business confidence in the security of the cloud continues to grow, Office 365 usage becomes more and more prevalent. Today, the Office 365 suite is used by just about every organization on the planet. It allows users to access their files from anywhere (such as from home) and from multiple devices (thin client, laptop, tablet, mobile), and it empowers collaboration. This improves work productivity and efficiency.

Continue reading

Malware C2 communication using Domain Generation Algorithms

Many families of malware (such as those used in APTs), as well as botnets used for DDoS attacks, periodically contact their Command & Control server (C2) in order to receive instructions, downloads of updated code, or to exfiltrate stolen data. C2 servers can also be used to provide attackers remote access to a compromised system. If the malware developer hardcodes the domain name (or a static list of domain names) of the C2 server, then a security company could reverse engineer the malware code to discover the domain name. Security organisations could then blacklist the C2 domain or authorities could take it down, a process known as sinkholing. Once C2 traffic is blocked, the malware controller can no longer communicate with any of the malware installations, and cannot receive any data.

Continue reading

Credential stuffing, password spraying and account takeover

Each year around 2-3 billion credentials (username/password logon details) are stolen in data breaches. This is known as credential spillage, because legitimate credentials which rely on being known only by the user and (generally a representation) known by the online account provider, now become known to the attackers and subsequently to a wider audience.

Continue reading

Ghost in the machine

Fileless attacks are becoming more and more prevalent. The Ponemon Institute estimate that 35% of all attacks during 2018 were fileless. And more importantly, they conclude that fileless attacks are 10 times more likely to succeed than any other form of attack. The reason for this haunting reality is simple: traditional anti-virus protection relies on file scanning, and with these attacks, no files are stored on the hard drive. Another reason for the popularity of this specter is that they leave no footprint, making forensics after the event difficult. The inclusion of fileless methods in many exploit kits contributes to their prevalence.

Continue reading

Enhanced security through containerisation

Containerisation is now an additional tool in the security arsenal which may enhance the protection of many applications and sensitive data.
Continue reading

Growing North Korean cyber capability

Recent missile launches from the DPRK have received a lot of attention, however their cyber offensives have also been active and are growing in sophistication.

Continue reading