The corporate cloud is accessed by endpoints in a variety of environments – from within the corporate physical environment (managed devices), employees accessing remotely (such as from home or a café or hotel), and from customer and supplier environments: Continue reading
Coronavirus work-from-home policy introduces heightened security risk
There have been ample warnings about phishing emails capitalizing on the coronavirus outbreak, as phishing attacks tend to employ current fears to entice users. That much should be well understood as it occurs each time there are new widespread fears.
Top 3 ways to make Office 365 endpoints more secure
As business confidence in the security of the cloud continues to grow, Office 365 usage becomes more and more prevalent. Today, the Office 365 suite is used by just about every organization on the planet. It allows users to access their files from anywhere (such as from home) and from multiple devices (thin client, laptop, tablet, mobile), and it empowers collaboration. This improves work productivity and efficiency.
Malware C2 communication using Domain Generation Algorithms
Many families of malware (such as those used in APTs), as well as botnets used for DDoS attacks, periodically contact their Command & Control server (C2) in order to receive instructions, downloads of updated code, or to exfiltrate stolen data. C2 servers can also be used to provide attackers remote access to a compromised system. If the malware developer hardcodes the domain name (or a static list of domain names) of the C2 server, then a security company could reverse engineer the malware code to discover the domain name. Security organisations could then blacklist the C2 domain or authorities could take it down, a process known as sinkholing. Once C2 traffic is blocked, the malware controller can no longer communicate with any of the malware installations, and cannot receive any data.
Credential stuffing, password spraying and account takeover
Each year around 2-3 billion credentials (username/password logon details) are stolen in data breaches. This is known as credential spillage, because legitimate credentials which rely on being known only by the user and (generally a representation) known by the online account provider, now become known to the attackers and subsequently to a wider audience.
Ghost in the machine
Fileless attacks are becoming more and more prevalent. The Ponemon Institute estimate that 35% of all attacks during 2018 were fileless. And more importantly, they conclude that fileless attacks are 10 times more likely to succeed than any other form of attack. The reason for this haunting reality is simple: traditional anti-virus protection relies on file scanning, and with these attacks, no files are stored on the hard drive. Another reason for the popularity of this specter is that they leave no footprint, making forensics after the event difficult. The inclusion of fileless methods in many exploit kits contributes to their prevalence.
Enhanced security through containerisation
Containerisation is now an additional tool in the security arsenal which may enhance the protection of many applications and sensitive data.
Continue reading
Growing North Korean cyber capability
Recent missile launches from the DPRK have received a lot of attention, however their cyber offensives have also been active and are growing in sophistication.
Cryptojacking boom
Cryptocurrencies such as Bitcoin have been the focus of acute attention recently. Just about everybody knows someone or has heard of someone making windfall profits from 2017’s spectacular price rises in Bitcoin and other cryptocurrencies. The sector has also not escaped attention from cybercriminals with incidents of cryptojacking rapidly escalating. Higher cryptocurrency prices increase the returns from coin mining, making cryptojacking an attractive target of cybercrime. IBM reported a 6-fold increase in cyptocurrency mining attacks between Jan-Aug 2017, and Wandera found a 287% increase on mobile devices between October and November 2017.
Continue reading
IoT device guidelines
On several occasions I’ve written about insecurities of the Internet of Things – such as here, here, here, here and here. Recently, four US Senators decided to do something about it, and with the help of the Atlantic Council and Harvard University, have drafted a bill outlining minimum security requirements for IoT device purchases by US Federal agencies. The bill is bipartisan, proposed by two Republican Senators – Steve Daines (MT) and Cory Gardner (CO), and two Democrats – Mark Warner (VA) and Ron Wydon (OR). The proposed legislation is to be known as the Internet of Things Cybersecurity Improvement Act of 2017. It is a good start, and examining its provisions provides insight into many IoT device security vulnerabilities and solutions.
Continue reading