Threats and vulnerabilities represent some
of the cyber risks that organizations face daily. While these terms are often used
interchangeably, they actually have distinct meanings. In order to have a
strong understanding on the types of security issues that can affect your
organization, learning how threats and vulnerabilities relate to one another is
crucial.
The Relationship Between Vulnerabilities and
threats
Vulnerabilities and threats are both used
to determine an organization’s cyber risk. The close relationship between the
two is why these terms are often used interchangeably.
To show the relationship between a threat and a vulnerability, take a phishing attack as an example. Hackers target organizations with phishing emails because they know that employees are often an organization’s weakest link and most common vulnerability. Hackers exploit this vulnerability by sending phishing emails to employee inboxes, making the phishing email a threat. Whether the phishing email actually inflicts damage to the organization depends on whether employees click on the email links. If employees are cyber aware and have undergone cybersecurity training, they most likely won’t fall victim to the attack. On the flipside, an employee who may not be paying close attention to the email or is unaware of phishing as a cyber threat is more likely to click on the link (accidentally or not).
What is a Vulnerability?
Vulnerabilities refer to security
weaknesses that can be taken advantage of by threat actors. They can exist
anywhere in your infrastructure, from your desktop computers to the
applications you use and even your employees. Vulnerabilities aren’t inherently
dangerous per se but can cause a lot of damage if they are exploited. The risk of a vulnerability depends on where
the vulnerability is and the potential impact on a business.
How to Minimize Vulnerabilities
To minimize vulnerabilities, organizations
need to close the security gaps that exist in their infrastructure. Here are
three ways organizations can minimize their vulnerabilities:
Patch regularly: Developers and manufacturers are always updating their products which is why it’s important to install security patches as soon as they’re available. The longer you wait to patch a vulnerability, the more time hackers have to exploit the vulnerability and enter your network.
Conduct an assessment: A vulnerability risk assessment is used to help organizations understand the risks in their infrastructure and identify any vulnerabilities. An assessment will help organizations catch security gaps before they can be exploited and provide actionable suggestions to help improve overall security.
Use a VPN: Many organizations allow employees to work remotely and connect to the corporate network with their own devices. However, remote working can leave organizations vulnerable to being hacked if an employee is using an unsecure network. To safely connect employees to the corporate network, it’s vital they use a VPN. VPNs help encrypt traffic and creates a private connection to the network.
What is a threat?
Threats refer to events that have the
potential to harm an organization. There are several different types of
threats, such as malware, ransomware, trojans, etc. Threats are actioned by
threat actors who try to leverage vulnerabilities to gain access to a system. These
threat actors can be external parties like hackers or insider
threats who already have access to your internal systems.
How to Defend Against Threats
Threats are harder to stop because they’re
out of your control and hackers never stop trying to steal data. In order to
protect yourself from the latest threats, you need to minimize opportunities
for hackers to exploit vulnerabilities. Here are three ways to defend against
threats:
Use secure solutions: Implementing advanced security solutions throughout every part of your infrastructure will ensure you are protecting every entry point. Protecting your perimeter with a firewall will help keep actors out while using a SIEM will help detect suspicious behaviour that can indicate a threat. To learn more about our security solutions, contact us today.
Protect Account Credentials: Your organization’s credentials are the keys to your network and data. Having a good password policy that also includes multi-factor authentication will help secure your accounts. Encourage employees to never reuse passwords across workplace accounts and ensure that all passwords require unique characters and symbols.
Backup data: Your organization’s data is the primary target for hackers which is why it’s important to protect it. Furthermore, events like hurricanes, fires or floods can also threaten your data. Backing up your data regularly will ensure that you always have a copy in the event you are unable to access your files. It will also ensure that the latest documents are saved.
A new variant of PsiXBot, malware configured for the theft of information and cryptocurrency, has been spotted in the wild which abuses Google’s DNS over HTTPS service.
PsiXBot is a relatively new strain of malware, having first been discovered in 2017. Written in .NET, the malicious code has undergone an array of changes and evolutions, and according to Proofpoint researchers, the latest upgrade includes some very interesting alterations.
Proper security measures must be in place to defend against PsiXBot Malware and similar threats. Ensure your systems have the latest patches installed. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
CVE 2019-23211
Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address critical vulnerabilities in Adobe Flash Player. Successful exploitation could lead to arbitrary code execution in the context of the current user.
A new malware with strange associations to the Ryuk Ransomware has been discovered to look for and steal confidential financial, military, and law enforcement files.
While Ryuk Ransomware encrypts a victim’s files and then demands a ransom, it is not known for actually stealing files from an infected computer. A new infection discovered today by MalwareHunterTeam, does exactly that by searching for sensitive files and uploading them to a FTP site under the attacker’s control.
Proper security measures must be in place to defend against Ryuk related malware and similar threats. Ensure your systems have the latest patches installed. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
Online skimming is currently one of the
biggest persistent threats affecting retailers and service providers. These
attacks infect e-commerce websites with malicious code to steal payment
information. One of the biggest perpetrators of online skimming attacks is
Magecart, a group of bad actors that target payment websites. Magecart hackers
are consistently evolving their techniques. According to research from security
researcher Willem de Groot, one in five Magecart-infected stores are
re-infected within days.
To start stealing information, bad actors
need to find a way to gain access to your website. They can do this by
exploiting vulnerabilities, phishing for your website credentials or through
hacking into a third-party application. The latter is more common as most
websites use third-party applications for functions such as live chat or to
track visitor traffic. Bad actors prefer to target third-party providers
because they can compromise more websites at once. Third-party breaches are
also harder to detect because they don’t compromise the merchant directly. Therefore,
a merchant may not realize their website has fallen victim to online skimming
until its too late.
2. Inject Skimming Code
Once the door is open and the bad actors
are inside, they can start injecting malicious JavaScript code to perform
online skimming. This code can be customized to target specific websites or
enact specific types of behaviour and can be hidden within normal script.
Common scripts include the following:
Formjacking: Formjacking
is when bad actors swap out legitimate payment forms with fake ones so that any
information that is typed out in checkout is sent to another server.
Keyloggers: Keylogging scripts
are used to record keystrokes to steal information. Bad actors can use
keyloggers to determine credit card numbers or passwords.
Regardless of the type of malicious script,
the goal is always the same: to steal information.
3. Steal the Payment Data
Once the malicious code is injected, it
will lie within the website’s code until it’s triggered by a customer
submitting payment information during checkout. Any information submitted is
either stored locally on the compromised website or sent remotely to a command
server controlled by the bad actors.
Any data harvested by the hackers can be
used in a variety of ways. Some may use stolen credit card information to
commit fraud or identity theft. Others will most likely sell the data on the
dark web.
How to Protect Your Website
Companies with e-commerce websites and
third-party providers are at most risk to being hit with online skimming
attacks. In order to protect your business, you need to have detection and
prevention best practices in place.
Detection Best Practices
1. Perform a risk assessment: A risk assessment will help detect vulnerabilities by scanning your website for any security gaps.
2. Review code: Taking some time to review your website code for any malicious scripts can help detect them before they compromise your website.
3. Review security logs:SIEM can help detect and monitor your networks for suspicious activity by producing security logs that can be analyzed for review. To learn more about our SIEM, contact us today.
Prevention Best Practices
1. Data encryption: All customer payment information should be securely encrypted to prevent bad actors from reading data.
2. Always patch systems: Staying up-to-date with the security patches for your systems and software will help prevent bad actors from exploiting potential vulnerabilities.
3. Review third-party partners: When deciding to implement third-party apps, you need to do your research. Companies that work with payments need to be PCI compliant and you should monitor for their status. You should also assess the types of third party scripts you’re including in your website and determine whether they are actually necessary. Including unnecessary additional scripts make your website more vulnerable to online skimming attacks.
A new variant of the Glupteba malware dropper is using the Bitcoin blockchain to fetch command and control (C2) server domains from Bitcoin transactions marked with OP_RETURN script opcodes.
The new version has switched to malvertising as the means of distribution and it comes with two more modules besides the newly added Bitcoin blockchain C2 updater, namely an info stealer and an exploit that targets local MikroTik routers.
Proper security measures must be in place to defend against Glupteba Malware and similar threats. Ensure your systems have the latest patches installed. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
CVE-2019-2176
Android has released its monthly security bulletin. The most severe of these issues is a critical security vulnerability in the Media framework component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
Check Android for the latest security patches and update accordingly.
Nemty Ransomware
The operators of Nemty ransomware appear to have struck a distribution deal to target systems with outdated technology that can still be infected by exploit kits.
Exploit kits are not as commonly used since they typically thrive on vulnerabilities in Internet Explorer and Flash Player, two products that used to dominate the web a few years ago but are now with one foot out in the grave.
Proper security measures must be in place to defend against Nemty Ransomware and similar threats. Ensure your systems have the latest patches installed. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
Security presents several challenges to organizations nowadays and it can be difficult for organizations to keep up with the increase in cyber threats. Many organizations turn to security solutions to defend against the latest threats. While it’s important to use technologies to provide a layer automated protection, simply using technology alone isn’t enough. Research from Cisco found that only 26% of security issues can be solved by security products alone. In order to defend against the latest threats, organizations need to integrate security within their corporate culture. This includes having cyber aware staff and explicit security policies that employees need to follow. Creating a cybersecurity strategy will help every aspect of an organization, from its people to its process and technology, uphold a strong cybersecurity front.
3 Essential Things to Include in Your
Cybersecurity Strategy
A cybersecurity strategy is an organization’s first step in having a robust and effective IT infrastructure. There is “no one size fits all” approach as the needs of every business is unique. However, each part of a cybersecurity strategy needs to work together to protect your business. Here are three elements your cybersecurity strategy needs.
1. Clearly Defined Security Priorities
The foundation of your security strategy
must be rooted in your organization’s security goals and objectives. It needs
to go beyond “block hackers and avoid breaches.” Your priorities should be
specific to your organization and focused so that you can develop precise actions
to improve your security. It involves looking at your critical resources and
assessing the security risks and compliance standards that align with your
organization. Once you have established your security priorities and goals, you
can start developing standards and best practices to occupy your security
strategy.
2. Communication with Executives and Key Stakeholders
Having support from your organization’s
executives and stakeholders is incredibly important for your cybersecurity
strategy because their attitudes shape security priorities and eventually form how
the rest of your organization views security. Security is a business issue and
affects everyone from the top down. Your cybersecurity strategy should be
embedded within your business initiatives and not siloed with the IT team.
Communication between your IT team and executive team is crucial in bridging
the two together. Both teams need to work together to establish best practices
that work for the organization and to invest in technologies that fit within
security budgets.
3. Proactive Threat Management
Many organizations don’t start caring about
security until after they’ve been breached. While it’s never too late to start
implementing a security strategy, many security incidents could have been
prevented if organizations took a proactive approach. Organizations should
always be taking a proactive approach to security. Proactive threat management means
your threat detection and response is always evolving to defend against the
latest threats. It includes implementing the best security solutions, training staff on issues
related to cybersecurity and evaluating and remediating security alerts. It
takes time, experience and expert security skills to ensure your organization
stays one step ahead of threat actors. To learn how Jolera can help defend your
organization, contact us today.
A new IoT botnet named Ares is infecting Android-based devices that have left a debug port exposed on the Internet.
The attacks aren’t using a vulnerability in the Android operating systems, but are exploiting a configuration service that has been left enabled and unprotected on some set-top boxes installations.
Proper security measures must be in place to defend against Ares botnet and similar threats. Ensure your systems have the latest patches installed. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
CVE-2019-5869
A vulnerability has been discovered in Google Chrome which could result in arbitrary code execution. This vulnerability is a use-after-free vulnerability in Blink that can be exploited if a user visits, or is redirected to, a specially crafted web page.
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the browser, obtain sensitive information, bypass security restrictions and perform unauthorized actions, or cause denial-of-service conditions.
A new Trickbot Trojan variant was spotted while focusing on stealing PIN codes from Verizon Wireless, T-Mobile, and Sprint users, marking a new step in this malware’s development.
TrickBot (also known as Trickster, TheTrick, and TrickLoader) is a banking Trojan that has been continuously upgraded throughout the years with new modules and capabilities since October 2016 when it was initially observed in the wild.
While in the beginning it only came with banking Trojan capabilities designed to collect and deliver as much sensitive data as possible to its masters, it is now also become a popular malware dropper capable of infecting compromised machines with other malware families.
Proper security measures must be in place to defend against Trickbot Trojan and similar threats. Ensure your systems have the latest patches installed. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
Due to the ever-evolving threat landscape, organizations must consistently refresh their cyber defenses in order prepare for the next threat. This leads many organizations to increase their cybersecurity investments to keep up. Global spending on cybersecurity services and products is expected to reach $103 billion this year, up 9.4 per cent from 2018 according to IDC.
Implementing security solutions that work is a good foundation for organizations to build their cyber resilience. However, organizations need to also focus on strengthening their cybersecurity defenses with their people, processes and products. Here are 5 things organizations can do right now to increase their cyber defenses.
5 Things Your Organization Can Do to
Increase Security
1. Stay Updated
Staying updated in everything security
related is key to building a good cyber defence. This includes knowing the
latest compliance regulations and threats and breaches, as well as updating
apps/systems/devices with the most recent patches.
Many states and countries around the world
are starting to implement new laws regarding security, which may be relevant to
your business. Knowing about compliance
regulations can help you avoid large fees and incorporate best practices
into your cyber defence strategy.
Learning about recent breaches and how they
started can help you look at your own systems and see if there are security
changes you need to start implementing. It will also help you understand the
latest threats and how they’re targeting businesses so that you can take steps
to avoid them.
Malicious actors are always looking for
vulnerabilities to exploit, which is why it’s crucial to have them patched as
soon as possible. Delaying updates to crucial systems give hackers more leeway
into your systems.
2. Implement Ongoing Training
Employees are an organization’s first line of defense, which is why it’s important to arm them with cyber awareness training.
Employees are constantly targeted by scams
like phishing and business email compromise (BEC) emails. Research from
Symantec found that organizations received an average of 5 BEC
scam emails per month in the past year. It only takes one employee mistake
for an organization to fall victim to a data breach.
Organizations can protect themselves
against highly preventable attacks by having their employees understand
cybersecurity, the threat landscape and how their actions affect your
organization’s security posture.
3. Limit Internal and External Access
Organizations should limit their access whether
its internally through privilege access management or externally with separate
WiFi for guests.
An organization’s data should not be open
to all employees and high privileged accounts should be limited to only those
who need them. That way, if one employee account is compromised, the hacker won’t
be able to access all the organization’s data. This will also help prevent data
leakage and make it easier to track who has access to important documents.
Business WiFi can act as a gateway to your
organization’s data. Secure your WiFi so that only employees can access it. For
remote employees, they can securely connect to your organization through a VPN.
Having a separate WiFi access for guests will help protect them from accessing
important files.
4. Remove Unused Services
Accounts, applications and products should
be disabled and removed as soon as they are no longer in use. This will help
reduce your attack surface and limit unauthorized access to your organization.
Employees that leave can become potential insider
threats, which is why their credentials should be disabled as soon as
possible. Additionally, all user accounts that are associated with old hardware
or applications should also be shut down as well. If a former application gets
breached and you didn’t shut down your account, your data may be vulnerable.
Organizations should also be aware of end
of life support for the hardware and software they use in their infrastructure.
Failing to remove or upgrade can result in security gaps that can be exploited
by hackers.
5. Align Business Objectives with Security
While there are general best practices for securing organizations (such as implementing firewalls and protecting inboxes), cyber defense needs will differ between organizations depending on the size of a business and its industry. For example, an ecommerce business will need a separate level of data protection to safeguard payments and customer information.
Organizations need to develop a security
strategy that focuses on their risks. They need to establish effective
monitoring methods that can address their unique workloads and partner with the
right team of experts to help them integrate security measures that work with
their business. To find out how Jolera can help your business, contact us today.
Attackers are targeting entities from the utility industry with the Adwind Remote Access Trojan (RAT) malware via a malspam campaign that uses URL redirection to malicious payloads.
Adwind (also known as jRAT, AlienSpy, JSocket, and Sockrat) is distributed by its developers to threat actors under a malware-as-a-service (MaaS) model and it is capable of evading detection by most major anti-malware solutions.
While the Adwind Trojan manages to avoid detection by some anti-malware solutions, sandbox- and behavior-based antivirus software should be capable of detecting and block it successfully.
Proper security measures must be in place to defend against Adwind remote access trojan and similar threats. Ensure your systems have the latest patches installed. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
CVE-2019-13602
VideoLAN has released security updates for the VLC media player that address multiple vulnerabilities.
A remote user could create a specifically crafted file that could trigger issues ranging from buffer overflows to division by zero. If successful, a malicious third party could trigger either a crash of VLC or an arbitratry code execution with the privileges of the target user.
Update the VLC media player to VLC media player 3.0.8.
NanoCore Remote Access Trojan
A new version of a powerful form of trojan malware is being offered on the dark web for free, with one cybersecurity company warning this could lead to a rise in attacks targeting passwords, bank details and other personal information, even by crooks with limited technical skills.
Uncovered by security researchers at LMNTRIX Labs, NanoCore v1.2.2 offers users a variety of attacks against Windows systems, including the ability to steal passwords, perform keylogging and secretly record audio and video footage using the webcam.
Proper security measures must be in place to defend against NanoCore remote access trojan and similar threats. Ensure your systems have the latest patches installed. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
According to new research by Risked Based Security, data breaches are increasing. Their recent report found that an average of more than 20 breaches have been reported per day during the first half of 2019.
Falling victim to a data breach can be a nightmare for businesses. Just recently, Capital One fell victim to a data breach that exposed the information of 100 million Americans and 6 million Canadians. They’re now facing a $600 million lawsuit here in Canada.
To protect your organization, understanding the common cybersecurity problems that lead to breaches can help defend your organization against them.
5 Current Cybersecurity Problems That Lead
to Data Breaches
1. Attacks are advancing: The threat landscape is constantly evolving as hackers are always coming up with new ways to steal data and breach organizations. These hackers are well trained and have their own communities on the dark web where they share tips and sell data and credentials. People can easily purchase tools like ransomware-as-a-service and DIY phishing kits, enabling anyone to engage in malicious attacks and increasing the amount of threats an organization may face. Organizations need to make sure they’re employing the latest security technologies to help combat cyber attacks.
2. Misconfigured or improper installations of security tools: Implementing security technologies like firewalls or cloud backup is a great way to protect your networks. However, if they are not installed or configured properly, they won’t be able to work as intended and will be vulnerable to being breached. For example, in the recent Capital One breach, a malicious actor managed to exploit a configuration vulnerability in the company’s systems and steal the customer data. Organizations need to make sure that when they are implementing new technologies, or engaging in other IT projects like moving to the cloud, that they’re working with certified experts.
3. Human error: Human error is a common reason for data breaches and many companies feel vulnerable. Nearly 80% of organizations say they’re worried about insider threats according to research from Barracuda. Although actions due to human error (such as accidentally clicking a phishing link) occur without malicious intentions, they still manage to cause serious damage. Fortunately, human error can be prevented with cyber awareness training. It’s important to inform employees of the common cyber threats they encounter daily so that they can be more vigilant while at work.
4. Lack of security assessments: A security risk assessment is used to analyze and identify security defects and vulnerabilities within an organization’s IT environment. Its purpose is to help organizations understand their security risks so that they can take the necessary steps to fix any weaknesses. Security assessments also help organizations determine their return on investment for their security tools and solutions by determining if they are helping to close security gaps. By not doing a security assessment, organizations are leaving their IT environments open to potential vulnerabilities. Having a clear view of an organization’s security posture allows organizations to focus on where they should be putting their security efforts and helps them determine if they’re on the right track. Since the threat landscape is always changing, security assessments should be done at least once a year or whenever there’s a major change in the IT environment.
5. Lack of adequate security staff: Not all organizations have the capabilities to hire security staff that can monitor security alerts and deal with IT issues. Cyber criminals take advantage of this and target small and medium businesses, leaving SMBs vulnerable to cyber attacks. In some cases, non-IT staff might be burdened to share the responsibility of security. This can lead security events to slip past organizations as they might not always be focusing on security. Furthermore, the cybersecurity skills gap makes it harder for organizations to hire adequate security staff. Organizations who are unable to have their own security staff should consider partnering with a managed services provider to take care of their security and IT issues. That way, organizations can feel confident knowing experts are taking care of their infrastructure and can focus on their own business. For more information on how Jolera can help your organization, contact us today.
A newly-discovered form of cryptocurrency-mining malware is capable of remaining so well-hidden that researchers investigating it found that it had spread to almost every computer at a company that had become infected.
The malware has been built to be extremely persistent and it keeps in regular contact with a command and control server, which if needed, could provide new instructions or terminate the malware, although researchers note that during the analysis, no new commands were received.
Proper security measures must be in place to defend against Norman cryptomining malware and similar threats. Ensure your systems have the latest patches installed. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
CVE-2019-8077
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.
A new banking trojan for Android devices relies on the accelerometer sensor to delay its running on the system and thus evade analysis from security researchers.
Payload and string obfuscation are normal techniques for making analysis and detection more difficult, but Cerberus also uses a mechanism that determines if the infected system is moving or not.
Proper security measures must be in place to defend against Cerberus malware and similar threats. Ensure your systems have the latest patches installed. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
