Security Vulnerabilities vs. Security Threats: What’s the Difference?

Security Vulnerabilities vs. Security Threats: What’s the Difference?

Threats and vulnerabilities represent some of the cyber risks that organizations face daily.  While these terms are often used interchangeably, they actually have distinct meanings. In order to have a strong understanding on the types of security issues that can affect your organization, learning how threats and vulnerabilities relate to one another is crucial.

Source: EY Global

The Relationship Between Vulnerabilities and threats

Vulnerabilities and threats are both used to determine an organization’s cyber risk. The close relationship between the two is why these terms are often used interchangeably.

To show the relationship between a threat and a vulnerability, take a phishing attack as an example. Hackers target organizations with phishing emails because they know that employees are often an organization’s weakest link and most common vulnerability. Hackers exploit this vulnerability by sending phishing emails to employee inboxes, making the phishing email a threat. Whether the phishing email actually inflicts damage to the organization depends on whether employees click on the email links. If employees are cyber aware and have undergone cybersecurity training, they most likely won’t fall victim to the attack. On the flipside, an employee who may not be paying close attention to the email or is unaware of phishing as a cyber threat is more likely to click on the link (accidentally or not).

What is a Vulnerability?

Vulnerabilities refer to security weaknesses that can be taken advantage of by threat actors. They can exist anywhere in your infrastructure, from your desktop computers to the applications you use and even your employees. Vulnerabilities aren’t inherently dangerous per se but can cause a lot of damage if they are exploited.  The risk of a vulnerability depends on where the vulnerability is and the potential impact on a business.

How to Minimize Vulnerabilities

To minimize vulnerabilities, organizations need to close the security gaps that exist in their infrastructure. Here are three ways organizations can minimize their vulnerabilities:

Patch regularly: Developers and manufacturers are always updating their products which is why it’s important to install security patches as soon as they’re available. The longer you wait to patch a vulnerability, the more time hackers have to exploit the vulnerability and enter your network.

Conduct an assessment: A vulnerability risk assessment is used to help organizations understand the risks in their infrastructure and identify any vulnerabilities. An assessment will help organizations catch security gaps before they can be exploited and provide actionable suggestions to help improve overall security.

Use a VPN: Many organizations allow employees to work remotely and connect to the corporate network with their own devices. However, remote working can leave organizations vulnerable to being hacked if an employee is using an unsecure network. To safely connect employees to the corporate network, it’s vital they use a VPN. VPNs help encrypt traffic and creates a private connection to the network. 

What is a threat?

Threats refer to events that have the potential to harm an organization. There are several different types of threats, such as malware, ransomware, trojans, etc. Threats are actioned by threat actors who try to leverage vulnerabilities to gain access to a system. These threat actors can be external parties like hackers or insider threats who already have access to your internal systems.

How to Defend Against Threats

Threats are harder to stop because they’re out of your control and hackers never stop trying to steal data. In order to protect yourself from the latest threats, you need to minimize opportunities for hackers to exploit vulnerabilities. Here are three ways to defend against threats:

Use secure solutions: Implementing advanced security solutions throughout every part of your infrastructure will ensure you are protecting every entry point. Protecting your perimeter with a firewall will help keep actors out while using a SIEM will help detect suspicious behaviour that can indicate a threat. To learn more about our security solutions, contact us today.

Protect Account Credentials: Your organization’s credentials are the keys to your network and data. Having a good password policy that also includes multi-factor authentication will help secure your accounts. Encourage employees to never reuse passwords across workplace accounts and ensure that all passwords require unique characters and symbols.

Backup data: Your organization’s data is the primary target for hackers which is why it’s important to protect it. Furthermore, events like hurricanes, fires or floods can also threaten your data. Backing up your data regularly will ensure that you always have a copy in the event you are unable to access your files. It will also ensure that the latest documents are saved.

Threats of the Week – September 16, 2019

Threats of the Week – September 16, 2019

PsiXBot Malware

A new variant of PsiXBot, malware configured for the theft of information and cryptocurrency, has been spotted in the wild which abuses Google’s DNS over HTTPS service.

PsiXBot is a relatively new strain of malware, having first been discovered in 2017. Written in .NET, the malicious code has undergone an array of changes and evolutions, and according to Proofpoint researchers, the latest upgrade includes some very interesting alterations.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against PsiXBot Malware and similar threats. Ensure your systems have the latest patches installed. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE 2019-23211

Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address critical vulnerabilities in Adobe Flash Player. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Source: Adobe

How do you protect yourself?

Update Adobe Flash Player to version 32.0.0.255.

Ryuk Related Malware

A new malware with strange associations to the Ryuk Ransomware has been discovered to look for and steal confidential financial, military, and law enforcement files.

While Ryuk Ransomware encrypts a victim’s files and then demands a ransom, it is not known for actually stealing files from an infected computer. A new infection discovered today by MalwareHunterTeam, does exactly that by searching for sensitive files and uploading them to a FTP site under the attacker’s control.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Ryuk related malware and similar threats. Ensure your systems have the latest patches installed. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

How Online Skimming Steals Payment Information

How Online Skimming Steals Payment Information

Online skimming is currently one of the biggest persistent threats affecting retailers and service providers. These attacks infect e-commerce websites with malicious code to steal payment information. One of the biggest perpetrators of online skimming attacks is Magecart, a group of bad actors that target payment websites. Magecart hackers are consistently evolving their techniques. According to research from security researcher Willem de Groot, one in five Magecart-infected stores are re-infected within days.

Source: Willem de Groot

How Do Online Skimming Attacks Work?

1. Gain Website Entry

To start stealing information, bad actors need to find a way to gain access to your website. They can do this by exploiting vulnerabilities, phishing for your website credentials or through hacking into a third-party application. The latter is more common as most websites use third-party applications for functions such as live chat or to track visitor traffic. Bad actors prefer to target third-party providers because they can compromise more websites at once. Third-party breaches are also harder to detect because they don’t compromise the merchant directly. Therefore, a merchant may not realize their website has fallen victim to online skimming until its too late.

2. Inject Skimming Code

Once the door is open and the bad actors are inside, they can start injecting malicious JavaScript code to perform online skimming. This code can be customized to target specific websites or enact specific types of behaviour and can be hidden within normal script. Common scripts include the following:

  • Formjacking: Formjacking is when bad actors swap out legitimate payment forms with fake ones so that any information that is typed out in checkout is sent to another server.
  • Keyloggers: Keylogging scripts are used to record keystrokes to steal information. Bad actors can use keyloggers to determine credit card numbers or passwords.

Regardless of the type of malicious script, the goal is always the same: to steal information.

3. Steal the Payment Data

Once the malicious code is injected, it will lie within the website’s code until it’s triggered by a customer submitting payment information during checkout. Any information submitted is either stored locally on the compromised website or sent remotely to a command server controlled by the bad actors.

Any data harvested by the hackers can be used in a variety of ways. Some may use stolen credit card information to commit fraud or identity theft. Others will most likely sell the data on the dark web.

How to Protect Your Website

Companies with e-commerce websites and third-party providers are at most risk to being hit with online skimming attacks. In order to protect your business, you need to have detection and prevention best practices in place.

Detection Best Practices

1. Perform a risk assessment: A risk assessment will help detect vulnerabilities by scanning your website for any security gaps.

2. Review code: Taking some time to review your website code for any malicious scripts can help detect them before they compromise your website.

3. Review security logs: SIEM can help detect and monitor your networks for suspicious activity by producing security logs that can be analyzed for review. To learn more about our SIEM, contact us today.

Prevention Best Practices

1. Data encryption: All customer payment information should be securely encrypted to prevent bad actors from reading data.

2. Always patch systems: Staying up-to-date with the security patches for your systems and software will help prevent bad actors from exploiting potential vulnerabilities.

3. Review third-party partners: When deciding to implement third-party apps, you need to do your research. Companies that work with payments need to be PCI compliant and you should monitor for their status. You should also assess the types of third party scripts you’re including in your website and determine whether they are actually necessary. Including unnecessary additional scripts make your website more vulnerable to online skimming attacks.

Threats of the Week – September 9, 2019

Threats of the Week – September 9, 2019

Glupteba Malware

A new variant of the Glupteba malware dropper is using the Bitcoin blockchain to fetch command and control (C2) server domains from Bitcoin transactions marked with OP_RETURN script opcodes.

The new version has switched to malvertising as the means of distribution and it comes with two more modules besides the newly added Bitcoin blockchain C2 updater, namely an info stealer and an exploit that targets local MikroTik routers.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Glupteba Malware and similar threats. Ensure your systems have the latest patches installed. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2019-2176

Android has released its monthly security bulletin. The most severe of these issues is a critical security vulnerability in the Media framework component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. 

Source: Android

How do you protect yourself?

Check Android for the latest security patches and update accordingly.

Nemty Ransomware

The operators of Nemty ransomware appear to have struck a distribution deal to target systems with outdated technology that can still be infected by exploit kits.

Exploit kits are not as commonly used since they typically thrive on vulnerabilities in Internet Explorer and Flash Player, two products that used to dominate the web a few years ago but are now with one foot out in the grave.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Nemty Ransomware and similar threats. Ensure your systems have the latest patches installed. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

3 Key Elements Your Cybersecurity Strategy Needs

3 Key Elements Your Cybersecurity Strategy Needs

Security presents several challenges to organizations nowadays and it can be difficult for organizations to keep up with the increase in cyber threats. Many organizations turn to security solutions to defend against the latest threats. While it’s important to use technologies to provide a layer automated protection, simply using technology alone isn’t enough. Research from Cisco found that only 26% of security issues can be solved by security products alone. In order to defend against the latest threats, organizations need to integrate security within their corporate culture. This includes having cyber aware staff and explicit security policies that employees need to follow. Creating a cybersecurity strategy will help every aspect of an organization, from its people to its process and technology, uphold a strong cybersecurity front.

Source: Cisco

3 Essential Things to Include in Your Cybersecurity Strategy

A cybersecurity strategy is an organization’s first step in having a robust and effective IT infrastructure. There is “no one size fits all” approach as the needs of every business is unique. However, each part of a cybersecurity strategy needs to work together to protect your business. Here are three elements your cybersecurity strategy needs.

1. Clearly Defined Security Priorities

The foundation of your security strategy must be rooted in your organization’s security goals and objectives. It needs to go beyond “block hackers and avoid breaches.” Your priorities should be specific to your organization and focused so that you can develop precise actions to improve your security. It involves looking at your critical resources and assessing the security risks and compliance standards that align with your organization. Once you have established your security priorities and goals, you can start developing standards and best practices to occupy your security strategy.

2. Communication with Executives and Key Stakeholders

Having support from your organization’s executives and stakeholders is incredibly important for your cybersecurity strategy because their attitudes shape security priorities and eventually form how the rest of your organization views security. Security is a business issue and affects everyone from the top down. Your cybersecurity strategy should be embedded within your business initiatives and not siloed with the IT team. Communication between your IT team and executive team is crucial in bridging the two together. Both teams need to work together to establish best practices that work for the organization and to invest in technologies that fit within security budgets.

3. Proactive Threat Management

Many organizations don’t start caring about security until after they’ve been breached. While it’s never too late to start implementing a security strategy, many security incidents could have been prevented if organizations took a proactive approach. Organizations should always be taking a proactive approach to security. Proactive threat management means your threat detection and response is always evolving to defend against the latest threats. It includes implementing the best security solutions, training staff on issues related to cybersecurity and evaluating and remediating security alerts. It takes time, experience and expert security skills to ensure your organization stays one step ahead of threat actors. To learn how Jolera can help defend your organization, contact us today.

Threats of the Week – September 3, 2019

Threats of the Week – September 3, 2019

Ares Botnet

A new IoT botnet named Ares is infecting Android-based devices that have left a debug port exposed on the Internet.

The attacks aren’t using a vulnerability in the Android operating systems, but are exploiting a configuration service that has been left enabled and unprotected on some set-top boxes installations.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Ares botnet and similar threats. Ensure your systems have the latest patches installed. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2019-5869

A vulnerability has been discovered in Google Chrome which could result in arbitrary code execution. This vulnerability is a use-after-free vulnerability in Blink that can be exploited if a user visits, or is redirected to, a specially crafted web page.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the browser, obtain sensitive information, bypass security restrictions and perform unauthorized actions, or cause denial-of-service conditions.

Source: Center for Internet Security

How do you protect yourself?

Update Google Chrome to version 76.0.3809.132.

Trickbot Trojan

A new Trickbot Trojan variant was spotted while focusing on stealing PIN codes from Verizon Wireless, T-Mobile, and Sprint users, marking a new step in this malware’s development.

TrickBot (also known as Trickster, TheTrick, and TrickLoader) is a banking Trojan that has been continuously upgraded throughout the years with new modules and capabilities since October 2016 when it was initially observed in the wild.

While in the beginning it only came with banking Trojan capabilities designed to collect and deliver as much sensitive data as possible to its masters, it is now also become a popular malware dropper capable of infecting compromised machines with other malware families.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Trickbot Trojan and similar threats. Ensure your systems have the latest patches installed. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.