A threat actor only needs one employee’s credentials to gain access to your organization’s entire infrastructure and/or data. The potential consequences of stolen credentials in the wrong hands are endless. You can experience direct financial loss, damage to brand reputation, loss of intellectual property, downtime, etc.
Anyone in your organization can have their
credentials stolen. According to the Cybersecurity Threatscape report by
Positive Technologies, one in five data thefts involved stealing account
credentials. It’s important that organizations understand the threat of
credential theft and take action to defend against it.
Hackers looking to steal credentials may
use any of the following methods:
Keylogging: Hackers can install malware with keylogggers that record the keystrokes on a computer and send the data back to hackers.
Phishing: Hackers will send users sophisticated phishing emails urging them to change their passwords or update their information. These emails will provide the user with links to web pages that look legitimate but are really phishing websites that are built to steal credentials and personal information.
Web injections: Hackers inject malicious code into your web browser via malicious browser extensions, links, or ads that allow them to intercept data as its being transmitted.
What Happens to Stolen Credentials?
Cybercriminals can do any of the following with
your stolen credentials:
Engage in fraud: Hackers can impersonate your organization and request fraudulent wire transfers from vendors or business partners.
Sell: There are several forums on the dark web dedicated to selling and buying user credentials. Once these credentials are bought, cyber criminals can essentially do whatever they want with the stolen credentials.
Spy: Hackers can use your stolen credentials to spy on your company and gather intelligence regarding your business dealings. They can then leak this information to your competitors or use this information to blackmail your organization.
Install malware: Hackers can alter the code of your website to steal customer information through formjacking or install malicious ads that can infect visitors with malware.
How to Protect Your Credentials
Credentials are the keys to your
organization and it’s imperative that organizations take the necessary steps to
secure them. Here are three things you can do to defend against credential
Monitor credentials: Sometimes hackers don’t even have to work to steal your credentials – they can easily find them on the dark web after a massive data breach. By monitoring the dark web for your company’s credentials, you can take action before they are maliciously used by a threat actor. You can start monitoring your organization’s credentials today with our Secure IT – User Defence solution. We will alert your organization as soon as any compromised credentials are found on the dark web, reducing the potential impact of a breach.
Have a good password policy: Users are responsible for creating safe passwords for their accounts. It’s important that they use good password security, such as never sharing or reusing their passwords.
Act immediately: If you experience suspicious activity in your network or find out your credentials have been exposed in a data breach, you must change your passwords immediately. Users should also never use default passwords or logins as they are easy to guess or can be easily found online. Always change the default passwords of any accounts or hardware as soon as they are added to your infrastructure.
Security researchers have detailed how the Glimpse malware uses a text mode as an alternative DNS resource record type.
According to a blog post by security researchers, the malware is written in PowerShell and associated with APT34. It is executed by Visual Basic script, yet how the script is initiated remains unclear, researchers said.
Proper security measures must be in place to defend against Glimpse Malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
Adobe has released updates for Adobe Illustrator CC for windows and macOS. This update resolves critical and important vulnerabilities which could lead to Remote Code execution in the context of current user.
A newly discovered piece of ransomware written in PureBasic has been linked to a Malware-as-a-Service (MaaS) provider that has been used by Cobalt Gang, FIN6, and other threat groups.
Dubbed PureLocker, the malware comes with evasion methods and features that have allowed it to remain undetected for months. The use of PureBasic, a rather uncommon programming language, also makes porting between Windows, Linux, and macOS easy.
Proper security measures must be in place to defend against PureLocker Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
Emotet, a Banking Trojan turned devastating modular threat, has returned with upgraded functions in a new wave of attacks.
Emotet has now begun sharing a number of obfuscation techniques already utilized by Trickbot. A new export function has also been found in executable binary functions — used by both malware variants — and this feature resolves API names through an export list of loaded DLLs. The API call resolution is present in both Emotet and Trickbot packers.
Proper security measures must be in place to defend against Emotet Trojan and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
Android has released its monthly security patches for several core Android components.
The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
A new version of the MegaCortex Ransomware has been discovered that not only encrypts your files, but now changes the logged in user’s password and threatens to publish the victim’s files if they do not pay the ransom.
For those not familiar with MegaCortex, it is a targeted ransomware installed through network access provided by trojans such as Emotet. Once the MegaCortex actors gain access, they then push the ransomware out to machines on the network via an active directory controller or post-exploitation kits.
Proper security measures must be in place to defend against MegaCortex Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
Employees play a vital role in an organization’s overall security. According to Statistics Canada, the majority of large (91%), medium-sized (83%) and small (72%) businesses in Canada reported having employees primarily responsible for the overall cybersecurity of their business in 2017. To strengthen user security, organizations should supplement employee awareness training with cybersecurity testing. Testing is a great way for organizations to establish a baseline of user behaviour to determine how users respond to potential threats. Without evaluating employees, organizations won’t be able to make impactful changes on how to improve. Testing also helps organizations determine the effectiveness of their training.
Organizations can test employees through
various means such as online quizzes on common cyber threats or through simulated
phishing. Simulated phishing exposes employees to the latest phishing threats
by sending mock phishing campaigns to employee inboxes and tracking who clicks
on phishing links.
Our new security product Secure IT – User Defence
features both of these elements. With Secure IT – User Defence, organizations
can train and test employees, as well as monitor the dark web for stolen
credentials. User Defence includes simulated phishing emails that can be customized
and online training that includes quizzes to validate retention of content.
Reinforce Best Practices
engineering attacks are incredibly dangerous because they rely on user error
or lax user behaviour in order to work. Testing can help users adhere to good
security practices and help change their behaviour so that they remain more
alert against these types of attacks.
Engaging employees with simulated phishing
emails allows them to feel real consequences in a safe environment. Simulated phishing
attacks give employees an idea of what phishing emails look like and help them spot
common signs that indicate a potential phishing attack. Over time, this will help
employees develop the habit of carefully inspecting emails before they respond
or click on any links.
Improve Security Culture
Testing employees also helps develop an
organization’s security culture. It gives organizations an opportunity to
openly discuss issues of security and show employees how they play a role in
keeping your company safe.
Testing is a good opportunity for
organizations to create teachable moments for their employees. If more employees
are responding to a specific type of threat, think about why. Is it because the
threat appears to be from an executive? Does the word “urgent” in the subject
line make them want to click? These are things you can look out for and talk to
It’s important to not shame or punish
employees for failing a test as it can discourage employees from reporting security
errors and make security feel more of a taboo topic. Testing is about making
sure employees stay safe in the office and in their personal lives. It’s not
about tricking them into falling for these threats. The purpose of testing is
to them aware of current cyber threats and to empower employees to take action when
they encounter them.
SIEM is transforming the way organizations
are detecting threats thanks to its ability to collect data across several devices
and develop actionable intelligence for security response teams. Although SIEM has
been around for a while, it continues to evolve and help organizations defend
against emerging threats. According to the 2019 SIEM Report, more than 70% of
organizations found that SIEM resulted in better detection of threats and a
measurable reduction in security breaches.
SIEM stands for Security Information and Event Management and is used to detect threats by collecting and analyzing log data from various networks, systems and devices (e.g. firewalls, computers, etc.). The data collected from the SIEM is then turned into actionable information that allows security teams to respond to potential threats.
The Benefits of SIEM for Organizations
1. Compliance: SIEM includes compliance reporting capabilities, which is valuable for organizations who must adhere to compliance regulations like GDPR and HIPAA. The log data generated by SIEM provides historical records which is necessary for incident investigations.
2. Clarity: SIEM analyzes activity from every part of the infrastructure. The log data produced can help organizations understand the events happening in their infrastructure. This is especially useful if a security incident occurs and can help organizations determine what happened.
3. Save time and money: SIEM is typically expensive due to licensing fees and the costs associated with hiring a security team to run the system. Outsourcing SIEM as a service from a provider like Jolera allows organizations of all sizes to have access to an enterprise grade system like SIEM. SIEM solutions like Secure IT – SIEM make SIEM accessible and help organizations save the time and effort required to operate and maintain a SIEM.
How SIEM Improves Security
One of the biggest benefits of SIEM is its
security capabilities. Here are 3 ways our SIEM system can fortify an
1. Improves threat detection
Time is crucial when it comes to detecting
threats; the longer a hacker remains undetected the more damage they can do. Therefore,
it’s important for organizations to respond to threats as soon as
possible. SIEM can quickly detect
potential threats which helps prevent security breaches.
SIEM uses built-in correlation rules and information from a global threat intelligence feed to identify potential threats. The correlation rules are a set of predefined sequences that indicate suspicious behaviour. For example, if a person is trying to login more than 5 times the correlation rule might flag it as suspicious. This would then generate a security alert that would warn your security team of potential malicious activity.
A SIEM is only as good as the threats it can detect. If a SIEM is not correlated to detect advanced threats, they may slip through. Integrating a global threat intelligence feed with SIEM ensures that the system is constantly updated with the latest threat intelligence activity. This is vital in ensuring that SIEM can detect and consequently protect against the latest evolving threats.
2. 24/7 Monitoring
The SIEM is constantly monitoring for unusual behaviours. Round-the-clock monitoring is important to ensure quick response to threats. SIEM also assists security teams in detecting threats because it is constantly monitoring the infrastructure.
Threats like malicious insiders are hard to
detect but since SIEM is constantly monitoring for suspicious events it can
analyze the pattern of behaviour of a user and determine if they’re acting
suspicious. For example, SIEM can detect
a user accessing information they don’t normally access or combine seemingly
unrelated events such as a user inserting a USB stick after accessing sensitive
3. Provides visibility
In order to understand the threats facing their infrastructure, organizations need clear visibility. It can be difficult for organizations to fully understand their infrastructure because there are many moving parts. Organizations may have a hybrid infrastructure that includes on-premise and cloud environments. As organizations grow they integrate new technology, which in turn increases their attack surface and leads to blind spots like shadow IT. Hackers like to take advantage of these hidden places in your network and exploit them.
SIEM provides organizations with real time
visibility into all activity on their systems, networks and applications
(whether on-premise or in the cloud) in one centralized view. This is crucial
in helping organizations establish a baseline in understanding what constitutes
normal behaviour and usage in an environment.
Since SIEM provides an overview of the network it can also detect
unknown devices communicating within your network, helping to close the gaps on
hidden devices in your network.
Over the past six months, a new Android malware strain has made a name for itself after popping up on the radar of several antivirus companies, and annoying users thanks to a self-reinstall mechanism that has made it near impossible to remove.
But the thing that’s most “interesting” is that xHelper doesn’t work like most other Android malware. Once the trojan gains access to an Android device via an initial app, xHelper installs itself as a separate self-standing service.
Uninstalling the original app won’t remove xHelper, and the trojan will continue to live on users’ devices, continuing to show popups and notification spam.
Proper security measures must be in place to defend against xHelper Malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
Google is warning users of a high-severity vulnerability in its Chrome browser that is currently being exploited by attackers to hijack computers.
The bug (CVE-2019-13720) is a use-after-free flaw, which is a memory corruption flaw where an attempt is made to access memory after it has been freed. This can cause an array of malicious impacts, from causing a program to crash, to potentially leading to execution of arbitrary code – or even enable full remote code execution capabilities.
Update to the latest version of Chrome, 78.0.3904.87 (for Windows, Mac, and Linux) as it rolls out over the coming days.
A new version of the Adwind remote access trojan (RAT) has been discovered taking aim at new targets.
Adwind (a.k.a. JRAT or SockRat) is a Java-based remote access trojan that sniffs out data – mainly login credentials – from victims’ machines. While Adwind has historically been platform-agnostic, researchers say they have discovered a new four-month-old version targeting specifically Windows applications – like Explorer and Outlook – as well as Chromium-based browsers (Chromium is a free and open-source web browser developed by Google), including newer browsers like Brave.
The new variant is a JAR file (Java ARchive; a package file format typically used to aggregate many Java class files) that researchers say is typically delivered from a link in a phishing email or downloaded from a legitimate site serving up insecure third-party content.
Proper security measures must be in place to defend against Adwind trojan and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.