Tag Archive for: Assessment

Menlo Security Launches Free Security Assessment Toolkit to Help Companies Identify Highly Evasive Adaptive Threats (HEAT) Fueling Ransomware & Data and Credential Theft

/in


MOUNTAIN VIEW, Calif.–()–Menlo Security, a leader in cloud security, today announced that it has released the HEAT Security Assessment Toolkit designed to provide organizations with the ability to assess their levels of protection and current exposure to Highly Evasive Adaptive Threats (HEAT). Since July 2021, Menlo Security has seen a 224% increase in HEAT attacks. These attacks allow threat actors to deliver malicious content, including ransomware, to the endpoint by adapting to the targeted environment. The HEAT Security Assessment Toolkit includes a HEAT Check test and a HEAT Analyzer that runs on the Splunk Platform. The HEAT Check enables customers to run a light penetration test to identify if they are susceptible to HEAT attacks. The Menlo Security HEAT Analyzer App for Splunk provides organizations with visibility around HEAT attacks that their network may have been exposed to over the past 30 days.

What is a HEAT Attack?

Highly Evasive Adaptive Threats (HEAT) are a class of cyber threats targeting web browsers as the attack vector and employs techniques to evade multiple layers of detection in current security stacks including firewalls, Secure Web Gateways, sandbox analysis, URL Reputation, and phishing detection. HEAT attacks are used as the initial access point to deliver malware or to compromise credentials, which in many cases leads to ransomware attacks.

Ransomware, data and credential theft and other malware are on the rise. Couple this with the Log4J vulnerability, the Lazarus and Conti groups increased attacks targeting web browsers and the result is security teams worldwide facing a nearly non-stop barrage of incidents,” said John Grady, Senior Analyst, ESG. “Tools such as the HEAT Security Assessment can help ensure companies are aware of potential attacks before they have a chance to happen.”

HEAT Security Assessment Toolkit

The HEAT Security Assessment Toolkit provides a lightweight penetration and exposure assessment to help an organization better understand their susceptibility to HEAT attacks.

HEAT attacks are defined by the techniques that adversaries are increasingly using to evade detection by traditional…

Source…

Poor risk assessment jeopardizing Manitoba government’s computer systems: report

/in


The province is not doing a good enough job identifying and managing the risks associated with the aging computer systems it uses to carry out its business, says the latest report from the office of the auditor general. 

The audit looked into the various hardware such as servers, routers and firewalls, as well as the software the provincial government uses to collect, process, store, and share information.

It found that a significant number of business applications and their supporting technologies are old and should be replaced.

Further, the report says, the province’s methods of identifying when its aging hardware and software should be replaced or upgraded is insufficient, and its inventory is incomplete. 

This could leave the province open to system outages, decreased system reliability, and increased security risks, the report says. 

That in turn could impact a wide range of services the province provides to Manitobans, including online registrations, provincial program applications and fee payments. 

The auditor general’s office recommends that the provincial government improve the practices it uses to monitor its computer systems to make sure they are replaced or upgraded as needed. 

It also recommends that the province’s business transformation and technology department prepare a risk assessment report on these aging computer systems.

Reg Helwer, the minister responsible for government services, will comment on the report once he has read it, a spokesperson for the province said Thursday. 

Source…

Computer Security: The Mess We're In, How We Got Here, and What to Do About It

/in



Internet Organised Crime Threat Assessment

/in


Ransomware groups and cyber criminals in all forms have used the pandemic to their advantage, according to the new edition of Europol’s Internet Organised Crime Threat Assessment (IOCTA). The market for criminal goods and services – personal, marketable information – is booming, according to the report.

Europol’s Executive Director Catherine De Bolle said in a foreword to the document that cybercriminals have continued exploiting opportunities created by lockdowns and continued teleworking. “Ransomware affiliate programs have increased in prominence and are tied to a multitude of high-profile attacks against healthcare institutions and services providers. Mobile malware operators and fraudsters have leveraged the increased reliance on online shopping services and are increasingly using it as a part of their modi operandi to access their victims’ bank accounts.

“Children spending more time online has made them more susceptible to grooming, leading to an increase of self-produced exploitation material. Many of the threats in the cybercrime landscape are exacerbated by the growing crime-as-a-service market on the Dark Web. Malware-as-a-service offerings and the auctioning of people’s stolen data enable the planning of future attacks. Criminals also continue improving their operational security by abusing end-to-end encrypted communication services and cryptocurrencies.”

In more detail, ransomware groups are scanning potential targets’ networks for insecure remote desktop protocol (RDP) connections and keeping an eye on known virtual private network (VPN) vulnerabilities. As mobile banking has become more popular, so have mobile banking trojans become a threat.

Ransomware criminals are focusing more on high-value attacks on large organisations, and their supply chains; while social engineers are shifting their attention towards upper-level management, the report says. Here it points to the well-publicised cyber attacks on software – Microsoft Exchange Server, SolarWinds and Kaseya.

Much of the 2021 report was going on pre-covid; such as ransomware ‘crews’ deploying double-extortion methods by exfiltrating victims’ data; and threatening to publish it. The report…

Source…