Tag: Guest | Page 2

GUEST ESSAY: Here’s why castle-wall defenses utterly fail at stopping deceptive adversaries

October 25, 2021/in Mobile Security

When it comes to cyber attacks, most businesses think: “It could never happen to us,” but some plots are just hitting a little too close to home.

Related: T-Mobile breach reflects rising mobile device attacks

For instance, if you’ve ever played Grand Theft Auto, you know the goal is quite simply mass destruction: Use whatever resources you have at your disposal to cause as much damage as you possibly can and just keep going.

Not familiar with Grand Theft Auto? Let’s try Super Mario Bros. then. As Mario makes his way through eight increasingly difficult worlds, each of them is protected by a castle. As Mario reaches the end of each castle, he can defeat Bowser.

This is not unlike the mindset of modern cyber attackers – they’re wreaking havoc and becoming pros at finding ways to get away with it.Living-off-the-land (LotL) attacks are providing a way for adversaries to stay under cover. Attackers use tools and features that are already available in the systems they’re targeting so they look like legitimate users — until they steal your crown jewels.

But you can fight back. There are several methods of active defense that companies can utilize to safeguard their networks, and it’s time for CISOs to start picking. To date, the main goal in mind has been to prevent attackers from breaching your defenses and making their way into the castle, but the reality is this approach is flawed.

Israeli

Attackers will get in, it’s only a matter of time. Traditional network security solutions, such as firewalls, are not effective at detecting and stopping lateral attack movement – and that’s where the real damage is done. Many forms of access control and endpoint protection, such as EDR, are nothing more than a checkpoint that provides unfettered access once defeated – like Mario raising a flag after beating a level.

To take the analogy further, only after defeating Bowser does Mario learn that it wasn’t the real Bowser after all and that “our princess is in another castle.” Rather than just keeping Mario out of the castle entirely – i.e. deploying traditional perimeter defenses – in this scenario, Bowser deployed an advanced threat protection by sending…

Source…

Guest Editorial: Improving cybersecurity vitally important to U.S.

June 5, 2021/in Internet Security

Cybersecurity goes beyond protecting your identity or ensuring safe elections. As recent weeks have demonstrated, internet security is just as important to the nation’s infrastructure as roads, bridges and airports.

In May, Christopher Krebs, former head of the Cybersecurity and Infrastructure Security Agency, warned a congressional hearing that the world was on the cusp of a “pandemic of a different variety. … Cybercriminals have been allowed to run amok while governments have mainly watched from the sidelines, unclear on whether cybercrime is a national security-level threat. If there was any remaining doubt on that front, let’s dispense with it now: Too many lives are at stake.”

Two days later, Colonial Pipeline was struck by the largest known hack on U.S. energy infrastructure. The result was a shutdown of a major fuel pipeline connecting the East Coast, resulting in long lines and soaring prices at gas stations as consumers engaged in panic buying. The company paid hackers $4.4 million to regain control of its systems.

Now, JBS Foods has been hit by a ransomware attack on its operations in North America and Australia. JBS, the world’s largest meat producer, has closed facilities in several states and canceled shifts at other plants.

“Attackers are operating like a well-oiled business industry, yielding high profits in a year that most businesses struggled,” one threat analyst told Vox.com. “Why? The new ransomware business model is relentless, extortive, and paying off.”

Threats to government entities are equally nefarious. In January, the office of Washington’s state auditor was hacked, exposing the files of 1.6 million unemployment claims from last year. The auditor had received the files from the Employment Security Department while investigating fraudulent claims that were paid.

The threat of identity theft through the hacking of banks or credit companies or government agencies is well known. Victims can spend countless hours canceling credit cards, securing accounts and explaining that, no, they did not purchase $10,000 worth of items on Amazon.

But cybersecurity threats against major…

Source…

Guest Post By Dr. Chase Cunningham: The Cold, Hard Cyber Truth About How Businesses Get Hacked – Forbes

April 30, 2020/in Internet Security

Guest Post By Dr. Chase Cunningham: The Cold, Hard Cyber Truth About How Businesses Get Hacked Forbes
“cyber warfare news” – read more

Marriott Data Breach 2020: 5.2 Million Guest Records Were Stolen – Security Boulevard

April 17, 2020/in Internet Security

Marriott Data Breach 2020: 5.2 Million Guest Records Were Stolen Security Boulevard
“data breach” – read more

Tag Archive for: Guest