Tag Archive for: importance

55 zero-day flaws exploited last year show the importance of security risk management

/in


Deploying security patches as quickly as possible remains one of the best ways to prevent most security breaches, as attackers usually rely on exploits for publicly known vulnerabilities that have a patch available — the so-called n-day exploits. But mitigating the risk from vulnerabilities unknown to the affected software developers and don’t have a patch available — the zero-day flaws — requires a careful analysis of the types of actors exploiting them, the geography and industries they target, the malware payloads they deploy, the tactics they use, and the type of products they usually target.

According to an analysis by Google-owned threat intelligence and incident response firm Mandiant, attackers exploited 55 zero-day flaws last year, fewer than the 81 observed in 2021 but triple the number tracked in 2020 and higher than in any previous years. In fact, 2020 was an outlier because security vendors saw their normal workflows disrupted by the COVID pandemic that year, possibly impacting their ability to discover and track zero-day attacks.

“We anticipate that the longer term trendline for zero-day exploitation will continue to rise, with some fluctuation from year to year,” the Mandiant researchers said. “Attackers seek stealth and ease of exploitation, both of which zero-days can provide. While the discovery of zero-day vulnerabilities is a resource-intensive endeavor and successful exploitation is not guaranteed, the total number of vulnerabilities disclosed and exploited has continued to grow, the types of targeted software, including Internet of Things (IoT) devices and cloud solutions, continue to evolve, and the variety of actors exploiting them has expanded.”

From APTs to ransomware operators

Zero-day exploits have historically been a resource employed primarily by well-funded cyberespionage groups and commercial spyware vendors that sell their so-called surveillance software to government agencies. That’s because zero-day exploits are an expensive commodity with a short shelf-life. Once they’re detected in the wild, they’re quickly patched. This means to get the most out of them, threat groups use them in very targeted campaigns against a…

Source…

The Importance of Reverse Engineering in Network Analysis

/in


Comprehensive research is required to create the best detection rule for a new vulnerability or threat. But what does ‘best’ mean? Well, the interpretation of ‘best’ depends on what we know about the vulnerability, but sometimes key information may not be available. Therefore, to develop accurate detection rules that can track malicious activity, you must search for this information in non-traditional areas, like the binary code of malicious tools.

In this blog, we will detail the process of creating accurate network signatures by closely analyzing the source code of a backdoor exploit. Reverse engineering in network analysis is essential for building rules that can effectively detect malicious network packets, reduce false positives, and ultimately help defend against malicious threats to OT/IoT

Binary reversing is a great method to use for creating network signatures.

Threat Detection 101 

Let’s imagine that the only information available for a certain vulnerability is a basic, non-technical description of a router that executes commands and exploits created by the same researcher. Even with this limited information, it’s still possible to create the first rule to detect that exploitation. Figure 1 shows an example of intelligence and network traces harvested by Nozomi Networks Labs IoT honeypots. This example shows a network packet exploiting CVE-2022-27255, but the exploitation is not immediately clear. More context is needed in order to prevent false positives.

Figure 1. Network packet exploiting CVE-2022-27255.

To detect this exploitation, we need to examine the protocol in use to understand what data should and should not be present at specific offsets. SANS suggests a detection strategy based on specific strings, and the packet sizes based on the parameters of a legitimate packet.

While SANS provided a great threat detection strategy, our goal is to detect the different ways attackers are exploiting certain vulnerabilities. It’s a tough decision between creating a rule that is flexible enough to detect multiple variants of that exploit, risking the chance of false positives, or making a rule narrow and focused on detecting just that one variant.

Source…

What is an App? Meaning, Types, and Importance

/in


An app is defined as a packaged software meant for end-user consumption on a mobile or desktop device. Another main characteristic of an app is its use of the cloud, which extends its functionality beyond what’s natively possible on the device. This article explains how apps work and discusses their types and importance. 

What Is an App?

An app is defined as a self-contained software package that allows users to perform specific tasks on a mobile or desktop device. Apps are pre-installed on your device or distributed via a proprietary app store such as an Apple App Store.

Apps are typically written in different programming languages. For example, Android apps are written in Kotlin, Java, and C++, while iOS apps are written in Swift and Objective-C under XCode IDE. The software package compiles code, data, and resource files to create a comprehensive software bundle essential for an app to run, such as Android’s APK file or IPA file for iOS.

The app bundle contains critical app files and additional metadata required for an app framework at runtime. Let’s understand some of the vital app components that act as fundamental building blocks of an app.

1. Activities

An activity in an app represents an entry point for a user. It is revealed through a user interface (UI) that allows users to interact with the app. For example, a social media app such as Instagram (IG) might have an activity that shows a set of reels recorded by users, another activity may show an option to create a post, story, or live video, and another activity may just show the IG posts. While all these activities work in sync to give IG app users a cohesive user experience, each activity functions independently.

2. Services

A service defines the features that run in the background. The service component is not revealed through a UI. However, it is critical to accomplish remote processes. For example, the service might play the user’s favorite songs in the background while the user is using another app. It allows the user to interact with an activity while the service component continues functioning.

3. Broadcast receivers

A broadcast receiver component allows the app to generate a…

Source…

Cybersecurity Awareness: Definition, Importance, Purpose and Challenges

/in


What is cybersecurity awareness?

Cybersecurity awareness is an ongoing process of educating and training employees about the threats that lurk in cyberspace, how to prevent such threats and what they must do in the event of a security incident. It also helps to inculcate in them a sense of proactive responsibility for keeping the company and its assets safe and secure. In simple terms, cybersecurity awareness is knowing what security threats are and acting responsibly to avoid potential risks.

Cybersecurity awareness includes being aware of the latest security threats, cybersecurity best practices, the dangers of clicking on a malicious link or downloading an infected attachment, interacting online, disclosing sensitive information and so on. Security awareness training programs help to enhance your organization’s security posture and tighten its processes, thereby paving the way to building a more resilient business. Cybersecurity awareness must be an organization-wide initiative for it to be most effective and beneficial.

Why is cybersecurity awareness important?

Despite having best-in-class defense systems and measures in place, many organizations still experience security breaches. Unfortunately, it is often human error that has been a major contributing factor behind many data breaches. According to Verizon’s 2022 Data Breach Investigations Report, more than 80% of breaches involved the human element, including social engineering attacks, errors and misuse of stolen credentials. Threat actors look to exploit this weakness to infiltrate an organization’s networks and systems. This is where cybersecurity awareness comes in.

Cybersecurity awareness helps educate your employees about malicious methods used by cybercriminals, how they can be easy targets, how to spot potential threats and what they can do to avoid falling victim to these insidious threats. It empowers your workforce with the right knowledge and resources to identify and flag potential threats before they cause any damage.

Ignoring or not conducting cybersecurity awareness training regularly can have serious consequences on your business such as legal penalties, financial loss and cost of remediation, loss…

Source…