Tag Archive for: Part

October is Cybersecurity Awareness Month. Part 2: Enable Multi-Factor Authentication

/in


In this multi-part series, we’ll look at what organizations can do to better improve corporate security as part of October’s Cybersecurity Awareness Month. In this blog, our focus is on multi-factor authentication (MFA).

Believe it or not, computers in the old days didn’t even require passwords to get in. The threat wasn’t obvious since computers weren’t everywhere so when you powered a computer on and it was done booting, you’d just use it as needed. Once computers became common in the workplace and different folks had physical access to a computer, the user and password pairing was born. Still, some people, just like they do today, would just write the password on a Post-it Note and call it a day. Many people used ‘password’ or ‘12345’ as their password. The password has evolved and today most systems require a minimum of 8 characters including a number, a capitalized letter, and a special character, which make them harder to guess if you haven’t written it down.

Are passwords perfect now?

Nope. According to various studies, 81% of breaches are caused by poorly-chosen passwords. According to a CNET report in 2020, hackers have published as many as 555 million stolen passwords on the dark web since 2017. When you consider that many people use the same password or a variation of a single password, you can see how poor passwords and password-related practices continue to lead to breaches.

So, what can be done?

Enabling MFA is a start. Multi-factor authentication, sometimes referred as Two-Factor Authentication (2FA), comes in different flavors and not all are built equally. MFA can mean two passwords to two different Microsoft Active Directory (AD) servers, but this is rarely used. The most common is credentials (username/password) with a token. RSA and Google Authenticator are a couple of the more popular token options. These tokens are multi-digit, one-time, and are short-lived, making them hard to guess and even if shared, as there is a short window where they are valid. The other method is a push notification to a different device. The MFA software is usually installed on a mobile phone and when trying to log in from a laptop, the user is prompted to…

Source…

This was H1 2022: Part 3 – Beyond the War

/in


Being caught up in all the events and media attention stemming from the Russo-Ukrainian conflict, one could forget that there is still activity outside the realm of the war. True, the war shifted the focus and priorities of the nations and some crime groups alike, but others went on with their business as usual. The war, and its repercussions on the threat landscape, did not entirely eliminate pre-existing threats. I would argue that some threats are showing potential for growth in the shadow of the war. There is an upside or opportunity for rogue, organized and nation-linked agents to roam undetected and even accelerate their offensive operations.

This is the third and final blog in our three-part series, which was written to shine a light on cyber activities in the first half of 2022. This particular blog covers events, attacks and heists that took place outside the Russian and Ukraine cyber war.

AppSec/API Security 2022

Roaming APTs

The undeniable focus on threats and events relating to the invasion of Ukraine by Russia does not mean other threat actors suspended their activities. On the contrary, while the eyes of the world are upon Russia, other actors have been roaming across the internet almost unnoticed.

On January 13, 2022, Trend Micro linked cyberespionage campaigns against governments, which are typically seen in state-backed campaigns, as well as financially driven attacks against several gambling companies in China and various cryptocurrency platforms to a new Chinese actor, dubbed “Earth Lucsa.” Earth Lucsa targeted government institutions in Taiwan, Thailand, the Philippines, Vietnam, the United Arab Emirates, Mongolia and Nigeria; educational institutions in Taiwan, Hong Kong, Japan and France; media agencies in Taiwan, Hong Kong, Australia, Germany and France; pro-democracy and human rights political organizations and movements in Hong Kong; COVID-19 research organizations in the United States; telecom companies in Nepal; religious movements that were banned in mainland China; and various cryptocurrency trading platforms. The threat actors leveraged spear-phishing, watering hole attacks and known vulnerabilities, such as ProxyShell and Oracle GlassFish. The payloads used during the…

Source…

Why printing security plays a vital part in keeping Aotearoa safe

/in


While Kiwis continue to follow the world when it comes to working online, there’s still one manual business need that is often still crucial to a successful enterprise. Whether you’re an educational institute, a law or accounting firm or even a government agency, printed documents often play a vital role in working operations.

Much has changed since the simpler days of plug-in, pressed and mechanical printing. Printers and print mechanisms are now heavily integrated, with cloud technologies and the internet being significant parts of the process. What could be done via dial-up 12 years ago can now be completed within seconds by clicking a button.

While internet printing, mobile printing and other similar technologies have no doubt made things easier to manage, it has also brought a whole new set of problems to the table. As with all cloud, mobile and internet-based technologies, cybersecurity can be a significant challenge to address, and because of the complexities involved in the printing process it can become even more disruptive.

And history has proven that there are ongoing issues. In 2017, Y Soft conducted a survey which found that while 35% of New Zealand workers were using a mobile device at work for printing, only 50% had adequate security protection or antivirus installed on their mobile devices. A global report from Quocirca in 2016 also found that 61% of respondents had experienced at least one print-related data breach during this period. 

The subsequent 2020 report reflected that 83% of IT decision-makers were very concerned about home printing security, proving that there was still a significant concern in both the workplace and at home. The rise in hybrid work situations has also meant that, in a similar fashion to general cybersecurity, printing security has become more complex and involves more risk.

Part of this risk comes from things like inadequate firewall protection, lack of WiFi security and additional problems with file sharing and data protection. Transferring data in any sense can be dangerous, and often printing devices (mobile and computer) and printers themselves don’t have the correct security. As the data reflects, often Kiwis are…

Source…

This was H1 2022 – Part 1 – The Fight Against Cybercrime

/in


After many long lockdowns, the information technology industry woke up to a new reality. Cyber crime was too widespread and heavily resourced. Hybrid architectures had grown too complex to be able to provide adequate defense, resulting in new larger threat surfaces.

To make matters worse, there was a lack of skilled security professionals who could pick up the pieces and close the gaps quickly. Cybercrime was the new pandemic, and it was growing year after year. Fortunately, parties that fight against cybercrime have formed an unseen alliance, without borders, across public and private partnerships, and governments and law enforcement agencies. Their actions might not always be as visible as the next record ransom payment or data breach, but they are making waves, sending messages, and getting noticed by the criminals.

DevOps Connect:DevSecOps @ RSAC 2022

This blog emphasizes the increased efforts and successes of law enforcement and the global security community in their fight against cybercrime. It’s part of a three part series that takes a thematic look at cyber activities from the first half of 2022. The second post focuses on the cyber events leading up to and occuring as a consequence of the invasion of Ukraine by Russia. The third and final post in our series will cover events, attacks and heists beyond the cyber war.

Our first post starts in January 2022 with an arrest of one of cybercrimes most notorious gangs.

January 2022

On January 14, Russian authorities announced the arrest of 14 members of the REvil ransomware gang, confiscating over $6,5 million, 20 luxury cars, computer equipment and cryptocurrency wallets. REvil emerged in April 2019 from the void left behind by the shutdown of the GandCrab operation. In less than a year, the gang became the most prolific ransomware group, collecting some of the highest ransoms from its victims. REvil’s most publicized hit was the Kaseya supply-chain attack that crippled almost 1,500 businesses globally. The group, unable to negotiate with all victims individually, made a one-time offer for a universal decryption key to decrypt all organizations for a single sum of $70 million in Bitcoin. The Kaseya attacks prompted a harsh response from the US, with…

Source…